Module: wine Branch: master Commit: 17b4abf47f369a056401abc3b9e60f9c94e4eb5f URL: http://source.winehq.org/git/wine.git/?a=commit;h=17b4abf47f369a056401abc3b9...
Author: Hans Leidekker hans@codeweavers.com Date: Tue Aug 16 12:30:02 2016 +0200
winhttp: Validate the port number in WinHttpCrackUrl.
Signed-off-by: Hans Leidekker hans@codeweavers.com Signed-off-by: Alexandre Julliard julliard@winehq.org
---
dlls/winhttp/tests/url.c | 22 ++++++++++++++++++++++ dlls/winhttp/url.c | 19 ++++++++++++++++--- 2 files changed, 38 insertions(+), 3 deletions(-)
diff --git a/dlls/winhttp/tests/url.c b/dlls/winhttp/tests/url.c index ec6dbd0..27979f6 100644 --- a/dlls/winhttp/tests/url.c +++ b/dlls/winhttp/tests/url.c @@ -69,6 +69,9 @@ static const WCHAR url12[] = static const WCHAR url13[] = {'h','t','t','p',':','/','/','w','i','n','e','h','q','.','o',' ','g','/','p','a','t','h',' ','w','i','t','h',' ','s','p','a','c','e','s',0}; static const WCHAR url14[] = {'h','t','t','p',':','/','/','w','w','w','.','w','i','n','e','h','q','.','o','r','g','/','t','e','s','t',0}; +static const WCHAR url15[] = {'h','t','t','p',':','/','/','w','i','n','e','h','q','.','o','r','g',':','6','5','5','3','6',0}; +static const WCHAR url16[] = {'h','t','t','p',':','/','/','w','i','n','e','h','q','.','o','r','g',':','0',0}; +static const WCHAR url17[] = {'h','t','t','p',':','/','/','w','i','n','e','h','q','.','o','r','g',':',0};
static const WCHAR url_k1[] = {'h','t','t','p',':','/','/','u','s','e','r','n','a','m','e',':','p','a','s','s','w','o','r','d', @@ -718,6 +721,25 @@ static void WinHttpCrackUrl_test( void ) ok( uc.dwUrlPathLength == 0, "unexpected length %u\n", uc.dwUrlPathLength ); ok( !uc.lpszExtraInfo, "unexpected extra info %s\n", wine_dbgstr_w(uc.lpszExtraInfo) ); ok( uc.dwExtraInfoLength == 0, "unexpected length %u\n", uc.dwExtraInfoLength ); + + reset_url_components( &uc ); + SetLastError( 0xdeadbeef ); + ret = WinHttpCrackUrl( url15, 0, 0, &uc ); + error = GetLastError(); + ok( !ret, "WinHttpCrackUrl succeeded\n" ); + ok( error == ERROR_WINHTTP_INVALID_URL, "got %u\n", error ); + + reset_url_components( &uc ); + uc.nPort = 1; + ret = WinHttpCrackUrl( url16, 0, 0, &uc ); + ok( ret, "got %u\n", GetLastError() ); + ok( !uc.nPort, "got %u\n", uc.nPort ); + + reset_url_components( &uc ); + uc.nPort = 1; + ret = WinHttpCrackUrl( url17, 0, 0, &uc ); + ok( ret, "got %u\n", GetLastError() ); + todo_wine ok( uc.nPort == 80, "got %u\n", uc.nPort ); }
START_TEST(url) diff --git a/dlls/winhttp/url.c b/dlls/winhttp/url.c index 2b479a9..8888b8f 100644 --- a/dlls/winhttp/url.c +++ b/dlls/winhttp/url.c @@ -163,6 +163,19 @@ static WCHAR *escape_url( LPCWSTR url, DWORD *len ) return ret; }
+static DWORD parse_port( const WCHAR *str, DWORD len, INTERNET_PORT *ret ) +{ + const WCHAR *p = str; + DWORD port = 0; + while (len && isdigitW( *p )) + { + if ((port = port * 10 + *p - '0') > 65535) return ERROR_WINHTTP_INVALID_URL; + p++; len--; + } + *ret = port; + return ERROR_SUCCESS; +} + /*********************************************************************** * WinHttpCrackUrl (winhttp.@) */ @@ -172,7 +185,7 @@ BOOL WINAPI WinHttpCrackUrl( LPCWSTR url, DWORD len, DWORD flags, LPURL_COMPONEN DWORD err, scheme_len, user_len, passwd_len, host_len, path_len, extra_len; INTERNET_SCHEME scheme = 0;
- TRACE("%s, %d, %x, %p\n", debugstr_w(url), len, flags, uc); + TRACE("%s, %d, %x, %p\n", debugstr_wn(url, len), len, flags, uc);
if (!url || !uc || uc->dwStructSize != sizeof(URL_COMPONENTS)) { @@ -258,7 +271,7 @@ BOOL WINAPI WinHttpCrackUrl( LPCWSTR url, DWORD len, DWORD flags, LPURL_COMPONEN { if ((err = set_component( &uc->lpszHostName, &host_len, p, r - p, flags ))) goto exit; r++; - uc->nPort = atoiW( r ); + if ((err = parse_port( r, q - r, &uc->nPort ))) goto exit; } else { @@ -284,7 +297,7 @@ BOOL WINAPI WinHttpCrackUrl( LPCWSTR url, DWORD len, DWORD flags, LPURL_COMPONEN { if ((err = set_component( &uc->lpszHostName, &host_len, p, r - p, flags ))) goto exit; r++; - uc->nPort = atoiW( r ); + if ((err = parse_port( r, len - (r - url), &uc->nPort ))) goto exit; } else {