urldata: make magic be the first struct field

By making the `magic` identifier the same size and at the same place within the structs (easy, multi, share), libcurl will be able to more reliably detect and safely error out if an application passes in the wrong handle to APIs. Easier to detect and less likely to cause crashes if done. Such mixups can't be detected at compile-time due to them being typedefed void pointers - unless `CURL_STRICTER` is defined. Closes #6484
2025-04-12 16:20:35 +08:00 · 2021-01-19 08:23:52 +01:00 · 2021-01-19 08:23:52 +01:00 · 942cf12c2f
commit 942cf12c2f
parent 13bc1ea9bc
6 changed files with 24 additions and 11 deletions
--- a/lib/multi.c
+++ b/lib/multi.c
@ -69,7 +69,7 @@
 #define CURL_MULTI_HANDLE 0x000bab1e

 #define GOOD_MULTI_HANDLE(x) \
-  ((x) && (x)->type == CURL_MULTI_HANDLE)
+  ((x) && (x)->magic == CURL_MULTI_HANDLE)

 static CURLMcode singlesocket(struct Curl_multi *multi,
                              struct Curl_easy *data);
@ -360,7 +360,7 @@ struct Curl_multi *Curl_multi_handle(int hashsize, /* socket hash */
  if(!multi)
    return NULL;

-  multi->type = CURL_MULTI_HANDLE;
+  multi->magic = CURL_MULTI_HANDLE;

  if(Curl_mk_dnscache(&multi->hostcache))
    goto error;
@ -2453,7 +2453,7 @@ CURLMcode curl_multi_cleanup(struct Curl_multi *multi)
    if(multi->in_callback)
      return CURLM_RECURSIVE_API_CALL;

-    multi->type = 0; /* not good anymore */
+    multi->magic = 0; /* not good anymore */

    /* Firsrt remove all remaining easy handles */
    data = multi->easyp;
--- a/lib/multihandle.h
+++ b/lib/multihandle.h
@ -7,7 +7,7 @@
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
- * Copyright (C) 1998 - 2020, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
@ -83,7 +83,7 @@ typedef enum {
 struct Curl_multi {
  /* First a simple identifier to easier detect if a user mix up
     this multi handle with an easy handle. Set this to CURL_MULTI_HANDLE. */
-  long type;
+  unsigned int magic;

  /* We have a doubly-linked list with easy handles */
  struct Curl_easy *easyp;
--- a/lib/setopt.c
+++ b/lib/setopt.c
@ -2169,8 +2169,9 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, va_list param)
      data->share = NULL;
    }

-    /* use new share if it set */
-    data->share = set;
+    if(GOOD_SHARE_HANDLE(set))
+      /* use new share if it set */
+      data->share = set;
    if(data->share) {

      Curl_share_lock(data, CURL_LOCK_DATA_SHARE, CURL_LOCK_ACCESS_SINGLE);
--- a/lib/share.c
+++ b/lib/share.c
@ -5,7 +5,7 @@
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
- * Copyright (C) 1998 - 2020, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
@ -37,6 +37,7 @@ curl_share_init(void)
 {
  struct Curl_share *share = calloc(1, sizeof(struct Curl_share));
  if(share) {
+    share->magic = CURL_GOOD_SHARE;
    share->specifier |= (1<<CURL_LOCK_DATA_SHARE);

    if(Curl_mk_dnscache(&share->hostcache)) {
@ -59,6 +60,9 @@ curl_share_setopt(struct Curl_share *share, CURLSHoption option, ...)
  void *ptr;
  CURLSHcode res = CURLSHE_OK;

+  if(!GOOD_SHARE_HANDLE(share))
+    return CURLSHE_INVALID;
+
  if(share->dirty)
    /* don't allow setting options while one or more handles are already
       using this share */
@ -184,7 +188,7 @@ curl_share_setopt(struct Curl_share *share, CURLSHoption option, ...)
 CURLSHcode
 curl_share_cleanup(struct Curl_share *share)
 {
-  if(share == NULL)
+  if(!GOOD_SHARE_HANDLE(share))
    return CURLSHE_INVALID;

  if(share->lockfunc)
@ -218,6 +222,7 @@ curl_share_cleanup(struct Curl_share *share)

  if(share->unlockfunc)
    share->unlockfunc(NULL, CURL_LOCK_DATA_SHARE, share->clientdata);
+  share->magic = 0;
  free(share);

  return CURLSHE_OK;
--- a/lib/share.h
+++ b/lib/share.h
@ -7,7 +7,7 @@
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
- * Copyright (C) 1998 - 2020, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
@ -37,8 +37,12 @@
 #define CURL_VOLATILE volatile
 #endif

+#define CURL_GOOD_SHARE 0x7e117a1e
+#define GOOD_SHARE_HANDLE(x) ((x) && (x)->magic == CURL_GOOD_SHARE)
+
 /* this struct is libcurl-private, don't export details */
 struct Curl_share {
+  unsigned int magic; /* CURL_GOOD_SHARE */
  unsigned int specifier;
  CURL_VOLATILE unsigned int dirty;

--- a/lib/urldata.h
+++ b/lib/urldata.h
@ -1884,6 +1884,10 @@ struct Names {
 */

 struct Curl_easy {
+  /* First a simple identifier to easier detect if a user mix up this easy
+     handle with a multi handle. Set this to CURLEASY_MAGIC_NUMBER */
+  unsigned int magic;
+
  /* first, two fields for the linked list of these */
  struct Curl_easy *next;
  struct Curl_easy *prev;
@ -1947,7 +1951,6 @@ struct Curl_easy {
 #ifdef USE_HYPER
  struct hyptransfer hyp;
 #endif
-  unsigned int magic;          /* set to a CURLEASY_MAGIC_NUMBER */
 };

 #define LIBCURL_NAME "libcurl"