Cater to duplicated handles used by curl_multi_*()

cmb69 · cmb69 · commit 512ce493c832 · 2020-01-08T15:16:02.000+01:00
Since `curl_multi_perfom()` processes easy handles asynchronously, we
have no control of the operation sequence.  Since duplicated cURL
handles may be used with multi handles, we cannot use a single arg
structure, but actually have to rebuild the whole mime structure on
handle duplication and attach this to the new handle.

This requires to store the zval that has been originally provided for
`CURLOPT_POSTFIELDS`.  Ideally, we would store it in an additional
member of `php_curl`, but since that would constitute a BC break, we
work around by actually storing a union in `to_free-&gt;stream`, and we
retrieve the appropriate zval by sequentially searching the list.
diff --git a/ext/curl/interface.c b/ext/curl/interface.c
@@ -1797,8 +1797,14 @@ static void curl_free_post(void **post)
 /* }}} */
 
 struct mime_file {
-	zend_string *name;
-	php_stream *stream;
+	php_curl *ch;
+	union {
+		zval postfields;
+		struct {
+			zend_string *name;
+			php_stream *stream;
+		};
+	};
 };
 
 /* {{{ curl_free_stream
@@ -1807,8 +1813,12 @@ static void curl_free_stream(void **post)
 {
 	struct mime_file *mime_file = (struct mime_file *) *post;
 
-	ZEND_ASSERT(mime_file->stream == NULL);
-	zend_string_release(mime_file->name);
+	if (mime_file->ch) {
+		Z_DELREF(mime_file->postfields);
+	} else {
+		ZEND_ASSERT(mime_file->stream == NULL);
+		zend_string_release(mime_file->name);
+	}
 	efree(mime_file);
 }
 /* }}} */
@@ -2104,13 +2114,148 @@ void _php_setup_easy_copy_handlers(php_curl *ch, php_curl *source)
 	(*source->clone)++;
 }
 
+#if LIBCURL_VERSION_NUM >= 0x073800 /* 7.56.0 */
+static size_t read_cb(char *buffer, size_t size, size_t nitems, void *arg);
+static int seek_cb(void *arg, curl_off_t offset, int origin);
+static void free_cb(void *arg);
+
+static int rebuild_mime_structure(php_curl *ch, zval *zpostfields)
+{
+	CURLcode error = CURLE_OK;
+	zval *current;
+	zend_string *string_key;
+	zend_ulong num_key;
+	curl_mime *mime = NULL;
+	curl_mimepart *part;
+	CURLcode form_error;
+	HashTable *postfields = Z_ARRVAL_P(zpostfields);
+
+	if (zend_hash_num_elements(postfields) > 0) {
+		mime = curl_mime_init(ch->cp);
+		if (mime == NULL) {
+			return FAILURE;
+		}
+	}
+
+	ZEND_HASH_FOREACH_KEY_VAL(postfields, num_key, string_key, current) {
+		zend_string *postval, *tmp_postval;
+		/* Pretend we have a string_key here */
+		if (!string_key) {
+			string_key = zend_long_to_str(num_key);
+		} else {
+			zend_string_addref(string_key);
+		}
+
+		ZVAL_DEREF(current);
+		if (Z_TYPE_P(current) == IS_OBJECT &&
+				instanceof_function(Z_OBJCE_P(current), curl_CURLFile_class)) {
+			/* new-style file upload */
+			zval *prop, rv;
+			char *type = NULL, *filename = NULL;
+
+			struct mime_file *mime_file;
+
+
+			prop = zend_read_property(curl_CURLFile_class, current, "name", sizeof("name")-1, 0, &rv);
+			if (Z_TYPE_P(prop) != IS_STRING) {
+				php_error_docref(NULL, E_WARNING, "Invalid filename for key %s", ZSTR_VAL(string_key));
+			} else {
+				postval = Z_STR_P(prop);
+
+				if (php_check_open_basedir(ZSTR_VAL(postval))) {
+					return 1;
+				}
+
+				prop = zend_read_property(curl_CURLFile_class, current, "mime", sizeof("mime")-1, 0, &rv);
+				if (Z_TYPE_P(prop) == IS_STRING && Z_STRLEN_P(prop) > 0) {
+					type = Z_STRVAL_P(prop);
+				}
+				prop = zend_read_property(curl_CURLFile_class, current, "postname", sizeof("postname")-1, 0, &rv);
+				if (Z_TYPE_P(prop) == IS_STRING && Z_STRLEN_P(prop) > 0) {
+					filename = Z_STRVAL_P(prop);
+				}
+
+				mime_file = emalloc(sizeof *mime_file);
+				mime_file->ch = ch;
+				ZVAL_COPY(&mime_file->postfields, zpostfields);
+				zend_llist_add_element(&ch->to_free->stream, &mime_file);
+
+				mime_file = emalloc(sizeof *mime_file);
+				mime_file->ch = NULL;
+				mime_file->name = zend_string_copy(postval);
+				mime_file->stream = NULL;
+				part = curl_mime_addpart(mime);
+				if (part == NULL) {
+					zend_string_release_ex(string_key, 0);
+					return FAILURE;
+				}
+				if ((form_error = curl_mime_name(part, ZSTR_VAL(string_key))) != CURLE_OK
+					|| (form_error = curl_mime_data_cb(part, -1, read_cb, seek_cb, free_cb, mime_file)) != CURLE_OK
+					|| (form_error = curl_mime_filename(part, filename ? filename : ZSTR_VAL(postval))) != CURLE_OK
+					|| (form_error = curl_mime_type(part, type ? type : "application/octet-stream")) != CURLE_OK) {
+					error = form_error;
+				}
+				zend_llist_add_element(&ch->to_free->stream, &mime_file);
+			}
+
+			zend_string_release_ex(string_key, 0);
+			continue;
+		}
+
+		postval = zval_get_tmp_string(current, &tmp_postval);
+
+		part = curl_mime_addpart(mime);
+		if (part == NULL) {
+			zend_tmp_string_release(tmp_postval);
+			zend_string_release_ex(string_key, 0);
+			return FAILURE;
+		}
+		if ((form_error = curl_mime_name(part, ZSTR_VAL(string_key))) != CURLE_OK
+			|| (form_error = curl_mime_data(part, ZSTR_VAL(postval), ZSTR_LEN(postval))) != CURLE_OK) {
+			error = form_error;
+		}
+		zend_tmp_string_release(tmp_postval);
+		zend_string_release_ex(string_key, 0);
+	} ZEND_HASH_FOREACH_END();
+
+	SAVE_CURL_ERROR(ch, error);
+	if (error != CURLE_OK) {
+		return FAILURE;
+	}
+
+	if ((*ch->clone) == 1) {
+		zend_llist_clean(&ch->to_free->post);
+	}
+	zend_llist_add_element(&ch->to_free->post, &mime);
+	error = curl_easy_setopt(ch->cp, CURLOPT_MIMEPOST, mime);
+
+	return SUCCESS;
+}
+
+static HashTable *get_postfields_of_handle(php_curl *ch)
+{
+	struct mime_file *mime_file, **mfp;
+
+	mfp = zend_llist_get_last(&ch->to_free->stream);
+	while (mfp) {
+		mime_file = *mfp;
+		if (mime_file->ch == ch) {
+			return &mime_file->postfields;
+		}
+		mfp = zend_llist_get_prev(&ch->to_free->stream);
+	}
+	return NULL;
+}
+#endif
+
 /* {{{ proto resource curl_copy_handle(resource ch)
    Copy a cURL handle along with all of it's preferences */
 PHP_FUNCTION(curl_copy_handle)
 {
 	CURL		*cp;
 	zval		*zid;
 	php_curl	*ch, *dupch;
+	zval		*postfields;
 
 	ZEND_PARSE_PARAMETERS_START(1,1)
 		Z_PARAM_RESOURCE(zid)
@@ -2131,6 +2276,17 @@ PHP_FUNCTION(curl_copy_handle)
 
 	_php_setup_easy_copy_handlers(dupch, ch);
 
+#if LIBCURL_VERSION_NUM >= 0x073800 /* 7.56.0 */
+	postfields = get_postfields_of_handle(ch);
+	if (postfields) {
+		if (rebuild_mime_structure(dupch, postfields) != SUCCESS) {
+			_php_curl_close_ex(dupch);
+			php_error_docref(NULL, E_WARNING, "Cannot rebuild mime structure");
+			RETURN_FALSE;
+		}
+	}
+#endif
+
 	Z_ADDREF_P(zid);
 
 	ZVAL_RES(return_value, zend_register_resource(dupch, le_curl));
@@ -2144,13 +2300,15 @@ static size_t read_cb(char *buffer, size_t size, size_t nitems, void *arg) /* {{
 	struct mime_file *mime_file = (struct mime_file *) arg;
 	ssize_t numread;
 
+	ZEND_ASSERT(!mime_file->ch);
+
 	if (mime_file->stream == NULL) {
 		if (!(mime_file->stream = php_stream_open_wrapper(ZSTR_VAL(mime_file->name), "rb", IGNORE_PATH, NULL))) {
 			return CURL_READFUNC_ABORT;
 		}
 	}
 	numread = php_stream_read(mime_file->stream, buffer, nitems * size);
-	if (numread <= 0) {
+	if (numread < 0) {
 		php_stream_close(mime_file->stream);
 		mime_file->stream = NULL;
 	}
@@ -2163,17 +2321,28 @@ static int seek_cb(void *arg, curl_off_t offset, int origin) /* {{{ */
 	struct mime_file *mime_file = (struct mime_file *) arg;
 	int res;
 
+	ZEND_ASSERT(!mime_file->ch);
+
 	if (mime_file->stream == NULL) {
 		if (!(mime_file->stream = php_stream_open_wrapper(ZSTR_VAL(mime_file->name), "rb", IGNORE_PATH, NULL))) {
 			return CURL_SEEKFUNC_CANTSEEK;
 		}
 	}
 	res = php_stream_seek(mime_file->stream, offset, origin);
-	if (res) {
+	return !res ? CURL_SEEKFUNC_OK : CURL_SEEKFUNC_CANTSEEK;
+}
+/* }}} */
+
+static void free_cb(void *arg) /* {{{ */
+{
+	struct mime_file *mime_file = (struct mime_file *) arg;
+
+	ZEND_ASSERT(!mime_file->ch);
+
+	if (mime_file->stream != NULL) {
 		php_stream_close(mime_file->stream);
 		mime_file->stream = NULL;
 	}
-	return !res ? CURL_SEEKFUNC_OK : CURL_SEEKFUNC_CANTSEEK;
 }
 /* }}} */
 #endif
@@ -2840,15 +3009,22 @@ static int _php_curl_setopt(php_curl *ch, zend_long option, zval *zvalue) /* {{{
 
 #if LIBCURL_VERSION_NUM >= 0x073800 /* 7.56.0 */
 							mime_file = emalloc(sizeof *mime_file);
+							mime_file->ch = ch;
+							ZVAL_COPY(&mime_file->postfields, zvalue);
+							zend_llist_add_element(&ch->to_free->stream, &mime_file);
+
+							mime_file = emalloc(sizeof *mime_file);
+							mime_file->ch = NULL;
 							mime_file->name = zend_string_copy(postval);
 							mime_file->stream = NULL;
+
 							part = curl_mime_addpart(mime);
 							if (part == NULL) {
 								zend_string_release_ex(string_key, 0);
 								return FAILURE;
 							}
 							if ((form_error = curl_mime_name(part, ZSTR_VAL(string_key))) != CURLE_OK
-								|| (form_error = curl_mime_data_cb(part, -1, read_cb, seek_cb, NULL, mime_file)) != CURLE_OK
+								|| (form_error = curl_mime_data_cb(part, -1, read_cb, seek_cb, free_cb, mime_file)) != CURLE_OK
 								|| (form_error = curl_mime_filename(part, filename ? filename : ZSTR_VAL(postval))) != CURLE_OK
 								|| (form_error = curl_mime_type(part, type ? type : "application/octet-stream")) != CURLE_OK) {
 								error = form_error;
diff --git a/ext/curl/tests/curl_copy_handle_variation4.phpt b/ext/curl/tests/curl_copy_handle_variation4.phpt
@@ -0,0 +1,46 @@
+--TEST--
+curl_copy_handle() allows to post CURLFile multiple times with curl_multi_exec()
+--SKIPIF--
+<?php include 'skipif.inc'; ?>
+--FILE--
+<?php
+include 'server.inc';
+$host = curl_cli_server_start();
+
+$ch1 = curl_init();
+curl_setopt($ch1, CURLOPT_SAFE_UPLOAD, 1);
+curl_setopt($ch1, CURLOPT_URL, "{$host}/get.php?test=file");
+// curl_setopt($ch1, CURLOPT_RETURNTRANSFER, 1);
+
+$filename = __DIR__ . '/АБВ.txt';
+file_put_contents($filename, "Test.");
+$file = curl_file_create($filename);
+$params = array('file' => $file);
+var_dump(curl_setopt($ch1, CURLOPT_POSTFIELDS, $params));
+
+$ch2 = curl_copy_handle($ch1);
+$ch3 = curl_copy_handle($ch1);
+
+$mh = curl_multi_init();
+curl_multi_add_handle($mh, $ch1);
+curl_multi_add_handle($mh, $ch2);
+do {
+    $status = curl_multi_exec($mh, $active);
+    if ($active) {
+        curl_multi_select($mh);
+    }
+} while ($active && $status == CURLM_OK);
+
+curl_multi_remove_handle($mh, $ch1);
+curl_multi_remove_handle($mh, $ch2);
+curl_multi_remove_handle($mh, $ch3);
+curl_multi_close($mh);
+?>
+===DONE===
+--EXPECTF--
+bool(true)
+АБВ.txt|application/octet-stream|5АБВ.txt|application/octet-stream|5===DONE===
+--CLEAN--
+<?php
+@unlink(__DIR__ . '/АБВ.txt');
+?>
diff --git a/ext/curl/tests/curl_copy_handle_variation5.phpt b/ext/curl/tests/curl_copy_handle_variation5.phpt
@@ -0,0 +1,52 @@
+--TEST--
+curl_copy_handle() allows to post CURLFile multiple times if postfields change
+--SKIPIF--
+<?php include 'skipif.inc'; ?>
+--FILE--
+<?php
+include 'server.inc';
+$host = curl_cli_server_start();
+
+$ch1 = curl_init();
+curl_setopt($ch1, CURLOPT_SAFE_UPLOAD, 1);
+curl_setopt($ch1, CURLOPT_URL, "{$host}/get.php?test=file");
+curl_setopt($ch1, CURLOPT_RETURNTRANSFER, 1);
+
+$filename = __DIR__ . '/abc.txt';
+file_put_contents($filename, "Test.");
+$file = curl_file_create($filename);
+$params = array('file' => $file);
+var_dump(curl_setopt($ch1, CURLOPT_POSTFIELDS, $params));
+
+$ch2 = curl_copy_handle($ch1);
+
+$filename = __DIR__ . '/def.txt';
+file_put_contents($filename, "Other test.");
+$file = curl_file_create($filename);
+$params = array('file' => $file);
+var_dump(curl_setopt($ch2, CURLOPT_POSTFIELDS, $params));
+
+$ch3 = curl_copy_handle($ch2);
+
+var_dump(curl_exec($ch1));
+curl_close($ch1);
+
+var_dump(curl_exec($ch2));
+curl_close($ch2);
+
+var_dump(curl_exec($ch3));
+curl_close($ch3);
+?>
+===DONE===
+--EXPECTF--
+bool(true)
+bool(true)
+string(%d) "abc.txt|application/octet-stream|5"
+string(%d) "def.txt|application/octet-stream|11"
+string(%d) "def.txt|application/octet-stream|11"
+===DONE===
+--CLEAN--
+<?php
+@unlink(__DIR__ . '/abc.txt');
+@unlink(__DIR__ . '/def.txt');
+?>
