Skip to content
Projects
Groups
Snippets
Help
This project
Loading...
Sign in / Register
Toggle navigation
W
wine-cw
Project
Project
Details
Activity
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Board
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Charts
Registry
Registry
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
wine
wine-cw
Commits
216d4c08
Commit
216d4c08
authored
Jul 19, 2008
by
Hans Leidekker
Committed by
Alexandre Julliard
Jul 21, 2008
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
wininet: Fix cookie buffer overflow.
Spotted by Yann Droneaud.
parent
572b0bab
Hide whitespace changes
Inline
Side-by-side
Showing
1 changed file
with
12 additions
and
11 deletions
+12
-11
http.c
dlls/wininet/http.c
+12
-11
No files found.
dlls/wininet/http.c
View file @
216d4c08
...
...
@@ -3124,11 +3124,11 @@ static void HTTP_InsertCookies(LPWININETHTTPREQW lpwhr)
{
static
const
WCHAR
szUrlForm
[]
=
{
'h'
,
't'
,
't'
,
'p'
,
':'
,
'/'
,
'/'
,
'%'
,
's'
,
0
};
LPWSTR
lpszCookies
,
lpszUrl
=
NULL
;
DWORD
nCookieSize
,
len
;
DWORD
nCookieSize
,
size
;
LPHTTPHEADERW
Host
=
HTTP_GetHeader
(
lpwhr
,
szHost
);
len
=
lstrlenW
(
Host
->
lpszValue
)
+
strlenW
(
szUrlForm
);
lpszUrl
=
HeapAlloc
(
GetProcessHeap
(),
0
,
len
*
sizeof
(
WCHAR
))
;
size
=
(
strlenW
(
Host
->
lpszValue
)
+
strlenW
(
szUrlForm
))
*
sizeof
(
WCHAR
);
if
(
!
(
lpszUrl
=
HeapAlloc
(
GetProcessHeap
(),
0
,
size
)))
return
;
sprintfW
(
lpszUrl
,
szUrlForm
,
Host
->
lpszValue
);
if
(
InternetGetCookieW
(
lpszUrl
,
NULL
,
NULL
,
&
nCookieSize
))
...
...
@@ -3137,15 +3137,16 @@ static void HTTP_InsertCookies(LPWININETHTTPREQW lpwhr)
static
const
WCHAR
szCookie
[]
=
{
'C'
,
'o'
,
'o'
,
'k'
,
'i'
,
'e'
,
':'
,
' '
,
0
};
static
const
WCHAR
szcrlf
[]
=
{
'\r'
,
'\n'
,
0
};
lpszCookies
=
HeapAlloc
(
GetProcessHeap
(),
0
,
(
nCookieSize
+
1
+
8
)
*
sizeof
(
WCHAR
));
cnt
+=
sprintfW
(
lpszCookies
,
szCookie
);
InternetGetCookieW
(
lpszUrl
,
NULL
,
lpszCookies
+
cnt
,
&
nCookieSize
);
strcatW
(
lpszCookies
,
szcrlf
);
size
=
sizeof
(
szCookie
)
+
nCookieSize
*
sizeof
(
WCHAR
)
+
sizeof
(
szcrlf
);
if
((
lpszCookies
=
HeapAlloc
(
GetProcessHeap
(),
0
,
size
)))
{
cnt
+=
sprintfW
(
lpszCookies
,
szCookie
);
InternetGetCookieW
(
lpszUrl
,
NULL
,
lpszCookies
+
cnt
,
&
nCookieSize
);
strcatW
(
lpszCookies
,
szcrlf
);
HTTP_HttpAddRequestHeadersW
(
lpwhr
,
lpszCookies
,
strlenW
(
lpszCookies
),
HTTP_ADDREQ_FLAG_ADD
);
HeapFree
(
GetProcessHeap
(),
0
,
lpszCookies
);
HTTP_HttpAddRequestHeadersW
(
lpwhr
,
lpszCookies
,
strlenW
(
lpszCookies
),
HTTP_ADDREQ_FLAG_ADD
);
HeapFree
(
GetProcessHeap
(),
0
,
lpszCookies
);
}
}
HeapFree
(
GetProcessHeap
(),
0
,
lpszUrl
);
}
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment
