Join GitHub today
UriProtocol function is case sensitive #4461
One of the libs used thoughout the sdk UriUtil.cpp, the UriProtocol function takes a LPCWSTR and sets an out param that is a URI_PROCOTOL enum. It is comparing specific characters without consideration for case. Specifically the comparison for an HTTPS uri is testing for "httpS".
The expected result of this function should be to compare and match the scheme section of a Uri without regard to case and not compare in a manner where it may access outside the bounds of the given string.
This bug was found by creating a bundle installer with a .NET prereq using the BalExtension, then overriding the WixMbaPrereqLicenseUrl to a value that started with "https://". At runtime a link is shown in the installer, but clicking on the link produces the Error 0x80070002: Failed to launch URL to EULA.
We evaluated the out of bounds concern raised in this bug and that is not an issue as long as the strings are null terminated (the SAL annotation on the function suggests they should be). Each character evaluation is AND'd together so if the string is "too short" the null character (
However, the title of the bug is correct. The UriProtocol function in uriutil.cpp is case sensitive.