BUG/MEDIUM: auth/threads: use of crypt() is not thread-safe It was reported here that authentication may fail when threads are enabled : https://bugzilla.redhat.com/show_bug.cgi?id=1643941 While I couldn't reproduce the issue, it's obvious that there is a problem with the use of the non-reentrant crypt() function there. On Linux systems there's crypt_r() but not on the vast majority of other ones. Thus a first approach consists in placing a lock around this crypt() call. Another patch may relax it when crypt_r() is available. This fix must be backported to 1.8. Thanks to Ryan O'Hara for the quick notification.

commit: 34d4b525a129baa6f52a930ae629ddb1ba4255c2 [log] [tgz]
author: Willy Tarreau <w@1wt.eu> Mon Oct 29 18:02:54 2018 +0100
committer: Willy Tarreau <w@1wt.eu> Mon Oct 29 18:06:02 2018 +0100
tree: 250635db12bb89a7b3f63441753cab6462cb54b5
parent: 744de5b52ad1ade82205b27aa9421f5ac88f84cf [diff] [blame]
diff --git a/include/common/hathreads.h b/include/common/hathreads.h
index 1f3fe8d..d2fd400 100644
--- a/include/common/hathreads.h
+++ b/include/common/hathreads.h

@@ -386,6 +386,7 @@
 	PIPES_LOCK,
 	START_LOCK,
 	TLSKEYS_REF_LOCK,
+	AUTH_LOCK,
 	LOCK_LABELS
 };
 struct lock_stat {
@@ -501,6 +502,7 @@
 	case PIPES_LOCK:           return "PIPES";
 	case START_LOCK:           return "START";
 	case TLSKEYS_REF_LOCK:     return "TLSKEYS_REF";
+	case AUTH_LOCK:            return "AUTH";
 	case LOCK_LABELS:          break; /* keep compiler happy */
 	};
 	/* only way to come here is consecutive to an internal bug */
commit	34d4b525a129baa6f52a930ae629ddb1ba4255c2	[log] [tgz]
author	Willy Tarreau <w@1wt.eu>	Mon Oct 29 18:02:54 2018 +0100
committer	Willy Tarreau <w@1wt.eu>	Mon Oct 29 18:06:02 2018 +0100
tree	250635db12bb89a7b3f63441753cab6462cb54b5
parent	744de5b52ad1ade82205b27aa9421f5ac88f84cf [diff] [blame]