From b069ef4268e7056856ce6714714d929165f24fc8 Mon Sep 17 00:00:00 2001 From: Hans Leidekker Date: Fri, 1 Feb 2008 14:40:15 +0100 Subject: [PATCH] wininet: Make sure not to overwrite any caller supplied authorization header. --- dlls/wininet/http.c | 36 ++++++++++-------------------------- dlls/wininet/tests/http.c | 5 ++++- 2 files changed, 14 insertions(+), 27 deletions(-) diff --git a/dlls/wininet/http.c b/dlls/wininet/http.c index 65b86fb2d61..a339c86846d 100644 --- a/dlls/wininet/http.c +++ b/dlls/wininet/http.c @@ -1187,9 +1187,11 @@ static UINT HTTP_DecodeBase64( LPCWSTR base64, LPSTR bin ) * * Insert or delete the authorization field in the request header. */ -static BOOL HTTP_InsertAuthorizationForHeader( LPWININETHTTPREQW lpwhr, struct HttpAuthInfo *pAuthInfo, LPCWSTR header ) +static BOOL HTTP_InsertAuthorization( LPWININETHTTPREQW lpwhr, LPCWSTR header, BOOL first ) { WCHAR *authorization = NULL; + struct HttpAuthInfo *pAuthInfo = lpwhr->pAuthInfo; + DWORD flags; if (pAuthInfo && pAuthInfo->auth_data_len) { @@ -1222,34 +1224,16 @@ static BOOL HTTP_InsertAuthorizationForHeader( LPWININETHTTPREQW lpwhr, struct H TRACE("Inserting authorization: %s\n", debugstr_w(authorization)); - HTTP_ProcessHeader(lpwhr, header, authorization, - HTTP_ADDHDR_FLAG_REPLACE | HTTP_ADDHDR_FLAG_REQ); + /* make sure not to overwrite any caller supplied authorization header */ + flags = HTTP_ADDHDR_FLAG_REQ; + flags |= first ? HTTP_ADDHDR_FLAG_ADD_IF_NEW : HTTP_ADDHDR_FLAG_REPLACE; + + HTTP_ProcessHeader(lpwhr, header, authorization, flags); HeapFree(GetProcessHeap(), 0, authorization); - return TRUE; } -/*********************************************************************** - * HTTP_InsertAuthorization - * - * Insert the authorization field in the request header - */ -static BOOL HTTP_InsertAuthorization( LPWININETHTTPREQW lpwhr ) -{ - return HTTP_InsertAuthorizationForHeader(lpwhr, lpwhr->pAuthInfo, szAuthorization); -} - -/*********************************************************************** - * HTTP_InsertProxyAuthorization - * - * Insert the proxy authorization field in the request header - */ -static BOOL HTTP_InsertProxyAuthorization( LPWININETHTTPREQW lpwhr ) -{ - return HTTP_InsertAuthorizationForHeader(lpwhr, lpwhr->pProxyAuthInfo, szProxy_Authorization); -} - /*********************************************************************** * HTTP_DealWithProxy */ @@ -2621,8 +2605,8 @@ BOOL WINAPI HTTP_HttpSendRequestW(LPWININETHTTPREQW lpwhr, LPCWSTR lpszHeaders, lpwhr->hdr.dwFlags & INTERNET_FLAG_KEEP_CONNECTION ? szKeepAlive : szClose, HTTP_ADDHDR_FLAG_REQ | HTTP_ADDHDR_FLAG_REPLACE); - HTTP_InsertAuthorization(lpwhr); - HTTP_InsertProxyAuthorization(lpwhr); + HTTP_InsertAuthorization(lpwhr, szAuthorization, !loop_next); + HTTP_InsertAuthorization(lpwhr, szProxy_Authorization, !loop_next); /* add the headers the caller supplied */ if( lpszHeaders && dwHeaderLength ) diff --git a/dlls/wininet/tests/http.c b/dlls/wininet/tests/http.c index 8bb7cca0743..88369cfdf99 100644 --- a/dlls/wininet/tests/http.c +++ b/dlls/wininet/tests/http.c @@ -1502,7 +1502,10 @@ static void test_header_handling_order(int port) request = HttpOpenRequest(connect, NULL, "/test3", NULL, NULL, types, INTERNET_FLAG_KEEP_CONNECTION, 0); ok(request != NULL, "HttpOpenRequest failed\n"); - ret = HttpSendRequest(request, authorization, ~0UL, NULL, 0); + ret = HttpAddRequestHeaders(request, authorization, ~0UL, HTTP_ADDREQ_FLAG_ADD); + ok(ret, "HttpAddRequestHeaders failed\n"); + + ret = HttpSendRequest(request, NULL, 0, NULL, 0); ok(ret, "HttpSendRequest failed\n"); status = 0;