mshtml: Don't add null byte to post data.

dlls/mshtml/navigate.c

@@ -399,7 +399,7 @@ static void parse_post_data(nsIInputStream *post_data_stream, LPWSTR *headers_re
     HGLOBAL post_data = NULL;
     LPWSTR headers = NULL;
     DWORD headers_len = 0, len;
-    const char *ptr, *ptr2;
+    const char *ptr, *ptr2, *post_data_end;
 
     nsIInputStream_Available(post_data_stream, &available);
     post_data = GlobalAlloc(0, available+1);
@@ -408,9 +408,10 @@ static void parse_post_data(nsIInputStream *post_data_stream, LPWSTR *headers_re
     TRACE("post_data = %s\n", debugstr_an(post_data, post_data_len));
 
     ptr = ptr2 = post_data;
+    post_data_end = (const char*)post_data+post_data_len;
 
-    while(*ptr && (*ptr != '\r' || ptr[1] != '\n')) {
-        while(*ptr && (*ptr != '\r' || ptr[1] != '\n'))
+    while(ptr < post_data_end && (*ptr != '\r' || ptr[1] != '\n')) {
+        while(ptr < post_data_end && (*ptr != '\r' || ptr[1] != '\n'))
             ptr++;
 
         if(!*ptr) {
@@ -445,24 +446,21 @@ static void parse_post_data(nsIInputStream *post_data_stream, LPWSTR *headers_re
     headers[headers_len] = 0;
     *headers_ret = headers;
 
-    if(*ptr)
-        ptr += 2;
-
-    if(!*ptr || !(ptr-(const char*)post_data)) {
+    if(ptr >= post_data_end-2) {
         GlobalFree(post_data);
         return;
     }
 
+    ptr += 2;
+
     if(headers_len) {
         post_data_len -= ptr-(const char*)post_data;
         memmove(post_data, ptr, post_data_len);
         post_data = GlobalReAlloc(post_data, post_data_len+1, 0);
     }
 
-    *((PBYTE)post_data+post_data_len) = 0;
-
     *post_data_ret = post_data;
-    *post_data_len_ret = post_data_len+1;
+    *post_data_len_ret = post_data_len;
 }
 
 void hlink_frame_navigate(NSContainer *container, IHlinkFrame *hlink_frame,
@@ -478,7 +476,8 @@ void hlink_frame_navigate(NSContainer *container, IHlinkFrame *hlink_frame,
 
     if(post_data_stream) {
         parse_post_data(post_data_stream, &headers, &post_data, &post_data_len);
-        TRACE("headers = %s post_data = %s\n", debugstr_w(headers), debugstr_a(post_data));
+        TRACE("headers = %s post_data = %s\n", debugstr_w(headers),
+              debugstr_an(post_data, post_data_len));
     }
 
     callback = BSCallback_Create(container->doc, uri, post_data, post_data_len, headers);

dlls/mshtml/persist.c

@@ -332,10 +332,10 @@ static nsIInputStream *get_post_data_stream(IBindCtx *bctx)
     hres = IBindStatusCallback_GetBindInfo(callback, &bindf, &bindinfo);
 
     if(SUCCEEDED(hres) && bindinfo.dwBindVerb == BINDVERB_POST)
-        post_len = bindinfo.cbStgmedData-1;
+        post_len = bindinfo.cbStgmedData;
 
     if(headers_len || post_len) {
-        int len = headers_len;
+        int len = headers_len ? headers_len-1 : 0;
 
         static const char content_length[] = "Content-Length: %lu\r\n\r\n";
 
@@ -347,7 +347,7 @@ static nsIInputStream *get_post_data_stream(IBindCtx *bctx)
         }
 
         if(post_len) {
-            sprintf(data+headers_len-1, content_length, post_len);
+            sprintf(data+len, content_length, post_len);
             len = strlen(data);
 
             memcpy(data+len, bindinfo.stgmedData.u.hGlobal, post_len);
@@ -355,7 +355,7 @@ static nsIInputStream *get_post_data_stream(IBindCtx *bctx)
 
         TRACE("data = %s\n", debugstr_an(data, len+post_len));
 
-        ret = create_nsstream(data, strlen(data));
+        ret = create_nsstream(data, len+post_len);
     }
 
     ReleaseBindInfo(&bindinfo);
@@ -438,7 +438,7 @@ static HRESULT WINAPI PersistMoniker_Load(IPersistMoniker *iface, BOOL fFullyAva
          * it (to do so we'd have to use not frozen interfaces)?
          */
 
-        nsIInputStream *post_data_stream = get_post_data_stream(pibc);;
+        nsIInputStream *post_data_stream = get_post_data_stream(pibc);
 
         This->nscontainer->load_call = TRUE;
         nsres = nsIWebNavigation_LoadURI(This->nscontainer->navigation, url,