[2/2] winhttp: Validate the port number in WinHttpCrackUrl.
Hans Leidekker
hans at codeweavers.com
Tue Aug 16 05:30:02 CDT 2016
Signed-off-by: Hans Leidekker <hans at codeweavers.com>
---
dlls/winhttp/tests/url.c | 22 ++++++++++++++++++++++
dlls/winhttp/url.c | 19 ++++++++++++++++---
2 files changed, 38 insertions(+), 3 deletions(-)
diff --git a/dlls/winhttp/tests/url.c b/dlls/winhttp/tests/url.c
index ec6dbd0..27979f6 100644
--- a/dlls/winhttp/tests/url.c
+++ b/dlls/winhttp/tests/url.c
@@ -69,6 +69,9 @@ static const WCHAR url12[] =
static const WCHAR url13[] =
{'h','t','t','p',':','/','/','w','i','n','e','h','q','.','o',' ','g','/','p','a','t','h',' ','w','i','t','h',' ','s','p','a','c','e','s',0};
static const WCHAR url14[] = {'h','t','t','p',':','/','/','w','w','w','.','w','i','n','e','h','q','.','o','r','g','/','t','e','s','t',0};
+static const WCHAR url15[] = {'h','t','t','p',':','/','/','w','i','n','e','h','q','.','o','r','g',':','6','5','5','3','6',0};
+static const WCHAR url16[] = {'h','t','t','p',':','/','/','w','i','n','e','h','q','.','o','r','g',':','0',0};
+static const WCHAR url17[] = {'h','t','t','p',':','/','/','w','i','n','e','h','q','.','o','r','g',':',0};
static const WCHAR url_k1[] =
{'h','t','t','p',':','/','/','u','s','e','r','n','a','m','e',':','p','a','s','s','w','o','r','d',
@@ -718,6 +721,25 @@ static void WinHttpCrackUrl_test( void )
ok( uc.dwUrlPathLength == 0, "unexpected length %u\n", uc.dwUrlPathLength );
ok( !uc.lpszExtraInfo, "unexpected extra info %s\n", wine_dbgstr_w(uc.lpszExtraInfo) );
ok( uc.dwExtraInfoLength == 0, "unexpected length %u\n", uc.dwExtraInfoLength );
+
+ reset_url_components( &uc );
+ SetLastError( 0xdeadbeef );
+ ret = WinHttpCrackUrl( url15, 0, 0, &uc );
+ error = GetLastError();
+ ok( !ret, "WinHttpCrackUrl succeeded\n" );
+ ok( error == ERROR_WINHTTP_INVALID_URL, "got %u\n", error );
+
+ reset_url_components( &uc );
+ uc.nPort = 1;
+ ret = WinHttpCrackUrl( url16, 0, 0, &uc );
+ ok( ret, "got %u\n", GetLastError() );
+ ok( !uc.nPort, "got %u\n", uc.nPort );
+
+ reset_url_components( &uc );
+ uc.nPort = 1;
+ ret = WinHttpCrackUrl( url17, 0, 0, &uc );
+ ok( ret, "got %u\n", GetLastError() );
+ todo_wine ok( uc.nPort == 80, "got %u\n", uc.nPort );
}
START_TEST(url)
diff --git a/dlls/winhttp/url.c b/dlls/winhttp/url.c
index 2b479a9..8888b8f 100644
--- a/dlls/winhttp/url.c
+++ b/dlls/winhttp/url.c
@@ -163,6 +163,19 @@ static WCHAR *escape_url( LPCWSTR url, DWORD *len )
return ret;
}
+static DWORD parse_port( const WCHAR *str, DWORD len, INTERNET_PORT *ret )
+{
+ const WCHAR *p = str;
+ DWORD port = 0;
+ while (len && isdigitW( *p ))
+ {
+ if ((port = port * 10 + *p - '0') > 65535) return ERROR_WINHTTP_INVALID_URL;
+ p++; len--;
+ }
+ *ret = port;
+ return ERROR_SUCCESS;
+}
+
/***********************************************************************
* WinHttpCrackUrl (winhttp.@)
*/
@@ -172,7 +185,7 @@ BOOL WINAPI WinHttpCrackUrl( LPCWSTR url, DWORD len, DWORD flags, LPURL_COMPONEN
DWORD err, scheme_len, user_len, passwd_len, host_len, path_len, extra_len;
INTERNET_SCHEME scheme = 0;
- TRACE("%s, %d, %x, %p\n", debugstr_w(url), len, flags, uc);
+ TRACE("%s, %d, %x, %p\n", debugstr_wn(url, len), len, flags, uc);
if (!url || !uc || uc->dwStructSize != sizeof(URL_COMPONENTS))
{
@@ -258,7 +271,7 @@ BOOL WINAPI WinHttpCrackUrl( LPCWSTR url, DWORD len, DWORD flags, LPURL_COMPONEN
{
if ((err = set_component( &uc->lpszHostName, &host_len, p, r - p, flags ))) goto exit;
r++;
- uc->nPort = atoiW( r );
+ if ((err = parse_port( r, q - r, &uc->nPort ))) goto exit;
}
else
{
@@ -284,7 +297,7 @@ BOOL WINAPI WinHttpCrackUrl( LPCWSTR url, DWORD len, DWORD flags, LPURL_COMPONEN
{
if ((err = set_component( &uc->lpszHostName, &host_len, p, r - p, flags ))) goto exit;
r++;
- uc->nPort = atoiW( r );
+ if ((err = parse_port( r, len - (r - url), &uc->nPort ))) goto exit;
}
else
{
--
2.1.4
More information about the wine-patches
mailing list