winhttp: Fix invalid parameter handling in WinHttpQueryAuthSchemes.

2013-08-19 15:52:44 +02:00 · 2013-08-19 15:52:44 +02:00 · fe678927dd
parent 78fc21cdb5
commit fe678927dd
2 changed files with 72 additions and 11 deletions
--- a/dlls/winhttp/request.c
+++ b/dlls/winhttp/request.c
@ -1270,12 +1270,14 @@ static BOOL query_auth_schemes( request_t *request, DWORD level, LPDWORD support
            return FALSE;
        }
        scheme = auth_scheme_from_header( buffer );
+        heap_free( buffer );
+        if (!scheme) break;
+
        if (first && index == 1)
            *first = *supported = scheme;
        else
            *supported |= scheme;

-        heap_free( buffer );
        ret = TRUE;
    }
    return ret;
@ -1302,6 +1304,13 @@ BOOL WINAPI WinHttpQueryAuthSchemes( HINTERNET hrequest, LPDWORD supported, LPDW
        set_last_error( ERROR_WINHTTP_INCORRECT_HANDLE_TYPE );
        return FALSE;
    }
+    if (!supported || !first || !target)
+    {
+        release_object( &request->hdr );
+        set_last_error( ERROR_INVALID_PARAMETER );
+        return FALSE;
+
+    }

    if (query_auth_schemes( request, WINHTTP_QUERY_WWW_AUTHENTICATE, supported, first ))
    {
--- a/dlls/winhttp/tests/winhttp.c
+++ b/dlls/winhttp/tests/winhttp.c
@ -1881,7 +1881,7 @@ static void test_basic_request(int port, const WCHAR *verb, const WCHAR *path)
 {
    HINTERNET ses, con, req;
    char buffer[0x100];
-    DWORD count, status, size, supported, first, target;
+    DWORD count, status, size, error, supported, first, target;
    BOOL ret;

    ses = WinHttpOpen(test_useragent, 0, NULL, NULL, 0);
@ -1904,12 +1904,15 @@ static void test_basic_request(int port, const WCHAR *verb, const WCHAR *path)
    ok(ret, "failed to query status code %u\n", GetLastError());
    ok(status == 200, "request failed unexpectedly %u\n", status);

-    supported = first = target = 0xffff;
+    supported = first = target = 0xdeadbeef;
+    SetLastError(0xdeadbeef);
    ret = WinHttpQueryAuthSchemes(req, &supported, &first, &target);
+    error = GetLastError();
    ok(!ret, "unexpected success\n");
-    ok(supported == 0xffff, "got %x\n", supported);
-    ok(first == 0xffff, "got %x\n", first);
-    ok(target == 0xffff, "got %x\n", target);
+    todo_wine ok(error == ERROR_INVALID_OPERATION, "expected ERROR_INVALID_OPERATION, got %u\n", error);
+    ok(supported == 0xdeadbeef, "got %x\n", supported);
+    ok(first == 0xdeadbeef, "got %x\n", first);
+    ok(target == 0xdeadbeef, "got %x\n", target);

    count = 0;
    memset(buffer, 0, sizeof(buffer));
@ -1941,12 +1944,54 @@ static void test_basic_authentication(int port)
    req = WinHttpOpenRequest(con, NULL, authW, NULL, NULL, NULL, 0);
    ok(req != NULL, "failed to open a request %u\n", GetLastError());

-    supported = first = target = 0xffff;
+    SetLastError(0xdeadbeef);
+    ret = WinHttpQueryAuthSchemes(NULL, NULL, NULL, NULL);
+    error = GetLastError();
+    ok(!ret, "expected failure\n");
+    ok(error == ERROR_INVALID_HANDLE, "expected ERROR_INVALID_HANDLE, got %u\n", error);
+
+    SetLastError(0xdeadbeef);
+    ret = WinHttpQueryAuthSchemes(req, NULL, NULL, NULL);
+    error = GetLastError();
+    ok(!ret, "expected failure\n");
+    ok(error == ERROR_INVALID_PARAMETER || error == ERROR_INVALID_OPERATION, "got %u\n", error);
+
+    supported = 0xdeadbeef;
+    SetLastError(0xdeadbeef);
+    ret = WinHttpQueryAuthSchemes(req, &supported, NULL, NULL);
+    error = GetLastError();
+    ok(!ret, "expected failure\n");
+    ok(error == ERROR_INVALID_PARAMETER || error == ERROR_INVALID_OPERATION, "got %u\n", error);
+    ok(supported == 0xdeadbeef, "got %x\n", supported);
+
+    supported = first = 0xdeadbeef;
+    SetLastError(0xdeadbeef);
+    ret = WinHttpQueryAuthSchemes(req, &supported, &first, NULL);
+    error = GetLastError();
+    ok(!ret, "expected failure\n");
+    ok(error == ERROR_INVALID_PARAMETER || error == ERROR_INVALID_OPERATION, "got %u\n", error);
+    ok(supported == 0xdeadbeef, "got %x\n", supported);
+    ok(first == 0xdeadbeef, "got %x\n", first);
+
+    supported = first = target = 0xdeadbeef;
+    SetLastError(0xdeadbeef);
    ret = WinHttpQueryAuthSchemes(req, &supported, &first, &target);
-    ok(!ret, "unexpected success\n");
-    ok(supported == 0xffff, "got %x\n", supported);
-    ok(first == 0xffff, "got %x\n", first);
-    ok(target == 0xffff, "got %x\n", target);
+    error = GetLastError();
+    ok(!ret, "expected failure\n");
+    todo_wine ok(error == ERROR_INVALID_OPERATION, "expected ERROR_INVALID_OPERATION, got %u\n", error);
+    ok(supported == 0xdeadbeef, "got %x\n", supported);
+    ok(first == 0xdeadbeef, "got %x\n", first);
+    ok(target == 0xdeadbeef, "got %x\n", target);
+
+    supported = first = target = 0xdeadbeef;
+    SetLastError(0xdeadbeef);
+    ret = WinHttpQueryAuthSchemes(NULL, &supported, &first, &target);
+    error = GetLastError();
+    ok(!ret, "expected failure\n");
+    ok(error == ERROR_INVALID_HANDLE, "expected ERROR_INVALID_HANDLE, got %u\n", error);
+    ok(supported == 0xdeadbeef, "got %x\n", supported);
+    ok(first == 0xdeadbeef, "got %x\n", first);
+    ok(target == 0xdeadbeef, "got %x\n", target);

    ret = WinHttpSendRequest(req, NULL, 0, NULL, 0, 0, 0);
    ok(ret, "failed to send request %u\n", GetLastError());
@ -1959,6 +2004,13 @@ static void test_basic_authentication(int port)
    ok(ret, "failed to query status code %u\n", GetLastError());
    ok(status == 401, "request failed unexpectedly %u\n", status);

+    supported = first = target = 0xdeadbeef;
+    ret = WinHttpQueryAuthSchemes(req, &supported, &first, &target);
+    ok(ret, "failed to query authentication schemes %u\n", GetLastError());
+    ok(supported == WINHTTP_AUTH_SCHEME_BASIC, "got %x\n", supported);
+    ok(first == WINHTTP_AUTH_SCHEME_BASIC, "got %x\n", first);
+    ok(target == WINHTTP_AUTH_TARGET_SERVER, "got %x\n", target);
+
    ret = WinHttpSetCredentials(req, WINHTTP_AUTH_TARGET_SERVER, WINHTTP_AUTH_SCHEME_NTLM, NULL, NULL, NULL);
    ok(ret, "failed to set credentials %u\n", GetLastError());