13 Jul
2022
13 Jul
'22
11:40 a.m.
Jacek Caban (@jacek) commented about dlls/mshtml/navigate.c:
static const WCHAR charsetW[] = {'c','h','a','r','s','e','t','='};
ptr = wcschr(value, ';'); + for(end = ptr ? ptr : value + len; end > value; end--) + if(!iswspace(end[-1])) + break; + for(beg = value; beg < end; beg++) + if(!iswspace(*beg)) + break; + + if((content_type = heap_strndupWtoU(beg, end - beg))) { + heap_free(This->nschannel->content_type); + This->nschannel->content_type = content_type; + strlwr(content_type); + }
This can still unconditionally override a validated content content type. -- https://gitlab.winehq.org/wine/wine/-/merge_requests/399#note_4066