Hans Leidekker : jsproxy: Validate parameters in InternetInitializeAutoProxyDll and InternetGetProxyInfo.

Alexandre Julliard julliard at wine.codeweavers.com
Wed Apr 20 10:36:08 CDT 2016 

Module: wine
Branch: master
Commit: ea8b261abe79d5a80f2be79a304995f3cc840c95
URL:    http://source.winehq.org/git/wine.git/?a=commit;h=ea8b261abe79d5a80f2be79a304995f3cc840c95

Author: Hans Leidekker <hans at codeweavers.com>
Date:   Wed Apr 20 10:14:49 2016 +0200

jsproxy: Validate parameters in InternetInitializeAutoProxyDll and InternetGetProxyInfo.

Signed-off-by: Hans Leidekker <hans at codeweavers.com>
Signed-off-by: Alexandre Julliard <julliard at winehq.org>

---

 dlls/jsproxy/main.c | 25 +++++++++++++++++++++++--
 1 file changed, 23 insertions(+), 2 deletions(-)

diff --git a/dlls/jsproxy/main.c b/dlls/jsproxy/main.c
index d5c3e72..11a671a 100644
--- a/dlls/jsproxy/main.c
+++ b/dlls/jsproxy/main.c
@@ -188,8 +188,20 @@ BOOL WINAPI JSPROXY_InternetInitializeAutoProxyDll( DWORD version, LPSTR tmpfile
 
     if (buffer && buffer->dwStructSize == sizeof(*buffer) && buffer->lpszScriptBuffer)
     {
+        DWORD i, len = 0;
+        for (i = 0; i < buffer->dwScriptBufferSize; i++)
+        {
+            if (!buffer->lpszScriptBuffer[i]) break;
+            len++;
+        }
+        if (len == buffer->dwScriptBufferSize)
+        {
+            SetLastError( ERROR_INVALID_PARAMETER );
+            LeaveCriticalSection( &cs_jsproxy );
+            return FALSE;
+        }
         heap_free( global_script->text );
-        if( (global_script->text = strdupAW( buffer->lpszScriptBuffer, buffer->dwScriptBufferSize ))) ret = TRUE;
+        if ((global_script->text = strdupAW( buffer->lpszScriptBuffer, len ))) ret = TRUE;
     }
     else
     {
@@ -627,7 +639,16 @@ BOOL WINAPI InternetGetProxyInfo( LPCSTR url, DWORD len_url, LPCSTR hostname, DW
 
     EnterCriticalSection( &cs_jsproxy );
 
-    if (!global_script->text) goto done;
+    if (!global_script->text)
+    {
+        SetLastError( ERROR_CAN_NOT_COMPLETE );
+        goto done;
+    }
+    if (hostname && len_hostname < strlen( hostname ))
+    {
+        SetLastError( ERROR_INSUFFICIENT_BUFFER );
+        goto done;
+    }
     if (!(urlW = strdupAW( url, -1 ))) goto done;
     if (hostname && !(hostnameW = strdupAW( hostname, -1 ))) goto done;

More information about the wine-cvs mailing list