From: Steve Langasek <vorlon@debian.org>
Date: Tue, 2 Jun 2026 20:35:10 +0800
Subject: getaddrinfo-is-threadsafe

OpenLDAP upstream conservatively assumes that certain resolver functions
(getaddrinfo, getnameinfo, res_query, dn_expand) are not re-entrant; but we
know that the glibc implementations of these functions are thread-safe, so
we should bypass the use of this mutex.  This fixes a locking problem when
an application uses libldap and libnss-ldap is also used for hosts
resolution.

Closes Debian bug #340601.

Not suitable for forwarding upstream; might be made suitable by adding a
configure-time check for glibc and disabling the mutex only on known
thread-safe implementations.
---
 libraries/libldap/os-ip.c    | 6 ------
 libraries/libldap/util-int.c | 2 --
 2 files changed, 8 deletions(-)

diff --git a/libraries/libldap/os-ip.c b/libraries/libldap/os-ip.c
index 6c86edd..ab6ef49 100644
--- a/libraries/libldap/os-ip.c
+++ b/libraries/libldap/os-ip.c
@@ -645,13 +645,7 @@ ldap_connect_to_host(LDAP *ld, Sockbuf *sb,
 	hints.ai_socktype = socktype;
 	snprintf(serv, sizeof serv, "%d", port );
 
-	/* most getaddrinfo(3) use non-threadsafe resolver libraries */
-	LDAP_MUTEX_LOCK(&ldap_int_resolv_mutex);
-
 	err = getaddrinfo( host, serv, &hints, &res );
-
-	LDAP_MUTEX_UNLOCK(&ldap_int_resolv_mutex);
-
 	if ( err != 0 ) {
 		Debug1(LDAP_DEBUG_TRACE,
 			"ldap_connect_to_host: getaddrinfo failed: %s\n",
diff --git a/libraries/libldap/util-int.c b/libraries/libldap/util-int.c
index 95bfba9..5669aa4 100644
--- a/libraries/libldap/util-int.c
+++ b/libraries/libldap/util-int.c
@@ -487,9 +487,7 @@ int ldap_pvt_get_hname(
 	int rc;
 #if defined( HAVE_GETNAMEINFO )
 
-	LDAP_MUTEX_LOCK( &ldap_int_resolv_mutex );
 	rc = getnameinfo( sa, len, name, namelen, NULL, 0, 0 );
-	LDAP_MUTEX_UNLOCK( &ldap_int_resolv_mutex );
 	if ( rc ) *err = (char *)AC_GAI_STRERROR( rc );
 	return rc;
 
