Fix crash on passing allowed NULL values to winsock API calls

Thu Jul 23 18:21:08 CDT 2009

---
 dlls/ws2_32/Changelog |    1 +
 dlls/ws2_32/async.c   |    8 ++++----
 2 files changed, 5 insertions(+), 4 deletions(-)
 create mode 100644 dlls/ws2_32/Changelog

diff --git a/dlls/ws2_32/Changelog b/dlls/ws2_32/Changelog
new file mode 100644
index 0000000..755a3e7
--- /dev/null
+++ b/dlls/ws2_32/Changelog
@@ -0,0 +1 @@
+Various system calls in async.c should accept NULL values for the service or protocol.  The asynchronous calls try to copy the parameters in some cases, and this copy operation crashes when NULLs are passed in.  This simple fix makes sure to pass through the NULL values without crashing.
diff --git a/dlls/ws2_32/async.c b/dlls/ws2_32/async.c
index 8651141..6afbdc7 100644
--- a/dlls/ws2_32/async.c
+++ b/dlls/ws2_32/async.c
@@ -537,13 +537,13 @@ static HANDLE16	__WSAsyncDBQuery(
 	switch (flags & AQ_MASKPTR1) {
 	case 0:							break;
 	case AQ_COPYPTR1:	xbuflen += int1;		break;
-	case AQ_DUPLOWPTR1:	xbuflen += strlen(ptr1) + 1;	break;
+	case AQ_DUPLOWPTR1:	xbuflen += (ptr1 ? strlen(ptr1)+1:0);	break;
 	}
 
 	switch (flags & AQ_MASKPTR2) {
 	case 0:							break;
 	case AQ_COPYPTR2:	xbuflen += int2;		break;
-	case AQ_DUPLOWPTR2:	xbuflen += strlen(ptr2) + 1;	break;
+	case AQ_DUPLOWPTR2:	xbuflen += (ptr2 ? strlen(ptr2)+1:0);	break;
 	}
 
 	if(!(aq = HeapAlloc(GetProcessHeap(),0,sizeof(async_query) + xbuflen))) {
@@ -555,12 +555,12 @@ static HANDLE16	__WSAsyncDBQuery(
 	if (ptr1) switch (flags & AQ_MASKPTR1) {
 	case 0:											break;
 	case AQ_COPYPTR1:   memcpy(pto, ptr1, int1); ptr1 = pto; pto += int1; 			break;
-	case AQ_DUPLOWPTR1: pfm = ptr1; ptr1 = pto; do *pto++ = tolower(*pfm); while (*pfm++);	break;
+	  case AQ_DUPLOWPTR1: if(!ptr1)break;pfm = ptr1; ptr1 = pto; do *pto++ = tolower(*pfm); while (*pfm++);	break;
 	}
 	if (ptr2) switch (flags & AQ_MASKPTR2) {
 	case 0:											break;
 	case AQ_COPYPTR2:   memcpy(pto, ptr2, int2); ptr2 = pto; pto += int2;			break;
-	case AQ_DUPLOWPTR2: pfm = ptr2; ptr2 = pto; do *pto++ = tolower(*pfm); while (*pfm++);	break;
+	case AQ_DUPLOWPTR2: if(!ptr2)break;pfm = ptr2; ptr2 = pto; do *pto++ = tolower(*pfm); while (*pfm++);	break;
 	}
 
 	aq->hWnd	= HWND_16(hWnd);
-- 
1.6.3.3


