Hans Leidekker <hans(a)codeweavers.com> wrote:
static NTSTATUS NTAPI kerberos_SpQueryContextAttributes( LSA_SEC_HANDLE context, ULONG attribute, void *buffer ) { TRACE( "(%lx %u %p)\n", context, attribute, buffer ); @@ -1104,7 +1123,7 @@ static NTSTATUS NTAPI kerberos_SpQueryContextAttributes( LSA_SEC_HANDLE context, case SECPKG_ATTR_NEGOTIATION_INFO: { SecPkgContext_NegotiationInfoW *info = (SecPkgContext_NegotiationInfoW *)buffer; - info->PackageInfo = (SecPkgInfoW *)&infoW; + if (!(info->PackageInfo = build_package_info( &infoW ))) return SEC_E_INSUFFICIENT_MEMORY; info->NegotiationState = SECPKG_NEGOTIATION_COMPLETE; return SEC_E_OK; }
I'd assume same thing as MSDN states in the SpGetInfo() notes: the provider is free to return pointers to dynamic and constant data in the returned buffer, and it's responsibility of LSA to copy data to a flat buffer before returning it to a client. Same comment applies to a similar patch for the NTLM provider. -- Dmitry.