Skip to content

W
wine-winehq
Commit c1dce86f authored by Mike McCormack's avatar Mike McCormack Committed by Alexandre Julliard
Browse files
Options

wininet: Fix peeking of http data with a nul byte in it.

parent 4a7bb647
Hide whitespace changes
Inline Side-by-side
Showing with 11 additions and 11 deletions
dlls/wininet/internet.h
View file @ c1dce86f
...@@ -63,6 +63,7 @@ typedef struct ...@@ -63,6 +63,7 @@ typedef struct
SSL *ssl_s; SSL *ssl_s;
char *peek_msg; char *peek_msg;
char *peek_msg_mem; char *peek_msg_mem;
size_t peek_len;
#endif #endif
} WININET_NETCONNECTION; } WININET_NETCONNECTION;
......
dlls/wininet/netconnection.c
View file @ c1dce86f
...@@ -305,6 +305,7 @@ BOOL NETCON_close(WININET_NETCONNECTION *connection) ...@@ -305,6 +305,7 @@ BOOL NETCON_close(WININET_NETCONNECTION *connection)
HeapFree(GetProcessHeap(),0,connection->peek_msg_mem); HeapFree(GetProcessHeap(),0,connection->peek_msg_mem);
connection->peek_msg = NULL; connection->peek_msg = NULL;
connection->peek_msg_mem = NULL; connection->peek_msg_mem = NULL;
connection->peek_len = 0;
pSSL_shutdown(connection->ssl_s); pSSL_shutdown(connection->ssl_s);
pSSL_free(connection->ssl_s); pSSL_free(connection->ssl_s);
...@@ -520,19 +521,19 @@ BOOL NETCON_recv(WININET_NETCONNECTION *connection, void *buf, size_t len, int f ...@@ -520,19 +521,19 @@ BOOL NETCON_recv(WININET_NETCONNECTION *connection, void *buf, size_t len, int f
} }
else if (flags & MSG_PEEK && connection->peek_msg) else if (flags & MSG_PEEK && connection->peek_msg)
{ {
size_t peek_msg_len = strlen(connection->peek_msg); if (len < connection->peek_len)
if (len < peek_msg_len)
FIXME("buffer isn't big enough. Do the expect us to wrap?\n"); FIXME("buffer isn't big enough. Do the expect us to wrap?\n");
memcpy(buf, connection->peek_msg, min(len,peek_msg_len+1)); *recvd = min(len, connection->peek_len);
*recvd = min(len, peek_msg_len); memcpy(buf, connection->peek_msg, *recvd);
return TRUE; return TRUE;
} }
else if (connection->peek_msg) else if (connection->peek_msg)
{ {
size_t peek_msg_len = strlen(connection->peek_msg); *recvd = min(len, connection->peek_len);
memcpy(buf, connection->peek_msg, min(len,peek_msg_len+1)); memcpy(buf, connection->peek_msg, *recvd);
connection->peek_msg += *recvd = min(len, peek_msg_len); connection->peek_len -= *recvd;
if (*connection->peek_msg == '\0' || *(connection->peek_msg - 1) == '\0') connection->peek_msg += *recvd;
if (connection->peek_len == 0)
{ {
HeapFree(GetProcessHeap(), 0, connection->peek_msg_mem); HeapFree(GetProcessHeap(), 0, connection->peek_msg_mem);
connection->peek_msg_mem = NULL; connection->peek_msg_mem = NULL;
...@@ -543,6 +544,7 @@ BOOL NETCON_recv(WININET_NETCONNECTION *connection, void *buf, size_t len, int f ...@@ -543,6 +544,7 @@ BOOL NETCON_recv(WININET_NETCONNECTION *connection, void *buf, size_t len, int f
*recvd = pSSL_read(connection->ssl_s, buf, len); *recvd = pSSL_read(connection->ssl_s, buf, len);
if (flags & MSG_PEEK) /* must copy stuff into buffer */ if (flags & MSG_PEEK) /* must copy stuff into buffer */
{ {
connection->peek_len = *recvd;
if (!*recvd) if (!*recvd)
{ {
HeapFree(GetProcessHeap(), 0, connection->peek_msg_mem); HeapFree(GetProcessHeap(), 0, connection->peek_msg_mem);
...@@ -550,10 +552,7 @@ BOOL NETCON_recv(WININET_NETCONNECTION *connection, void *buf, size_t len, int f ...@@ -550,10 +552,7 @@ BOOL NETCON_recv(WININET_NETCONNECTION *connection, void *buf, size_t len, int f
connection->peek_msg = NULL; connection->peek_msg = NULL;
} }
else else
{
memcpy(connection->peek_msg, buf, *recvd); memcpy(connection->peek_msg, buf, *recvd);
connection->peek_msg[*recvd] = '\0';
}
} }
if (*recvd < 1 && len) if (*recvd < 1 && len)
return FALSE; return FALSE;
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment