Another http.c patch
Uwe Bonnes
bon at elektron.ikp.physik.tu-darmstadt.de
Mon Mar 22 15:41:54 CST 2004
Changelog:
wine/dlls/wininet/http.c:
Care for dwHeaderLength, fix a possible heap corruption and some
restructuring
Xilinx "webupdate.exe" hit that heap corruption.
--
Uwe Bonnes bon at elektron.ikp.physik.tu-darmstadt.de
Institut fuer Kernphysik Schlossgartenstrasse 9 64289 Darmstadt
--------- Tel. 06151 162516 -------- Fax. 06151 164321 ----------
Index: wine/dlls/wininet/http.c
===================================================================
RCS file: /home/wine/wine/dlls/wininet/http.c,v
retrieving revision 1.50
diff -u -r1.50 http.c
--- wine/dlls/wininet/http.c 16 Mar 2004 01:06:30 -0000 1.50
+++ wine/dlls/wininet/http.c 22 Mar 2004 21:40:18 -0000
@@ -1073,7 +1073,9 @@
LPWININETAPPINFOA hIC = NULL;
TRACE("%p, %p (%s), %li, %p, %li)\n", hHttpRequest,
- lpszHeaders, debugstr_a(lpszHeaders), dwHeaderLength, lpOptional, dwOptionalLength);
+ lpszHeaders,
+ (dwHeaderLength == -1) ?debugstr_a(lpszHeaders): debugstr_an(lpszHeaders,dwHeaderLength),
+ dwHeaderLength, lpOptional, dwOptionalLength);
lpwhr = (LPWININETHTTPREQA) WININET_GetObject( hHttpRequest );
if (NULL == lpwhr || lpwhr->hdr.htype != WH_HHTTPREQ)
@@ -1291,7 +1293,6 @@
LPSTR lpszHeaders_r_n = NULL; /* lpszHeaders with atleast one pair of \r\n at the end */
INT requestStringLen;
INT responseLen;
- INT headerLength = 0;
LPWININETHTTPREQA lpwhr;
LPWININETHTTPSESSIONA lpwhs = NULL;
LPWININETAPPINFOA hIC = NULL;
@@ -1371,35 +1372,32 @@
strlen(HTTPHEADER) +
5; /* " \r\n\r\n" */
- /* add "\r\n" to end of lpszHeaders if needed */
+ /* Care for the \r\n we need to prepend and append
+ * Check for dangling \r and \n at the end of lpszHeaders*/
if (lpszHeaders)
{
- int len = strlen(lpszHeaders);
+ int nLen = (-1 == dwHeaderLength) ? strlen(lpszHeaders): dwHeaderLength;
- /* Check if the string is terminated with \r\n, but not if
- * the string is less that 2 characters long, because then
- * we would be looking at memory before the beginning of
- * the string. Besides, if it is less than 2 characters
- * long, then clearly, its not terminated with \r\n.
- */
- if ((len > 2) && (memcmp(lpszHeaders + (len - 2), "\r\n", 2) == 0))
+ while ((nLen > 0) && ((lpszHeaders[nLen-1] == '\r')||(lpszHeaders[nLen-1] == '\n')))
+ --nLen;
+ if (nLen)
{
- lpszHeaders_r_n = WININET_strdup(lpszHeaders);
- }
- else
- {
- TRACE("Adding \r\n to lpszHeaders.\n");
- lpszHeaders_r_n = HeapAlloc( GetProcessHeap(), 0, strlen(lpszHeaders) + 3 );
- strcpy( lpszHeaders_r_n, lpszHeaders );
- strcpy( lpszHeaders_r_n + strlen(lpszHeaders), "\r\n" );
+ lpszHeaders_r_n = HeapAlloc( GetProcessHeap(), 0, nLen + 5);/*\r\n%s\r\n\0*/
+ if (NULL == lpszHeaders_r_n)
+ {
+ INTERNET_SetLastError(ERROR_OUTOFMEMORY);
+ goto lend;
+ }
+ strcpy(lpszHeaders_r_n,"\r\n");
+ strncat(lpszHeaders_r_n, lpszHeaders, nLen);
+ strcat(lpszHeaders_r_n, "\r\n");
}
}
/* Add length of passed headers */
- if (lpszHeaders)
+ if (lpszHeaders_r_n)
{
- headerLength = -1 == dwHeaderLength ? strlen(lpszHeaders_r_n) : dwHeaderLength;
- requestStringLen += headerLength + 2; /* \r\n */
+ requestStringLen += strlen(lpszHeaders_r_n) ;
}
@@ -1480,16 +1478,8 @@
/* Append passed request headers */
if (lpszHeaders_r_n)
{
- strcpy(requestString + cnt, "\r\n");
- cnt += 2;
strcpy(requestString + cnt, lpszHeaders_r_n);
- cnt += headerLength;
- /* only add \r\n if not already present */
- if (memcmp((requestString + cnt) - 2, "\r\n", 2) != 0)
- {
- strcpy(requestString + cnt, "\r\n");
- cnt += 2;
- }
+ cnt += strlen(lpszHeaders_r_n);
}
/* Set (header) termination string for request */
@@ -1629,7 +1619,7 @@
if (requestString)
HeapFree(GetProcessHeap(), 0, requestString);
- if (lpszHeaders)
+ if (lpszHeaders_r_n)
HeapFree(GetProcessHeap(), 0, lpszHeaders_r_n);
/* TODO: send notification for P3P header */
More information about the wine-patches
mailing list