8 files changed, 83 insertions, 27 deletions

diff --git a/source/libmsrpc/libmsrpc_internal.c b/source/libmsrpc/libmsrpc_internal.c
index bea96fdb007..23207aea093 100644
--- a/source/libmsrpc/libmsrpc_internal.c
+++ b/source/libmsrpc/libmsrpc_internal.c
@@ -264,13 +264,16 @@ REG_VALUE_DATA *cac_MakeRegValueData( TALLOC_CTX * mem_ctx, uint32 data_type,
 
 		data->reg_binary.data_length = size;
 
-		data->reg_binary.data =
-			( uint8 * ) TALLOC_MEMDUP( mem_ctx, buf.buffer,
-						   size );
-		if ( !data->reg_binary.data ) {
-			TALLOC_FREE( data );
-			errno = ENOMEM;
-			data = NULL;
+		if (size) {
+			data->reg_binary.data =
+				( uint8 * ) TALLOC_MEMDUP( mem_ctx, buf.buffer, size );
+			if ( !data->reg_binary.data ) {
+				TALLOC_FREE( data );
+				errno = ENOMEM;
+				data = NULL;
+			}
+		} else {
+			data->reg_binary.data = NULL;
 		}
 		break;
 
diff --git a/source/locking/brlock.c b/source/locking/brlock.c
index 76a4039d823..5da76a1782d 100644
--- a/source/locking/brlock.c
+++ b/source/locking/brlock.c
@@ -1283,10 +1283,15 @@ void brl_close_fnum(struct byte_range_lock *br_lck)
 			unsigned int num_locks_copy;
 
 			/* Copy the current lock array. */
-			locks_copy = (struct lock_struct *)TALLOC_MEMDUP(br_lck, locks, br_lck->num_locks * sizeof(struct lock_struct));
-			if (!locks_copy) {
-				smb_panic("brl_close_fnum: talloc fail.\n");
+			if (br_lck->num_locks) {
+				locks_copy = (struct lock_struct *)TALLOC_MEMDUP(br_lck, locks, br_lck->num_locks * sizeof(struct lock_struct));
+				if (!locks_copy) {
+					smb_panic("brl_close_fnum: talloc fail.\n");
+	 			}
+			} else {	
+				locks_copy = NULL;
 			}
+
 			num_locks_copy = br_lck->num_locks;
 
 			for (i=0; i < num_locks_copy; i++) {
diff --git a/source/registry/reg_objects.c b/source/registry/reg_objects.c
index 83fd85658fb..4103033c751 100644
--- a/source/registry/reg_objects.c
+++ b/source/registry/reg_objects.c
@@ -308,8 +308,16 @@ int regval_ctr_addvalue( REGVAL_CTR *ctr, const char *name, uint16 type,
 	
 	fstrcpy( ctr->values[ctr->num_values]->valuename, name );
 	ctr->values[ctr->num_values]->type = type;
-	ctr->values[ctr->num_values]->data_p = (uint8 *)TALLOC_MEMDUP(
-		ctr, data_p, size );
+	if (size) {
+		ctr->values[ctr->num_values]->data_p = (uint8 *)TALLOC_MEMDUP(
+			ctr, data_p, size );
+		if (!ctr->values[ctr->num_values]->data_p) {
+			ctr->num_values = 0;
+			return 0;
+		}
+	} else {
+		ctr->values[ctr->num_values]->data_p = NULL;
+	}
 	ctr->values[ctr->num_values]->size = size;
 	ctr->num_values++;
 
@@ -348,8 +356,16 @@ int regval_ctr_copyvalue( REGVAL_CTR *ctr, REGISTRY_VALUE *val )
 	
 		fstrcpy( ctr->values[ctr->num_values]->valuename, val->valuename );
 		ctr->values[ctr->num_values]->type = val->type;
-		ctr->values[ctr->num_values]->data_p = (uint8 *)TALLOC_MEMDUP(
-			ctr, val->data_p, val->size );
+		if (val->size) {
+			ctr->values[ctr->num_values]->data_p = (uint8 *)TALLOC_MEMDUP(
+				ctr, val->data_p, val->size );
+			if (!ctr->values[ctr->num_values]->data_p) {
+				ctr->num_values = 0;
+				return 0;
+			}
+		} else {
+			ctr->values[ctr->num_values]->data_p = NULL;
+		}
 		ctr->values[ctr->num_values]->size = val->size;
 		ctr->num_values++;
 	}
diff --git a/source/rpc_client/cli_spoolss.c b/source/rpc_client/cli_spoolss.c
index 75c617c944c..2d40f5dba1a 100644
--- a/source/rpc_client/cli_spoolss.c
+++ b/source/rpc_client/cli_spoolss.c
@@ -1609,7 +1609,11 @@ WERROR rpccli_spoolss_getprinterdata(struct rpc_pipe_client *cli, TALLOC_CTX *me
 
 	/* Return output parameters */
 
-	value->data_p = (uint8 *)TALLOC_MEMDUP(mem_ctx, out.data, out.needed);
+	if (out.needed) {
+		value->data_p = (uint8 *)TALLOC_MEMDUP(mem_ctx, out.data, out.needed);
+	} else {
+		value->data_p = NULL;
+	}
 	value->type = out.type;
 	value->size = out.size;
 
@@ -1662,7 +1666,11 @@ WERROR rpccli_spoolss_getprinterdataex(struct rpc_pipe_client *cli, TALLOC_CTX *
 
 	/* Return output parameters */
 
-	value->data_p = (uint8 *)TALLOC_MEMDUP(mem_ctx, out.data, out.needed);
+	if (out.needed) {
+		value->data_p = (uint8 *)TALLOC_MEMDUP(mem_ctx, out.data, out.needed);
+	} else {
+		value->data_p = NULL;
+	}
 	value->type = out.type;
 	value->size = out.needed;
 	
@@ -1758,8 +1766,12 @@ WERROR rpccli_spoolss_enumprinterdata(struct rpc_pipe_client *cli, TALLOC_CTX *m
 	if (value) {
 		rpcstr_pull(value->valuename, out.value, sizeof(value->valuename), -1,
 			    STR_TERMINATE);
-		value->data_p = (uint8 *)TALLOC_MEMDUP(mem_ctx, out.data,
+		if (out.realdatasize) {
+			value->data_p = (uint8 *)TALLOC_MEMDUP(mem_ctx, out.data,
 						       out.realdatasize);
+		} else {
+			value->data_p = NULL;
+		}
 		value->type = out.type;
 		value->size = out.realdatasize;
 	}
diff --git a/source/rpc_parse/parse_spoolss.c b/source/rpc_parse/parse_spoolss.c
index 57899ceff30..ae82f9c1164 100644
--- a/source/rpc_parse/parse_spoolss.c
+++ b/source/rpc_parse/parse_spoolss.c
@@ -5255,9 +5255,13 @@ BOOL make_spoolss_buffer5(TALLOC_CTX *mem_ctx, BUFFER5 *buf5, uint32 len, uint16
 
 	buf5->buf_len = len;
 	if (src) {
-		if((buf5->buffer=(uint16*)TALLOC_MEMDUP(mem_ctx, src, sizeof(uint16)*len)) == NULL) {
-			DEBUG(0,("make_spoolss_buffer5: Unable to malloc memory for buffer!\n"));
-			return False;
+		if (len) {
+			if((buf5->buffer=(uint16*)TALLOC_MEMDUP(mem_ctx, src, sizeof(uint16)*len)) == NULL) {
+				DEBUG(0,("make_spoolss_buffer5: Unable to malloc memory for buffer!\n"));
+				return False;
+			}
+		} else {
+			buf5->buffer = NULL;
 		}
 	} else {
 		buf5->buffer=NULL;
diff --git a/source/rpc_server/srv_spoolss_nt.c b/source/rpc_server/srv_spoolss_nt.c
index c3ba771ddb7..d85691ddc8d 100644
--- a/source/rpc_server/srv_spoolss_nt.c
+++ b/source/rpc_server/srv_spoolss_nt.c
@@ -1408,11 +1408,15 @@ static DEVICEMODE* dup_devicemode(TALLOC_CTX *ctx, DEVICEMODE *devmode)
 			return NULL;
 	}
 
-	d->dev_private = (uint8 *)TALLOC_MEMDUP(ctx, devmode->dev_private,
+	if (devmode->driverextra) {
+		d->dev_private = (uint8 *)TALLOC_MEMDUP(ctx, devmode->dev_private,
 						devmode->driverextra);
-	if (!d->dev_private) {
-		return NULL;
-	}	
+		if (!d->dev_private) {
+			return NULL;
+		}	
+	} else {
+		d->dev_private = NULL;
+	}
 	return d;
 }
 
diff --git a/source/rpcclient/cmd_spoolss.c b/source/rpcclient/cmd_spoolss.c
index 2665a30dc3a..41e27c16822 100644
--- a/source/rpcclient/cmd_spoolss.c
+++ b/source/rpcclient/cmd_spoolss.c
@@ -2022,15 +2022,23 @@ static WERROR cmd_spoolss_setprinterdata(struct rpc_pipe_client *cli,
 		UNISTR2 data;
 		init_unistr2(&data, argv[4], UNI_STR_TERMINATE);
 		value.size = data.uni_str_len * 2;
-		value.data_p = (uint8 *)TALLOC_MEMDUP(mem_ctx, data.buffer,
+		if (value.size) {
+			value.data_p = (uint8 *)TALLOC_MEMDUP(mem_ctx, data.buffer,
 						      value.size);
+		} else {
+			value.data_p = NULL;
+		}
 		break;
 	}
 	case REG_DWORD: {
 		uint32 data = strtoul(argv[4], NULL, 10);
 		value.size = sizeof(data);
-		value.data_p = (uint8 *)TALLOC_MEMDUP(mem_ctx, &data,
+		if (sizeof(data)) {
+			value.data_p = (uint8 *)TALLOC_MEMDUP(mem_ctx, &data,
 						      sizeof(data));
+		} else {
+			value.data_p = NULL;
+		}
 		break;
 	}
 	case REG_BINARY: {
diff --git a/source/utils/net_rpc_printer.c b/source/utils/net_rpc_printer.c
index 8808d549ac5..1f277338521 100644
--- a/source/utils/net_rpc_printer.c
+++ b/source/utils/net_rpc_printer.c
@@ -2327,7 +2327,11 @@ NTSTATUS rpc_printer_migrate_settings_internals(const DOM_SID *domain_sid,
 
 					value.type = REG_SZ;
 					value.size = data.uni_str_len * 2;
-					value.data_p = TALLOC_MEMDUP(mem_ctx, data.buffer, value.size);
+					if (value.size) {
+						value.data_p = TALLOC_MEMDUP(mem_ctx, data.buffer, value.size);
+					} else {
+						value.data_p = NULL;
+					}
 
 					if (opt_verbose) 
 						display_reg_value(subkey, value);