pkcs11: read pkcs11.conf at once with gnutls_load_file

clang-analyzer from Clang 19 complains about the fgets usage while a
mutex is held:

  pkcs11.c:911:9: warning: Call to blocking function 'fgets' inside of critical section [unix.BlockInCriticalSection]
    911 |         while (fgets(line, sizeof(line), fp) != NULL) {
        |                ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~

This changes the logic to read the content of the file at once to
avoid iterative calls to fgets.

Signed-off-by: Daiki Ueno <ueno@gnu.org>

diff --git a/lib/pkcs11.c b/lib/pkcs11.c
index 47a7cb6a97df0bee98be0b32a4f4519efb667e59..e3d08fbcf3b49c34d3074f6d1e06778c2ed93fee 100644 (file)
--- a/lib/pkcs11.c
+++ b/lib/pkcs11.c
@@ -893,32 +893,34 @@ static int init = 0;
  */
 static void compat_load(const char *configfile)
 {
-       FILE *fp;
        int ret;
-       char line[512];
        const char *library;
+       gnutls_datum_t data;
+       char *str, *savep;
 
        if (configfile == NULL)
                configfile = "/etc/gnutls/pkcs11.conf";
 
-       fp = fopen(configfile, "re");
-       if (fp == NULL) {
-               gnutls_assert();
+       _gnutls_debug_log("Loading PKCS #11 libraries from %s\n", configfile);
+
+       ret = gnutls_load_file(configfile, &data);
+       if (ret < 0) {
+               _gnutls_debug_log("Could not load %s: %s\n", configfile,
+                                 gnutls_strerror(ret));
                return;
        }
 
-       _gnutls_debug_log("Loading PKCS #11 libraries from %s\n", configfile);
-       while (fgets(line, sizeof(line), fp) != NULL) {
+       for (str = (char *)data.data;; str = NULL) {
+               char *line = strtok_r(str, "\n", &savep);
+               if (line == NULL)
+                       break;
                if (strncmp(line, "load", sizeof("load") - 1) == 0) {
                        char *p;
                        p = strchr(line, '=');
                        if (p == NULL)
                                continue;
 
-                       library = ++p;
-                       p = strchr(line, '\n');
-                       if (p != NULL)
-                               *p = 0;
+                       library = p + 1;
 
                        ret = gnutls_pkcs11_add_provider(library, NULL);
                        if (ret < 0) {
@@ -929,9 +931,7 @@ static void compat_load(const char *configfile)
                        }
                }
        }
-       fclose(fp);
-
-       return;
+       gnutls_free(data.data);
 }
 
 static int auto_load(unsigned trusted)