wininet: Add an exception handler in HttpOpenRequestA to protect against invalid accept type pointers.

This commit is contained in:
Hans Leidekker 2008-10-24 11:08:12 +02:00 committed by Alexandre Julliard
parent cd434dd992
commit bd80529709
2 changed files with 27 additions and 12 deletions

View File

@ -59,6 +59,7 @@
#include "internet.h"
#include "wine/debug.h"
#include "wine/exception.h"
#include "wine/unicode.h"
WINE_DEFAULT_DEBUG_CHANNEL(wininet);
@ -1019,13 +1020,21 @@ HINTERNET WINAPI HttpOpenRequestA(HINTERNET hHttpSession,
acceptTypesCount = 0;
types = lpszAcceptTypes;
while (*types)
{
__TRY
{
/* find out how many there are */
if (((ULONG_PTR)*types >> 16) && **types)
if (*types && **types)
{
TRACE("accept type: %s\n", debugstr_a(*types));
acceptTypesCount++;
}
}
__EXCEPT_PAGE_FAULT
{
WARN("invalid accept type pointer\n");
}
__ENDTRY;
types++;
}
szAcceptTypes = HeapAlloc(GetProcessHeap(), 0, sizeof(WCHAR *) * (acceptTypesCount+1));
@ -1035,20 +1044,26 @@ HINTERNET WINAPI HttpOpenRequestA(HINTERNET hHttpSession,
types = lpszAcceptTypes;
while (*types)
{
if (((ULONG_PTR)*types >> 16) && **types)
__TRY
{
if (*types && **types)
{
len = MultiByteToWideChar(CP_ACP, 0, *types, -1, NULL, 0 );
szAcceptTypes[acceptTypesCount] = HeapAlloc(GetProcessHeap(), 0, len * sizeof(WCHAR));
if (!szAcceptTypes[acceptTypesCount]) goto end;
MultiByteToWideChar(CP_ACP, 0, *types, -1, szAcceptTypes[acceptTypesCount], len);
acceptTypesCount++;
}
}
__EXCEPT_PAGE_FAULT
{
/* ignore invalid pointer */
}
__ENDTRY;
types++;
}
szAcceptTypes[acceptTypesCount] = NULL;
}
else szAcceptTypes = 0;
rc = HttpOpenRequestW(hHttpSession, szVerb, szObjectName,
szVersion, szReferrer,

View File

@ -1964,7 +1964,7 @@ static void test_user_agent_header(void)
static void test_bogus_accept_types_array(void)
{
HINTERNET ses, con, req;
static const char *types[] = { (const char *)6240, "*/*", "%p", "", "*/*", NULL };
static const char *types[] = { (const char *)6240, "*/*", "%p", "", (const char *)0xffffffff, "*/*", NULL };
DWORD size;
char buffer[32];
BOOL ret;