librpc/ndr: make push_charset_to_null UTF-16 safe (CID 1399648)

The length is in test units, not bytes, and includes terminating
nulls. For 16-bit character sets, the terminating null must be two
bytes.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>

diff --git a/librpc/ndr/ndr_string.c b/librpc/ndr/ndr_string.c
index cc3508616bbdea76ff3501a9a0d35d169a41c125..0fefc887c3016d39ea09c1e2f2a7c77ffd322bc8 100644 (file)
--- a/librpc/ndr/ndr_string.c
+++ b/librpc/ndr/ndr_string.c
@@ -682,7 +682,7 @@ _PUBLIC_ enum ndr_err_code ndr_push_charset_to_null(struct ndr_push *ndr, int nd
        const char *str = var;
 
        if (str == NULL) {
-               str = "";
+               str = "\0"; /* i.e. two zero bytes, for UTF16 null word. */
                length = 1;
        }