March 20, 2026
7:50 a.m.
Hans Leidekker (@hans) commented about dlls/winhttp/session.c:
*buflen = sizeof(flags); return TRUE; } + case WINHTTP_OPTION_SECURITY_INFO: + { + WINHTTP_SECURITY_INFO *info = (WINHTTP_SECURITY_INFO *)buffer; + SECURITY_STATUS res; + + if (!validate_buffer( buffer, buflen, sizeof(WINHTTP_SECURITY_INFO) )) return FALSE; + + memset(info, 0 , sizeof(WINHTTP_SECURITY_INFO)); + if (!request->netconn->secure) return TRUE;
request->netconn is not guaranteed to be valid so this should be: ``` if (!request->netconn || !request->netconn->secure) return TRUE; ``` -- https://gitlab.winehq.org/wine/wine/-/merge_requests/10390#note_132948