Skip to content
Projects
Groups
Snippets
Help
This project
Loading...
Sign in / Register
Toggle navigation
W
wine-winehq
Project
Project
Details
Activity
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Board
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Charts
Registry
Registry
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
wine
wine-winehq
Commits
73c107fd
Commit
73c107fd
authored
Sep 17, 2021
by
Hans Leidekker
Committed by
Alexandre Julliard
Sep 17, 2021
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
winhttp: Consistently validate the buffer in option query functions.
Signed-off-by:
Hans Leidekker
<
hans@codeweavers.com
>
Signed-off-by:
Alexandre Julliard
<
julliard@winehq.org
>
parent
1a070932
Hide whitespace changes
Inline
Side-by-side
Showing
1 changed file
with
54 additions
and
49 deletions
+54
-49
session.c
dlls/winhttp/session.c
+54
-49
No files found.
dlls/winhttp/session.c
View file @
73c107fd
...
...
@@ -82,6 +82,17 @@ static void session_destroy( struct object_header *hdr )
free
(
session
);
}
static
BOOL
validate_buffer
(
void
*
buffer
,
DWORD
*
buflen
,
DWORD
required
)
{
if
(
!
buffer
||
*
buflen
<
required
)
{
*
buflen
=
required
;
SetLastError
(
ERROR_INSUFFICIENT_BUFFER
);
return
FALSE
;
}
return
TRUE
;
}
static
BOOL
session_query_option
(
struct
object_header
*
hdr
,
DWORD
option
,
void
*
buffer
,
DWORD
*
buflen
)
{
struct
session
*
session
=
(
struct
session
*
)
hdr
;
...
...
@@ -90,38 +101,43 @@ static BOOL session_query_option( struct object_header *hdr, DWORD option, void
{
case
WINHTTP_OPTION_REDIRECT_POLICY
:
{
if
(
!
buffer
||
*
buflen
<
sizeof
(
DWORD
))
{
*
buflen
=
sizeof
(
DWORD
);
SetLastError
(
ERROR_INSUFFICIENT_BUFFER
);
return
FALSE
;
}
if
(
!
validate_buffer
(
buffer
,
buflen
,
sizeof
(
DWORD
)
))
return
FALSE
;
*
(
DWORD
*
)
buffer
=
hdr
->
redirect_policy
;
*
buflen
=
sizeof
(
DWORD
);
return
TRUE
;
}
case
WINHTTP_OPTION_RESOLVE_TIMEOUT
:
if
(
!
validate_buffer
(
buffer
,
buflen
,
sizeof
(
DWORD
)
))
return
FALSE
;
*
(
DWORD
*
)
buffer
=
session
->
resolve_timeout
;
*
buflen
=
sizeof
(
DWORD
);
return
TRUE
;
case
WINHTTP_OPTION_CONNECT_TIMEOUT
:
if
(
!
validate_buffer
(
buffer
,
buflen
,
sizeof
(
DWORD
)
))
return
FALSE
;
*
(
DWORD
*
)
buffer
=
session
->
connect_timeout
;
*
buflen
=
sizeof
(
DWORD
);
return
TRUE
;
case
WINHTTP_OPTION_SEND_TIMEOUT
:
if
(
!
validate_buffer
(
buffer
,
buflen
,
sizeof
(
DWORD
)
))
return
FALSE
;
*
(
DWORD
*
)
buffer
=
session
->
send_timeout
;
*
buflen
=
sizeof
(
DWORD
);
return
TRUE
;
case
WINHTTP_OPTION_RECEIVE_TIMEOUT
:
if
(
!
validate_buffer
(
buffer
,
buflen
,
sizeof
(
DWORD
)
))
return
FALSE
;
*
(
DWORD
*
)
buffer
=
session
->
receive_timeout
;
*
buflen
=
sizeof
(
DWORD
);
return
TRUE
;
case
WINHTTP_OPTION_RECEIVE_RESPONSE_TIMEOUT
:
if
(
!
validate_buffer
(
buffer
,
buflen
,
sizeof
(
DWORD
)
))
return
FALSE
;
*
(
DWORD
*
)
buffer
=
session
->
receive_response_timeout
;
*
buflen
=
sizeof
(
DWORD
);
return
TRUE
;
...
...
@@ -314,38 +330,43 @@ static BOOL connect_query_option( struct object_header *hdr, DWORD option, void
{
case
WINHTTP_OPTION_PARENT_HANDLE
:
{
if
(
!
buffer
||
*
buflen
<
sizeof
(
HINTERNET
))
{
*
buflen
=
sizeof
(
HINTERNET
);
SetLastError
(
ERROR_INSUFFICIENT_BUFFER
);
return
FALSE
;
}
if
(
!
validate_buffer
(
buffer
,
buflen
,
sizeof
(
HINTERNET
)
))
return
FALSE
;
*
(
HINTERNET
*
)
buffer
=
((
struct
object_header
*
)
connect
->
session
)
->
handle
;
*
buflen
=
sizeof
(
HINTERNET
);
return
TRUE
;
}
case
WINHTTP_OPTION_RESOLVE_TIMEOUT
:
if
(
!
validate_buffer
(
buffer
,
buflen
,
sizeof
(
DWORD
)
))
return
FALSE
;
*
(
DWORD
*
)
buffer
=
connect
->
session
->
resolve_timeout
;
*
buflen
=
sizeof
(
DWORD
);
return
TRUE
;
case
WINHTTP_OPTION_CONNECT_TIMEOUT
:
if
(
!
validate_buffer
(
buffer
,
buflen
,
sizeof
(
DWORD
)
))
return
FALSE
;
*
(
DWORD
*
)
buffer
=
connect
->
session
->
connect_timeout
;
*
buflen
=
sizeof
(
DWORD
);
return
TRUE
;
case
WINHTTP_OPTION_SEND_TIMEOUT
:
if
(
!
validate_buffer
(
buffer
,
buflen
,
sizeof
(
DWORD
)
))
return
FALSE
;
*
(
DWORD
*
)
buffer
=
connect
->
session
->
send_timeout
;
*
buflen
=
sizeof
(
DWORD
);
return
TRUE
;
case
WINHTTP_OPTION_RECEIVE_TIMEOUT
:
if
(
!
validate_buffer
(
buffer
,
buflen
,
sizeof
(
DWORD
)
))
return
FALSE
;
*
(
DWORD
*
)
buffer
=
connect
->
session
->
receive_timeout
;
*
buflen
=
sizeof
(
DWORD
);
return
TRUE
;
case
WINHTTP_OPTION_RECEIVE_RESPONSE_TIMEOUT
:
if
(
!
validate_buffer
(
buffer
,
buflen
,
sizeof
(
DWORD
)
))
return
FALSE
;
*
(
DWORD
*
)
buffer
=
connect
->
session
->
receive_response_timeout
;
*
buflen
=
sizeof
(
DWORD
);
return
TRUE
;
...
...
@@ -669,12 +690,7 @@ static BOOL request_query_option( struct object_header *hdr, DWORD option, void
DWORD
flags
;
int
bits
;
if
(
!
buffer
||
*
buflen
<
sizeof
(
flags
))
{
*
buflen
=
sizeof
(
flags
);
SetLastError
(
ERROR_INSUFFICIENT_BUFFER
);
return
FALSE
;
}
if
(
!
validate_buffer
(
buffer
,
buflen
,
sizeof
(
flags
)
))
return
FALSE
;
flags
=
request
->
security_flags
;
if
(
request
->
netconn
)
...
...
@@ -695,12 +711,7 @@ static BOOL request_query_option( struct object_header *hdr, DWORD option, void
{
const
CERT_CONTEXT
*
cert
;
if
(
!
buffer
||
*
buflen
<
sizeof
(
cert
))
{
*
buflen
=
sizeof
(
cert
);
SetLastError
(
ERROR_INSUFFICIENT_BUFFER
);
return
FALSE
;
}
if
(
!
validate_buffer
(
buffer
,
buflen
,
sizeof
(
cert
)
))
return
FALSE
;
if
(
!
(
cert
=
CertDuplicateCertificateContext
(
request
->
server_cert
)))
return
FALSE
;
*
(
CERT_CONTEXT
**
)
buffer
=
(
CERT_CONTEXT
*
)
cert
;
...
...
@@ -715,13 +726,7 @@ static BOOL request_query_option( struct object_header *hdr, DWORD option, void
FIXME
(
"partial stub
\n
"
);
if
(
!
buffer
||
*
buflen
<
sizeof
(
*
ci
))
{
*
buflen
=
sizeof
(
*
ci
);
SetLastError
(
ERROR_INSUFFICIENT_BUFFER
);
return
FALSE
;
}
if
(
!
cert
)
return
FALSE
;
if
(
!
validate_buffer
(
buffer
,
buflen
,
sizeof
(
*
ci
)
)
||
!
cert
)
return
FALSE
;
ci
->
ftExpiry
=
cert
->
pCertInfo
->
NotAfter
;
ci
->
ftStart
=
cert
->
pCertInfo
->
NotBefore
;
...
...
@@ -741,12 +746,7 @@ static BOOL request_query_option( struct object_header *hdr, DWORD option, void
}
case
WINHTTP_OPTION_SECURITY_KEY_BITNESS
:
{
if
(
!
buffer
||
*
buflen
<
sizeof
(
DWORD
))
{
*
buflen
=
sizeof
(
DWORD
);
SetLastError
(
ERROR_INSUFFICIENT_BUFFER
);
return
FALSE
;
}
if
(
!
validate_buffer
(
buffer
,
buflen
,
sizeof
(
DWORD
)
))
return
FALSE
;
*
(
DWORD
*
)
buffer
=
request
->
netconn
?
netconn_get_cipher_strength
(
request
->
netconn
)
:
0
;
*
buflen
=
sizeof
(
DWORD
);
...
...
@@ -759,12 +759,8 @@ static BOOL request_query_option( struct object_header *hdr, DWORD option, void
socklen_t
len
=
sizeof
(
local
);
const
struct
sockaddr
*
remote
=
(
const
struct
sockaddr
*
)
&
request
->
connect
->
sockaddr
;
if
(
!
buffer
||
*
buflen
<
sizeof
(
*
info
))
{
*
buflen
=
sizeof
(
*
info
);
SetLastError
(
ERROR_INSUFFICIENT_BUFFER
);
return
FALSE
;
}
if
(
!
validate_buffer
(
buffer
,
buflen
,
sizeof
(
*
info
)
))
return
FALSE
;
if
(
!
request
->
netconn
)
{
SetLastError
(
ERROR_WINHTTP_INCORRECT_HANDLE_STATE
);
...
...
@@ -777,26 +773,36 @@ static BOOL request_query_option( struct object_header *hdr, DWORD option, void
return
TRUE
;
}
case
WINHTTP_OPTION_RESOLVE_TIMEOUT
:
if
(
!
validate_buffer
(
buffer
,
buflen
,
sizeof
(
DWORD
)
))
return
FALSE
;
*
(
DWORD
*
)
buffer
=
request
->
resolve_timeout
;
*
buflen
=
sizeof
(
DWORD
);
return
TRUE
;
case
WINHTTP_OPTION_CONNECT_TIMEOUT
:
if
(
!
validate_buffer
(
buffer
,
buflen
,
sizeof
(
DWORD
)
))
return
FALSE
;
*
(
DWORD
*
)
buffer
=
request
->
connect_timeout
;
*
buflen
=
sizeof
(
DWORD
);
return
TRUE
;
case
WINHTTP_OPTION_SEND_TIMEOUT
:
if
(
!
validate_buffer
(
buffer
,
buflen
,
sizeof
(
DWORD
)
))
return
FALSE
;
*
(
DWORD
*
)
buffer
=
request
->
send_timeout
;
*
buflen
=
sizeof
(
DWORD
);
return
TRUE
;
case
WINHTTP_OPTION_RECEIVE_TIMEOUT
:
if
(
!
validate_buffer
(
buffer
,
buflen
,
sizeof
(
DWORD
)
))
return
FALSE
;
*
(
DWORD
*
)
buffer
=
request
->
receive_timeout
;
*
buflen
=
sizeof
(
DWORD
);
return
TRUE
;
case
WINHTTP_OPTION_RECEIVE_RESPONSE_TIMEOUT
:
if
(
!
validate_buffer
(
buffer
,
buflen
,
sizeof
(
DWORD
)
))
return
FALSE
;
*
(
DWORD
*
)
buffer
=
request
->
receive_response_timeout
;
*
buflen
=
sizeof
(
DWORD
);
return
TRUE
;
...
...
@@ -818,11 +824,15 @@ static BOOL request_query_option( struct object_header *hdr, DWORD option, void
return
TRUE
;
case
WINHTTP_OPTION_MAX_HTTP_AUTOMATIC_REDIRECTS
:
if
(
!
validate_buffer
(
buffer
,
buflen
,
sizeof
(
DWORD
)
))
return
FALSE
;
*
(
DWORD
*
)
buffer
=
request
->
max_redirects
;
*
buflen
=
sizeof
(
DWORD
);
return
TRUE
;
case
WINHTTP_OPTION_HTTP_PROTOCOL_USED
:
if
(
!
validate_buffer
(
buffer
,
buflen
,
sizeof
(
DWORD
)
))
return
FALSE
;
FIXME
(
"WINHTTP_OPTION_HTTP_PROTOCOL_USED
\n
"
);
*
(
DWORD
*
)
buffer
=
0
;
*
buflen
=
sizeof
(
DWORD
);
...
...
@@ -1214,12 +1224,7 @@ static BOOL query_option( struct object_header *hdr, DWORD option, void *buffer,
{
case
WINHTTP_OPTION_CONTEXT_VALUE
:
{
if
(
!
buffer
||
*
buflen
<
sizeof
(
DWORD_PTR
))
{
*
buflen
=
sizeof
(
DWORD_PTR
);
SetLastError
(
ERROR_INSUFFICIENT_BUFFER
);
return
FALSE
;
}
if
(
!
validate_buffer
(
buffer
,
buflen
,
sizeof
(
DWORD_PTR
)
))
return
FALSE
;
*
(
DWORD_PTR
*
)
buffer
=
hdr
->
context
;
*
buflen
=
sizeof
(
DWORD_PTR
);
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment