[libsoup/carlosgc/thread-safe: 4/8] hsts: Make SoupHSTSEnforcer thread safe

[Carlos Garcia Campos <carlosgc src gnome org>]

commit d2789852e023b5d060f9d3ba615a8e508ff13a39
Author: Carlos Garcia Campos <cgarcia igalia com>
Date:   Wed Apr 20 09:52:42 2022 +0200

    hsts: Make SoupHSTSEnforcer thread safe

 libsoup/hsts/soup-hsts-enforcer.c | 26 +++++++++++++++++++++-----
 1 file changed, 21 insertions(+), 5 deletions(-)
---
diff --git a/libsoup/hsts/soup-hsts-enforcer.c b/libsoup/hsts/soup-hsts-enforcer.c
index 5628028d..1fa3428b 100644
--- a/libsoup/hsts/soup-hsts-enforcer.c
+++ b/libsoup/hsts/soup-hsts-enforcer.c
@@ -56,6 +56,7 @@ static guint signals[LAST_SIGNAL] = { 0 };
 
 typedef struct {
        SoupSession *session;
+        GMutex mutex;
        GHashTable *host_policies;
        GHashTable *session_policies;
 } SoupHSTSEnforcerPrivate;
@@ -77,6 +78,7 @@ soup_hsts_enforcer_init (SoupHSTSEnforcer *hsts_enforcer)
        priv->session_policies = g_hash_table_new_full (soup_str_case_hash,
                                                                       soup_str_case_equal,
                                                                       g_free, NULL);
+        g_mutex_init (&priv->mutex);
 }
 
 static void
@@ -96,6 +98,8 @@ soup_hsts_enforcer_finalize (GObject *object)
                soup_hsts_policy_free (value);
        g_hash_table_destroy (priv->session_policies);
 
+        g_mutex_clear (&priv->mutex);
+
        G_OBJECT_CLASS (soup_hsts_enforcer_parent_class)->finalize (object);
 }
 
@@ -337,21 +341,24 @@ soup_hsts_enforcer_set_policy (SoupHSTSEnforcer *hsts_enforcer,
        domain = soup_hsts_policy_get_domain (policy);
        g_return_if_fail (domain != NULL);
 
-       is_session_policy = soup_hsts_policy_is_session_policy (policy);
-       policies = is_session_policy ? priv->session_policies :
-                                 priv->host_policies;
+        g_mutex_lock (&priv->mutex);
 
+       is_session_policy = soup_hsts_policy_is_session_policy (policy);
        if (!is_session_policy && soup_hsts_policy_is_expired (policy)) {
                soup_hsts_enforcer_remove_host_policy (hsts_enforcer, domain);
+                g_mutex_unlock (&priv->mutex);
                return;
        }
 
+        policies = is_session_policy ? priv->session_policies : priv->host_policies;
        current_policy = g_hash_table_lookup (policies, domain);
 
        if (current_policy)
                soup_hsts_enforcer_replace_policy (hsts_enforcer, policy);
        else
                soup_hsts_enforcer_insert_policy (hsts_enforcer, policy);
+
+        g_mutex_unlock (&priv->mutex);
 }
 
 /**
@@ -421,19 +428,28 @@ static gboolean
 soup_hsts_enforcer_must_enforce_secure_transport (SoupHSTSEnforcer *hsts_enforcer,
                                                  const char *domain)
 {
+        SoupHSTSEnforcerPrivate *priv = soup_hsts_enforcer_get_instance_private (hsts_enforcer);
        const char *super_domain = domain;
 
        g_return_val_if_fail (domain != NULL, FALSE);
 
-       if (soup_hsts_enforcer_has_valid_policy (hsts_enforcer, domain))
+        g_mutex_lock (&priv->mutex);
+
+       if (soup_hsts_enforcer_has_valid_policy (hsts_enforcer, domain)) {
+                g_mutex_unlock (&priv->mutex);
                return TRUE;
+        }
 
        while ((super_domain = super_domain_of (super_domain)) != NULL) {
                if (soup_hsts_enforcer_host_includes_subdomains (hsts_enforcer, super_domain) &&
-                   soup_hsts_enforcer_has_valid_policy (hsts_enforcer, super_domain))
+                   soup_hsts_enforcer_has_valid_policy (hsts_enforcer, super_domain)) {
+                        g_mutex_unlock (&priv->mutex);
                        return TRUE;
+                }
        }
 
+        g_mutex_unlock (&priv->mutex);
+
        return FALSE;
 }