Commit 7e5b5cb1 authored by Hans Leidekker's avatar Hans Leidekker Committed by Alexandre Julliard

winhttp: Properly handle request paths with Unicode characters.

parent b9e19685
...@@ -826,7 +826,6 @@ BOOL WINAPI WinHttpQueryHeaders( HINTERNET hrequest, DWORD level, LPCWSTR name, ...@@ -826,7 +826,6 @@ BOOL WINAPI WinHttpQueryHeaders( HINTERNET hrequest, DWORD level, LPCWSTR name,
return ret; return ret;
} }
static const WCHAR basicW[] = {'B','a','s','i','c',0}; static const WCHAR basicW[] = {'B','a','s','i','c',0};
static const WCHAR ntlmW[] = {'N','T','L','M',0}; static const WCHAR ntlmW[] = {'N','T','L','M',0};
static const WCHAR passportW[] = {'P','a','s','s','p','o','r','t',0}; static const WCHAR passportW[] = {'P','a','s','s','p','o','r','t',0};
...@@ -2046,6 +2045,176 @@ static void drain_content( request_t *request ) ...@@ -2046,6 +2045,176 @@ static void drain_content( request_t *request )
} }
} }
enum escape_flags
{
ESCAPE_FLAG_NON_PRINTABLE = 0x01,
ESCAPE_FLAG_SPACE = 0x02,
ESCAPE_FLAG_PERCENT = 0x04,
ESCAPE_FLAG_UNSAFE = 0x08,
ESCAPE_FLAG_DEL = 0x10,
ESCAPE_FLAG_8BIT = 0x20,
ESCAPE_FLAG_STRIP_CRLF = 0x40,
};
#define ESCAPE_MASK_DEFAULT (ESCAPE_FLAG_NON_PRINTABLE | ESCAPE_FLAG_SPACE | ESCAPE_FLAG_UNSAFE |\
ESCAPE_FLAG_DEL | ESCAPE_FLAG_8BIT)
#define ESCAPE_MASK_PERCENT (ESCAPE_FLAG_PERCENT | ESCAPE_MASK_DEFAULT)
#define ESCAPE_MASK_DISABLE (ESCAPE_FLAG_SPACE | ESCAPE_FLAG_8BIT | ESCAPE_FLAG_STRIP_CRLF)
static inline BOOL need_escape( char ch, enum escape_flags flags )
{
static const char unsafe[] = "\"#<>[\\]^`{|}";
const char *ptr = unsafe;
if ((flags & ESCAPE_FLAG_SPACE) && ch == ' ') return TRUE;
if ((flags & ESCAPE_FLAG_PERCENT) && ch == '%') return TRUE;
if ((flags & ESCAPE_FLAG_NON_PRINTABLE) && ch < 0x20) return TRUE;
if ((flags & ESCAPE_FLAG_DEL) && ch == 0x7f) return TRUE;
if ((flags & ESCAPE_FLAG_8BIT) && (ch & 0x80)) return TRUE;
if ((flags & ESCAPE_FLAG_UNSAFE)) while (*ptr) { if (ch == *ptr++) return TRUE; }
return FALSE;
}
static DWORD escape_string( const char *src, DWORD len, char *dst, enum escape_flags flags )
{
static const char hex[] = "0123456789ABCDEF";
DWORD i, ret = len;
char *ptr = dst;
for (i = 0; i < len; i++)
{
if ((flags & ESCAPE_FLAG_STRIP_CRLF) && (src[i] == '\r' || src[i] == '\n'))
{
ret--;
continue;
}
if (need_escape( src[i], flags ))
{
if (dst)
{
ptr[0] = '%';
ptr[1] = hex[(src[i] >> 4) & 0xf];
ptr[2] = hex[src[i] & 0xf];
ptr += 3;
}
ret += 2;
}
else if (dst) *ptr++ = src[i];
}
if (dst) dst[ret] = 0;
return ret;
}
static DWORD str_to_wire( const WCHAR *src, int src_len, char *dst, enum escape_flags flags )
{
DWORD len;
char *utf8;
if (src_len < 0) src_len = strlenW( src );
len = WideCharToMultiByte( CP_UTF8, 0, src, src_len, NULL, 0, NULL, NULL );
if (!(utf8 = heap_alloc( len ))) return 0;
WideCharToMultiByte( CP_UTF8, 0, src, -1, utf8, len, NULL, NULL );
len = escape_string( utf8, len, dst, flags );
heap_free( utf8 );
return len;
}
static char *build_wire_path( request_t *request, DWORD *ret_len )
{
WCHAR *full_path;
const WCHAR *path, *query = NULL;
DWORD len, len_path = 0, len_query = 0;
enum escape_flags path_flags, query_flags;
char *ret;
if (!strcmpiW( request->connect->hostname, request->connect->servername )) full_path = request->path;
else if (!(full_path = build_absolute_request_path( request ))) return NULL;
len = strlenW( full_path );
if ((path = strchrW( full_path, '/' )))
{
len_path = strlenW( path );
if ((query = strchrW( path, '?' )))
{
len_query = strlenW( query );
len_path -= len_query;
}
}
if (request->hdr.flags & WINHTTP_FLAG_ESCAPE_DISABLE) path_flags = ESCAPE_MASK_DISABLE;
else if (request->hdr.flags & WINHTTP_FLAG_ESCAPE_PERCENT) path_flags = ESCAPE_MASK_PERCENT;
else path_flags = ESCAPE_MASK_DEFAULT;
if (request->hdr.flags & WINHTTP_FLAG_ESCAPE_DISABLE_QUERY) query_flags = ESCAPE_MASK_DISABLE;
else query_flags = path_flags;
*ret_len = str_to_wire( full_path, len - len_path - len_query, NULL, 0 );
if (path) *ret_len += str_to_wire( path, len_path, NULL, path_flags );
if (query) *ret_len += str_to_wire( query, len_query, NULL, query_flags );
if ((ret = heap_alloc( *ret_len + 1 )))
{
len = str_to_wire( full_path, len - len_path - len_query, ret, 0 );
if (path) len += str_to_wire( path, len_path, ret + len, path_flags );
if (query) str_to_wire( query, len_query, ret + len, query_flags );
}
if (full_path != request->path) heap_free( full_path );
return ret;
}
static char *build_wire_request( request_t *request, DWORD *len )
{
char *path, *ptr, *ret;
DWORD i, len_path;
if (!(path = build_wire_path( request, &len_path ))) return NULL;
*len = str_to_wire( request->verb, -1, NULL, 0 ) + 1; /* ' ' */
*len += len_path + 1; /* ' ' */
*len += str_to_wire( request->version, -1, NULL, 0 );
for (i = 0; i < request->num_headers; i++)
{
if (request->headers[i].is_request)
{
*len += str_to_wire( request->headers[i].field, -1, NULL, 0 ) + 2; /* ': ' */
*len += str_to_wire( request->headers[i].value, -1, NULL, 0 ) + 2; /* '\r\n' */
}
}
*len += 4; /* '\r\n\r\n' */
if ((ret = ptr = heap_alloc( *len + 1 )))
{
ptr += str_to_wire( request->verb, -1, ptr, 0 );
*ptr++ = ' ';
memcpy( ptr, path, len_path );
ptr += len_path;
*ptr++ = ' ';
ptr += str_to_wire( request->version, -1, ptr, 0 );
for (i = 0; i < request->num_headers; i++)
{
if (request->headers[i].is_request)
{
*ptr++ = '\r';
*ptr++ = '\n';
ptr += str_to_wire( request->headers[i].field, -1, ptr, 0 );
*ptr++ = ':';
*ptr++ = ' ';
ptr += str_to_wire( request->headers[i].value, -1, ptr, 0 );
}
}
memcpy( ptr, "\r\n\r\n", sizeof("\r\n\r\n") );
}
heap_free( path );
return ret;
}
static BOOL send_request( request_t *request, LPCWSTR headers, DWORD headers_len, LPVOID optional, static BOOL send_request( request_t *request, LPCWSTR headers, DWORD headers_len, LPVOID optional,
DWORD optional_len, DWORD total_len, DWORD_PTR context, BOOL async ) DWORD optional_len, DWORD total_len, DWORD_PTR context, BOOL async )
{ {
...@@ -2056,8 +2225,7 @@ static BOOL send_request( request_t *request, LPCWSTR headers, DWORD headers_len ...@@ -2056,8 +2225,7 @@ static BOOL send_request( request_t *request, LPCWSTR headers, DWORD headers_len
BOOL ret = FALSE; BOOL ret = FALSE;
connect_t *connect = request->connect; connect_t *connect = request->connect;
session_t *session = connect->session; session_t *session = connect->session;
WCHAR *req = NULL; char *wire_req;
char *req_ascii;
int bytes_sent; int bytes_sent;
DWORD len, i, flags; DWORD len, i, flags;
...@@ -2107,16 +2275,13 @@ static BOOL send_request( request_t *request, LPCWSTR headers, DWORD headers_len ...@@ -2107,16 +2275,13 @@ static BOOL send_request( request_t *request, LPCWSTR headers, DWORD headers_len
if (context) request->hdr.context = context; if (context) request->hdr.context = context;
if (!(ret = open_connection( request ))) goto end; if (!(ret = open_connection( request ))) goto end;
if (!(req = build_request_string( request ))) goto end; if (!(wire_req = build_wire_request( request, &len ))) goto end;
TRACE("full request: %s\n", debugstr_a(wire_req));
if (!(req_ascii = strdupWA( req ))) goto end;
TRACE("full request: %s\n", debugstr_a(req_ascii));
len = strlen(req_ascii);
send_callback( &request->hdr, WINHTTP_CALLBACK_STATUS_SENDING_REQUEST, NULL, 0 ); send_callback( &request->hdr, WINHTTP_CALLBACK_STATUS_SENDING_REQUEST, NULL, 0 );
ret = netconn_send( request->netconn, req_ascii, len, &bytes_sent ); ret = netconn_send( request->netconn, wire_req, len, &bytes_sent );
heap_free( req_ascii ); heap_free( wire_req );
if (!ret) goto end; if (!ret) goto end;
if (optional_len) if (optional_len)
...@@ -2140,7 +2305,6 @@ end: ...@@ -2140,7 +2305,6 @@ end:
send_callback( &request->hdr, WINHTTP_CALLBACK_STATUS_REQUEST_ERROR, &result, sizeof(result) ); send_callback( &request->hdr, WINHTTP_CALLBACK_STATUS_REQUEST_ERROR, &result, sizeof(result) );
} }
} }
heap_free( req );
return ret; return ret;
} }
...@@ -2524,18 +2688,19 @@ static BOOL handle_redirect( request_t *request, DWORD status ) ...@@ -2524,18 +2688,19 @@ static BOOL handle_redirect( request_t *request, DWORD status )
if (location[0] == '/') if (location[0] == '/')
{ {
len = escape_string( NULL, location, len_loc, 0 ); if (!(path = heap_alloc( (len_loc + 1) * sizeof(WCHAR) ))) goto end;
if (!(path = heap_alloc( (len + 1) * sizeof(WCHAR) ))) goto end; memcpy( path, location, len_loc * sizeof(WCHAR) );
escape_string( path, location, len_loc, 0 ); path[len_loc] = 0;
} }
else else
{ {
if ((p = strrchrW( request->path, '/' ))) *p = 0; if ((p = strrchrW( request->path, '/' ))) *p = 0;
len = strlenW( request->path ) + 1 + escape_string( NULL, location, len_loc, 0 ); len = strlenW( request->path ) + 1 + len_loc;
if (!(path = heap_alloc( (len + 1) * sizeof(WCHAR) ))) goto end; if (!(path = heap_alloc( (len + 1) * sizeof(WCHAR) ))) goto end;
strcpyW( path, request->path ); strcpyW( path, request->path );
strcatW( path, slashW ); strcatW( path, slashW );
escape_string( path + strlenW(path), location, len_loc, 0 ); memcpy( path + strlenW(path), location, len_loc * sizeof(WCHAR) );
path[len_loc] = 0;
} }
heap_free( request->path ); heap_free( request->path );
request->path = path; request->path = path;
...@@ -2586,9 +2751,10 @@ static BOOL handle_redirect( request_t *request, DWORD status ) ...@@ -2586,9 +2751,10 @@ static BOOL handle_redirect( request_t *request, DWORD status )
request->path = NULL; request->path = NULL;
if (uc.dwUrlPathLength) if (uc.dwUrlPathLength)
{ {
len = escape_string( NULL, uc.lpszUrlPath, uc.dwUrlPathLength + uc.dwExtraInfoLength, 0 ); len = uc.dwUrlPathLength + uc.dwExtraInfoLength;
if (!(request->path = heap_alloc( (len + 1) * sizeof(WCHAR) ))) goto end; if (!(request->path = heap_alloc( (len + 1) * sizeof(WCHAR) ))) goto end;
escape_string( request->path, uc.lpszUrlPath, uc.dwUrlPathLength + uc.dwExtraInfoLength, 0 ); memcpy( request->path, uc.lpszUrlPath, (len + 1) * sizeof(WCHAR) );
request->path[len] = 0;
} }
else request->path = strdupW( slashW ); else request->path = strdupW( slashW );
} }
......
...@@ -1090,47 +1090,16 @@ static BOOL store_accept_types( request_t *request, const WCHAR **accept_types ) ...@@ -1090,47 +1090,16 @@ static BOOL store_accept_types( request_t *request, const WCHAR **accept_types )
return TRUE; return TRUE;
} }
static WCHAR *get_request_path( const WCHAR *object, DWORD flags ) static WCHAR *get_request_path( const WCHAR *object )
{ {
DWORD len, path_len = 0, query_len = 0; int len = object ? strlenW(object) : 0;
const WCHAR *p = object, *q = NULL; WCHAR *p, *ret;
enum escape_flags path_flags, query_flags;
WCHAR *ret; if (!object || object[0] != '/') len++;
if (!(p = ret = heap_alloc( (len + 1) * sizeof(WCHAR) ))) return NULL;
if (flags & WINHTTP_FLAG_ESCAPE_DISABLE) path_flags = ESCAPE_FLAG_SPACE_ONLY|ESCAPE_FLAG_REMOVE_CRLF; if (!object || object[0] != '/') *p++ = '/';
else if (flags & WINHTTP_FLAG_ESCAPE_PERCENT) path_flags = ESCAPE_FLAG_PERCENT; if (object) strcpyW( p, object );
else path_flags = 0; ret[len] = 0;
if (flags & WINHTTP_FLAG_ESCAPE_DISABLE_QUERY) query_flags = ESCAPE_FLAG_SPACE_ONLY|ESCAPE_FLAG_REMOVE_CRLF;
else query_flags = path_flags;
if (object)
{
path_len = strlenW( object );
if (object[0] == '/')
{
path_len--;
p++;
}
if ((q = strchrW( p, '?' )))
{
q++;
query_len = path_len - (q - p);
path_len -= query_len + 1;
}
}
len = escape_string( NULL, p, path_len, path_flags );
len += escape_string( NULL, q, query_len, query_flags );
if (!(ret = heap_alloc( (len + 3) * sizeof(WCHAR) ))) return NULL;
ret[0] = '/';
len = escape_string( ret + 1, p, path_len, path_flags ) + 1;
if (q)
{
ret[len] = '?';
escape_string( ret + 1 + len, q, query_len, query_flags );
}
return ret; return ret;
} }
...@@ -1193,7 +1162,7 @@ HINTERNET WINAPI WinHttpOpenRequest( HINTERNET hconnect, LPCWSTR verb, LPCWSTR o ...@@ -1193,7 +1162,7 @@ HINTERNET WINAPI WinHttpOpenRequest( HINTERNET hconnect, LPCWSTR verb, LPCWSTR o
if (!verb || !verb[0]) verb = getW; if (!verb || !verb[0]) verb = getW;
if (!(request->verb = strdupW( verb ))) goto end; if (!(request->verb = strdupW( verb ))) goto end;
if (!(request->path = get_request_path( object, flags ))) goto end; if (!(request->path = get_request_path( object ))) goto end;
if (!version || !version[0]) version = http1_1; if (!version || !version[0]) version = http1_1;
if (!(request->version = strdupW( version ))) goto end; if (!(request->version = strdupW( version ))) goto end;
......
...@@ -35,6 +35,8 @@ static WCHAR about[] = {'/','s','i','t','e','/','a','b','o','u','t',0}; ...@@ -35,6 +35,8 @@ static WCHAR about[] = {'/','s','i','t','e','/','a','b','o','u','t',0};
static WCHAR query[] = {'?','q','u','e','r','y',0}; static WCHAR query[] = {'?','q','u','e','r','y',0};
static WCHAR escape[] = {' ','!','"','#','$','%','&','\'','(',')','*','+',',','-','.','/',':',';','<','=','>','?','@','[','\\',']','^','_','`','{','|','}','~',0}; static WCHAR escape[] = {' ','!','"','#','$','%','&','\'','(',')','*','+',',','-','.','/',':',';','<','=','>','?','@','[','\\',']','^','_','`','{','|','}','~',0};
static WCHAR escape2[] = {'\r',0x1f,' ','\n',0x7f,'\r','\n',0}; static WCHAR escape2[] = {'\r',0x1f,' ','\n',0x7f,'\r','\n',0};
static WCHAR escape3[] = {'?','t','e','x','t','=',0xfb00,0};
static WCHAR escape4[] = {'/','t','e','x','t','=',0xfb00,0};
static const WCHAR url1[] = static const WCHAR url1[] =
{'h','t','t','p',':','/','/','u','s','e','r','n','a','m','e',':','p','a','s','s','w','o','r','d', {'h','t','t','p',':','/','/','u','s','e','r','n','a','m','e',':','p','a','s','s','w','o','r','d',
...@@ -75,6 +77,10 @@ static const WCHAR url16[] = {'h','t','t','p',':','/','/','w','i','n','e','h','q ...@@ -75,6 +77,10 @@ static const WCHAR url16[] = {'h','t','t','p',':','/','/','w','i','n','e','h','q
static const WCHAR url17[] = {'h','t','t','p',':','/','/','w','i','n','e','h','q','.','o','r','g',':',0}; static const WCHAR url17[] = {'h','t','t','p',':','/','/','w','i','n','e','h','q','.','o','r','g',':',0};
static const WCHAR url18[] = static const WCHAR url18[] =
{'h','t','t','p',':','/','/','%','0','D','%','1','F','%','2','0','%','0','A','%','7','F','%','0','D','%','0','A',0}; {'h','t','t','p',':','/','/','%','0','D','%','1','F','%','2','0','%','0','A','%','7','F','%','0','D','%','0','A',0};
static const WCHAR url19[] =
{'h','t','t','p',':','/','/','?','t','e','x','t','=',0xfb00,0};
static const WCHAR url20[] =
{'h','t','t','p',':','/','/','/','t','e','x','t','=',0xfb00,0};
static const WCHAR url_k1[] = static const WCHAR url_k1[] =
{'h','t','t','p',':','/','/','u','s','e','r','n','a','m','e',':','p','a','s','s','w','o','r','d', {'h','t','t','p',':','/','/','u','s','e','r','n','a','m','e',':','p','a','s','s','w','o','r','d',
...@@ -318,6 +324,34 @@ static void WinHttpCreateUrl_test( void ) ...@@ -318,6 +324,34 @@ static void WinHttpCreateUrl_test( void )
ok( len == lstrlenW(url18), "expected len %u got %u\n", lstrlenW(url18), len ); ok( len == lstrlenW(url18), "expected len %u got %u\n", lstrlenW(url18), len );
ok( !lstrcmpW( url, url18 ), "url doesn't match\n" ); ok( !lstrcmpW( url, url18 ), "url doesn't match\n" );
/* extra info with Unicode characters */
memset( &uc, 0, sizeof(uc) );
uc.dwStructSize = sizeof(uc);
uc.lpszExtraInfo = escape3;
uc.dwExtraInfoLength = lstrlenW( uc.lpszExtraInfo );
url[0] = 0;
len = 256;
SetLastError( 0xdeadbeef );
ret = WinHttpCreateUrl( &uc, ICU_ESCAPE, url, &len );
err = GetLastError();
ok( !ret, "expected failure\n" );
ok( err == ERROR_INVALID_PARAMETER, "got %u\n", err );
/* extra info with Unicode characters, no ICU_ESCAPE */
memset( &uc, 0, sizeof(uc) );
uc.dwStructSize = sizeof(uc);
uc.lpszExtraInfo = escape3;
uc.dwExtraInfoLength = lstrlenW( uc.lpszExtraInfo );
url[0] = 0;
len = 256;
ret = WinHttpCreateUrl( &uc, 0, url, &len );
ok( ret || broken(!ret) /* < win7 */, "expected success\n" );
if (ret)
{
ok( len == lstrlenW(url19), "expected len %u got %u\n", lstrlenW(url19), len );
ok( !lstrcmpW( url, url19 ), "url doesn't match %s\n", wine_dbgstr_w(url) );
}
/* escape path */ /* escape path */
memset( &uc, 0, sizeof(uc) ); memset( &uc, 0, sizeof(uc) );
uc.dwStructSize = sizeof(uc); uc.dwStructSize = sizeof(uc);
...@@ -330,6 +364,34 @@ static void WinHttpCreateUrl_test( void ) ...@@ -330,6 +364,34 @@ static void WinHttpCreateUrl_test( void )
ok( len == lstrlenW(url18), "expected len %u got %u\n", lstrlenW(url18), len ); ok( len == lstrlenW(url18), "expected len %u got %u\n", lstrlenW(url18), len );
ok( !lstrcmpW( url, url18 ), "url doesn't match\n" ); ok( !lstrcmpW( url, url18 ), "url doesn't match\n" );
/* path with Unicode characters */
memset( &uc, 0, sizeof(uc) );
uc.dwStructSize = sizeof(uc);
uc.lpszUrlPath = escape4;
uc.dwUrlPathLength = lstrlenW( uc.lpszUrlPath );
url[0] = 0;
len = 256;
SetLastError( 0xdeadbeef );
ret = WinHttpCreateUrl( &uc, ICU_ESCAPE, url, &len );
err = GetLastError();
ok( !ret, "expected failure\n" );
ok( err == ERROR_INVALID_PARAMETER, "got %u\n", err );
/* path with Unicode characters, no ICU_ESCAPE */
memset( &uc, 0, sizeof(uc) );
uc.dwStructSize = sizeof(uc);
uc.lpszUrlPath = escape4;
uc.dwUrlPathLength = lstrlenW( uc.lpszUrlPath );
url[0] = 0;
len = 256;
ret = WinHttpCreateUrl( &uc, 0, url, &len );
ok( ret || broken(!ret) /* < win7 */, "expected success\n" );
if (ret)
{
ok( len == lstrlenW(url20), "expected len %u got %u\n", lstrlenW(url20), len );
ok( !lstrcmpW( url, url20 ), "url doesn't match %s\n", wine_dbgstr_w(url) );
}
/* NULL lpszScheme, 0 nScheme and nPort */ /* NULL lpszScheme, 0 nScheme and nPort */
fill_url_components( &uc ); fill_url_components( &uc );
uc.lpszScheme = NULL; uc.lpszScheme = NULL;
......
...@@ -2368,9 +2368,16 @@ static DWORD CALLBACK server_thread(LPVOID param) ...@@ -2368,9 +2368,16 @@ static DWORD CALLBACK server_thread(LPVOID param)
"%5E_%60%7B%7C%7D~%0D%0A "; "%5E_%60%7B%7C%7D~%0D%0A ";
static const char res3[] = "\x1f\x7f<%20%three?\x1f\x7f%20!\"#$%&'()*+,-./:;<=>?@[\\]^_`{|}~ "; static const char res3[] = "\x1f\x7f<%20%three?\x1f\x7f%20!\"#$%&'()*+,-./:;<=>?@[\\]^_`{|}~ ";
static const char res4[] = "%0D%0A%1F%7F%3C%20%four?\x1f\x7f%20!\"#$%&'()*+,-./:;<=>?@[\\]^_`{|}~ "; static const char res4[] = "%0D%0A%1F%7F%3C%20%four?\x1f\x7f%20!\"#$%&'()*+,-./:;<=>?@[\\]^_`{|}~ ";
static const char res5[] = "&text=one%C2%80%7F~";
static const char res6[] = "&text=two%C2%80\x7f~";
static const char res7[] = "&text=%E5%90%9B%E3%81%AE%E5%90%8D%E3%81%AF";
if (strstr(buffer + 11, res) || strstr(buffer + 11, res2) || strstr(buffer + 11, res3) || if (strstr(buffer + 11, res) || strstr(buffer + 11, res2) || strstr(buffer + 11, res3) ||
strstr(buffer + 11, res4 )) send(c, okmsg, sizeof(okmsg) - 1, 0); strstr(buffer + 11, res4) || strstr(buffer + 11, res5) || strstr(buffer + 11, res6) ||
strstr(buffer + 11, res7))
{
send(c, okmsg, sizeof(okmsg) - 1, 0);
}
else send(c, notokmsg, sizeof(notokmsg) - 1, 0); else send(c, notokmsg, sizeof(notokmsg) - 1, 0);
} }
if (strstr(buffer, "GET /quit")) if (strstr(buffer, "GET /quit"))
...@@ -3367,7 +3374,8 @@ static void do_request( HINTERNET con, const WCHAR *obj, DWORD flags ) ...@@ -3367,7 +3374,8 @@ static void do_request( HINTERNET con, const WCHAR *obj, DWORD flags )
size = sizeof(status); size = sizeof(status);
ret = WinHttpQueryHeaders( req, WINHTTP_QUERY_STATUS_CODE|WINHTTP_QUERY_FLAG_NUMBER, NULL, &status, &size, NULL ); ret = WinHttpQueryHeaders( req, WINHTTP_QUERY_STATUS_CODE|WINHTTP_QUERY_FLAG_NUMBER, NULL, &status, &size, NULL );
ok( ret, "failed to query status code %u\n", GetLastError() ); ok( ret, "failed to query status code %u\n", GetLastError() );
ok( status == HTTP_STATUS_OK, "request %s with flags %08x failed %u\n", wine_dbgstr_w(obj), flags, status ); ok( status == HTTP_STATUS_OK || broken(status == HTTP_STATUS_BAD_REQUEST) /* < win7 */,
"request %s with flags %08x failed %u\n", wine_dbgstr_w(obj), flags, status );
WinHttpCloseHandle( req ); WinHttpCloseHandle( req );
} }
...@@ -3389,6 +3397,12 @@ static void test_request_path_escapes( int port ) ...@@ -3389,6 +3397,12 @@ static void test_request_path_escapes( int port )
{'/','e','s','c','a','p','e','\r','\n',0x1f,0x7f,'<',' ','%','f','o','u','r','?',0x1f,0x7f,' ','!','"', {'/','e','s','c','a','p','e','\r','\n',0x1f,0x7f,'<',' ','%','f','o','u','r','?',0x1f,0x7f,' ','!','"',
'#','$','%','&','\'','(',')','*','+',',','-','.','/',':',';','<','=','>','?','@','[','\\',']','^','_', '#','$','%','&','\'','(',')','*','+',',','-','.','/',':',';','<','=','>','?','@','[','\\',']','^','_',
'`','{','|','}','~','\r','\n',0}; '`','{','|','}','~','\r','\n',0};
static const WCHAR obj5W[] =
{'/','e','s','c','a','p','e','&','t','e','x','t','=','o','n','e',0x80,0x7f,0x7e,0};
static const WCHAR obj6W[] =
{'/','e','s','c','a','p','e','&','t','e','x','t','=','t','w','o',0x80,0x7f,0x7e,0};
static const WCHAR obj7W[] =
{'/','e','s','c','a','p','e','&','t','e','x','t','=',0x541b,0x306e,0x540d,0x306f,0};
HINTERNET ses, con; HINTERNET ses, con;
ses = WinHttpOpen( test_useragent, WINHTTP_ACCESS_TYPE_NO_PROXY, NULL, NULL, 0 ); ses = WinHttpOpen( test_useragent, WINHTTP_ACCESS_TYPE_NO_PROXY, NULL, NULL, 0 );
...@@ -3401,6 +3415,9 @@ static void test_request_path_escapes( int port ) ...@@ -3401,6 +3415,9 @@ static void test_request_path_escapes( int port )
do_request( con, obj2W, WINHTTP_FLAG_ESCAPE_PERCENT ); do_request( con, obj2W, WINHTTP_FLAG_ESCAPE_PERCENT );
do_request( con, obj3W, WINHTTP_FLAG_ESCAPE_DISABLE ); do_request( con, obj3W, WINHTTP_FLAG_ESCAPE_DISABLE );
do_request( con, obj4W, WINHTTP_FLAG_ESCAPE_DISABLE_QUERY ); do_request( con, obj4W, WINHTTP_FLAG_ESCAPE_DISABLE_QUERY );
do_request( con, obj5W, 0 );
do_request( con, obj6W, WINHTTP_FLAG_ESCAPE_DISABLE );
do_request( con, obj7W, WINHTTP_FLAG_ESCAPE_DISABLE );
WinHttpCloseHandle( con ); WinHttpCloseHandle( con );
WinHttpCloseHandle( ses ); WinHttpCloseHandle( ses );
......
...@@ -87,16 +87,11 @@ static WCHAR *decode_url( LPCWSTR url, DWORD *len ) ...@@ -87,16 +87,11 @@ static WCHAR *decode_url( LPCWSTR url, DWORD *len )
return ret; return ret;
} }
static inline BOOL need_escape( WCHAR ch )
static BOOL need_escape( WCHAR ch, enum escape_flags flags )
{ {
static const WCHAR escapes[] = {' ','"','#','<','>','[','\\',']','^','`','{','|','}',0}; static const WCHAR escapes[] = {' ','"','#','%','<','>','[','\\',']','^','`','{','|','}','~',0};
const WCHAR *p = escapes; const WCHAR *p = escapes;
if (ch != ' ' && (flags & ESCAPE_FLAG_SPACE_ONLY)) return FALSE;
if (ch == '%' && (flags & ESCAPE_FLAG_PERCENT)) return TRUE;
if (ch == '~' && (flags & ESCAPE_FLAG_TILDE)) return TRUE;
if (ch <= 31 || ch >= 127) return TRUE; if (ch <= 31 || ch >= 127) return TRUE;
while (*p) while (*p)
{ {
...@@ -105,21 +100,17 @@ static BOOL need_escape( WCHAR ch, enum escape_flags flags ) ...@@ -105,21 +100,17 @@ static BOOL need_escape( WCHAR ch, enum escape_flags flags )
return FALSE; return FALSE;
} }
DWORD escape_string( WCHAR *dst, const WCHAR *src, DWORD len, enum escape_flags flags ) static BOOL escape_string( const WCHAR *src, DWORD src_len, WCHAR *dst, DWORD *dst_len )
{ {
static const WCHAR hex[] = {'0','1','2','3','4','5','6','7','8','9','A','B','C','D','E','F'}; static const WCHAR hex[] = {'0','1','2','3','4','5','6','7','8','9','A','B','C','D','E','F'};
DWORD ret = len;
unsigned int i;
WCHAR *p = dst; WCHAR *p = dst;
DWORD i;
for (i = 0; i < len; i++) *dst_len = src_len;
for (i = 0; i < src_len; i++)
{ {
if ((flags & ESCAPE_FLAG_REMOVE_CRLF) && (src[i] == '\r' || src[i] == '\n')) if (src[i] > 0xff) return FALSE;
{ if (need_escape( src[i] ))
ret--;
continue;
}
if (need_escape( src[i], flags ))
{ {
if (dst) if (dst)
{ {
...@@ -128,25 +119,24 @@ DWORD escape_string( WCHAR *dst, const WCHAR *src, DWORD len, enum escape_flags ...@@ -128,25 +119,24 @@ DWORD escape_string( WCHAR *dst, const WCHAR *src, DWORD len, enum escape_flags
p[2] = hex[src[i] & 0xf]; p[2] = hex[src[i] & 0xf];
p += 3; p += 3;
} }
ret += 2; *dst_len += 2;
} }
else if (dst) *p++ = src[i]; else if (dst) *p++ = src[i];
} }
if (dst) dst[ret] = 0; if (dst) dst[*dst_len] = 0;
return ret; return TRUE;
} }
static WCHAR *escape_url( const WCHAR *url, DWORD *len ) static DWORD escape_url( const WCHAR *url, DWORD *len, WCHAR **ret )
{ {
WCHAR *ret;
const WCHAR *p; const WCHAR *p;
DWORD len_base, len_path; DWORD len_base, len_path;
if ((p = strrchrW( url, '/' ))) if ((p = strrchrW( url, '/' )))
{ {
len_base = p - url; len_base = p - url;
len_path = escape_string( NULL, p, *len - len_base, ESCAPE_FLAG_PERCENT|ESCAPE_FLAG_TILDE ); if (!escape_string( p, *len - len_base, NULL, &len_path )) return ERROR_INVALID_PARAMETER;
} }
else else
{ {
...@@ -154,14 +144,14 @@ static WCHAR *escape_url( const WCHAR *url, DWORD *len ) ...@@ -154,14 +144,14 @@ static WCHAR *escape_url( const WCHAR *url, DWORD *len )
len_path = 0; len_path = 0;
} }
if (!(ret = heap_alloc( (len_base + len_path + 1) * sizeof(WCHAR) ))) return NULL; if (!(*ret = heap_alloc( (len_base + len_path + 1) * sizeof(WCHAR) ))) return ERROR_OUTOFMEMORY;
memcpy( ret, url, len_base * sizeof(WCHAR) ); memcpy( *ret, url, len_base * sizeof(WCHAR) );
if (p) escape_string( ret + len_base, p, *len - (p - url), ESCAPE_FLAG_PERCENT|ESCAPE_FLAG_TILDE ); if (p) escape_string( p, *len - (p - url), *ret + len_base, &len_path );
ret[len_base + len_path] = 0; (*ret)[len_base + len_path] = 0;
*len = len_base + len_path; *len = len_base + len_path;
return ret; return ERROR_SUCCESS;
} }
static DWORD parse_port( const WCHAR *str, DWORD len, INTERNET_PORT *ret ) static DWORD parse_port( const WCHAR *str, DWORD len, INTERNET_PORT *ret )
...@@ -198,9 +188,9 @@ BOOL WINAPI WinHttpCrackUrl( LPCWSTR url, DWORD len, DWORD flags, LPURL_COMPONEN ...@@ -198,9 +188,9 @@ BOOL WINAPI WinHttpCrackUrl( LPCWSTR url, DWORD len, DWORD flags, LPURL_COMPONEN
if (flags & ICU_ESCAPE) if (flags & ICU_ESCAPE)
{ {
if (!(url_escaped = escape_url( url, &len ))) if ((err = escape_url( url, &len, &url_escaped )))
{ {
set_last_error( ERROR_OUTOFMEMORY ); set_last_error( err );
return FALSE; return FALSE;
} }
url = url_escaped; url = url_escaped;
...@@ -349,7 +339,7 @@ static DWORD get_comp_length( DWORD len, DWORD flags, WCHAR *comp ) ...@@ -349,7 +339,7 @@ static DWORD get_comp_length( DWORD len, DWORD flags, WCHAR *comp )
ret = len ? len : strlenW( comp ); ret = len ? len : strlenW( comp );
if (!(flags & ICU_ESCAPE)) return ret; if (!(flags & ICU_ESCAPE)) return ret;
for (i = 0; i < len; i++) if (need_escape( comp[i], ESCAPE_FLAG_PERCENT|ESCAPE_FLAG_TILDE )) ret += 2; for (i = 0; i < len; i++) if (need_escape( comp[i] )) ret += 2;
return ret; return ret;
} }
...@@ -415,7 +405,7 @@ static BOOL get_url_length( URL_COMPONENTS *uc, DWORD flags, DWORD *len ) ...@@ -415,7 +405,7 @@ static BOOL get_url_length( URL_COMPONENTS *uc, DWORD flags, DWORD *len )
BOOL WINAPI WinHttpCreateUrl( LPURL_COMPONENTS uc, DWORD flags, LPWSTR url, LPDWORD required ) BOOL WINAPI WinHttpCreateUrl( LPURL_COMPONENTS uc, DWORD flags, LPWSTR url, LPDWORD required )
{ {
static const WCHAR formatW[] = {'%','u',0}; static const WCHAR formatW[] = {'%','u',0};
DWORD len; DWORD len, len_escaped;
INTERNET_SCHEME scheme; INTERNET_SCHEME scheme;
TRACE("%p, 0x%08x, %p, %p\n", uc, flags, url, required); TRACE("%p, 0x%08x, %p, %p\n", uc, flags, url, required);
...@@ -503,7 +493,15 @@ BOOL WINAPI WinHttpCreateUrl( LPURL_COMPONENTS uc, DWORD flags, LPWSTR url, LPDW ...@@ -503,7 +493,15 @@ BOOL WINAPI WinHttpCreateUrl( LPURL_COMPONENTS uc, DWORD flags, LPWSTR url, LPDW
if (uc->lpszUrlPath) if (uc->lpszUrlPath)
{ {
len = get_comp_length( uc->dwUrlPathLength, 0, uc->lpszUrlPath ); len = get_comp_length( uc->dwUrlPathLength, 0, uc->lpszUrlPath );
if (flags & ICU_ESCAPE) url += escape_string( url, uc->lpszUrlPath, len, ESCAPE_FLAG_PERCENT|ESCAPE_FLAG_TILDE ); if (flags & ICU_ESCAPE)
{
if (!escape_string( uc->lpszUrlPath, len, url, &len_escaped ))
{
set_last_error( ERROR_INVALID_PARAMETER );
return FALSE;
}
url += len_escaped;
}
else else
{ {
memcpy( url, uc->lpszUrlPath, len * sizeof(WCHAR) ); memcpy( url, uc->lpszUrlPath, len * sizeof(WCHAR) );
...@@ -513,7 +511,15 @@ BOOL WINAPI WinHttpCreateUrl( LPURL_COMPONENTS uc, DWORD flags, LPWSTR url, LPDW ...@@ -513,7 +511,15 @@ BOOL WINAPI WinHttpCreateUrl( LPURL_COMPONENTS uc, DWORD flags, LPWSTR url, LPDW
if (uc->lpszExtraInfo) if (uc->lpszExtraInfo)
{ {
len = get_comp_length( uc->dwExtraInfoLength, 0, uc->lpszExtraInfo ); len = get_comp_length( uc->dwExtraInfoLength, 0, uc->lpszExtraInfo );
if (flags & ICU_ESCAPE) url += escape_string( url, uc->lpszExtraInfo, len, ESCAPE_FLAG_PERCENT|ESCAPE_FLAG_TILDE ); if (flags & ICU_ESCAPE)
{
if (!escape_string( uc->lpszExtraInfo, len, url, &len_escaped ))
{
set_last_error( ERROR_INVALID_PARAMETER );
return FALSE;
}
url += len_escaped;
}
else else
{ {
memcpy( url, uc->lpszExtraInfo, len * sizeof(WCHAR) ); memcpy( url, uc->lpszExtraInfo, len * sizeof(WCHAR) );
......
...@@ -292,15 +292,6 @@ void destroy_authinfo( struct authinfo * ) DECLSPEC_HIDDEN; ...@@ -292,15 +292,6 @@ void destroy_authinfo( struct authinfo * ) DECLSPEC_HIDDEN;
void release_host( hostdata_t *host ) DECLSPEC_HIDDEN; void release_host( hostdata_t *host ) DECLSPEC_HIDDEN;
enum escape_flags
{
ESCAPE_FLAG_REMOVE_CRLF = 0x01,
ESCAPE_FLAG_SPACE_ONLY = 0x02,
ESCAPE_FLAG_PERCENT = 0x04,
ESCAPE_FLAG_TILDE = 0x08,
};
DWORD escape_string( WCHAR *, const WCHAR *, DWORD, enum escape_flags ) DECLSPEC_HIDDEN;
extern HRESULT WinHttpRequest_create( void ** ) DECLSPEC_HIDDEN; extern HRESULT WinHttpRequest_create( void ** ) DECLSPEC_HIDDEN;
void release_typelib( void ) DECLSPEC_HIDDEN; void release_typelib( void ) DECLSPEC_HIDDEN;
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment