winhttp: Set required buffer length for all components in WinHttpCrackUrl.

Signed-off-by: Hans Leidekker <hans@codeweavers.com> Signed-off-by: Alexandre Julliard <julliard@winehq.org>

winhttp: Set required buffer length for all components in WinHttpCrackUrl.
1d07f898 · Hans Leidekker · Alexandre Julliard · ac2ad35d · 1d07f898 · 1d07f898
Commit 1d07f898 authored Aug 16, 2016 by Hans Leidekker Committed by Alexandre Julliard Aug 16, 2016
Hide whitespace changes
Inline Side-by-side

Showing with 124 additions and 64 deletions

url.c dlls/winhttp/tests/url.c +35 -14

url.c dlls/winhttp/url.c +89 -50

No files found.
--- a/dlls/winhttp/tests/url.c
+++ b/dlls/winhttp/tests/url.c
@@ -330,12 +330,7 @@ static void WinHttpCrackUrl_test( void )
    BOOL ret;

    /* buffers of sufficient length */
-    scheme[0] = 0;
-    user[0] = 0;
-    pass[0] = 0;
-    host[0] = 0;
-    path[0] = 0;
-    extra[0] = 0;
+    scheme[0] = user[0] = pass[0] = host[0] = path[0] = extra[0] = 0;

    uc.dwStructSize = sizeof(URL_COMPONENTS);
    uc.nScheme = 0;
@@ -370,23 +365,24 @@ static void WinHttpCrackUrl_test( void )
    ok( !memcmp( uc.lpszExtraInfo, query, sizeof(query) ), "unexpected extra info: %s\n", wine_dbgstr_w(uc.lpszExtraInfo) );
    ok( uc.dwExtraInfoLength == 6, "unexpected extra info length: %u\n", uc.dwExtraInfoLength );

-    /* buffer of insufficient length */
-    scheme[0] = 0;
-    uc.dwSchemeLength = 1;
-
+    /* buffers of insufficient length */
+    uc.dwSchemeLength   = 1;
+    uc.dwHostNameLength = 1;
+    uc.dwUrlPathLength  = 40; /* sufficient */
    SetLastError( 0xdeadbeef );
    ret = WinHttpCrackUrl( url1, 0, 0, &uc );
    error = GetLastError();
    ok( !ret, "WinHttpCrackUrl succeeded\n" );
    ok( error == ERROR_INSUFFICIENT_BUFFER, "got %u, expected ERROR_INSUFFICIENT_BUFFER\n", error );
    ok( uc.dwSchemeLength == 5, "unexpected scheme length: %u\n", uc.dwSchemeLength );
+    ok( uc.dwHostNameLength == 15, "unexpected hostname length: %u\n", uc.dwHostNameLength );
+    ok( uc.dwUrlPathLength == 11, "unexpected path length: %u\n", uc.dwUrlPathLength );

    /* no buffers */
    reset_url_components( &uc );
    SetLastError( 0xdeadbeef );
-    ret = WinHttpCrackUrl( url_k1, 0, 0,&uc);
+    ret = WinHttpCrackUrl( url_k1, 0, 0, &uc);
    error = GetLastError();
-
    ok( ret, "WinHttpCrackUrl failed le=%u\n", error );
    ok( error == ERROR_SUCCESS || broken(error == ERROR_INVALID_PARAMETER) /* < win7 */,
        "got %u, expected ERROR_SUCCESS\n", error );
@@ -407,7 +403,6 @@ static void WinHttpCrackUrl_test( void )

    reset_url_components( &uc );
    ret = WinHttpCrackUrl( url_k2, 0, 0,&uc);
-
    ok( ret, "WinHttpCrackUrl failed le=%u\n", GetLastError() );
    ok( uc.nScheme == INTERNET_SCHEME_HTTP, "unexpected scheme\n" );
    ok( uc.lpszScheme == url_k2, "unexpected scheme\n" );
@@ -426,7 +421,6 @@ static void WinHttpCrackUrl_test( void )

    reset_url_components( &uc );
    ret = WinHttpCrackUrl( url_k3, 0, 0, &uc );
-
    ok( ret, "WinHttpCrackUrl failed le=%u\n", GetLastError() );
    ok( uc.nScheme == INTERNET_SCHEME_HTTPS, "unexpected scheme\n" );
    ok( uc.lpszScheme == url_k3, "unexpected scheme\n" );
@@ -445,24 +439,39 @@ static void WinHttpCrackUrl_test( void )

    /* bad parameters */
    reset_url_components( &uc );
+    SetLastError( 0xdeadbeef );
    ret = WinHttpCrackUrl( url_k4, 0, 0, &uc );
    ok( !ret, "WinHttpCrackUrl succeeded\n" );
+    error = GetLastError();
+    ok( error == ERROR_WINHTTP_INVALID_URL, "got %u\n", error );

    reset_url_components( &uc );
+    SetLastError( 0xdeadbeef );
    ret = WinHttpCrackUrl( url_k5, 0, 0, &uc );
    ok( !ret, "WinHttpCrackUrl succeeded\n" );
+    error = GetLastError();
+    ok( error == ERROR_WINHTTP_INVALID_URL, "got %u\n", error );

    reset_url_components( &uc );
+    SetLastError( 0xdeadbeef );
    ret = WinHttpCrackUrl( url_k6, 0, 0, &uc );
    ok( !ret, "WinHttpCrackUrl succeeded\n" );
+    error = GetLastError();
+    ok( error == ERROR_WINHTTP_UNRECOGNIZED_SCHEME, "got %u\n", error );

    reset_url_components( &uc );
+    SetLastError( 0xdeadbeef );
    ret = WinHttpCrackUrl( url_k7, 0, 0, &uc );
    ok( !ret, "WinHttpCrackUrl succeeded\n" );
+    error = GetLastError();
+    ok( error == ERROR_WINHTTP_UNRECOGNIZED_SCHEME, "got %u\n", error );

    reset_url_components( &uc );
+    SetLastError( 0xdeadbeef );
    ret = WinHttpCrackUrl( url_k8, 0, 0, &uc );
+    error = GetLastError();
    ok( !ret, "WinHttpCrackUrl succeeded\n" );
+    ok( error == ERROR_WINHTTP_UNRECOGNIZED_SCHEME, "got %u\n", error );

    reset_url_components( &uc );
    ret = WinHttpCrackUrl( url_k9, 0, 0, &uc );
@@ -484,18 +493,30 @@ static void WinHttpCrackUrl_test( void )
    ok( uc.dwExtraInfoLength == 0, "unexpected extra info length: %u\n", uc.dwExtraInfoLength );

    reset_url_components( &uc );
+    SetLastError( 0xdeadbeef );
    ret = WinHttpCrackUrl( url4, 0, 0, &uc );
+    error = GetLastError();
    ok( !ret, "WinHttpCrackUrl succeeded\n" );
+    ok( error == ERROR_WINHTTP_INVALID_URL, "got %u\n", error );

    reset_url_components( &uc );
+    SetLastError( 0xdeadbeef );
    ret = WinHttpCrackUrl( empty, 0, 0, &uc );
+    error = GetLastError();
    ok( !ret, "WinHttpCrackUrl succeeded\n" );
+    ok( error == ERROR_WINHTTP_UNRECOGNIZED_SCHEME, "got %u\n", error );

+    SetLastError( 0xdeadbeef );
    ret = WinHttpCrackUrl( url1, 0, 0, NULL );
+    error = GetLastError();
    ok( !ret, "WinHttpCrackUrl succeeded\n" );
+    ok( error == ERROR_INVALID_PARAMETER, "got %u\n", error );

+    SetLastError( 0xdeadbeef );
    ret = WinHttpCrackUrl( NULL, 0, 0, &uc );
+    error = GetLastError();
    ok( !ret, "WinHttpCrackUrl succeeded\n" );
+    ok( error == ERROR_INVALID_PARAMETER, "got %u\n", error );

    /* decoding without buffers */
    reset_url_components( &uc );

--- a/dlls/winhttp/url.c
+++ b/dlls/winhttp/url.c
@@ -34,37 +34,28 @@ WINE_DEFAULT_DEBUG_CHANNEL(winhttp);
 static const WCHAR scheme_http[] = {'h','t','t','p',0};
 static const WCHAR scheme_https[] = {'h','t','t','p','s',0};

-static BOOL set_component( WCHAR **str, DWORD *str_len, WCHAR *value, DWORD len, DWORD flags )
+static DWORD set_component( WCHAR **str, DWORD *str_len, WCHAR *value, DWORD len, DWORD flags )
 {
-    if (*str && !*str_len)
-    {
-        set_last_error( ERROR_INVALID_PARAMETER );
-        return FALSE;
-    }
-    if (!*str_len) return TRUE;
+    if (*str && !*str_len) return ERROR_INVALID_PARAMETER;
+    if (!*str_len) return ERROR_SUCCESS;
    if (!*str)
    {
-        if (len && *str_len && (flags & (ICU_DECODE|ICU_ESCAPE)))
-        {
-            set_last_error( ERROR_INVALID_PARAMETER );
-            return FALSE;
-        }
+        if (len && *str_len && (flags & (ICU_DECODE|ICU_ESCAPE))) return ERROR_INVALID_PARAMETER;
        *str = value;
        *str_len = len;
    }
    else
    {
-        if (len > (*str_len) - 1)
+        if (len >= *str_len)
        {
-            *str_len = len + 1;
-            set_last_error( ERROR_INSUFFICIENT_BUFFER );
-            return FALSE;
+            *str_len = len;
+            return ERROR_SUCCESS;
        }
        memcpy( *str, value, len * sizeof(WCHAR) );
        (*str)[len] = 0;
        *str_len = len;
    }
-    return TRUE;
+    return ERROR_SUCCESS;
 }

 static WCHAR *decode_url( LPCWSTR url, DWORD *len )
@@ -177,8 +168,8 @@ static WCHAR *escape_url( LPCWSTR url, DWORD *len )
 */
 BOOL WINAPI WinHttpCrackUrl( LPCWSTR url, DWORD len, DWORD flags, LPURL_COMPONENTSW uc )
 {
-    BOOL ret = FALSE;
    WCHAR *p, *q, *r, *url_decoded = NULL, *url_escaped = NULL;
+    DWORD err, scheme_len, user_len, passwd_len, host_len, path_len, extra_len;
    INTERNET_SCHEME scheme = 0;

    TRACE("%s, %d, %x, %p\n", debugstr_w(url), len, flags, uc);
@@ -189,6 +180,12 @@ BOOL WINAPI WinHttpCrackUrl( LPCWSTR url, DWORD len, DWORD flags, LPURL_COMPONEN
        return FALSE;
    }
    if (!len) len = strlenW( url );
+    scheme_len = uc->dwSchemeLength;
+    host_len   = uc->dwHostNameLength;
+    user_len   = uc->dwUserNameLength;
+    passwd_len = uc->dwPasswordLength;
+    path_len   = uc->dwUrlPathLength;
+    extra_len  = uc->dwExtraInfoLength;

    if (flags & ICU_ESCAPE)
    {
@@ -217,95 +214,137 @@ BOOL WINAPI WinHttpCrackUrl( LPCWSTR url, DWORD len, DWORD flags, LPURL_COMPONEN
    else if (p - url == 5 && !strncmpiW( url, scheme_https, 5 )) scheme = INTERNET_SCHEME_HTTPS;
    else
    {
-        set_last_error( ERROR_WINHTTP_UNRECOGNIZED_SCHEME );
+        err = ERROR_WINHTTP_UNRECOGNIZED_SCHEME;
        goto exit;
    }
-    if (!(set_component( &uc->lpszScheme, &uc->dwSchemeLength, (WCHAR *)url, p - url, flags ))) goto exit;
+
+    if ((err = set_component( &uc->lpszScheme, &scheme_len, (WCHAR *)url, p - url, flags ))) goto exit;

    p++; /* skip ':' */
-    if (!p[0] || p[0] != '/' || p[1] != '/') goto exit;
+    if (!p[0] || p[0] != '/' || p[1] != '/')
+    {
+        err = ERROR_WINHTTP_INVALID_URL;
+        goto exit;
+    }
    p += 2;
-
-    if (!p[0]) goto exit;
+    if (!p[0])
+    {
+        err = ERROR_WINHTTP_INVALID_URL;
+        goto exit;
+    }
    if ((q = memchrW( p, '@', len - (p - url) )) && !(memchrW( p, '/', q - p )))
    {
        if ((r = memchrW( p, ':', q - p )))
        {
-            if (!(set_component( &uc->lpszUserName, &uc->dwUserNameLength, p, r - p, flags ))) goto exit;
+            if ((err = set_component( &uc->lpszUserName, &user_len, p, r - p, flags ))) goto exit;
            r++;
-            if (!(set_component( &uc->lpszPassword, &uc->dwPasswordLength, r, q - r, flags ))) goto exit;
+            if ((err = set_component( &uc->lpszPassword, &passwd_len, r, q - r, flags ))) goto exit;
        }
        else
        {
-            if (!(set_component( &uc->lpszUserName, &uc->dwUserNameLength, p, q - p, flags ))) goto exit;
-            if (!(set_component( &uc->lpszPassword, &uc->dwPasswordLength, NULL, 0, flags ))) goto exit;
+            if ((err = set_component( &uc->lpszUserName, &user_len, p, q - p, flags ))) goto exit;
+            if ((err = set_component( &uc->lpszPassword, &passwd_len, NULL, 0, flags ))) goto exit;
        }
        p = q + 1;
    }
    else
    {
-        if (!(set_component( &uc->lpszUserName, &uc->dwUserNameLength, NULL, 0, flags ))) goto exit;
-        if (!(set_component( &uc->lpszPassword, &uc->dwPasswordLength, NULL, 0, flags ))) goto exit;
+        if ((err = set_component( &uc->lpszUserName, &user_len, NULL, 0, flags ))) goto exit;
+        if ((err = set_component( &uc->lpszPassword, &passwd_len, NULL, 0, flags ))) goto exit;
    }
    if ((q = memchrW( p, '/', len - (p - url) )))
    {
        if ((r = memchrW( p, ':', q - p )))
        {
-            if (!(set_component( &uc->lpszHostName, &uc->dwHostNameLength, p, r - p, flags ))) goto exit;
+            if ((err = set_component( &uc->lpszHostName, &host_len, p, r - p, flags ))) goto exit;
            r++;
            uc->nPort = atoiW( r );
        }
        else
        {
-            if (!(set_component( &uc->lpszHostName, &uc->dwHostNameLength, p, q - p, flags ))) goto exit;
+            if ((err = set_component( &uc->lpszHostName, &host_len, p, q - p, flags ))) goto exit;
            if (scheme == INTERNET_SCHEME_HTTP) uc->nPort = INTERNET_DEFAULT_HTTP_PORT;
            if (scheme == INTERNET_SCHEME_HTTPS) uc->nPort = INTERNET_DEFAULT_HTTPS_PORT;
        }

        if ((r = memchrW( q, '?', len - (q - url) )))
        {
-            if (!(set_component( &uc->lpszUrlPath, &uc->dwUrlPathLength, q, r - q, flags ))) goto exit;
-            if (!(set_component( &uc->lpszExtraInfo, &uc->dwExtraInfoLength, r, len - (r - url), flags ))) goto exit;
+            if ((err = set_component( &uc->lpszUrlPath, &path_len, q, r - q, flags ))) goto exit;
+            if ((err = set_component( &uc->lpszExtraInfo, &extra_len, r, len - (r - url), flags ))) goto exit;
        }
        else
        {
-            if (!(set_component( &uc->lpszUrlPath, &uc->dwUrlPathLength, q, len - (q - url), flags ))) goto exit;
-            if (!(set_component( &uc->lpszExtraInfo, &uc->dwExtraInfoLength, (WCHAR *)url + len, 0, flags ))) goto exit;
+            if ((err = set_component( &uc->lpszUrlPath, &path_len, q, len - (q - url), flags ))) goto exit;
+            if ((err = set_component( &uc->lpszExtraInfo, &extra_len, (WCHAR *)url + len, 0, flags ))) goto exit;
        }
    }
    else
    {
        if ((r = memchrW( p, ':', len - (p - url) )))
        {
-            if (!(set_component( &uc->lpszHostName, &uc->dwHostNameLength, p, r - p, flags ))) goto exit;
+            if ((err = set_component( &uc->lpszHostName, &host_len, p, r - p, flags ))) goto exit;
            r++;
            uc->nPort = atoiW( r );
        }
        else
        {
-            if (!(set_component( &uc->lpszHostName, &uc->dwHostNameLength, p, len - (p - url), flags ))) goto exit;
+            if ((err = set_component( &uc->lpszHostName, &host_len, p, len - (p - url), flags ))) goto exit;
            if (scheme == INTERNET_SCHEME_HTTP) uc->nPort = INTERNET_DEFAULT_HTTP_PORT;
            if (scheme == INTERNET_SCHEME_HTTPS) uc->nPort = INTERNET_DEFAULT_HTTPS_PORT;
        }
-        if (!(set_component( &uc->lpszUrlPath, &uc->dwUrlPathLength, (WCHAR *)url + len, 0, flags ))) goto exit;
-        if (!(set_component( &uc->lpszExtraInfo, &uc->dwExtraInfoLength, (WCHAR *)url + len, 0, flags ))) goto exit;
+        if ((err = set_component( &uc->lpszUrlPath, &path_len, (WCHAR *)url + len, 0, flags ))) goto exit;
+        if ((err = set_component( &uc->lpszExtraInfo, &extra_len, (WCHAR *)url + len, 0, flags ))) goto exit;
    }

-    ret = TRUE;
-
-    TRACE("scheme(%s) host(%s) port(%d) path(%s) extra(%s)\n",
-          debugstr_wn( uc->lpszScheme, uc->dwSchemeLength ),
-          debugstr_wn( uc->lpszHostName, uc->dwHostNameLength ),
-          uc->nPort,
-          debugstr_wn( uc->lpszUrlPath, uc->dwUrlPathLength ),
-          debugstr_wn( uc->lpszExtraInfo, uc->dwExtraInfoLength ));
+    TRACE("scheme(%s) host(%s) port(%d) path(%s) extra(%s)\n", debugstr_wn( uc->lpszScheme, scheme_len ),
+          debugstr_wn( uc->lpszHostName, host_len ), uc->nPort, debugstr_wn( uc->lpszUrlPath, path_len ),
+          debugstr_wn( uc->lpszExtraInfo, extra_len ));

 exit:
-    if (ret) uc->nScheme = scheme;
+    if (!err)
+    {
+        if (uc->lpszScheme && uc->dwSchemeLength <= scheme_len)
+        {
+            scheme_len++;
+            err = ERROR_INSUFFICIENT_BUFFER;
+        }
+        if (uc->lpszHostName && uc->dwHostNameLength <= host_len)
+        {
+            host_len++;
+            err = ERROR_INSUFFICIENT_BUFFER;
+        }
+        if (uc->lpszUserName && uc->dwUserNameLength <= user_len)
+        {
+            user_len++;
+            err = ERROR_INSUFFICIENT_BUFFER;
+        }
+        if (uc->lpszPassword && uc->dwPasswordLength <= passwd_len)
+        {
+            passwd_len++;
+            err = ERROR_INSUFFICIENT_BUFFER;
+        }
+        if (uc->lpszUrlPath && uc->dwUrlPathLength <= path_len)
+        {
+            path_len++;
+            err = ERROR_INSUFFICIENT_BUFFER;
+        }
+        if (uc->lpszExtraInfo && uc->dwExtraInfoLength <= extra_len)
+        {
+            extra_len++;
+            err = ERROR_INSUFFICIENT_BUFFER;
+        }
+        uc->nScheme           = scheme;
+        uc->dwSchemeLength    = scheme_len;
+        uc->dwHostNameLength  = host_len;
+        uc->dwUserNameLength  = user_len;
+        uc->dwPasswordLength  = passwd_len;
+        uc->dwUrlPathLength   = path_len;
+        uc->dwExtraInfoLength = extra_len;
+    }
    heap_free( url_decoded );
    heap_free( url_escaped );
-    if (ret) set_last_error( ERROR_SUCCESS );
-    return ret;
+    set_last_error( err );
+    return !err;
 }

 static INTERNET_SCHEME get_scheme( const WCHAR *scheme, DWORD len )