diff options
| author | Milan Crha <mcrha@redhat.com> | 2022-08-16 15:22:39 +0200 |
|---|---|---|
| committer | Alexander Larsson <alexander.larsson@gmail.com> | 2022-08-22 10:36:30 +0200 |
| commit | dc82a19dc58d1fee25f45daeb5114338526ec8f7 (patch) | |
| tree | d6de371be78c2e0427ae673353637a94df9e455c | |
| parent | 764e5a4d0cd7f5b39d569fac62faa018b48d6d1b (diff) | |
| download | flatpak-dc82a19dc58d1fee25f45daeb5114338526ec8f7.tar.gz | |
common: Add thread safety on libcurl usage
There can happen a race condition between internal libcurl structure
content when two threads set the `data` structure for the callbacks
from two threads, which can cause access of already freed stack-allocated
`data`, resulting in a memory corruption.
Closes https://github.com/flatpak/flatpak/issues/3701
| -rw-r--r-- | common/flatpak-utils-http.c | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/common/flatpak-utils-http.c b/common/flatpak-utils-http.c index 8bf2e707..831145d9 100644 --- a/common/flatpak-utils-http.c +++ b/common/flatpak-utils-http.c @@ -243,6 +243,7 @@ G_DEFINE_AUTOPTR_CLEANUP_FUNC (auto_curl_slist, curl_slist_free_all) struct FlatpakHttpSession { CURL *curl; + GMutex lock; }; static void @@ -369,6 +370,8 @@ flatpak_create_http_session (const char *user_agent) session->curl = curl = curl_easy_init(); g_assert (session->curl != NULL); + g_mutex_init (&session->lock); + curl_easy_setopt (curl, CURLOPT_USERAGENT, user_agent); rc = curl_easy_setopt (curl, CURLOPT_PROTOCOLS, (long)(CURLPROTO_HTTP | CURLPROTO_HTTPS)); g_assert_cmpint (rc, ==, CURLM_OK); @@ -406,7 +409,10 @@ flatpak_create_http_session (const char *user_agent) void flatpak_http_session_free (FlatpakHttpSession* session) { + g_mutex_lock (&session->lock); curl_easy_cleanup (session->curl); + g_mutex_unlock (&session->lock); + g_mutex_clear (&session->lock); g_free (session); } @@ -447,6 +453,7 @@ flatpak_download_http_uri_once (FlatpakHttpSession *session, g_autofree char *auth_header = NULL; g_autofree char *cache_header = NULL; g_autoptr(auto_curl_slist) header_list = NULL; + g_autoptr(GMutexLocker) curl_lock = g_mutex_locker_new (&session->lock); long response; CURL *curl = session->curl; @@ -541,6 +548,9 @@ flatpak_download_http_uri_once (FlatpakHttpSession *session, g_debug ("Received %" G_GUINT64_FORMAT " bytes", data->downloaded_bytes); + /* This is not really needed, but the auto-pointer confuses some compilers in the CI */ + g_clear_pointer (&curl_lock, g_mutex_locker_free); + return TRUE; } |