Wei Xie : wininet/tests: Check null pointer in InternetGetSecurityInfoByURLW.

Alexandre Julliard julliard at winehq.org
Tue Jan 9 15:49:38 CST 2018 

Module: wine
Branch: master
Commit: 3f06a09604f8c2364dfbf6e6987d991f140544bc
URL:    https://source.winehq.org/git/wine.git/?a=commit;h=3f06a09604f8c2364dfbf6e6987d991f140544bc

Author: Wei Xie <xiewei at deepin.com>
Date:   Tue Jan  9 12:06:25 2018 +0100

wininet/tests: Check null pointer in InternetGetSecurityInfoByURLW.

Signed-off-by: Wei xie <xiewei at linuxdeepin.com>
Signed-off-by: Jacek Caban <jacek at codeweavers.com>
Signed-off-by: Alexandre Julliard <julliard at winehq.org>

---

 dlls/wininet/internet.c   | 15 ++++++++-------
 dlls/wininet/tests/http.c | 12 ++++++++++++
 2 files changed, 20 insertions(+), 7 deletions(-)

diff --git a/dlls/wininet/internet.c b/dlls/wininet/internet.c
index 1f1bbbd..699962c 100644
--- a/dlls/wininet/internet.c
+++ b/dlls/wininet/internet.c
@@ -4462,6 +4462,11 @@ BOOL WINAPI InternetGetSecurityInfoByURLW(LPCWSTR lpszURL, PCCERT_CHAIN_CONTEXT
 
     TRACE("(%s %p %p)\n", debugstr_w(lpszURL), ppCertChain, pdwSecureFlags);
 
+    if (!ppCertChain && !pdwSecureFlags) {
+        SetLastError(ERROR_INVALID_PARAMETER);
+        return FALSE;
+    }
+
     url.dwHostNameLength = 1;
     res = InternetCrackUrlW(lpszURL, 0, 0, &url);
     if(!res || url.nScheme != INTERNET_SCHEME_HTTPS) {
@@ -4476,15 +4481,11 @@ BOOL WINAPI InternetGetSecurityInfoByURLW(LPCWSTR lpszURL, PCCERT_CHAIN_CONTEXT
     }
 
     if(server->cert_chain) {
-        const CERT_CHAIN_CONTEXT *chain_dup;
-
-        chain_dup = CertDuplicateCertificateChain(server->cert_chain);
-        if(chain_dup) {
-            *ppCertChain = chain_dup;
+        if(pdwSecureFlags)
             *pdwSecureFlags = server->security_flags & _SECURITY_ERROR_FLAGS_MASK;
-        }else {
+
+        if(ppCertChain && !(*ppCertChain = CertDuplicateCertificateChain(server->cert_chain)))
             res = FALSE;
-        }
     }else {
         SetLastError(ERROR_INTERNET_ITEM_NOT_FOUND);
         res = FALSE;
diff --git a/dlls/wininet/tests/http.c b/dlls/wininet/tests/http.c
index 1c2aadb..af78704 100644
--- a/dlls/wininet/tests/http.c
+++ b/dlls/wininet/tests/http.c
@@ -5593,6 +5593,18 @@ static void _test_security_info(unsigned line, const char *urlc, DWORD error, DW
         ok_(__FILE__,line)(chain != NULL, "chain = NULL\n");
         ok_(__FILE__,line)(flags == ex_flags, "flags = %x\n", flags);
         CertFreeCertificateChain(chain);
+
+        SetLastError(0xdeadbeef);
+        res = pInternetGetSecurityInfoByURLA(url, NULL, NULL);
+        ok_(__FILE__,line)(!res && GetLastError() == ERROR_INVALID_PARAMETER,
+                           "InternetGetSecurityInfoByURLA returned: %x(%u)\n", res, GetLastError());
+
+        res = pInternetGetSecurityInfoByURLA(url, &chain, NULL);
+        ok_(__FILE__,line)(res, "InternetGetSecurityInfoByURLA failed: %u\n", GetLastError());
+        CertFreeCertificateChain(chain);
+
+        res = pInternetGetSecurityInfoByURLA(url, NULL, &flags);
+        ok_(__FILE__,line)(res, "InternetGetSecurityInfoByURLA failed: %u\n", GetLastError());
     }else {
         ok_(__FILE__,line)(!res && GetLastError() == error,
                            "InternetGetSecurityInfoByURLA returned: %x(%u), expected %u\n", res, GetLastError(), error);

More information about the wine-cvs mailing list