From e0b8e37bf036cbe8b28979b6b504b40a3f97920c Mon Sep 17 00:00:00 2001
From: Juan Lang <juan.lang@gmail.com>
Date: Sat, 20 Oct 2007 14:25:15 -0700
Subject: [PATCH] crypt32: Don't allocate a 0-length string.

---
 dlls/crypt32/str.c | 35 +++++++++++++++++++++++------------
 1 file changed, 23 insertions(+), 12 deletions(-)

diff --git a/dlls/crypt32/str.c b/dlls/crypt32/str.c
index 96778972b7c..a4dc60f6eff 100644
--- a/dlls/crypt32/str.c
+++ b/dlls/crypt32/str.c
@@ -640,22 +640,33 @@ static BOOL CRYPT_EncodeValueWithType(DWORD dwCertEncodingType,
  LPCWSTR *ppszError)
 {
     CERT_NAME_VALUE nameValue = { type, { 0, NULL } };
-    BOOL ret = FALSE;
+    BOOL ret = TRUE;
 
-    nameValue.Value.pbData = CryptMemAlloc((value->end - value->start) *
-     sizeof(WCHAR));
-    if (nameValue.Value.pbData)
+    if (value->end > value->start)
     {
-        DWORD i;
-        LPWSTR ptr = (LPWSTR)nameValue.Value.pbData;
-
-        for (i = 0; i < value->end - value->start; i++)
+        nameValue.Value.pbData = CryptMemAlloc((value->end - value->start) *
+         sizeof(WCHAR));
+        if (!nameValue.Value.pbData)
         {
-            *ptr++ = value->start[i];
-            if (value->start[i] == '"')
-                i++;
+            SetLastError(ERROR_OUTOFMEMORY);
+            ret = FALSE;
+        }
+    }
+    if (ret)
+    {
+        if (value->end > value->start)
+        {
+            DWORD i;
+            LPWSTR ptr = (LPWSTR)nameValue.Value.pbData;
+
+            for (i = 0; i < value->end - value->start; i++)
+            {
+                *ptr++ = value->start[i];
+                if (value->start[i] == '"')
+                    i++;
+            }
+            nameValue.Value.cbData = (LPBYTE)ptr - nameValue.Value.pbData;
         }
-        nameValue.Value.cbData = (LPBYTE)ptr - nameValue.Value.pbData;
         ret = CryptEncodeObjectEx(dwCertEncodingType, X509_UNICODE_NAME_VALUE,
          &nameValue, CRYPT_ENCODE_ALLOC_FLAG, NULL, &output->pbData,
          &output->cbData);