wininet: Ignore invalid response headers.

100ee0ad · Hans Leidekker · Alexandre Julliard · 96b639dc · 100ee0ad · 100ee0ad
Commit 100ee0ad authored Mar 04, 2009 by Hans Leidekker Committed by Alexandre Julliard Mar 04, 2009
Hide whitespace changes
Inline Side-by-side

Showing with 61 additions and 0 deletions

http.c dlls/wininet/http.c +7 -0

http.c dlls/wininet/tests/http.c +54 -0

No files found.
--- a/dlls/wininet/http.c
+++ b/dlls/wininet/http.c
@@ -3893,6 +3893,13 @@ static INT HTTP_GetResponseHeaders(LPWININETHTTPREQW lpwhr, BOOL clear)
            LPWSTR * pFieldAndValue;

            TRACE("got line %s, now interpreting\n", debugstr_a(bufferA));
+
+            if (!bufferA[0]) break;
+            if (!strchr(bufferA, ':'))
+            {
+                WARN("invalid header\n");
+                continue;
+            }
            MultiByteToWideChar( CP_ACP, 0, bufferA, buflen, buffer, MAX_REPLY_LEN );

            while (cchRawHeaders + buflen + strlenW(szCrLf) > cchMaxRawHeaders)

--- a/dlls/wininet/tests/http.c
+++ b/dlls/wininet/tests/http.c
@@ -1305,6 +1305,12 @@ static const char noauthmsg[] =
 "WWW-Authenticate: Basic realm=\"placebo\"\r\n"
 "\r\n";

+static const char noauthmsg2[] =
+"HTTP/1.0 401 Anonymous requests or requests on unsecure channel are not allowed\r\n"
+"HTTP/1.0 401 Anonymous requests or requests on unsecure channel are not allowed"
+"\0d`0|6\n"
+"Server: winetest\r\n";
+
 static const char proxymsg[] =
 "HTTP/1.1 407 Proxy Authentication Required\r\n"
 "Server: winetest\r\n"
@@ -1488,6 +1494,10 @@ static DWORD CALLBACK server_thread(LPVOID param)
        {
            send(c, okmsg2, sizeof okmsg2-1, 0);
        }
+        if (strstr(buffer, "/testE"))
+        {
+            send(c, noauthmsg2, sizeof noauthmsg2-1, 0);
+        }
        if (strstr(buffer, "GET /quit"))
        {
            send(c, okmsg, sizeof okmsg-1, 0);
@@ -1917,6 +1927,49 @@ static void test_basic_authentication(int port)
    InternetCloseHandle(session);
 }

+static void test_invalid_response_headers(int port)
+{
+    HINTERNET session, connect, request;
+    DWORD size, status;
+    BOOL ret;
+    char buffer[256];
+
+    session = InternetOpen("winetest", INTERNET_OPEN_TYPE_DIRECT, NULL, NULL, 0);
+    ok(session != NULL, "InternetOpen failed\n");
+
+    connect = InternetConnect(session, "localhost", port, NULL, NULL, INTERNET_SERVICE_HTTP, 0, 0);
+    ok(connect != NULL, "InternetConnect failed\n");
+
+    request = HttpOpenRequest(connect, NULL, "/testE", NULL, NULL, NULL, 0, 0);
+    ok(request != NULL, "HttpOpenRequest failed\n");
+
+    ret = HttpSendRequest(request, NULL, 0, NULL, 0);
+    ok(ret, "HttpSendRequest failed %u\n", GetLastError());
+
+    status = 0;
+    size = sizeof(status);
+    ret = HttpQueryInfo( request, HTTP_QUERY_STATUS_CODE | HTTP_QUERY_FLAG_NUMBER, &status, &size, NULL );
+    ok(ret, "HttpQueryInfo failed\n");
+    ok(status == 401, "unexpected status %u\n", status);
+
+    buffer[0] = 0;
+    size = sizeof(buffer);
+    ret = HttpQueryInfo( request, HTTP_QUERY_RAW_HEADERS, buffer, &size, NULL);
+    ok(ret, "HttpQueryInfo failed\n");
+    ok(!strcmp(buffer, "HTTP/1.0 401 Anonymous requests or requests on unsecure channel are not allowed"),
+       "headers wrong \"%s\"\n", buffer);
+
+    buffer[0] = 0;
+    size = sizeof(buffer);
+    ret = HttpQueryInfo( request, HTTP_QUERY_SERVER, buffer, &size, NULL);
+    ok(ret, "HttpQueryInfo failed\n");
+    ok(!strcmp(buffer, "winetest"), "server wrong \"%s\"\n", buffer);
+
+    InternetCloseHandle(request);
+    InternetCloseHandle(connect);
+    InternetCloseHandle(session);
+}
+
 static void test_HttpQueryInfo(int port)
 {
    HINTERNET hi, hc, hr;
@@ -2050,6 +2103,7 @@ static void test_http_connection(void)
    test_http1_1(si.port);
    test_cookie_header(si.port);
    test_basic_authentication(si.port);
+    test_invalid_response_headers(si.port);
    test_HttpQueryInfo(si.port);
    test_HttpSendRequestW(si.port);