Use a read lock when iterating over a hashmap

The 'dns_tsigkeyring_t' structure has a read/write lock to protect
its 'keys' member, which is a 'isc_hashmap_t' pointer and needs to
be protected.

The dns_tsigkeyring_dump() function, however, doesn't use the lock,
which can introduce a race with another thread, if the other thread
tries to modify the hashmap.

Add a read lock around the code, which iterates over the hashmap.

diff --git a/lib/dns/tsig.c b/lib/dns/tsig.c
index b65c0b7baf44b73e93a899763a20c09363254746..5583688e88a61f45b136370534b4116b6af419d8 100644 (file)
--- a/lib/dns/tsig.c
+++ b/lib/dns/tsig.c
@@ -469,6 +469,7 @@ dns_tsigkeyring_dump(dns_tsigkeyring_t *ring, FILE *fp) {
 
        REQUIRE(VALID_TSIGKEYRING(ring));
 
+       RWLOCK(&ring->lock, isc_rwlocktype_read);
        isc_hashmap_iter_create(ring->keys, &it);
        for (result = isc_hashmap_iter_first(it); result == ISC_R_SUCCESS;
             result = isc_hashmap_iter_next(it))
@@ -482,6 +483,7 @@ dns_tsigkeyring_dump(dns_tsigkeyring_t *ring, FILE *fp) {
                }
        }
        isc_hashmap_iter_destroy(&it);
+       RWUNLOCK(&ring->lock, isc_rwlocktype_read);
 
        return (found ? ISC_R_SUCCESS : ISC_R_NOTFOUND);
 }