From 7b9ef5e8409cdfba121a0520fd5e3b10467c20b4 Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vlendec@samba.org>
Date: Sun, 15 Oct 2006 16:06:10 +0000
Subject: r19292: Avoid some potential segfaults: In winreg_EnumValue all
 pointers are unique pointers and can thus be independently NULL.

Thanks,

Volker
(This used to be commit d48ac0726a931a7200c47a87f771b74826ab9c96)
---
 source3/rpc_server/srv_winreg_nt.c | 30 +++++++++++++++++++++---------
 1 file changed, 21 insertions(+), 9 deletions(-)

diff --git a/source3/rpc_server/srv_winreg_nt.c b/source3/rpc_server/srv_winreg_nt.c
index 090338a301..a892a9bb8d 100644
--- a/source3/rpc_server/srv_winreg_nt.c
+++ b/source3/rpc_server/srv_winreg_nt.c
@@ -613,19 +613,31 @@ WERROR _winreg_EnumValue(pipes_struct *p, struct policy_handle *handle, uint32_t
 		status = WERR_NOMEM;
 	}
 
-	*value_length =  regval_size( val );
-	*type = val->type;
+	if (type != NULL) {
+		*type = val->type;
+	}
 
-	if ( *data_size == 0 || !data ) {
-		status = WERR_OK;
-	} else if ( *value_length > *data_size ) {
-		status = WERR_MORE_DATA;
-	} else {
-		memcpy( data, regval_data_p(val), *value_length );
+	if (data != NULL) {
+		if ((data_size == NULL) || (value_length == NULL)) {
+			status = WERR_INVALID_PARAM;
+			goto done;
+		}
+
+		if (regval_size(val) > *data_size) {
+			status = WERR_MORE_DATA;
+			goto done;
+		}
+
+		memcpy( data, regval_data_p(val), regval_size(val) );
 		status = WERR_OK;
 	}
 
-	*data_size = *value_length;
+	if (value_length != NULL) {
+		*value_length = regval_size( val );
+	}
+	if (data_size != NULL) {
+		*data_size = regval_size( val );
+	}
 
 done:	
 	free_registry_value( val );
-- 
cgit