Fix possible race conditions

jedisct1 · jedisct1 · commit d943aba34733 · 2025-05-26T09:06:01.000+02:00
diff --git a/dnscrypt-proxy/common.go b/dnscrypt-proxy/common.go
@@ -8,6 +8,7 @@ import (
 	"os"
 	"strconv"
 	"strings"
+	"sync"
 	"unicode"
 )
 
@@ -40,6 +41,7 @@ var (
 var (
 	FileDescriptors   = make([]*os.File, 0)
 	FileDescriptorNum = uintptr(0)
+	FileDescriptorsMu sync.Mutex
 )
 
 const (
diff --git a/dnscrypt-proxy/plugin_cache.go b/dnscrypt-proxy/plugin_cache.go
@@ -3,7 +3,7 @@ package main
 import (
 	"crypto/sha512"
 	"encoding/binary"
-	"fmt"
+	"sync"
 	"time"
 
 	"github.com/jedisct1/go-sieve-cache/pkg/sievecache"
@@ -18,7 +18,9 @@ type CachedResponse struct {
 }
 
 type CachedResponses struct {
-	cache *sievecache.ShardedSieveCache[[32]byte, CachedResponse]
+	cache     *sievecache.ShardedSieveCache[[32]byte, CachedResponse]
+	cacheMu   sync.Mutex
+	cacheOnce sync.Once
 }
 
 var cachedResponses CachedResponses
@@ -142,14 +144,15 @@ func (plugin *PluginCacheResponse) Eval(pluginsState *PluginsState, msg *dns.Msg
 		expiration: time.Now().Add(ttl),
 		msg:        *msg,
 	}
-	if cachedResponses.cache == nil {
+	cachedResponses.cacheOnce.Do(func() {
 		cache, err := sievecache.NewSharded[[32]byte, CachedResponse](pluginsState.cacheSize)
-		if err != nil {
-			return fmt.Errorf("failed to initialize the cache: %w", err)
+		if err == nil {
+			cachedResponses.cache = cache
 		}
-		cachedResponses.cache = cache
+	})
+	if cachedResponses.cache != nil {
+		cachedResponses.cache.Insert(cacheKey, cachedResponse)
 	}
-	cachedResponses.cache.Insert(cacheKey, cachedResponse)
 	updateTTL(msg, cachedResponse.expiration)
 
 	return nil
diff --git a/dnscrypt-proxy/proxy.go b/dnscrypt-proxy/proxy.go
@@ -8,6 +8,7 @@ import (
 	"os"
 	"runtime"
 	"strings"
+	"sync"
 	"sync/atomic"
 	"time"
 
@@ -104,18 +105,25 @@ type Proxy struct {
 	SourceDNSCrypt                bool
 	SourceDoH                     bool
 	SourceODoH                    bool
+	listenersMu                   sync.Mutex
 }
 
 func (proxy *Proxy) registerUDPListener(conn *net.UDPConn) {
+	proxy.listenersMu.Lock()
 	proxy.udpListeners = append(proxy.udpListeners, conn)
+	proxy.listenersMu.Unlock()
 }
 
 func (proxy *Proxy) registerTCPListener(listener *net.TCPListener) {
+	proxy.listenersMu.Lock()
 	proxy.tcpListeners = append(proxy.tcpListeners, listener)
+	proxy.listenersMu.Unlock()
 }
 
 func (proxy *Proxy) registerLocalDoHListener(listener *net.TCPListener) {
+	proxy.listenersMu.Lock()
 	proxy.localDoHListeners = append(proxy.localDoHListeners, listener)
+	proxy.listenersMu.Unlock()
 }
 
 func (proxy *Proxy) addDNSListener(listenAddrStr string) {
@@ -168,23 +176,29 @@ func (proxy *Proxy) addDNSListener(listenAddrStr string) {
 		}
 		defer listenerUDP.Close()
 		defer listenerTCP.Close()
+		FileDescriptorsMu.Lock()
 		FileDescriptors = append(FileDescriptors, fdUDP)
 		FileDescriptors = append(FileDescriptors, fdTCP)
+		FileDescriptorsMu.Unlock()
 		return
 	}
 
 	// child
+	FileDescriptorsMu.Lock()
 	listenerUDP, err := net.FilePacketConn(os.NewFile(InheritedDescriptorsBase+FileDescriptorNum, "listenerUDP"))
 	if err != nil {
+		FileDescriptorsMu.Unlock()
 		dlog.Fatalf("Unable to switch to a different user: %v", err)
 	}
 	FileDescriptorNum++
 
 	listenerTCP, err := net.FileListener(os.NewFile(InheritedDescriptorsBase+FileDescriptorNum, "listenerTCP"))
 	if err != nil {
+		FileDescriptorsMu.Unlock()
 		dlog.Fatalf("Unable to switch to a different user: %v", err)
 	}
 	FileDescriptorNum++
+	FileDescriptorsMu.Unlock()
 
 	dlog.Noticef("Now listening to %v [UDP]", listenUDPAddr)
 	proxy.registerUDPListener(listenerUDP.(*net.UDPConn))

Original file line number	Diff line number	Diff line change
`@@ -8,6 +8,7 @@ import (`
`8`	`8`	`"os"`
`9`	`9`	`"strconv"`
`10`	`10`	`"strings"`
	`11`	`+ "sync"`
`11`	`12`	`"unicode"`
`12`	`13`	`)`
`13`	`14`
`@@ -40,6 +41,7 @@ var (`
`40`	`41`	`var (`
`41`	`42`	`FileDescriptors = make([]*os.File, 0)`
`42`	`43`	`FileDescriptorNum = uintptr(0)`
	`44`	`+ FileDescriptorsMu sync.Mutex`
`43`	`45`	`)`
`44`	`46`
`45`	`47`	`const (`