mirror of https://github.com/OpenVPN/openvpn-gui
Add content-type check for import from URL
For Import from URL, require that response from server must have content-type: application/x-openvpn-profile This reduces chances of mistyped input causing import of random html pages as connection profile. Signed-off-by: Selva Nair <selva.nair@gmail.com>pull/449/head
parent
e80a39c825
commit
90cc9e3cdb
17
as.c
17
as.c
|
@ -113,6 +113,7 @@ struct UrlComponents
|
|||
int port;
|
||||
WCHAR host[URL_LEN];
|
||||
WCHAR path[URL_LEN];
|
||||
char content_type[256];
|
||||
bool https;
|
||||
};
|
||||
|
||||
|
@ -440,6 +441,20 @@ again:
|
|||
goto done;
|
||||
}
|
||||
|
||||
/* check content-type if specified */
|
||||
if (strlen(comps->content_type) > 0)
|
||||
{
|
||||
char tmp[256];
|
||||
DWORD len = sizeof(tmp);
|
||||
BOOL res = HttpQueryInfoA(hRequest, HTTP_QUERY_CONTENT_TYPE, tmp, &len, NULL);
|
||||
if (!res || stricmp(comps->content_type, tmp))
|
||||
{
|
||||
ShowLocalizedMsgEx(MB_OK, hWnd, _T(PACKAGE_NAME), IDS_ERR_URL_IMPORT_PROFILE, 0,
|
||||
L"HTTP content-type mismatch");
|
||||
goto done;
|
||||
}
|
||||
}
|
||||
|
||||
WCHAR name[MAX_PATH] = {0};
|
||||
WCHAR* wbuf = Widen(buf);
|
||||
if (!wbuf) {
|
||||
|
@ -552,6 +567,8 @@ ImportProfileFromURLDialogFunc(HWND hwndDlg, UINT msg, WPARAM wParam, LPARAM lPa
|
|||
else
|
||||
{
|
||||
ParseUrl(url, &comps);
|
||||
strncpy_s(comps.content_type, _countof(comps.content_type),
|
||||
"application/x-openvpn-profile", _TRUNCATE);
|
||||
}
|
||||
BOOL downloaded = DownloadProfile(hwndDlg, &comps, username, password, path, _countof(path));
|
||||
|
||||
|
|
Loading…
Reference in New Issue