[PATCH] wininet: moved cookie loading from HttpOpenRequest() to HttpSendRequest()

Wed Jul 2 12:27:43 CDT 2008

As reported in bug 14183,
for application which set cookies between the two calls and to handle
HTTP redirect correctly, HttpSendRequest() should fetch cookies
instead of HttpOpenRequest().

This patch does the following:

- Move cookie retrieval code to HTTP_HttpSendRequest()
- Don't allocate memory for url if INTERNET_FLAG_NO_COOKIES is enabled
- Be sure to not overflow lpszCookies:
  buffer size was nCookieSize + 1 + 8,
  written size is 8 + (nCookieSize - 1) + 2 + 1
- Optimized request header generation:
   sprintfW() replaced by strcpyW()
   strcatW() replaced by strcpyW()
   removed call to strlenW() for HTTP_HttpAddRequestHeadersW()
- Use HTTP_ADDREQ_FLAG_ADD instead of HTTP_ADDHDR_FLAG_ADD
- Use HTTP_ADDREQ_FLAG_REPLACE to replace the cookie instead of adding
---
 dlls/wininet/http.c |   69 +++++++++++++++++++++++++++-----------------------
 1 files changed, 37 insertions(+), 32 deletions(-)

diff --git a/dlls/wininet/http.c b/dlls/wininet/http.c
index 5e527a1..301595f 100644
--- a/dlls/wininet/http.c
+++ b/dlls/wininet/http.c
@@ -1886,13 +1886,8 @@ HINTERNET WINAPI HTTP_HttpOpenRequestW(LPWININETHTTPSESSIONW lpwhs,
 {
     LPWININETAPPINFOW hIC = NULL;
     LPWININETHTTPREQW lpwhr;
-    LPWSTR lpszCookies;
-    LPWSTR lpszUrl = NULL;
-    DWORD nCookieSize;
     HINTERNET handle = NULL;
-    static const WCHAR szUrlForm[] = {'h','t','t','p',':','/','/','%','s',0};
     DWORD len;
-    LPHTTPHEADERW Host;
 
     TRACE("-->\n");
 
@@ -1986,32 +1981,6 @@ HINTERNET WINAPI HTTP_HttpOpenRequestW(LPWININETHTTPSESSIONW lpwhs,
     if (NULL != hIC->lpszProxy && hIC->lpszProxy[0] != 0)
         HTTP_DealWithProxy( hIC, lpwhs, lpwhr );
 
-    Host = HTTP_GetHeader(lpwhr,szHost);
-
-    len = lstrlenW(Host->lpszValue) + strlenW(szUrlForm);
-    lpszUrl = HeapAlloc(GetProcessHeap(), 0, len*sizeof(WCHAR));
-    sprintfW( lpszUrl, szUrlForm, Host->lpszValue );
-
-    if (!(lpwhr->hdr.dwFlags & INTERNET_FLAG_NO_COOKIES) &&
-        InternetGetCookieW(lpszUrl, NULL, NULL, &nCookieSize))
-    {
-        int cnt = 0;
-        static const WCHAR szCookie[] = {'C','o','o','k','i','e',':',' ',0};
-        static const WCHAR szcrlf[] = {'\r','\n',0};
-
-        lpszCookies = HeapAlloc(GetProcessHeap(), 0, (nCookieSize + 1 + 8)*sizeof(WCHAR));
-
-        cnt += sprintfW(lpszCookies, szCookie);
-        InternetGetCookieW(lpszUrl, NULL, lpszCookies + cnt, &nCookieSize);
-        strcatW(lpszCookies, szcrlf);
-
-        HTTP_HttpAddRequestHeadersW(lpwhr, lpszCookies, strlenW(lpszCookies),
-                               HTTP_ADDREQ_FLAG_ADD);
-        HeapFree(GetProcessHeap(), 0, lpszCookies);
-    }
-    HeapFree(GetProcessHeap(), 0, lpszUrl);
-
-
     INTERNET_SendCallback(&lpwhs->hdr, dwContext,
                           INTERNET_STATUS_HANDLE_CREATED, &handle,
                           sizeof(handle));
@@ -3187,6 +3156,7 @@ BOOL WINAPI HTTP_HttpSendRequestW(LPWININETHTTPREQW lpwhr, LPCWSTR lpszHeaders,
 
     do
     {
+        LPHTTPHEADERW Host;
         DWORD len;
         char *ascii_req;
 
@@ -3197,11 +3167,46 @@ BOOL WINAPI HTTP_HttpSendRequestW(LPWININETHTTPREQW lpwhr, LPCWSTR lpszHeaders,
         HTTP_DrainContent(lpwhr);
         lpwhr->dwContentRead = 0;
 
+        Host = HTTP_GetHeader(lpwhr,szHost);
+
         if (TRACE_ON(wininet))
         {
-            LPHTTPHEADERW Host = HTTP_GetHeader(lpwhr,szHost);
             TRACE("Going to url %s %s\n", debugstr_w(Host->lpszValue), debugstr_w(lpwhr->lpszPath));
         }
+        
+        if (!(lpwhr->hdr.dwFlags & INTERNET_FLAG_NO_COOKIES))
+        {
+            int len;
+            LPWSTR lpszUrl = NULL;
+            DWORD nCookieSize;
+            static const WCHAR szUrlForm[] = {'h','t','t','p',':','/','/','%','s',0};
+
+            len = strlenW(szUrlForm) + strlenW(Host->lpszValue);
+            lpszUrl = HeapAlloc(GetProcessHeap(), 0, len*sizeof(WCHAR));
+            sprintfW( lpszUrl, szUrlForm, Host->lpszValue );
+
+            if (InternetGetCookieW(lpszUrl, NULL, NULL, &nCookieSize))
+            {
+                static const WCHAR szCookie[] = {'C','o','o','k','i','e',':',' ',0};
+                static const WCHAR szcrlf[] = {'\r','\n',0};
+                LPWSTR lpszCookies;
+
+                len = strlenW(szCookie);
+                lpszCookies = HeapAlloc(GetProcessHeap(), 0, (len + nCookieSize + 2 + 1)*sizeof(WCHAR));
+
+                strcpyW(lpszCookies, szCookie);
+                InternetGetCookieW(lpszUrl, NULL, lpszCookies + len, &nCookieSize);
+                len += strlenW(lpszCookies + len); /* safer with strnlen(lpszCookies + len, nCookieSize); */
+                strcpyW(lpszCookies + len, szcrlf);
+                len += 2;
+
+                HTTP_HttpAddRequestHeadersW(lpwhr, lpszCookies, len,
+                                            HTTP_ADDREQ_FLAG_ADD | HTTP_ADDREQ_FLAG_REPLACE);
+
+                HeapFree(GetProcessHeap(), 0, lpszCookies);
+            }
+            HeapFree(GetProcessHeap(), 0, lpszUrl);
+        }
 
         HTTP_FixURL(lpwhr);
         if (lpwhr->hdr.dwFlags & INTERNET_FLAG_KEEP_CONNECTION)
-- 
1.5.0.4


