Module: wine Branch: master Commit: 493b6915caf78f180dfa244ab8a27f17be724c90 URL: http://source.winehq.org/git/wine.git/?a=commit;h=493b6915caf78f180dfa244ab8...
Author: Hans Leidekker hans@it.vu.nl Date: Wed May 7 13:19:37 2008 +0200
wininet: Deal with bogus accept types array passed into HttpOpenRequestA.
---
dlls/wininet/http.c | 44 +++++++++++++++++++++++++++++--------------- dlls/wininet/tests/http.c | 26 ++++++++++++++++++++++++++ 2 files changed, 55 insertions(+), 15 deletions(-)
diff --git a/dlls/wininet/http.c b/dlls/wininet/http.c index 7f336f4..3cafcae 100644 --- a/dlls/wininet/http.c +++ b/dlls/wininet/http.c @@ -964,9 +964,10 @@ HINTERNET WINAPI HttpOpenRequestA(HINTERNET hHttpSession, { LPWSTR szVerb = NULL, szObjectName = NULL; LPWSTR szVersion = NULL, szReferrer = NULL, *szAcceptTypes = NULL; - INT len; - INT acceptTypesCount; + INT len, acceptTypesCount; HINTERNET rc = FALSE; + LPCSTR *types; + TRACE("(%p, %s, %s, %s, %s, %p, %08x, %08lx)\n", hHttpSession, debugstr_a(lpszVerb), debugstr_a(lpszObjectName), debugstr_a(lpszVersion), debugstr_a(lpszReferrer), lpszAcceptTypes, @@ -1008,24 +1009,37 @@ HINTERNET WINAPI HttpOpenRequestA(HINTERNET hHttpSession, MultiByteToWideChar(CP_ACP, 0, lpszReferrer, -1, szReferrer, len ); }
- acceptTypesCount = 0; if (lpszAcceptTypes) { - /* find out how many there are */ - while (lpszAcceptTypes[acceptTypesCount] && *lpszAcceptTypes[acceptTypesCount]) - acceptTypesCount++; + acceptTypesCount = 0; + types = lpszAcceptTypes; + while (*types) + { + /* find out how many there are */ + if (((ULONG_PTR)*types >> 16) && **types) + { + TRACE("accept type: %s\n", debugstr_a(*types)); + acceptTypesCount++; + } + types++; + } szAcceptTypes = HeapAlloc(GetProcessHeap(), 0, sizeof(WCHAR *) * (acceptTypesCount+1)); + if (!szAcceptTypes) goto end; + acceptTypesCount = 0; - while (lpszAcceptTypes[acceptTypesCount] && *lpszAcceptTypes[acceptTypesCount]) + types = lpszAcceptTypes; + while (*types) { - len = MultiByteToWideChar(CP_ACP, 0, lpszAcceptTypes[acceptTypesCount], - -1, NULL, 0 ); - szAcceptTypes[acceptTypesCount] = HeapAlloc(GetProcessHeap(), 0, len * sizeof(WCHAR)); - if (!szAcceptTypes[acceptTypesCount] ) - goto end; - MultiByteToWideChar(CP_ACP, 0, lpszAcceptTypes[acceptTypesCount], - -1, szAcceptTypes[acceptTypesCount], len ); - acceptTypesCount++; + if (((ULONG_PTR)*types >> 16) && **types) + { + len = MultiByteToWideChar(CP_ACP, 0, *types, -1, NULL, 0 ); + szAcceptTypes[acceptTypesCount] = HeapAlloc(GetProcessHeap(), 0, len * sizeof(WCHAR)); + if (!szAcceptTypes[acceptTypesCount]) goto end; + + MultiByteToWideChar(CP_ACP, 0, *types, -1, szAcceptTypes[acceptTypesCount], len); + acceptTypesCount++; + } + types++; } szAcceptTypes[acceptTypesCount] = NULL; } diff --git a/dlls/wininet/tests/http.c b/dlls/wininet/tests/http.c index f1a67ca..705fcac 100644 --- a/dlls/wininet/tests/http.c +++ b/dlls/wininet/tests/http.c @@ -1746,6 +1746,31 @@ static void test_user_agent_header(void) InternetCloseHandle(ses); }
+static void test_bogus_accept_types_array(void) +{ + HINTERNET ses, con, req; + static const char *types[] = { (const char *)6240, "*/*", "%p", "", "*/*", NULL }; + DWORD size; + char buffer[32]; + BOOL ret; + + ses = InternetOpen("MERONG(0.9/;p)", INTERNET_OPEN_TYPE_DIRECT, "", "", 0); + con = InternetConnect(ses, "www.winehq.org", 80, NULL, NULL, INTERNET_SERVICE_HTTP, 0, 0); + req = HttpOpenRequest(con, "POST", "/post/post_action.php", "HTTP/1.0", "", types, INTERNET_FLAG_FORMS_SUBMIT, 0); + + ok(req != NULL, "HttpOpenRequest failed: %u\n", GetLastError()); + + buffer[0] = 0; + size = sizeof(buffer); + ret = HttpQueryInfo(req, HTTP_QUERY_ACCEPT | HTTP_QUERY_FLAG_REQUEST_HEADERS, buffer, &size, NULL); + ok(ret, "HttpQueryInfo failed: %u\n", GetLastError()); + ok(!strcmp(buffer, "*/*, %p, */*"), "got '%s' expected '*/*, %%p, */*'\n", buffer); + + InternetCloseHandle(req); + InternetCloseHandle(con); + InternetCloseHandle(ses); +} + #define STATUS_STRING(status) \ memcpy(status_string[status], #status, sizeof(CHAR) * \ (strlen(#status) < MAX_STATUS_NAME ? \ @@ -1821,4 +1846,5 @@ START_TEST(http) HttpHeaders_test(); test_http_connection(); test_user_agent_header(); + test_bogus_accept_types_array(); }