wininet: Make sure not to overwrite any caller supplied authorization header.

b069ef42 · Hans Leidekker · Alexandre Julliard · 9bf3355a · b069ef42 · b069ef42
Commit b069ef42 authored Feb 01, 2008 by Hans Leidekker Committed by Alexandre Julliard Feb 04, 2008
Hide whitespace changes
Inline Side-by-side

Showing with 14 additions and 27 deletions

http.c dlls/wininet/http.c +10 -26

http.c dlls/wininet/tests/http.c +4 -1

No files found.
--- a/dlls/wininet/http.c
+++ b/dlls/wininet/http.c
@@ -1187,9 +1187,11 @@ static UINT HTTP_DecodeBase64( LPCWSTR base64, LPSTR bin )
 *
 *   Insert or delete the authorization field in the request header.
 */
-static BOOL HTTP_InsertAuthorizationForHeader( LPWININETHTTPREQW lpwhr, struct HttpAuthInfo *pAuthInfo, LPCWSTR header )
+static BOOL HTTP_InsertAuthorization( LPWININETHTTPREQW lpwhr, LPCWSTR header, BOOL first )
 {
    WCHAR *authorization = NULL;
+    struct HttpAuthInfo *pAuthInfo = lpwhr->pAuthInfo;
+    DWORD flags;

    if (pAuthInfo && pAuthInfo->auth_data_len)
    {
@@ -1222,35 +1224,17 @@ static BOOL HTTP_InsertAuthorizationForHeader( LPWININETHTTPREQW lpwhr, struct H

    TRACE("Inserting authorization: %s\n", debugstr_w(authorization));

-    HTTP_ProcessHeader(lpwhr, header, authorization,
-                       HTTP_ADDHDR_FLAG_REPLACE | HTTP_ADDHDR_FLAG_REQ);
+    /* make sure not to overwrite any caller supplied authorization header */
+    flags = HTTP_ADDHDR_FLAG_REQ;
+    flags |= first ? HTTP_ADDHDR_FLAG_ADD_IF_NEW : HTTP_ADDHDR_FLAG_REPLACE;

-    HeapFree(GetProcessHeap(), 0, authorization);
+    HTTP_ProcessHeader(lpwhr, header, authorization, flags);

+    HeapFree(GetProcessHeap(), 0, authorization);
    return TRUE;
 }

 /***********************************************************************
- *  HTTP_InsertAuthorization
- *
- *   Insert the authorization field in the request header
- */
-static BOOL HTTP_InsertAuthorization( LPWININETHTTPREQW lpwhr )
-{
-    return HTTP_InsertAuthorizationForHeader(lpwhr, lpwhr->pAuthInfo, szAuthorization);
-}
-
-/***********************************************************************
- *  HTTP_InsertProxyAuthorization
- *
- *   Insert the proxy authorization field in the request header
- */
-static BOOL HTTP_InsertProxyAuthorization( LPWININETHTTPREQW lpwhr )
-{
-    return HTTP_InsertAuthorizationForHeader(lpwhr, lpwhr->pProxyAuthInfo, szProxy_Authorization);
-}
-
-/***********************************************************************
 *           HTTP_DealWithProxy
 */
 static BOOL HTTP_DealWithProxy( LPWININETAPPINFOW hIC,
@@ -2621,8 +2605,8 @@ BOOL WINAPI HTTP_HttpSendRequestW(LPWININETHTTPREQW lpwhr, LPCWSTR lpszHeaders,
                           lpwhr->hdr.dwFlags & INTERNET_FLAG_KEEP_CONNECTION ? szKeepAlive : szClose,
                           HTTP_ADDHDR_FLAG_REQ | HTTP_ADDHDR_FLAG_REPLACE);

-        HTTP_InsertAuthorization(lpwhr);
-        HTTP_InsertProxyAuthorization(lpwhr);
+        HTTP_InsertAuthorization(lpwhr, szAuthorization, !loop_next);
+        HTTP_InsertAuthorization(lpwhr, szProxy_Authorization, !loop_next);

        /* add the headers the caller supplied */
        if( lpszHeaders && dwHeaderLength )

--- a/dlls/wininet/tests/http.c
+++ b/dlls/wininet/tests/http.c
@@ -1502,7 +1502,10 @@ static void test_header_handling_order(int port)
    request = HttpOpenRequest(connect, NULL, "/test3", NULL, NULL, types, INTERNET_FLAG_KEEP_CONNECTION, 0);
    ok(request != NULL, "HttpOpenRequest failed\n");

-    ret = HttpSendRequest(request, authorization, ~0UL, NULL, 0);
+    ret = HttpAddRequestHeaders(request, authorization, ~0UL, HTTP_ADDREQ_FLAG_ADD);
+    ok(ret, "HttpAddRequestHeaders failed\n");
+
+    ret = HttpSendRequest(request, NULL, 0, NULL, 0);
    ok(ret, "HttpSendRequest failed\n");

    status = 0;