http://bugs.winehq.org/show_bug.cgi?id=3306
Summary: wininet: bad Host header generated if referer doesn't 'crack' Product: Wine Version: CVS Platform: All OS/Version: other Status: UNCONFIRMED Severity: normal Priority: P2 Component: wine-net AssignedTo: wine-bugs@winehq.org ReportedBy: orin@pinhead.cc
If a 'referer' is passed into HttpOpenRequest in a form that InternetCrackUrlW fails to crack, the host header will be generated from an uninitialized local variable.
There are two things wrong here.
Firstly, the return from InternetCrackUrlW isn't tested for success before using the results.
Secondly, the Host header should not be derived from the Referer header. The Host header should be derived from the URL that is being requested if the URL contains a host or from the server if not.
From the HTTP spec (RFC 2616):
"The Host request-header field specifies the Internet host and port number of the resource being requested, as obtained from the original URI given by the user or referring resource (generally an HTTP URL, as described in section 3.2.2)."
This does seem ambiguous, but it should be read: ...as obtained from the original URI (given by the user or referring resource (generally an HTTP URL, as described in section 3.2.2))
It's just noting where the original URI came from.
I'll submit a patch that prevents this particular problem, but haven't yet considered the implications if going through a proxy.
-
Wine Bugs