[PATCH 4/5] webservices: Respect session dictionary size limits on send dictionary.

Connor McAdams cmcadams at codeweavers.com
Tue Apr 19 18:34:11 CDT 2022 

Signed-off-by: Connor McAdams <cmcadams at codeweavers.com>
---
 dlls/webservices/channel.c             | 4 ++++
 dlls/webservices/string.c              | 3 +++
 dlls/webservices/webservices_private.h | 2 ++
 3 files changed, 9 insertions(+)

diff --git a/dlls/webservices/channel.c b/dlls/webservices/channel.c
index c78fd949f7b..22312f76aa1 100644
--- a/dlls/webservices/channel.c
+++ b/dlls/webservices/channel.c
@@ -485,6 +485,7 @@ static HRESULT create_channel( WS_CHANNEL_TYPE type, WS_CHANNEL_BINDING binding,
         channel->u.tcp.socket = -1;
         channel->encoding     = WS_ENCODING_XML_BINARY_SESSION_1;
         channel->session_dict_size = 2048;
+        channel->dict_send.max_str_bytes = channel->session_dict_size;
         break;
 
     case WS_UDP_CHANNEL_BINDING:
@@ -545,6 +546,7 @@ static HRESULT create_channel( WS_CHANNEL_TYPE type, WS_CHANNEL_BINDING binding,
             }
 
             channel->session_dict_size = *(ULONG *)prop->value;
+            channel->dict_send.max_str_bytes = channel->session_dict_size;
             break;
 
         default:
@@ -1617,6 +1619,7 @@ static HRESULT CALLBACK dict_cb( void *state, const WS_XML_STRING *str, BOOL *fo
         return S_OK;
     }
 
+    if ((str->length + dict->str_bytes + 1) > dict->max_str_bytes) goto exit;
     if (!(bytes = malloc( str->length ))) return E_OUTOFMEMORY;
     memcpy( bytes, str->bytes, str->length );
     if ((hr = insert_string( dict, bytes, str->length, index, id )) == S_OK)
@@ -1626,6 +1629,7 @@ static HRESULT CALLBACK dict_cb( void *state, const WS_XML_STRING *str, BOOL *fo
     }
     free( bytes );
 
+exit:
     *found = FALSE;
     return hr;
 }
diff --git a/dlls/webservices/string.c b/dlls/webservices/string.c
index 3ecdcea85a4..c5e494b146a 100644
--- a/dlls/webservices/string.c
+++ b/dlls/webservices/string.c
@@ -145,6 +145,8 @@ void clear_dict( struct dictionary *dict )
     dict->sequence = NULL;
     dict->current_sequence = 0;
     dict->size = 0;
+    dict->str_bytes = 0;
+    dict->max_str_bytes = 0;
 }
 
 HRESULT insert_string( struct dictionary *dict, unsigned char *data, ULONG len, int i, ULONG *ret_id )
@@ -162,6 +164,7 @@ HRESULT insert_string( struct dictionary *dict, unsigned char *data, ULONG len,
     dict->dict.strings[id].dictionary = &dict->dict;
     dict->dict.strings[id].id         = id;
     dict->dict.stringCount++;
+    dict->str_bytes += len + 1;
 
     dict->sequence[id] = dict->current_sequence;
 
diff --git a/dlls/webservices/webservices_private.h b/dlls/webservices/webservices_private.h
index b352aa52d49..46df8bfd1a9 100644
--- a/dlls/webservices/webservices_private.h
+++ b/dlls/webservices/webservices_private.h
@@ -49,6 +49,8 @@ struct dictionary
     ULONG              size;
     ULONG              current_sequence;
     ULONG             *sequence;
+    ULONG              str_bytes;
+    ULONG              max_str_bytes;
 };
 extern struct dictionary dict_builtin DECLSPEC_HIDDEN;
 extern const struct dictionary dict_builtin_static DECLSPEC_HIDDEN;
-- 
2.25.1

More information about the wine-devel mailing list