[chromium-bugs] Issue 6894 in chromium: Proxy lookup in proxy_resolver_winhttp.cc looks incorrect

Thu, 22 Jan 2009 20:00:57 -0800 

Status: Unconfirmed
Owner: [email protected]
Labels: Type-Bug Pri-2 OS-All Area-Misc

New issue 6894 by corwinjoy: Proxy lookup in proxy_resolver_winhttp.cc  
looks incorrect
http://code.google.com/p/chromium/issues/detail?id=6894

Chrome Version       : File revision 7323 (latest as of Fri Dec 19)

Currently the code to retrieve proxy information if no PAC file is
specified looks like this (line 69 ff)

options.lpszAutoConfigUrl =
       pac_url_wide.empty() ? L"http://wpad/wpad.dat"; : pac_url_wide.c_str();

...
   BOOL ok = CallWinHttpGetProxyForUrl(...)

I believe this is flawed because I suspect this default pac_url may go to
wpad.com instead of the local WPAD configuration when there is no WPAD
setup.  See http://www.wpad.com/ where he complains about getting threats
due to buggy browser traffic.  Instead it seems that the default should be
"wpad.foo.com" where "foo.com" is the domain name of the computer.  Even
better, if a PAC is not specified why not call the API "properly" and ask
it to use DNS lookup if that's what we want?  According to the microsoft
docs at http://msdn.microsoft.com/en-us/library/aa384122(VS.85).aspx I
think the code should therefore look like:

if(pac_url_wide.empty()) {

       // Use auto-detection because the Proxy
       // Auto-Config URL is not known.
       options.dwFlags = WINHTTP_AUTOPROXY_AUTO_DETECT;

       // Use only DNS-based auto-detection.
       // DHCP may be buggy as stated above?
       options.dwAutoDetectFlags = WINHTTP_AUTO_DETECT_TYPE_DNS_A;
}
else
{
       // Use PAC configuration
       options.dwFlags = WINHTTP_AUTOPROXY_CONFIG_URL;
       std::wstring pac_url_wide = ASCIIToWide(pac_url);
       options.lpszAutoConfigUrl = pac_url_wide.c_str();
}



--
You received this message because you are listed in the owner
or CC fields of this issue, or because you starred this issue.
You may adjust your issue notification preferences at:
http://code.google.com/hosting/settings

--~--~---------~--~----~------------~-------~--~----~
Automated mail from issue updates at http://crbug.com/
Subscription options: http://groups.google.com/group/chromium-bugs
-~----------~----~----~----~------~----~------~--~---

Reply via email to