[git] GnuPG - branch, STABLE-BRANCH-2-2, updated. gnupg-2.2.5-7-gf060cb5
by Werner Koch
cvs at cvs.gnupg.org
Tue Mar 6 16:30:10 CET 2018
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".
The branch, STABLE-BRANCH-2-2 has been updated
via f060cb5c63923d6caec784f65f3bb0aadf52f795 (commit)
from bf43b39c05cfc68ea17483c78f14bfca6faf08eb (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit f060cb5c63923d6caec784f65f3bb0aadf52f795
Author: Werner Koch <wk at gnupg.org>
Date: Tue Mar 6 16:22:42 2018 +0100
agent: Also evict cached items via a timer.
* agent/cache.c (agent_cache_housekeeping): New func.
* agent/gpg-agent.c (handle_tick): Call it.
--
This change mitigates the risk of having cached items in a post mortem
dump.
GnuPG-bug-id: 3829
Signed-off-by: Werner Koch <wk at gnupg.org>
diff --git a/agent/agent.h b/agent/agent.h
index c2d8579..743b765 100644
--- a/agent/agent.h
+++ b/agent/agent.h
@@ -450,6 +450,7 @@ int agent_clear_passphrase (ctrl_t ctrl,
/*-- cache.c --*/
void initialize_module_cache (void);
void deinitialize_module_cache (void);
+void agent_cache_housekeeping (void);
void agent_flush_cache (void);
int agent_put_cache (const char *key, cache_mode_t cache_mode,
const char *data, int ttl);
diff --git a/agent/cache.c b/agent/cache.c
index 80d5f8d..ed5c97c 100644
--- a/agent/cache.c
+++ b/agent/cache.c
@@ -259,6 +259,26 @@ housekeeping (void)
void
+agent_cache_housekeeping (void)
+{
+ int res;
+
+ if (DBG_CACHE)
+ log_debug ("agent_cache_housekeeping\n");
+
+ res = npth_mutex_lock (&cache_lock);
+ if (res)
+ log_fatal ("failed to acquire cache mutex: %s\n", strerror (res));
+
+ housekeeping ();
+
+ res = npth_mutex_unlock (&cache_lock);
+ if (res)
+ log_fatal ("failed to release cache mutex: %s\n", strerror (res));
+}
+
+
+void
agent_flush_cache (void)
{
ITEM r;
diff --git a/agent/gpg-agent.c b/agent/gpg-agent.c
index a1964ec..bd9a471 100644
--- a/agent/gpg-agent.c
+++ b/agent/gpg-agent.c
@@ -2398,6 +2398,9 @@ handle_tick (void)
}
#endif
+ /* Need to check for expired cache entries. */
+ agent_cache_housekeeping ();
+
/* Check whether the homedir is still available. */
if (!shutdown_pending
&& (!have_homedir_inotify || !reliable_homedir_inotify)
diff --git a/doc/gpg-agent.texi b/doc/gpg-agent.texi
index 3e8bd89..4781bbd 100644
--- a/doc/gpg-agent.texi
+++ b/doc/gpg-agent.texi
@@ -403,7 +403,10 @@ control this behavior but this command line option takes precedence.
Set the time a cache entry is valid to @var{n} seconds. The default
is 600 seconds. Each time a cache entry is accessed, the entry's
timer is reset. To set an entry's maximum lifetime, use
- at command{max-cache-ttl}.
+ at command{max-cache-ttl}. Note that a cached passphrase may not
+evicted immediately from memory if no client requests a cache
+operation. This is due to an internal housekeeping function which is
+only run every few seconds.
@item --default-cache-ttl-ssh @var{n}
@opindex default-cache-ttl
-----------------------------------------------------------------------
Summary of changes:
agent/agent.h | 1 +
agent/cache.c | 20 ++++++++++++++++++++
agent/gpg-agent.c | 3 +++
doc/gpg-agent.texi | 5 ++++-
4 files changed, 28 insertions(+), 1 deletion(-)
hooks/post-receive
--
The GNU Privacy Guard
http://git.gnupg.org
More information about the Gnupg-commits
mailing list