Rob Shearman : wininet: Retrieve the maximum token length from the SSP and use a buffer of that length in calls to InitializeSecurityContextW .
Alexandre Julliard
julliard at winehq.org
Mon Mar 10 17:05:07 CDT 2008
Module: wine
Branch: master
Commit: 0be05ab6aac571865358eea6e1256ff3f19b274c
URL: http://source.winehq.org/git/wine.git/?a=commit;h=0be05ab6aac571865358eea6e1256ff3f19b274c
Author: Rob Shearman <rob at codeweavers.com>
Date: Mon Mar 10 16:41:44 2008 +0000
wininet: Retrieve the maximum token length from the SSP and use a buffer of that length in calls to InitializeSecurityContextW.
Otherwise, InitializeSecurityContextW could run out of space with our
small, fixed buffer and fail.
---
dlls/wininet/http.c | 15 +++++++++++++--
1 files changed, 13 insertions(+), 2 deletions(-)
diff --git a/dlls/wininet/http.c b/dlls/wininet/http.c
index c246001..638e520 100644
--- a/dlls/wininet/http.c
+++ b/dlls/wininet/http.c
@@ -98,6 +98,7 @@ struct HttpAuthInfo
CtxtHandle ctx;
TimeStamp exp;
ULONG attr;
+ ULONG max_token;
void *auth_data;
unsigned int auth_data_len;
BOOL finished; /* finished authenticating */
@@ -476,6 +477,16 @@ static BOOL HTTP_DoAuthorization( LPWININETHTTPREQW lpwhr, LPCWSTR pszAuthValue,
pAuthData, NULL,
NULL, &pAuthInfo->cred,
&exp);
+ if (sec_status == SEC_E_OK)
+ {
+ PSecPkgInfoW sec_pkg_info;
+ sec_status = QuerySecurityPackageInfoW(pAuthInfo->scheme, &sec_pkg_info);
+ if (sec_status == SEC_E_OK)
+ {
+ pAuthInfo->max_token = sec_pkg_info->cbMaxToken;
+ FreeContextBuffer(sec_pkg_info);
+ }
+ }
if (sec_status != SEC_E_OK)
{
WARN("AcquireCredentialsHandleW for scheme %s failed with error 0x%08x\n",
@@ -554,10 +565,10 @@ static BOOL HTTP_DoAuthorization( LPWININETHTTPREQW lpwhr, LPCWSTR pszAuthValue,
HTTP_DecodeBase64(pszAuthData, in.pvBuffer);
}
- buffer = HeapAlloc(GetProcessHeap(), 0, 0x100);
+ buffer = HeapAlloc(GetProcessHeap(), 0, pAuthInfo->max_token);
out.BufferType = SECBUFFER_TOKEN;
- out.cbBuffer = 0x100;
+ out.cbBuffer = pAuthInfo->max_token;
out.pvBuffer = buffer;
out_desc.ulVersion = 0;
More information about the wine-cvs
mailing list