Hans Leidekker : wininet: Add an exception handler in HttpOpenRequestA to protect against invalid accept type pointers .
Alexandre Julliard
julliard at winehq.org
Fri Oct 24 08:12:45 CDT 2008
Module: wine
Branch: master
Commit: bd805297090da797cff0c6fac3098a00e2ce801e
URL: http://source.winehq.org/git/wine.git/?a=commit;h=bd805297090da797cff0c6fac3098a00e2ce801e
Author: Hans Leidekker <hans at codeweavers.com>
Date: Fri Oct 24 11:08:12 2008 +0200
wininet: Add an exception handler in HttpOpenRequestA to protect against invalid accept type pointers.
---
dlls/wininet/http.c | 37 ++++++++++++++++++++++++++-----------
dlls/wininet/tests/http.c | 2 +-
2 files changed, 27 insertions(+), 12 deletions(-)
diff --git a/dlls/wininet/http.c b/dlls/wininet/http.c
index 8729df3..a3d04d9 100644
--- a/dlls/wininet/http.c
+++ b/dlls/wininet/http.c
@@ -59,6 +59,7 @@
#include "internet.h"
#include "wine/debug.h"
+#include "wine/exception.h"
#include "wine/unicode.h"
WINE_DEFAULT_DEBUG_CHANNEL(wininet);
@@ -1020,12 +1021,20 @@ HINTERNET WINAPI HttpOpenRequestA(HINTERNET hHttpSession,
types = lpszAcceptTypes;
while (*types)
{
- /* find out how many there are */
- if (((ULONG_PTR)*types >> 16) && **types)
+ __TRY
{
- TRACE("accept type: %s\n", debugstr_a(*types));
- acceptTypesCount++;
+ /* find out how many there are */
+ if (*types && **types)
+ {
+ TRACE("accept type: %s\n", debugstr_a(*types));
+ acceptTypesCount++;
+ }
+ }
+ __EXCEPT_PAGE_FAULT
+ {
+ WARN("invalid accept type pointer\n");
}
+ __ENDTRY;
types++;
}
szAcceptTypes = HeapAlloc(GetProcessHeap(), 0, sizeof(WCHAR *) * (acceptTypesCount+1));
@@ -1035,20 +1044,26 @@ HINTERNET WINAPI HttpOpenRequestA(HINTERNET hHttpSession,
types = lpszAcceptTypes;
while (*types)
{
- if (((ULONG_PTR)*types >> 16) && **types)
+ __TRY
{
- len = MultiByteToWideChar(CP_ACP, 0, *types, -1, NULL, 0 );
- szAcceptTypes[acceptTypesCount] = HeapAlloc(GetProcessHeap(), 0, len * sizeof(WCHAR));
- if (!szAcceptTypes[acceptTypesCount]) goto end;
+ if (*types && **types)
+ {
+ len = MultiByteToWideChar(CP_ACP, 0, *types, -1, NULL, 0 );
+ szAcceptTypes[acceptTypesCount] = HeapAlloc(GetProcessHeap(), 0, len * sizeof(WCHAR));
- MultiByteToWideChar(CP_ACP, 0, *types, -1, szAcceptTypes[acceptTypesCount], len);
- acceptTypesCount++;
+ MultiByteToWideChar(CP_ACP, 0, *types, -1, szAcceptTypes[acceptTypesCount], len);
+ acceptTypesCount++;
+ }
+ }
+ __EXCEPT_PAGE_FAULT
+ {
+ /* ignore invalid pointer */
}
+ __ENDTRY;
types++;
}
szAcceptTypes[acceptTypesCount] = NULL;
}
- else szAcceptTypes = 0;
rc = HttpOpenRequestW(hHttpSession, szVerb, szObjectName,
szVersion, szReferrer,
diff --git a/dlls/wininet/tests/http.c b/dlls/wininet/tests/http.c
index e01ef20..1c686c8 100644
--- a/dlls/wininet/tests/http.c
+++ b/dlls/wininet/tests/http.c
@@ -1964,7 +1964,7 @@ static void test_user_agent_header(void)
static void test_bogus_accept_types_array(void)
{
HINTERNET ses, con, req;
- static const char *types[] = { (const char *)6240, "*/*", "%p", "", "*/*", NULL };
+ static const char *types[] = { (const char *)6240, "*/*", "%p", "", (const char *)0xffffffff, "*/*", NULL };
DWORD size;
char buffer[32];
BOOL ret;
More information about the wine-cvs
mailing list