Skip to content

W
wine-winehq
Commit ea6863c1 authored by Alexandre Julliard's avatar Alexandre Julliard
Browse files
Options

Fixed a couple of buffer overflows.

parent da94dd4a
Hide whitespace changes
Inline Side-by-side
Showing with 5 additions and 5 deletions
dlls/wininet/http.c
View file @ ea6863c1
...@@ -467,7 +467,7 @@ HINTERNET WINAPI HTTP_HttpOpenRequestA(HINTERNET hHttpSession, ...@@ -467,7 +467,7 @@ HINTERNET WINAPI HTTP_HttpOpenRequestA(HINTERNET hHttpSession,
lpwhr->lpszHostName = HTTP_strdup(UrlComponents.lpszHostName); lpwhr->lpszHostName = HTTP_strdup(UrlComponents.lpszHostName);
} else if (NULL != hIC->lpszProxy && hIC->lpszProxy[0] != 0) { } else if (NULL != hIC->lpszProxy && hIC->lpszProxy[0] != 0) {
char buf[MAXHOSTNAME]; char buf[MAXHOSTNAME];
char proxy[MAXHOSTNAME + 13]; /* 13 == "http://" + sizeof(port#) + ":/\0" */ char proxy[MAXHOSTNAME + 15]; /* 15 == "http://" + sizeof(port#) + ":/\0" */
URL_COMPONENTSA UrlComponents; URL_COMPONENTSA UrlComponents;
UrlComponents.lpszExtraInfo = NULL; UrlComponents.lpszExtraInfo = NULL;
...@@ -481,8 +481,8 @@ HINTERNET WINAPI HTTP_HttpOpenRequestA(HINTERNET hHttpSession, ...@@ -481,8 +481,8 @@ HINTERNET WINAPI HTTP_HttpOpenRequestA(HINTERNET hHttpSession,
sprintf(proxy, "http://%s/", hIC->lpszProxy); sprintf(proxy, "http://%s/", hIC->lpszProxy);
InternetCrackUrlA(proxy, 0, 0, &UrlComponents); InternetCrackUrlA(proxy, 0, 0, &UrlComponents);
if (strlen(UrlComponents.lpszHostName)) { if (strlen(UrlComponents.lpszHostName)) {
/* for constant 13 see above */ /* for constant 15 see above */
char* url = HeapAlloc(GetProcessHeap(), 0, strlen(lpwhs->lpszServerName) + strlen(lpwhr->lpszPath) + 13); char* url = HeapAlloc(GetProcessHeap(), 0, strlen(lpwhs->lpszServerName) + strlen(lpwhr->lpszPath) + 15);
if(UrlComponents.nPort == INTERNET_INVALID_PORT_NUMBER) if(UrlComponents.nPort == INTERNET_INVALID_PORT_NUMBER)
UrlComponents.nPort = INTERNET_DEFAULT_HTTP_PORT; UrlComponents.nPort = INTERNET_DEFAULT_HTTP_PORT;
......
dlls/wininet/internet.c
View file @ ea6863c1
...@@ -1599,7 +1599,7 @@ BOOL WINAPI InternetSetOptionA(HINTERNET hInternet, DWORD dwOption, ...@@ -1599,7 +1599,7 @@ BOOL WINAPI InternetSetOptionA(HINTERNET hInternet, DWORD dwOption,
proxlen = MultiByteToWideChar( CP_ACP, 0, pi->lpszProxy, -1, NULL, 0); proxlen = MultiByteToWideChar( CP_ACP, 0, pi->lpszProxy, -1, NULL, 0);
prbylen= MultiByteToWideChar( CP_ACP, 0, pi->lpszProxyBypass, -1, NULL, 0); prbylen= MultiByteToWideChar( CP_ACP, 0, pi->lpszProxyBypass, -1, NULL, 0);
wlen = sizeof(*piw) + proxlen + prbylen; wlen = sizeof(*piw) + proxlen + prbylen;
wbuffer = HeapAlloc( GetProcessHeap(), 0, wlen ); wbuffer = HeapAlloc( GetProcessHeap(), 0, wlen*sizeof(WCHAR) );
piw = (LPINTERNET_PROXY_INFOW) wbuffer; piw = (LPINTERNET_PROXY_INFOW) wbuffer;
piw->dwAccessType = pi->dwAccessType; piw->dwAccessType = pi->dwAccessType;
prox = (LPWSTR) &piw[1]; prox = (LPWSTR) &piw[1];
...@@ -1615,7 +1615,7 @@ BOOL WINAPI InternetSetOptionA(HINTERNET hInternet, DWORD dwOption, ...@@ -1615,7 +1615,7 @@ BOOL WINAPI InternetSetOptionA(HINTERNET hInternet, DWORD dwOption,
case INTERNET_OPTION_PASSWORD: case INTERNET_OPTION_PASSWORD:
wlen = MultiByteToWideChar( CP_ACP, 0, lpBuffer, dwBufferLength, wlen = MultiByteToWideChar( CP_ACP, 0, lpBuffer, dwBufferLength,
NULL, 0 ); NULL, 0 );
wbuffer = HeapAlloc( GetProcessHeap(), 0, wlen ); wbuffer = HeapAlloc( GetProcessHeap(), 0, wlen*sizeof(WCHAR) );
MultiByteToWideChar( CP_ACP, 0, lpBuffer, dwBufferLength, MultiByteToWideChar( CP_ACP, 0, lpBuffer, dwBufferLength,
wbuffer, wlen ); wbuffer, wlen );
break; break;
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment