Fix #77: double lock in NewContext + Purge.

abbot · abbot · commit e12d4798e9af · 2021-10-13T23:53:40.000+01:00
diff --git a/digest.go b/digest.go
@@ -72,7 +72,11 @@ func (c digestCache) Swap(i, j int) {
 // Purge removes count oldest entries from DigestAuth.clients
 func (da *DigestAuth) Purge(count int) {
 	da.mutex.Lock()
-	defer da.mutex.Unlock()
+	da.purgeLocked(count)
+	da.mutex.Unlock()
+}
+
+func (da *DigestAuth) purgeLocked(count int) {
 	entries := make([]digestCacheEntry, 0, len(da.clients))
 	for nonce, client := range da.clients {
 		entries = append(entries, digestCacheEntry{nonce, client.lastSeen})
@@ -259,7 +263,7 @@ func (da *DigestAuth) NewContext(ctx context.Context, r *http.Request) context.C
 	} else {
 		// return back digest WWW-Authenticate header
 		if len(da.clients) > da.ClientCacheSize+da.ClientCacheTolerance {
-			da.Purge(da.ClientCacheTolerance * 2)
+			da.purgeLocked(da.ClientCacheTolerance * 2)
 		}
 		nonce := RandomKey()
 		da.clients[nonce] = &digestClient{nc: 0, lastSeen: time.Now().UnixNano()}
diff --git a/digest_test.go b/digest_test.go
@@ -1,8 +1,10 @@
 package auth
 
 import (
+	"context"
 	"net/http"
 	"net/url"
+	"sync"
 	"testing"
 	"time"
 )
@@ -76,3 +78,44 @@ func TestDigestAuthParams(t *testing.T) {
 		t.Fatalf("failed to parse uri with embedded commas, got %q want %q", params["uri"], want)
 	}
 }
+
+func TestNewContextNoDeadlock(t *testing.T) {
+	t.Parallel()
+	const (
+		realm = "example.com"
+		user  = "user"
+	)
+	secrets := func(u, r string) string {
+		if u == user && r == realm {
+			return "aa78524fceb0e50fd8ca96dd818b8cf9"
+		}
+		return ""
+	}
+	da := NewDigestAuthenticator(realm, secrets)
+	da.ClientCacheSize = 10
+	da.ClientCacheTolerance = 1
+	var wg sync.WaitGroup
+	for i := 0; i < 100; i++ {
+		ctx := context.Background()
+		req, err := http.NewRequest("GET", "/", nil)
+		if err != nil {
+			t.Fatalf("Failed to create http.Request: %v", err)
+		}
+		wg.Add(1)
+		go func() {
+			defer wg.Done()
+			done := make(chan struct{})
+			go func() {
+				da.NewContext(ctx, req)
+				close(done)
+			}()
+			select {
+			case <-done:
+				return
+			case <-time.After(time.Second):
+				t.Error("deadlock detected")
+			}
+		}()
+	}
+	wg.Wait()
+}
