wininet: Fix potential buffer overrun in HttpQueryInfoA.
Robert Shearman
rob at codeweavers.com
Mon Feb 18 13:37:35 CST 2008
If HTTP_QUERY_CUSTOM is specified then the buffer contains a
null-terminated string on input and data of length len on output. The
code wasn't taking into account that the input len could be less than
the length of the string and thus could result in the allocated buffer
being overrun with the call to WideCharToMultiByte.
This is fixed by calculating the maximum of the two lengths and
allocating an appropriate sized buffer. The length passed to
WideCharToMultiByte was also fixed.
---
dlls/wininet/http.c | 13 +++++++++++--
1 files changed, 11 insertions(+), 2 deletions(-)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 8b3e278f8758bd5c588da1ede82a52fcb2db6d6e.diff
Type: text/x-patch
Size: 1101 bytes
Desc: not available
Url : http://www.winehq.org/pipermail/wine-patches/attachments/20080218/25c69f32/attachment.bin
More information about the wine-patches
mailing list