Hans Leidekker : wininet: Fix cookie buffer overflow.
Alexandre Julliard
julliard at winehq.org
Mon Jul 21 08:51:32 CDT 2008
Module: wine
Branch: master
Commit: 216d4c0834d4e9e52e18821b85706c4fa77ffe17
URL: http://source.winehq.org/git/wine.git/?a=commit;h=216d4c0834d4e9e52e18821b85706c4fa77ffe17
Author: Hans Leidekker <hans at meelstraat.net>
Date: Sat Jul 19 19:55:52 2008 +0200
wininet: Fix cookie buffer overflow.
Spotted by Yann Droneaud.
---
dlls/wininet/http.c | 23 ++++++++++++-----------
1 files changed, 12 insertions(+), 11 deletions(-)
diff --git a/dlls/wininet/http.c b/dlls/wininet/http.c
index 154dc97..2a78670 100644
--- a/dlls/wininet/http.c
+++ b/dlls/wininet/http.c
@@ -3124,11 +3124,11 @@ static void HTTP_InsertCookies(LPWININETHTTPREQW lpwhr)
{
static const WCHAR szUrlForm[] = {'h','t','t','p',':','/','/','%','s',0};
LPWSTR lpszCookies, lpszUrl = NULL;
- DWORD nCookieSize, len;
+ DWORD nCookieSize, size;
LPHTTPHEADERW Host = HTTP_GetHeader(lpwhr,szHost);
- len = lstrlenW(Host->lpszValue) + strlenW(szUrlForm);
- lpszUrl = HeapAlloc(GetProcessHeap(), 0, len*sizeof(WCHAR));
+ size = (strlenW(Host->lpszValue) + strlenW(szUrlForm)) * sizeof(WCHAR);
+ if (!(lpszUrl = HeapAlloc(GetProcessHeap(), 0, size))) return;
sprintfW( lpszUrl, szUrlForm, Host->lpszValue );
if (InternetGetCookieW(lpszUrl, NULL, NULL, &nCookieSize))
@@ -3137,15 +3137,16 @@ static void HTTP_InsertCookies(LPWININETHTTPREQW lpwhr)
static const WCHAR szCookie[] = {'C','o','o','k','i','e',':',' ',0};
static const WCHAR szcrlf[] = {'\r','\n',0};
- lpszCookies = HeapAlloc(GetProcessHeap(), 0, (nCookieSize + 1 + 8)*sizeof(WCHAR));
-
- cnt += sprintfW(lpszCookies, szCookie);
- InternetGetCookieW(lpszUrl, NULL, lpszCookies + cnt, &nCookieSize);
- strcatW(lpszCookies, szcrlf);
+ size = sizeof(szCookie) + nCookieSize * sizeof(WCHAR) + sizeof(szcrlf);
+ if ((lpszCookies = HeapAlloc(GetProcessHeap(), 0, size)))
+ {
+ cnt += sprintfW(lpszCookies, szCookie);
+ InternetGetCookieW(lpszUrl, NULL, lpszCookies + cnt, &nCookieSize);
+ strcatW(lpszCookies, szcrlf);
- HTTP_HttpAddRequestHeadersW(lpwhr, lpszCookies, strlenW(lpszCookies),
- HTTP_ADDREQ_FLAG_ADD);
- HeapFree(GetProcessHeap(), 0, lpszCookies);
+ HTTP_HttpAddRequestHeadersW(lpwhr, lpszCookies, strlenW(lpszCookies), HTTP_ADDREQ_FLAG_ADD);
+ HeapFree(GetProcessHeap(), 0, lpszCookies);
+ }
}
HeapFree(GetProcessHeap(), 0, lpszUrl);
}
More information about the wine-cvs
mailing list