wininet: Add an exception handler in HttpOpenRequestA to protect against invalid…

wininet: Add an exception handler in HttpOpenRequestA to protect against invalid accept type pointers.

wininet: Add an exception handler in HttpOpenRequestA to protect against invalid…
bd805297 · Hans Leidekker · Alexandre Julliard · cd434dd9 · bd805297 · bd805297
Commit bd805297 authored Oct 24, 2008 by Hans Leidekker Committed by Alexandre Julliard Oct 24, 2008
Hide whitespace changes
Inline Side-by-side

Showing with 27 additions and 12 deletions

http.c dlls/wininet/http.c +26 -11

http.c dlls/wininet/tests/http.c +1 -1

No files found.
--- a/dlls/wininet/http.c
+++ b/dlls/wininet/http.c
@@ -59,6 +59,7 @@
 #include "internet.h"
 #include "wine/debug.h"
+#include "wine/exception.h"
 #include "wine/unicode.h"
 WINE_DEFAULT_DEBUG_CHANNEL(wininet);
@@ -1020,12 +1021,20 @@ HINTERNET WINAPI HttpOpenRequestA(HINTERNET hHttpSession,
        types = lpszAcceptTypes;
        while (*types)
        {
-            /* find out how many there are */
+            __TRY
-            if (((ULONG_PTR)*types >> 16) && **types)
            {
-                TRACE("accept type: %s\n", debugstr_a(*types));
+                /* find out how many there are */
-                acceptTypesCount++;
+                if (*types && **types)
+                {
+                    TRACE("accept type: %s\n", debugstr_a(*types));
+                    acceptTypesCount++;
+                }
+            }
+            __EXCEPT_PAGE_FAULT
+            {
+                WARN("invalid accept type pointer\n");
            }
+            __ENDTRY;
            types++;
        }
        szAcceptTypes = HeapAlloc(GetProcessHeap(), 0, sizeof(WCHAR *) * (acceptTypesCount+1));
@@ -1035,20 +1044,26 @@ HINTERNET WINAPI HttpOpenRequestA(HINTERNET hHttpSession,
        types = lpszAcceptTypes;
        while (*types)
        {
-            if (((ULONG_PTR)*types >> 16) && **types)
+            __TRY
            {
-                len = MultiByteToWideChar(CP_ACP, 0, *types, -1, NULL, 0 );
+                if (*types && **types)
-                szAcceptTypes[acceptTypesCount] = HeapAlloc(GetProcessHeap(), 0, len * sizeof(WCHAR));
+                {
-                if (!szAcceptTypes[acceptTypesCount]) goto end;
+                    len = MultiByteToWideChar(CP_ACP, 0, *types, -1, NULL, 0 );
+                    szAcceptTypes[acceptTypesCount] = HeapAlloc(GetProcessHeap(), 0, len * sizeof(WCHAR));
-                MultiByteToWideChar(CP_ACP, 0, *types, -1, szAcceptTypes[acceptTypesCount], len);
+                    MultiByteToWideChar(CP_ACP, 0, *types, -1, szAcceptTypes[acceptTypesCount], len);
-                acceptTypesCount++;
+                    acceptTypesCount++;
+                }
+            }
+            __EXCEPT_PAGE_FAULT
+            {
+                /* ignore invalid pointer */
            }
+            __ENDTRY;
            types++;
        }
        szAcceptTypes[acceptTypesCount] = NULL;
    }
-    else szAcceptTypes = 0;
    rc = HttpOpenRequestW(hHttpSession, szVerb, szObjectName,
                          szVersion, szReferrer,

--- a/dlls/wininet/tests/http.c
+++ b/dlls/wininet/tests/http.c
@@ -1964,7 +1964,7 @@ static void test_user_agent_header(void)
 static void test_bogus_accept_types_array(void)
 {
    HINTERNET ses, con, req;
-    static const char *types[] = { (const char *)6240, "*/*", "%p", "", "*/*", NULL };
+    static const char *types[] = { (const char *)6240, "*/*", "%p", "", (const char *)0xffffffff, "*/*", NULL };
    DWORD size;
    char buffer[32];
    BOOL ret;