winhttp: Validate the port number in WinHttpCrackUrl.

Signed-off-by: Hans Leidekker <hans@codeweavers.com>
Signed-off-by: Alexandre Julliard <julliard@winehq.org>
This commit is contained in:
Hans Leidekker 2016-08-16 12:30:02 +02:00 committed by Alexandre Julliard
parent 1d07f89879
commit 17b4abf47f
2 changed files with 38 additions and 3 deletions

View File

@ -69,6 +69,9 @@ static const WCHAR url12[] =
static const WCHAR url13[] =
{'h','t','t','p',':','/','/','w','i','n','e','h','q','.','o',' ','g','/','p','a','t','h',' ','w','i','t','h',' ','s','p','a','c','e','s',0};
static const WCHAR url14[] = {'h','t','t','p',':','/','/','w','w','w','.','w','i','n','e','h','q','.','o','r','g','/','t','e','s','t',0};
static const WCHAR url15[] = {'h','t','t','p',':','/','/','w','i','n','e','h','q','.','o','r','g',':','6','5','5','3','6',0};
static const WCHAR url16[] = {'h','t','t','p',':','/','/','w','i','n','e','h','q','.','o','r','g',':','0',0};
static const WCHAR url17[] = {'h','t','t','p',':','/','/','w','i','n','e','h','q','.','o','r','g',':',0};
static const WCHAR url_k1[] =
{'h','t','t','p',':','/','/','u','s','e','r','n','a','m','e',':','p','a','s','s','w','o','r','d',
@ -718,6 +721,25 @@ static void WinHttpCrackUrl_test( void )
ok( uc.dwUrlPathLength == 0, "unexpected length %u\n", uc.dwUrlPathLength );
ok( !uc.lpszExtraInfo, "unexpected extra info %s\n", wine_dbgstr_w(uc.lpszExtraInfo) );
ok( uc.dwExtraInfoLength == 0, "unexpected length %u\n", uc.dwExtraInfoLength );
reset_url_components( &uc );
SetLastError( 0xdeadbeef );
ret = WinHttpCrackUrl( url15, 0, 0, &uc );
error = GetLastError();
ok( !ret, "WinHttpCrackUrl succeeded\n" );
ok( error == ERROR_WINHTTP_INVALID_URL, "got %u\n", error );
reset_url_components( &uc );
uc.nPort = 1;
ret = WinHttpCrackUrl( url16, 0, 0, &uc );
ok( ret, "got %u\n", GetLastError() );
ok( !uc.nPort, "got %u\n", uc.nPort );
reset_url_components( &uc );
uc.nPort = 1;
ret = WinHttpCrackUrl( url17, 0, 0, &uc );
ok( ret, "got %u\n", GetLastError() );
todo_wine ok( uc.nPort == 80, "got %u\n", uc.nPort );
}
START_TEST(url)

View File

@ -163,6 +163,19 @@ static WCHAR *escape_url( LPCWSTR url, DWORD *len )
return ret;
}
static DWORD parse_port( const WCHAR *str, DWORD len, INTERNET_PORT *ret )
{
const WCHAR *p = str;
DWORD port = 0;
while (len && isdigitW( *p ))
{
if ((port = port * 10 + *p - '0') > 65535) return ERROR_WINHTTP_INVALID_URL;
p++; len--;
}
*ret = port;
return ERROR_SUCCESS;
}
/***********************************************************************
* WinHttpCrackUrl (winhttp.@)
*/
@ -172,7 +185,7 @@ BOOL WINAPI WinHttpCrackUrl( LPCWSTR url, DWORD len, DWORD flags, LPURL_COMPONEN
DWORD err, scheme_len, user_len, passwd_len, host_len, path_len, extra_len;
INTERNET_SCHEME scheme = 0;
TRACE("%s, %d, %x, %p\n", debugstr_w(url), len, flags, uc);
TRACE("%s, %d, %x, %p\n", debugstr_wn(url, len), len, flags, uc);
if (!url || !uc || uc->dwStructSize != sizeof(URL_COMPONENTS))
{
@ -258,7 +271,7 @@ BOOL WINAPI WinHttpCrackUrl( LPCWSTR url, DWORD len, DWORD flags, LPURL_COMPONEN
{
if ((err = set_component( &uc->lpszHostName, &host_len, p, r - p, flags ))) goto exit;
r++;
uc->nPort = atoiW( r );
if ((err = parse_port( r, q - r, &uc->nPort ))) goto exit;
}
else
{
@ -284,7 +297,7 @@ BOOL WINAPI WinHttpCrackUrl( LPCWSTR url, DWORD len, DWORD flags, LPURL_COMPONEN
{
if ((err = set_component( &uc->lpszHostName, &host_len, p, r - p, flags ))) goto exit;
r++;
uc->nPort = atoiW( r );
if ((err = parse_port( r, len - (r - url), &uc->nPort ))) goto exit;
}
else
{