From dff5b9a65fdc1f188150d20dc5af8b5772368d13 Mon Sep 17 00:00:00 2001
From: Alistair Leslie-Hughes <leslie_alistair@hotmail.com>
Date: Wed, 21 Apr 2021 21:06:55 +1000
Subject: [PATCH] secur32: Input Parameter should be NULL on first call to
 InitializeSecurityContextW.

This fixes a crash in "Sea of Thieves".

Signed-off-by: Alistair Leslie-Hughes <leslie_alistair@hotmail.com>
---
 dlls/secur32/schannel.c       |  2 +-
 dlls/secur32/tests/schannel.c | 21 ++++++++++++++++++++-
 2 files changed, 21 insertions(+), 2 deletions(-)

diff --git a/dlls/secur32/schannel.c b/dlls/secur32/schannel.c
index 4699f79ac1f..8a69d01e1f5 100644
--- a/dlls/secur32/schannel.c
+++ b/dlls/secur32/schannel.c
@@ -815,7 +815,7 @@ static SECURITY_STATUS SEC_ENTRY schan_InitializeSecurityContextW(
             return SEC_E_INSUFFICIENT_MEMORY;
     }
 
-    if (!phContext)
+    if (!phContext || (phNewContext && !pInput))
     {
         ULONG_PTR handle;
         struct create_session_params create_params;
diff --git a/dlls/secur32/tests/schannel.c b/dlls/secur32/tests/schannel.c
index 25ae197bca6..232f7619f48 100644
--- a/dlls/secur32/tests/schannel.c
+++ b/dlls/secur32/tests/schannel.c
@@ -1464,7 +1464,7 @@ static void test_communication(void)
     status = InitializeSecurityContextA(&cred_handle, &context, (SEC_CHAR *)"localhost",
         ISC_REQ_CONFIDENTIALITY|ISC_REQ_STREAM,
         0, 0, NULL, 0, &context, &buffers[0], &attrs, NULL);
-    todo_wine ok(status == SEC_I_CONTINUE_NEEDED, "Expected SEC_I_CONTINUE_NEEDED, got %08lx\n", status);
+    ok(status == SEC_I_CONTINUE_NEEDED, "Expected SEC_I_CONTINUE_NEEDED, got %08lx\n", status);
     if (status != SEC_I_CONTINUE_NEEDED)
     {
         skip("skipping remaining renegotiate test\n");
@@ -1508,6 +1508,25 @@ static void test_communication(void)
     }
     ok (status == SEC_E_CERT_EXPIRED, "got %08lx\n", status);
 
+    buf = &buffers[0].pBuffers[0];
+    buf->cbBuffer = buf_size;
+    data_size = receive_data(sock, buf);
+
+    buffers[0].pBuffers[0].cbBuffer = data_size;
+    buffers[0].pBuffers[0].BufferType = SECBUFFER_DATA;
+    buffers[0].pBuffers[1].BufferType = SECBUFFER_EMPTY;
+    status = DecryptMessage(&context, &buffers[0], 0, NULL);
+    todo_wine ok(status == SEC_E_OK, "DecryptMessage failed: %08lx\n", status);
+    if (status == SEC_E_OK)
+    {
+        ok(buffers[0].pBuffers[0].BufferType == SECBUFFER_STREAM_HEADER, "Expected first buffer to be SECBUFFER_STREAM_HEADER\n");
+        ok(buffers[0].pBuffers[1].BufferType == SECBUFFER_DATA, "Expected second buffer to be SECBUFFER_DATA\n");
+        ok(buffers[0].pBuffers[2].BufferType == SECBUFFER_STREAM_TRAILER, "Expected third buffer to be SECBUFFER_STREAM_TRAILER\n");
+
+        data = buffers[0].pBuffers[1].pvBuffer;
+        data[buffers[0].pBuffers[1].cbBuffer] = 0;
+    }
+
 done:
     DeleteSecurityContext(&context);
     FreeCredentialsHandle(&cred_handle);
-- 
2.35.1