[Date Prev][Date Next] [Chronological] [Thread] [Top]

(ITS#9069) Stop setting custom GnuTLS mutex functions

To: openldap-its@OpenLDAP.org
Subject: (ITS#9069) Stop setting custom GnuTLS mutex functions
From: ryan@openldap.org
Date: Wed, 28 Aug 2019 01:04:25 +0000
Auto-submitted: auto-generated (OpenLDAP-ITS)

Full_Name: Ryan Tandy
Version: master
OS: Debian
URL: https://github.com/rtandy/openldap/compare/openldap:master...rtandy:remove-gnutls_global_set_mutex.patch
Submission from: (NULL) (70.66.128.207)
Submitted by: ryan


The GnuTLS documentation
<https://gnutls.org/manual/html_node/Core-TLS-API.html#gnutls_005fglobal_005fset_005fmutex>
states:

> Do not call this function from a library, or preferably from any application
unless really needed to.

I disobeyed that guidance in commit 829027945, because I wasn't sure that
GnuTLS's own threading support would cover all the platforms libldap does. This
choice caused some bugs, e.g. <https://bugs.debian.org/803197> and
<https://www.openldap.org/its/?findid=8797>.

I don't know how to find out for sure whether anyone builds libldap with GnuTLS
on a system where it lacks native mutexes. I think at this point I would rather
fix the known broken cases, over the risk of potentially breaking a theoretical
setup I'm not sure actually exists.

Therefore: I now propose applying this change for 2.5.

I made this change as a distro patch in Debian 10 (buster), and no Debian or
Ubuntu users have reported any regressions so far. I also did some local testing
with slapd and slapd-mtread on the GnuTLS versions shipped in the last few
releases of Debian.

I have not tested any non-Linux platforms yet. For completeness, I should
probably try this on at least FreeBSD and Solaris. I kind of assume GnuTLS
system mutexes are going to work anywhere LMDB already does.

Rationale for the change, from the commit message:

Since GnuTLS moved to implicit initialization on library load, calling this
function deinitializes GnuTLS and then re-initializes it.

When GnuTLS uses /dev/urandom as an entropy source (getrandom() not available,
or older versions of GnuTLS), and the application closed all file descriptors at
startup, this could result in GnuTLS opening /dev/urandom over one of the
application's file descriptors when re-initialized.

Additionally, the custom mutex functions are never reset, so if libldap is
unloaded (for example via dlclose()) after calling this, its code may be
unmapped and the application could crash when GnuTLS calls the mutex functions.

On typical systems, GnuTLS system mutexes are probably the same as what libldap
uses anyway.

IPR:

The attached patch file is derived from OpenLDAP Software. All of the
modifications to OpenLDAP Software represented in the following patch were
developed by Ryan Tandy <ryan@nardis.ca>. I have not assigned rights and/or
interest in this work to any party.

I, Ryan Tandy, hereby place the following modifications to OpenLDAP Software
(and only these modifications) into the public domain. Hence, these
modifications may be freely used and/or redistributed for any purpose with or
without attribution and/or other notice.

Prev by Date: Re: (ITS#8753) Public key pinning support in libldap
Next by Date: Re: (ITS#9069) Stop setting custom GnuTLS mutex functions
Index(es):
- Chronological
- Thread