Fixed a couple of buffer overflows.

ea6863c1 · Alexandre Julliard · da94dd4a · ea6863c1 · ea6863c1
Commit ea6863c1 authored Jul 09, 2003 by Alexandre Julliard
Hide whitespace changes
Inline Side-by-side

Showing with 5 additions and 5 deletions

http.c dlls/wininet/http.c +3 -3

internet.c dlls/wininet/internet.c +2 -2

No files found.
--- a/dlls/wininet/http.c
+++ b/dlls/wininet/http.c
@@ -467,7 +467,7 @@ HINTERNET WINAPI HTTP_HttpOpenRequestA(HINTERNET hHttpSession,
            lpwhr->lpszHostName = HTTP_strdup(UrlComponents.lpszHostName);
    } else if (NULL != hIC->lpszProxy && hIC->lpszProxy[0] != 0) {
        char buf[MAXHOSTNAME];
-        char proxy[MAXHOSTNAME + 13]; /* 13 == "http://" + sizeof(port#) + ":/\0" */
+        char proxy[MAXHOSTNAME + 15]; /* 15 == "http://" + sizeof(port#) + ":/\0" */
        URL_COMPONENTSA UrlComponents;

        UrlComponents.lpszExtraInfo = NULL;
@@ -481,8 +481,8 @@ HINTERNET WINAPI HTTP_HttpOpenRequestA(HINTERNET hHttpSession,
        sprintf(proxy, "http://%s/", hIC->lpszProxy);
        InternetCrackUrlA(proxy, 0, 0, &UrlComponents);
        if (strlen(UrlComponents.lpszHostName)) {
-			 /* for constant 13 see above */
-             char* url = HeapAlloc(GetProcessHeap(), 0, strlen(lpwhs->lpszServerName) + strlen(lpwhr->lpszPath) + 13);
+			 /* for constant 15 see above */
+             char* url = HeapAlloc(GetProcessHeap(), 0, strlen(lpwhs->lpszServerName) + strlen(lpwhr->lpszPath) + 15);

             if(UrlComponents.nPort == INTERNET_INVALID_PORT_NUMBER)
                 UrlComponents.nPort = INTERNET_DEFAULT_HTTP_PORT;

--- a/dlls/wininet/internet.c
+++ b/dlls/wininet/internet.c
@@ -1599,7 +1599,7 @@ BOOL WINAPI InternetSetOptionA(HINTERNET hInternet, DWORD dwOption,
        proxlen = MultiByteToWideChar( CP_ACP, 0, pi->lpszProxy, -1, NULL, 0);
        prbylen= MultiByteToWideChar( CP_ACP, 0, pi->lpszProxyBypass, -1, NULL, 0);
        wlen = sizeof(*piw) + proxlen + prbylen;
-        wbuffer = HeapAlloc( GetProcessHeap(), 0, wlen );
+        wbuffer = HeapAlloc( GetProcessHeap(), 0, wlen*sizeof(WCHAR) );
        piw = (LPINTERNET_PROXY_INFOW) wbuffer;
        piw->dwAccessType = pi->dwAccessType;
        prox = (LPWSTR) &piw[1];
@@ -1615,7 +1615,7 @@ BOOL WINAPI InternetSetOptionA(HINTERNET hInternet, DWORD dwOption,
    case INTERNET_OPTION_PASSWORD:
        wlen = MultiByteToWideChar( CP_ACP, 0, lpBuffer, dwBufferLength,
                                   NULL, 0 );
-        wbuffer = HeapAlloc( GetProcessHeap(), 0, wlen );
+        wbuffer = HeapAlloc( GetProcessHeap(), 0, wlen*sizeof(WCHAR) );
        MultiByteToWideChar( CP_ACP, 0, lpBuffer, dwBufferLength,
                                   wbuffer, wlen );
        break;