[pbs-devel] applied: [PATCH proxmox-backup] auth: 'crypt' is not thread safe

Thomas Lamprecht t.lamprecht at proxmox.com
Mon Jul 12 19:09:40 CEST 2021


On 12.07.21 18:30, Stefan Reiter wrote:
> According to crypt(3):
> "crypt places its result in a static storage area, which will be
> overwritten by subsequent calls to crypt. It is not safe to call crypt
> from multiple threads simultaneously."
> 
> This means that multiple login calls as a PBS-realm user can collide and
> produce intermittent authentication failures. A visible case is for
> file-restore, where VMs with many disks lead to just as many auth-calls
> at the same time, as the GUI tries to expand each tree element on load.
> 
> Instead, use the thread-safe variant 'crypt_r', which places the result
> into a pre-allocated buffer of type 'crypt_data'. The C struct is laid
> out according to 'lib/crypt.h.in' and the man page mentioned above.
> 
> Use the opportunity and make both arguments to the rust 'crypt' function
> take a &[u8].
> 
> Signed-off-by: Stefan Reiter <s.reiter at proxmox.com>
> ---
> 
> Easier solution would of course be to just wrap the call in a Mutex<()> or
> similar, but that comes at the cost of locking...
> 
>  src/auth.rs | 57 +++++++++++++++++++++++++++++++++++++++--------------
>  1 file changed, 42 insertions(+), 15 deletions(-)
> 
>

applied, thanks!





More information about the pbs-devel mailing list