From 18549f335761dab893531adfac50a00dfd186ff4 Mon Sep 17 00:00:00 2001
From: Andrew Talbot <andrew.talbot@talbotville.com>
Date: Mon, 22 Aug 2011 21:47:07 +0100
Subject: [PATCH] netapi32: Fix to prevent access beyond nul terminator.

---
 dlls/netapi32/nbt.c | 16 ++++++++++------
 1 file changed, 10 insertions(+), 6 deletions(-)

diff --git a/dlls/netapi32/nbt.c b/dlls/netapi32/nbt.c
index 1115967ec39..404fbd9245c 100644
--- a/dlls/netapi32/nbt.c
+++ b/dlls/netapi32/nbt.c
@@ -1497,13 +1497,17 @@ void NetBTInit(void)
                NetBTNameEncode */
             char *ptr, *lenPtr;
 
-            for (ptr = gScopeID + 1; ptr - gScopeID < sizeof(gScopeID) && *ptr; )
+            for (ptr = gScopeID + 1, lenPtr = gScopeID; ptr - gScopeID < sizeof(gScopeID) && *ptr; ++ptr)
             {
-                for (lenPtr = ptr - 1, *lenPtr = 0;
-                     ptr - gScopeID < sizeof(gScopeID) && *ptr && *ptr != '.';
-                     ptr++)
-                    *lenPtr += 1;
-                ptr++;
+                if (*ptr == '.')
+                {
+                    lenPtr = ptr;
+                    *lenPtr = 0;
+                }
+                else
+                {
+                    ++*lenPtr;
+                }
             }
         }
         if (RegQueryValueExW(hKey, CacheTimeoutW, NULL, NULL,