[PATCH 4/5] webservices: Respect session dictionary size limits on send dictionary.
Connor McAdams
cmcadams at codeweavers.com
Tue Apr 19 18:34:11 CDT 2022
Signed-off-by: Connor McAdams <cmcadams at codeweavers.com>
---
dlls/webservices/channel.c | 4 ++++
dlls/webservices/string.c | 3 +++
dlls/webservices/webservices_private.h | 2 ++
3 files changed, 9 insertions(+)
diff --git a/dlls/webservices/channel.c b/dlls/webservices/channel.c
index c78fd949f7b..22312f76aa1 100644
--- a/dlls/webservices/channel.c
+++ b/dlls/webservices/channel.c
@@ -485,6 +485,7 @@ static HRESULT create_channel( WS_CHANNEL_TYPE type, WS_CHANNEL_BINDING binding,
channel->u.tcp.socket = -1;
channel->encoding = WS_ENCODING_XML_BINARY_SESSION_1;
channel->session_dict_size = 2048;
+ channel->dict_send.max_str_bytes = channel->session_dict_size;
break;
case WS_UDP_CHANNEL_BINDING:
@@ -545,6 +546,7 @@ static HRESULT create_channel( WS_CHANNEL_TYPE type, WS_CHANNEL_BINDING binding,
}
channel->session_dict_size = *(ULONG *)prop->value;
+ channel->dict_send.max_str_bytes = channel->session_dict_size;
break;
default:
@@ -1617,6 +1619,7 @@ static HRESULT CALLBACK dict_cb( void *state, const WS_XML_STRING *str, BOOL *fo
return S_OK;
}
+ if ((str->length + dict->str_bytes + 1) > dict->max_str_bytes) goto exit;
if (!(bytes = malloc( str->length ))) return E_OUTOFMEMORY;
memcpy( bytes, str->bytes, str->length );
if ((hr = insert_string( dict, bytes, str->length, index, id )) == S_OK)
@@ -1626,6 +1629,7 @@ static HRESULT CALLBACK dict_cb( void *state, const WS_XML_STRING *str, BOOL *fo
}
free( bytes );
+exit:
*found = FALSE;
return hr;
}
diff --git a/dlls/webservices/string.c b/dlls/webservices/string.c
index 3ecdcea85a4..c5e494b146a 100644
--- a/dlls/webservices/string.c
+++ b/dlls/webservices/string.c
@@ -145,6 +145,8 @@ void clear_dict( struct dictionary *dict )
dict->sequence = NULL;
dict->current_sequence = 0;
dict->size = 0;
+ dict->str_bytes = 0;
+ dict->max_str_bytes = 0;
}
HRESULT insert_string( struct dictionary *dict, unsigned char *data, ULONG len, int i, ULONG *ret_id )
@@ -162,6 +164,7 @@ HRESULT insert_string( struct dictionary *dict, unsigned char *data, ULONG len,
dict->dict.strings[id].dictionary = &dict->dict;
dict->dict.strings[id].id = id;
dict->dict.stringCount++;
+ dict->str_bytes += len + 1;
dict->sequence[id] = dict->current_sequence;
diff --git a/dlls/webservices/webservices_private.h b/dlls/webservices/webservices_private.h
index b352aa52d49..46df8bfd1a9 100644
--- a/dlls/webservices/webservices_private.h
+++ b/dlls/webservices/webservices_private.h
@@ -49,6 +49,8 @@ struct dictionary
ULONG size;
ULONG current_sequence;
ULONG *sequence;
+ ULONG str_bytes;
+ ULONG max_str_bytes;
};
extern struct dictionary dict_builtin DECLSPEC_HIDDEN;
extern const struct dictionary dict_builtin_static DECLSPEC_HIDDEN;
--
2.25.1
More information about the wine-devel
mailing list