feat(transport): use share handle #1996
Conversation
![sentry[bot]](https://avatars.githubusercontent.com/u/1396951?s=60&v=4){kind=small}
src/HttpClient/HttpClient.php
Outdated
| curl_share_setopt($this->shareHandle, \CURLOPT_SHARE, \CURL_LOCK_DATA_DNS); | ||
| if (\defined('CURL_LOCK_DATA_CONNECT')) { | ||
| curl_share_setopt($this->shareHandle, \CURLOPT_SHARE, \CURL_LOCK_DATA_CONNECT); | ||
| } | ||
| if (\defined('CURL_LOCK_DATA_SSL_SESSION')) { | ||
| curl_share_setopt($this->shareHandle, \CURLOPT_SHARE, \CURL_LOCK_DATA_SSL_SESSION); |
This comment was marked as outdated.
This comment was marked as outdated.
Sorry, something went wrong.
| if ($this->shareHandle !== null) { | ||
| curl_setopt($curlHandle, \CURLOPT_SHARE, $this->shareHandle); | ||
| } |
This comment was marked as outdated.
This comment was marked as outdated.
Sorry, something went wrong.
There was a problem hiding this comment.
The documentation doesn't mention that curl_share_init can return false, in contrast to curl_init.
src/HttpClient/HttpClient.php
Outdated
| $this->sdkIdentifier = $sdkIdentifier; | ||
| $this->sdkVersion = $sdkVersion; | ||
| if (\function_exists('curl_share_init_persistent')) { | ||
| $shareOptions = [\CURL_LOCK_DATA_DNS, \CURL_LOCK_DATA_CONNECT]; |
This comment was marked as outdated.
This comment was marked as outdated.
Sorry, something went wrong.
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
| } | ||
| if (\defined('CURL_LOCK_DATA_SSL_SESSION')) { | ||
| curl_share_setopt($this->shareHandle, \CURLSHOPT_SHARE, \CURL_LOCK_DATA_SSL_SESSION); | ||
| } | ||
| } catch (\Throwable $throwable) { | ||
| // don't crash if the share handle cannot be created | ||
| } |
There was a problem hiding this comment.
Bug: The return values of curl_share_setopt() are not checked. If a call fails, the share handle will be misconfigured, silently disabling the intended caching feature.
Severity: MEDIUM
🔍 Detailed Analysis
The try-catch block around curl_share_init() is intended to gracefully handle setup failures. However, the subsequent curl_share_setopt() calls do not throw exceptions on failure; they return false. The code does not check these return values. If any curl_share_setopt() call fails, the catch block is skipped, and $this->shareHandle remains set to a partially configured handle. This misconfigured handle will be used later, causing the intended DNS, connect, and SSL session sharing to fail silently without any error or warning. The feature will not work as expected.
💡 Suggested Fix
Check the boolean return value of each curl_share_setopt() call. If any call returns false, set $this->shareHandle to null to prevent the misconfigured handle from being used, aligning with the intended graceful degradation.
🤖 Prompt for AI Agent
Review the code at the location below. A potential bug has been identified by an AI
agent.
Verify if this is a real issue. If it is, propose a fix; if not, explain why it's not
valid.
Location: src/HttpClient/HttpClient.php#L58-L64
Potential issue: The `try-catch` block around `curl_share_init()` is intended to
gracefully handle setup failures. However, the subsequent `curl_share_setopt()` calls do
not throw exceptions on failure; they return `false`. The code does not check these
return values. If any `curl_share_setopt()` call fails, the `catch` block is skipped,
and `$this->shareHandle` remains set to a partially configured handle. This
misconfigured handle will be used later, causing the intended DNS, connect, and SSL
session sharing to fail silently without any error or warning. The feature will not work
as expected.
Did we get this right? 👍 / 👎 to inform future reviews.
Reference ID: 8543567
| // If the persistent share handle cannot be created or doesn't exist | ||
| if ($this->shareHandle === null) { | ||
| try { | ||
| $this->shareHandle = curl_share_init(); |
There was a problem hiding this comment.
Missing check for false return from curl_share_init
Medium Severity
When curl_share_init() returns false (possible in PHP 7.x on failure), $this->shareHandle is set to false. The check if ($this->shareHandle !== null) passes since false !== null is true, causing curl_setopt() to be called with false as the share handle. The PR discussion explicitly noted this concern ("an extra check doesn't hurt") but the check wasn't added. This could cause warnings and prevent proper fallback behavior when share handle initialization fails.
Adds either a regular share handle or a persistent one to our curl handle, so it can share connect, DNS and SSL between each request without having to reestablish it.
When available, it will use the persistent share handle which should improve request performance between PHP executions. It falls back to the regular share handle which can improve performance within the same PHP execution if multiple requests are performed.