fix for potential lsass.exe crashing due to negative response from

LsaLookupNames being incorrect.  this is a bit wierd: why would the
lsass.exe on the nt _client_ crash due to an LsaLookupNames response
from a samba _server_?
(This used to be commit a15a3f95f2a14ab164ca758e2145444a803190b2)

source3/include/rpc_lsa.h

@@ -218,7 +218,7 @@ typedef struct dom_ref_info
 {
 	uint32 undoc_buffer; /* undocumented buffer pointer. */
 	uint32 num_ref_doms_1; /* num referenced domains */
-	uint32 undoc_buffer2; /* undocumented domain name buffer pointer. */
+	uint32 ptr_ref_dom; /* pointer to referenced domains */
 	uint32 max_entries; /* 32 - max number of entries */
 	uint32 num_ref_doms_2; /* num referenced domains */
 

source3/lsarpcd/srv_lsa.c

@@ -177,7 +177,7 @@ static int make_dom_ref(DOM_R_REF *ref, char *dom_name, DOM_SID *dom_sid)
 
 	ref->undoc_buffer = 1;
 	ref->num_ref_doms_1 = num+1;
-	ref->undoc_buffer2 = 1;
+	ref->ptr_ref_dom  = 1;
 	ref->max_entries = MAX_REF_DOMAINS;
 	ref->num_ref_doms_2 = num+1;
 

source3/rpc_parse/parse_lsa.c

@@ -73,40 +73,44 @@ static void lsa_io_dom_r_ref(char *desc,  DOM_R_REF *r_r, prs_struct *ps, int de
 	
 	prs_uint32("undoc_buffer  ", ps, depth, &(r_r->undoc_buffer  )); /* undocumented buffer pointer. */
 	prs_uint32("num_ref_doms_1", ps, depth, &(r_r->num_ref_doms_1)); /* num referenced domains? */
-	prs_uint32("undoc_buffer2 ", ps, depth, &(r_r->undoc_buffer2 )); /* undocumented buffer pointer. */
+	prs_uint32("ptr_ref_dom   ", ps, depth, &(r_r->ptr_ref_dom   )); /* undocumented buffer pointer. */
 	prs_uint32("max_entries   ", ps, depth, &(r_r->max_entries   )); /* 32 - max number of entries */
-	prs_uint32("num_ref_doms_2", ps, depth, &(r_r->num_ref_doms_2)); /* 4 - num referenced domains? */
 
 	SMB_ASSERT_ARRAY(r_r->hdr_ref_dom, r_r->num_ref_doms_1);
-	SMB_ASSERT_ARRAY(r_r->ref_dom, r_r->num_ref_doms_2);
 
-	for (i = 0; i < r_r->num_ref_doms_1; i++)
+	if (r_r->ptr_ref_dom != 0)
 	{
-		fstring t;
+		prs_uint32("num_ref_doms_2", ps, depth, &(r_r->num_ref_doms_2)); /* 4 - num referenced domains? */
+		SMB_ASSERT_ARRAY(r_r->ref_dom, r_r->num_ref_doms_2);
 
-		slprintf(t, sizeof(t) - 1, "dom_ref[%d] ", i);
-		smb_io_unihdr(t, &(r_r->hdr_ref_dom[i].hdr_dom_name), ps, depth);
-
-		slprintf(t, sizeof(t) - 1, "sid_ptr[%d] ", i);
-		prs_uint32(t, ps, depth, &(r_r->hdr_ref_dom[i].ptr_dom_sid));
-	}
-
-	for (i = 0, n = 0, s = 0; i < r_r->num_ref_doms_2; i++)
-	{
-		fstring t;
-
-		if (r_r->hdr_ref_dom[i].hdr_dom_name.buffer != 0)
+		for (i = 0; i < r_r->num_ref_doms_1; i++)
 		{
+			fstring t;
+
 			slprintf(t, sizeof(t) - 1, "dom_ref[%d] ", i);
-			smb_io_unistr2(t, &(r_r->ref_dom[n].uni_dom_name), True, ps, depth); /* domain name unicode string */
-			n++;
+			smb_io_unihdr(t, &(r_r->hdr_ref_dom[i].hdr_dom_name), ps, depth);
+
+			slprintf(t, sizeof(t) - 1, "sid_ptr[%d] ", i);
+			prs_uint32(t, ps, depth, &(r_r->hdr_ref_dom[i].ptr_dom_sid));
 		}
 
-		if (r_r->hdr_ref_dom[i].ptr_dom_sid != 0)
+		for (i = 0, n = 0, s = 0; i < r_r->num_ref_doms_2; i++)
 		{
-			slprintf(t, sizeof(t) - 1, "sid_ptr[%d] ", i);
-			smb_io_dom_sid2("", &(r_r->ref_dom[s].ref_dom), ps, depth); /* referenced domain SIDs */
-			s++;
+			fstring t;
+
+			if (r_r->hdr_ref_dom[i].hdr_dom_name.buffer != 0)
+			{
+				slprintf(t, sizeof(t) - 1, "dom_ref[%d] ", i);
+				smb_io_unistr2(t, &(r_r->ref_dom[n].uni_dom_name), True, ps, depth); /* domain name unicode string */
+				n++;
+			}
+
+			if (r_r->hdr_ref_dom[i].ptr_dom_sid != 0)
+			{
+				slprintf(t, sizeof(t) - 1, "sid_ptr[%d] ", i);
+				smb_io_dom_sid2("", &(r_r->ref_dom[s].ref_dom), ps, depth); /* referenced domain SIDs */
+				s++;
+			}
 		}
 	}
 }

source3/rpc_server/srv_lsa.c

@@ -177,7 +177,7 @@ static int make_dom_ref(DOM_R_REF *ref, char *dom_name, DOM_SID *dom_sid)
 
 	ref->undoc_buffer = 1;
 	ref->num_ref_doms_1 = num+1;
-	ref->undoc_buffer2 = 1;
+	ref->ptr_ref_dom  = 1;
 	ref->max_entries = MAX_REF_DOMAINS;
 	ref->num_ref_doms_2 = num+1;