Make CardMonitor() thread safe

We had a TOCTOU bug in the handling of CardMonitor.instance field. https://en.wikipedia.org/wiki/Time-of-check_to_time-of-use Thanks to Lars Lengersdorf for the bug reprot " pyscard seems to be not thread save #162 " Fixes: #162
LudovicRousseau · Mar 4, 2024 · 7521237 · 7521237
1 parent ba0da37
commit 7521237
Showing 1 changed file with 5 additions and 3 deletions.
diff --git a/smartcard/CardMonitoring.py b/smartcard/CardMonitoring.py
@@ -28,7 +28,7 @@
 Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
 """
 
-from threading import Thread, Event
+from threading import Thread, Event, Lock
 from time import sleep
 import traceback
 
@@ -123,10 +123,12 @@ def __str__(self):
 
     # the singleton
     instance = None
+    lock = Lock()
 
     def __init__(self):
-        if not CardMonitor.instance:
-            CardMonitor.instance = CardMonitor.__CardMonitorSingleton()
+        with CardMonitor.lock:
+            if not CardMonitor.instance:
+                CardMonitor.instance = CardMonitor.__CardMonitorSingleton()
 
     def __getattr__(self, name):
         return getattr(self.instance, name)