- Constantine Sapuntzakis filed bug report #2042430

(http://curl.haxx.se/bug/view.cgi?id=2042430) with a patch. "NTLM Windows SSPI code is not thread safe". This was due to libcurl using static variables to tell wether to load the necessary SSPI DLL, but now the loading has been moved to the more suitable curl_global_init() call.
author: Daniel Stenberg <daniel@haxx.se> 2008-08-11 20:29:36 +0000
committer: Daniel Stenberg <daniel@haxx.se> 2008-08-11 20:29:36 +0000
commit: f8a3aa91cd87a84ea1b5a0a643571bafda3968c8 (patch)
tree: d6d35119c2a085af6b1afa9e84438bb70eec4206 /lib
parent: 019bde82ce8fd9d0a335edb30441088a96906d1b (diff)
3 files changed, 71 insertions, 39 deletions
diff --git a/lib/easy.c b/lib/easy.c
index 216dfe7bf..9d9e948ce 100644
--- a/lib/easy.c
+++ b/lib/easy.c
@@ -83,6 +83,7 @@
 #include "easyif.h"
 #include "select.h"
 #include "sendf.h" /* for failf function prototype */
+#include "http_ntlm.h"
 #include "connect.h" /* for Curl_getconnectinfo */
 
 #define _MPRINTF_REPLACE /* use our functions only */
@@ -103,18 +104,23 @@
 /* The last #include file should be: */
 #include "memdebug.h"
 
-#ifdef USE_WINSOCK
 /* win32_cleanup() is for win32 socket cleanup functionality, the opposite
    of win32_init() */
 static void win32_cleanup(void)
 {
+#ifdef USE_WINSOCK
   WSACleanup();
+#endif
+#ifdef USE_WINDOWS_SSPI
+  Curl_ntlm_global_cleanup();
+#endif
 }
 
 /* win32_init() performs win32 socket initialization to properly setup the
    stack to allow networking */
 static CURLcode win32_init(void)
 {
+#ifdef USE_WINSOCK
   WORD wVersionRequested;
   WSADATA wsaData;
   int err;
@@ -147,15 +153,19 @@ static CURLcode win32_init(void)
     return CURLE_FAILED_INIT;
   }
   /* The Windows Sockets DLL is acceptable. Proceed. */
-  return CURLE_OK;
-}
+#endif
 
-#else
-/* These functions exist merely to prevent compiler warnings */
-static CURLcode win32_init(void) { return CURLE_OK; }
-static void win32_cleanup(void) { }
+#ifdef USE_WINDOWS_SSPI
+  {
+    CURLcode err = Curl_ntlm_global_init();
+    if (err != CURLE_OK)
+      return err;
+  }
 #endif
 
+  return CURLE_OK;
+}
+
 #ifdef USE_LIBIDN
 /*
  * Initialise use of IDNA library.
diff --git a/lib/http_ntlm.c b/lib/http_ntlm.c
index 045e8876d..89e5f962c 100644
--- a/lib/http_ntlm.c
+++ b/lib/http_ntlm.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2007, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2008, Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -358,7 +358,7 @@ static void lm_resp(unsigned char *keys,
  * Set up lanmanager hashed password
  */
 static void mk_lm_hash(struct SessionHandle *data,
-                       char *password, 
+                       char *password,
                        unsigned char *lmbuffer /* 21 bytes */)
 {
   unsigned char pw[14];
@@ -545,32 +545,12 @@ CURLcode Curl_output_ntlm(struct connectdata *conn,
     passwdp=(char *)"";
 
 #ifdef USE_WINDOWS_SSPI
-  /* If security interface is not yet initialized try to do this */
-  if(s_hSecDll == NULL) {
-    /* Determine Windows version. Security functions are located in
-     * security.dll on WinNT 4.0 and in secur32.dll on Win9x. Win2K and XP
-     * contain both these DLLs (security.dll just forwards calls to
-     * secur32.dll)
-     */
-    OSVERSIONINFO osver;
-    osver.dwOSVersionInfoSize = sizeof(osver);
-    GetVersionEx(&osver);
-    if(osver.dwPlatformId == VER_PLATFORM_WIN32_NT
-      && osver.dwMajorVersion == 4)
-      s_hSecDll = LoadLibrary("security.dll");
-    else
-      s_hSecDll = LoadLibrary("secur32.dll");
-    if(s_hSecDll != NULL) {
-      INIT_SECURITY_INTERFACE pInitSecurityInterface;
-      pInitSecurityInterface =
-        (INIT_SECURITY_INTERFACE)GetProcAddress(s_hSecDll,
-                                                "InitSecurityInterfaceA");
-      if(pInitSecurityInterface != NULL)
-        s_pSecFn = pInitSecurityInterface();
-    }
+  if (s_hSecDll == NULL) {
+    /* not thread safe and leaks - use curl_global_init() to avoid */
+    CURLcode err = Curl_ntlm_global_init();
+    if (s_hSecDll == NULL)
+      return err;
   }
-  if(s_pSecFn == NULL)
-    return CURLE_RECV_ERROR;
 #endif
 
   switch(ntlm->state) {
@@ -1064,7 +1044,7 @@ CURLcode Curl_output_ntlm(struct connectdata *conn,
 
 #ifdef CURL_DOES_CONVERSIONS
     /* convert domain, user, and host to ASCII but leave the rest as-is */
-    if(CURLE_OK != Curl_convert_to_network(conn->data, 
+    if(CURLE_OK != Curl_convert_to_network(conn->data,
                                            (char *)&ntlmbuf[domoff],
                                            size-domoff)) {
       return CURLE_CONV_FAILED;
@@ -1113,15 +1093,53 @@ Curl_ntlm_cleanup(struct connectdata *conn)
 #ifdef USE_WINDOWS_SSPI
   ntlm_sspi_cleanup(&conn->ntlm);
   ntlm_sspi_cleanup(&conn->proxyntlm);
+#else
+  (void)conn;
+#endif
+}
+
+#ifdef USE_WINDOWS_SSPI
+CURLcode Curl_ntlm_global_init()
+{
+  /* If security interface is not yet initialized try to do this */
+  if(s_hSecDll == NULL) {
+    /* Determine Windows version. Security functions are located in
+     * security.dll on WinNT 4.0 and in secur32.dll on Win9x. Win2K and XP
+     * contain both these DLLs (security.dll just forwards calls to
+     * secur32.dll)
+     */
+    OSVERSIONINFO osver;
+    osver.dwOSVersionInfoSize = sizeof(osver);
+    GetVersionEx(&osver);
+    if(osver.dwPlatformId == VER_PLATFORM_WIN32_NT
+      && osver.dwMajorVersion == 4)
+      s_hSecDll = LoadLibrary("security.dll");
+    else
+      s_hSecDll = LoadLibrary("secur32.dll");
+    if(s_hSecDll != NULL) {
+      INIT_SECURITY_INTERFACE pInitSecurityInterface;
+      pInitSecurityInterface =
+        (INIT_SECURITY_INTERFACE)GetProcAddress(s_hSecDll,
+                                                "InitSecurityInterfaceA");
+      if(pInitSecurityInterface != NULL)
+        s_pSecFn = pInitSecurityInterface();
+    }
+  }
+  if(s_pSecFn == NULL)
+    return CURLE_RECV_ERROR;
+
+  return CURLE_OK;
+}
+
+void Curl_ntlm_global_cleanup()
+{
   if(s_hSecDll != NULL) {
     FreeLibrary(s_hSecDll);
     s_hSecDll = NULL;
     s_pSecFn = NULL;
   }
-#else
-  (void)conn;
-#endif
 }
+#endif
 
 #endif /* USE_NTLM */
 #endif /* !CURL_DISABLE_HTTP */
diff --git a/lib/http_ntlm.h b/lib/http_ntlm.h
index 40a0c9b5d..c5e73ede8 100644
--- a/lib/http_ntlm.h
+++ b/lib/http_ntlm.h
@@ -7,7 +7,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2005, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2008, Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -44,6 +44,10 @@ void Curl_ntlm_cleanup(struct connectdata *conn);
 #define Curl_ntlm_cleanup(x)
 #endif
 
+#ifdef USE_WINDOWS_SSPI
+CURLcode Curl_ntlm_global_init();
+void Curl_ntlm_global_cleanup();
+#endif
 
 /* Flag bits definitions based on http://davenport.sourceforge.net/ntlm.html */
author	Daniel Stenberg <daniel@haxx.se>	2008-08-11 20:29:36 +0000
committer	Daniel Stenberg <daniel@haxx.se>	2008-08-11 20:29:36 +0000
commit	f8a3aa91cd87a84ea1b5a0a643571bafda3968c8 (patch)
tree	d6d35119c2a085af6b1afa9e84438bb70eec4206 /lib
parent	019bde82ce8fd9d0a335edb30441088a96906d1b (diff)