resend: http.c: redirect corrections.

Mon Nov 28 20:40:32 CST 2005

Aric Stewart wrote:

>Index: dlls/wininet/http.c
>===================================================================
>RCS file: /home/wine/wine/dlls/wininet/http.c,v
>retrieving revision 1.113
>diff -u -r1.113 http.c
>--- dlls/wininet/http.c	22 Nov 2005 14:53:30 -0000	1.113
>+++ dlls/wininet/http.c	22 Nov 2005 15:35:24 -0000
>@@ -629,6 +634,26 @@
> 
>     /* We appear to do nothing with the buffer.. is that correct? */
> 
>+    if(!(lpwhr->hdr.dwFlags & INTERNET_FLAG_NO_AUTO_REDIRECT))
>+    {
>+        DWORD dwCode,dwCodeLength=sizeof(DWORD),dwIndex=0;
>+        if(HTTP_HttpQueryInfoW(lpwhr,HTTP_QUERY_FLAG_NUMBER|HTTP_QUERY_STATUS_CODE,&dwCode,&dwCodeLength,&dwIndex) &&
>+            (dwCode==302 || dwCode==301))
>+        {
>+            WCHAR szNewLocation[2048];
>+            DWORD dwBufferSize=2048;
>+            dwIndex=0;
>+            if(HTTP_HttpQueryInfoW(lpwhr,HTTP_QUERY_LOCATION,szNewLocation,&dwBufferSize,&dwIndex))
>+            {
>+	            static const WCHAR szGET[] = { 'G','E','T', 0 };
>+                /* redirects are always GETs */
>+                HeapFree(GetProcessHeap(),0,lpwhr->lpszVerb);
>+	            lpwhr->lpszVerb = WININET_strdupW(szGET);
>+                return HTTP_HandleRedirect(lpwhr, szNewLocation, NULL, 0, NULL, 0);
>+            }
>+        }
>+    }
>+
>     TRACE("%i <--\n",rc);
>     return rc;
> }
>  
>

This proves that HttpSendRequestEx and HttpSendRequest need to share 
more code.

>@@ -1849,13 +1885,26 @@
> #endif
>         
>         HeapFree(GetProcessHeap(), 0, lpwhs->lpszServerName);
>-        lpwhs->lpszServerName = WININET_strdupW(hostName);
>+        if (urlComponents.nPort != INTERNET_DEFAULT_HTTP_PORT &&
>+                urlComponents.nPort != INTERNET_DEFAULT_HTTPS_PORT)
>+        {
>+            int len;
>+            static WCHAR fmt[] = {'%','s',':','%','i',0};
>+            len = lstrlenW(hostName);
>+            len+=6;
>+            lpwhs->lpszServerName = HeapAlloc(GetProcessHeap(),0,len*sizeof(WCHAR));
>  
>

I submitted a patch to unbreak the Host header for proxies that means 
you should be changing lpwhs->lpszHostName now.

>+            sprintfW(lpwhs->lpszServerName,fmt,hostName,urlComponents.nPort);
>+        }
>+        else
>+            lpwhs->lpszServerName = WININET_strdupW(hostName);
>+
>+        HTTP_ProcessHeader(lpwhr, g_szHost, lpwhs->lpszServerName, HTTP_ADDREQ_FLAG_ADD | HTTP_ADDREQ_FLAG_REPLACE | HTTP_ADDHDR_FLAG_REQ);
>+
>+        
>  
>

And you should be sending lpwhs->lpszHostName.

>@@ -1868,6 +1917,9 @@
>             return FALSE;
>         }
> 
>+        if (lstrlenW(extra)>0)
>+            StrCatW(path,extra);
>

Why are you using a shlwapi string function? What's wrong with strcatW 
or lstrcatW?

Also, this could easily cause a buffer overflow by a server sending a 
redirect with a large query. You need to check that there is enough 
space before blinding copying into the buffer.

- 
Rob Shearman