Kai Blin : secur32: Copy helper buffer to output buffer before reusing helper buffer.

[Alexandre Julliard]

Module: wine
Branch: master
Commit: fe43d5d4842e2f2a5ff130d0078a165a69110408
URL:    http://source.winehq.org/git/?p=wine.git;a=commit;h=fe43d5d4842e2f2a5ff130d0078a165a69110408

Author: Kai Blin <kai.blin at gmail.com>
Date:   Mon Aug 14 19:35:39 2006 +0200

secur32: Copy helper buffer to output buffer before reusing helper buffer.

---

 dlls/secur32/ntlm.c |   73 +++++++++++++++++++++++++++------------------------
 1 files changed, 38 insertions(+), 35 deletions(-)

diff --git a/dlls/secur32/ntlm.c b/dlls/secur32/ntlm.c
index 5750386..44e8ac0 100644
--- a/dlls/secur32/ntlm.c
+++ b/dlls/secur32/ntlm.c
@@ -577,6 +577,44 @@ static SECURITY_STATUS SEC_ENTRY ntlm_In
             goto isc_end;
         }
 
+        phNewContext->dwUpper = ctxt_attr;
+        phNewContext->dwLower = (ULONG_PTR)helper;
+
+        ret = SEC_E_OK;
+    }
+
+    /* put the decoded client blob into the out buffer */
+
+    if (fContextReq & ISC_REQ_ALLOCATE_MEMORY)
+    {
+        if (pOutput)
+        {
+            pOutput->cBuffers = 1;
+            pOutput->pBuffers[0].pvBuffer = SECUR32_ALLOC(bin_len);
+            pOutput->pBuffers[0].cbBuffer = bin_len;
+        }
+    }
+
+    if (!pOutput || !pOutput->cBuffers || pOutput->pBuffers[0].cbBuffer < bin_len)
+    {
+        TRACE("out buffer is NULL or has not enough space\n");
+        ret = SEC_E_BUFFER_TOO_SMALL;
+        goto isc_end;
+    }
+
+    if (!pOutput->pBuffers[0].pvBuffer)
+    {
+        TRACE("out buffer is NULL\n");
+        ret = SEC_E_INTERNAL_ERROR;
+        goto isc_end;
+    }
+
+    pOutput->pBuffers[0].cbBuffer = bin_len;
+    pOutput->pBuffers[0].BufferType = SECBUFFER_DATA;
+    memcpy(pOutput->pBuffers[0].pvBuffer, bin, bin_len);
+
+    if(ret == SEC_E_OK)
+    {
         TRACE("Getting negotiated flags\n");
         lstrcpynA(buffer, "GF", max_len - 1);
         if((ret = run_helper(helper, buffer, max_len, &buffer_len)) != SEC_E_OK)
@@ -630,43 +668,8 @@ static SECURITY_STATUS SEC_ENTRY ntlm_In
                 memcpy(helper->session_key, bin, bin_len);
             }
         }
-
-        phNewContext->dwUpper = ctxt_attr;
-        phNewContext->dwLower = (ULONG_PTR)helper;
-
-        ret = SEC_E_OK;
-    }
-
-    /* put the decoded client blob into the out buffer */
-
-    if (fContextReq & ISC_REQ_ALLOCATE_MEMORY)
-    {
-        if (pOutput)
-        {
-            pOutput->cBuffers = 1;
-            pOutput->pBuffers[0].pvBuffer = SECUR32_ALLOC(bin_len);
-            pOutput->pBuffers[0].cbBuffer = bin_len;
-        }
     }
 
-    if (!pOutput || !pOutput->cBuffers || pOutput->pBuffers[0].cbBuffer < bin_len)
-    {
-        TRACE("out buffer is NULL or has not enough space\n");
-        ret = SEC_E_BUFFER_TOO_SMALL;
-        goto isc_end;
-    }
-
-    if (!pOutput->pBuffers[0].pvBuffer)
-    {
-        TRACE("out buffer is NULL\n");
-        ret = SEC_E_INTERNAL_ERROR;
-        goto isc_end;
-    }
-
-    pOutput->pBuffers[0].cbBuffer = bin_len;
-    pOutput->pBuffers[0].BufferType = SECBUFFER_DATA;
-    memcpy(pOutput->pBuffers[0].pvBuffer, bin, bin_len);
-
     if(ret != SEC_I_CONTINUE_NEEDED)
     {
         TRACE("Deleting password!\n");