Module: wine Branch: master Commit: fe678927dd12ba597d4886418cd72f194954f7fa URL: http://source.winehq.org/git/wine.git/?a=commit;h=fe678927dd12ba597d4886418c...
Author: Hans Leidekker hans@codeweavers.com Date: Mon Aug 19 15:52:44 2013 +0200
winhttp: Fix invalid parameter handling in WinHttpQueryAuthSchemes.
---
dlls/winhttp/request.c | 11 ++++++- dlls/winhttp/tests/winhttp.c | 72 ++++++++++++++++++++++++++++++++++++------ 2 files changed, 72 insertions(+), 11 deletions(-)
diff --git a/dlls/winhttp/request.c b/dlls/winhttp/request.c index 00c2238..35a0deb 100644 --- a/dlls/winhttp/request.c +++ b/dlls/winhttp/request.c @@ -1270,12 +1270,14 @@ static BOOL query_auth_schemes( request_t *request, DWORD level, LPDWORD support return FALSE; } scheme = auth_scheme_from_header( buffer ); + heap_free( buffer ); + if (!scheme) break; + if (first && index == 1) *first = *supported = scheme; else *supported |= scheme;
- heap_free( buffer ); ret = TRUE; } return ret; @@ -1302,6 +1304,13 @@ BOOL WINAPI WinHttpQueryAuthSchemes( HINTERNET hrequest, LPDWORD supported, LPDW set_last_error( ERROR_WINHTTP_INCORRECT_HANDLE_TYPE ); return FALSE; } + if (!supported || !first || !target) + { + release_object( &request->hdr ); + set_last_error( ERROR_INVALID_PARAMETER ); + return FALSE; + + }
if (query_auth_schemes( request, WINHTTP_QUERY_WWW_AUTHENTICATE, supported, first )) { diff --git a/dlls/winhttp/tests/winhttp.c b/dlls/winhttp/tests/winhttp.c index 87ddcb0..3157a44 100644 --- a/dlls/winhttp/tests/winhttp.c +++ b/dlls/winhttp/tests/winhttp.c @@ -1881,7 +1881,7 @@ static void test_basic_request(int port, const WCHAR *verb, const WCHAR *path) { HINTERNET ses, con, req; char buffer[0x100]; - DWORD count, status, size, supported, first, target; + DWORD count, status, size, error, supported, first, target; BOOL ret;
ses = WinHttpOpen(test_useragent, 0, NULL, NULL, 0); @@ -1904,12 +1904,15 @@ static void test_basic_request(int port, const WCHAR *verb, const WCHAR *path) ok(ret, "failed to query status code %u\n", GetLastError()); ok(status == 200, "request failed unexpectedly %u\n", status);
- supported = first = target = 0xffff; + supported = first = target = 0xdeadbeef; + SetLastError(0xdeadbeef); ret = WinHttpQueryAuthSchemes(req, &supported, &first, &target); + error = GetLastError(); ok(!ret, "unexpected success\n"); - ok(supported == 0xffff, "got %x\n", supported); - ok(first == 0xffff, "got %x\n", first); - ok(target == 0xffff, "got %x\n", target); + todo_wine ok(error == ERROR_INVALID_OPERATION, "expected ERROR_INVALID_OPERATION, got %u\n", error); + ok(supported == 0xdeadbeef, "got %x\n", supported); + ok(first == 0xdeadbeef, "got %x\n", first); + ok(target == 0xdeadbeef, "got %x\n", target);
count = 0; memset(buffer, 0, sizeof(buffer)); @@ -1941,12 +1944,54 @@ static void test_basic_authentication(int port) req = WinHttpOpenRequest(con, NULL, authW, NULL, NULL, NULL, 0); ok(req != NULL, "failed to open a request %u\n", GetLastError());
- supported = first = target = 0xffff; + SetLastError(0xdeadbeef); + ret = WinHttpQueryAuthSchemes(NULL, NULL, NULL, NULL); + error = GetLastError(); + ok(!ret, "expected failure\n"); + ok(error == ERROR_INVALID_HANDLE, "expected ERROR_INVALID_HANDLE, got %u\n", error); + + SetLastError(0xdeadbeef); + ret = WinHttpQueryAuthSchemes(req, NULL, NULL, NULL); + error = GetLastError(); + ok(!ret, "expected failure\n"); + ok(error == ERROR_INVALID_PARAMETER || error == ERROR_INVALID_OPERATION, "got %u\n", error); + + supported = 0xdeadbeef; + SetLastError(0xdeadbeef); + ret = WinHttpQueryAuthSchemes(req, &supported, NULL, NULL); + error = GetLastError(); + ok(!ret, "expected failure\n"); + ok(error == ERROR_INVALID_PARAMETER || error == ERROR_INVALID_OPERATION, "got %u\n", error); + ok(supported == 0xdeadbeef, "got %x\n", supported); + + supported = first = 0xdeadbeef; + SetLastError(0xdeadbeef); + ret = WinHttpQueryAuthSchemes(req, &supported, &first, NULL); + error = GetLastError(); + ok(!ret, "expected failure\n"); + ok(error == ERROR_INVALID_PARAMETER || error == ERROR_INVALID_OPERATION, "got %u\n", error); + ok(supported == 0xdeadbeef, "got %x\n", supported); + ok(first == 0xdeadbeef, "got %x\n", first); + + supported = first = target = 0xdeadbeef; + SetLastError(0xdeadbeef); ret = WinHttpQueryAuthSchemes(req, &supported, &first, &target); - ok(!ret, "unexpected success\n"); - ok(supported == 0xffff, "got %x\n", supported); - ok(first == 0xffff, "got %x\n", first); - ok(target == 0xffff, "got %x\n", target); + error = GetLastError(); + ok(!ret, "expected failure\n"); + todo_wine ok(error == ERROR_INVALID_OPERATION, "expected ERROR_INVALID_OPERATION, got %u\n", error); + ok(supported == 0xdeadbeef, "got %x\n", supported); + ok(first == 0xdeadbeef, "got %x\n", first); + ok(target == 0xdeadbeef, "got %x\n", target); + + supported = first = target = 0xdeadbeef; + SetLastError(0xdeadbeef); + ret = WinHttpQueryAuthSchemes(NULL, &supported, &first, &target); + error = GetLastError(); + ok(!ret, "expected failure\n"); + ok(error == ERROR_INVALID_HANDLE, "expected ERROR_INVALID_HANDLE, got %u\n", error); + ok(supported == 0xdeadbeef, "got %x\n", supported); + ok(first == 0xdeadbeef, "got %x\n", first); + ok(target == 0xdeadbeef, "got %x\n", target);
ret = WinHttpSendRequest(req, NULL, 0, NULL, 0, 0, 0); ok(ret, "failed to send request %u\n", GetLastError()); @@ -1959,6 +2004,13 @@ static void test_basic_authentication(int port) ok(ret, "failed to query status code %u\n", GetLastError()); ok(status == 401, "request failed unexpectedly %u\n", status);
+ supported = first = target = 0xdeadbeef; + ret = WinHttpQueryAuthSchemes(req, &supported, &first, &target); + ok(ret, "failed to query authentication schemes %u\n", GetLastError()); + ok(supported == WINHTTP_AUTH_SCHEME_BASIC, "got %x\n", supported); + ok(first == WINHTTP_AUTH_SCHEME_BASIC, "got %x\n", first); + ok(target == WINHTTP_AUTH_TARGET_SERVER, "got %x\n", target); + ret = WinHttpSetCredentials(req, WINHTTP_AUTH_TARGET_SERVER, WINHTTP_AUTH_SCHEME_NTLM, NULL, NULL, NULL); ok(ret, "failed to set credentials %u\n", GetLastError());
-
Alexandre Julliard