winhttp: Fix parameters validation in WinHttpGetProxyForUrl.

ec65fd0b · Piotr Caban · Alexandre Julliard · 6f4c2b7f · ec65fd0b · ec65fd0b
Commit ec65fd0b authored Apr 25, 2024 by Piotr Caban Committed by Alexandre Julliard Apr 26, 2024
Show whitespace changes
Inline Side-by-side

Showing with 26 additions and 12 deletions

session.c dlls/winhttp/session.c +11 -12

winhttp.c dlls/winhttp/tests/winhttp.c +15 -0

No files found.
--- a/dlls/winhttp/session.c
+++ b/dlls/winhttp/session.c
@@ -2105,10 +2105,9 @@ static BOOL run_script( char *script, DWORD size, const WCHAR *url, WINHTTP_PROX
 BOOL WINAPI WinHttpGetProxyForUrl( HINTERNET hsession, LPCWSTR url, WINHTTP_AUTOPROXY_OPTIONS *options,
                                   WINHTTP_PROXY_INFO *info )
 {
-    WCHAR *detected_pac_url = NULL;
+    WCHAR *pac_url;
-    const WCHAR *pac_url;
    struct session *session;
-    char *script;
+    char *script = NULL;
    DWORD size;
    BOOL ret = FALSE;
@@ -2128,29 +2127,29 @@ BOOL WINAPI WinHttpGetProxyForUrl( HINTERNET hsession, LPCWSTR url, WINHTTP_AUTO
    if (!url || !options || !info ||
        !(options->dwFlags & (WINHTTP_AUTOPROXY_AUTO_DETECT|WINHTTP_AUTOPROXY_CONFIG_URL)) ||
        ((options->dwFlags & WINHTTP_AUTOPROXY_AUTO_DETECT) && !options->dwAutoDetectFlags) ||
-        ((options->dwFlags & WINHTTP_AUTOPROXY_AUTO_DETECT) &&
-         (options->dwFlags & WINHTTP_AUTOPROXY_CONFIG_URL)) ||
        (options->dwFlags & WINHTTP_AUTOPROXY_CONFIG_URL && !options->lpszAutoConfigUrl))
    {
        release_object( &session->hdr );
        SetLastError( ERROR_INVALID_PARAMETER );
        return FALSE;
    }
    if (options->dwFlags & WINHTTP_AUTOPROXY_AUTO_DETECT &&
-        !WinHttpDetectAutoProxyConfigUrl( options->dwAutoDetectFlags, &detected_pac_url ))
+        WinHttpDetectAutoProxyConfigUrl( options->dwAutoDetectFlags, &pac_url ))
-        goto done;
+    {
+        script = download_script( pac_url, &size );
+        GlobalFree( pac_url );
+    }
-    if (options->dwFlags & WINHTTP_AUTOPROXY_CONFIG_URL) pac_url = options->lpszAutoConfigUrl;
+    if (!script && options->dwFlags & WINHTTP_AUTOPROXY_CONFIG_URL)
-    else pac_url = detected_pac_url;
+        script = download_script( options->lpszAutoConfigUrl, &size );
-    if ((script = download_script( pac_url, &size )))
+    if (script)
    {
        ret = run_script( script, size, url, info, options->dwFlags );
        free( script );
    }
-done:
-    GlobalFree( detected_pac_url );
    release_object( &session->hdr );
    if (ret) SetLastError( ERROR_SUCCESS );
    return ret;

--- a/dlls/winhttp/tests/winhttp.c
+++ b/dlls/winhttp/tests/winhttp.c
@@ -5415,6 +5415,21 @@ static void test_WinHttpGetProxyForUrl(int port)
        GlobalFree( info.lpszProxyBypass );
    }
+    options.dwFlags = WINHTTP_AUTOPROXY_AUTO_DETECT|WINHTTP_AUTOPROXY_CONFIG_URL;
+    options.dwAutoDetectFlags = WINHTTP_AUTO_DETECT_TYPE_DHCP|WINHTTP_AUTO_DETECT_TYPE_DNS_A;
+    options.lpszAutoConfigUrl = L"http://wpad/wpad.dat";
+    SetLastError(0xdeadbeef);
+    memset( &info, 0, sizeof(info) );
+    ret = WinHttpGetProxyForUrl( session, L"http://winehq.org", &options, &info );
+    error = GetLastError();
+    ok( error != ERROR_INVALID_PARAMETER, "got ERROR_INVALID_PARAMETER\n" );
+    if (ret)
+    {
+        GlobalFree( info.lpszProxy );
+        GlobalFree( info.lpszProxyBypass );
+    }
    options.dwFlags = WINHTTP_AUTOPROXY_AUTO_DETECT;
    options.dwAutoDetectFlags = WINHTTP_AUTO_DETECT_TYPE_DHCP|WINHTTP_AUTO_DETECT_TYPE_DNS_A;