BUG/MEDIUM: auth/threads: use of crypt() is not thread-safe
It was reported here that authentication may fail when threads are
enabled :
https://bugzilla.redhat.com/show_bug.cgi?id=1643941
While I couldn't reproduce the issue, it's obvious that there is a
problem with the use of the non-reentrant crypt() function there.
On Linux systems there's crypt_r() but not on the vast majority of
other ones. Thus a first approach consists in placing a lock around
this crypt() call. Another patch may relax it when crypt_r() is
available.
This fix must be backported to 1.8. Thanks to Ryan O'Hara for the
quick notification.
diff --git a/include/common/hathreads.h b/include/common/hathreads.h
index 1f3fe8d..d2fd400 100644
--- a/include/common/hathreads.h
+++ b/include/common/hathreads.h
@@ -386,6 +386,7 @@
PIPES_LOCK,
START_LOCK,
TLSKEYS_REF_LOCK,
+ AUTH_LOCK,
LOCK_LABELS
};
struct lock_stat {
@@ -501,6 +502,7 @@
case PIPES_LOCK: return "PIPES";
case START_LOCK: return "START";
case TLSKEYS_REF_LOCK: return "TLSKEYS_REF";
+ case AUTH_LOCK: return "AUTH";
case LOCK_LABELS: break; /* keep compiler happy */
};
/* only way to come here is consecutive to an internal bug */