From da2ad05136f8f9c4863921c9042ae9d2d78ccde9 Mon Sep 17 00:00:00 2001
From: Hans Leidekker <hans@codeweavers.com>
Date: Sun, 27 Jul 2014 14:43:23 -0600
Subject: secur32: Use an empty buffer in DecryptMessage to return decrypted
 data.

---
 dlls/secur32/schannel.c |   14 +++++++++++++-
 1 file changed, 13 insertions(+), 1 deletion(-)

diff --git a/dlls/secur32/schannel.c b/dlls/secur32/schannel.c
index 5b86a75..502d0f2 100644
--- a/dlls/secur32/schannel.c
+++ b/dlls/secur32/schannel.c
@@ -1209,7 +1209,7 @@ static SECURITY_STATUS SEC_ENTRY schan_DecryptMessage(PCtxtHandle context_handle
 {
     struct schan_transport transport;
     struct schan_context *ctx;
-    SecBuffer *buffer;
+    SecBuffer *buffer, *out_buffer;
     SIZE_T data_size;
     char *data;
     unsigned expected_size;
@@ -1296,6 +1296,18 @@ static SECURITY_STATUS SEC_ENTRY schan_DecryptMessage(PCtxtHandle context_handle
     buffer->BufferType = SECBUFFER_STREAM_HEADER;
     buffer->cbBuffer = 5;
 
+    idx = schan_find_sec_buffer_idx(message, 0, SECBUFFER_EMPTY);
+    if (idx == -1)
+    {
+        WARN("No empty buffer passed\n");
+        return SEC_E_INTERNAL_ERROR;
+    }
+
+    out_buffer = &message->pBuffers[idx];
+    out_buffer->BufferType = SECBUFFER_DATA;
+    out_buffer->cbBuffer = buffer->cbBuffer;
+    out_buffer->pvBuffer = buffer->pvBuffer;
+
     return SEC_E_OK;
 }
 
-- 
1.7.9.5