wininet: Correctly handle redirects to non-http URLs.

Signed-off-by: Jacek Caban <jacek@codeweavers.com> Signed-off-by: Alexandre Julliard <julliard@winehq.org>

wininet: Correctly handle redirects to non-http URLs.
9c959154 · Jacek Caban · Alexandre Julliard · 48716cba · 9c959154
Commit 9c959154 authored May 31, 2017 by Jacek Caban Committed by Alexandre Julliard May 31, 2017
Hide whitespace changes
Inline Side-by-side

Showing with 9 additions and 0 deletions

http.c dlls/wininet/http.c +9 -0

No files found.
--- a/dlls/wininet/http.c
+++ b/dlls/wininet/http.c
@@ -3993,7 +3993,16 @@ static WCHAR *get_redirect_url(http_request_t *request)
        return NULL;
    }

+    urlComponents.dwSchemeLength = 1;
+    b = InternetCrackUrlW(redirect_url, url_length, 0, &urlComponents);
+    if(b && urlComponents.dwSchemeLength &&
+       urlComponents.nScheme != INTERNET_SCHEME_HTTP && urlComponents.nScheme != INTERNET_SCHEME_HTTPS) {
+        TRACE("redirect to non-http URL\n");
+        return NULL;
+    }
+
    urlComponents.lpszScheme = (request->hdr.dwFlags & INTERNET_FLAG_SECURE) ? szHttps : szHttp;
+    urlComponents.dwSchemeLength = 0;
    urlComponents.lpszHostName = request->server->name;
    urlComponents.nPort = request->server->port;
    urlComponents.lpszUserName = session->userName;