13 Jul
2022
13 Jul
'22
4:40 p.m.
Jacek Caban (@jacek) commented about dlls/mshtml/navigate.c:
static const WCHAR charsetW[] = {'c','h','a','r','s','e','t','='}; ptr = wcschr(value, ';');
- for(end = ptr ? ptr : value + len; end > value; end--)
if(!iswspace(end[-1]))break;- for(beg = value; beg < end; beg++)
if(!iswspace(*beg))break;- if((content_type = heap_strndupWtoU(beg, end - beg))) {
heap_free(This->nschannel->content_type);This->nschannel->content_type = content_type;strlwr(content_type);- }
This can still unconditionally override a validated content content type.