[Bug 3306] New: wininet: bad Host header generated if referer
doesn't 'crack'
Wine Bugs
wine-bugs at winehq.org
Fri Sep 9 14:49:57 CDT 2005
http://bugs.winehq.org/show_bug.cgi?id=3306
Summary: wininet: bad Host header generated if referer doesn't
'crack'
Product: Wine
Version: CVS
Platform: All
OS/Version: other
Status: UNCONFIRMED
Severity: normal
Priority: P2
Component: wine-net
AssignedTo: wine-bugs at winehq.org
ReportedBy: orin at pinhead.cc
If a 'referer' is passed into HttpOpenRequest in a form that InternetCrackUrlW
fails to crack, the host header will be generated from an uninitialized local
variable.
There are two things wrong here.
Firstly, the return from InternetCrackUrlW isn't tested for success before using
the results.
Secondly, the Host header should not be derived from the Referer header. The
Host header should be derived from the URL that is being requested if the URL
contains a host or from the server if not.
>From the HTTP spec (RFC 2616):
"The Host request-header field specifies the Internet host and port
number of the resource being requested, as obtained from the original
URI given by the user or referring resource (generally an HTTP URL,
as described in section 3.2.2)."
This does seem ambiguous, but it should be read: ...as obtained from the
original URI (given by the user or referring resource (generally an HTTP URL,
as described in section 3.2.2))
It's just noting where the original URI came from.
I'll submit a patch that prevents this particular problem, but haven't yet
considered the implications if going through a proxy.
--
Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
More information about the wine-bugs
mailing list