wininet: Add an exception handler in HttpOpenRequestA to protect against invalid accept type pointers.
This commit is contained in:
Hans Leidekker
Alexandre Julliard
parent
cd434dd992
commit
bd80529709
|
|
@ -59,6 +59,7 @@
|
||||||
|
|
||||||
#include "internet.h"
|
#include "internet.h"
|
||||||
#include "wine/debug.h"
|
#include "wine/debug.h"
|
||||||
|
#include "wine/exception.h"
|
||||||
#include "wine/unicode.h"
|
#include "wine/unicode.h"
|
||||||
|
|
||||||
WINE_DEFAULT_DEBUG_CHANNEL(wininet);
|
WINE_DEFAULT_DEBUG_CHANNEL(wininet);
|
||||||
|
|
@ -1019,13 +1020,21 @@ HINTERNET WINAPI HttpOpenRequestA(HINTERNET hHttpSession,
|
||||||
acceptTypesCount = 0;
|
acceptTypesCount = 0;
|
||||||
types = lpszAcceptTypes;
|
types = lpszAcceptTypes;
|
||||||
while (*types)
|
while (*types)
|
||||||
|
{
|
||||||
|
__TRY
|
||||||
{
|
{
|
||||||
/* find out how many there are */
|
/* find out how many there are */
|
||||||
if (((ULONG_PTR)*types >> 16) && **types)
|
if (*types && **types)
|
||||||
{
|
{
|
||||||
TRACE("accept type: %s\n", debugstr_a(*types));
|
TRACE("accept type: %s\n", debugstr_a(*types));
|
||||||
acceptTypesCount++;
|
acceptTypesCount++;
|
||||||
}
|
}
|
||||||
|
}
|
||||||
|
__EXCEPT_PAGE_FAULT
|
||||||
|
{
|
||||||
|
WARN("invalid accept type pointer\n");
|
||||||
|
}
|
||||||
|
__ENDTRY;
|
||||||
types++;
|
types++;
|
||||||
}
|
}
|
||||||
szAcceptTypes = HeapAlloc(GetProcessHeap(), 0, sizeof(WCHAR *) * (acceptTypesCount+1));
|
szAcceptTypes = HeapAlloc(GetProcessHeap(), 0, sizeof(WCHAR *) * (acceptTypesCount+1));
|
||||||
|
|
@ -1035,20 +1044,26 @@ HINTERNET WINAPI HttpOpenRequestA(HINTERNET hHttpSession,
|
||||||
types = lpszAcceptTypes;
|
types = lpszAcceptTypes;
|
||||||
while (*types)
|
while (*types)
|
||||||
{
|
{
|
||||||
if (((ULONG_PTR)*types >> 16) && **types)
|
__TRY
|
||||||
|
{
|
||||||
|
if (*types && **types)
|
||||||
{
|
{
|
||||||
len = MultiByteToWideChar(CP_ACP, 0, *types, -1, NULL, 0 );
|
len = MultiByteToWideChar(CP_ACP, 0, *types, -1, NULL, 0 );
|
||||||
szAcceptTypes[acceptTypesCount] = HeapAlloc(GetProcessHeap(), 0, len * sizeof(WCHAR));
|
szAcceptTypes[acceptTypesCount] = HeapAlloc(GetProcessHeap(), 0, len * sizeof(WCHAR));
|
||||||
if (!szAcceptTypes[acceptTypesCount]) goto end;
|
|
||||||
|
|
||||||
MultiByteToWideChar(CP_ACP, 0, *types, -1, szAcceptTypes[acceptTypesCount], len);
|
MultiByteToWideChar(CP_ACP, 0, *types, -1, szAcceptTypes[acceptTypesCount], len);
|
||||||
acceptTypesCount++;
|
acceptTypesCount++;
|
||||||
}
|
}
|
||||||
|
}
|
||||||
|
__EXCEPT_PAGE_FAULT
|
||||||
|
{
|
||||||
|
/* ignore invalid pointer */
|
||||||
|
}
|
||||||
|
__ENDTRY;
|
||||||
types++;
|
types++;
|
||||||
}
|
}
|
||||||
szAcceptTypes[acceptTypesCount] = NULL;
|
szAcceptTypes[acceptTypesCount] = NULL;
|
||||||
}
|
}
|
||||||
else szAcceptTypes = 0;
|
|
||||||
|
|
||||||
rc = HttpOpenRequestW(hHttpSession, szVerb, szObjectName,
|
rc = HttpOpenRequestW(hHttpSession, szVerb, szObjectName,
|
||||||
szVersion, szReferrer,
|
szVersion, szReferrer,
|
||||||
|
|
|
||||||
|
|
@ -1964,7 +1964,7 @@ static void test_user_agent_header(void)
|
||||||
static void test_bogus_accept_types_array(void)
|
static void test_bogus_accept_types_array(void)
|
||||||
{
|
{
|
||||||
HINTERNET ses, con, req;
|
HINTERNET ses, con, req;
|
||||||
static const char *types[] = { (const char *)6240, "*/*", "%p", "", "*/*", NULL };
|
static const char *types[] = { (const char *)6240, "*/*", "%p", "", (const char *)0xffffffff, "*/*", NULL };
|
||||||
DWORD size;
|
DWORD size;
|
||||||
char buffer[32];
|
char buffer[32];
|
||||||
BOOL ret;
|
BOOL ret;
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue