Potential deadlock, with the unreleased lock &conn->lock

jenny-cheung commented 2 years ago

Dear developers: When theconnection_setup fails, the function may return with the hold of lock &conn->lock that should be released. It may potentially lead to deadlock. Thank you for your checking!

https://github.com/axel-download-accelerator/axel/blob/6046c2a799d82235337e4cba8c4d1fd8c56bc400/src/conn.c#L389

        const char *t;

        conn->supported = true;
        conn->currentbyte = 0;
        pthread_mutex_lock(&conn->lock);
        if (!conn_setup(conn))
                         //pthread_mutex_unlock(&conn->lock);
            return 0;    // should release the lock &conn->lock before return, 
        pthread_mutex_unlock(&conn->lock);
        conn_exec(conn);
        conn_disconnect(conn);

jenny-cheung commented 2 years ago

Thank you indeed!

jenny-cheung commented 2 years ago

Hi, any security impacts for this lock leak issue? I think it is possible to trigger a DoS induced by deadlock due to reacquiring the same lock. Thanks so much

ismaell commented 2 years ago

I don't think so... a DoS in this sort of application just causes some confusion to the user at worst...

jenny-cheung commented 2 years ago

@ismaell OK, thanks so much for your explanation

axel-download-accelerator / axel

Potential deadlock, with the unreleased lock &conn->lock #359