From: Daiki Ueno <ueno@gnu.org>
Date: Thu, 3 Apr 2025 08:47:44 +0000 (+0900)
Subject: pkcs11: read pkcs11.conf at once with gnutls_load_file
X-Git-Tag: 3.8.11~30^2~5
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=2fa4c4c14f9d19dbbcaebd4be430df10d6dd0978;p=thirdparty%2Fgnutls.git

pkcs11: read pkcs11.conf at once with gnutls_load_file

clang-analyzer from Clang 19 complains about the fgets usage while a
mutex is held:

  pkcs11.c:911:9: warning: Call to blocking function 'fgets' inside of critical section [unix.BlockInCriticalSection]
    911 |         while (fgets(line, sizeof(line), fp) != NULL) {
        |                ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~

This changes the logic to read the content of the file at once to
avoid iterative calls to fgets.

Signed-off-by: Daiki Ueno <ueno@gnu.org>
---

diff --git a/lib/pkcs11.c b/lib/pkcs11.c
index 47a7cb6a97..e3d08fbcf3 100644
--- a/lib/pkcs11.c
+++ b/lib/pkcs11.c
@@ -893,32 +893,34 @@ static int init = 0;
  */
 static void compat_load(const char *configfile)
 {
-	FILE *fp;
 	int ret;
-	char line[512];
 	const char *library;
+	gnutls_datum_t data;
+	char *str, *savep;
 
 	if (configfile == NULL)
 		configfile = "/etc/gnutls/pkcs11.conf";
 
-	fp = fopen(configfile, "re");
-	if (fp == NULL) {
-		gnutls_assert();
+	_gnutls_debug_log("Loading PKCS #11 libraries from %s\n", configfile);
+
+	ret = gnutls_load_file(configfile, &data);
+	if (ret < 0) {
+		_gnutls_debug_log("Could not load %s: %s\n", configfile,
+				  gnutls_strerror(ret));
 		return;
 	}
 
-	_gnutls_debug_log("Loading PKCS #11 libraries from %s\n", configfile);
-	while (fgets(line, sizeof(line), fp) != NULL) {
+	for (str = (char *)data.data;; str = NULL) {
+		char *line = strtok_r(str, "\n", &savep);
+		if (line == NULL)
+			break;
 		if (strncmp(line, "load", sizeof("load") - 1) == 0) {
 			char *p;
 			p = strchr(line, '=');
 			if (p == NULL)
 				continue;
 
-			library = ++p;
-			p = strchr(line, '\n');
-			if (p != NULL)
-				*p = 0;
+			library = p + 1;
 
 			ret = gnutls_pkcs11_add_provider(library, NULL);
 			if (ret < 0) {
@@ -929,9 +931,7 @@ static void compat_load(const char *configfile)
 			}
 		}
 	}
-	fclose(fp);
-
-	return;
+	gnutls_free(data.data);
 }
 
 static int auto_load(unsigned trusted)