Aric Stewart wrote:
Index: dlls/wininet/http.c
RCS file: /home/wine/wine/dlls/wininet/http.c,v retrieving revision 1.113 diff -u -r1.113 http.c --- dlls/wininet/http.c 22 Nov 2005 14:53:30 -0000 1.113 +++ dlls/wininet/http.c 22 Nov 2005 15:35:24 -0000 @@ -629,6 +634,26 @@
/* We appear to do nothing with the buffer.. is that correct? */
- if(!(lpwhr->hdr.dwFlags & INTERNET_FLAG_NO_AUTO_REDIRECT))
- {
DWORD dwCode,dwCodeLength=sizeof(DWORD),dwIndex=0;
if(HTTP_HttpQueryInfoW(lpwhr,HTTP_QUERY_FLAG_NUMBER|HTTP_QUERY_STATUS_CODE,&dwCode,&dwCodeLength,&dwIndex) &&
(dwCode==302 || dwCode==301))
{
WCHAR szNewLocation[2048];
DWORD dwBufferSize=2048;
dwIndex=0;
if(HTTP_HttpQueryInfoW(lpwhr,HTTP_QUERY_LOCATION,szNewLocation,&dwBufferSize,&dwIndex))
{
static const WCHAR szGET[] = { 'G','E','T', 0 };
/* redirects are always GETs */
HeapFree(GetProcessHeap(),0,lpwhr->lpszVerb);
lpwhr->lpszVerb = WININET_strdupW(szGET);
return HTTP_HandleRedirect(lpwhr, szNewLocation, NULL, 0, NULL, 0);
}
}
- }
- TRACE("%i <--\n",rc); return rc;
}
This proves that HttpSendRequestEx and HttpSendRequest need to share more code.
@@ -1849,13 +1885,26 @@ #endif
HeapFree(GetProcessHeap(), 0, lpwhs->lpszServerName);
lpwhs->lpszServerName = WININET_strdupW(hostName);
if (urlComponents.nPort != INTERNET_DEFAULT_HTTP_PORT &&
urlComponents.nPort != INTERNET_DEFAULT_HTTPS_PORT)
{
int len;
static WCHAR fmt[] = {'%','s',':','%','i',0};
len = lstrlenW(hostName);
len+=6;
lpwhs->lpszServerName = HeapAlloc(GetProcessHeap(),0,len*sizeof(WCHAR));
I submitted a patch to unbreak the Host header for proxies that means you should be changing lpwhs->lpszHostName now.
sprintfW(lpwhs->lpszServerName,fmt,hostName,urlComponents.nPort);
}
else
lpwhs->lpszServerName = WININET_strdupW(hostName);
HTTP_ProcessHeader(lpwhr, g_szHost, lpwhs->lpszServerName, HTTP_ADDREQ_FLAG_ADD | HTTP_ADDREQ_FLAG_REPLACE | HTTP_ADDHDR_FLAG_REQ);
And you should be sending lpwhs->lpszHostName.
@@ -1868,6 +1917,9 @@ return FALSE; }
if (lstrlenW(extra)>0)
StrCatW(path,extra);
Why are you using a shlwapi string function? What's wrong with strcatW or lstrcatW?
Also, this could easily cause a buffer overflow by a server sending a redirect with a large query. You need to check that there is enough space before blinding copying into the buffer.
- Rob Shearman