r19689: Fix a NULL dereference found by coverity (the call to strlen).

Jerry, please check this. The way I understood alpha_strcpy the last arg needs
to be the size of the target, not of the source.

Thanks,

Volker

diff --git a/source/rpc_server/srv_winreg_nt.c b/source/rpc_server/srv_winreg_nt.c
index a892a9bb8d4c91748b1d41f4e4e154994d36f498..1a130f19b6a560f4dbe4900699dc7372bc017f32 100644 (file)
--- a/source/rpc_server/srv_winreg_nt.c
+++ b/source/rpc_server/srv_winreg_nt.c
@@ -689,12 +689,14 @@ WERROR _winreg_InitiateSystemShutdownEx(pipes_struct *p, uint16_t *hostname, str
 
        /* pull the message string and perform necessary sanity checks on it */
 
+       chkmsg[0] = '\0';
+
        if ( message && message->name && message->name->name ) {
                if ( (msg = talloc_strdup(p->mem_ctx, message->name->name )) == NULL ) {
                        return WERR_NOMEM;
                }
+               alpha_strcpy (chkmsg, msg, NULL, sizeof(chkmsg));
        } 
-       alpha_strcpy (chkmsg, msg?msg:"", NULL, strlen(msg));
                
        fstr_sprintf(str_timeout, "%d", timeout);
        fstr_sprintf(r, reboot ? SHUTDOWN_R_STRING : "");