From 6687de854fa048f8a2d7d1650c45dd6848340491 Mon Sep 17 00:00:00 2001
From: Aram Sargsyan <aram@isc.org>
Date: Tue, 7 Nov 2023 10:02:57 +0000
Subject: [PATCH] Use a read lock when iterating over a hashmap

The 'dns_tsigkeyring_t' structure has a read/write lock to protect
its 'keys' member, which is a 'isc_hashmap_t' pointer and needs to
be protected.

The dns_tsigkeyring_dump() function, however, doesn't use the lock,
which can introduce a race with another thread, if the other thread
tries to modify the hashmap.

Add a read lock around the code, which iterates over the hashmap.
---
 lib/dns/tsig.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/lib/dns/tsig.c b/lib/dns/tsig.c
index b65c0b7baf..5583688e88 100644
--- a/lib/dns/tsig.c
+++ b/lib/dns/tsig.c
@@ -469,6 +469,7 @@ dns_tsigkeyring_dump(dns_tsigkeyring_t *ring, FILE *fp) {
 
 	REQUIRE(VALID_TSIGKEYRING(ring));
 
+	RWLOCK(&ring->lock, isc_rwlocktype_read);
 	isc_hashmap_iter_create(ring->keys, &it);
 	for (result = isc_hashmap_iter_first(it); result == ISC_R_SUCCESS;
 	     result = isc_hashmap_iter_next(it))
@@ -482,6 +483,7 @@ dns_tsigkeyring_dump(dns_tsigkeyring_t *ring, FILE *fp) {
 		}
 	}
 	isc_hashmap_iter_destroy(&it);
+	RWUNLOCK(&ring->lock, isc_rwlocktype_read);
 
 	return (found ? ISC_R_SUCCESS : ISC_R_NOTFOUND);
 }