diff --git a/dlls/wininet/cookie.c b/dlls/wininet/cookie.c index 1786b3d2819..66c012a0db0 100644 --- a/dlls/wininet/cookie.c +++ b/dlls/wininet/cookie.c @@ -977,7 +977,7 @@ DWORD set_cookie(substr_t domain, substr_t path, substr_t name, substr_t data, D substr_skip(&data, len); - if(end_ptr - data.str < ARRAY_SIZE(buf)-1) { + if(end_ptr > data.str && (end_ptr - data.str < ARRAY_SIZE(buf) - 1)) { memcpy(buf, data.str, data.len*sizeof(WCHAR)); buf[data.len] = 0; diff --git a/dlls/wininet/tests/internet.c b/dlls/wininet/tests/internet.c index e69b45a7e6f..ef1adefd1a3 100644 --- a/dlls/wininet/tests/internet.c +++ b/dlls/wininet/tests/internet.c @@ -510,7 +510,7 @@ static void test_complicated_cookie(void) len = 1024; ret = InternetGetCookieA("http://testing.example.com/bar/foo", NULL, buffer, &len); ok(ret == TRUE,"InternetGetCookie failed\n"); - ok(len == 24, "len = %u\n", 24); + ok(len == 24, "len = %u\n", len); ok(strstr(buffer,"A=B")!=NULL,"A=B missing\n"); ok(strstr(buffer,"C=D")!=NULL,"C=D missing\n"); ok(strstr(buffer,"E=F")!=NULL,"E=F missing\n"); @@ -524,16 +524,26 @@ static void test_complicated_cookie(void) len = 1024; ret = InternetGetCookieA("http://testing.example.com/bar/foo", "A", buffer, &len); ok(ret == TRUE,"InternetGetCookie failed\n"); - ok(len == 24, "len = %u\n", 24); + ok(len == 24, "len = %u\n", len); /* test persistent cookies */ ret = InternetSetCookieA("http://testing.example.com", NULL, "A=B; expires=Fri, 01-Jan-2038 00:00:00 GMT"); ok(ret, "InternetSetCookie failed with error %d\n", GetLastError()); + /* test invalid expires parameter */ + ret = InternetSetCookieA("http://testing.example.com", NULL, "Q=R; expires="); + ok(ret, "InternetSetCookie failed %#x.\n", GetLastError()); + len = 1024; + memset(buffer, 0xac, sizeof(buffer)); + ret = InternetGetCookieA("http://testing.example.com/", NULL, buffer, &len); + ok(ret, "InternetGetCookie failed %#x.\n", GetLastError()); + ok(len == 29, "got len %u.\n", len); + ok(!!strstr(buffer, "Q=R"), "cookie is not present.\n"); + len = sizeof(buffer); ret = InternetGetCookieA("http://testing.example.com/foobar", NULL, buffer, &len); - ok(ret, "got error %u\n", GetLastError()); - ok(len == 24, "got len %u\n", len); + ok(ret, "got error %#x\n", GetLastError()); + ok(len == 29, "got len %u\n", len); ok(!!strstr(buffer, "A=B"), "cookie is not present\n"); /* remove persistent cookie */