s4:winreg RPC - don't crash when incoming data wasn't correctly specified

Also found by the WINREG torture test enhancements by gd.

diff --git a/source4/rpc_server/winreg/rpc_winreg.c b/source4/rpc_server/winreg/rpc_winreg.c
index 13c311cd960bbd9ec3845a1b3db52c9b30419114..c12c0c52e7bccecca3ba7aabd376ba7c1fd53d6e 100644 (file)
--- a/source4/rpc_server/winreg/rpc_winreg.c
+++ b/source4/rpc_server/winreg/rpc_winreg.c
@@ -496,9 +496,15 @@ static WERROR dcesrv_winreg_QueryValue(struct dcesrv_call_state *dce_call,
                
                if (!W_ERROR_IS_OK(result)) {
                        /* if the lookup wasn't successful, send client query back */
-                       value_type = *r->in.type;
+                       value_type = 0;
+                       if (r->in.type != NULL) {
+                               value_type = *r->in.type;
+                       }
                        value_data.data = r->in.data;
-                       value_data.length = *r->in.data_length;
+                       value_data.length = 0;
+                       if (r->in.data_length != NULL) {
+                               value_data.length = *r->in.data_length;
+                       }
                }
 
                r->out.type = talloc(mem_ctx, uint32_t);