From eeb05bf746b0eeeba94fe51180e0ebf855c6967a Mon Sep 17 00:00:00 2001
From: Matthias Dieter Wallnöfer <mwallnoefer@yahoo.de>
Date: Wed, 10 Mar 2010 09:22:42 +0100
Subject: s4:winreg RPC - don't crash when incoming data wasn't correctly
 specified

Also found by the WINREG torture test enhancements by gd.
---
 source4/rpc_server/winreg/rpc_winreg.c | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

(limited to 'source4/rpc_server/winreg/rpc_winreg.c')

diff --git a/source4/rpc_server/winreg/rpc_winreg.c b/source4/rpc_server/winreg/rpc_winreg.c
index 13c311cd96..c12c0c52e7 100644
--- a/source4/rpc_server/winreg/rpc_winreg.c
+++ b/source4/rpc_server/winreg/rpc_winreg.c
@@ -496,9 +496,15 @@ static WERROR dcesrv_winreg_QueryValue(struct dcesrv_call_state *dce_call,
 		
 		if (!W_ERROR_IS_OK(result)) {
 			/* if the lookup wasn't successful, send client query back */
-			value_type = *r->in.type;
+			value_type = 0;
+			if (r->in.type != NULL) {
+				value_type = *r->in.type;
+			}
 			value_data.data = r->in.data;
-			value_data.length = *r->in.data_length;
+			value_data.length = 0;
+			if (r->in.data_length != NULL) {
+				value_data.length = *r->in.data_length;
+			}
 		}
 
 		r->out.type = talloc(mem_ctx, uint32_t);
-- 
cgit