From 09355b7855650cc52781796ad0a5fd28504ea3d0 Mon Sep 17 00:00:00 2001
From: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Date: Fri, 10 May 2019 15:35:32 +1200
Subject: [PATCH] util/charset/convert_string: always set length

In failure cases the destination string pointer is set to NULL, but
the size is not changed. Some callers have not been checking the
return value and passing the destination pointer and uninitialised
length onto other functions. We can curse and blame those callers, but
let's also keep them safe.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
---
 lib/util/charset/convert_string.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/lib/util/charset/convert_string.c b/lib/util/charset/convert_string.c
index 196302aacfd..41970652154 100644
--- a/lib/util/charset/convert_string.c
+++ b/lib/util/charset/convert_string.c
@@ -357,6 +357,9 @@ bool convert_string_talloc_handle(TALLOC_CTX *ctx, struct smb_iconv_handle *ic,
 	void **dest = (void **)dst;
 
 	*dest = NULL;
+	if (converted_size != NULL) {
+		*converted_size = 0;
+	}
 
 	if (src == NULL || srclen == (size_t)-1) {
 		errno = EINVAL;