|
 |
21a6f1 |
From 5c422226df442855a7dc9834eb4ff74865394a92 Mon Sep 17 00:00:00 2001
|
|
|
21a6f1 |
From: =?UTF-8?q?Jan=20=C4=8Cern=C3=BD?= <jcerny@redhat.com>
|
|
|
21a6f1 |
Date: Thu, 8 Jul 2021 14:28:16 +0200
|
|
|
21a6f1 |
Subject: [PATCH 1/3] Initialize crypto API only once
|
|
|
21a6f1 |
|
|
|
21a6f1 |
The function `crapi_init` calls `gcry_check_version` which must be
|
|
|
21a6f1 |
called before any other function from the Libgcrypt library. That might
|
|
|
21a6f1 |
be violated when multiple threads executing multiple probes are running.
|
|
|
21a6f1 |
The mitigation proposed in this PR is to call `crapi_init` only once
|
|
|
21a6f1 |
when the session is initialized which means before any threads are
|
|
|
21a6f1 |
spawned.
|
|
|
21a6f1 |
|
|
|
21a6f1 |
See also: https://www.gnupg.org/documentation/manuals/gcrypt/Multi_002dThreading.html#Multi_002dThreading
|
|
|
21a6f1 |
|
|
|
21a6f1 |
Resolves: RHBZ#1959570
|
|
|
21a6f1 |
---
|
|
|
21a6f1 |
src/OVAL/oval_probe_session.c | 5 +++++
|
|
|
21a6f1 |
src/OVAL/probes/independent/filehash58_probe.c | 6 ------
|
|
|
21a6f1 |
src/OVAL/probes/independent/filehash_probe.c | 6 ------
|
|
|
21a6f1 |
src/OVAL/probes/independent/filemd5_probe.c | 6 ------
|
|
|
21a6f1 |
4 files changed, 5 insertions(+), 18 deletions(-)
|
|
|
21a6f1 |
|
|
|
21a6f1 |
diff --git a/src/OVAL/oval_probe_session.c b/src/OVAL/oval_probe_session.c
|
|
|
21a6f1 |
index 435ca148fd..6f6d7ad426 100644
|
|
|
21a6f1 |
--- a/src/OVAL/oval_probe_session.c
|
|
|
21a6f1 |
+++ b/src/OVAL/oval_probe_session.c
|
|
|
21a6f1 |
@@ -93,6 +93,11 @@ static void oval_probe_session_libinit(void)
|
|
|
21a6f1 |
SEXP_free((SEXP_t *)exp);
|
|
|
21a6f1 |
|
|
|
21a6f1 |
ncache_libinit();
|
|
|
21a6f1 |
+ /*
|
|
|
21a6f1 |
+ * Initialize crypto API
|
|
|
21a6f1 |
+ */
|
|
|
21a6f1 |
+ if (crapi_init (NULL) != 0)
|
|
|
21a6f1 |
+ return (NULL);
|
|
|
21a6f1 |
}
|
|
|
21a6f1 |
|
|
|
21a6f1 |
/**
|
|
|
21a6f1 |
diff --git a/src/OVAL/probes/independent/filehash58_probe.c b/src/OVAL/probes/independent/filehash58_probe.c
|
|
|
21a6f1 |
index ff1e065746..32a38562bd 100644
|
|
|
21a6f1 |
--- a/src/OVAL/probes/independent/filehash58_probe.c
|
|
|
21a6f1 |
+++ b/src/OVAL/probes/independent/filehash58_probe.c
|
|
|
21a6f1 |
@@ -210,12 +210,6 @@ int filehash58_probe_offline_mode_supported()
|
|
|
21a6f1 |
|
|
|
21a6f1 |
void *filehash58_probe_init(void)
|
|
|
21a6f1 |
{
|
|
|
21a6f1 |
- /*
|
|
|
21a6f1 |
- * Initialize crypto API
|
|
|
21a6f1 |
- */
|
|
|
21a6f1 |
- if (crapi_init (NULL) != 0)
|
|
|
21a6f1 |
- return (NULL);
|
|
|
21a6f1 |
-
|
|
|
21a6f1 |
/*
|
|
|
21a6f1 |
* Initialize mutex.
|
|
|
21a6f1 |
*/
|
|
|
21a6f1 |
diff --git a/src/OVAL/probes/independent/filehash_probe.c b/src/OVAL/probes/independent/filehash_probe.c
|
|
|
21a6f1 |
index 522d976512..6d8780dc95 100644
|
|
|
21a6f1 |
--- a/src/OVAL/probes/independent/filehash_probe.c
|
|
|
21a6f1 |
+++ b/src/OVAL/probes/independent/filehash_probe.c
|
|
|
21a6f1 |
@@ -190,12 +190,6 @@ int filehash_probe_offline_mode_supported()
|
|
|
21a6f1 |
|
|
|
21a6f1 |
void *filehash_probe_init(void)
|
|
|
21a6f1 |
{
|
|
|
21a6f1 |
- /*
|
|
|
21a6f1 |
- * Initialize crypto API
|
|
|
21a6f1 |
- */
|
|
|
21a6f1 |
- if (crapi_init (NULL) != 0)
|
|
|
21a6f1 |
- return (NULL);
|
|
|
21a6f1 |
-
|
|
|
21a6f1 |
/*
|
|
|
21a6f1 |
* Initialize mutex.
|
|
|
21a6f1 |
*/
|
|
|
21a6f1 |
diff --git a/src/OVAL/probes/independent/filemd5_probe.c b/src/OVAL/probes/independent/filemd5_probe.c
|
|
|
21a6f1 |
index d0de402d8b..99913581f0 100644
|
|
|
21a6f1 |
--- a/src/OVAL/probes/independent/filemd5_probe.c
|
|
|
21a6f1 |
+++ b/src/OVAL/probes/independent/filemd5_probe.c
|
|
|
21a6f1 |
@@ -163,12 +163,6 @@ int probe_offline_mode_supported()
|
|
|
21a6f1 |
|
|
|
21a6f1 |
void *probe_init (void)
|
|
|
21a6f1 |
{
|
|
|
21a6f1 |
- /*
|
|
|
21a6f1 |
- * Initialize crypto API
|
|
|
21a6f1 |
- */
|
|
|
21a6f1 |
- if (crapi_init (NULL) != 0)
|
|
|
21a6f1 |
- return (NULL);
|
|
|
21a6f1 |
-
|
|
|
21a6f1 |
/*
|
|
|
21a6f1 |
* Initialize mutex.
|
|
|
21a6f1 |
*/
|
|
|
21a6f1 |
|
|
|
21a6f1 |
From c4c26d99a59205d744befe52be4e81bcf5f55d9c Mon Sep 17 00:00:00 2001
|
|
|
21a6f1 |
From: =?UTF-8?q?Jan=20=C4=8Cern=C3=BD?= <jcerny@redhat.com>
|
|
|
21a6f1 |
Date: Tue, 13 Jul 2021 13:03:21 +0200
|
|
|
21a6f1 |
Subject: [PATCH 2/3] Add a missing include
|
|
|
21a6f1 |
|
|
|
21a6f1 |
---
|
|
|
21a6f1 |
src/OVAL/oval_probe_session.c | 1 +
|
|
|
21a6f1 |
1 file changed, 1 insertion(+)
|
|
|
21a6f1 |
|
|
|
21a6f1 |
diff --git a/src/OVAL/oval_probe_session.c b/src/OVAL/oval_probe_session.c
|
|
|
21a6f1 |
index 6f6d7ad426..295782b536 100644
|
|
|
21a6f1 |
--- a/src/OVAL/oval_probe_session.c
|
|
|
21a6f1 |
+++ b/src/OVAL/oval_probe_session.c
|
|
|
21a6f1 |
@@ -48,6 +48,7 @@
|
|
|
21a6f1 |
#include "oval_probe_ext.h"
|
|
|
21a6f1 |
#include "probe-table.h"
|
|
|
21a6f1 |
#include "oval_types.h"
|
|
|
21a6f1 |
+#include "crapi/crapi.h"
|
|
|
21a6f1 |
|
|
|
21a6f1 |
#if defined(OSCAP_THREAD_SAFE)
|
|
|
21a6f1 |
#include <pthread.h>
|
|
|
21a6f1 |
|
|
|
21a6f1 |
From 6241a8835574429a787e0dd48d2c0ac2a71499b8 Mon Sep 17 00:00:00 2001
|
|
|
21a6f1 |
From: =?UTF-8?q?Jan=20=C4=8Cern=C3=BD?= <jcerny@redhat.com>
|
|
|
21a6f1 |
Date: Thu, 15 Jul 2021 14:21:00 +0200
|
|
|
21a6f1 |
Subject: [PATCH 3/3] Don't initialize crypto on Windows
|
|
|
21a6f1 |
|
|
|
21a6f1 |
---
|
|
|
21a6f1 |
src/OVAL/oval_probe_session.c | 2 ++
|
|
|
21a6f1 |
1 file changed, 2 insertions(+)
|
|
|
21a6f1 |
|
|
|
21a6f1 |
diff --git a/src/OVAL/oval_probe_session.c b/src/OVAL/oval_probe_session.c
|
|
|
21a6f1 |
index 295782b536..b443cbcc80 100644
|
|
|
21a6f1 |
--- a/src/OVAL/oval_probe_session.c
|
|
|
21a6f1 |
+++ b/src/OVAL/oval_probe_session.c
|
|
|
21a6f1 |
@@ -97,8 +97,10 @@ static void oval_probe_session_libinit(void)
|
|
|
21a6f1 |
/*
|
|
|
21a6f1 |
* Initialize crypto API
|
|
|
21a6f1 |
*/
|
|
|
21a6f1 |
+#ifndef OS_WINDOWS
|
|
|
21a6f1 |
if (crapi_init (NULL) != 0)
|
|
|
21a6f1 |
return (NULL);
|
|
|
21a6f1 |
+#endif
|
|
|
21a6f1 |
}
|
|
|
21a6f1 |
|
|
|
21a6f1 |
/**
|