2 files changed, 21 insertions, 9 deletions

diff --git a/source3/rpc_parse/parse_misc.c b/source3/rpc_parse/parse_misc.c
index 617552009c..02ab707a40 100644
--- a/source3/rpc_parse/parse_misc.c
+++ b/source3/rpc_parse/parse_misc.c
@@ -473,21 +473,32 @@ BOOL smb_io_unihdr2(char *desc, UNIHDR2 *hdr2, prs_struct *ps, int depth)
 
 void init_unistr(UNISTR *str, const char *buf)
 {
-	size_t len = strlen(buf) + 1;
+	size_t len;
 
-    if (!parse_misc_talloc)
+	if (buf == NULL)
+	{
+		str->buffer = NULL;
+		return;
+	}
+		
+
+	len = strlen(buf) + 1;
+
+    	if (!parse_misc_talloc)
 		parse_misc_talloc = talloc_init();
 
 	if (len < MAX_UNISTRLEN)
 		len = MAX_UNISTRLEN;
 	len *= sizeof(uint16);
 
-    str->buffer = (uint16 *)talloc(parse_misc_talloc, len);
+    	str->buffer = (uint16 *)talloc(parse_misc_talloc, len);
 	if (str->buffer == NULL)
 		smb_panic("init_unistr2: malloc fail\n");
 
 	/* store the string (null-terminated copy) */
 	dos_struni2((char *)str->buffer, buf, len);
+
+	return;
 }
 
 /*******************************************************************
diff --git a/source3/rpc_parse/parse_spoolss.c b/source3/rpc_parse/parse_spoolss.c
index 8ebdd55473..20660a9710 100644
--- a/source3/rpc_parse/parse_spoolss.c
+++ b/source3/rpc_parse/parse_spoolss.c
@@ -711,15 +711,15 @@ BOOL make_spoolss_q_open_printer_ex(SPOOL_Q_OPEN_PRINTER_EX *q_u,
 	q_u->user_switch=1;
 	q_u->user_ctr.level=1;
 	q_u->user_ctr.ptr=1;
-	q_u->user_ctr.user1.size=strlen(clientname)+strlen(user_name)+8;
+	q_u->user_ctr.user1.size=strlen(clientname)+strlen(user_name)+10;
 	q_u->user_ctr.user1.client_name_ptr = (clientname!=NULL)?1:0;
 	q_u->user_ctr.user1.user_name_ptr = (user_name!=NULL)?1:0;
 	q_u->user_ctr.user1.build=1381;
 	q_u->user_ctr.user1.major=2;
 	q_u->user_ctr.user1.minor=0;
 	q_u->user_ctr.user1.processor=0;
-	init_unistr2(&q_u->user_ctr.user1.client_name, clientname, strlen(clientname));
-	init_unistr2(&q_u->user_ctr.user1.user_name, user_name, strlen(user_name));
+	init_unistr2(&q_u->user_ctr.user1.client_name, clientname, strlen(clientname)+1);
+	init_unistr2(&q_u->user_ctr.user1.user_name, user_name, strlen(user_name)+1);
 	
 	return True;
 }
@@ -760,15 +760,16 @@ BOOL make_spoolss_q_addprinterex(SPOOL_Q_ADDPRINTEREX *q_u, const char *srv_name
 
 	q_u->user_ctr.level=1;
 	q_u->user_ctr.ptr=1;
-	q_u->user_ctr.user1.size=strlen(clientname)+strlen(user_name)+8;
 	q_u->user_ctr.user1.client_name_ptr = (clientname!=NULL)?1:0;
 	q_u->user_ctr.user1.user_name_ptr = (user_name!=NULL)?1:0;
 	q_u->user_ctr.user1.build=1381;
 	q_u->user_ctr.user1.major=2;
 	q_u->user_ctr.user1.minor=0;
 	q_u->user_ctr.user1.processor=0;
-	init_unistr2(&q_u->user_ctr.user1.client_name, clientname, strlen(clientname));
-	init_unistr2(&q_u->user_ctr.user1.user_name, user_name, strlen(user_name));
+	init_unistr2(&q_u->user_ctr.user1.client_name, clientname, strlen(clientname)+1);
+	init_unistr2(&q_u->user_ctr.user1.user_name, user_name, strlen(user_name)+1);
+	q_u->user_ctr.user1.size=q_u->user_ctr.user1.user_name.uni_str_len +
+	                         q_u->user_ctr.user1.client_name.uni_str_len + 2;
 	
 	return True;
 }