[2/2] winhttp: Fix invalid parameter handling in WinHttpQueryAuthSchemes.
Hans Leidekker
hans at codeweavers.com
Mon Aug 19 08:52:44 CDT 2013
---
dlls/winhttp/request.c | 11 ++++++-
dlls/winhttp/tests/winhttp.c | 72 ++++++++++++++++++++++++++++++++++++------
2 files changed, 72 insertions(+), 11 deletions(-)
diff --git a/dlls/winhttp/request.c b/dlls/winhttp/request.c
index 00c2238..35a0deb 100644
--- a/dlls/winhttp/request.c
+++ b/dlls/winhttp/request.c
@@ -1270,12 +1270,14 @@ static BOOL query_auth_schemes( request_t *request, DWORD level, LPDWORD support
return FALSE;
}
scheme = auth_scheme_from_header( buffer );
+ heap_free( buffer );
+ if (!scheme) break;
+
if (first && index == 1)
*first = *supported = scheme;
else
*supported |= scheme;
- heap_free( buffer );
ret = TRUE;
}
return ret;
@@ -1302,6 +1304,13 @@ BOOL WINAPI WinHttpQueryAuthSchemes( HINTERNET hrequest, LPDWORD supported, LPDW
set_last_error( ERROR_WINHTTP_INCORRECT_HANDLE_TYPE );
return FALSE;
}
+ if (!supported || !first || !target)
+ {
+ release_object( &request->hdr );
+ set_last_error( ERROR_INVALID_PARAMETER );
+ return FALSE;
+
+ }
if (query_auth_schemes( request, WINHTTP_QUERY_WWW_AUTHENTICATE, supported, first ))
{
diff --git a/dlls/winhttp/tests/winhttp.c b/dlls/winhttp/tests/winhttp.c
index 87ddcb0..3157a44 100644
--- a/dlls/winhttp/tests/winhttp.c
+++ b/dlls/winhttp/tests/winhttp.c
@@ -1881,7 +1881,7 @@ static void test_basic_request(int port, const WCHAR *verb, const WCHAR *path)
{
HINTERNET ses, con, req;
char buffer[0x100];
- DWORD count, status, size, supported, first, target;
+ DWORD count, status, size, error, supported, first, target;
BOOL ret;
ses = WinHttpOpen(test_useragent, 0, NULL, NULL, 0);
@@ -1904,12 +1904,15 @@ static void test_basic_request(int port, const WCHAR *verb, const WCHAR *path)
ok(ret, "failed to query status code %u\n", GetLastError());
ok(status == 200, "request failed unexpectedly %u\n", status);
- supported = first = target = 0xffff;
+ supported = first = target = 0xdeadbeef;
+ SetLastError(0xdeadbeef);
ret = WinHttpQueryAuthSchemes(req, &supported, &first, &target);
+ error = GetLastError();
ok(!ret, "unexpected success\n");
- ok(supported == 0xffff, "got %x\n", supported);
- ok(first == 0xffff, "got %x\n", first);
- ok(target == 0xffff, "got %x\n", target);
+ todo_wine ok(error == ERROR_INVALID_OPERATION, "expected ERROR_INVALID_OPERATION, got %u\n", error);
+ ok(supported == 0xdeadbeef, "got %x\n", supported);
+ ok(first == 0xdeadbeef, "got %x\n", first);
+ ok(target == 0xdeadbeef, "got %x\n", target);
count = 0;
memset(buffer, 0, sizeof(buffer));
@@ -1941,12 +1944,54 @@ static void test_basic_authentication(int port)
req = WinHttpOpenRequest(con, NULL, authW, NULL, NULL, NULL, 0);
ok(req != NULL, "failed to open a request %u\n", GetLastError());
- supported = first = target = 0xffff;
+ SetLastError(0xdeadbeef);
+ ret = WinHttpQueryAuthSchemes(NULL, NULL, NULL, NULL);
+ error = GetLastError();
+ ok(!ret, "expected failure\n");
+ ok(error == ERROR_INVALID_HANDLE, "expected ERROR_INVALID_HANDLE, got %u\n", error);
+
+ SetLastError(0xdeadbeef);
+ ret = WinHttpQueryAuthSchemes(req, NULL, NULL, NULL);
+ error = GetLastError();
+ ok(!ret, "expected failure\n");
+ ok(error == ERROR_INVALID_PARAMETER || error == ERROR_INVALID_OPERATION, "got %u\n", error);
+
+ supported = 0xdeadbeef;
+ SetLastError(0xdeadbeef);
+ ret = WinHttpQueryAuthSchemes(req, &supported, NULL, NULL);
+ error = GetLastError();
+ ok(!ret, "expected failure\n");
+ ok(error == ERROR_INVALID_PARAMETER || error == ERROR_INVALID_OPERATION, "got %u\n", error);
+ ok(supported == 0xdeadbeef, "got %x\n", supported);
+
+ supported = first = 0xdeadbeef;
+ SetLastError(0xdeadbeef);
+ ret = WinHttpQueryAuthSchemes(req, &supported, &first, NULL);
+ error = GetLastError();
+ ok(!ret, "expected failure\n");
+ ok(error == ERROR_INVALID_PARAMETER || error == ERROR_INVALID_OPERATION, "got %u\n", error);
+ ok(supported == 0xdeadbeef, "got %x\n", supported);
+ ok(first == 0xdeadbeef, "got %x\n", first);
+
+ supported = first = target = 0xdeadbeef;
+ SetLastError(0xdeadbeef);
ret = WinHttpQueryAuthSchemes(req, &supported, &first, &target);
- ok(!ret, "unexpected success\n");
- ok(supported == 0xffff, "got %x\n", supported);
- ok(first == 0xffff, "got %x\n", first);
- ok(target == 0xffff, "got %x\n", target);
+ error = GetLastError();
+ ok(!ret, "expected failure\n");
+ todo_wine ok(error == ERROR_INVALID_OPERATION, "expected ERROR_INVALID_OPERATION, got %u\n", error);
+ ok(supported == 0xdeadbeef, "got %x\n", supported);
+ ok(first == 0xdeadbeef, "got %x\n", first);
+ ok(target == 0xdeadbeef, "got %x\n", target);
+
+ supported = first = target = 0xdeadbeef;
+ SetLastError(0xdeadbeef);
+ ret = WinHttpQueryAuthSchemes(NULL, &supported, &first, &target);
+ error = GetLastError();
+ ok(!ret, "expected failure\n");
+ ok(error == ERROR_INVALID_HANDLE, "expected ERROR_INVALID_HANDLE, got %u\n", error);
+ ok(supported == 0xdeadbeef, "got %x\n", supported);
+ ok(first == 0xdeadbeef, "got %x\n", first);
+ ok(target == 0xdeadbeef, "got %x\n", target);
ret = WinHttpSendRequest(req, NULL, 0, NULL, 0, 0, 0);
ok(ret, "failed to send request %u\n", GetLastError());
@@ -1959,6 +2004,13 @@ static void test_basic_authentication(int port)
ok(ret, "failed to query status code %u\n", GetLastError());
ok(status == 401, "request failed unexpectedly %u\n", status);
+ supported = first = target = 0xdeadbeef;
+ ret = WinHttpQueryAuthSchemes(req, &supported, &first, &target);
+ ok(ret, "failed to query authentication schemes %u\n", GetLastError());
+ ok(supported == WINHTTP_AUTH_SCHEME_BASIC, "got %x\n", supported);
+ ok(first == WINHTTP_AUTH_SCHEME_BASIC, "got %x\n", first);
+ ok(target == WINHTTP_AUTH_TARGET_SERVER, "got %x\n", target);
+
ret = WinHttpSetCredentials(req, WINHTTP_AUTH_TARGET_SERVER, WINHTTP_AUTH_SCHEME_NTLM, NULL, NULL, NULL);
ok(ret, "failed to set credentials %u\n", GetLastError());
--
1.7.10.4
More information about the wine-patches
mailing list