From 448850d1e5229c915a9baa9b90a29a57d1cfe4de Mon Sep 17 00:00:00 2001
From: Aurimas Fischer <aurimas@gmail.com>
Date: Mon, 26 Jan 2009 20:54:18 +0200
Subject: advapi32: Fix potential NULL pointer dereference in LookupPrivilegeNameW [with test] (Saturn)

---
 dlls/advapi32/security.c       |    6 ++++++
 dlls/advapi32/tests/security.c |    6 ++++++
 2 files changed, 12 insertions(+), 0 deletions(-)

diff --git a/dlls/advapi32/security.c b/dlls/advapi32/security.c
index 43d6d07..a068de3 100644
--- a/dlls/advapi32/security.c
+++ b/dlls/advapi32/security.c
@@ -1830,6 +1830,12 @@ LookupPrivilegeNameW( LPCWSTR lpSystemName, PLUID lpLuid, LPWSTR lpName,
 
     TRACE("%s,%p,%p,%p\n",debugstr_w(lpSystemName), lpLuid, lpName, cchName);
 
+    if (!lpLuid)
+    {
+        SetLastError(RPC_X_NULL_REF_POINTER);
+        return FALSE;
+    }
+
     if (!ADVAPI_IsLocalComputer(lpSystemName))
     {
         SetLastError(RPC_S_SERVER_UNAVAILABLE);
diff --git a/dlls/advapi32/tests/security.c b/dlls/advapi32/tests/security.c
index 260ebf5..a1510af 100644
--- a/dlls/advapi32/tests/security.c
+++ b/dlls/advapi32/tests/security.c
@@ -590,6 +590,12 @@ static void test_lookupPrivilegeName(void)
         ok( ret || GetLastError() == ERROR_NO_SUCH_PRIVILEGE,
          "LookupPrivilegeNameA(0.%d) failed: %d\n", i, GetLastError());
     }
+    /* check a NULL LUID */
+    cchName = sizeof(buf);
+    ret = pLookupPrivilegeNameA(NULL, NULL, buf, &cchName);
+    ok( !ret && GetLastError() == RPC_X_NULL_REF_POINTER,
+     "LookupPrivilegeNameA didn't fail with RPC_X_NULL_REF_POINTER: %d\n",
+     GetLastError());
     /* check a bogus LUID */
     luid.LowPart = 0xdeadbeef;
     cchName = sizeof(buf);
-- 
1.6.0.4