Rob Shearman : wininet: Retrieve the maximum token length from the SSP and use a buffer of that length in calls to InitializeSecurityContextW .

Alexandre Julliard julliard at winehq.org
Mon Mar 10 17:05:07 CDT 2008 

Module: wine
Branch: master
Commit: 0be05ab6aac571865358eea6e1256ff3f19b274c
URL:    http://source.winehq.org/git/wine.git/?a=commit;h=0be05ab6aac571865358eea6e1256ff3f19b274c

Author: Rob Shearman <rob at codeweavers.com>
Date:   Mon Mar 10 16:41:44 2008 +0000

wininet: Retrieve the maximum token length from the SSP and use a buffer of that length in calls to InitializeSecurityContextW.

Otherwise, InitializeSecurityContextW could run out of space with our
small, fixed buffer and fail.

---

 dlls/wininet/http.c |   15 +++++++++++++--
 1 files changed, 13 insertions(+), 2 deletions(-)

diff --git a/dlls/wininet/http.c b/dlls/wininet/http.c
index c246001..638e520 100644
--- a/dlls/wininet/http.c
+++ b/dlls/wininet/http.c
@@ -98,6 +98,7 @@ struct HttpAuthInfo
     CtxtHandle ctx;
     TimeStamp exp;
     ULONG attr;
+    ULONG max_token;
     void *auth_data;
     unsigned int auth_data_len;
     BOOL finished; /* finished authenticating */
@@ -476,6 +477,16 @@ static BOOL HTTP_DoAuthorization( LPWININETHTTPREQW lpwhr, LPCWSTR pszAuthValue,
                                                    pAuthData, NULL,
                                                    NULL, &pAuthInfo->cred,
                                                    &exp);
+            if (sec_status == SEC_E_OK)
+            {
+                PSecPkgInfoW sec_pkg_info;
+                sec_status = QuerySecurityPackageInfoW(pAuthInfo->scheme, &sec_pkg_info);
+                if (sec_status == SEC_E_OK)
+                {
+                    pAuthInfo->max_token = sec_pkg_info->cbMaxToken;
+                    FreeContextBuffer(sec_pkg_info);
+                }
+            }
             if (sec_status != SEC_E_OK)
             {
                 WARN("AcquireCredentialsHandleW for scheme %s failed with error 0x%08x\n",
@@ -554,10 +565,10 @@ static BOOL HTTP_DoAuthorization( LPWININETHTTPREQW lpwhr, LPCWSTR pszAuthValue,
             HTTP_DecodeBase64(pszAuthData, in.pvBuffer);
         }
 
-        buffer = HeapAlloc(GetProcessHeap(), 0, 0x100);
+        buffer = HeapAlloc(GetProcessHeap(), 0, pAuthInfo->max_token);
 
         out.BufferType = SECBUFFER_TOKEN;
-        out.cbBuffer = 0x100;
+        out.cbBuffer = pAuthInfo->max_token;
         out.pvBuffer = buffer;
 
         out_desc.ulVersion = 0;

More information about the wine-cvs mailing list