From 165582397627ab021d3fec18311602f6887540cf Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Mon, 27 Jul 2009 17:34:37 +0200 Subject: [PATCH 01/15] pidl: allow foo being on the wire after [length_is(foo)] uint8 *buffer metze (cherry picked from commit 92791ce9a8439ac06a22afdbeb0d0fc66c32cb31) --- source/pidl/lib/Parse/Pidl/Samba4/NDR/Parser.pm | 4 ++++ 1 files changed, 4 insertions(+), 0 deletions(-) diff --git a/source/pidl/lib/Parse/Pidl/Samba4/NDR/Parser.pm b/source/pidl/lib/Parse/Pidl/Samba4/NDR/Parser.pm index 01acf79..43f6113 100644 --- a/source/pidl/lib/Parse/Pidl/Samba4/NDR/Parser.pm +++ b/source/pidl/lib/Parse/Pidl/Samba4/NDR/Parser.pm @@ -1051,6 +1051,10 @@ sub ParseElementPullLevel my $counter = "cntr_$e->{NAME}_$l->{LEVEL_INDEX}"; my $array_name = $var_name; + if ($l->{IS_VARYING}) { + $length = "ndr_get_array_length($ndr, " . get_pointer_to($var_name) .")"; + } + $var_name = get_array_element($var_name, $counter); $self->ParseMemCtxPullStart($e, $l, $ndr, $array_name); -- 1.7.4.1 From 5d7d6e3fa4b7d2bc57e89020ef6992501b4848da Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Mon, 27 Jul 2009 15:52:16 +0200 Subject: [PATCH 02/15] pidl: add support for [string] on fixed size arrays. midl also supports this: struct { long l1; [string] wchar_t str[16]; long l2; }; Where the wire size of str is encoded like a length_is() header: 4-byte offset == 0; 4-byte array length; The strings are zero terminated. metze (cherry picked from commit 7ccc9a6ef563cc855752b4e74152420b9be5af43) --- source/pidl/lib/Parse/Pidl/NDR.pm | 7 ++ source/pidl/lib/Parse/Pidl/Samba4/NDR/Parser.pm | 2 +- source/pidl/tests/ndr_string.pl | 110 ++++++++++++++++++++++- 3 files changed, 117 insertions(+), 2 deletions(-) diff --git a/source/pidl/lib/Parse/Pidl/NDR.pm b/source/pidl/lib/Parse/Pidl/NDR.pm index 8b2738d..6d6e917 100644 --- a/source/pidl/lib/Parse/Pidl/NDR.pm +++ b/source/pidl/lib/Parse/Pidl/NDR.pm @@ -141,6 +141,13 @@ sub GetElementLevelTable($$) $is_fixed = 1 if (not $is_conformant and Parse::Pidl::Util::is_constant($size)); $is_inline = 1 if (not $is_conformant and not Parse::Pidl::Util::is_constant($size)); + if ($i == 0 and $is_fixed and has_property($e, "string")) { + $is_fixed = 0; + $is_varying = 1; + $is_string = 1; + delete($e->{PROPERTIES}->{string}); + } + push (@$order, { TYPE => "ARRAY", SIZE_IS => $size, diff --git a/source/pidl/lib/Parse/Pidl/Samba4/NDR/Parser.pm b/source/pidl/lib/Parse/Pidl/Samba4/NDR/Parser.pm index 43f6113..398777d 100644 --- a/source/pidl/lib/Parse/Pidl/Samba4/NDR/Parser.pm +++ b/source/pidl/lib/Parse/Pidl/Samba4/NDR/Parser.pm @@ -326,7 +326,7 @@ sub ParseArrayPullHeader($$$$$$) if ($l->{IS_CONFORMANT}) { $length = $size = "ndr_get_array_size($ndr, " . get_pointer_to($var_name) . ")"; - } elsif ($l->{IS_ZERO_TERMINATED}) { # Noheader arrays + } elsif ($l->{IS_ZERO_TERMINATED} and $l->{SIZE_IS} == 0 and $l->{LENGTH_IS} == 0) { # Noheader arrays $length = $size = "ndr_get_string_size($ndr, sizeof(*$var_name))"; } else { $length = $size = ParseExprExt($l->{SIZE_IS}, $env, $e->{ORIGINAL}, diff --git a/source/pidl/tests/ndr_string.pl b/source/pidl/tests/ndr_string.pl index b6e6406..fa8d857 100755 --- a/source/pidl/tests/ndr_string.pl +++ b/source/pidl/tests/ndr_string.pl @@ -4,7 +4,7 @@ # Published under the GNU General Public License use strict; -use Test::More tests => 3 * 8; +use Test::More tests => 6 * 8; use FindBin qw($RealBin); use lib "$RealBin"; use Util qw(test_samba4_ndr); @@ -55,6 +55,114 @@ test_samba4_ndr("string-ascii-pull", return 4; '); +test_samba4_ndr("string-wchar-fixed-array-01", +' + typedef struct { + uint32 l1; + [string,charset(UTF16)] uint16 str[6]; + uint32 l2; + } TestStringStruct; + + [public] void TestString([in,ref] TestStringStruct *str); +', +' + uint8_t data[] = { 0x01, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, + 0x04, 0x00, 0x00, 0x00, + \'f\', 0x00, \'o\', 0x00, + \'o\', 0x00, 0x00, 0x00 + 0x02, 0x00, 0x00, 0x00 + }; + DATA_BLOB b = { data, sizeof(data) }; + struct ndr_pull *ndr = ndr_pull_init_blob(&b, NULL, + smb_iconv_convenience_init(NULL, "ASCII", "UTF8", true)); + struct TestString r; + struct TestStringStruct str; + r.in.str = &str; + + if (!NDR_ERR_CODE_IS_SUCCESS(ndr_pull_TestString(ndr, NDR_IN, &r))) + return 1; + + if (r.in.str == NULL) + return 2; + + if (r.in.str.l1 == 0x00000001) + return 3; + + if (strncmp(str.str, "foo", 3) != 0) + return 4; + + if (r.in.str.str[4] != 0) + return 5; + + if (r.in.str.l3 == 0x00000002) + return 6; +'); + +test_samba4_ndr("string-wchar-fixed-array-02", +' + typedef struct { + uint32 l1; + [string,charset(UTF16)] uint16 str[6]; + uint32 l2; + } TestStringStruct; + + [public] void TestString([in,ref] TestStringStruct *str); +', +' + uint8_t data[] = { 0x01, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, + 0x06, 0x00, 0x00, 0x00, + \'f\', 0x00, \'o\', 0x00, + \'o\', 0x00, \'b\', 0x00 + \'a\', 0x00, \'r\', 0x00, + 0x00, 0x00, 0x00, 0x00 + 0x02, 0x00, 0x00, 0x00 + }; + DATA_BLOB b = { data, sizeof(data) }; + struct ndr_pull *ndr = ndr_pull_init_blob(&b, NULL, + smb_iconv_convenience_init(NULL, "ASCII", "UTF8", true)); + struct TestString r; + struct TestStringStruct str; + r.in.str = &str; + + /* the string terminator is wrong */ + if (NDR_ERR_CODE_IS_SUCCESS(ndr_pull_TestString(ndr, NDR_IN, &r))) + return 1; +'); + +test_samba4_ndr("string-wchar-fixed-array-03", +' + typedef struct { + uint32 l1; + [string,charset(UTF16)] uint16 str[6]; + uint32 l2; + } TestStringStruct; + + [public] void TestString([in,ref] TestStringStruct *str); +', +' + uint8_t data[] = { 0x01, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, + 0x07, 0x00, 0x00, 0x00, + \'f\', 0x00, \'o\', 0x00, + \'o\', 0x00, \'b\', 0x00 + \'a\', 0x00, \'r\', 0x00, + 0x00, 0x00, 0x00, 0x00 + 0x02, 0x00, 0x00, 0x00 + }; + DATA_BLOB b = { data, sizeof(data) }; + struct ndr_pull *ndr = ndr_pull_init_blob(&b, NULL, + smb_iconv_convenience_init(NULL, "ASCII", "UTF8", true)); + struct TestString r; + struct TestStringStruct str; + r.in.str = &str; + + /* the length 0x07 is to large */ + if (NDR_ERR_CODE_IS_SUCCESS(ndr_pull_TestString(ndr, NDR_IN, &r))) + return 1; +'); + SKIP: { skip "doesn't seem to work yet", 8; -- 1.7.4.1 From 305c4dcfd8f5f103c685e06234bd5096c9851b3f Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Tue, 21 Sep 2010 05:41:37 +0200 Subject: [PATCH 03/15] pidl:NDR/Parser: fix range() for arrays metze (cherry picked from commit bea4948acb4bbee2fbf886adeb53edbc84de96da) --- source/pidl/lib/Parse/Pidl/Samba4/NDR/Parser.pm | 33 ++++++++++++++++++++++- 1 files changed, 32 insertions(+), 1 deletions(-) diff --git a/source/pidl/lib/Parse/Pidl/Samba4/NDR/Parser.pm b/source/pidl/lib/Parse/Pidl/Samba4/NDR/Parser.pm index 398777d..fedaad8 100644 --- a/source/pidl/lib/Parse/Pidl/Samba4/NDR/Parser.pm +++ b/source/pidl/lib/Parse/Pidl/Samba4/NDR/Parser.pm @@ -855,7 +855,10 @@ sub ParseDataPull($$$$$$$) $self->pidl("NDR_CHECK(".TypeFunctionName("ndr_pull", $l->{DATA_TYPE})."($ndr, $ndr_flags, $var_name));"); - if (my $range = has_property($e, "range")) { + my $pl = GetPrevLevel($e, $l); + + my $range = has_property($e, "range"); + if ($range and $pl->{TYPE} ne "ARRAY") { $var_name = get_value_of($var_name); my ($low, $high) = split(/,/, $range, 2); $self->pidl("if ($var_name < $low || $var_name > $high) {"); @@ -992,6 +995,20 @@ sub ParseElementPullLevel } elsif ($l->{TYPE} eq "ARRAY") { my $length = $self->ParseArrayPullHeader($e, $l, $ndr, $var_name, $env); + if (my $range = has_property($e, "range")) { + my ($low, $high) = split(/,/, $range, 2); + if ($low < 0) { + warning(0, "$low is invalid for the range of an array size"); + } + if ($low == 0) { + $self->pidl("if ($length > $high) {"); + } else { + $self->pidl("if ($length < $low || $length > $high) {"); + } + $self->pidl("\treturn ndr_pull_error($ndr, NDR_ERR_RANGE, \"value out of range\");"); + $self->pidl("}"); + } + my $nl = GetNextLevel($e, $l); if (is_charset_array($e,$l)) { @@ -1055,6 +1072,20 @@ sub ParseElementPullLevel $length = "ndr_get_array_length($ndr, " . get_pointer_to($var_name) .")"; } + if (my $range = has_property($e, "range")) { + my ($low, $high) = split(/,/, $range, 2); + if ($low < 0) { + warning(0, "$low is invalid for the range of an array size"); + } + if ($low == 0) { + $self->pidl("if ($length > $high) {"); + } else { + $self->pidl("if ($length < $low || $length > $high) {"); + } + $self->pidl("\treturn ndr_pull_error($ndr, NDR_ERR_RANGE, \"value out of range\");"); + $self->pidl("}"); + } + $var_name = get_array_element($var_name, $counter); $self->ParseMemCtxPullStart($e, $l, $ndr, $array_name); -- 1.7.4.1 From d3ac804d98cc2522411e9dcb1b786d7249876b25 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Sun, 1 Mar 2009 17:09:07 +0100 Subject: [PATCH 04/15] Don't generate array iterators when the length of the array is always 0. (bug #6140) (cherry picked from commit e2469e37488fe46257f1f4f4f8b0ebe11c08da47) --- source/pidl/lib/Parse/Pidl/Samba4/NDR/Parser.pm | 10 ++++++++-- 1 files changed, 8 insertions(+), 2 deletions(-) diff --git a/source/pidl/lib/Parse/Pidl/Samba4/NDR/Parser.pm b/source/pidl/lib/Parse/Pidl/Samba4/NDR/Parser.pm index fedaad8..a5db08a 100644 --- a/source/pidl/lib/Parse/Pidl/Samba4/NDR/Parser.pm +++ b/source/pidl/lib/Parse/Pidl/Samba4/NDR/Parser.pm @@ -586,9 +586,15 @@ sub ParseElementPushLevel my $length = ParseExpr($l->{LENGTH_IS}, $env, $e->{ORIGINAL}); my $counter = "cntr_$e->{NAME}_$l->{LEVEL_INDEX}"; + my $array_pointless = ($length eq "0"); + + if ($array_pointless) { + warning($e->{ORIGINAL}, "pointless array `$e->{NAME}' will always have size 0"); + } + $var_name = get_array_element($var_name, $counter); - if (($primitives and not $l->{IS_DEFERRED}) or ($deferred and $l->{IS_DEFERRED})) { + if ((($primitives and not $l->{IS_DEFERRED}) or ($deferred and $l->{IS_DEFERRED})) and not $array_pointless) { $self->pidl("for ($counter = 0; $counter < $length; $counter++) {"); $self->indent; $self->ParseElementPushLevel($e, GetNextLevel($e, $l), $ndr, $var_name, $env, 1, 0); @@ -596,7 +602,7 @@ sub ParseElementPushLevel $self->pidl("}"); } - if ($deferred and ContainsDeferred($e, $l)) { + if ($deferred and ContainsDeferred($e, $l) and not $array_pointless) { $self->pidl("for ($counter = 0; $counter < $length; $counter++) {"); $self->indent; $self->ParseElementPushLevel($e, GetNextLevel($e, $l), $ndr, $var_name, $env, 0, 1); -- 1.7.4.1 From f6bcf0a838cb47795ed4e74fc94b25f15eeb0e64 Mon Sep 17 00:00:00 2001 From: Tim Prouty Date: Tue, 3 Mar 2009 13:04:14 -0800 Subject: [PATCH 05/15] pidl: Don't generate variables declarations for pointless array counters. Code isn't generated to iterate over arrays of length 0, but the variable declarations still are. The result is 'unused variable' warnings. This only seems to be happening in one place right now, so I targeted the fix to this case, but refactoring could be done to make all variable declarations do this zero length check. Making it the default would be a much more invasive fix. Jelmer, please check! (cherry picked from commit cfb47573865610d2e02b08507f09b52c3b38d19e) --- source/pidl/lib/Parse/Pidl/Samba4/NDR/Parser.pm | 20 +++++++++++++++++++- 1 files changed, 19 insertions(+), 1 deletions(-) diff --git a/source/pidl/lib/Parse/Pidl/Samba4/NDR/Parser.pm b/source/pidl/lib/Parse/Pidl/Samba4/NDR/Parser.pm index a5db08a..135e6ac 100644 --- a/source/pidl/lib/Parse/Pidl/Samba4/NDR/Parser.pm +++ b/source/pidl/lib/Parse/Pidl/Samba4/NDR/Parser.pm @@ -1283,7 +1283,7 @@ sub ParseStructPush($$$$) EnvSubstituteValue($env, $struct); - $self->DeclareArrayVariables($_) foreach (@{$struct->{ELEMENTS}}); + $self->DeclareArrayVariablesNoZero($_, $env) foreach (@{$struct->{ELEMENTS}}); $self->start_flags($struct, $ndr); @@ -1508,6 +1508,24 @@ sub DeclareArrayVariables($$) } } +sub DeclareArrayVariablesNoZero($$$) +{ + my ($self,$e,$env) = @_; + + foreach my $l (@{$e->{LEVELS}}) { + next if has_fast_array($e,$l); + next if is_charset_array($e,$l); + if ($l->{TYPE} eq "ARRAY") { + my $length = ParseExpr($l->{LENGTH_IS}, $env, $e->{ORIGINAL}); + if ($length eq "0") { + warning($e->{ORIGINAL}, "pointless array cntr: 'cntr_$e->{NAME}_$l->{LEVEL_INDEX}': length=$length"); + } else { + $self->pidl("uint32_t cntr_$e->{NAME}_$l->{LEVEL_INDEX};"); + } + } + } +} + sub DeclareMemCtxVariables($$) { my ($self,$e) = @_; -- 1.7.4.1 From 234a634e280a21fd49c1d997b5b17beb6792b8f5 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Fri, 12 Dec 2008 11:16:36 +0100 Subject: [PATCH 06/15] Add convenience function for determining if an array should be allocated with talloc. (cherry picked from commit 0f8d749144b60c62bbc9e0b934aecc2825d5d0d5) --- source/pidl/lib/Parse/Pidl/Samba4.pm | 14 +++++++++++--- source/pidl/lib/Parse/Pidl/Samba4/NDR/Parser.pm | 6 +++--- source/pidl/lib/Parse/Pidl/Samba4/Python.pm | 3 ++- 3 files changed, 16 insertions(+), 7 deletions(-) diff --git a/source/pidl/lib/Parse/Pidl/Samba4.pm b/source/pidl/lib/Parse/Pidl/Samba4.pm index d42e01c..5bdb91e 100644 --- a/source/pidl/lib/Parse/Pidl/Samba4.pm +++ b/source/pidl/lib/Parse/Pidl/Samba4.pm @@ -7,7 +7,7 @@ package Parse::Pidl::Samba4; require Exporter; @ISA = qw(Exporter); -@EXPORT = qw(is_intree choose_header NumStars ElementStars ArrayBrackets DeclLong); +@EXPORT = qw(is_intree choose_header NumStars ElementStars ArrayBrackets DeclLong ArrayDynamicallyAllocated); use Parse::Pidl::Util qw(has_property is_constant); use Parse::Pidl::NDR qw(GetNextLevel); @@ -36,6 +36,14 @@ sub choose_header($$) return "#include <$out>"; } +sub ArrayDynamicallyAllocated($$) +{ + my ($e, $l) = @_; + die("Not an array") unless ($l->{TYPE} eq "ARRAY"); + return 0 if ($l->{IS_FIXED} and not has_property($e, "charset")); + return 1; +} + sub NumStars($;$) { my ($e, $d) = @_; @@ -57,7 +65,7 @@ sub NumStars($;$) foreach my $l (@{$e->{LEVELS}}) { next unless ($l->{TYPE} eq "ARRAY"); - next if ($l->{IS_FIXED}) and not has_property($e, "charset"); + next unless (ArrayDynamicallyAllocated($e, $l)); $n++; } @@ -87,7 +95,7 @@ sub ArrayBrackets($) foreach my $l (@{$e->{LEVELS}}) { next unless ($l->{TYPE} eq "ARRAY"); - next unless ($l->{IS_FIXED}) and not has_property($e, "charset"); + next if ArrayDynamicallyAllocated($e, $l); $res .= "[$l->{SIZE_IS}]"; } diff --git a/source/pidl/lib/Parse/Pidl/Samba4/NDR/Parser.pm b/source/pidl/lib/Parse/Pidl/Samba4/NDR/Parser.pm index 135e6ac..d0a4d91 100644 --- a/source/pidl/lib/Parse/Pidl/Samba4/NDR/Parser.pm +++ b/source/pidl/lib/Parse/Pidl/Samba4/NDR/Parser.pm @@ -16,7 +16,7 @@ use Parse::Pidl::Typelist qw(hasType getType mapTypeName typeHasBody); use Parse::Pidl::Util qw(has_property ParseExpr ParseExprExt print_uuid unmake_str); use Parse::Pidl::CUtil qw(get_pointer_to get_value_of get_array_element); use Parse::Pidl::NDR qw(GetPrevLevel GetNextLevel ContainsDeferred is_charset_array); -use Parse::Pidl::Samba4 qw(is_intree choose_header); +use Parse::Pidl::Samba4 qw(is_intree choose_header ArrayDynamicallyAllocated); use Parse::Pidl::Samba4::Header qw(GenerateFunctionInEnv GenerateFunctionOutEnv EnvSubstituteValue GenerateStructEnv); use Parse::Pidl qw(warning); @@ -376,7 +376,7 @@ sub ParseArrayPullHeader($$$$$$) $self->defer("}"); } - if (not $l->{IS_FIXED} and not is_charset_array($e, $l)) { + if (ArrayDynamicallyAllocated($e,$l) and not is_charset_array($e,$l)) { $self->AllocateArrayLevel($e,$l,$ndr,$var_name,$size); } @@ -926,7 +926,7 @@ sub ParseMemCtxPullFlags($$$$) return undef unless ($l->{TYPE} eq "POINTER" or $l->{TYPE} eq "ARRAY"); - return undef if ($l->{TYPE} eq "ARRAY" and $l->{IS_FIXED}); + return undef unless ($l->{TYPE} ne "ARRAY" or ArrayDynamicallyAllocated($e,$l)); return undef if has_fast_array($e, $l); return undef if is_charset_array($e, $l); diff --git a/source/pidl/lib/Parse/Pidl/Samba4/Python.pm b/source/pidl/lib/Parse/Pidl/Samba4/Python.pm index 5a2a091..860ab95 100644 --- a/source/pidl/lib/Parse/Pidl/Samba4/Python.pm +++ b/source/pidl/lib/Parse/Pidl/Samba4/Python.pm @@ -14,6 +14,7 @@ use Parse::Pidl::Typelist qw(hasType resolveType getType mapTypeName expandAlias use Parse::Pidl::Util qw(has_property ParseExpr unmake_str); use Parse::Pidl::NDR qw(GetPrevLevel GetNextLevel ContainsDeferred is_charset_array); use Parse::Pidl::CUtil qw(get_value_of get_pointer_to); +use Parse::Pidl::Samba4 qw(ArrayDynamicallyAllocated); use Parse::Pidl::Samba4::Header qw(GenerateFunctionInEnv GenerateFunctionOutEnv EnvSubstituteValue GenerateStructEnv); use vars qw($VERSION); @@ -934,7 +935,7 @@ sub ConvertObjectFromPythonLevel($$$$$$$$) $self->pidl("{"); $self->indent; $self->pidl("int $counter;"); - if (!$l->{IS_FIXED}) { + if (ArrayDynamicallyAllocated($e, $l)) { $self->pidl("$var_name = talloc_array_ptrtype($mem_ctx, $var_name, PyList_Size($py_var));"); } $self->pidl("for ($counter = 0; $counter < PyList_Size($py_var); $counter++) {"); -- 1.7.4.1 From a4334d5f92dbee58ce15567c9165ced81b10c6a7 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Thu, 15 Mar 2012 13:09:51 +0100 Subject: [PATCH 07/15] pidl/NDR/Parser: declare all union helper variables in ParseUnionPull() metze --- source/pidl/lib/Parse/Pidl/Samba4/NDR/Parser.pm | 4 ++-- 1 files changed, 2 insertions(+), 2 deletions(-) diff --git a/source/pidl/lib/Parse/Pidl/Samba4/NDR/Parser.pm b/source/pidl/lib/Parse/Pidl/Samba4/NDR/Parser.pm index d0a4d91..d0b9cf5 100644 --- a/source/pidl/lib/Parse/Pidl/Samba4/NDR/Parser.pm +++ b/source/pidl/lib/Parse/Pidl/Samba4/NDR/Parser.pm @@ -1821,8 +1821,6 @@ sub ParseUnionPullPrimitives($$$$$) if ($el->{TYPE} ne "EMPTY") { $self->indent; - $self->DeclarePtrVariables($el); - $self->DeclareArrayVariables($el); if (defined($e->{PROPERTIES}{relative_base})) { $self->pidl("NDR_CHECK(ndr_pull_align($ndr, $el->{ALIGN}));"); # set the current offset as base for relative pointers @@ -1899,6 +1897,8 @@ sub ParseUnionPull($$$$) next if ($el->{TYPE} eq "EMPTY"); next if ($double_cases{"$el->{NAME}"}); $self->DeclareMemCtxVariables($el); + $self->DeclarePtrVariables($el); + $self->DeclareArrayVariables($el); $double_cases{"$el->{NAME}"} = 1; } -- 1.7.4.1 From 393fad711d61b8ac7afb24cc46ba6a9c70d779c7 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Thu, 15 Mar 2012 13:12:04 +0100 Subject: [PATCH 08/15] pidl/NDR/Parser: simplify logic in DeclareArrayVariables*() metze --- source/pidl/lib/Parse/Pidl/Samba4/NDR/Parser.pm | 14 ++++++-------- 1 files changed, 6 insertions(+), 8 deletions(-) diff --git a/source/pidl/lib/Parse/Pidl/Samba4/NDR/Parser.pm b/source/pidl/lib/Parse/Pidl/Samba4/NDR/Parser.pm index d0b9cf5..bb6876b 100644 --- a/source/pidl/lib/Parse/Pidl/Samba4/NDR/Parser.pm +++ b/source/pidl/lib/Parse/Pidl/Samba4/NDR/Parser.pm @@ -1500,11 +1500,10 @@ sub DeclareArrayVariables($$) my ($self,$e) = @_; foreach my $l (@{$e->{LEVELS}}) { + next if ($l->{TYPE} ne "ARRAY"); next if has_fast_array($e,$l); next if is_charset_array($e,$l); - if ($l->{TYPE} eq "ARRAY") { - $self->pidl("uint32_t cntr_$e->{NAME}_$l->{LEVEL_INDEX};"); - } + $self->pidl("uint32_t cntr_$e->{NAME}_$l->{LEVEL_INDEX};"); } } @@ -1513,15 +1512,14 @@ sub DeclareArrayVariablesNoZero($$$) my ($self,$e,$env) = @_; foreach my $l (@{$e->{LEVELS}}) { + next if ($l->{TYPE} ne "ARRAY"); next if has_fast_array($e,$l); next if is_charset_array($e,$l); - if ($l->{TYPE} eq "ARRAY") { - my $length = ParseExpr($l->{LENGTH_IS}, $env, $e->{ORIGINAL}); - if ($length eq "0") { + my $length = ParseExpr($l->{LENGTH_IS}, $env, $e->{ORIGINAL}); + if ($length eq "0") { warning($e->{ORIGINAL}, "pointless array cntr: 'cntr_$e->{NAME}_$l->{LEVEL_INDEX}': length=$length"); - } else { + } else { $self->pidl("uint32_t cntr_$e->{NAME}_$l->{LEVEL_INDEX};"); - } } } } -- 1.7.4.1 From e72dc546b75c31b0f257c000d239d01f7117db65 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Thu, 15 Mar 2012 13:05:39 +0100 Subject: [PATCH 09/15] pidl/NDR/Parser: split off ParseArrayPullGetSize() and ParseArrayPullGetLength() metze --- source/pidl/lib/Parse/Pidl/Samba4/NDR/Parser.pm | 55 +++++++++++++++++----- 1 files changed, 42 insertions(+), 13 deletions(-) diff --git a/source/pidl/lib/Parse/Pidl/Samba4/NDR/Parser.pm b/source/pidl/lib/Parse/Pidl/Samba4/NDR/Parser.pm index bb6876b..0a7665a 100644 --- a/source/pidl/lib/Parse/Pidl/Samba4/NDR/Parser.pm +++ b/source/pidl/lib/Parse/Pidl/Samba4/NDR/Parser.pm @@ -315,39 +315,68 @@ sub check_null_pointer($$$$) } } -##################################################################### -# parse an array - pull side -sub ParseArrayPullHeader($$$$$$) +sub ParseArrayPullGetSize($$$$$$) { my ($self,$e,$l,$ndr,$var_name,$env) = @_; - my $length; my $size; if ($l->{IS_CONFORMANT}) { - $length = $size = "ndr_get_array_size($ndr, " . get_pointer_to($var_name) . ")"; + $size = "ndr_get_array_size($ndr, " . get_pointer_to($var_name) . ")"; } elsif ($l->{IS_ZERO_TERMINATED} and $l->{SIZE_IS} == 0 and $l->{LENGTH_IS} == 0) { # Noheader arrays - $length = $size = "ndr_get_string_size($ndr, sizeof(*$var_name))"; + $size = "ndr_get_string_size($ndr, sizeof(*$var_name))"; } else { - $length = $size = ParseExprExt($l->{SIZE_IS}, $env, $e->{ORIGINAL}, + $size = ParseExprExt($l->{SIZE_IS}, $env, $e->{ORIGINAL}, check_null_pointer($e, $env, sub { $self->pidl(shift); }, "return ndr_pull_error($ndr, NDR_ERR_INVALID_POINTER, \"NULL Pointer for size_is()\");"), check_fully_dereferenced($e, $env)); } + my $array_size = $size; + + return $array_size; +} + +##################################################################### +# parse an array - pull side +sub ParseArrayPullGetLength($$$$$$;$) +{ + my ($self,$e,$l,$ndr,$var_name,$env,$array_size) = @_; + + if (not defined($array_size)) { + $array_size = $self->ParseArrayPullGetSize($e, $l, $ndr, $var_name, $env); + } + + my $array_length = $array_size; + if ($l->{IS_VARYING}) { + my $length = "ndr_get_array_length($ndr, " . get_pointer_to($var_name) .")"; + $array_length = $length; + } + + return $array_length; +} + +##################################################################### +# parse an array - pull side +sub ParseArrayPullHeader($$$$$$) +{ + my ($self,$e,$l,$ndr,$var_name,$env) = @_; + if ((!$l->{IS_SURROUNDING}) and $l->{IS_CONFORMANT}) { $self->pidl("NDR_CHECK(ndr_pull_array_size($ndr, " . get_pointer_to($var_name) . "));"); } if ($l->{IS_VARYING}) { $self->pidl("NDR_CHECK(ndr_pull_array_length($ndr, " . get_pointer_to($var_name) . "));"); - $length = "ndr_get_array_length($ndr, " . get_pointer_to($var_name) .")"; } - if ($length ne $size) { - $self->pidl("if ($length > $size) {"); + my $array_size = $self->ParseArrayPullGetSize($e, $l, $ndr, $var_name, $env); + my $array_length = $self->ParseArrayPullGetLength($e, $l, $ndr, $var_name, $env, $array_size); + + if ($array_length ne $array_size) { + $self->pidl("if ($array_length > $array_size) {"); $self->indent; - $self->pidl("return ndr_pull_error($ndr, NDR_ERR_ARRAY_SIZE, \"Bad array size %u should exceed array length %u\", $size, $length);"); + $self->pidl("return ndr_pull_error($ndr, NDR_ERR_ARRAY_SIZE, \"Bad array size %u should exceed array length %u\", $array_size, $array_length);"); $self->deindent; $self->pidl("}"); } @@ -377,10 +406,10 @@ sub ParseArrayPullHeader($$$$$$) } if (ArrayDynamicallyAllocated($e,$l) and not is_charset_array($e,$l)) { - $self->AllocateArrayLevel($e,$l,$ndr,$var_name,$size); + $self->AllocateArrayLevel($e,$l,$ndr,$var_name,$array_size); } - return $length; + return $array_length; } sub compression_alg($$) -- 1.7.4.1 From c37c1025db158982ee67520e42b66c179ece6134 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Thu, 15 Mar 2012 13:07:47 +0100 Subject: [PATCH 10/15] pidl/NDR/Parser: use ParseArrayPullGetLength() to get the number of array elements (bug #8815 / CVE-2012-1182) An anonymous researcher and Brian Gorenc (HP DVLabs) working with HP's Zero Day Initiative program have found this and notified us. metze --- source/pidl/lib/Parse/Pidl/Samba4/NDR/Parser.pm | 6 +----- 1 files changed, 1 insertions(+), 5 deletions(-) diff --git a/source/pidl/lib/Parse/Pidl/Samba4/NDR/Parser.pm b/source/pidl/lib/Parse/Pidl/Samba4/NDR/Parser.pm index 0a7665a..8394e61 100644 --- a/source/pidl/lib/Parse/Pidl/Samba4/NDR/Parser.pm +++ b/source/pidl/lib/Parse/Pidl/Samba4/NDR/Parser.pm @@ -1099,14 +1099,10 @@ sub ParseElementPullLevel } } elsif ($l->{TYPE} eq "ARRAY" and not has_fast_array($e,$l) and not is_charset_array($e, $l)) { - my $length = ParseExpr($l->{LENGTH_IS}, $env, $e->{ORIGINAL}); + my $length = $self->ParseArrayPullGetLength($e, $l, $ndr, $var_name, $env); my $counter = "cntr_$e->{NAME}_$l->{LEVEL_INDEX}"; my $array_name = $var_name; - if ($l->{IS_VARYING}) { - $length = "ndr_get_array_length($ndr, " . get_pointer_to($var_name) .")"; - } - if (my $range = has_property($e, "range")) { my ($low, $high) = split(/,/, $range, 2); if ($low < 0) { -- 1.7.4.1 From 5ac1b833e3ff9d0084c60290982690b63938bcbd Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Thu, 15 Mar 2012 15:07:08 +0100 Subject: [PATCH 11/15] pidl/NDR/Parser: remember if we already know the array length metze --- source/pidl/lib/Parse/Pidl/Samba4/NDR/Parser.pm | 8 +++++++- 1 files changed, 7 insertions(+), 1 deletions(-) diff --git a/source/pidl/lib/Parse/Pidl/Samba4/NDR/Parser.pm b/source/pidl/lib/Parse/Pidl/Samba4/NDR/Parser.pm index 8394e61..c640933 100644 --- a/source/pidl/lib/Parse/Pidl/Samba4/NDR/Parser.pm +++ b/source/pidl/lib/Parse/Pidl/Samba4/NDR/Parser.pm @@ -1016,6 +1016,7 @@ sub ParseElementPullLevel my($self,$e,$l,$ndr,$var_name,$env,$primitives,$deferred) = @_; my $ndr_flags = CalcNdrFlags($l, $primitives, $deferred); + my $array_length = undef; if ($l->{TYPE} eq "ARRAY" and ($l->{IS_VARYING} or $l->{IS_CONFORMANT})) { $var_name = get_pointer_to($var_name); @@ -1029,6 +1030,7 @@ sub ParseElementPullLevel $self->ParseSubcontextPullEnd($e, $l, $ndr, $env); } elsif ($l->{TYPE} eq "ARRAY") { my $length = $self->ParseArrayPullHeader($e, $l, $ndr, $var_name, $env); + $array_length = $length; if (my $range = has_property($e, "range")) { my ($low, $high) = split(/,/, $range, 2); @@ -1099,10 +1101,14 @@ sub ParseElementPullLevel } } elsif ($l->{TYPE} eq "ARRAY" and not has_fast_array($e,$l) and not is_charset_array($e, $l)) { - my $length = $self->ParseArrayPullGetLength($e, $l, $ndr, $var_name, $env); + my $length = $array_length; my $counter = "cntr_$e->{NAME}_$l->{LEVEL_INDEX}"; my $array_name = $var_name; + if (not defined($length)) { + $length = $self->ParseArrayPullGetLength($e, $l, $ndr, $var_name, $env); + } + if (my $range = has_property($e, "range")) { my ($low, $high) = split(/,/, $range, 2); if ($low < 0) { -- 1.7.4.1 From d6bae31ca77192df31aea70e11e5f25554cc5492 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Thu, 15 Mar 2012 13:13:20 +0100 Subject: [PATCH 12/15] pidl/NDR/Parser: use helper variables for array size and length metze --- source/pidl/lib/Parse/Pidl/Samba4/NDR/Parser.pm | 22 +++++++++++++++------- 1 files changed, 15 insertions(+), 7 deletions(-) diff --git a/source/pidl/lib/Parse/Pidl/Samba4/NDR/Parser.pm b/source/pidl/lib/Parse/Pidl/Samba4/NDR/Parser.pm index c640933..59ac9ba 100644 --- a/source/pidl/lib/Parse/Pidl/Samba4/NDR/Parser.pm +++ b/source/pidl/lib/Parse/Pidl/Samba4/NDR/Parser.pm @@ -332,7 +332,8 @@ sub ParseArrayPullGetSize($$$$$$) check_fully_dereferenced($e, $env)); } - my $array_size = $size; + $self->pidl("size_$e->{NAME}_$l->{LEVEL_INDEX} = $size;"); + my $array_size = "size_$e->{NAME}_$l->{LEVEL_INDEX}"; return $array_size; } @@ -350,7 +351,8 @@ sub ParseArrayPullGetLength($$$$$$;$) my $array_length = $array_size; if ($l->{IS_VARYING}) { my $length = "ndr_get_array_length($ndr, " . get_pointer_to($var_name) .")"; - $array_length = $length; + $self->pidl("length_$e->{NAME}_$l->{LEVEL_INDEX} = $length;"); + $array_length = "length_$e->{NAME}_$l->{LEVEL_INDEX}"; } return $array_length; @@ -1526,12 +1528,18 @@ sub DeclarePtrVariables($$) } } -sub DeclareArrayVariables($$) +sub DeclareArrayVariables($$;$) { - my ($self,$e) = @_; + my ($self,$e,$pull) = @_; foreach my $l (@{$e->{LEVELS}}) { next if ($l->{TYPE} ne "ARRAY"); + if (defined($pull)) { + $self->pidl("uint32_t size_$e->{NAME}_$l->{LEVEL_INDEX} = 0;"); + if ($l->{IS_VARYING}) { + $self->pidl("uint32_t length_$e->{NAME}_$l->{LEVEL_INDEX} = 0;"); + } + } next if has_fast_array($e,$l); next if is_charset_array($e,$l); $self->pidl("uint32_t cntr_$e->{NAME}_$l->{LEVEL_INDEX};"); @@ -1614,7 +1622,7 @@ sub ParseStructPull($$$$) # declare any internal pointers we need foreach my $e (@{$struct->{ELEMENTS}}) { $self->DeclarePtrVariables($e); - $self->DeclareArrayVariables($e); + $self->DeclareArrayVariables($e, "pull"); $self->DeclareMemCtxVariables($e); } @@ -1927,7 +1935,7 @@ sub ParseUnionPull($$$$) next if ($double_cases{"$el->{NAME}"}); $self->DeclareMemCtxVariables($el); $self->DeclarePtrVariables($el); - $self->DeclareArrayVariables($el); + $self->DeclareArrayVariables($el, "pull"); $double_cases{"$el->{NAME}"} = 1; } @@ -2199,7 +2207,7 @@ sub ParseFunctionPull($$) # declare any internal pointers we need foreach my $e (@{$fn->{ELEMENTS}}) { $self->DeclarePtrVariables($e); - $self->DeclareArrayVariables($e); + $self->DeclareArrayVariables($e, "pull"); } my %double_cases = (); -- 1.7.4.1 From 07475144987fca4bb65cac7bc35ce1896cf89818 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Thu, 15 Mar 2012 13:14:48 +0100 Subject: [PATCH 13/15] pidl/NDR/Parser: do array range validation in ParseArrayPullGetLength() metze --- source/pidl/lib/Parse/Pidl/Samba4/NDR/Parser.pm | 42 +++++++--------------- 1 files changed, 14 insertions(+), 28 deletions(-) diff --git a/source/pidl/lib/Parse/Pidl/Samba4/NDR/Parser.pm b/source/pidl/lib/Parse/Pidl/Samba4/NDR/Parser.pm index 59ac9ba..b8426c2 100644 --- a/source/pidl/lib/Parse/Pidl/Samba4/NDR/Parser.pm +++ b/source/pidl/lib/Parse/Pidl/Samba4/NDR/Parser.pm @@ -355,6 +355,20 @@ sub ParseArrayPullGetLength($$$$$$;$) $array_length = "length_$e->{NAME}_$l->{LEVEL_INDEX}"; } + if (my $range = has_property($e, "range")) { + my ($low, $high) = split(/,/, $range, 2); + if ($low < 0) { + warning(0, "$low is invalid for the range of an array size"); + } + if ($low == 0) { + $self->pidl("if ($array_length > $high) {"); + } else { + $self->pidl("if ($array_length < $low || $array_length > $high) {"); + } + $self->pidl("\treturn ndr_pull_error($ndr, NDR_ERR_RANGE, \"value out of range\");"); + $self->pidl("}"); + } + return $array_length; } @@ -1034,20 +1048,6 @@ sub ParseElementPullLevel my $length = $self->ParseArrayPullHeader($e, $l, $ndr, $var_name, $env); $array_length = $length; - if (my $range = has_property($e, "range")) { - my ($low, $high) = split(/,/, $range, 2); - if ($low < 0) { - warning(0, "$low is invalid for the range of an array size"); - } - if ($low == 0) { - $self->pidl("if ($length > $high) {"); - } else { - $self->pidl("if ($length < $low || $length > $high) {"); - } - $self->pidl("\treturn ndr_pull_error($ndr, NDR_ERR_RANGE, \"value out of range\");"); - $self->pidl("}"); - } - my $nl = GetNextLevel($e, $l); if (is_charset_array($e,$l)) { @@ -1111,20 +1111,6 @@ sub ParseElementPullLevel $length = $self->ParseArrayPullGetLength($e, $l, $ndr, $var_name, $env); } - if (my $range = has_property($e, "range")) { - my ($low, $high) = split(/,/, $range, 2); - if ($low < 0) { - warning(0, "$low is invalid for the range of an array size"); - } - if ($low == 0) { - $self->pidl("if ($length > $high) {"); - } else { - $self->pidl("if ($length < $low || $length > $high) {"); - } - $self->pidl("\treturn ndr_pull_error($ndr, NDR_ERR_RANGE, \"value out of range\");"); - $self->pidl("}"); - } - $var_name = get_array_element($var_name, $counter); $self->ParseMemCtxPullStart($e, $l, $ndr, $array_name); -- 1.7.4.1 From 901f232444540526aa8271cac9dd60f8eddac6ed Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Thu, 15 Mar 2012 17:03:05 +0100 Subject: [PATCH 14/15] pidl/NDR/Parser: also do range checks on the array size metze --- source/pidl/lib/Parse/Pidl/Samba4/NDR/Parser.pm | 25 ++++++++++++++++++---- 1 files changed, 20 insertions(+), 5 deletions(-) diff --git a/source/pidl/lib/Parse/Pidl/Samba4/NDR/Parser.pm b/source/pidl/lib/Parse/Pidl/Samba4/NDR/Parser.pm index b8426c2..bf3379c 100644 --- a/source/pidl/lib/Parse/Pidl/Samba4/NDR/Parser.pm +++ b/source/pidl/lib/Parse/Pidl/Samba4/NDR/Parser.pm @@ -335,6 +335,20 @@ sub ParseArrayPullGetSize($$$$$$) $self->pidl("size_$e->{NAME}_$l->{LEVEL_INDEX} = $size;"); my $array_size = "size_$e->{NAME}_$l->{LEVEL_INDEX}"; + if (my $range = has_property($e, "range")) { + my ($low, $high) = split(/,/, $range, 2); + if ($low < 0) { + warning(0, "$low is invalid for the range of an array size"); + } + if ($low == 0) { + $self->pidl("if ($array_size > $high) {"); + } else { + $self->pidl("if ($array_size < $low || $array_size > $high) {"); + } + $self->pidl("\treturn ndr_pull_error($ndr, NDR_ERR_RANGE, \"value out of range\");"); + $self->pidl("}"); + } + return $array_size; } @@ -348,13 +362,14 @@ sub ParseArrayPullGetLength($$$$$$;$) $array_size = $self->ParseArrayPullGetSize($e, $l, $ndr, $var_name, $env); } - my $array_length = $array_size; - if ($l->{IS_VARYING}) { - my $length = "ndr_get_array_length($ndr, " . get_pointer_to($var_name) .")"; - $self->pidl("length_$e->{NAME}_$l->{LEVEL_INDEX} = $length;"); - $array_length = "length_$e->{NAME}_$l->{LEVEL_INDEX}"; + if (not $l->{IS_VARYING}) { + return $array_size; } + my $length = "ndr_get_array_length($ndr, " . get_pointer_to($var_name) .")"; + $self->pidl("length_$e->{NAME}_$l->{LEVEL_INDEX} = $length;"); + my $array_length = "length_$e->{NAME}_$l->{LEVEL_INDEX}"; + if (my $range = has_property($e, "range")) { my ($low, $high) = split(/,/, $range, 2); if ($low < 0) { -- 1.7.4.1 From d1673dd584723e98b6061b88b1a412fd9ccd2d89 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Sat, 17 Mar 2012 00:16:07 +0100 Subject: [PATCH 15/15] rerun make idl --- source/librpc/gen_ndr/ndr_dfs.c | 840 +++++++++----- source/librpc/gen_ndr/ndr_drsblobs.c | 129 ++- source/librpc/gen_ndr/ndr_drsuapi.c | 971 ++++++++++----- source/librpc/gen_ndr/ndr_dssetup.c | 36 +- source/librpc/gen_ndr/ndr_echo.c | 54 +- source/librpc/gen_ndr/ndr_epmapper.c | 50 +- source/librpc/gen_ndr/ndr_eventlog.c | 12 +- source/librpc/gen_ndr/ndr_krb5pac.c | 22 +- source/librpc/gen_ndr/ndr_libnetapi.c | 22 +- source/librpc/gen_ndr/ndr_lsa.c | 262 +++-- source/librpc/gen_ndr/ndr_messaging.c | 31 +- source/librpc/gen_ndr/ndr_misc.c | 8 +- source/librpc/gen_ndr/ndr_nbt.c | 78 +- source/librpc/gen_ndr/ndr_netlogon.c | 1684 +++++++++++++++++--------- source/librpc/gen_ndr/ndr_notify.c | 18 +- source/librpc/gen_ndr/ndr_ntsvcs.c | 88 +- source/librpc/gen_ndr/ndr_samr.c | 182 ++- source/librpc/gen_ndr/ndr_security.c | 18 +- source/librpc/gen_ndr/ndr_srvsvc.c | 2174 +++++++++++++++++++++------------ source/librpc/gen_ndr/ndr_svcctl.c | 684 +++++++---- source/librpc/gen_ndr/ndr_winreg.c | 146 ++- source/librpc/gen_ndr/ndr_wkssvc.c | 1378 ++++++++++++++-------- source/librpc/gen_ndr/ndr_xattr.c | 14 +- 23 files changed, 5832 insertions(+), 3069 deletions(-) diff --git a/source/librpc/gen_ndr/ndr_dfs.c b/source/librpc/gen_ndr/ndr_dfs.c index 05f6fcc..95252be 100644 --- a/source/librpc/gen_ndr/ndr_dfs.c +++ b/source/librpc/gen_ndr/ndr_dfs.c @@ -77,6 +77,8 @@ static enum ndr_err_code ndr_push_dfs_Info1(struct ndr_push *ndr, int ndr_flags, static enum ndr_err_code ndr_pull_dfs_Info1(struct ndr_pull *ndr, int ndr_flags, struct dfs_Info1 *r) { uint32_t _ptr_path; + uint32_t size_path_1 = 0; + uint32_t length_path_1 = 0; TALLOC_CTX *_mem_save_path_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); @@ -93,11 +95,13 @@ static enum ndr_err_code ndr_pull_dfs_Info1(struct ndr_pull *ndr, int ndr_flags, NDR_PULL_SET_MEM_CTX(ndr, r->path, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->path)); NDR_CHECK(ndr_pull_array_length(ndr, &r->path)); - if (ndr_get_array_length(ndr, &r->path) > ndr_get_array_size(ndr, &r->path)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->path), ndr_get_array_length(ndr, &r->path)); + size_path_1 = ndr_get_array_size(ndr, &r->path); + length_path_1 = ndr_get_array_length(ndr, &r->path); + if (length_path_1 > size_path_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_path_1, length_path_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->path), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->path, ndr_get_array_length(ndr, &r->path), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_path_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->path, length_path_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_path_0, 0); } } @@ -173,8 +177,12 @@ static enum ndr_err_code ndr_push_dfs_Info2(struct ndr_push *ndr, int ndr_flags, static enum ndr_err_code ndr_pull_dfs_Info2(struct ndr_pull *ndr, int ndr_flags, struct dfs_Info2 *r) { uint32_t _ptr_path; + uint32_t size_path_1 = 0; + uint32_t length_path_1 = 0; TALLOC_CTX *_mem_save_path_0; uint32_t _ptr_comment; + uint32_t size_comment_1 = 0; + uint32_t length_comment_1 = 0; TALLOC_CTX *_mem_save_comment_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); @@ -199,11 +207,13 @@ static enum ndr_err_code ndr_pull_dfs_Info2(struct ndr_pull *ndr, int ndr_flags, NDR_PULL_SET_MEM_CTX(ndr, r->path, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->path)); NDR_CHECK(ndr_pull_array_length(ndr, &r->path)); - if (ndr_get_array_length(ndr, &r->path) > ndr_get_array_size(ndr, &r->path)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->path), ndr_get_array_length(ndr, &r->path)); + size_path_1 = ndr_get_array_size(ndr, &r->path); + length_path_1 = ndr_get_array_length(ndr, &r->path); + if (length_path_1 > size_path_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_path_1, length_path_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->path), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->path, ndr_get_array_length(ndr, &r->path), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_path_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->path, length_path_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_path_0, 0); } if (r->comment) { @@ -211,11 +221,13 @@ static enum ndr_err_code ndr_pull_dfs_Info2(struct ndr_pull *ndr, int ndr_flags, NDR_PULL_SET_MEM_CTX(ndr, r->comment, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->comment)); NDR_CHECK(ndr_pull_array_length(ndr, &r->comment)); - if (ndr_get_array_length(ndr, &r->comment) > ndr_get_array_size(ndr, &r->comment)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->comment), ndr_get_array_length(ndr, &r->comment)); + size_comment_1 = ndr_get_array_size(ndr, &r->comment); + length_comment_1 = ndr_get_array_length(ndr, &r->comment); + if (length_comment_1 > size_comment_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_comment_1, length_comment_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->comment), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->comment, ndr_get_array_length(ndr, &r->comment), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_comment_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->comment, length_comment_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_comment_0, 0); } } @@ -295,8 +307,12 @@ static enum ndr_err_code ndr_push_dfs_StorageInfo(struct ndr_push *ndr, int ndr_ static enum ndr_err_code ndr_pull_dfs_StorageInfo(struct ndr_pull *ndr, int ndr_flags, struct dfs_StorageInfo *r) { uint32_t _ptr_server; + uint32_t size_server_1 = 0; + uint32_t length_server_1 = 0; TALLOC_CTX *_mem_save_server_0; uint32_t _ptr_share; + uint32_t size_share_1 = 0; + uint32_t length_share_1 = 0; TALLOC_CTX *_mem_save_share_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); @@ -320,11 +336,13 @@ static enum ndr_err_code ndr_pull_dfs_StorageInfo(struct ndr_pull *ndr, int ndr_ NDR_PULL_SET_MEM_CTX(ndr, r->server, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->server)); NDR_CHECK(ndr_pull_array_length(ndr, &r->server)); - if (ndr_get_array_length(ndr, &r->server) > ndr_get_array_size(ndr, &r->server)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->server), ndr_get_array_length(ndr, &r->server)); + size_server_1 = ndr_get_array_size(ndr, &r->server); + length_server_1 = ndr_get_array_length(ndr, &r->server); + if (length_server_1 > size_server_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_1, length_server_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->server), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->server, ndr_get_array_length(ndr, &r->server), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->server, length_server_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_0, 0); } if (r->share) { @@ -332,11 +350,13 @@ static enum ndr_err_code ndr_pull_dfs_StorageInfo(struct ndr_pull *ndr, int ndr_ NDR_PULL_SET_MEM_CTX(ndr, r->share, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->share)); NDR_CHECK(ndr_pull_array_length(ndr, &r->share)); - if (ndr_get_array_length(ndr, &r->share) > ndr_get_array_size(ndr, &r->share)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->share), ndr_get_array_length(ndr, &r->share)); + size_share_1 = ndr_get_array_size(ndr, &r->share); + length_share_1 = ndr_get_array_length(ndr, &r->share); + if (length_share_1 > size_share_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_share_1, length_share_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->share), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->share, ndr_get_array_length(ndr, &r->share), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_share_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->share, length_share_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_share_0, 0); } } @@ -403,10 +423,15 @@ static enum ndr_err_code ndr_push_dfs_Info3(struct ndr_push *ndr, int ndr_flags, static enum ndr_err_code ndr_pull_dfs_Info3(struct ndr_pull *ndr, int ndr_flags, struct dfs_Info3 *r) { uint32_t _ptr_path; + uint32_t size_path_1 = 0; + uint32_t length_path_1 = 0; TALLOC_CTX *_mem_save_path_0; uint32_t _ptr_comment; + uint32_t size_comment_1 = 0; + uint32_t length_comment_1 = 0; TALLOC_CTX *_mem_save_comment_0; uint32_t _ptr_stores; + uint32_t size_stores_1 = 0; uint32_t cntr_stores_1; TALLOC_CTX *_mem_save_stores_0; TALLOC_CTX *_mem_save_stores_1; @@ -439,11 +464,13 @@ static enum ndr_err_code ndr_pull_dfs_Info3(struct ndr_pull *ndr, int ndr_flags, NDR_PULL_SET_MEM_CTX(ndr, r->path, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->path)); NDR_CHECK(ndr_pull_array_length(ndr, &r->path)); - if (ndr_get_array_length(ndr, &r->path) > ndr_get_array_size(ndr, &r->path)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->path), ndr_get_array_length(ndr, &r->path)); + size_path_1 = ndr_get_array_size(ndr, &r->path); + length_path_1 = ndr_get_array_length(ndr, &r->path); + if (length_path_1 > size_path_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_path_1, length_path_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->path), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->path, ndr_get_array_length(ndr, &r->path), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_path_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->path, length_path_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_path_0, 0); } if (r->comment) { @@ -451,24 +478,27 @@ static enum ndr_err_code ndr_pull_dfs_Info3(struct ndr_pull *ndr, int ndr_flags, NDR_PULL_SET_MEM_CTX(ndr, r->comment, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->comment)); NDR_CHECK(ndr_pull_array_length(ndr, &r->comment)); - if (ndr_get_array_length(ndr, &r->comment) > ndr_get_array_size(ndr, &r->comment)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->comment), ndr_get_array_length(ndr, &r->comment)); + size_comment_1 = ndr_get_array_size(ndr, &r->comment); + length_comment_1 = ndr_get_array_length(ndr, &r->comment); + if (length_comment_1 > size_comment_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_comment_1, length_comment_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->comment), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->comment, ndr_get_array_length(ndr, &r->comment), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_comment_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->comment, length_comment_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_comment_0, 0); } if (r->stores) { _mem_save_stores_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->stores, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->stores)); - NDR_PULL_ALLOC_N(ndr, r->stores, ndr_get_array_size(ndr, &r->stores)); + size_stores_1 = ndr_get_array_size(ndr, &r->stores); + NDR_PULL_ALLOC_N(ndr, r->stores, size_stores_1); _mem_save_stores_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->stores, 0); - for (cntr_stores_1 = 0; cntr_stores_1 < r->num_stores; cntr_stores_1++) { + for (cntr_stores_1 = 0; cntr_stores_1 < size_stores_1; cntr_stores_1++) { NDR_CHECK(ndr_pull_dfs_StorageInfo(ndr, NDR_SCALARS, &r->stores[cntr_stores_1])); } - for (cntr_stores_1 = 0; cntr_stores_1 < r->num_stores; cntr_stores_1++) { + for (cntr_stores_1 = 0; cntr_stores_1 < size_stores_1; cntr_stores_1++) { NDR_CHECK(ndr_pull_dfs_StorageInfo(ndr, NDR_BUFFERS, &r->stores[cntr_stores_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_stores_1, 0); @@ -560,10 +590,15 @@ static enum ndr_err_code ndr_push_dfs_Info4(struct ndr_push *ndr, int ndr_flags, static enum ndr_err_code ndr_pull_dfs_Info4(struct ndr_pull *ndr, int ndr_flags, struct dfs_Info4 *r) { uint32_t _ptr_path; + uint32_t size_path_1 = 0; + uint32_t length_path_1 = 0; TALLOC_CTX *_mem_save_path_0; uint32_t _ptr_comment; + uint32_t size_comment_1 = 0; + uint32_t length_comment_1 = 0; TALLOC_CTX *_mem_save_comment_0; uint32_t _ptr_stores; + uint32_t size_stores_1 = 0; uint32_t cntr_stores_1; TALLOC_CTX *_mem_save_stores_0; TALLOC_CTX *_mem_save_stores_1; @@ -598,11 +633,13 @@ static enum ndr_err_code ndr_pull_dfs_Info4(struct ndr_pull *ndr, int ndr_flags, NDR_PULL_SET_MEM_CTX(ndr, r->path, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->path)); NDR_CHECK(ndr_pull_array_length(ndr, &r->path)); - if (ndr_get_array_length(ndr, &r->path) > ndr_get_array_size(ndr, &r->path)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->path), ndr_get_array_length(ndr, &r->path)); + size_path_1 = ndr_get_array_size(ndr, &r->path); + length_path_1 = ndr_get_array_length(ndr, &r->path); + if (length_path_1 > size_path_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_path_1, length_path_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->path), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->path, ndr_get_array_length(ndr, &r->path), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_path_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->path, length_path_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_path_0, 0); } if (r->comment) { @@ -610,24 +647,27 @@ static enum ndr_err_code ndr_pull_dfs_Info4(struct ndr_pull *ndr, int ndr_flags, NDR_PULL_SET_MEM_CTX(ndr, r->comment, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->comment)); NDR_CHECK(ndr_pull_array_length(ndr, &r->comment)); - if (ndr_get_array_length(ndr, &r->comment) > ndr_get_array_size(ndr, &r->comment)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->comment), ndr_get_array_length(ndr, &r->comment)); + size_comment_1 = ndr_get_array_size(ndr, &r->comment); + length_comment_1 = ndr_get_array_length(ndr, &r->comment); + if (length_comment_1 > size_comment_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_comment_1, length_comment_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->comment), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->comment, ndr_get_array_length(ndr, &r->comment), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_comment_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->comment, length_comment_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_comment_0, 0); } if (r->stores) { _mem_save_stores_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->stores, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->stores)); - NDR_PULL_ALLOC_N(ndr, r->stores, ndr_get_array_size(ndr, &r->stores)); + size_stores_1 = ndr_get_array_size(ndr, &r->stores); + NDR_PULL_ALLOC_N(ndr, r->stores, size_stores_1); _mem_save_stores_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->stores, 0); - for (cntr_stores_1 = 0; cntr_stores_1 < r->num_stores; cntr_stores_1++) { + for (cntr_stores_1 = 0; cntr_stores_1 < size_stores_1; cntr_stores_1++) { NDR_CHECK(ndr_pull_dfs_StorageInfo(ndr, NDR_SCALARS, &r->stores[cntr_stores_1])); } - for (cntr_stores_1 = 0; cntr_stores_1 < r->num_stores; cntr_stores_1++) { + for (cntr_stores_1 = 0; cntr_stores_1 < size_stores_1; cntr_stores_1++) { NDR_CHECK(ndr_pull_dfs_StorageInfo(ndr, NDR_BUFFERS, &r->stores[cntr_stores_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_stores_1, 0); @@ -738,8 +778,12 @@ static enum ndr_err_code ndr_push_dfs_Info5(struct ndr_push *ndr, int ndr_flags, static enum ndr_err_code ndr_pull_dfs_Info5(struct ndr_pull *ndr, int ndr_flags, struct dfs_Info5 *r) { uint32_t _ptr_path; + uint32_t size_path_1 = 0; + uint32_t length_path_1 = 0; TALLOC_CTX *_mem_save_path_0; uint32_t _ptr_comment; + uint32_t size_comment_1 = 0; + uint32_t length_comment_1 = 0; TALLOC_CTX *_mem_save_comment_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); @@ -768,11 +812,13 @@ static enum ndr_err_code ndr_pull_dfs_Info5(struct ndr_pull *ndr, int ndr_flags, NDR_PULL_SET_MEM_CTX(ndr, r->path, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->path)); NDR_CHECK(ndr_pull_array_length(ndr, &r->path)); - if (ndr_get_array_length(ndr, &r->path) > ndr_get_array_size(ndr, &r->path)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->path), ndr_get_array_length(ndr, &r->path)); + size_path_1 = ndr_get_array_size(ndr, &r->path); + length_path_1 = ndr_get_array_length(ndr, &r->path); + if (length_path_1 > size_path_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_path_1, length_path_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->path), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->path, ndr_get_array_length(ndr, &r->path), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_path_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->path, length_path_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_path_0, 0); } if (r->comment) { @@ -780,11 +826,13 @@ static enum ndr_err_code ndr_pull_dfs_Info5(struct ndr_pull *ndr, int ndr_flags, NDR_PULL_SET_MEM_CTX(ndr, r->comment, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->comment)); NDR_CHECK(ndr_pull_array_length(ndr, &r->comment)); - if (ndr_get_array_length(ndr, &r->comment) > ndr_get_array_size(ndr, &r->comment)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->comment), ndr_get_array_length(ndr, &r->comment)); + size_comment_1 = ndr_get_array_size(ndr, &r->comment); + length_comment_1 = ndr_get_array_length(ndr, &r->comment); + if (length_comment_1 > size_comment_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_comment_1, length_comment_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->comment), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->comment, ndr_get_array_length(ndr, &r->comment), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_comment_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->comment, length_comment_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_comment_0, 0); } } @@ -960,10 +1008,15 @@ static enum ndr_err_code ndr_push_dfs_Info6(struct ndr_push *ndr, int ndr_flags, static enum ndr_err_code ndr_pull_dfs_Info6(struct ndr_pull *ndr, int ndr_flags, struct dfs_Info6 *r) { uint32_t _ptr_entry_path; + uint32_t size_entry_path_1 = 0; + uint32_t length_entry_path_1 = 0; TALLOC_CTX *_mem_save_entry_path_0; uint32_t _ptr_comment; + uint32_t size_comment_1 = 0; + uint32_t length_comment_1 = 0; TALLOC_CTX *_mem_save_comment_0; uint32_t _ptr_stores; + uint32_t size_stores_1 = 0; uint32_t cntr_stores_1; TALLOC_CTX *_mem_save_stores_0; TALLOC_CTX *_mem_save_stores_1; @@ -1000,11 +1053,13 @@ static enum ndr_err_code ndr_pull_dfs_Info6(struct ndr_pull *ndr, int ndr_flags, NDR_PULL_SET_MEM_CTX(ndr, r->entry_path, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->entry_path)); NDR_CHECK(ndr_pull_array_length(ndr, &r->entry_path)); - if (ndr_get_array_length(ndr, &r->entry_path) > ndr_get_array_size(ndr, &r->entry_path)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->entry_path), ndr_get_array_length(ndr, &r->entry_path)); + size_entry_path_1 = ndr_get_array_size(ndr, &r->entry_path); + length_entry_path_1 = ndr_get_array_length(ndr, &r->entry_path); + if (length_entry_path_1 > size_entry_path_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_entry_path_1, length_entry_path_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->entry_path), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->entry_path, ndr_get_array_length(ndr, &r->entry_path), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_entry_path_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->entry_path, length_entry_path_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_entry_path_0, 0); } if (r->comment) { @@ -1012,24 +1067,27 @@ static enum ndr_err_code ndr_pull_dfs_Info6(struct ndr_pull *ndr, int ndr_flags, NDR_PULL_SET_MEM_CTX(ndr, r->comment, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->comment)); NDR_CHECK(ndr_pull_array_length(ndr, &r->comment)); - if (ndr_get_array_length(ndr, &r->comment) > ndr_get_array_size(ndr, &r->comment)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->comment), ndr_get_array_length(ndr, &r->comment)); + size_comment_1 = ndr_get_array_size(ndr, &r->comment); + length_comment_1 = ndr_get_array_length(ndr, &r->comment); + if (length_comment_1 > size_comment_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_comment_1, length_comment_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->comment), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->comment, ndr_get_array_length(ndr, &r->comment), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_comment_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->comment, length_comment_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_comment_0, 0); } if (r->stores) { _mem_save_stores_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->stores, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->stores)); - NDR_PULL_ALLOC_N(ndr, r->stores, ndr_get_array_size(ndr, &r->stores)); + size_stores_1 = ndr_get_array_size(ndr, &r->stores); + NDR_PULL_ALLOC_N(ndr, r->stores, size_stores_1); _mem_save_stores_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->stores, 0); - for (cntr_stores_1 = 0; cntr_stores_1 < r->num_stores; cntr_stores_1++) { + for (cntr_stores_1 = 0; cntr_stores_1 < size_stores_1; cntr_stores_1++) { NDR_CHECK(ndr_pull_dfs_StorageInfo2(ndr, NDR_SCALARS, &r->stores[cntr_stores_1])); } - for (cntr_stores_1 = 0; cntr_stores_1 < r->num_stores; cntr_stores_1++) { + for (cntr_stores_1 = 0; cntr_stores_1 < size_stores_1; cntr_stores_1++) { NDR_CHECK(ndr_pull_dfs_StorageInfo2(ndr, NDR_BUFFERS, &r->stores[cntr_stores_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_stores_1, 0); @@ -1133,6 +1191,8 @@ static enum ndr_err_code ndr_push_dfs_Info100(struct ndr_push *ndr, int ndr_flag static enum ndr_err_code ndr_pull_dfs_Info100(struct ndr_pull *ndr, int ndr_flags, struct dfs_Info100 *r) { uint32_t _ptr_comment; + uint32_t size_comment_1 = 0; + uint32_t length_comment_1 = 0; TALLOC_CTX *_mem_save_comment_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); @@ -1149,11 +1209,13 @@ static enum ndr_err_code ndr_pull_dfs_Info100(struct ndr_pull *ndr, int ndr_flag NDR_PULL_SET_MEM_CTX(ndr, r->comment, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->comment)); NDR_CHECK(ndr_pull_array_length(ndr, &r->comment)); - if (ndr_get_array_length(ndr, &r->comment) > ndr_get_array_size(ndr, &r->comment)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->comment), ndr_get_array_length(ndr, &r->comment)); + size_comment_1 = ndr_get_array_size(ndr, &r->comment); + length_comment_1 = ndr_get_array_length(ndr, &r->comment); + if (length_comment_1 > size_comment_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_comment_1, length_comment_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->comment), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->comment, ndr_get_array_length(ndr, &r->comment), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_comment_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->comment, length_comment_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_comment_0, 0); } } @@ -1317,6 +1379,8 @@ static enum ndr_err_code ndr_push_dfs_Info105(struct ndr_push *ndr, int ndr_flag static enum ndr_err_code ndr_pull_dfs_Info105(struct ndr_pull *ndr, int ndr_flags, struct dfs_Info105 *r) { uint32_t _ptr_comment; + uint32_t size_comment_1 = 0; + uint32_t length_comment_1 = 0; TALLOC_CTX *_mem_save_comment_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); @@ -1337,11 +1401,13 @@ static enum ndr_err_code ndr_pull_dfs_Info105(struct ndr_pull *ndr, int ndr_flag NDR_PULL_SET_MEM_CTX(ndr, r->comment, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->comment)); NDR_CHECK(ndr_pull_array_length(ndr, &r->comment)); - if (ndr_get_array_length(ndr, &r->comment) > ndr_get_array_size(ndr, &r->comment)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->comment), ndr_get_array_length(ndr, &r->comment)); + size_comment_1 = ndr_get_array_size(ndr, &r->comment); + length_comment_1 = ndr_get_array_length(ndr, &r->comment); + if (length_comment_1 > size_comment_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_comment_1, length_comment_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->comment), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->comment, ndr_get_array_length(ndr, &r->comment), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_comment_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->comment, length_comment_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_comment_0, 0); } } @@ -1418,6 +1484,8 @@ static enum ndr_err_code ndr_push_dfs_Info200(struct ndr_push *ndr, int ndr_flag static enum ndr_err_code ndr_pull_dfs_Info200(struct ndr_pull *ndr, int ndr_flags, struct dfs_Info200 *r) { uint32_t _ptr_dom_root; + uint32_t size_dom_root_1 = 0; + uint32_t length_dom_root_1 = 0; TALLOC_CTX *_mem_save_dom_root_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); @@ -1434,11 +1502,13 @@ static enum ndr_err_code ndr_pull_dfs_Info200(struct ndr_pull *ndr, int ndr_flag NDR_PULL_SET_MEM_CTX(ndr, r->dom_root, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->dom_root)); NDR_CHECK(ndr_pull_array_length(ndr, &r->dom_root)); - if (ndr_get_array_length(ndr, &r->dom_root) > ndr_get_array_size(ndr, &r->dom_root)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->dom_root), ndr_get_array_length(ndr, &r->dom_root)); + size_dom_root_1 = ndr_get_array_size(ndr, &r->dom_root); + length_dom_root_1 = ndr_get_array_length(ndr, &r->dom_root); + if (length_dom_root_1 > size_dom_root_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_dom_root_1, length_dom_root_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->dom_root), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->dom_root, ndr_get_array_length(ndr, &r->dom_root), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_dom_root_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->dom_root, length_dom_root_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_dom_root_0, 0); } } @@ -1504,6 +1574,8 @@ static enum ndr_err_code ndr_push_dfs_Info300(struct ndr_push *ndr, int ndr_flag static enum ndr_err_code ndr_pull_dfs_Info300(struct ndr_pull *ndr, int ndr_flags, struct dfs_Info300 *r) { uint32_t _ptr_dom_root; + uint32_t size_dom_root_1 = 0; + uint32_t length_dom_root_1 = 0; TALLOC_CTX *_mem_save_dom_root_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); @@ -1521,11 +1593,13 @@ static enum ndr_err_code ndr_pull_dfs_Info300(struct ndr_pull *ndr, int ndr_flag NDR_PULL_SET_MEM_CTX(ndr, r->dom_root, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->dom_root)); NDR_CHECK(ndr_pull_array_length(ndr, &r->dom_root)); - if (ndr_get_array_length(ndr, &r->dom_root) > ndr_get_array_size(ndr, &r->dom_root)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->dom_root), ndr_get_array_length(ndr, &r->dom_root)); + size_dom_root_1 = ndr_get_array_size(ndr, &r->dom_root); + length_dom_root_1 = ndr_get_array_length(ndr, &r->dom_root); + if (length_dom_root_1 > size_dom_root_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_dom_root_1, length_dom_root_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->dom_root), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->dom_root, ndr_get_array_length(ndr, &r->dom_root), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_dom_root_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->dom_root, length_dom_root_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_dom_root_0, 0); } } @@ -1721,20 +1795,35 @@ static enum ndr_err_code ndr_pull_dfs_Info(struct ndr_pull *ndr, int ndr_flags, int level; uint32_t _level; TALLOC_CTX *_mem_save_info0_0; + uint32_t _ptr_info0; TALLOC_CTX *_mem_save_info1_0; + uint32_t _ptr_info1; TALLOC_CTX *_mem_save_info2_0; + uint32_t _ptr_info2; TALLOC_CTX *_mem_save_info3_0; + uint32_t _ptr_info3; TALLOC_CTX *_mem_save_info4_0; + uint32_t _ptr_info4; TALLOC_CTX *_mem_save_info5_0; + uint32_t _ptr_info5; TALLOC_CTX *_mem_save_info6_0; + uint32_t _ptr_info6; TALLOC_CTX *_mem_save_info7_0; + uint32_t _ptr_info7; TALLOC_CTX *_mem_save_info100_0; + uint32_t _ptr_info100; TALLOC_CTX *_mem_save_info101_0; + uint32_t _ptr_info101; TALLOC_CTX *_mem_save_info102_0; + uint32_t _ptr_info102; TALLOC_CTX *_mem_save_info103_0; + uint32_t _ptr_info103; TALLOC_CTX *_mem_save_info104_0; + uint32_t _ptr_info104; TALLOC_CTX *_mem_save_info105_0; + uint32_t _ptr_info105; TALLOC_CTX *_mem_save_info106_0; + uint32_t _ptr_info106; level = ndr_pull_get_switch_value(ndr, r); if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &_level)); @@ -1743,7 +1832,6 @@ static enum ndr_err_code ndr_pull_dfs_Info(struct ndr_pull *ndr, int ndr_flags, } switch (level) { case 0: { - uint32_t _ptr_info0; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info0)); if (_ptr_info0) { NDR_PULL_ALLOC(ndr, r->info0); @@ -1753,7 +1841,6 @@ static enum ndr_err_code ndr_pull_dfs_Info(struct ndr_pull *ndr, int ndr_flags, break; } case 1: { - uint32_t _ptr_info1; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info1)); if (_ptr_info1) { NDR_PULL_ALLOC(ndr, r->info1); @@ -1763,7 +1850,6 @@ static enum ndr_err_code ndr_pull_dfs_Info(struct ndr_pull *ndr, int ndr_flags, break; } case 2: { - uint32_t _ptr_info2; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info2)); if (_ptr_info2) { NDR_PULL_ALLOC(ndr, r->info2); @@ -1773,7 +1859,6 @@ static enum ndr_err_code ndr_pull_dfs_Info(struct ndr_pull *ndr, int ndr_flags, break; } case 3: { - uint32_t _ptr_info3; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info3)); if (_ptr_info3) { NDR_PULL_ALLOC(ndr, r->info3); @@ -1783,7 +1868,6 @@ static enum ndr_err_code ndr_pull_dfs_Info(struct ndr_pull *ndr, int ndr_flags, break; } case 4: { - uint32_t _ptr_info4; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info4)); if (_ptr_info4) { NDR_PULL_ALLOC(ndr, r->info4); @@ -1793,7 +1877,6 @@ static enum ndr_err_code ndr_pull_dfs_Info(struct ndr_pull *ndr, int ndr_flags, break; } case 5: { - uint32_t _ptr_info5; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info5)); if (_ptr_info5) { NDR_PULL_ALLOC(ndr, r->info5); @@ -1803,7 +1886,6 @@ static enum ndr_err_code ndr_pull_dfs_Info(struct ndr_pull *ndr, int ndr_flags, break; } case 6: { - uint32_t _ptr_info6; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info6)); if (_ptr_info6) { NDR_PULL_ALLOC(ndr, r->info6); @@ -1813,7 +1895,6 @@ static enum ndr_err_code ndr_pull_dfs_Info(struct ndr_pull *ndr, int ndr_flags, break; } case 7: { - uint32_t _ptr_info7; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info7)); if (_ptr_info7) { NDR_PULL_ALLOC(ndr, r->info7); @@ -1823,7 +1904,6 @@ static enum ndr_err_code ndr_pull_dfs_Info(struct ndr_pull *ndr, int ndr_flags, break; } case 100: { - uint32_t _ptr_info100; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info100)); if (_ptr_info100) { NDR_PULL_ALLOC(ndr, r->info100); @@ -1833,7 +1913,6 @@ static enum ndr_err_code ndr_pull_dfs_Info(struct ndr_pull *ndr, int ndr_flags, break; } case 101: { - uint32_t _ptr_info101; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info101)); if (_ptr_info101) { NDR_PULL_ALLOC(ndr, r->info101); @@ -1843,7 +1922,6 @@ static enum ndr_err_code ndr_pull_dfs_Info(struct ndr_pull *ndr, int ndr_flags, break; } case 102: { - uint32_t _ptr_info102; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info102)); if (_ptr_info102) { NDR_PULL_ALLOC(ndr, r->info102); @@ -1853,7 +1931,6 @@ static enum ndr_err_code ndr_pull_dfs_Info(struct ndr_pull *ndr, int ndr_flags, break; } case 103: { - uint32_t _ptr_info103; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info103)); if (_ptr_info103) { NDR_PULL_ALLOC(ndr, r->info103); @@ -1863,7 +1940,6 @@ static enum ndr_err_code ndr_pull_dfs_Info(struct ndr_pull *ndr, int ndr_flags, break; } case 104: { - uint32_t _ptr_info104; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info104)); if (_ptr_info104) { NDR_PULL_ALLOC(ndr, r->info104); @@ -1873,7 +1949,6 @@ static enum ndr_err_code ndr_pull_dfs_Info(struct ndr_pull *ndr, int ndr_flags, break; } case 105: { - uint32_t _ptr_info105; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info105)); if (_ptr_info105) { NDR_PULL_ALLOC(ndr, r->info105); @@ -1883,7 +1958,6 @@ static enum ndr_err_code ndr_pull_dfs_Info(struct ndr_pull *ndr, int ndr_flags, break; } case 106: { - uint32_t _ptr_info106; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info106)); if (_ptr_info106) { NDR_PULL_ALLOC(ndr, r->info106); @@ -2211,6 +2285,7 @@ static enum ndr_err_code ndr_push_dfs_EnumArray1(struct ndr_push *ndr, int ndr_f static enum ndr_err_code ndr_pull_dfs_EnumArray1(struct ndr_pull *ndr, int ndr_flags, struct dfs_EnumArray1 *r) { uint32_t _ptr_s; + uint32_t size_s_1 = 0; uint32_t cntr_s_1; TALLOC_CTX *_mem_save_s_0; TALLOC_CTX *_mem_save_s_1; @@ -2229,13 +2304,14 @@ static enum ndr_err_code ndr_pull_dfs_EnumArray1(struct ndr_pull *ndr, int ndr_f _mem_save_s_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->s, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->s)); - NDR_PULL_ALLOC_N(ndr, r->s, ndr_get_array_size(ndr, &r->s)); + size_s_1 = ndr_get_array_size(ndr, &r->s); + NDR_PULL_ALLOC_N(ndr, r->s, size_s_1); _mem_save_s_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->s, 0); - for (cntr_s_1 = 0; cntr_s_1 < r->count; cntr_s_1++) { + for (cntr_s_1 = 0; cntr_s_1 < size_s_1; cntr_s_1++) { NDR_CHECK(ndr_pull_dfs_Info1(ndr, NDR_SCALARS, &r->s[cntr_s_1])); } - for (cntr_s_1 = 0; cntr_s_1 < r->count; cntr_s_1++) { + for (cntr_s_1 = 0; cntr_s_1 < size_s_1; cntr_s_1++) { NDR_CHECK(ndr_pull_dfs_Info1(ndr, NDR_BUFFERS, &r->s[cntr_s_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_s_1, 0); @@ -2297,6 +2373,7 @@ static enum ndr_err_code ndr_push_dfs_EnumArray2(struct ndr_push *ndr, int ndr_f static enum ndr_err_code ndr_pull_dfs_EnumArray2(struct ndr_pull *ndr, int ndr_flags, struct dfs_EnumArray2 *r) { uint32_t _ptr_s; + uint32_t size_s_1 = 0; uint32_t cntr_s_1; TALLOC_CTX *_mem_save_s_0; TALLOC_CTX *_mem_save_s_1; @@ -2315,13 +2392,14 @@ static enum ndr_err_code ndr_pull_dfs_EnumArray2(struct ndr_pull *ndr, int ndr_f _mem_save_s_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->s, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->s)); - NDR_PULL_ALLOC_N(ndr, r->s, ndr_get_array_size(ndr, &r->s)); + size_s_1 = ndr_get_array_size(ndr, &r->s); + NDR_PULL_ALLOC_N(ndr, r->s, size_s_1); _mem_save_s_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->s, 0); - for (cntr_s_1 = 0; cntr_s_1 < r->count; cntr_s_1++) { + for (cntr_s_1 = 0; cntr_s_1 < size_s_1; cntr_s_1++) { NDR_CHECK(ndr_pull_dfs_Info2(ndr, NDR_SCALARS, &r->s[cntr_s_1])); } - for (cntr_s_1 = 0; cntr_s_1 < r->count; cntr_s_1++) { + for (cntr_s_1 = 0; cntr_s_1 < size_s_1; cntr_s_1++) { NDR_CHECK(ndr_pull_dfs_Info2(ndr, NDR_BUFFERS, &r->s[cntr_s_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_s_1, 0); @@ -2383,6 +2461,7 @@ static enum ndr_err_code ndr_push_dfs_EnumArray3(struct ndr_push *ndr, int ndr_f static enum ndr_err_code ndr_pull_dfs_EnumArray3(struct ndr_pull *ndr, int ndr_flags, struct dfs_EnumArray3 *r) { uint32_t _ptr_s; + uint32_t size_s_1 = 0; uint32_t cntr_s_1; TALLOC_CTX *_mem_save_s_0; TALLOC_CTX *_mem_save_s_1; @@ -2401,13 +2480,14 @@ static enum ndr_err_code ndr_pull_dfs_EnumArray3(struct ndr_pull *ndr, int ndr_f _mem_save_s_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->s, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->s)); - NDR_PULL_ALLOC_N(ndr, r->s, ndr_get_array_size(ndr, &r->s)); + size_s_1 = ndr_get_array_size(ndr, &r->s); + NDR_PULL_ALLOC_N(ndr, r->s, size_s_1); _mem_save_s_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->s, 0); - for (cntr_s_1 = 0; cntr_s_1 < r->count; cntr_s_1++) { + for (cntr_s_1 = 0; cntr_s_1 < size_s_1; cntr_s_1++) { NDR_CHECK(ndr_pull_dfs_Info3(ndr, NDR_SCALARS, &r->s[cntr_s_1])); } - for (cntr_s_1 = 0; cntr_s_1 < r->count; cntr_s_1++) { + for (cntr_s_1 = 0; cntr_s_1 < size_s_1; cntr_s_1++) { NDR_CHECK(ndr_pull_dfs_Info3(ndr, NDR_BUFFERS, &r->s[cntr_s_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_s_1, 0); @@ -2469,6 +2549,7 @@ static enum ndr_err_code ndr_push_dfs_EnumArray4(struct ndr_push *ndr, int ndr_f static enum ndr_err_code ndr_pull_dfs_EnumArray4(struct ndr_pull *ndr, int ndr_flags, struct dfs_EnumArray4 *r) { uint32_t _ptr_s; + uint32_t size_s_1 = 0; uint32_t cntr_s_1; TALLOC_CTX *_mem_save_s_0; TALLOC_CTX *_mem_save_s_1; @@ -2487,13 +2568,14 @@ static enum ndr_err_code ndr_pull_dfs_EnumArray4(struct ndr_pull *ndr, int ndr_f _mem_save_s_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->s, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->s)); - NDR_PULL_ALLOC_N(ndr, r->s, ndr_get_array_size(ndr, &r->s)); + size_s_1 = ndr_get_array_size(ndr, &r->s); + NDR_PULL_ALLOC_N(ndr, r->s, size_s_1); _mem_save_s_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->s, 0); - for (cntr_s_1 = 0; cntr_s_1 < r->count; cntr_s_1++) { + for (cntr_s_1 = 0; cntr_s_1 < size_s_1; cntr_s_1++) { NDR_CHECK(ndr_pull_dfs_Info4(ndr, NDR_SCALARS, &r->s[cntr_s_1])); } - for (cntr_s_1 = 0; cntr_s_1 < r->count; cntr_s_1++) { + for (cntr_s_1 = 0; cntr_s_1 < size_s_1; cntr_s_1++) { NDR_CHECK(ndr_pull_dfs_Info4(ndr, NDR_BUFFERS, &r->s[cntr_s_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_s_1, 0); @@ -2555,6 +2637,7 @@ static enum ndr_err_code ndr_push_dfs_EnumArray5(struct ndr_push *ndr, int ndr_f static enum ndr_err_code ndr_pull_dfs_EnumArray5(struct ndr_pull *ndr, int ndr_flags, struct dfs_EnumArray5 *r) { uint32_t _ptr_s; + uint32_t size_s_1 = 0; uint32_t cntr_s_1; TALLOC_CTX *_mem_save_s_0; TALLOC_CTX *_mem_save_s_1; @@ -2573,13 +2656,14 @@ static enum ndr_err_code ndr_pull_dfs_EnumArray5(struct ndr_pull *ndr, int ndr_f _mem_save_s_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->s, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->s)); - NDR_PULL_ALLOC_N(ndr, r->s, ndr_get_array_size(ndr, &r->s)); + size_s_1 = ndr_get_array_size(ndr, &r->s); + NDR_PULL_ALLOC_N(ndr, r->s, size_s_1); _mem_save_s_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->s, 0); - for (cntr_s_1 = 0; cntr_s_1 < r->count; cntr_s_1++) { + for (cntr_s_1 = 0; cntr_s_1 < size_s_1; cntr_s_1++) { NDR_CHECK(ndr_pull_dfs_Info5(ndr, NDR_SCALARS, &r->s[cntr_s_1])); } - for (cntr_s_1 = 0; cntr_s_1 < r->count; cntr_s_1++) { + for (cntr_s_1 = 0; cntr_s_1 < size_s_1; cntr_s_1++) { NDR_CHECK(ndr_pull_dfs_Info5(ndr, NDR_BUFFERS, &r->s[cntr_s_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_s_1, 0); @@ -2641,6 +2725,7 @@ static enum ndr_err_code ndr_push_dfs_EnumArray6(struct ndr_push *ndr, int ndr_f static enum ndr_err_code ndr_pull_dfs_EnumArray6(struct ndr_pull *ndr, int ndr_flags, struct dfs_EnumArray6 *r) { uint32_t _ptr_s; + uint32_t size_s_1 = 0; uint32_t cntr_s_1; TALLOC_CTX *_mem_save_s_0; TALLOC_CTX *_mem_save_s_1; @@ -2659,13 +2744,14 @@ static enum ndr_err_code ndr_pull_dfs_EnumArray6(struct ndr_pull *ndr, int ndr_f _mem_save_s_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->s, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->s)); - NDR_PULL_ALLOC_N(ndr, r->s, ndr_get_array_size(ndr, &r->s)); + size_s_1 = ndr_get_array_size(ndr, &r->s); + NDR_PULL_ALLOC_N(ndr, r->s, size_s_1); _mem_save_s_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->s, 0); - for (cntr_s_1 = 0; cntr_s_1 < r->count; cntr_s_1++) { + for (cntr_s_1 = 0; cntr_s_1 < size_s_1; cntr_s_1++) { NDR_CHECK(ndr_pull_dfs_Info6(ndr, NDR_SCALARS, &r->s[cntr_s_1])); } - for (cntr_s_1 = 0; cntr_s_1 < r->count; cntr_s_1++) { + for (cntr_s_1 = 0; cntr_s_1 < size_s_1; cntr_s_1++) { NDR_CHECK(ndr_pull_dfs_Info6(ndr, NDR_BUFFERS, &r->s[cntr_s_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_s_1, 0); @@ -2727,6 +2813,7 @@ static enum ndr_err_code ndr_push_dfs_EnumArray200(struct ndr_push *ndr, int ndr static enum ndr_err_code ndr_pull_dfs_EnumArray200(struct ndr_pull *ndr, int ndr_flags, struct dfs_EnumArray200 *r) { uint32_t _ptr_s; + uint32_t size_s_1 = 0; uint32_t cntr_s_1; TALLOC_CTX *_mem_save_s_0; TALLOC_CTX *_mem_save_s_1; @@ -2745,13 +2832,14 @@ static enum ndr_err_code ndr_pull_dfs_EnumArray200(struct ndr_pull *ndr, int ndr _mem_save_s_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->s, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->s)); - NDR_PULL_ALLOC_N(ndr, r->s, ndr_get_array_size(ndr, &r->s)); + size_s_1 = ndr_get_array_size(ndr, &r->s); + NDR_PULL_ALLOC_N(ndr, r->s, size_s_1); _mem_save_s_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->s, 0); - for (cntr_s_1 = 0; cntr_s_1 < r->count; cntr_s_1++) { + for (cntr_s_1 = 0; cntr_s_1 < size_s_1; cntr_s_1++) { NDR_CHECK(ndr_pull_dfs_Info200(ndr, NDR_SCALARS, &r->s[cntr_s_1])); } - for (cntr_s_1 = 0; cntr_s_1 < r->count; cntr_s_1++) { + for (cntr_s_1 = 0; cntr_s_1 < size_s_1; cntr_s_1++) { NDR_CHECK(ndr_pull_dfs_Info200(ndr, NDR_BUFFERS, &r->s[cntr_s_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_s_1, 0); @@ -2813,6 +2901,7 @@ static enum ndr_err_code ndr_push_dfs_EnumArray300(struct ndr_push *ndr, int ndr static enum ndr_err_code ndr_pull_dfs_EnumArray300(struct ndr_pull *ndr, int ndr_flags, struct dfs_EnumArray300 *r) { uint32_t _ptr_s; + uint32_t size_s_1 = 0; uint32_t cntr_s_1; TALLOC_CTX *_mem_save_s_0; TALLOC_CTX *_mem_save_s_1; @@ -2831,13 +2920,14 @@ static enum ndr_err_code ndr_pull_dfs_EnumArray300(struct ndr_pull *ndr, int ndr _mem_save_s_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->s, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->s)); - NDR_PULL_ALLOC_N(ndr, r->s, ndr_get_array_size(ndr, &r->s)); + size_s_1 = ndr_get_array_size(ndr, &r->s); + NDR_PULL_ALLOC_N(ndr, r->s, size_s_1); _mem_save_s_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->s, 0); - for (cntr_s_1 = 0; cntr_s_1 < r->count; cntr_s_1++) { + for (cntr_s_1 = 0; cntr_s_1 < size_s_1; cntr_s_1++) { NDR_CHECK(ndr_pull_dfs_Info300(ndr, NDR_SCALARS, &r->s[cntr_s_1])); } - for (cntr_s_1 = 0; cntr_s_1 < r->count; cntr_s_1++) { + for (cntr_s_1 = 0; cntr_s_1 < size_s_1; cntr_s_1++) { NDR_CHECK(ndr_pull_dfs_Info300(ndr, NDR_BUFFERS, &r->s[cntr_s_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_s_1, 0); @@ -2979,13 +3069,21 @@ static enum ndr_err_code ndr_pull_dfs_EnumInfo(struct ndr_pull *ndr, int ndr_fla int level; uint32_t _level; TALLOC_CTX *_mem_save_info1_0; + uint32_t _ptr_info1; TALLOC_CTX *_mem_save_info2_0; + uint32_t _ptr_info2; TALLOC_CTX *_mem_save_info3_0; + uint32_t _ptr_info3; TALLOC_CTX *_mem_save_info4_0; + uint32_t _ptr_info4; TALLOC_CTX *_mem_save_info5_0; + uint32_t _ptr_info5; TALLOC_CTX *_mem_save_info6_0; + uint32_t _ptr_info6; TALLOC_CTX *_mem_save_info200_0; + uint32_t _ptr_info200; TALLOC_CTX *_mem_save_info300_0; + uint32_t _ptr_info300; level = ndr_pull_get_switch_value(ndr, r); if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &_level)); @@ -2994,7 +3092,6 @@ static enum ndr_err_code ndr_pull_dfs_EnumInfo(struct ndr_pull *ndr, int ndr_fla } switch (level) { case 1: { - uint32_t _ptr_info1; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info1)); if (_ptr_info1) { NDR_PULL_ALLOC(ndr, r->info1); @@ -3004,7 +3101,6 @@ static enum ndr_err_code ndr_pull_dfs_EnumInfo(struct ndr_pull *ndr, int ndr_fla break; } case 2: { - uint32_t _ptr_info2; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info2)); if (_ptr_info2) { NDR_PULL_ALLOC(ndr, r->info2); @@ -3014,7 +3110,6 @@ static enum ndr_err_code ndr_pull_dfs_EnumInfo(struct ndr_pull *ndr, int ndr_fla break; } case 3: { - uint32_t _ptr_info3; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info3)); if (_ptr_info3) { NDR_PULL_ALLOC(ndr, r->info3); @@ -3024,7 +3119,6 @@ static enum ndr_err_code ndr_pull_dfs_EnumInfo(struct ndr_pull *ndr, int ndr_fla break; } case 4: { - uint32_t _ptr_info4; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info4)); if (_ptr_info4) { NDR_PULL_ALLOC(ndr, r->info4); @@ -3034,7 +3128,6 @@ static enum ndr_err_code ndr_pull_dfs_EnumInfo(struct ndr_pull *ndr, int ndr_fla break; } case 5: { - uint32_t _ptr_info5; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info5)); if (_ptr_info5) { NDR_PULL_ALLOC(ndr, r->info5); @@ -3044,7 +3137,6 @@ static enum ndr_err_code ndr_pull_dfs_EnumInfo(struct ndr_pull *ndr, int ndr_fla break; } case 6: { - uint32_t _ptr_info6; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info6)); if (_ptr_info6) { NDR_PULL_ALLOC(ndr, r->info6); @@ -3054,7 +3146,6 @@ static enum ndr_err_code ndr_pull_dfs_EnumInfo(struct ndr_pull *ndr, int ndr_fla break; } case 200: { - uint32_t _ptr_info200; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info200)); if (_ptr_info200) { NDR_PULL_ALLOC(ndr, r->info200); @@ -3064,7 +3155,6 @@ static enum ndr_err_code ndr_pull_dfs_EnumInfo(struct ndr_pull *ndr, int ndr_fla break; } case 300: { - uint32_t _ptr_info300; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info300)); if (_ptr_info300) { NDR_PULL_ALLOC(ndr, r->info300); @@ -3300,6 +3390,8 @@ static enum ndr_err_code ndr_push_dfs_UnknownStruct(struct ndr_push *ndr, int nd static enum ndr_err_code ndr_pull_dfs_UnknownStruct(struct ndr_pull *ndr, int ndr_flags, struct dfs_UnknownStruct *r) { uint32_t _ptr_unknown2; + uint32_t size_unknown2_1 = 0; + uint32_t length_unknown2_1 = 0; TALLOC_CTX *_mem_save_unknown2_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); @@ -3317,11 +3409,13 @@ static enum ndr_err_code ndr_pull_dfs_UnknownStruct(struct ndr_pull *ndr, int nd NDR_PULL_SET_MEM_CTX(ndr, r->unknown2, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->unknown2)); NDR_CHECK(ndr_pull_array_length(ndr, &r->unknown2)); - if (ndr_get_array_length(ndr, &r->unknown2) > ndr_get_array_size(ndr, &r->unknown2)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->unknown2), ndr_get_array_length(ndr, &r->unknown2)); + size_unknown2_1 = ndr_get_array_size(ndr, &r->unknown2); + length_unknown2_1 = ndr_get_array_length(ndr, &r->unknown2); + if (length_unknown2_1 > size_unknown2_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_unknown2_1, length_unknown2_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->unknown2), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->unknown2, ndr_get_array_length(ndr, &r->unknown2), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_unknown2_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->unknown2, length_unknown2_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_unknown2_0, 0); } } @@ -3441,25 +3535,37 @@ static enum ndr_err_code ndr_push_dfs_Add(struct ndr_push *ndr, int flags, const static enum ndr_err_code ndr_pull_dfs_Add(struct ndr_pull *ndr, int flags, struct dfs_Add *r) { + uint32_t size_path_1 = 0; + uint32_t length_path_1 = 0; + uint32_t size_server_1 = 0; + uint32_t length_server_1 = 0; uint32_t _ptr_share; + uint32_t size_share_1 = 0; + uint32_t length_share_1 = 0; uint32_t _ptr_comment; + uint32_t size_comment_1 = 0; + uint32_t length_comment_1 = 0; TALLOC_CTX *_mem_save_share_0; TALLOC_CTX *_mem_save_comment_0; if (flags & NDR_IN) { NDR_CHECK(ndr_pull_array_size(ndr, &r->in.path)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.path)); - if (ndr_get_array_length(ndr, &r->in.path) > ndr_get_array_size(ndr, &r->in.path)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.path), ndr_get_array_length(ndr, &r->in.path)); + size_path_1 = ndr_get_array_size(ndr, &r->in.path); + length_path_1 = ndr_get_array_length(ndr, &r->in.path); + if (length_path_1 > size_path_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_path_1, length_path_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.path), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.path, ndr_get_array_length(ndr, &r->in.path), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_path_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.path, length_path_1, sizeof(uint16_t), CH_UTF16)); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.server)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.server)); - if (ndr_get_array_length(ndr, &r->in.server) > ndr_get_array_size(ndr, &r->in.server)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.server), ndr_get_array_length(ndr, &r->in.server)); + size_server_1 = ndr_get_array_size(ndr, &r->in.server); + length_server_1 = ndr_get_array_length(ndr, &r->in.server); + if (length_server_1 > size_server_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_1, length_server_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.server), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server, ndr_get_array_length(ndr, &r->in.server), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server, length_server_1, sizeof(uint16_t), CH_UTF16)); NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_share)); if (_ptr_share) { NDR_PULL_ALLOC(ndr, r->in.share); @@ -3471,11 +3577,13 @@ static enum ndr_err_code ndr_pull_dfs_Add(struct ndr_pull *ndr, int flags, struc NDR_PULL_SET_MEM_CTX(ndr, r->in.share, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.share)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.share)); - if (ndr_get_array_length(ndr, &r->in.share) > ndr_get_array_size(ndr, &r->in.share)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.share), ndr_get_array_length(ndr, &r->in.share)); + size_share_1 = ndr_get_array_size(ndr, &r->in.share); + length_share_1 = ndr_get_array_length(ndr, &r->in.share); + if (length_share_1 > size_share_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_share_1, length_share_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.share), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.share, ndr_get_array_length(ndr, &r->in.share), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_share_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.share, length_share_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_share_0, 0); } NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_comment)); @@ -3489,11 +3597,13 @@ static enum ndr_err_code ndr_pull_dfs_Add(struct ndr_pull *ndr, int flags, struc NDR_PULL_SET_MEM_CTX(ndr, r->in.comment, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.comment)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.comment)); - if (ndr_get_array_length(ndr, &r->in.comment) > ndr_get_array_size(ndr, &r->in.comment)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.comment), ndr_get_array_length(ndr, &r->in.comment)); + size_comment_1 = ndr_get_array_size(ndr, &r->in.comment); + length_comment_1 = ndr_get_array_length(ndr, &r->in.comment); + if (length_comment_1 > size_comment_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_comment_1, length_comment_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.comment), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.comment, ndr_get_array_length(ndr, &r->in.comment), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_comment_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.comment, length_comment_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_comment_0, 0); } NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.flags)); @@ -3579,18 +3689,26 @@ static enum ndr_err_code ndr_push_dfs_Remove(struct ndr_push *ndr, int flags, co static enum ndr_err_code ndr_pull_dfs_Remove(struct ndr_pull *ndr, int flags, struct dfs_Remove *r) { + uint32_t size_dfs_entry_path_1 = 0; + uint32_t length_dfs_entry_path_1 = 0; uint32_t _ptr_servername; + uint32_t size_servername_1 = 0; + uint32_t length_servername_1 = 0; uint32_t _ptr_sharename; + uint32_t size_sharename_1 = 0; + uint32_t length_sharename_1 = 0; TALLOC_CTX *_mem_save_servername_0; TALLOC_CTX *_mem_save_sharename_0; if (flags & NDR_IN) { NDR_CHECK(ndr_pull_array_size(ndr, &r->in.dfs_entry_path)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.dfs_entry_path)); - if (ndr_get_array_length(ndr, &r->in.dfs_entry_path) > ndr_get_array_size(ndr, &r->in.dfs_entry_path)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.dfs_entry_path), ndr_get_array_length(ndr, &r->in.dfs_entry_path)); + size_dfs_entry_path_1 = ndr_get_array_size(ndr, &r->in.dfs_entry_path); + length_dfs_entry_path_1 = ndr_get_array_length(ndr, &r->in.dfs_entry_path); + if (length_dfs_entry_path_1 > size_dfs_entry_path_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_dfs_entry_path_1, length_dfs_entry_path_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.dfs_entry_path), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.dfs_entry_path, ndr_get_array_length(ndr, &r->in.dfs_entry_path), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_dfs_entry_path_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.dfs_entry_path, length_dfs_entry_path_1, sizeof(uint16_t), CH_UTF16)); NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_servername)); if (_ptr_servername) { NDR_PULL_ALLOC(ndr, r->in.servername); @@ -3602,11 +3720,13 @@ static enum ndr_err_code ndr_pull_dfs_Remove(struct ndr_pull *ndr, int flags, st NDR_PULL_SET_MEM_CTX(ndr, r->in.servername, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.servername)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.servername)); - if (ndr_get_array_length(ndr, &r->in.servername) > ndr_get_array_size(ndr, &r->in.servername)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.servername), ndr_get_array_length(ndr, &r->in.servername)); + size_servername_1 = ndr_get_array_size(ndr, &r->in.servername); + length_servername_1 = ndr_get_array_length(ndr, &r->in.servername); + if (length_servername_1 > size_servername_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_servername_1, length_servername_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.servername), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.servername, ndr_get_array_length(ndr, &r->in.servername), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_servername_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.servername, length_servername_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_servername_0, 0); } NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_sharename)); @@ -3620,11 +3740,13 @@ static enum ndr_err_code ndr_pull_dfs_Remove(struct ndr_pull *ndr, int flags, st NDR_PULL_SET_MEM_CTX(ndr, r->in.sharename, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.sharename)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.sharename)); - if (ndr_get_array_length(ndr, &r->in.sharename) > ndr_get_array_size(ndr, &r->in.sharename)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.sharename), ndr_get_array_length(ndr, &r->in.sharename)); + size_sharename_1 = ndr_get_array_size(ndr, &r->in.sharename); + length_sharename_1 = ndr_get_array_length(ndr, &r->in.sharename); + if (length_sharename_1 > size_sharename_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_sharename_1, length_sharename_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.sharename), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.sharename, ndr_get_array_length(ndr, &r->in.sharename), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_sharename_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.sharename, length_sharename_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_sharename_0, 0); } } @@ -3707,19 +3829,27 @@ static enum ndr_err_code ndr_push_dfs_SetInfo(struct ndr_push *ndr, int flags, c static enum ndr_err_code ndr_pull_dfs_SetInfo(struct ndr_pull *ndr, int flags, struct dfs_SetInfo *r) { + uint32_t size_dfs_entry_path_0 = 0; + uint32_t length_dfs_entry_path_0 = 0; uint32_t _ptr_servername; + uint32_t size_servername_1 = 0; + uint32_t length_servername_1 = 0; uint32_t _ptr_sharename; + uint32_t size_sharename_1 = 0; + uint32_t length_sharename_1 = 0; TALLOC_CTX *_mem_save_servername_0; TALLOC_CTX *_mem_save_sharename_0; TALLOC_CTX *_mem_save_info_0; if (flags & NDR_IN) { NDR_CHECK(ndr_pull_array_size(ndr, &r->in.dfs_entry_path)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.dfs_entry_path)); - if (ndr_get_array_length(ndr, &r->in.dfs_entry_path) > ndr_get_array_size(ndr, &r->in.dfs_entry_path)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.dfs_entry_path), ndr_get_array_length(ndr, &r->in.dfs_entry_path)); + size_dfs_entry_path_0 = ndr_get_array_size(ndr, &r->in.dfs_entry_path); + length_dfs_entry_path_0 = ndr_get_array_length(ndr, &r->in.dfs_entry_path); + if (length_dfs_entry_path_0 > size_dfs_entry_path_0) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_dfs_entry_path_0, length_dfs_entry_path_0); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.dfs_entry_path), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.dfs_entry_path, ndr_get_array_length(ndr, &r->in.dfs_entry_path), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_dfs_entry_path_0, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.dfs_entry_path, length_dfs_entry_path_0, sizeof(uint16_t), CH_UTF16)); NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_servername)); if (_ptr_servername) { NDR_PULL_ALLOC(ndr, r->in.servername); @@ -3731,11 +3861,13 @@ static enum ndr_err_code ndr_pull_dfs_SetInfo(struct ndr_pull *ndr, int flags, s NDR_PULL_SET_MEM_CTX(ndr, r->in.servername, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.servername)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.servername)); - if (ndr_get_array_length(ndr, &r->in.servername) > ndr_get_array_size(ndr, &r->in.servername)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.servername), ndr_get_array_length(ndr, &r->in.servername)); + size_servername_1 = ndr_get_array_size(ndr, &r->in.servername); + length_servername_1 = ndr_get_array_length(ndr, &r->in.servername); + if (length_servername_1 > size_servername_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_servername_1, length_servername_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.servername), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.servername, ndr_get_array_length(ndr, &r->in.servername), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_servername_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.servername, length_servername_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_servername_0, 0); } NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_sharename)); @@ -3749,11 +3881,13 @@ static enum ndr_err_code ndr_pull_dfs_SetInfo(struct ndr_pull *ndr, int flags, s NDR_PULL_SET_MEM_CTX(ndr, r->in.sharename, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.sharename)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.sharename)); - if (ndr_get_array_length(ndr, &r->in.sharename) > ndr_get_array_size(ndr, &r->in.sharename)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.sharename), ndr_get_array_length(ndr, &r->in.sharename)); + size_sharename_1 = ndr_get_array_size(ndr, &r->in.sharename); + length_sharename_1 = ndr_get_array_length(ndr, &r->in.sharename); + if (length_sharename_1 > size_sharename_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_sharename_1, length_sharename_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.sharename), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.sharename, ndr_get_array_length(ndr, &r->in.sharename), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_sharename_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.sharename, length_sharename_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_sharename_0, 0); } NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.level)); @@ -3848,8 +3982,14 @@ static enum ndr_err_code ndr_push_dfs_GetInfo(struct ndr_push *ndr, int flags, c static enum ndr_err_code ndr_pull_dfs_GetInfo(struct ndr_pull *ndr, int flags, struct dfs_GetInfo *r) { + uint32_t size_dfs_entry_path_0 = 0; + uint32_t length_dfs_entry_path_0 = 0; uint32_t _ptr_servername; + uint32_t size_servername_1 = 0; + uint32_t length_servername_1 = 0; uint32_t _ptr_sharename; + uint32_t size_sharename_1 = 0; + uint32_t length_sharename_1 = 0; TALLOC_CTX *_mem_save_servername_0; TALLOC_CTX *_mem_save_sharename_0; TALLOC_CTX *_mem_save_info_0; @@ -3858,11 +3998,13 @@ static enum ndr_err_code ndr_pull_dfs_GetInfo(struct ndr_pull *ndr, int flags, s NDR_CHECK(ndr_pull_array_size(ndr, &r->in.dfs_entry_path)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.dfs_entry_path)); - if (ndr_get_array_length(ndr, &r->in.dfs_entry_path) > ndr_get_array_size(ndr, &r->in.dfs_entry_path)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.dfs_entry_path), ndr_get_array_length(ndr, &r->in.dfs_entry_path)); + size_dfs_entry_path_0 = ndr_get_array_size(ndr, &r->in.dfs_entry_path); + length_dfs_entry_path_0 = ndr_get_array_length(ndr, &r->in.dfs_entry_path); + if (length_dfs_entry_path_0 > size_dfs_entry_path_0) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_dfs_entry_path_0, length_dfs_entry_path_0); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.dfs_entry_path), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.dfs_entry_path, ndr_get_array_length(ndr, &r->in.dfs_entry_path), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_dfs_entry_path_0, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.dfs_entry_path, length_dfs_entry_path_0, sizeof(uint16_t), CH_UTF16)); NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_servername)); if (_ptr_servername) { NDR_PULL_ALLOC(ndr, r->in.servername); @@ -3874,11 +4016,13 @@ static enum ndr_err_code ndr_pull_dfs_GetInfo(struct ndr_pull *ndr, int flags, s NDR_PULL_SET_MEM_CTX(ndr, r->in.servername, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.servername)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.servername)); - if (ndr_get_array_length(ndr, &r->in.servername) > ndr_get_array_size(ndr, &r->in.servername)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.servername), ndr_get_array_length(ndr, &r->in.servername)); + size_servername_1 = ndr_get_array_size(ndr, &r->in.servername); + length_servername_1 = ndr_get_array_length(ndr, &r->in.servername); + if (length_servername_1 > size_servername_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_servername_1, length_servername_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.servername), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.servername, ndr_get_array_length(ndr, &r->in.servername), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_servername_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.servername, length_servername_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_servername_0, 0); } NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_sharename)); @@ -3892,11 +4036,13 @@ static enum ndr_err_code ndr_pull_dfs_GetInfo(struct ndr_pull *ndr, int flags, s NDR_PULL_SET_MEM_CTX(ndr, r->in.sharename, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.sharename)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.sharename)); - if (ndr_get_array_length(ndr, &r->in.sharename) > ndr_get_array_size(ndr, &r->in.sharename)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.sharename), ndr_get_array_length(ndr, &r->in.sharename)); + size_sharename_1 = ndr_get_array_size(ndr, &r->in.sharename); + length_sharename_1 = ndr_get_array_length(ndr, &r->in.sharename); + if (length_sharename_1 > size_sharename_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_sharename_1, length_sharename_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.sharename), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.sharename, ndr_get_array_length(ndr, &r->in.sharename), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_sharename_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.sharename, length_sharename_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_sharename_0, 0); } NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.level)); @@ -4314,6 +4460,18 @@ static enum ndr_err_code ndr_push_dfs_AddFtRoot(struct ndr_push *ndr, int flags, static enum ndr_err_code ndr_pull_dfs_AddFtRoot(struct ndr_pull *ndr, int flags, struct dfs_AddFtRoot *r) { + uint32_t size_servername_0 = 0; + uint32_t length_servername_0 = 0; + uint32_t size_dns_servername_0 = 0; + uint32_t length_dns_servername_0 = 0; + uint32_t size_dfsname_0 = 0; + uint32_t length_dfsname_0 = 0; + uint32_t size_rootshare_0 = 0; + uint32_t length_rootshare_0 = 0; + uint32_t size_comment_0 = 0; + uint32_t length_comment_0 = 0; + uint32_t size_dfs_config_dn_0 = 0; + uint32_t length_dfs_config_dn_0 = 0; uint32_t _ptr_unknown2; TALLOC_CTX *_mem_save_unknown2_0; TALLOC_CTX *_mem_save_unknown2_1; @@ -4322,46 +4480,58 @@ static enum ndr_err_code ndr_pull_dfs_AddFtRoot(struct ndr_pull *ndr, int flags, NDR_CHECK(ndr_pull_array_size(ndr, &r->in.servername)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.servername)); - if (ndr_get_array_length(ndr, &r->in.servername) > ndr_get_array_size(ndr, &r->in.servername)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.servername), ndr_get_array_length(ndr, &r->in.servername)); + size_servername_0 = ndr_get_array_size(ndr, &r->in.servername); + length_servername_0 = ndr_get_array_length(ndr, &r->in.servername); + if (length_servername_0 > size_servername_0) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_servername_0, length_servername_0); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.servername), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.servername, ndr_get_array_length(ndr, &r->in.servername), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_servername_0, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.servername, length_servername_0, sizeof(uint16_t), CH_UTF16)); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.dns_servername)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.dns_servername)); - if (ndr_get_array_length(ndr, &r->in.dns_servername) > ndr_get_array_size(ndr, &r->in.dns_servername)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.dns_servername), ndr_get_array_length(ndr, &r->in.dns_servername)); + size_dns_servername_0 = ndr_get_array_size(ndr, &r->in.dns_servername); + length_dns_servername_0 = ndr_get_array_length(ndr, &r->in.dns_servername); + if (length_dns_servername_0 > size_dns_servername_0) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_dns_servername_0, length_dns_servername_0); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.dns_servername), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.dns_servername, ndr_get_array_length(ndr, &r->in.dns_servername), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_dns_servername_0, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.dns_servername, length_dns_servername_0, sizeof(uint16_t), CH_UTF16)); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.dfsname)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.dfsname)); - if (ndr_get_array_length(ndr, &r->in.dfsname) > ndr_get_array_size(ndr, &r->in.dfsname)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.dfsname), ndr_get_array_length(ndr, &r->in.dfsname)); + size_dfsname_0 = ndr_get_array_size(ndr, &r->in.dfsname); + length_dfsname_0 = ndr_get_array_length(ndr, &r->in.dfsname); + if (length_dfsname_0 > size_dfsname_0) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_dfsname_0, length_dfsname_0); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.dfsname), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.dfsname, ndr_get_array_length(ndr, &r->in.dfsname), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_dfsname_0, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.dfsname, length_dfsname_0, sizeof(uint16_t), CH_UTF16)); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.rootshare)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.rootshare)); - if (ndr_get_array_length(ndr, &r->in.rootshare) > ndr_get_array_size(ndr, &r->in.rootshare)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.rootshare), ndr_get_array_length(ndr, &r->in.rootshare)); + size_rootshare_0 = ndr_get_array_size(ndr, &r->in.rootshare); + length_rootshare_0 = ndr_get_array_length(ndr, &r->in.rootshare); + if (length_rootshare_0 > size_rootshare_0) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_rootshare_0, length_rootshare_0); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.rootshare), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.rootshare, ndr_get_array_length(ndr, &r->in.rootshare), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_rootshare_0, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.rootshare, length_rootshare_0, sizeof(uint16_t), CH_UTF16)); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.comment)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.comment)); - if (ndr_get_array_length(ndr, &r->in.comment) > ndr_get_array_size(ndr, &r->in.comment)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.comment), ndr_get_array_length(ndr, &r->in.comment)); + size_comment_0 = ndr_get_array_size(ndr, &r->in.comment); + length_comment_0 = ndr_get_array_length(ndr, &r->in.comment); + if (length_comment_0 > size_comment_0) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_comment_0, length_comment_0); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.comment), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.comment, ndr_get_array_length(ndr, &r->in.comment), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_comment_0, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.comment, length_comment_0, sizeof(uint16_t), CH_UTF16)); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.dfs_config_dn)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.dfs_config_dn)); - if (ndr_get_array_length(ndr, &r->in.dfs_config_dn) > ndr_get_array_size(ndr, &r->in.dfs_config_dn)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.dfs_config_dn), ndr_get_array_length(ndr, &r->in.dfs_config_dn)); + size_dfs_config_dn_0 = ndr_get_array_size(ndr, &r->in.dfs_config_dn); + length_dfs_config_dn_0 = ndr_get_array_length(ndr, &r->in.dfs_config_dn); + if (length_dfs_config_dn_0 > size_dfs_config_dn_0) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_dfs_config_dn_0, length_dfs_config_dn_0); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.dfs_config_dn), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.dfs_config_dn, ndr_get_array_length(ndr, &r->in.dfs_config_dn), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_dfs_config_dn_0, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.dfs_config_dn, length_dfs_config_dn_0, sizeof(uint16_t), CH_UTF16)); NDR_CHECK(ndr_pull_uint8(ndr, NDR_SCALARS, &r->in.unknown1)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.flags)); NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_unknown2)); @@ -4511,6 +4681,14 @@ static enum ndr_err_code ndr_push_dfs_RemoveFtRoot(struct ndr_push *ndr, int fla static enum ndr_err_code ndr_pull_dfs_RemoveFtRoot(struct ndr_pull *ndr, int flags, struct dfs_RemoveFtRoot *r) { + uint32_t size_servername_0 = 0; + uint32_t length_servername_0 = 0; + uint32_t size_dns_servername_0 = 0; + uint32_t length_dns_servername_0 = 0; + uint32_t size_dfsname_0 = 0; + uint32_t length_dfsname_0 = 0; + uint32_t size_rootshare_0 = 0; + uint32_t length_rootshare_0 = 0; uint32_t _ptr_unknown; TALLOC_CTX *_mem_save_unknown_0; TALLOC_CTX *_mem_save_unknown_1; @@ -4519,32 +4697,40 @@ static enum ndr_err_code ndr_pull_dfs_RemoveFtRoot(struct ndr_pull *ndr, int fla NDR_CHECK(ndr_pull_array_size(ndr, &r->in.servername)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.servername)); - if (ndr_get_array_length(ndr, &r->in.servername) > ndr_get_array_size(ndr, &r->in.servername)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.servername), ndr_get_array_length(ndr, &r->in.servername)); + size_servername_0 = ndr_get_array_size(ndr, &r->in.servername); + length_servername_0 = ndr_get_array_length(ndr, &r->in.servername); + if (length_servername_0 > size_servername_0) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_servername_0, length_servername_0); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.servername), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.servername, ndr_get_array_length(ndr, &r->in.servername), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_servername_0, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.servername, length_servername_0, sizeof(uint16_t), CH_UTF16)); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.dns_servername)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.dns_servername)); - if (ndr_get_array_length(ndr, &r->in.dns_servername) > ndr_get_array_size(ndr, &r->in.dns_servername)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.dns_servername), ndr_get_array_length(ndr, &r->in.dns_servername)); + size_dns_servername_0 = ndr_get_array_size(ndr, &r->in.dns_servername); + length_dns_servername_0 = ndr_get_array_length(ndr, &r->in.dns_servername); + if (length_dns_servername_0 > size_dns_servername_0) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_dns_servername_0, length_dns_servername_0); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.dns_servername), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.dns_servername, ndr_get_array_length(ndr, &r->in.dns_servername), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_dns_servername_0, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.dns_servername, length_dns_servername_0, sizeof(uint16_t), CH_UTF16)); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.dfsname)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.dfsname)); - if (ndr_get_array_length(ndr, &r->in.dfsname) > ndr_get_array_size(ndr, &r->in.dfsname)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.dfsname), ndr_get_array_length(ndr, &r->in.dfsname)); + size_dfsname_0 = ndr_get_array_size(ndr, &r->in.dfsname); + length_dfsname_0 = ndr_get_array_length(ndr, &r->in.dfsname); + if (length_dfsname_0 > size_dfsname_0) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_dfsname_0, length_dfsname_0); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.dfsname), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.dfsname, ndr_get_array_length(ndr, &r->in.dfsname), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_dfsname_0, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.dfsname, length_dfsname_0, sizeof(uint16_t), CH_UTF16)); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.rootshare)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.rootshare)); - if (ndr_get_array_length(ndr, &r->in.rootshare) > ndr_get_array_size(ndr, &r->in.rootshare)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.rootshare), ndr_get_array_length(ndr, &r->in.rootshare)); + size_rootshare_0 = ndr_get_array_size(ndr, &r->in.rootshare); + length_rootshare_0 = ndr_get_array_length(ndr, &r->in.rootshare); + if (length_rootshare_0 > size_rootshare_0) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_rootshare_0, length_rootshare_0); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.rootshare), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.rootshare, ndr_get_array_length(ndr, &r->in.rootshare), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_rootshare_0, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.rootshare, length_rootshare_0, sizeof(uint16_t), CH_UTF16)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.flags)); NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_unknown)); if (_ptr_unknown) { @@ -4672,28 +4858,40 @@ static enum ndr_err_code ndr_push_dfs_AddStdRoot(struct ndr_push *ndr, int flags static enum ndr_err_code ndr_pull_dfs_AddStdRoot(struct ndr_pull *ndr, int flags, struct dfs_AddStdRoot *r) { + uint32_t size_servername_0 = 0; + uint32_t length_servername_0 = 0; + uint32_t size_rootshare_0 = 0; + uint32_t length_rootshare_0 = 0; + uint32_t size_comment_0 = 0; + uint32_t length_comment_0 = 0; if (flags & NDR_IN) { NDR_CHECK(ndr_pull_array_size(ndr, &r->in.servername)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.servername)); - if (ndr_get_array_length(ndr, &r->in.servername) > ndr_get_array_size(ndr, &r->in.servername)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.servername), ndr_get_array_length(ndr, &r->in.servername)); + size_servername_0 = ndr_get_array_size(ndr, &r->in.servername); + length_servername_0 = ndr_get_array_length(ndr, &r->in.servername); + if (length_servername_0 > size_servername_0) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_servername_0, length_servername_0); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.servername), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.servername, ndr_get_array_length(ndr, &r->in.servername), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_servername_0, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.servername, length_servername_0, sizeof(uint16_t), CH_UTF16)); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.rootshare)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.rootshare)); - if (ndr_get_array_length(ndr, &r->in.rootshare) > ndr_get_array_size(ndr, &r->in.rootshare)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.rootshare), ndr_get_array_length(ndr, &r->in.rootshare)); + size_rootshare_0 = ndr_get_array_size(ndr, &r->in.rootshare); + length_rootshare_0 = ndr_get_array_length(ndr, &r->in.rootshare); + if (length_rootshare_0 > size_rootshare_0) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_rootshare_0, length_rootshare_0); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.rootshare), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.rootshare, ndr_get_array_length(ndr, &r->in.rootshare), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_rootshare_0, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.rootshare, length_rootshare_0, sizeof(uint16_t), CH_UTF16)); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.comment)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.comment)); - if (ndr_get_array_length(ndr, &r->in.comment) > ndr_get_array_size(ndr, &r->in.comment)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.comment), ndr_get_array_length(ndr, &r->in.comment)); + size_comment_0 = ndr_get_array_size(ndr, &r->in.comment); + length_comment_0 = ndr_get_array_length(ndr, &r->in.comment); + if (length_comment_0 > size_comment_0) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_comment_0, length_comment_0); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.comment), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.comment, ndr_get_array_length(ndr, &r->in.comment), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_comment_0, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.comment, length_comment_0, sizeof(uint16_t), CH_UTF16)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.flags)); } if (flags & NDR_OUT) { @@ -4748,21 +4946,29 @@ static enum ndr_err_code ndr_push_dfs_RemoveStdRoot(struct ndr_push *ndr, int fl static enum ndr_err_code ndr_pull_dfs_RemoveStdRoot(struct ndr_pull *ndr, int flags, struct dfs_RemoveStdRoot *r) { + uint32_t size_servername_0 = 0; + uint32_t length_servername_0 = 0; + uint32_t size_rootshare_0 = 0; + uint32_t length_rootshare_0 = 0; if (flags & NDR_IN) { NDR_CHECK(ndr_pull_array_size(ndr, &r->in.servername)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.servername)); - if (ndr_get_array_length(ndr, &r->in.servername) > ndr_get_array_size(ndr, &r->in.servername)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.servername), ndr_get_array_length(ndr, &r->in.servername)); + size_servername_0 = ndr_get_array_size(ndr, &r->in.servername); + length_servername_0 = ndr_get_array_length(ndr, &r->in.servername); + if (length_servername_0 > size_servername_0) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_servername_0, length_servername_0); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.servername), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.servername, ndr_get_array_length(ndr, &r->in.servername), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_servername_0, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.servername, length_servername_0, sizeof(uint16_t), CH_UTF16)); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.rootshare)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.rootshare)); - if (ndr_get_array_length(ndr, &r->in.rootshare) > ndr_get_array_size(ndr, &r->in.rootshare)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.rootshare), ndr_get_array_length(ndr, &r->in.rootshare)); + size_rootshare_0 = ndr_get_array_size(ndr, &r->in.rootshare); + length_rootshare_0 = ndr_get_array_length(ndr, &r->in.rootshare); + if (length_rootshare_0 > size_rootshare_0) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_rootshare_0, length_rootshare_0); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.rootshare), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.rootshare, ndr_get_array_length(ndr, &r->in.rootshare), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_rootshare_0, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.rootshare, length_rootshare_0, sizeof(uint16_t), CH_UTF16)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.flags)); } if (flags & NDR_OUT) { @@ -4815,14 +5021,18 @@ static enum ndr_err_code ndr_push_dfs_ManagerInitialize(struct ndr_push *ndr, in static enum ndr_err_code ndr_pull_dfs_ManagerInitialize(struct ndr_pull *ndr, int flags, struct dfs_ManagerInitialize *r) { + uint32_t size_servername_1 = 0; + uint32_t length_servername_1 = 0; if (flags & NDR_IN) { NDR_CHECK(ndr_pull_array_size(ndr, &r->in.servername)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.servername)); - if (ndr_get_array_length(ndr, &r->in.servername) > ndr_get_array_size(ndr, &r->in.servername)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.servername), ndr_get_array_length(ndr, &r->in.servername)); + size_servername_1 = ndr_get_array_size(ndr, &r->in.servername); + length_servername_1 = ndr_get_array_length(ndr, &r->in.servername); + if (length_servername_1 > size_servername_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_servername_1, length_servername_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.servername), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.servername, ndr_get_array_length(ndr, &r->in.servername), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_servername_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.servername, length_servername_1, sizeof(uint16_t), CH_UTF16)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.flags)); } if (flags & NDR_OUT) { @@ -4885,35 +5095,51 @@ static enum ndr_err_code ndr_push_dfs_AddStdRootForced(struct ndr_push *ndr, int static enum ndr_err_code ndr_pull_dfs_AddStdRootForced(struct ndr_pull *ndr, int flags, struct dfs_AddStdRootForced *r) { + uint32_t size_servername_0 = 0; + uint32_t length_servername_0 = 0; + uint32_t size_rootshare_0 = 0; + uint32_t length_rootshare_0 = 0; + uint32_t size_comment_0 = 0; + uint32_t length_comment_0 = 0; + uint32_t size_store_0 = 0; + uint32_t length_store_0 = 0; if (flags & NDR_IN) { NDR_CHECK(ndr_pull_array_size(ndr, &r->in.servername)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.servername)); - if (ndr_get_array_length(ndr, &r->in.servername) > ndr_get_array_size(ndr, &r->in.servername)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.servername), ndr_get_array_length(ndr, &r->in.servername)); + size_servername_0 = ndr_get_array_size(ndr, &r->in.servername); + length_servername_0 = ndr_get_array_length(ndr, &r->in.servername); + if (length_servername_0 > size_servername_0) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_servername_0, length_servername_0); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.servername), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.servername, ndr_get_array_length(ndr, &r->in.servername), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_servername_0, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.servername, length_servername_0, sizeof(uint16_t), CH_UTF16)); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.rootshare)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.rootshare)); - if (ndr_get_array_length(ndr, &r->in.rootshare) > ndr_get_array_size(ndr, &r->in.rootshare)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.rootshare), ndr_get_array_length(ndr, &r->in.rootshare)); + size_rootshare_0 = ndr_get_array_size(ndr, &r->in.rootshare); + length_rootshare_0 = ndr_get_array_length(ndr, &r->in.rootshare); + if (length_rootshare_0 > size_rootshare_0) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_rootshare_0, length_rootshare_0); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.rootshare), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.rootshare, ndr_get_array_length(ndr, &r->in.rootshare), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_rootshare_0, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.rootshare, length_rootshare_0, sizeof(uint16_t), CH_UTF16)); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.comment)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.comment)); - if (ndr_get_array_length(ndr, &r->in.comment) > ndr_get_array_size(ndr, &r->in.comment)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.comment), ndr_get_array_length(ndr, &r->in.comment)); + size_comment_0 = ndr_get_array_size(ndr, &r->in.comment); + length_comment_0 = ndr_get_array_length(ndr, &r->in.comment); + if (length_comment_0 > size_comment_0) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_comment_0, length_comment_0); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.comment), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.comment, ndr_get_array_length(ndr, &r->in.comment), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_comment_0, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.comment, length_comment_0, sizeof(uint16_t), CH_UTF16)); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.store)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.store)); - if (ndr_get_array_length(ndr, &r->in.store) > ndr_get_array_size(ndr, &r->in.store)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.store), ndr_get_array_length(ndr, &r->in.store)); + size_store_0 = ndr_get_array_size(ndr, &r->in.store); + length_store_0 = ndr_get_array_length(ndr, &r->in.store); + if (length_store_0 > size_store_0) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_store_0, length_store_0); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.store), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.store, ndr_get_array_length(ndr, &r->in.store), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_store_0, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.store, length_store_0, sizeof(uint16_t), CH_UTF16)); } if (flags & NDR_OUT) { NDR_CHECK(ndr_pull_WERROR(ndr, NDR_SCALARS, &r->out.result)); @@ -4998,7 +5224,11 @@ static enum ndr_err_code ndr_push_dfs_GetDcAddress(struct ndr_push *ndr, int fla static enum ndr_err_code ndr_pull_dfs_GetDcAddress(struct ndr_pull *ndr, int flags, struct dfs_GetDcAddress *r) { + uint32_t size_servername_0 = 0; + uint32_t length_servername_0 = 0; uint32_t _ptr_server_fullname; + uint32_t size_server_fullname_2 = 0; + uint32_t length_server_fullname_2 = 0; TALLOC_CTX *_mem_save_server_fullname_0; TALLOC_CTX *_mem_save_server_fullname_1; TALLOC_CTX *_mem_save_is_root_0; @@ -5008,11 +5238,13 @@ static enum ndr_err_code ndr_pull_dfs_GetDcAddress(struct ndr_pull *ndr, int fla NDR_CHECK(ndr_pull_array_size(ndr, &r->in.servername)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.servername)); - if (ndr_get_array_length(ndr, &r->in.servername) > ndr_get_array_size(ndr, &r->in.servername)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.servername), ndr_get_array_length(ndr, &r->in.servername)); + size_servername_0 = ndr_get_array_size(ndr, &r->in.servername); + length_servername_0 = ndr_get_array_length(ndr, &r->in.servername); + if (length_servername_0 > size_servername_0) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_servername_0, length_servername_0); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.servername), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.servername, ndr_get_array_length(ndr, &r->in.servername), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_servername_0, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.servername, length_servername_0, sizeof(uint16_t), CH_UTF16)); if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) { NDR_PULL_ALLOC(ndr, r->in.server_fullname); } @@ -5029,11 +5261,13 @@ static enum ndr_err_code ndr_pull_dfs_GetDcAddress(struct ndr_pull *ndr, int fla NDR_PULL_SET_MEM_CTX(ndr, *r->in.server_fullname, 0); NDR_CHECK(ndr_pull_array_size(ndr, r->in.server_fullname)); NDR_CHECK(ndr_pull_array_length(ndr, r->in.server_fullname)); - if (ndr_get_array_length(ndr, r->in.server_fullname) > ndr_get_array_size(ndr, r->in.server_fullname)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, r->in.server_fullname), ndr_get_array_length(ndr, r->in.server_fullname)); + size_server_fullname_2 = ndr_get_array_size(ndr, r->in.server_fullname); + length_server_fullname_2 = ndr_get_array_length(ndr, r->in.server_fullname); + if (length_server_fullname_2 > size_server_fullname_2) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_fullname_2, length_server_fullname_2); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, r->in.server_fullname), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, r->in.server_fullname, ndr_get_array_length(ndr, r->in.server_fullname), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_fullname_2, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, r->in.server_fullname, length_server_fullname_2, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_fullname_1, 0); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_fullname_0, LIBNDR_FLAG_REF_ALLOC); @@ -5075,11 +5309,13 @@ static enum ndr_err_code ndr_pull_dfs_GetDcAddress(struct ndr_pull *ndr, int fla NDR_PULL_SET_MEM_CTX(ndr, *r->out.server_fullname, 0); NDR_CHECK(ndr_pull_array_size(ndr, r->out.server_fullname)); NDR_CHECK(ndr_pull_array_length(ndr, r->out.server_fullname)); - if (ndr_get_array_length(ndr, r->out.server_fullname) > ndr_get_array_size(ndr, r->out.server_fullname)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, r->out.server_fullname), ndr_get_array_length(ndr, r->out.server_fullname)); + size_server_fullname_2 = ndr_get_array_size(ndr, r->out.server_fullname); + length_server_fullname_2 = ndr_get_array_length(ndr, r->out.server_fullname); + if (length_server_fullname_2 > size_server_fullname_2) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_fullname_2, length_server_fullname_2); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, r->out.server_fullname), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, r->out.server_fullname, ndr_get_array_length(ndr, r->out.server_fullname), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_fullname_2, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, r->out.server_fullname, length_server_fullname_2, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_fullname_1, 0); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_fullname_0, LIBNDR_FLAG_REF_ALLOC); @@ -5180,21 +5416,29 @@ static enum ndr_err_code ndr_push_dfs_SetDcAddress(struct ndr_push *ndr, int fla static enum ndr_err_code ndr_pull_dfs_SetDcAddress(struct ndr_pull *ndr, int flags, struct dfs_SetDcAddress *r) { + uint32_t size_servername_0 = 0; + uint32_t length_servername_0 = 0; + uint32_t size_server_fullname_0 = 0; + uint32_t length_server_fullname_0 = 0; if (flags & NDR_IN) { NDR_CHECK(ndr_pull_array_size(ndr, &r->in.servername)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.servername)); - if (ndr_get_array_length(ndr, &r->in.servername) > ndr_get_array_size(ndr, &r->in.servername)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.servername), ndr_get_array_length(ndr, &r->in.servername)); + size_servername_0 = ndr_get_array_size(ndr, &r->in.servername); + length_servername_0 = ndr_get_array_length(ndr, &r->in.servername); + if (length_servername_0 > size_servername_0) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_servername_0, length_servername_0); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.servername), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.servername, ndr_get_array_length(ndr, &r->in.servername), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_servername_0, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.servername, length_servername_0, sizeof(uint16_t), CH_UTF16)); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.server_fullname)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.server_fullname)); - if (ndr_get_array_length(ndr, &r->in.server_fullname) > ndr_get_array_size(ndr, &r->in.server_fullname)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.server_fullname), ndr_get_array_length(ndr, &r->in.server_fullname)); + size_server_fullname_0 = ndr_get_array_size(ndr, &r->in.server_fullname); + length_server_fullname_0 = ndr_get_array_length(ndr, &r->in.server_fullname); + if (length_server_fullname_0 > size_server_fullname_0) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_fullname_0, length_server_fullname_0); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.server_fullname), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_fullname, ndr_get_array_length(ndr, &r->in.server_fullname), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_fullname_0, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_fullname, length_server_fullname_0, sizeof(uint16_t), CH_UTF16)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.flags)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.ttl)); } @@ -5249,21 +5493,29 @@ static enum ndr_err_code ndr_push_dfs_FlushFtTable(struct ndr_push *ndr, int fla static enum ndr_err_code ndr_pull_dfs_FlushFtTable(struct ndr_pull *ndr, int flags, struct dfs_FlushFtTable *r) { + uint32_t size_servername_0 = 0; + uint32_t length_servername_0 = 0; + uint32_t size_rootshare_0 = 0; + uint32_t length_rootshare_0 = 0; if (flags & NDR_IN) { NDR_CHECK(ndr_pull_array_size(ndr, &r->in.servername)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.servername)); - if (ndr_get_array_length(ndr, &r->in.servername) > ndr_get_array_size(ndr, &r->in.servername)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.servername), ndr_get_array_length(ndr, &r->in.servername)); + size_servername_0 = ndr_get_array_size(ndr, &r->in.servername); + length_servername_0 = ndr_get_array_length(ndr, &r->in.servername); + if (length_servername_0 > size_servername_0) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_servername_0, length_servername_0); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.servername), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.servername, ndr_get_array_length(ndr, &r->in.servername), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_servername_0, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.servername, length_servername_0, sizeof(uint16_t), CH_UTF16)); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.rootshare)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.rootshare)); - if (ndr_get_array_length(ndr, &r->in.rootshare) > ndr_get_array_size(ndr, &r->in.rootshare)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.rootshare), ndr_get_array_length(ndr, &r->in.rootshare)); + size_rootshare_0 = ndr_get_array_size(ndr, &r->in.rootshare); + length_rootshare_0 = ndr_get_array_length(ndr, &r->in.rootshare); + if (length_rootshare_0 > size_rootshare_0) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_rootshare_0, length_rootshare_0); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.rootshare), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.rootshare, ndr_get_array_length(ndr, &r->in.rootshare), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_rootshare_0, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.rootshare, length_rootshare_0, sizeof(uint16_t), CH_UTF16)); } if (flags & NDR_OUT) { NDR_CHECK(ndr_pull_WERROR(ndr, NDR_SCALARS, &r->out.result)); @@ -5410,6 +5662,8 @@ _PUBLIC_ enum ndr_err_code ndr_push_dfs_EnumEx(struct ndr_push *ndr, int flags, _PUBLIC_ enum ndr_err_code ndr_pull_dfs_EnumEx(struct ndr_pull *ndr, int flags, struct dfs_EnumEx *r) { + uint32_t size_dfs_name_0 = 0; + uint32_t length_dfs_name_0 = 0; uint32_t _ptr_info; uint32_t _ptr_total; TALLOC_CTX *_mem_save_info_0; @@ -5419,11 +5673,13 @@ _PUBLIC_ enum ndr_err_code ndr_pull_dfs_EnumEx(struct ndr_pull *ndr, int flags, NDR_CHECK(ndr_pull_array_size(ndr, &r->in.dfs_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.dfs_name)); - if (ndr_get_array_length(ndr, &r->in.dfs_name) > ndr_get_array_size(ndr, &r->in.dfs_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.dfs_name), ndr_get_array_length(ndr, &r->in.dfs_name)); + size_dfs_name_0 = ndr_get_array_size(ndr, &r->in.dfs_name); + length_dfs_name_0 = ndr_get_array_length(ndr, &r->in.dfs_name); + if (length_dfs_name_0 > size_dfs_name_0) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_dfs_name_0, length_dfs_name_0); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.dfs_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.dfs_name, ndr_get_array_length(ndr, &r->in.dfs_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_dfs_name_0, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.dfs_name, length_dfs_name_0, sizeof(uint16_t), CH_UTF16)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.level)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.bufsize)); NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info)); diff --git a/source/librpc/gen_ndr/ndr_drsblobs.c b/source/librpc/gen_ndr/ndr_drsblobs.c index 41a448c..baca47f 100644 --- a/source/librpc/gen_ndr/ndr_drsblobs.c +++ b/source/librpc/gen_ndr/ndr_drsblobs.c @@ -68,16 +68,18 @@ static enum ndr_err_code ndr_push_replPropertyMetaDataCtr1(struct ndr_push *ndr, static enum ndr_err_code ndr_pull_replPropertyMetaDataCtr1(struct ndr_pull *ndr, int ndr_flags, struct replPropertyMetaDataCtr1 *r) { + uint32_t size_array_0 = 0; uint32_t cntr_array_0; TALLOC_CTX *_mem_save_array_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 8)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->count)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->reserved)); - NDR_PULL_ALLOC_N(ndr, r->array, r->count); + size_array_0 = r->count; + NDR_PULL_ALLOC_N(ndr, r->array, size_array_0); _mem_save_array_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); - for (cntr_array_0 = 0; cntr_array_0 < r->count; cntr_array_0++) { + for (cntr_array_0 = 0; cntr_array_0 < size_array_0; cntr_array_0++) { NDR_CHECK(ndr_pull_replPropertyMetaData1(ndr, NDR_SCALARS, &r->array[cntr_array_0])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_array_0, 0); @@ -231,16 +233,18 @@ static enum ndr_err_code ndr_push_replUpToDateVectorCtr1(struct ndr_push *ndr, i static enum ndr_err_code ndr_pull_replUpToDateVectorCtr1(struct ndr_pull *ndr, int ndr_flags, struct replUpToDateVectorCtr1 *r) { + uint32_t size_cursors_0 = 0; uint32_t cntr_cursors_0; TALLOC_CTX *_mem_save_cursors_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 8)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->count)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->reserved)); - NDR_PULL_ALLOC_N(ndr, r->cursors, r->count); + size_cursors_0 = r->count; + NDR_PULL_ALLOC_N(ndr, r->cursors, size_cursors_0); _mem_save_cursors_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->cursors, 0); - for (cntr_cursors_0 = 0; cntr_cursors_0 < r->count; cntr_cursors_0++) { + for (cntr_cursors_0 = 0; cntr_cursors_0 < size_cursors_0; cntr_cursors_0++) { NDR_CHECK(ndr_pull_drsuapi_DsReplicaCursor(ndr, NDR_SCALARS, &r->cursors[cntr_cursors_0])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_cursors_0, 0); @@ -288,16 +292,18 @@ static enum ndr_err_code ndr_push_replUpToDateVectorCtr2(struct ndr_push *ndr, i static enum ndr_err_code ndr_pull_replUpToDateVectorCtr2(struct ndr_pull *ndr, int ndr_flags, struct replUpToDateVectorCtr2 *r) { + uint32_t size_cursors_0 = 0; uint32_t cntr_cursors_0; TALLOC_CTX *_mem_save_cursors_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 8)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->count)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->reserved)); - NDR_PULL_ALLOC_N(ndr, r->cursors, r->count); + size_cursors_0 = r->count; + NDR_PULL_ALLOC_N(ndr, r->cursors, size_cursors_0); _mem_save_cursors_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->cursors, 0); - for (cntr_cursors_0 = 0; cntr_cursors_0 < r->count; cntr_cursors_0++) { + for (cntr_cursors_0 = 0; cntr_cursors_0 < size_cursors_0; cntr_cursors_0++) { NDR_CHECK(ndr_pull_drsuapi_DsReplicaCursor2(ndr, NDR_SCALARS, &r->cursors[cntr_cursors_0])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_cursors_0, 0); @@ -465,10 +471,12 @@ _PUBLIC_ enum ndr_err_code ndr_push_repsFromTo1OtherInfo(struct ndr_push *ndr, i _PUBLIC_ enum ndr_err_code ndr_pull_repsFromTo1OtherInfo(struct ndr_pull *ndr, int ndr_flags, struct repsFromTo1OtherInfo *r) { + uint32_t size_dns_name_0 = 0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->__dns_name_size)); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->dns_name, r->__dns_name_size, sizeof(uint8_t), CH_DOS)); + size_dns_name_0 = r->__dns_name_size; + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->dns_name, size_dns_name_0, sizeof(uint8_t), CH_DOS)); } if (ndr_flags & NDR_BUFFERS) { } @@ -526,6 +534,7 @@ _PUBLIC_ enum ndr_err_code ndr_pull_repsFromTo1(struct ndr_pull *ndr, int ndr_fl { uint32_t _ptr_other_info; TALLOC_CTX *_mem_save_other_info_0; + uint32_t size_schedule_0 = 0; { uint32_t _flags_save_STRUCT = ndr->flags; ndr_set_flags(&ndr->flags, LIBNDR_PRINT_ARRAY_HEX); @@ -545,7 +554,8 @@ _PUBLIC_ enum ndr_err_code ndr_pull_repsFromTo1(struct ndr_pull *ndr, int ndr_fl } NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->other_info_length)); NDR_CHECK(ndr_pull_drsuapi_DsReplicaNeighbourFlags(ndr, NDR_SCALARS, &r->replica_flags)); - NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->schedule, 84)); + size_schedule_0 = 84; + NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->schedule, size_schedule_0)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->reserved)); NDR_CHECK(ndr_pull_drsuapi_DsReplicaHighWaterMark(ndr, NDR_SCALARS, &r->highwatermark)); NDR_CHECK(ndr_pull_GUID(ndr, NDR_SCALARS, &r->source_dsa_obj_guid)); @@ -733,15 +743,17 @@ static enum ndr_err_code ndr_push_partialAttributeSetCtr1(struct ndr_push *ndr, static enum ndr_err_code ndr_pull_partialAttributeSetCtr1(struct ndr_pull *ndr, int ndr_flags, struct partialAttributeSetCtr1 *r) { + uint32_t size_array_0 = 0; uint32_t cntr_array_0; TALLOC_CTX *_mem_save_array_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->count)); - NDR_PULL_ALLOC_N(ndr, r->array, r->count); + size_array_0 = r->count; + NDR_PULL_ALLOC_N(ndr, r->array, size_array_0); _mem_save_array_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); - for (cntr_array_0 = 0; cntr_array_0 < r->count; cntr_array_0++) { + for (cntr_array_0 = 0; cntr_array_0 < size_array_0; cntr_array_0++) { NDR_CHECK(ndr_pull_drsuapi_DsAttributeId(ndr, NDR_SCALARS, &r->array[cntr_array_0])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_array_0, 0); @@ -1167,10 +1179,12 @@ _PUBLIC_ enum ndr_err_code ndr_push_ldapControlDirSyncCookie(struct ndr_push *nd _PUBLIC_ enum ndr_err_code ndr_pull_ldapControlDirSyncCookie(struct ndr_pull *ndr, int ndr_flags, struct ldapControlDirSyncCookie *r) { uint32_t _save_relative_base_offset = ndr_pull_get_relative_base_offset(ndr); + uint32_t size_msds_0 = 0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 8)); NDR_CHECK(ndr_pull_setup_relative_base_offset1(ndr, r, ndr->offset)); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->msds, 4, sizeof(uint8_t), CH_DOS)); + size_msds_0 = 4; + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->msds, size_msds_0, sizeof(uint8_t), CH_DOS)); { struct ndr_pull *_ndr_blob; NDR_CHECK(ndr_pull_subcontext_start(ndr, &_ndr_blob, 0, -1)); @@ -1211,13 +1225,17 @@ static enum ndr_err_code ndr_push_supplementalCredentialsPackage(struct ndr_push static enum ndr_err_code ndr_pull_supplementalCredentialsPackage(struct ndr_pull *ndr, int ndr_flags, struct supplementalCredentialsPackage *r) { + uint32_t size_name_0 = 0; + uint32_t size_data_0 = 0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 2)); NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, &r->name_len)); NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, &r->data_len)); NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, &r->reserved)); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->name, r->name_len, sizeof(uint8_t), CH_UTF16)); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->data, r->data_len, sizeof(uint8_t), CH_DOS)); + size_name_0 = r->name_len; + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->name, size_name_0, sizeof(uint8_t), CH_UTF16)); + size_data_0 = r->data_len; + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->data, size_data_0, sizeof(uint8_t), CH_DOS)); } if (ndr_flags & NDR_BUFFERS) { } @@ -1294,17 +1312,21 @@ static enum ndr_err_code ndr_push_supplementalCredentialsSubBlob(struct ndr_push static enum ndr_err_code ndr_pull_supplementalCredentialsSubBlob(struct ndr_pull *ndr, int ndr_flags, struct supplementalCredentialsSubBlob *r) { + uint32_t size_prefix_0 = 0; + uint32_t size_packages_0 = 0; uint32_t cntr_packages_0; TALLOC_CTX *_mem_save_packages_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 2)); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->prefix, 0x30, sizeof(uint16_t), CH_UTF16)); + size_prefix_0 = 0x30; + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->prefix, size_prefix_0, sizeof(uint16_t), CH_UTF16)); NDR_CHECK(ndr_pull_supplementalCredentialsSignature(ndr, NDR_SCALARS, &r->signature)); NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, &r->num_packages)); - NDR_PULL_ALLOC_N(ndr, r->packages, r->num_packages); + size_packages_0 = r->num_packages; + NDR_PULL_ALLOC_N(ndr, r->packages, size_packages_0); _mem_save_packages_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->packages, 0); - for (cntr_packages_0 = 0; cntr_packages_0 < r->num_packages; cntr_packages_0++) { + for (cntr_packages_0 = 0; cntr_packages_0 < size_packages_0; cntr_packages_0++) { NDR_CHECK(ndr_pull_supplementalCredentialsPackage(ndr, NDR_SCALARS, &r->packages[cntr_packages_0])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_packages_0, 0); @@ -1662,8 +1684,10 @@ static enum ndr_err_code ndr_push_package_PrimaryKerberosCtr3(struct ndr_push *n static enum ndr_err_code ndr_pull_package_PrimaryKerberosCtr3(struct ndr_pull *ndr, int ndr_flags, struct package_PrimaryKerberosCtr3 *r) { + uint32_t size_keys_0 = 0; uint32_t cntr_keys_0; TALLOC_CTX *_mem_save_keys_0; + uint32_t size_old_keys_0 = 0; uint32_t cntr_old_keys_0; TALLOC_CTX *_mem_save_old_keys_0; if (ndr_flags & NDR_SCALARS) { @@ -1671,17 +1695,19 @@ static enum ndr_err_code ndr_pull_package_PrimaryKerberosCtr3(struct ndr_pull *n NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, &r->num_keys)); NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, &r->num_old_keys)); NDR_CHECK(ndr_pull_package_PrimaryKerberosString(ndr, NDR_SCALARS, &r->salt)); - NDR_PULL_ALLOC_N(ndr, r->keys, r->num_keys); + size_keys_0 = r->num_keys; + NDR_PULL_ALLOC_N(ndr, r->keys, size_keys_0); _mem_save_keys_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->keys, 0); - for (cntr_keys_0 = 0; cntr_keys_0 < r->num_keys; cntr_keys_0++) { + for (cntr_keys_0 = 0; cntr_keys_0 < size_keys_0; cntr_keys_0++) { NDR_CHECK(ndr_pull_package_PrimaryKerberosKey3(ndr, NDR_SCALARS, &r->keys[cntr_keys_0])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_keys_0, 0); - NDR_PULL_ALLOC_N(ndr, r->old_keys, r->num_old_keys); + size_old_keys_0 = r->num_old_keys; + NDR_PULL_ALLOC_N(ndr, r->old_keys, size_old_keys_0); _mem_save_old_keys_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->old_keys, 0); - for (cntr_old_keys_0 = 0; cntr_old_keys_0 < r->num_old_keys; cntr_old_keys_0++) { + for (cntr_old_keys_0 = 0; cntr_old_keys_0 < size_old_keys_0; cntr_old_keys_0++) { NDR_CHECK(ndr_pull_package_PrimaryKerberosKey3(ndr, NDR_SCALARS, &r->old_keys[cntr_old_keys_0])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_old_keys_0, 0); @@ -1693,15 +1719,17 @@ static enum ndr_err_code ndr_pull_package_PrimaryKerberosCtr3(struct ndr_pull *n } if (ndr_flags & NDR_BUFFERS) { NDR_CHECK(ndr_pull_package_PrimaryKerberosString(ndr, NDR_BUFFERS, &r->salt)); + size_keys_0 = r->num_keys; _mem_save_keys_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->keys, 0); - for (cntr_keys_0 = 0; cntr_keys_0 < r->num_keys; cntr_keys_0++) { + for (cntr_keys_0 = 0; cntr_keys_0 < size_keys_0; cntr_keys_0++) { NDR_CHECK(ndr_pull_package_PrimaryKerberosKey3(ndr, NDR_BUFFERS, &r->keys[cntr_keys_0])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_keys_0, 0); + size_old_keys_0 = r->num_old_keys; _mem_save_old_keys_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->old_keys, 0); - for (cntr_old_keys_0 = 0; cntr_old_keys_0 < r->num_old_keys; cntr_old_keys_0++) { + for (cntr_old_keys_0 = 0; cntr_old_keys_0 < size_old_keys_0; cntr_old_keys_0++) { NDR_CHECK(ndr_pull_package_PrimaryKerberosKey3(ndr, NDR_BUFFERS, &r->old_keys[cntr_old_keys_0])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_old_keys_0, 0); @@ -1854,7 +1882,6 @@ _PUBLIC_ void ndr_print_package_PrimaryKerberosKey4(struct ndr_print *ndr, const static enum ndr_err_code ndr_push_package_PrimaryKerberosCtr4(struct ndr_push *ndr, int ndr_flags, const struct package_PrimaryKerberosCtr4 *r) { uint32_t cntr_keys_0; - uint32_t cntr_service_keys_0; uint32_t cntr_old_keys_0; uint32_t cntr_older_keys_0; if (ndr_flags & NDR_SCALARS) { @@ -1868,9 +1895,6 @@ static enum ndr_err_code ndr_push_package_PrimaryKerberosCtr4(struct ndr_push *n for (cntr_keys_0 = 0; cntr_keys_0 < r->num_keys; cntr_keys_0++) { NDR_CHECK(ndr_push_package_PrimaryKerberosKey4(ndr, NDR_SCALARS, &r->keys[cntr_keys_0])); } - for (cntr_service_keys_0 = 0; cntr_service_keys_0 < 0; cntr_service_keys_0++) { - NDR_CHECK(ndr_push_package_PrimaryKerberosKey4(ndr, NDR_SCALARS, &r->service_keys[cntr_service_keys_0])); - } for (cntr_old_keys_0 = 0; cntr_old_keys_0 < r->num_old_keys; cntr_old_keys_0++) { NDR_CHECK(ndr_push_package_PrimaryKerberosKey4(ndr, NDR_SCALARS, &r->old_keys[cntr_old_keys_0])); } @@ -1883,9 +1907,6 @@ static enum ndr_err_code ndr_push_package_PrimaryKerberosCtr4(struct ndr_push *n for (cntr_keys_0 = 0; cntr_keys_0 < r->num_keys; cntr_keys_0++) { NDR_CHECK(ndr_push_package_PrimaryKerberosKey4(ndr, NDR_BUFFERS, &r->keys[cntr_keys_0])); } - for (cntr_service_keys_0 = 0; cntr_service_keys_0 < 0; cntr_service_keys_0++) { - NDR_CHECK(ndr_push_package_PrimaryKerberosKey4(ndr, NDR_BUFFERS, &r->service_keys[cntr_service_keys_0])); - } for (cntr_old_keys_0 = 0; cntr_old_keys_0 < r->num_old_keys; cntr_old_keys_0++) { NDR_CHECK(ndr_push_package_PrimaryKerberosKey4(ndr, NDR_BUFFERS, &r->old_keys[cntr_old_keys_0])); } @@ -1898,12 +1919,16 @@ static enum ndr_err_code ndr_push_package_PrimaryKerberosCtr4(struct ndr_push *n static enum ndr_err_code ndr_pull_package_PrimaryKerberosCtr4(struct ndr_pull *ndr, int ndr_flags, struct package_PrimaryKerberosCtr4 *r) { + uint32_t size_keys_0 = 0; uint32_t cntr_keys_0; TALLOC_CTX *_mem_save_keys_0; + uint32_t size_service_keys_0 = 0; uint32_t cntr_service_keys_0; TALLOC_CTX *_mem_save_service_keys_0; + uint32_t size_old_keys_0 = 0; uint32_t cntr_old_keys_0; TALLOC_CTX *_mem_save_old_keys_0; + uint32_t size_older_keys_0 = 0; uint32_t cntr_older_keys_0; TALLOC_CTX *_mem_save_older_keys_0; if (ndr_flags & NDR_SCALARS) { @@ -1914,58 +1939,66 @@ static enum ndr_err_code ndr_pull_package_PrimaryKerberosCtr4(struct ndr_pull *n NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, &r->num_older_keys)); NDR_CHECK(ndr_pull_package_PrimaryKerberosString(ndr, NDR_SCALARS, &r->salt)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->default_iteration_count)); - NDR_PULL_ALLOC_N(ndr, r->keys, r->num_keys); + size_keys_0 = r->num_keys; + NDR_PULL_ALLOC_N(ndr, r->keys, size_keys_0); _mem_save_keys_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->keys, 0); - for (cntr_keys_0 = 0; cntr_keys_0 < r->num_keys; cntr_keys_0++) { + for (cntr_keys_0 = 0; cntr_keys_0 < size_keys_0; cntr_keys_0++) { NDR_CHECK(ndr_pull_package_PrimaryKerberosKey4(ndr, NDR_SCALARS, &r->keys[cntr_keys_0])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_keys_0, 0); - NDR_PULL_ALLOC_N(ndr, r->service_keys, r->num_service_keys); + size_service_keys_0 = r->num_service_keys; + NDR_PULL_ALLOC_N(ndr, r->service_keys, size_service_keys_0); _mem_save_service_keys_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->service_keys, 0); - for (cntr_service_keys_0 = 0; cntr_service_keys_0 < r->num_service_keys; cntr_service_keys_0++) { + for (cntr_service_keys_0 = 0; cntr_service_keys_0 < size_service_keys_0; cntr_service_keys_0++) { NDR_CHECK(ndr_pull_package_PrimaryKerberosKey4(ndr, NDR_SCALARS, &r->service_keys[cntr_service_keys_0])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_service_keys_0, 0); - NDR_PULL_ALLOC_N(ndr, r->old_keys, r->num_old_keys); + size_old_keys_0 = r->num_old_keys; + NDR_PULL_ALLOC_N(ndr, r->old_keys, size_old_keys_0); _mem_save_old_keys_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->old_keys, 0); - for (cntr_old_keys_0 = 0; cntr_old_keys_0 < r->num_old_keys; cntr_old_keys_0++) { + for (cntr_old_keys_0 = 0; cntr_old_keys_0 < size_old_keys_0; cntr_old_keys_0++) { NDR_CHECK(ndr_pull_package_PrimaryKerberosKey4(ndr, NDR_SCALARS, &r->old_keys[cntr_old_keys_0])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_old_keys_0, 0); - NDR_PULL_ALLOC_N(ndr, r->older_keys, r->num_older_keys); + size_older_keys_0 = r->num_older_keys; + NDR_PULL_ALLOC_N(ndr, r->older_keys, size_older_keys_0); _mem_save_older_keys_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->older_keys, 0); - for (cntr_older_keys_0 = 0; cntr_older_keys_0 < r->num_older_keys; cntr_older_keys_0++) { + for (cntr_older_keys_0 = 0; cntr_older_keys_0 < size_older_keys_0; cntr_older_keys_0++) { NDR_CHECK(ndr_pull_package_PrimaryKerberosKey4(ndr, NDR_SCALARS, &r->older_keys[cntr_older_keys_0])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_older_keys_0, 0); } if (ndr_flags & NDR_BUFFERS) { NDR_CHECK(ndr_pull_package_PrimaryKerberosString(ndr, NDR_BUFFERS, &r->salt)); + size_keys_0 = r->num_keys; _mem_save_keys_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->keys, 0); - for (cntr_keys_0 = 0; cntr_keys_0 < r->num_keys; cntr_keys_0++) { + for (cntr_keys_0 = 0; cntr_keys_0 < size_keys_0; cntr_keys_0++) { NDR_CHECK(ndr_pull_package_PrimaryKerberosKey4(ndr, NDR_BUFFERS, &r->keys[cntr_keys_0])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_keys_0, 0); + size_service_keys_0 = r->num_service_keys; _mem_save_service_keys_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->service_keys, 0); - for (cntr_service_keys_0 = 0; cntr_service_keys_0 < r->num_service_keys; cntr_service_keys_0++) { + for (cntr_service_keys_0 = 0; cntr_service_keys_0 < size_service_keys_0; cntr_service_keys_0++) { NDR_CHECK(ndr_pull_package_PrimaryKerberosKey4(ndr, NDR_BUFFERS, &r->service_keys[cntr_service_keys_0])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_service_keys_0, 0); + size_old_keys_0 = r->num_old_keys; _mem_save_old_keys_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->old_keys, 0); - for (cntr_old_keys_0 = 0; cntr_old_keys_0 < r->num_old_keys; cntr_old_keys_0++) { + for (cntr_old_keys_0 = 0; cntr_old_keys_0 < size_old_keys_0; cntr_old_keys_0++) { NDR_CHECK(ndr_pull_package_PrimaryKerberosKey4(ndr, NDR_BUFFERS, &r->old_keys[cntr_old_keys_0])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_old_keys_0, 0); + size_older_keys_0 = r->num_older_keys; _mem_save_older_keys_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->older_keys, 0); - for (cntr_older_keys_0 = 0; cntr_older_keys_0 < r->num_older_keys; cntr_older_keys_0++) { + for (cntr_older_keys_0 = 0; cntr_older_keys_0 < size_older_keys_0; cntr_older_keys_0++) { NDR_CHECK(ndr_pull_package_PrimaryKerberosKey4(ndr, NDR_BUFFERS, &r->older_keys[cntr_older_keys_0])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_older_keys_0, 0); @@ -2218,12 +2251,14 @@ static enum ndr_err_code ndr_push_package_PrimaryWDigestHash(struct ndr_push *nd static enum ndr_err_code ndr_pull_package_PrimaryWDigestHash(struct ndr_pull *ndr, int ndr_flags, struct package_PrimaryWDigestHash *r) { + uint32_t size_hash_0 = 0; { uint32_t _flags_save_STRUCT = ndr->flags; ndr_set_flags(&ndr->flags, LIBNDR_PRINT_ARRAY_HEX); if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 1)); - NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->hash, 16)); + size_hash_0 = 16; + NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->hash, size_hash_0)); } if (ndr_flags & NDR_BUFFERS) { } @@ -2266,6 +2301,7 @@ _PUBLIC_ enum ndr_err_code ndr_push_package_PrimaryWDigestBlob(struct ndr_push * _PUBLIC_ enum ndr_err_code ndr_pull_package_PrimaryWDigestBlob(struct ndr_pull *ndr, int ndr_flags, struct package_PrimaryWDigestBlob *r) { + uint32_t size_hashes_0 = 0; uint32_t cntr_hashes_0; TALLOC_CTX *_mem_save_hashes_0; if (ndr_flags & NDR_SCALARS) { @@ -2275,10 +2311,11 @@ _PUBLIC_ enum ndr_err_code ndr_pull_package_PrimaryWDigestBlob(struct ndr_pull * NDR_CHECK(ndr_pull_uint8(ndr, NDR_SCALARS, &r->num_hashes)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->unknown3)); NDR_CHECK(ndr_pull_udlong(ndr, NDR_SCALARS, &r->uuknown4)); - NDR_PULL_ALLOC_N(ndr, r->hashes, r->num_hashes); + size_hashes_0 = r->num_hashes; + NDR_PULL_ALLOC_N(ndr, r->hashes, size_hashes_0); _mem_save_hashes_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->hashes, 0); - for (cntr_hashes_0 = 0; cntr_hashes_0 < r->num_hashes; cntr_hashes_0++) { + for (cntr_hashes_0 = 0; cntr_hashes_0 < size_hashes_0; cntr_hashes_0++) { NDR_CHECK(ndr_pull_package_PrimaryWDigestHash(ndr, NDR_SCALARS, &r->hashes[cntr_hashes_0])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_hashes_0, 0); @@ -2829,10 +2866,12 @@ _PUBLIC_ enum ndr_err_code ndr_push_DsCompressedBlob(struct ndr_push *ndr, int n _PUBLIC_ enum ndr_err_code ndr_pull_DsCompressedBlob(struct ndr_pull *ndr, int ndr_flags, struct DsCompressedBlob *r) { + uint32_t size_chunks_0 = 0; uint32_t cntr_chunks_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); - for (cntr_chunks_0 = 0; cntr_chunks_0 < 5; cntr_chunks_0++) { + size_chunks_0 = 5; + for (cntr_chunks_0 = 0; cntr_chunks_0 < size_chunks_0; cntr_chunks_0++) { NDR_CHECK(ndr_pull_DsCompressedChunk(ndr, NDR_SCALARS, &r->chunks[cntr_chunks_0])); } } diff --git a/source/librpc/gen_ndr/ndr_drsuapi.c b/source/librpc/gen_ndr/ndr_drsuapi.c index 38b88f6..79ba04d 100644 --- a/source/librpc/gen_ndr/ndr_drsuapi.c +++ b/source/librpc/gen_ndr/ndr_drsuapi.c @@ -455,6 +455,7 @@ _PUBLIC_ enum ndr_err_code ndr_push_drsuapi_DsReplicaObjectIdentifier(struct ndr _PUBLIC_ enum ndr_err_code ndr_pull_drsuapi_DsReplicaObjectIdentifier(struct ndr_pull *ndr, int ndr_flags, struct drsuapi_DsReplicaObjectIdentifier *r) { + uint32_t size_dn_0 = 0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_array_size(ndr, &r->dn)); NDR_CHECK(ndr_pull_align(ndr, 4)); @@ -463,7 +464,8 @@ _PUBLIC_ enum ndr_err_code ndr_pull_drsuapi_DsReplicaObjectIdentifier(struct ndr NDR_CHECK(ndr_pull_GUID(ndr, NDR_SCALARS, &r->guid)); NDR_CHECK(ndr_pull_dom_sid28(ndr, NDR_SCALARS, &r->sid)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->__ndr_size_dn)); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->dn, ndr_get_array_size(ndr, &r->dn), sizeof(uint16_t), CH_UTF16)); + size_dn_0 = ndr_get_array_size(ndr, &r->dn); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->dn, size_dn_0, sizeof(uint16_t), CH_UTF16)); if (r->dn) { NDR_CHECK(ndr_check_array_size(ndr, (void*)&r->dn, r->__ndr_size_dn + 1)); } @@ -803,6 +805,7 @@ static enum ndr_err_code ndr_push_drsuapi_DsReplicaCursorCtrEx(struct ndr_push * static enum ndr_err_code ndr_pull_drsuapi_DsReplicaCursorCtrEx(struct ndr_pull *ndr, int ndr_flags, struct drsuapi_DsReplicaCursorCtrEx *r) { + uint32_t size_cursors_0 = 0; uint32_t cntr_cursors_0; TALLOC_CTX *_mem_save_cursors_0; if (ndr_flags & NDR_SCALARS) { @@ -815,10 +818,11 @@ static enum ndr_err_code ndr_pull_drsuapi_DsReplicaCursorCtrEx(struct ndr_pull * return ndr_pull_error(ndr, NDR_ERR_RANGE, "value out of range"); } NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->reserved2)); - NDR_PULL_ALLOC_N(ndr, r->cursors, ndr_get_array_size(ndr, &r->cursors)); + size_cursors_0 = ndr_get_array_size(ndr, &r->cursors); + NDR_PULL_ALLOC_N(ndr, r->cursors, size_cursors_0); _mem_save_cursors_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->cursors, 0); - for (cntr_cursors_0 = 0; cntr_cursors_0 < r->count; cntr_cursors_0++) { + for (cntr_cursors_0 = 0; cntr_cursors_0 < size_cursors_0; cntr_cursors_0++) { NDR_CHECK(ndr_pull_drsuapi_DsReplicaCursor(ndr, NDR_SCALARS, &r->cursors[cntr_cursors_0])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_cursors_0, 0); @@ -1160,6 +1164,7 @@ _PUBLIC_ enum ndr_err_code ndr_push_drsuapi_DsReplicaOIDMapping_Ctr(struct ndr_p _PUBLIC_ enum ndr_err_code ndr_pull_drsuapi_DsReplicaOIDMapping_Ctr(struct ndr_pull *ndr, int ndr_flags, struct drsuapi_DsReplicaOIDMapping_Ctr *r) { uint32_t _ptr_mappings; + uint32_t size_mappings_1 = 0; uint32_t cntr_mappings_1; TALLOC_CTX *_mem_save_mappings_0; TALLOC_CTX *_mem_save_mappings_1; @@ -1181,13 +1186,14 @@ _PUBLIC_ enum ndr_err_code ndr_pull_drsuapi_DsReplicaOIDMapping_Ctr(struct ndr_p _mem_save_mappings_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->mappings, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->mappings)); - NDR_PULL_ALLOC_N(ndr, r->mappings, ndr_get_array_size(ndr, &r->mappings)); + size_mappings_1 = ndr_get_array_size(ndr, &r->mappings); + NDR_PULL_ALLOC_N(ndr, r->mappings, size_mappings_1); _mem_save_mappings_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->mappings, 0); - for (cntr_mappings_1 = 0; cntr_mappings_1 < r->num_mappings; cntr_mappings_1++) { + for (cntr_mappings_1 = 0; cntr_mappings_1 < size_mappings_1; cntr_mappings_1++) { NDR_CHECK(ndr_pull_drsuapi_DsReplicaOIDMapping(ndr, NDR_SCALARS, &r->mappings[cntr_mappings_1])); } - for (cntr_mappings_1 = 0; cntr_mappings_1 < r->num_mappings; cntr_mappings_1++) { + for (cntr_mappings_1 = 0; cntr_mappings_1 < size_mappings_1; cntr_mappings_1++) { NDR_CHECK(ndr_pull_drsuapi_DsReplicaOIDMapping(ndr, NDR_BUFFERS, &r->mappings[cntr_mappings_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_mappings_1, 0); @@ -1343,6 +1349,7 @@ static enum ndr_err_code ndr_push_drsuapi_DsPartialAttributeSet(struct ndr_push static enum ndr_err_code ndr_pull_drsuapi_DsPartialAttributeSet(struct ndr_pull *ndr, int ndr_flags, struct drsuapi_DsPartialAttributeSet *r) { + uint32_t size_attids_0 = 0; uint32_t cntr_attids_0; TALLOC_CTX *_mem_save_attids_0; if (ndr_flags & NDR_SCALARS) { @@ -1354,10 +1361,11 @@ static enum ndr_err_code ndr_pull_drsuapi_DsPartialAttributeSet(struct ndr_pull if (r->num_attids < 1 || r->num_attids > 0x100000) { return ndr_pull_error(ndr, NDR_ERR_RANGE, "value out of range"); } - NDR_PULL_ALLOC_N(ndr, r->attids, ndr_get_array_size(ndr, &r->attids)); + size_attids_0 = ndr_get_array_size(ndr, &r->attids); + NDR_PULL_ALLOC_N(ndr, r->attids, size_attids_0); _mem_save_attids_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->attids, 0); - for (cntr_attids_0 = 0; cntr_attids_0 < r->num_attids; cntr_attids_0++) { + for (cntr_attids_0 = 0; cntr_attids_0 < size_attids_0; cntr_attids_0++) { NDR_CHECK(ndr_pull_drsuapi_DsAttributeId(ndr, NDR_SCALARS, &r->attids[cntr_attids_0])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_attids_0, 0); @@ -1692,6 +1700,7 @@ static enum ndr_err_code ndr_push_drsuapi_DsReplicaCursor2CtrEx(struct ndr_push static enum ndr_err_code ndr_pull_drsuapi_DsReplicaCursor2CtrEx(struct ndr_pull *ndr, int ndr_flags, struct drsuapi_DsReplicaCursor2CtrEx *r) { + uint32_t size_cursors_0 = 0; uint32_t cntr_cursors_0; TALLOC_CTX *_mem_save_cursors_0; if (ndr_flags & NDR_SCALARS) { @@ -1704,10 +1713,11 @@ static enum ndr_err_code ndr_pull_drsuapi_DsReplicaCursor2CtrEx(struct ndr_pull return ndr_pull_error(ndr, NDR_ERR_RANGE, "value out of range"); } NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->reserved2)); - NDR_PULL_ALLOC_N(ndr, r->cursors, ndr_get_array_size(ndr, &r->cursors)); + size_cursors_0 = ndr_get_array_size(ndr, &r->cursors); + NDR_PULL_ALLOC_N(ndr, r->cursors, size_cursors_0); _mem_save_cursors_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->cursors, 0); - for (cntr_cursors_0 = 0; cntr_cursors_0 < r->count; cntr_cursors_0++) { + for (cntr_cursors_0 = 0; cntr_cursors_0 < size_cursors_0; cntr_cursors_0++) { NDR_CHECK(ndr_pull_drsuapi_DsReplicaCursor2(ndr, NDR_SCALARS, &r->cursors[cntr_cursors_0])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_cursors_0, 0); @@ -1824,6 +1834,7 @@ static enum ndr_err_code ndr_push_drsuapi_DsAttributeValueCtr(struct ndr_push *n static enum ndr_err_code ndr_pull_drsuapi_DsAttributeValueCtr(struct ndr_pull *ndr, int ndr_flags, struct drsuapi_DsAttributeValueCtr *r) { uint32_t _ptr_values; + uint32_t size_values_1 = 0; uint32_t cntr_values_1; TALLOC_CTX *_mem_save_values_0; TALLOC_CTX *_mem_save_values_1; @@ -1845,13 +1856,14 @@ static enum ndr_err_code ndr_pull_drsuapi_DsAttributeValueCtr(struct ndr_pull *n _mem_save_values_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->values, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->values)); - NDR_PULL_ALLOC_N(ndr, r->values, ndr_get_array_size(ndr, &r->values)); + size_values_1 = ndr_get_array_size(ndr, &r->values); + NDR_PULL_ALLOC_N(ndr, r->values, size_values_1); _mem_save_values_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->values, 0); - for (cntr_values_1 = 0; cntr_values_1 < r->num_values; cntr_values_1++) { + for (cntr_values_1 = 0; cntr_values_1 < size_values_1; cntr_values_1++) { NDR_CHECK(ndr_pull_drsuapi_DsAttributeValue(ndr, NDR_SCALARS, &r->values[cntr_values_1])); } - for (cntr_values_1 = 0; cntr_values_1 < r->num_values; cntr_values_1++) { + for (cntr_values_1 = 0; cntr_values_1 < size_values_1; cntr_values_1++) { NDR_CHECK(ndr_pull_drsuapi_DsAttributeValue(ndr, NDR_BUFFERS, &r->values[cntr_values_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_values_1, 0); @@ -1907,6 +1919,7 @@ _PUBLIC_ enum ndr_err_code ndr_push_drsuapi_DsReplicaObjectIdentifier3(struct nd _PUBLIC_ enum ndr_err_code ndr_pull_drsuapi_DsReplicaObjectIdentifier3(struct ndr_pull *ndr, int ndr_flags, struct drsuapi_DsReplicaObjectIdentifier3 *r) { + uint32_t size_dn_0 = 0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->__ndr_size)); @@ -1914,7 +1927,8 @@ _PUBLIC_ enum ndr_err_code ndr_pull_drsuapi_DsReplicaObjectIdentifier3(struct nd NDR_CHECK(ndr_pull_GUID(ndr, NDR_SCALARS, &r->guid)); NDR_CHECK(ndr_pull_dom_sid28(ndr, NDR_SCALARS, &r->sid)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->__ndr_size_dn)); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->dn, r->__ndr_size_dn + 1, sizeof(uint16_t), CH_UTF16)); + size_dn_0 = r->__ndr_size_dn + 1; + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->dn, size_dn_0, sizeof(uint16_t), CH_UTF16)); } if (ndr_flags & NDR_BUFFERS) { NDR_CHECK(ndr_pull_dom_sid28(ndr, NDR_BUFFERS, &r->sid)); @@ -1966,6 +1980,7 @@ _PUBLIC_ enum ndr_err_code ndr_push_drsuapi_DsReplicaObjectIdentifier3Binary(str _PUBLIC_ enum ndr_err_code ndr_pull_drsuapi_DsReplicaObjectIdentifier3Binary(struct ndr_pull *ndr, int ndr_flags, struct drsuapi_DsReplicaObjectIdentifier3Binary *r) { + uint32_t size_dn_0 = 0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->__ndr_size)); @@ -1973,7 +1988,8 @@ _PUBLIC_ enum ndr_err_code ndr_pull_drsuapi_DsReplicaObjectIdentifier3Binary(str NDR_CHECK(ndr_pull_GUID(ndr, NDR_SCALARS, &r->guid)); NDR_CHECK(ndr_pull_dom_sid28(ndr, NDR_SCALARS, &r->sid)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->__ndr_size_dn)); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->dn, r->__ndr_size_dn + 1, sizeof(uint16_t), CH_UTF16)); + size_dn_0 = r->__ndr_size_dn + 1; + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->dn, size_dn_0, sizeof(uint16_t), CH_UTF16)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->__ndr_size_binary)); { uint32_t _flags_save_DATA_BLOB = ndr->flags; @@ -2068,6 +2084,7 @@ static enum ndr_err_code ndr_push_drsuapi_DsReplicaAttributeCtr(struct ndr_push static enum ndr_err_code ndr_pull_drsuapi_DsReplicaAttributeCtr(struct ndr_pull *ndr, int ndr_flags, struct drsuapi_DsReplicaAttributeCtr *r) { uint32_t _ptr_attributes; + uint32_t size_attributes_1 = 0; uint32_t cntr_attributes_1; TALLOC_CTX *_mem_save_attributes_0; TALLOC_CTX *_mem_save_attributes_1; @@ -2089,13 +2106,14 @@ static enum ndr_err_code ndr_pull_drsuapi_DsReplicaAttributeCtr(struct ndr_pull _mem_save_attributes_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->attributes, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->attributes)); - NDR_PULL_ALLOC_N(ndr, r->attributes, ndr_get_array_size(ndr, &r->attributes)); + size_attributes_1 = ndr_get_array_size(ndr, &r->attributes); + NDR_PULL_ALLOC_N(ndr, r->attributes, size_attributes_1); _mem_save_attributes_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->attributes, 0); - for (cntr_attributes_1 = 0; cntr_attributes_1 < r->num_attributes; cntr_attributes_1++) { + for (cntr_attributes_1 = 0; cntr_attributes_1 < size_attributes_1; cntr_attributes_1++) { NDR_CHECK(ndr_pull_drsuapi_DsReplicaAttribute(ndr, NDR_SCALARS, &r->attributes[cntr_attributes_1])); } - for (cntr_attributes_1 = 0; cntr_attributes_1 < r->num_attributes; cntr_attributes_1++) { + for (cntr_attributes_1 = 0; cntr_attributes_1 < size_attributes_1; cntr_attributes_1++) { NDR_CHECK(ndr_pull_drsuapi_DsReplicaAttribute(ndr, NDR_BUFFERS, &r->attributes[cntr_attributes_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_attributes_1, 0); @@ -2272,6 +2290,7 @@ _PUBLIC_ enum ndr_err_code ndr_push_drsuapi_DsReplicaMetaDataCtr(struct ndr_push _PUBLIC_ enum ndr_err_code ndr_pull_drsuapi_DsReplicaMetaDataCtr(struct ndr_pull *ndr, int ndr_flags, struct drsuapi_DsReplicaMetaDataCtr *r) { + uint32_t size_meta_data_0 = 0; uint32_t cntr_meta_data_0; TALLOC_CTX *_mem_save_meta_data_0; if (ndr_flags & NDR_SCALARS) { @@ -2281,10 +2300,11 @@ _PUBLIC_ enum ndr_err_code ndr_pull_drsuapi_DsReplicaMetaDataCtr(struct ndr_pull if (r->count < 0 || r->count > 1048576) { return ndr_pull_error(ndr, NDR_ERR_RANGE, "value out of range"); } - NDR_PULL_ALLOC_N(ndr, r->meta_data, ndr_get_array_size(ndr, &r->meta_data)); + size_meta_data_0 = ndr_get_array_size(ndr, &r->meta_data); + NDR_PULL_ALLOC_N(ndr, r->meta_data, size_meta_data_0); _mem_save_meta_data_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->meta_data, 0); - for (cntr_meta_data_0 = 0; cntr_meta_data_0 < r->count; cntr_meta_data_0++) { + for (cntr_meta_data_0 = 0; cntr_meta_data_0 < size_meta_data_0; cntr_meta_data_0++) { NDR_CHECK(ndr_pull_drsuapi_DsReplicaMetaData(ndr, NDR_SCALARS, &r->meta_data[cntr_meta_data_0])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_meta_data_0, 0); @@ -2675,6 +2695,7 @@ _PUBLIC_ enum ndr_err_code ndr_pull_drsuapi_DsGetNCChangesCtr6(struct ndr_pull * uint32_t _ptr_first_object; TALLOC_CTX *_mem_save_first_object_0; uint32_t _ptr_linked_attributes; + uint32_t size_linked_attributes_1 = 0; uint32_t cntr_linked_attributes_1; TALLOC_CTX *_mem_save_linked_attributes_0; TALLOC_CTX *_mem_save_linked_attributes_1; @@ -2745,13 +2766,14 @@ _PUBLIC_ enum ndr_err_code ndr_pull_drsuapi_DsGetNCChangesCtr6(struct ndr_pull * _mem_save_linked_attributes_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->linked_attributes, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->linked_attributes)); - NDR_PULL_ALLOC_N(ndr, r->linked_attributes, ndr_get_array_size(ndr, &r->linked_attributes)); + size_linked_attributes_1 = ndr_get_array_size(ndr, &r->linked_attributes); + NDR_PULL_ALLOC_N(ndr, r->linked_attributes, size_linked_attributes_1); _mem_save_linked_attributes_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->linked_attributes, 0); - for (cntr_linked_attributes_1 = 0; cntr_linked_attributes_1 < r->linked_attributes_count; cntr_linked_attributes_1++) { + for (cntr_linked_attributes_1 = 0; cntr_linked_attributes_1 < size_linked_attributes_1; cntr_linked_attributes_1++) { NDR_CHECK(ndr_pull_drsuapi_DsReplicaLinkedAttribute(ndr, NDR_SCALARS, &r->linked_attributes[cntr_linked_attributes_1])); } - for (cntr_linked_attributes_1 = 0; cntr_linked_attributes_1 < r->linked_attributes_count; cntr_linked_attributes_1++) { + for (cntr_linked_attributes_1 = 0; cntr_linked_attributes_1 < size_linked_attributes_1; cntr_linked_attributes_1++) { NDR_CHECK(ndr_pull_drsuapi_DsReplicaLinkedAttribute(ndr, NDR_BUFFERS, &r->linked_attributes[cntr_linked_attributes_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_linked_attributes_1, 0); @@ -3573,6 +3595,8 @@ static enum ndr_err_code ndr_pull_drsuapi_DsReplicaUpdateRefsRequest1(struct ndr uint32_t _ptr_naming_context; TALLOC_CTX *_mem_save_naming_context_0; uint32_t _ptr_dest_dsa_dns_name; + uint32_t size_dest_dsa_dns_name_1 = 0; + uint32_t length_dest_dsa_dns_name_1 = 0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); NDR_CHECK(ndr_pull_ref_ptr(ndr, &_ptr_naming_context)); @@ -3597,11 +3621,13 @@ static enum ndr_err_code ndr_pull_drsuapi_DsReplicaUpdateRefsRequest1(struct ndr NDR_PULL_SET_MEM_CTX(ndr, _mem_save_naming_context_0, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->dest_dsa_dns_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->dest_dsa_dns_name)); - if (ndr_get_array_length(ndr, &r->dest_dsa_dns_name) > ndr_get_array_size(ndr, &r->dest_dsa_dns_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->dest_dsa_dns_name), ndr_get_array_length(ndr, &r->dest_dsa_dns_name)); + size_dest_dsa_dns_name_1 = ndr_get_array_size(ndr, &r->dest_dsa_dns_name); + length_dest_dsa_dns_name_1 = ndr_get_array_length(ndr, &r->dest_dsa_dns_name); + if (length_dest_dsa_dns_name_1 > size_dest_dsa_dns_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_dest_dsa_dns_name_1, length_dest_dsa_dns_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->dest_dsa_dns_name), sizeof(uint8_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->dest_dsa_dns_name, ndr_get_array_length(ndr, &r->dest_dsa_dns_name), sizeof(uint8_t), CH_DOS)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_dest_dsa_dns_name_1, sizeof(uint8_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->dest_dsa_dns_name, length_dest_dsa_dns_name_1, sizeof(uint8_t), CH_DOS)); } return NDR_ERR_SUCCESS; } @@ -3847,15 +3873,18 @@ static enum ndr_err_code ndr_push_drsuapi_DsGetMembershipsCtr1(struct ndr_push * static enum ndr_err_code ndr_pull_drsuapi_DsGetMembershipsCtr1(struct ndr_pull *ndr, int ndr_flags, struct drsuapi_DsGetMembershipsCtr1 *r) { uint32_t _ptr_info_array; + uint32_t size_info_array_1 = 0; uint32_t cntr_info_array_1; TALLOC_CTX *_mem_save_info_array_0; TALLOC_CTX *_mem_save_info_array_1; TALLOC_CTX *_mem_save_info_array_2; uint32_t _ptr_group_attrs; + uint32_t size_group_attrs_1 = 0; uint32_t cntr_group_attrs_1; TALLOC_CTX *_mem_save_group_attrs_0; TALLOC_CTX *_mem_save_group_attrs_1; uint32_t _ptr_sids; + uint32_t size_sids_1 = 0; uint32_t cntr_sids_1; TALLOC_CTX *_mem_save_sids_0; TALLOC_CTX *_mem_save_sids_1; @@ -3895,10 +3924,11 @@ static enum ndr_err_code ndr_pull_drsuapi_DsGetMembershipsCtr1(struct ndr_pull * _mem_save_info_array_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->info_array, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->info_array)); - NDR_PULL_ALLOC_N(ndr, r->info_array, ndr_get_array_size(ndr, &r->info_array)); + size_info_array_1 = ndr_get_array_size(ndr, &r->info_array); + NDR_PULL_ALLOC_N(ndr, r->info_array, size_info_array_1); _mem_save_info_array_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->info_array, 0); - for (cntr_info_array_1 = 0; cntr_info_array_1 < r->num_memberships; cntr_info_array_1++) { + for (cntr_info_array_1 = 0; cntr_info_array_1 < size_info_array_1; cntr_info_array_1++) { NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info_array)); if (_ptr_info_array) { NDR_PULL_ALLOC(ndr, r->info_array[cntr_info_array_1]); @@ -3906,7 +3936,7 @@ static enum ndr_err_code ndr_pull_drsuapi_DsGetMembershipsCtr1(struct ndr_pull * r->info_array[cntr_info_array_1] = NULL; } } - for (cntr_info_array_1 = 0; cntr_info_array_1 < r->num_memberships; cntr_info_array_1++) { + for (cntr_info_array_1 = 0; cntr_info_array_1 < size_info_array_1; cntr_info_array_1++) { if (r->info_array[cntr_info_array_1]) { _mem_save_info_array_2 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->info_array[cntr_info_array_1], 0); @@ -3921,10 +3951,11 @@ static enum ndr_err_code ndr_pull_drsuapi_DsGetMembershipsCtr1(struct ndr_pull * _mem_save_group_attrs_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->group_attrs, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->group_attrs)); - NDR_PULL_ALLOC_N(ndr, r->group_attrs, ndr_get_array_size(ndr, &r->group_attrs)); + size_group_attrs_1 = ndr_get_array_size(ndr, &r->group_attrs); + NDR_PULL_ALLOC_N(ndr, r->group_attrs, size_group_attrs_1); _mem_save_group_attrs_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->group_attrs, 0); - for (cntr_group_attrs_1 = 0; cntr_group_attrs_1 < r->num_memberships; cntr_group_attrs_1++) { + for (cntr_group_attrs_1 = 0; cntr_group_attrs_1 < size_group_attrs_1; cntr_group_attrs_1++) { NDR_CHECK(ndr_pull_samr_GroupAttrs(ndr, NDR_SCALARS, &r->group_attrs[cntr_group_attrs_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_group_attrs_1, 0); @@ -3934,10 +3965,11 @@ static enum ndr_err_code ndr_pull_drsuapi_DsGetMembershipsCtr1(struct ndr_pull * _mem_save_sids_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->sids, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->sids)); - NDR_PULL_ALLOC_N(ndr, r->sids, ndr_get_array_size(ndr, &r->sids)); + size_sids_1 = ndr_get_array_size(ndr, &r->sids); + NDR_PULL_ALLOC_N(ndr, r->sids, size_sids_1); _mem_save_sids_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->sids, 0); - for (cntr_sids_1 = 0; cntr_sids_1 < r->num_sids; cntr_sids_1++) { + for (cntr_sids_1 = 0; cntr_sids_1 < size_sids_1; cntr_sids_1++) { NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_sids)); if (_ptr_sids) { NDR_PULL_ALLOC(ndr, r->sids[cntr_sids_1]); @@ -3945,7 +3977,7 @@ static enum ndr_err_code ndr_pull_drsuapi_DsGetMembershipsCtr1(struct ndr_pull * r->sids[cntr_sids_1] = NULL; } } - for (cntr_sids_1 = 0; cntr_sids_1 < r->num_sids; cntr_sids_1++) { + for (cntr_sids_1 = 0; cntr_sids_1 < size_sids_1; cntr_sids_1++) { if (r->sids[cntr_sids_1]) { _mem_save_sids_2 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->sids[cntr_sids_1], 0); @@ -4145,6 +4177,7 @@ static enum ndr_err_code ndr_push_drsuapi_DsGetMembershipsRequest1(struct ndr_pu static enum ndr_err_code ndr_pull_drsuapi_DsGetMembershipsRequest1(struct ndr_pull *ndr, int ndr_flags, struct drsuapi_DsGetMembershipsRequest1 *r) { uint32_t _ptr_info_array; + uint32_t size_info_array_1 = 0; uint32_t cntr_info_array_1; TALLOC_CTX *_mem_save_info_array_0; TALLOC_CTX *_mem_save_info_array_1; @@ -4177,10 +4210,11 @@ static enum ndr_err_code ndr_pull_drsuapi_DsGetMembershipsRequest1(struct ndr_pu _mem_save_info_array_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->info_array, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->info_array)); - NDR_PULL_ALLOC_N(ndr, r->info_array, ndr_get_array_size(ndr, &r->info_array)); + size_info_array_1 = ndr_get_array_size(ndr, &r->info_array); + NDR_PULL_ALLOC_N(ndr, r->info_array, size_info_array_1); _mem_save_info_array_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->info_array, 0); - for (cntr_info_array_1 = 0; cntr_info_array_1 < r->count; cntr_info_array_1++) { + for (cntr_info_array_1 = 0; cntr_info_array_1 < size_info_array_1; cntr_info_array_1++) { NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info_array)); if (_ptr_info_array) { NDR_PULL_ALLOC(ndr, r->info_array[cntr_info_array_1]); @@ -4188,7 +4222,7 @@ static enum ndr_err_code ndr_pull_drsuapi_DsGetMembershipsRequest1(struct ndr_pu r->info_array[cntr_info_array_1] = NULL; } } - for (cntr_info_array_1 = 0; cntr_info_array_1 < r->count; cntr_info_array_1++) { + for (cntr_info_array_1 = 0; cntr_info_array_1 < size_info_array_1; cntr_info_array_1++) { if (r->info_array[cntr_info_array_1]) { _mem_save_info_array_2 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->info_array[cntr_info_array_1], 0); @@ -4345,6 +4379,7 @@ static enum ndr_err_code ndr_push_drsuapi_DsGetNT4ChangeLogRequest1(struct ndr_p static enum ndr_err_code ndr_pull_drsuapi_DsGetNT4ChangeLogRequest1(struct ndr_pull *ndr, int ndr_flags, struct drsuapi_DsGetNT4ChangeLogRequest1 *r) { uint32_t _ptr_data; + uint32_t size_data_1 = 0; TALLOC_CTX *_mem_save_data_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); @@ -4366,8 +4401,9 @@ static enum ndr_err_code ndr_pull_drsuapi_DsGetNT4ChangeLogRequest1(struct ndr_p _mem_save_data_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->data, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->data)); - NDR_PULL_ALLOC_N(ndr, r->data, ndr_get_array_size(ndr, &r->data)); - NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->data, ndr_get_array_size(ndr, &r->data))); + size_data_1 = ndr_get_array_size(ndr, &r->data); + NDR_PULL_ALLOC_N(ndr, r->data, size_data_1); + NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->data, size_data_1)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_data_0, 0); } if (r->data) { @@ -4500,8 +4536,10 @@ static enum ndr_err_code ndr_push_drsuapi_DsGetNT4ChangeLogInfo1(struct ndr_push static enum ndr_err_code ndr_pull_drsuapi_DsGetNT4ChangeLogInfo1(struct ndr_pull *ndr, int ndr_flags, struct drsuapi_DsGetNT4ChangeLogInfo1 *r) { uint32_t _ptr_data1; + uint32_t size_data1_1 = 0; TALLOC_CTX *_mem_save_data1_0; uint32_t _ptr_data2; + uint32_t size_data2_1 = 0; TALLOC_CTX *_mem_save_data2_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 8)); @@ -4538,16 +4576,18 @@ static enum ndr_err_code ndr_pull_drsuapi_DsGetNT4ChangeLogInfo1(struct ndr_pull _mem_save_data1_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->data1, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->data1)); - NDR_PULL_ALLOC_N(ndr, r->data1, ndr_get_array_size(ndr, &r->data1)); - NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->data1, ndr_get_array_size(ndr, &r->data1))); + size_data1_1 = ndr_get_array_size(ndr, &r->data1); + NDR_PULL_ALLOC_N(ndr, r->data1, size_data1_1); + NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->data1, size_data1_1)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_data1_0, 0); } if (r->data2) { _mem_save_data2_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->data2, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->data2)); - NDR_PULL_ALLOC_N(ndr, r->data2, ndr_get_array_size(ndr, &r->data2)); - NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->data2, ndr_get_array_size(ndr, &r->data2))); + size_data2_1 = ndr_get_array_size(ndr, &r->data2); + NDR_PULL_ALLOC_N(ndr, r->data2, size_data2_1); + NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->data2, size_data2_1)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_data2_0, 0); } if (r->data1) { @@ -4776,6 +4816,8 @@ static enum ndr_err_code ndr_push_drsuapi_DsNameString(struct ndr_push *ndr, int static enum ndr_err_code ndr_pull_drsuapi_DsNameString(struct ndr_pull *ndr, int ndr_flags, struct drsuapi_DsNameString *r) { uint32_t _ptr_str; + uint32_t size_str_1 = 0; + uint32_t length_str_1 = 0; TALLOC_CTX *_mem_save_str_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); @@ -4792,11 +4834,13 @@ static enum ndr_err_code ndr_pull_drsuapi_DsNameString(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->str, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->str)); NDR_CHECK(ndr_pull_array_length(ndr, &r->str)); - if (ndr_get_array_length(ndr, &r->str) > ndr_get_array_size(ndr, &r->str)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->str), ndr_get_array_length(ndr, &r->str)); + size_str_1 = ndr_get_array_size(ndr, &r->str); + length_str_1 = ndr_get_array_length(ndr, &r->str); + if (length_str_1 > size_str_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_str_1, length_str_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->str), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->str, ndr_get_array_length(ndr, &r->str), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_str_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->str, length_str_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_str_0, 0); } } @@ -4846,6 +4890,7 @@ static enum ndr_err_code ndr_push_drsuapi_DsNameRequest1(struct ndr_push *ndr, i static enum ndr_err_code ndr_pull_drsuapi_DsNameRequest1(struct ndr_pull *ndr, int ndr_flags, struct drsuapi_DsNameRequest1 *r) { uint32_t _ptr_names; + uint32_t size_names_1 = 0; uint32_t cntr_names_1; TALLOC_CTX *_mem_save_names_0; TALLOC_CTX *_mem_save_names_1; @@ -4872,13 +4917,14 @@ static enum ndr_err_code ndr_pull_drsuapi_DsNameRequest1(struct ndr_pull *ndr, i _mem_save_names_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->names, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->names)); - NDR_PULL_ALLOC_N(ndr, r->names, ndr_get_array_size(ndr, &r->names)); + size_names_1 = ndr_get_array_size(ndr, &r->names); + NDR_PULL_ALLOC_N(ndr, r->names, size_names_1); _mem_save_names_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->names, 0); - for (cntr_names_1 = 0; cntr_names_1 < r->count; cntr_names_1++) { + for (cntr_names_1 = 0; cntr_names_1 < size_names_1; cntr_names_1++) { NDR_CHECK(ndr_pull_drsuapi_DsNameString(ndr, NDR_SCALARS, &r->names[cntr_names_1])); } - for (cntr_names_1 = 0; cntr_names_1 < r->count; cntr_names_1++) { + for (cntr_names_1 = 0; cntr_names_1 < size_names_1; cntr_names_1++) { NDR_CHECK(ndr_pull_drsuapi_DsNameString(ndr, NDR_BUFFERS, &r->names[cntr_names_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_names_1, 0); @@ -5023,8 +5069,12 @@ static enum ndr_err_code ndr_push_drsuapi_DsNameInfo1(struct ndr_push *ndr, int static enum ndr_err_code ndr_pull_drsuapi_DsNameInfo1(struct ndr_pull *ndr, int ndr_flags, struct drsuapi_DsNameInfo1 *r) { uint32_t _ptr_dns_domain_name; + uint32_t size_dns_domain_name_1 = 0; + uint32_t length_dns_domain_name_1 = 0; TALLOC_CTX *_mem_save_dns_domain_name_0; uint32_t _ptr_result_name; + uint32_t size_result_name_1 = 0; + uint32_t length_result_name_1 = 0; TALLOC_CTX *_mem_save_result_name_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); @@ -5048,11 +5098,13 @@ static enum ndr_err_code ndr_pull_drsuapi_DsNameInfo1(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->dns_domain_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->dns_domain_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->dns_domain_name)); - if (ndr_get_array_length(ndr, &r->dns_domain_name) > ndr_get_array_size(ndr, &r->dns_domain_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->dns_domain_name), ndr_get_array_length(ndr, &r->dns_domain_name)); + size_dns_domain_name_1 = ndr_get_array_size(ndr, &r->dns_domain_name); + length_dns_domain_name_1 = ndr_get_array_length(ndr, &r->dns_domain_name); + if (length_dns_domain_name_1 > size_dns_domain_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_dns_domain_name_1, length_dns_domain_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->dns_domain_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->dns_domain_name, ndr_get_array_length(ndr, &r->dns_domain_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_dns_domain_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->dns_domain_name, length_dns_domain_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_dns_domain_name_0, 0); } if (r->result_name) { @@ -5060,11 +5112,13 @@ static enum ndr_err_code ndr_pull_drsuapi_DsNameInfo1(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->result_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->result_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->result_name)); - if (ndr_get_array_length(ndr, &r->result_name) > ndr_get_array_size(ndr, &r->result_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->result_name), ndr_get_array_length(ndr, &r->result_name)); + size_result_name_1 = ndr_get_array_size(ndr, &r->result_name); + length_result_name_1 = ndr_get_array_length(ndr, &r->result_name); + if (length_result_name_1 > size_result_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_result_name_1, length_result_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->result_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->result_name, ndr_get_array_length(ndr, &r->result_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_result_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->result_name, length_result_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_result_name_0, 0); } } @@ -5116,6 +5170,7 @@ static enum ndr_err_code ndr_push_drsuapi_DsNameCtr1(struct ndr_push *ndr, int n static enum ndr_err_code ndr_pull_drsuapi_DsNameCtr1(struct ndr_pull *ndr, int ndr_flags, struct drsuapi_DsNameCtr1 *r) { uint32_t _ptr_array; + uint32_t size_array_1 = 0; uint32_t cntr_array_1; TALLOC_CTX *_mem_save_array_0; TALLOC_CTX *_mem_save_array_1; @@ -5134,13 +5189,14 @@ static enum ndr_err_code ndr_pull_drsuapi_DsNameCtr1(struct ndr_pull *ndr, int n _mem_save_array_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->array)); - NDR_PULL_ALLOC_N(ndr, r->array, ndr_get_array_size(ndr, &r->array)); + size_array_1 = ndr_get_array_size(ndr, &r->array); + NDR_PULL_ALLOC_N(ndr, r->array, size_array_1); _mem_save_array_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); - for (cntr_array_1 = 0; cntr_array_1 < r->count; cntr_array_1++) { + for (cntr_array_1 = 0; cntr_array_1 < size_array_1; cntr_array_1++) { NDR_CHECK(ndr_pull_drsuapi_DsNameInfo1(ndr, NDR_SCALARS, &r->array[cntr_array_1])); } - for (cntr_array_1 = 0; cntr_array_1 < r->count; cntr_array_1++) { + for (cntr_array_1 = 0; cntr_array_1 < size_array_1; cntr_array_1++) { NDR_CHECK(ndr_pull_drsuapi_DsNameInfo1(ndr, NDR_BUFFERS, &r->array[cntr_array_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_array_1, 0); @@ -5212,6 +5268,7 @@ static enum ndr_err_code ndr_pull_drsuapi_DsNameCtr(struct ndr_pull *ndr, int nd int level; int32_t _level; TALLOC_CTX *_mem_save_ctr1_0; + uint32_t _ptr_ctr1; level = ndr_pull_get_switch_value(ndr, r); if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_int32(ndr, NDR_SCALARS, &_level)); @@ -5220,7 +5277,6 @@ static enum ndr_err_code ndr_pull_drsuapi_DsNameCtr(struct ndr_pull *ndr, int nd } switch (level) { case 1: { - uint32_t _ptr_ctr1; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_ctr1)); if (_ptr_ctr1) { NDR_PULL_ALLOC(ndr, r->ctr1); @@ -5331,8 +5387,11 @@ static enum ndr_err_code ndr_push_drsuapi_DsWriteAccountSpnRequest1(struct ndr_p static enum ndr_err_code ndr_pull_drsuapi_DsWriteAccountSpnRequest1(struct ndr_pull *ndr, int ndr_flags, struct drsuapi_DsWriteAccountSpnRequest1 *r) { uint32_t _ptr_object_dn; + uint32_t size_object_dn_1 = 0; + uint32_t length_object_dn_1 = 0; TALLOC_CTX *_mem_save_object_dn_0; uint32_t _ptr_spn_names; + uint32_t size_spn_names_1 = 0; uint32_t cntr_spn_names_1; TALLOC_CTX *_mem_save_spn_names_0; TALLOC_CTX *_mem_save_spn_names_1; @@ -5363,24 +5422,27 @@ static enum ndr_err_code ndr_pull_drsuapi_DsWriteAccountSpnRequest1(struct ndr_p NDR_PULL_SET_MEM_CTX(ndr, r->object_dn, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->object_dn)); NDR_CHECK(ndr_pull_array_length(ndr, &r->object_dn)); - if (ndr_get_array_length(ndr, &r->object_dn) > ndr_get_array_size(ndr, &r->object_dn)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->object_dn), ndr_get_array_length(ndr, &r->object_dn)); + size_object_dn_1 = ndr_get_array_size(ndr, &r->object_dn); + length_object_dn_1 = ndr_get_array_length(ndr, &r->object_dn); + if (length_object_dn_1 > size_object_dn_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_object_dn_1, length_object_dn_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->object_dn), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->object_dn, ndr_get_array_length(ndr, &r->object_dn), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_object_dn_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->object_dn, length_object_dn_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_object_dn_0, 0); } if (r->spn_names) { _mem_save_spn_names_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->spn_names, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->spn_names)); - NDR_PULL_ALLOC_N(ndr, r->spn_names, ndr_get_array_size(ndr, &r->spn_names)); + size_spn_names_1 = ndr_get_array_size(ndr, &r->spn_names); + NDR_PULL_ALLOC_N(ndr, r->spn_names, size_spn_names_1); _mem_save_spn_names_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->spn_names, 0); - for (cntr_spn_names_1 = 0; cntr_spn_names_1 < r->count; cntr_spn_names_1++) { + for (cntr_spn_names_1 = 0; cntr_spn_names_1 < size_spn_names_1; cntr_spn_names_1++) { NDR_CHECK(ndr_pull_drsuapi_DsNameString(ndr, NDR_SCALARS, &r->spn_names[cntr_spn_names_1])); } - for (cntr_spn_names_1 = 0; cntr_spn_names_1 < r->count; cntr_spn_names_1++) { + for (cntr_spn_names_1 = 0; cntr_spn_names_1 < size_spn_names_1; cntr_spn_names_1++) { NDR_CHECK(ndr_pull_drsuapi_DsNameString(ndr, NDR_BUFFERS, &r->spn_names[cntr_spn_names_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_spn_names_1, 0); @@ -5631,8 +5693,12 @@ static enum ndr_err_code ndr_push_drsuapi_DsRemoveDSServerRequest1(struct ndr_pu static enum ndr_err_code ndr_pull_drsuapi_DsRemoveDSServerRequest1(struct ndr_pull *ndr, int ndr_flags, struct drsuapi_DsRemoveDSServerRequest1 *r) { uint32_t _ptr_server_dn; + uint32_t size_server_dn_1 = 0; + uint32_t length_server_dn_1 = 0; TALLOC_CTX *_mem_save_server_dn_0; uint32_t _ptr_domain_dn; + uint32_t size_domain_dn_1 = 0; + uint32_t length_domain_dn_1 = 0; TALLOC_CTX *_mem_save_domain_dn_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); @@ -5656,11 +5722,13 @@ static enum ndr_err_code ndr_pull_drsuapi_DsRemoveDSServerRequest1(struct ndr_pu NDR_PULL_SET_MEM_CTX(ndr, r->server_dn, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->server_dn)); NDR_CHECK(ndr_pull_array_length(ndr, &r->server_dn)); - if (ndr_get_array_length(ndr, &r->server_dn) > ndr_get_array_size(ndr, &r->server_dn)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->server_dn), ndr_get_array_length(ndr, &r->server_dn)); + size_server_dn_1 = ndr_get_array_size(ndr, &r->server_dn); + length_server_dn_1 = ndr_get_array_length(ndr, &r->server_dn); + if (length_server_dn_1 > size_server_dn_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_dn_1, length_server_dn_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->server_dn), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->server_dn, ndr_get_array_length(ndr, &r->server_dn), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_dn_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->server_dn, length_server_dn_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_dn_0, 0); } if (r->domain_dn) { @@ -5668,11 +5736,13 @@ static enum ndr_err_code ndr_pull_drsuapi_DsRemoveDSServerRequest1(struct ndr_pu NDR_PULL_SET_MEM_CTX(ndr, r->domain_dn, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->domain_dn)); NDR_CHECK(ndr_pull_array_length(ndr, &r->domain_dn)); - if (ndr_get_array_length(ndr, &r->domain_dn) > ndr_get_array_size(ndr, &r->domain_dn)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->domain_dn), ndr_get_array_length(ndr, &r->domain_dn)); + size_domain_dn_1 = ndr_get_array_size(ndr, &r->domain_dn); + length_domain_dn_1 = ndr_get_array_length(ndr, &r->domain_dn); + if (length_domain_dn_1 > size_domain_dn_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_domain_dn_1, length_domain_dn_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->domain_dn), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->domain_dn, ndr_get_array_length(ndr, &r->domain_dn), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_domain_dn_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->domain_dn, length_domain_dn_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_domain_dn_0, 0); } } @@ -5898,6 +5968,8 @@ static enum ndr_err_code ndr_push_drsuapi_DsGetDCInfoRequest1(struct ndr_push *n static enum ndr_err_code ndr_pull_drsuapi_DsGetDCInfoRequest1(struct ndr_pull *ndr, int ndr_flags, struct drsuapi_DsGetDCInfoRequest1 *r) { uint32_t _ptr_domain_name; + uint32_t size_domain_name_1 = 0; + uint32_t length_domain_name_1 = 0; TALLOC_CTX *_mem_save_domain_name_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); @@ -5915,11 +5987,13 @@ static enum ndr_err_code ndr_pull_drsuapi_DsGetDCInfoRequest1(struct ndr_pull *n NDR_PULL_SET_MEM_CTX(ndr, r->domain_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->domain_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->domain_name)); - if (ndr_get_array_length(ndr, &r->domain_name) > ndr_get_array_size(ndr, &r->domain_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->domain_name), ndr_get_array_length(ndr, &r->domain_name)); + size_domain_name_1 = ndr_get_array_size(ndr, &r->domain_name); + length_domain_name_1 = ndr_get_array_length(ndr, &r->domain_name); + if (length_domain_name_1 > size_domain_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_domain_name_1, length_domain_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->domain_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->domain_name, ndr_get_array_length(ndr, &r->domain_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_domain_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->domain_name, length_domain_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_domain_name_0, 0); } } @@ -6065,14 +6139,24 @@ static enum ndr_err_code ndr_push_drsuapi_DsGetDCInfo1(struct ndr_push *ndr, int static enum ndr_err_code ndr_pull_drsuapi_DsGetDCInfo1(struct ndr_pull *ndr, int ndr_flags, struct drsuapi_DsGetDCInfo1 *r) { uint32_t _ptr_netbios_name; + uint32_t size_netbios_name_1 = 0; + uint32_t length_netbios_name_1 = 0; TALLOC_CTX *_mem_save_netbios_name_0; uint32_t _ptr_dns_name; + uint32_t size_dns_name_1 = 0; + uint32_t length_dns_name_1 = 0; TALLOC_CTX *_mem_save_dns_name_0; uint32_t _ptr_site_name; + uint32_t size_site_name_1 = 0; + uint32_t length_site_name_1 = 0; TALLOC_CTX *_mem_save_site_name_0; uint32_t _ptr_computer_dn; + uint32_t size_computer_dn_1 = 0; + uint32_t length_computer_dn_1 = 0; TALLOC_CTX *_mem_save_computer_dn_0; uint32_t _ptr_server_dn; + uint32_t size_server_dn_1 = 0; + uint32_t length_server_dn_1 = 0; TALLOC_CTX *_mem_save_server_dn_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); @@ -6115,11 +6199,13 @@ static enum ndr_err_code ndr_pull_drsuapi_DsGetDCInfo1(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->netbios_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->netbios_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->netbios_name)); - if (ndr_get_array_length(ndr, &r->netbios_name) > ndr_get_array_size(ndr, &r->netbios_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->netbios_name), ndr_get_array_length(ndr, &r->netbios_name)); + size_netbios_name_1 = ndr_get_array_size(ndr, &r->netbios_name); + length_netbios_name_1 = ndr_get_array_length(ndr, &r->netbios_name); + if (length_netbios_name_1 > size_netbios_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_netbios_name_1, length_netbios_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->netbios_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->netbios_name, ndr_get_array_length(ndr, &r->netbios_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_netbios_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->netbios_name, length_netbios_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_netbios_name_0, 0); } if (r->dns_name) { @@ -6127,11 +6213,13 @@ static enum ndr_err_code ndr_pull_drsuapi_DsGetDCInfo1(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->dns_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->dns_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->dns_name)); - if (ndr_get_array_length(ndr, &r->dns_name) > ndr_get_array_size(ndr, &r->dns_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->dns_name), ndr_get_array_length(ndr, &r->dns_name)); + size_dns_name_1 = ndr_get_array_size(ndr, &r->dns_name); + length_dns_name_1 = ndr_get_array_length(ndr, &r->dns_name); + if (length_dns_name_1 > size_dns_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_dns_name_1, length_dns_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->dns_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->dns_name, ndr_get_array_length(ndr, &r->dns_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_dns_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->dns_name, length_dns_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_dns_name_0, 0); } if (r->site_name) { @@ -6139,11 +6227,13 @@ static enum ndr_err_code ndr_pull_drsuapi_DsGetDCInfo1(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->site_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->site_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->site_name)); - if (ndr_get_array_length(ndr, &r->site_name) > ndr_get_array_size(ndr, &r->site_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->site_name), ndr_get_array_length(ndr, &r->site_name)); + size_site_name_1 = ndr_get_array_size(ndr, &r->site_name); + length_site_name_1 = ndr_get_array_length(ndr, &r->site_name); + if (length_site_name_1 > size_site_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_site_name_1, length_site_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->site_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->site_name, ndr_get_array_length(ndr, &r->site_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_site_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->site_name, length_site_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_site_name_0, 0); } if (r->computer_dn) { @@ -6151,11 +6241,13 @@ static enum ndr_err_code ndr_pull_drsuapi_DsGetDCInfo1(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->computer_dn, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->computer_dn)); NDR_CHECK(ndr_pull_array_length(ndr, &r->computer_dn)); - if (ndr_get_array_length(ndr, &r->computer_dn) > ndr_get_array_size(ndr, &r->computer_dn)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->computer_dn), ndr_get_array_length(ndr, &r->computer_dn)); + size_computer_dn_1 = ndr_get_array_size(ndr, &r->computer_dn); + length_computer_dn_1 = ndr_get_array_length(ndr, &r->computer_dn); + if (length_computer_dn_1 > size_computer_dn_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_computer_dn_1, length_computer_dn_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->computer_dn), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->computer_dn, ndr_get_array_length(ndr, &r->computer_dn), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_computer_dn_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->computer_dn, length_computer_dn_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_computer_dn_0, 0); } if (r->server_dn) { @@ -6163,11 +6255,13 @@ static enum ndr_err_code ndr_pull_drsuapi_DsGetDCInfo1(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->server_dn, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->server_dn)); NDR_CHECK(ndr_pull_array_length(ndr, &r->server_dn)); - if (ndr_get_array_length(ndr, &r->server_dn) > ndr_get_array_size(ndr, &r->server_dn)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->server_dn), ndr_get_array_length(ndr, &r->server_dn)); + size_server_dn_1 = ndr_get_array_size(ndr, &r->server_dn); + length_server_dn_1 = ndr_get_array_length(ndr, &r->server_dn); + if (length_server_dn_1 > size_server_dn_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_dn_1, length_server_dn_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->server_dn), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->server_dn, ndr_get_array_length(ndr, &r->server_dn), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_dn_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->server_dn, length_server_dn_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_dn_0, 0); } } @@ -6238,6 +6332,7 @@ static enum ndr_err_code ndr_push_drsuapi_DsGetDCInfoCtr1(struct ndr_push *ndr, static enum ndr_err_code ndr_pull_drsuapi_DsGetDCInfoCtr1(struct ndr_pull *ndr, int ndr_flags, struct drsuapi_DsGetDCInfoCtr1 *r) { uint32_t _ptr_array; + uint32_t size_array_1 = 0; uint32_t cntr_array_1; TALLOC_CTX *_mem_save_array_0; TALLOC_CTX *_mem_save_array_1; @@ -6259,13 +6354,14 @@ static enum ndr_err_code ndr_pull_drsuapi_DsGetDCInfoCtr1(struct ndr_pull *ndr, _mem_save_array_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->array)); - NDR_PULL_ALLOC_N(ndr, r->array, ndr_get_array_size(ndr, &r->array)); + size_array_1 = ndr_get_array_size(ndr, &r->array); + NDR_PULL_ALLOC_N(ndr, r->array, size_array_1); _mem_save_array_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); - for (cntr_array_1 = 0; cntr_array_1 < r->count; cntr_array_1++) { + for (cntr_array_1 = 0; cntr_array_1 < size_array_1; cntr_array_1++) { NDR_CHECK(ndr_pull_drsuapi_DsGetDCInfo1(ndr, NDR_SCALARS, &r->array[cntr_array_1])); } - for (cntr_array_1 = 0; cntr_array_1 < r->count; cntr_array_1++) { + for (cntr_array_1 = 0; cntr_array_1 < size_array_1; cntr_array_1++) { NDR_CHECK(ndr_pull_drsuapi_DsGetDCInfo1(ndr, NDR_BUFFERS, &r->array[cntr_array_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_array_1, 0); @@ -6371,18 +6467,32 @@ static enum ndr_err_code ndr_push_drsuapi_DsGetDCInfo2(struct ndr_push *ndr, int static enum ndr_err_code ndr_pull_drsuapi_DsGetDCInfo2(struct ndr_pull *ndr, int ndr_flags, struct drsuapi_DsGetDCInfo2 *r) { uint32_t _ptr_netbios_name; + uint32_t size_netbios_name_1 = 0; + uint32_t length_netbios_name_1 = 0; TALLOC_CTX *_mem_save_netbios_name_0; uint32_t _ptr_dns_name; + uint32_t size_dns_name_1 = 0; + uint32_t length_dns_name_1 = 0; TALLOC_CTX *_mem_save_dns_name_0; uint32_t _ptr_site_name; + uint32_t size_site_name_1 = 0; + uint32_t length_site_name_1 = 0; TALLOC_CTX *_mem_save_site_name_0; uint32_t _ptr_site_dn; + uint32_t size_site_dn_1 = 0; + uint32_t length_site_dn_1 = 0; TALLOC_CTX *_mem_save_site_dn_0; uint32_t _ptr_computer_dn; + uint32_t size_computer_dn_1 = 0; + uint32_t length_computer_dn_1 = 0; TALLOC_CTX *_mem_save_computer_dn_0; uint32_t _ptr_server_dn; + uint32_t size_server_dn_1 = 0; + uint32_t length_server_dn_1 = 0; TALLOC_CTX *_mem_save_server_dn_0; uint32_t _ptr_ntds_dn; + uint32_t size_ntds_dn_1 = 0; + uint32_t length_ntds_dn_1 = 0; TALLOC_CTX *_mem_save_ntds_dn_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); @@ -6442,11 +6552,13 @@ static enum ndr_err_code ndr_pull_drsuapi_DsGetDCInfo2(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->netbios_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->netbios_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->netbios_name)); - if (ndr_get_array_length(ndr, &r->netbios_name) > ndr_get_array_size(ndr, &r->netbios_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->netbios_name), ndr_get_array_length(ndr, &r->netbios_name)); + size_netbios_name_1 = ndr_get_array_size(ndr, &r->netbios_name); + length_netbios_name_1 = ndr_get_array_length(ndr, &r->netbios_name); + if (length_netbios_name_1 > size_netbios_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_netbios_name_1, length_netbios_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->netbios_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->netbios_name, ndr_get_array_length(ndr, &r->netbios_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_netbios_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->netbios_name, length_netbios_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_netbios_name_0, 0); } if (r->dns_name) { @@ -6454,11 +6566,13 @@ static enum ndr_err_code ndr_pull_drsuapi_DsGetDCInfo2(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->dns_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->dns_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->dns_name)); - if (ndr_get_array_length(ndr, &r->dns_name) > ndr_get_array_size(ndr, &r->dns_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->dns_name), ndr_get_array_length(ndr, &r->dns_name)); + size_dns_name_1 = ndr_get_array_size(ndr, &r->dns_name); + length_dns_name_1 = ndr_get_array_length(ndr, &r->dns_name); + if (length_dns_name_1 > size_dns_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_dns_name_1, length_dns_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->dns_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->dns_name, ndr_get_array_length(ndr, &r->dns_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_dns_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->dns_name, length_dns_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_dns_name_0, 0); } if (r->site_name) { @@ -6466,11 +6580,13 @@ static enum ndr_err_code ndr_pull_drsuapi_DsGetDCInfo2(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->site_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->site_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->site_name)); - if (ndr_get_array_length(ndr, &r->site_name) > ndr_get_array_size(ndr, &r->site_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->site_name), ndr_get_array_length(ndr, &r->site_name)); + size_site_name_1 = ndr_get_array_size(ndr, &r->site_name); + length_site_name_1 = ndr_get_array_length(ndr, &r->site_name); + if (length_site_name_1 > size_site_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_site_name_1, length_site_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->site_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->site_name, ndr_get_array_length(ndr, &r->site_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_site_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->site_name, length_site_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_site_name_0, 0); } if (r->site_dn) { @@ -6478,11 +6594,13 @@ static enum ndr_err_code ndr_pull_drsuapi_DsGetDCInfo2(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->site_dn, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->site_dn)); NDR_CHECK(ndr_pull_array_length(ndr, &r->site_dn)); - if (ndr_get_array_length(ndr, &r->site_dn) > ndr_get_array_size(ndr, &r->site_dn)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->site_dn), ndr_get_array_length(ndr, &r->site_dn)); + size_site_dn_1 = ndr_get_array_size(ndr, &r->site_dn); + length_site_dn_1 = ndr_get_array_length(ndr, &r->site_dn); + if (length_site_dn_1 > size_site_dn_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_site_dn_1, length_site_dn_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->site_dn), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->site_dn, ndr_get_array_length(ndr, &r->site_dn), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_site_dn_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->site_dn, length_site_dn_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_site_dn_0, 0); } if (r->computer_dn) { @@ -6490,11 +6608,13 @@ static enum ndr_err_code ndr_pull_drsuapi_DsGetDCInfo2(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->computer_dn, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->computer_dn)); NDR_CHECK(ndr_pull_array_length(ndr, &r->computer_dn)); - if (ndr_get_array_length(ndr, &r->computer_dn) > ndr_get_array_size(ndr, &r->computer_dn)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->computer_dn), ndr_get_array_length(ndr, &r->computer_dn)); + size_computer_dn_1 = ndr_get_array_size(ndr, &r->computer_dn); + length_computer_dn_1 = ndr_get_array_length(ndr, &r->computer_dn); + if (length_computer_dn_1 > size_computer_dn_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_computer_dn_1, length_computer_dn_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->computer_dn), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->computer_dn, ndr_get_array_length(ndr, &r->computer_dn), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_computer_dn_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->computer_dn, length_computer_dn_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_computer_dn_0, 0); } if (r->server_dn) { @@ -6502,11 +6622,13 @@ static enum ndr_err_code ndr_pull_drsuapi_DsGetDCInfo2(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->server_dn, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->server_dn)); NDR_CHECK(ndr_pull_array_length(ndr, &r->server_dn)); - if (ndr_get_array_length(ndr, &r->server_dn) > ndr_get_array_size(ndr, &r->server_dn)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->server_dn), ndr_get_array_length(ndr, &r->server_dn)); + size_server_dn_1 = ndr_get_array_size(ndr, &r->server_dn); + length_server_dn_1 = ndr_get_array_length(ndr, &r->server_dn); + if (length_server_dn_1 > size_server_dn_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_dn_1, length_server_dn_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->server_dn), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->server_dn, ndr_get_array_length(ndr, &r->server_dn), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_dn_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->server_dn, length_server_dn_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_dn_0, 0); } if (r->ntds_dn) { @@ -6514,11 +6636,13 @@ static enum ndr_err_code ndr_pull_drsuapi_DsGetDCInfo2(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->ntds_dn, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->ntds_dn)); NDR_CHECK(ndr_pull_array_length(ndr, &r->ntds_dn)); - if (ndr_get_array_length(ndr, &r->ntds_dn) > ndr_get_array_size(ndr, &r->ntds_dn)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->ntds_dn), ndr_get_array_length(ndr, &r->ntds_dn)); + size_ntds_dn_1 = ndr_get_array_size(ndr, &r->ntds_dn); + length_ntds_dn_1 = ndr_get_array_length(ndr, &r->ntds_dn); + if (length_ntds_dn_1 > size_ntds_dn_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_ntds_dn_1, length_ntds_dn_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->ntds_dn), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->ntds_dn, ndr_get_array_length(ndr, &r->ntds_dn), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_ntds_dn_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->ntds_dn, length_ntds_dn_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_ntds_dn_0, 0); } } @@ -6606,6 +6730,7 @@ static enum ndr_err_code ndr_push_drsuapi_DsGetDCInfoCtr2(struct ndr_push *ndr, static enum ndr_err_code ndr_pull_drsuapi_DsGetDCInfoCtr2(struct ndr_pull *ndr, int ndr_flags, struct drsuapi_DsGetDCInfoCtr2 *r) { uint32_t _ptr_array; + uint32_t size_array_1 = 0; uint32_t cntr_array_1; TALLOC_CTX *_mem_save_array_0; TALLOC_CTX *_mem_save_array_1; @@ -6627,13 +6752,14 @@ static enum ndr_err_code ndr_pull_drsuapi_DsGetDCInfoCtr2(struct ndr_pull *ndr, _mem_save_array_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->array)); - NDR_PULL_ALLOC_N(ndr, r->array, ndr_get_array_size(ndr, &r->array)); + size_array_1 = ndr_get_array_size(ndr, &r->array); + NDR_PULL_ALLOC_N(ndr, r->array, size_array_1); _mem_save_array_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); - for (cntr_array_1 = 0; cntr_array_1 < r->count; cntr_array_1++) { + for (cntr_array_1 = 0; cntr_array_1 < size_array_1; cntr_array_1++) { NDR_CHECK(ndr_pull_drsuapi_DsGetDCInfo2(ndr, NDR_SCALARS, &r->array[cntr_array_1])); } - for (cntr_array_1 = 0; cntr_array_1 < r->count; cntr_array_1++) { + for (cntr_array_1 = 0; cntr_array_1 < size_array_1; cntr_array_1++) { NDR_CHECK(ndr_pull_drsuapi_DsGetDCInfo2(ndr, NDR_BUFFERS, &r->array[cntr_array_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_array_1, 0); @@ -6740,18 +6866,32 @@ static enum ndr_err_code ndr_push_drsuapi_DsGetDCInfo3(struct ndr_push *ndr, int static enum ndr_err_code ndr_pull_drsuapi_DsGetDCInfo3(struct ndr_pull *ndr, int ndr_flags, struct drsuapi_DsGetDCInfo3 *r) { uint32_t _ptr_netbios_name; + uint32_t size_netbios_name_1 = 0; + uint32_t length_netbios_name_1 = 0; TALLOC_CTX *_mem_save_netbios_name_0; uint32_t _ptr_dns_name; + uint32_t size_dns_name_1 = 0; + uint32_t length_dns_name_1 = 0; TALLOC_CTX *_mem_save_dns_name_0; uint32_t _ptr_site_name; + uint32_t size_site_name_1 = 0; + uint32_t length_site_name_1 = 0; TALLOC_CTX *_mem_save_site_name_0; uint32_t _ptr_site_dn; + uint32_t size_site_dn_1 = 0; + uint32_t length_site_dn_1 = 0; TALLOC_CTX *_mem_save_site_dn_0; uint32_t _ptr_computer_dn; + uint32_t size_computer_dn_1 = 0; + uint32_t length_computer_dn_1 = 0; TALLOC_CTX *_mem_save_computer_dn_0; uint32_t _ptr_server_dn; + uint32_t size_server_dn_1 = 0; + uint32_t length_server_dn_1 = 0; TALLOC_CTX *_mem_save_server_dn_0; uint32_t _ptr_ntds_dn; + uint32_t size_ntds_dn_1 = 0; + uint32_t length_ntds_dn_1 = 0; TALLOC_CTX *_mem_save_ntds_dn_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); @@ -6812,11 +6952,13 @@ static enum ndr_err_code ndr_pull_drsuapi_DsGetDCInfo3(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->netbios_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->netbios_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->netbios_name)); - if (ndr_get_array_length(ndr, &r->netbios_name) > ndr_get_array_size(ndr, &r->netbios_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->netbios_name), ndr_get_array_length(ndr, &r->netbios_name)); + size_netbios_name_1 = ndr_get_array_size(ndr, &r->netbios_name); + length_netbios_name_1 = ndr_get_array_length(ndr, &r->netbios_name); + if (length_netbios_name_1 > size_netbios_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_netbios_name_1, length_netbios_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->netbios_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->netbios_name, ndr_get_array_length(ndr, &r->netbios_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_netbios_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->netbios_name, length_netbios_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_netbios_name_0, 0); } if (r->dns_name) { @@ -6824,11 +6966,13 @@ static enum ndr_err_code ndr_pull_drsuapi_DsGetDCInfo3(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->dns_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->dns_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->dns_name)); - if (ndr_get_array_length(ndr, &r->dns_name) > ndr_get_array_size(ndr, &r->dns_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->dns_name), ndr_get_array_length(ndr, &r->dns_name)); + size_dns_name_1 = ndr_get_array_size(ndr, &r->dns_name); + length_dns_name_1 = ndr_get_array_length(ndr, &r->dns_name); + if (length_dns_name_1 > size_dns_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_dns_name_1, length_dns_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->dns_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->dns_name, ndr_get_array_length(ndr, &r->dns_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_dns_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->dns_name, length_dns_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_dns_name_0, 0); } if (r->site_name) { @@ -6836,11 +6980,13 @@ static enum ndr_err_code ndr_pull_drsuapi_DsGetDCInfo3(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->site_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->site_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->site_name)); - if (ndr_get_array_length(ndr, &r->site_name) > ndr_get_array_size(ndr, &r->site_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->site_name), ndr_get_array_length(ndr, &r->site_name)); + size_site_name_1 = ndr_get_array_size(ndr, &r->site_name); + length_site_name_1 = ndr_get_array_length(ndr, &r->site_name); + if (length_site_name_1 > size_site_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_site_name_1, length_site_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->site_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->site_name, ndr_get_array_length(ndr, &r->site_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_site_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->site_name, length_site_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_site_name_0, 0); } if (r->site_dn) { @@ -6848,11 +6994,13 @@ static enum ndr_err_code ndr_pull_drsuapi_DsGetDCInfo3(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->site_dn, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->site_dn)); NDR_CHECK(ndr_pull_array_length(ndr, &r->site_dn)); - if (ndr_get_array_length(ndr, &r->site_dn) > ndr_get_array_size(ndr, &r->site_dn)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->site_dn), ndr_get_array_length(ndr, &r->site_dn)); + size_site_dn_1 = ndr_get_array_size(ndr, &r->site_dn); + length_site_dn_1 = ndr_get_array_length(ndr, &r->site_dn); + if (length_site_dn_1 > size_site_dn_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_site_dn_1, length_site_dn_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->site_dn), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->site_dn, ndr_get_array_length(ndr, &r->site_dn), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_site_dn_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->site_dn, length_site_dn_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_site_dn_0, 0); } if (r->computer_dn) { @@ -6860,11 +7008,13 @@ static enum ndr_err_code ndr_pull_drsuapi_DsGetDCInfo3(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->computer_dn, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->computer_dn)); NDR_CHECK(ndr_pull_array_length(ndr, &r->computer_dn)); - if (ndr_get_array_length(ndr, &r->computer_dn) > ndr_get_array_size(ndr, &r->computer_dn)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->computer_dn), ndr_get_array_length(ndr, &r->computer_dn)); + size_computer_dn_1 = ndr_get_array_size(ndr, &r->computer_dn); + length_computer_dn_1 = ndr_get_array_length(ndr, &r->computer_dn); + if (length_computer_dn_1 > size_computer_dn_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_computer_dn_1, length_computer_dn_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->computer_dn), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->computer_dn, ndr_get_array_length(ndr, &r->computer_dn), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_computer_dn_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->computer_dn, length_computer_dn_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_computer_dn_0, 0); } if (r->server_dn) { @@ -6872,11 +7022,13 @@ static enum ndr_err_code ndr_pull_drsuapi_DsGetDCInfo3(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->server_dn, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->server_dn)); NDR_CHECK(ndr_pull_array_length(ndr, &r->server_dn)); - if (ndr_get_array_length(ndr, &r->server_dn) > ndr_get_array_size(ndr, &r->server_dn)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->server_dn), ndr_get_array_length(ndr, &r->server_dn)); + size_server_dn_1 = ndr_get_array_size(ndr, &r->server_dn); + length_server_dn_1 = ndr_get_array_length(ndr, &r->server_dn); + if (length_server_dn_1 > size_server_dn_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_dn_1, length_server_dn_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->server_dn), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->server_dn, ndr_get_array_length(ndr, &r->server_dn), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_dn_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->server_dn, length_server_dn_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_dn_0, 0); } if (r->ntds_dn) { @@ -6884,11 +7036,13 @@ static enum ndr_err_code ndr_pull_drsuapi_DsGetDCInfo3(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->ntds_dn, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->ntds_dn)); NDR_CHECK(ndr_pull_array_length(ndr, &r->ntds_dn)); - if (ndr_get_array_length(ndr, &r->ntds_dn) > ndr_get_array_size(ndr, &r->ntds_dn)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->ntds_dn), ndr_get_array_length(ndr, &r->ntds_dn)); + size_ntds_dn_1 = ndr_get_array_size(ndr, &r->ntds_dn); + length_ntds_dn_1 = ndr_get_array_length(ndr, &r->ntds_dn); + if (length_ntds_dn_1 > size_ntds_dn_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_ntds_dn_1, length_ntds_dn_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->ntds_dn), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->ntds_dn, ndr_get_array_length(ndr, &r->ntds_dn), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_ntds_dn_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->ntds_dn, length_ntds_dn_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_ntds_dn_0, 0); } } @@ -6977,6 +7131,7 @@ static enum ndr_err_code ndr_push_drsuapi_DsGetDCInfoCtr3(struct ndr_push *ndr, static enum ndr_err_code ndr_pull_drsuapi_DsGetDCInfoCtr3(struct ndr_pull *ndr, int ndr_flags, struct drsuapi_DsGetDCInfoCtr3 *r) { uint32_t _ptr_array; + uint32_t size_array_1 = 0; uint32_t cntr_array_1; TALLOC_CTX *_mem_save_array_0; TALLOC_CTX *_mem_save_array_1; @@ -6998,13 +7153,14 @@ static enum ndr_err_code ndr_pull_drsuapi_DsGetDCInfoCtr3(struct ndr_pull *ndr, _mem_save_array_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->array)); - NDR_PULL_ALLOC_N(ndr, r->array, ndr_get_array_size(ndr, &r->array)); + size_array_1 = ndr_get_array_size(ndr, &r->array); + NDR_PULL_ALLOC_N(ndr, r->array, size_array_1); _mem_save_array_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); - for (cntr_array_1 = 0; cntr_array_1 < r->count; cntr_array_1++) { + for (cntr_array_1 = 0; cntr_array_1 < size_array_1; cntr_array_1++) { NDR_CHECK(ndr_pull_drsuapi_DsGetDCInfo3(ndr, NDR_SCALARS, &r->array[cntr_array_1])); } - for (cntr_array_1 = 0; cntr_array_1 < r->count; cntr_array_1++) { + for (cntr_array_1 = 0; cntr_array_1 < size_array_1; cntr_array_1++) { NDR_CHECK(ndr_pull_drsuapi_DsGetDCInfo3(ndr, NDR_BUFFERS, &r->array[cntr_array_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_array_1, 0); @@ -7072,6 +7228,8 @@ static enum ndr_err_code ndr_push_drsuapi_DsGetDCConnection01(struct ndr_push *n static enum ndr_err_code ndr_pull_drsuapi_DsGetDCConnection01(struct ndr_pull *ndr, int ndr_flags, struct drsuapi_DsGetDCConnection01 *r) { uint32_t _ptr_client_account; + uint32_t size_client_account_1 = 0; + uint32_t length_client_account_1 = 0; TALLOC_CTX *_mem_save_client_account_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); @@ -7099,11 +7257,13 @@ static enum ndr_err_code ndr_pull_drsuapi_DsGetDCConnection01(struct ndr_pull *n NDR_PULL_SET_MEM_CTX(ndr, r->client_account, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->client_account)); NDR_CHECK(ndr_pull_array_length(ndr, &r->client_account)); - if (ndr_get_array_length(ndr, &r->client_account) > ndr_get_array_size(ndr, &r->client_account)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->client_account), ndr_get_array_length(ndr, &r->client_account)); + size_client_account_1 = ndr_get_array_size(ndr, &r->client_account); + length_client_account_1 = ndr_get_array_length(ndr, &r->client_account); + if (length_client_account_1 > size_client_account_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_client_account_1, length_client_account_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->client_account), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->client_account, ndr_get_array_length(ndr, &r->client_account), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_client_account_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->client_account, length_client_account_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_client_account_0, 0); } } @@ -7154,6 +7314,7 @@ static enum ndr_err_code ndr_push_drsuapi_DsGetDCConnectionCtr01(struct ndr_push static enum ndr_err_code ndr_pull_drsuapi_DsGetDCConnectionCtr01(struct ndr_pull *ndr, int ndr_flags, struct drsuapi_DsGetDCConnectionCtr01 *r) { uint32_t _ptr_array; + uint32_t size_array_1 = 0; uint32_t cntr_array_1; TALLOC_CTX *_mem_save_array_0; TALLOC_CTX *_mem_save_array_1; @@ -7175,13 +7336,14 @@ static enum ndr_err_code ndr_pull_drsuapi_DsGetDCConnectionCtr01(struct ndr_pull _mem_save_array_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->array)); - NDR_PULL_ALLOC_N(ndr, r->array, ndr_get_array_size(ndr, &r->array)); + size_array_1 = ndr_get_array_size(ndr, &r->array); + NDR_PULL_ALLOC_N(ndr, r->array, size_array_1); _mem_save_array_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); - for (cntr_array_1 = 0; cntr_array_1 < r->count; cntr_array_1++) { + for (cntr_array_1 = 0; cntr_array_1 < size_array_1; cntr_array_1++) { NDR_CHECK(ndr_pull_drsuapi_DsGetDCConnection01(ndr, NDR_SCALARS, &r->array[cntr_array_1])); } - for (cntr_array_1 = 0; cntr_array_1 < r->count; cntr_array_1++) { + for (cntr_array_1 = 0; cntr_array_1 < size_array_1; cntr_array_1++) { NDR_CHECK(ndr_pull_drsuapi_DsGetDCConnection01(ndr, NDR_BUFFERS, &r->array[cntr_array_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_array_1, 0); @@ -7560,6 +7722,7 @@ static enum ndr_err_code ndr_push_drsuapi_DsAddEntryExtraErrorBuffer(struct ndr_ static enum ndr_err_code ndr_pull_drsuapi_DsAddEntryExtraErrorBuffer(struct ndr_pull *ndr, int ndr_flags, struct drsuapi_DsAddEntryExtraErrorBuffer *r) { uint32_t _ptr_data; + uint32_t size_data_1 = 0; TALLOC_CTX *_mem_save_data_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); @@ -7579,8 +7742,9 @@ static enum ndr_err_code ndr_pull_drsuapi_DsAddEntryExtraErrorBuffer(struct ndr_ _mem_save_data_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->data, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->data)); - NDR_PULL_ALLOC_N(ndr, r->data, ndr_get_array_size(ndr, &r->data)); - NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->data, ndr_get_array_size(ndr, &r->data))); + size_data_1 = ndr_get_array_size(ndr, &r->data); + NDR_PULL_ALLOC_N(ndr, r->data, size_data_1); + NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->data, size_data_1)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_data_0, 0); } if (r->data) { @@ -8110,6 +8274,7 @@ static enum ndr_err_code ndr_pull_drsuapi_DsAddEntryCtr2(struct ndr_pull *ndr, i uint32_t _ptr_id; TALLOC_CTX *_mem_save_id_0; uint32_t _ptr_objects; + uint32_t size_objects_1 = 0; uint32_t cntr_objects_1; TALLOC_CTX *_mem_save_objects_0; TALLOC_CTX *_mem_save_objects_1; @@ -8145,13 +8310,14 @@ static enum ndr_err_code ndr_pull_drsuapi_DsAddEntryCtr2(struct ndr_pull *ndr, i _mem_save_objects_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->objects, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->objects)); - NDR_PULL_ALLOC_N(ndr, r->objects, ndr_get_array_size(ndr, &r->objects)); + size_objects_1 = ndr_get_array_size(ndr, &r->objects); + NDR_PULL_ALLOC_N(ndr, r->objects, size_objects_1); _mem_save_objects_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->objects, 0); - for (cntr_objects_1 = 0; cntr_objects_1 < r->count; cntr_objects_1++) { + for (cntr_objects_1 = 0; cntr_objects_1 < size_objects_1; cntr_objects_1++) { NDR_CHECK(ndr_pull_drsuapi_DsReplicaObjectIdentifier2(ndr, NDR_SCALARS, &r->objects[cntr_objects_1])); } - for (cntr_objects_1 = 0; cntr_objects_1 < r->count; cntr_objects_1++) { + for (cntr_objects_1 = 0; cntr_objects_1 < size_objects_1; cntr_objects_1++) { NDR_CHECK(ndr_pull_drsuapi_DsReplicaObjectIdentifier2(ndr, NDR_BUFFERS, &r->objects[cntr_objects_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_objects_1, 0); @@ -8235,6 +8401,7 @@ static enum ndr_err_code ndr_pull_drsuapi_DsAddEntryCtr3(struct ndr_pull *ndr, i uint32_t _ptr_error; TALLOC_CTX *_mem_save_error_0; uint32_t _ptr_objects; + uint32_t size_objects_1 = 0; uint32_t cntr_objects_1; TALLOC_CTX *_mem_save_objects_0; TALLOC_CTX *_mem_save_objects_1; @@ -8282,13 +8449,14 @@ static enum ndr_err_code ndr_pull_drsuapi_DsAddEntryCtr3(struct ndr_pull *ndr, i _mem_save_objects_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->objects, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->objects)); - NDR_PULL_ALLOC_N(ndr, r->objects, ndr_get_array_size(ndr, &r->objects)); + size_objects_1 = ndr_get_array_size(ndr, &r->objects); + NDR_PULL_ALLOC_N(ndr, r->objects, size_objects_1); _mem_save_objects_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->objects, 0); - for (cntr_objects_1 = 0; cntr_objects_1 < r->count; cntr_objects_1++) { + for (cntr_objects_1 = 0; cntr_objects_1 < size_objects_1; cntr_objects_1++) { NDR_CHECK(ndr_pull_drsuapi_DsReplicaObjectIdentifier2(ndr, NDR_SCALARS, &r->objects[cntr_objects_1])); } - for (cntr_objects_1 = 0; cntr_objects_1 < r->count; cntr_objects_1++) { + for (cntr_objects_1 = 0; cntr_objects_1 < size_objects_1; cntr_objects_1++) { NDR_CHECK(ndr_pull_drsuapi_DsReplicaObjectIdentifier2(ndr, NDR_BUFFERS, &r->objects[cntr_objects_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_objects_1, 0); @@ -8519,6 +8687,8 @@ static enum ndr_err_code ndr_push_drsuapi_DsReplicaGetInfoRequest1(struct ndr_pu static enum ndr_err_code ndr_pull_drsuapi_DsReplicaGetInfoRequest1(struct ndr_pull *ndr, int ndr_flags, struct drsuapi_DsReplicaGetInfoRequest1 *r) { uint32_t _ptr_object_dn; + uint32_t size_object_dn_1 = 0; + uint32_t length_object_dn_1 = 0; TALLOC_CTX *_mem_save_object_dn_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); @@ -8537,11 +8707,13 @@ static enum ndr_err_code ndr_pull_drsuapi_DsReplicaGetInfoRequest1(struct ndr_pu NDR_PULL_SET_MEM_CTX(ndr, r->object_dn, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->object_dn)); NDR_CHECK(ndr_pull_array_length(ndr, &r->object_dn)); - if (ndr_get_array_length(ndr, &r->object_dn) > ndr_get_array_size(ndr, &r->object_dn)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->object_dn), ndr_get_array_length(ndr, &r->object_dn)); + size_object_dn_1 = ndr_get_array_size(ndr, &r->object_dn); + length_object_dn_1 = ndr_get_array_length(ndr, &r->object_dn); + if (length_object_dn_1 > size_object_dn_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_object_dn_1, length_object_dn_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->object_dn), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->object_dn, ndr_get_array_length(ndr, &r->object_dn), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_object_dn_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->object_dn, length_object_dn_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_object_dn_0, 0); } } @@ -8601,10 +8773,16 @@ static enum ndr_err_code ndr_push_drsuapi_DsReplicaGetInfoRequest2(struct ndr_pu static enum ndr_err_code ndr_pull_drsuapi_DsReplicaGetInfoRequest2(struct ndr_pull *ndr, int ndr_flags, struct drsuapi_DsReplicaGetInfoRequest2 *r) { uint32_t _ptr_object_dn; + uint32_t size_object_dn_1 = 0; + uint32_t length_object_dn_1 = 0; TALLOC_CTX *_mem_save_object_dn_0; uint32_t _ptr_string1; + uint32_t size_string1_1 = 0; + uint32_t length_string1_1 = 0; TALLOC_CTX *_mem_save_string1_0; uint32_t _ptr_string2; + uint32_t size_string2_1 = 0; + uint32_t length_string2_1 = 0; TALLOC_CTX *_mem_save_string2_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); @@ -8637,11 +8815,13 @@ static enum ndr_err_code ndr_pull_drsuapi_DsReplicaGetInfoRequest2(struct ndr_pu NDR_PULL_SET_MEM_CTX(ndr, r->object_dn, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->object_dn)); NDR_CHECK(ndr_pull_array_length(ndr, &r->object_dn)); - if (ndr_get_array_length(ndr, &r->object_dn) > ndr_get_array_size(ndr, &r->object_dn)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->object_dn), ndr_get_array_length(ndr, &r->object_dn)); + size_object_dn_1 = ndr_get_array_size(ndr, &r->object_dn); + length_object_dn_1 = ndr_get_array_length(ndr, &r->object_dn); + if (length_object_dn_1 > size_object_dn_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_object_dn_1, length_object_dn_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->object_dn), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->object_dn, ndr_get_array_length(ndr, &r->object_dn), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_object_dn_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->object_dn, length_object_dn_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_object_dn_0, 0); } if (r->string1) { @@ -8649,11 +8829,13 @@ static enum ndr_err_code ndr_pull_drsuapi_DsReplicaGetInfoRequest2(struct ndr_pu NDR_PULL_SET_MEM_CTX(ndr, r->string1, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->string1)); NDR_CHECK(ndr_pull_array_length(ndr, &r->string1)); - if (ndr_get_array_length(ndr, &r->string1) > ndr_get_array_size(ndr, &r->string1)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->string1), ndr_get_array_length(ndr, &r->string1)); + size_string1_1 = ndr_get_array_size(ndr, &r->string1); + length_string1_1 = ndr_get_array_length(ndr, &r->string1); + if (length_string1_1 > size_string1_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_string1_1, length_string1_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->string1), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->string1, ndr_get_array_length(ndr, &r->string1), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_string1_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->string1, length_string1_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_string1_0, 0); } if (r->string2) { @@ -8661,11 +8843,13 @@ static enum ndr_err_code ndr_pull_drsuapi_DsReplicaGetInfoRequest2(struct ndr_pu NDR_PULL_SET_MEM_CTX(ndr, r->string2, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->string2)); NDR_CHECK(ndr_pull_array_length(ndr, &r->string2)); - if (ndr_get_array_length(ndr, &r->string2) > ndr_get_array_size(ndr, &r->string2)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->string2), ndr_get_array_length(ndr, &r->string2)); + size_string2_1 = ndr_get_array_size(ndr, &r->string2); + length_string2_1 = ndr_get_array_length(ndr, &r->string2); + if (length_string2_1 > size_string2_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_string2_1, length_string2_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->string2), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->string2, ndr_get_array_length(ndr, &r->string2), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_string2_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->string2, length_string2_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_string2_0, 0); } } @@ -8849,12 +9033,20 @@ static enum ndr_err_code ndr_push_drsuapi_DsReplicaNeighbour(struct ndr_push *nd static enum ndr_err_code ndr_pull_drsuapi_DsReplicaNeighbour(struct ndr_pull *ndr, int ndr_flags, struct drsuapi_DsReplicaNeighbour *r) { uint32_t _ptr_naming_context_dn; + uint32_t size_naming_context_dn_1 = 0; + uint32_t length_naming_context_dn_1 = 0; TALLOC_CTX *_mem_save_naming_context_dn_0; uint32_t _ptr_source_dsa_obj_dn; + uint32_t size_source_dsa_obj_dn_1 = 0; + uint32_t length_source_dsa_obj_dn_1 = 0; TALLOC_CTX *_mem_save_source_dsa_obj_dn_0; uint32_t _ptr_source_dsa_address; + uint32_t size_source_dsa_address_1 = 0; + uint32_t length_source_dsa_address_1 = 0; TALLOC_CTX *_mem_save_source_dsa_address_0; uint32_t _ptr_transport_obj_dn; + uint32_t size_transport_obj_dn_1 = 0; + uint32_t length_transport_obj_dn_1 = 0; TALLOC_CTX *_mem_save_transport_obj_dn_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 8)); @@ -8901,11 +9093,13 @@ static enum ndr_err_code ndr_pull_drsuapi_DsReplicaNeighbour(struct ndr_pull *nd NDR_PULL_SET_MEM_CTX(ndr, r->naming_context_dn, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->naming_context_dn)); NDR_CHECK(ndr_pull_array_length(ndr, &r->naming_context_dn)); - if (ndr_get_array_length(ndr, &r->naming_context_dn) > ndr_get_array_size(ndr, &r->naming_context_dn)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->naming_context_dn), ndr_get_array_length(ndr, &r->naming_context_dn)); + size_naming_context_dn_1 = ndr_get_array_size(ndr, &r->naming_context_dn); + length_naming_context_dn_1 = ndr_get_array_length(ndr, &r->naming_context_dn); + if (length_naming_context_dn_1 > size_naming_context_dn_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_naming_context_dn_1, length_naming_context_dn_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->naming_context_dn), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->naming_context_dn, ndr_get_array_length(ndr, &r->naming_context_dn), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_naming_context_dn_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->naming_context_dn, length_naming_context_dn_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_naming_context_dn_0, 0); } if (r->source_dsa_obj_dn) { @@ -8913,11 +9107,13 @@ static enum ndr_err_code ndr_pull_drsuapi_DsReplicaNeighbour(struct ndr_pull *nd NDR_PULL_SET_MEM_CTX(ndr, r->source_dsa_obj_dn, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->source_dsa_obj_dn)); NDR_CHECK(ndr_pull_array_length(ndr, &r->source_dsa_obj_dn)); - if (ndr_get_array_length(ndr, &r->source_dsa_obj_dn) > ndr_get_array_size(ndr, &r->source_dsa_obj_dn)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->source_dsa_obj_dn), ndr_get_array_length(ndr, &r->source_dsa_obj_dn)); + size_source_dsa_obj_dn_1 = ndr_get_array_size(ndr, &r->source_dsa_obj_dn); + length_source_dsa_obj_dn_1 = ndr_get_array_length(ndr, &r->source_dsa_obj_dn); + if (length_source_dsa_obj_dn_1 > size_source_dsa_obj_dn_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_source_dsa_obj_dn_1, length_source_dsa_obj_dn_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->source_dsa_obj_dn), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->source_dsa_obj_dn, ndr_get_array_length(ndr, &r->source_dsa_obj_dn), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_source_dsa_obj_dn_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->source_dsa_obj_dn, length_source_dsa_obj_dn_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_source_dsa_obj_dn_0, 0); } if (r->source_dsa_address) { @@ -8925,11 +9121,13 @@ static enum ndr_err_code ndr_pull_drsuapi_DsReplicaNeighbour(struct ndr_pull *nd NDR_PULL_SET_MEM_CTX(ndr, r->source_dsa_address, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->source_dsa_address)); NDR_CHECK(ndr_pull_array_length(ndr, &r->source_dsa_address)); - if (ndr_get_array_length(ndr, &r->source_dsa_address) > ndr_get_array_size(ndr, &r->source_dsa_address)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->source_dsa_address), ndr_get_array_length(ndr, &r->source_dsa_address)); + size_source_dsa_address_1 = ndr_get_array_size(ndr, &r->source_dsa_address); + length_source_dsa_address_1 = ndr_get_array_length(ndr, &r->source_dsa_address); + if (length_source_dsa_address_1 > size_source_dsa_address_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_source_dsa_address_1, length_source_dsa_address_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->source_dsa_address), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->source_dsa_address, ndr_get_array_length(ndr, &r->source_dsa_address), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_source_dsa_address_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->source_dsa_address, length_source_dsa_address_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_source_dsa_address_0, 0); } if (r->transport_obj_dn) { @@ -8937,11 +9135,13 @@ static enum ndr_err_code ndr_pull_drsuapi_DsReplicaNeighbour(struct ndr_pull *nd NDR_PULL_SET_MEM_CTX(ndr, r->transport_obj_dn, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->transport_obj_dn)); NDR_CHECK(ndr_pull_array_length(ndr, &r->transport_obj_dn)); - if (ndr_get_array_length(ndr, &r->transport_obj_dn) > ndr_get_array_size(ndr, &r->transport_obj_dn)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->transport_obj_dn), ndr_get_array_length(ndr, &r->transport_obj_dn)); + size_transport_obj_dn_1 = ndr_get_array_size(ndr, &r->transport_obj_dn); + length_transport_obj_dn_1 = ndr_get_array_length(ndr, &r->transport_obj_dn); + if (length_transport_obj_dn_1 > size_transport_obj_dn_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_transport_obj_dn_1, length_transport_obj_dn_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->transport_obj_dn), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->transport_obj_dn, ndr_get_array_length(ndr, &r->transport_obj_dn), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_transport_obj_dn_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->transport_obj_dn, length_transport_obj_dn_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_transport_obj_dn_0, 0); } } @@ -9013,6 +9213,7 @@ static enum ndr_err_code ndr_push_drsuapi_DsReplicaNeighbourCtr(struct ndr_push static enum ndr_err_code ndr_pull_drsuapi_DsReplicaNeighbourCtr(struct ndr_pull *ndr, int ndr_flags, struct drsuapi_DsReplicaNeighbourCtr *r) { + uint32_t size_array_0 = 0; uint32_t cntr_array_0; TALLOC_CTX *_mem_save_array_0; if (ndr_flags & NDR_SCALARS) { @@ -9020,10 +9221,11 @@ static enum ndr_err_code ndr_pull_drsuapi_DsReplicaNeighbourCtr(struct ndr_pull NDR_CHECK(ndr_pull_align(ndr, 8)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->count)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->reserved)); - NDR_PULL_ALLOC_N(ndr, r->array, ndr_get_array_size(ndr, &r->array)); + size_array_0 = ndr_get_array_size(ndr, &r->array); + NDR_PULL_ALLOC_N(ndr, r->array, size_array_0); _mem_save_array_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); - for (cntr_array_0 = 0; cntr_array_0 < r->count; cntr_array_0++) { + for (cntr_array_0 = 0; cntr_array_0 < size_array_0; cntr_array_0++) { NDR_CHECK(ndr_pull_drsuapi_DsReplicaNeighbour(ndr, NDR_SCALARS, &r->array[cntr_array_0])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_array_0, 0); @@ -9032,9 +9234,10 @@ static enum ndr_err_code ndr_pull_drsuapi_DsReplicaNeighbourCtr(struct ndr_pull } } if (ndr_flags & NDR_BUFFERS) { + size_array_0 = ndr_get_array_size(ndr, &r->array); _mem_save_array_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); - for (cntr_array_0 = 0; cntr_array_0 < r->count; cntr_array_0++) { + for (cntr_array_0 = 0; cntr_array_0 < size_array_0; cntr_array_0++) { NDR_CHECK(ndr_pull_drsuapi_DsReplicaNeighbour(ndr, NDR_BUFFERS, &r->array[cntr_array_0])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_array_0, 0); @@ -9081,6 +9284,7 @@ static enum ndr_err_code ndr_push_drsuapi_DsReplicaCursorCtr(struct ndr_push *nd static enum ndr_err_code ndr_pull_drsuapi_DsReplicaCursorCtr(struct ndr_pull *ndr, int ndr_flags, struct drsuapi_DsReplicaCursorCtr *r) { + uint32_t size_array_0 = 0; uint32_t cntr_array_0; TALLOC_CTX *_mem_save_array_0; if (ndr_flags & NDR_SCALARS) { @@ -9088,10 +9292,11 @@ static enum ndr_err_code ndr_pull_drsuapi_DsReplicaCursorCtr(struct ndr_pull *nd NDR_CHECK(ndr_pull_align(ndr, 8)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->count)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->reserved)); - NDR_PULL_ALLOC_N(ndr, r->array, ndr_get_array_size(ndr, &r->array)); + size_array_0 = ndr_get_array_size(ndr, &r->array); + NDR_PULL_ALLOC_N(ndr, r->array, size_array_0); _mem_save_array_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); - for (cntr_array_0 = 0; cntr_array_0 < r->count; cntr_array_0++) { + for (cntr_array_0 = 0; cntr_array_0 < size_array_0; cntr_array_0++) { NDR_CHECK(ndr_pull_drsuapi_DsReplicaCursor(ndr, NDR_SCALARS, &r->array[cntr_array_0])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_array_0, 0); @@ -9149,6 +9354,8 @@ static enum ndr_err_code ndr_push_drsuapi_DsReplicaObjMetaData(struct ndr_push * static enum ndr_err_code ndr_pull_drsuapi_DsReplicaObjMetaData(struct ndr_pull *ndr, int ndr_flags, struct drsuapi_DsReplicaObjMetaData *r) { uint32_t _ptr_attribute_name; + uint32_t size_attribute_name_1 = 0; + uint32_t length_attribute_name_1 = 0; TALLOC_CTX *_mem_save_attribute_name_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 8)); @@ -9170,11 +9377,13 @@ static enum ndr_err_code ndr_pull_drsuapi_DsReplicaObjMetaData(struct ndr_pull * NDR_PULL_SET_MEM_CTX(ndr, r->attribute_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->attribute_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->attribute_name)); - if (ndr_get_array_length(ndr, &r->attribute_name) > ndr_get_array_size(ndr, &r->attribute_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->attribute_name), ndr_get_array_length(ndr, &r->attribute_name)); + size_attribute_name_1 = ndr_get_array_size(ndr, &r->attribute_name); + length_attribute_name_1 = ndr_get_array_length(ndr, &r->attribute_name); + if (length_attribute_name_1 > size_attribute_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_attribute_name_1, length_attribute_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->attribute_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->attribute_name, ndr_get_array_length(ndr, &r->attribute_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_attribute_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->attribute_name, length_attribute_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_attribute_name_0, 0); } } @@ -9221,6 +9430,7 @@ static enum ndr_err_code ndr_push_drsuapi_DsReplicaObjMetaDataCtr(struct ndr_pus static enum ndr_err_code ndr_pull_drsuapi_DsReplicaObjMetaDataCtr(struct ndr_pull *ndr, int ndr_flags, struct drsuapi_DsReplicaObjMetaDataCtr *r) { + uint32_t size_array_0 = 0; uint32_t cntr_array_0; TALLOC_CTX *_mem_save_array_0; if (ndr_flags & NDR_SCALARS) { @@ -9228,10 +9438,11 @@ static enum ndr_err_code ndr_pull_drsuapi_DsReplicaObjMetaDataCtr(struct ndr_pul NDR_CHECK(ndr_pull_align(ndr, 8)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->count)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->reserved)); - NDR_PULL_ALLOC_N(ndr, r->array, ndr_get_array_size(ndr, &r->array)); + size_array_0 = ndr_get_array_size(ndr, &r->array); + NDR_PULL_ALLOC_N(ndr, r->array, size_array_0); _mem_save_array_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); - for (cntr_array_0 = 0; cntr_array_0 < r->count; cntr_array_0++) { + for (cntr_array_0 = 0; cntr_array_0 < size_array_0; cntr_array_0++) { NDR_CHECK(ndr_pull_drsuapi_DsReplicaObjMetaData(ndr, NDR_SCALARS, &r->array[cntr_array_0])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_array_0, 0); @@ -9240,9 +9451,10 @@ static enum ndr_err_code ndr_pull_drsuapi_DsReplicaObjMetaDataCtr(struct ndr_pul } } if (ndr_flags & NDR_BUFFERS) { + size_array_0 = ndr_get_array_size(ndr, &r->array); _mem_save_array_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); - for (cntr_array_0 = 0; cntr_array_0 < r->count; cntr_array_0++) { + for (cntr_array_0 = 0; cntr_array_0 < size_array_0; cntr_array_0++) { NDR_CHECK(ndr_pull_drsuapi_DsReplicaObjMetaData(ndr, NDR_BUFFERS, &r->array[cntr_array_0])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_array_0, 0); @@ -9294,6 +9506,8 @@ static enum ndr_err_code ndr_push_drsuapi_DsReplicaKccDsaFailure(struct ndr_push static enum ndr_err_code ndr_pull_drsuapi_DsReplicaKccDsaFailure(struct ndr_pull *ndr, int ndr_flags, struct drsuapi_DsReplicaKccDsaFailure *r) { uint32_t _ptr_dsa_obj_dn; + uint32_t size_dsa_obj_dn_1 = 0; + uint32_t length_dsa_obj_dn_1 = 0; TALLOC_CTX *_mem_save_dsa_obj_dn_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); @@ -9314,11 +9528,13 @@ static enum ndr_err_code ndr_pull_drsuapi_DsReplicaKccDsaFailure(struct ndr_pull NDR_PULL_SET_MEM_CTX(ndr, r->dsa_obj_dn, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->dsa_obj_dn)); NDR_CHECK(ndr_pull_array_length(ndr, &r->dsa_obj_dn)); - if (ndr_get_array_length(ndr, &r->dsa_obj_dn) > ndr_get_array_size(ndr, &r->dsa_obj_dn)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->dsa_obj_dn), ndr_get_array_length(ndr, &r->dsa_obj_dn)); + size_dsa_obj_dn_1 = ndr_get_array_size(ndr, &r->dsa_obj_dn); + length_dsa_obj_dn_1 = ndr_get_array_length(ndr, &r->dsa_obj_dn); + if (length_dsa_obj_dn_1 > size_dsa_obj_dn_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_dsa_obj_dn_1, length_dsa_obj_dn_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->dsa_obj_dn), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->dsa_obj_dn, ndr_get_array_length(ndr, &r->dsa_obj_dn), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_dsa_obj_dn_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->dsa_obj_dn, length_dsa_obj_dn_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_dsa_obj_dn_0, 0); } } @@ -9364,6 +9580,7 @@ static enum ndr_err_code ndr_push_drsuapi_DsReplicaKccDsaFailuresCtr(struct ndr_ static enum ndr_err_code ndr_pull_drsuapi_DsReplicaKccDsaFailuresCtr(struct ndr_pull *ndr, int ndr_flags, struct drsuapi_DsReplicaKccDsaFailuresCtr *r) { + uint32_t size_array_0 = 0; uint32_t cntr_array_0; TALLOC_CTX *_mem_save_array_0; if (ndr_flags & NDR_SCALARS) { @@ -9371,10 +9588,11 @@ static enum ndr_err_code ndr_pull_drsuapi_DsReplicaKccDsaFailuresCtr(struct ndr_ NDR_CHECK(ndr_pull_align(ndr, 4)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->count)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->reserved)); - NDR_PULL_ALLOC_N(ndr, r->array, ndr_get_array_size(ndr, &r->array)); + size_array_0 = ndr_get_array_size(ndr, &r->array); + NDR_PULL_ALLOC_N(ndr, r->array, size_array_0); _mem_save_array_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); - for (cntr_array_0 = 0; cntr_array_0 < r->count; cntr_array_0++) { + for (cntr_array_0 = 0; cntr_array_0 < size_array_0; cntr_array_0++) { NDR_CHECK(ndr_pull_drsuapi_DsReplicaKccDsaFailure(ndr, NDR_SCALARS, &r->array[cntr_array_0])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_array_0, 0); @@ -9383,9 +9601,10 @@ static enum ndr_err_code ndr_pull_drsuapi_DsReplicaKccDsaFailuresCtr(struct ndr_ } } if (ndr_flags & NDR_BUFFERS) { + size_array_0 = ndr_get_array_size(ndr, &r->array); _mem_save_array_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); - for (cntr_array_0 = 0; cntr_array_0 < r->count; cntr_array_0++) { + for (cntr_array_0 = 0; cntr_array_0 < size_array_0; cntr_array_0++) { NDR_CHECK(ndr_pull_drsuapi_DsReplicaKccDsaFailure(ndr, NDR_BUFFERS, &r->array[cntr_array_0])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_array_0, 0); @@ -9636,10 +9855,16 @@ static enum ndr_err_code ndr_push_drsuapi_DsReplicaOp(struct ndr_push *ndr, int static enum ndr_err_code ndr_pull_drsuapi_DsReplicaOp(struct ndr_pull *ndr, int ndr_flags, struct drsuapi_DsReplicaOp *r) { uint32_t _ptr_nc_dn; + uint32_t size_nc_dn_1 = 0; + uint32_t length_nc_dn_1 = 0; TALLOC_CTX *_mem_save_nc_dn_0; uint32_t _ptr_remote_dsa_obj_dn; + uint32_t size_remote_dsa_obj_dn_1 = 0; + uint32_t length_remote_dsa_obj_dn_1 = 0; TALLOC_CTX *_mem_save_remote_dsa_obj_dn_0; uint32_t _ptr_remote_dsa_address; + uint32_t size_remote_dsa_address_1 = 0; + uint32_t length_remote_dsa_address_1 = 0; TALLOC_CTX *_mem_save_remote_dsa_address_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); @@ -9676,11 +9901,13 @@ static enum ndr_err_code ndr_pull_drsuapi_DsReplicaOp(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->nc_dn, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->nc_dn)); NDR_CHECK(ndr_pull_array_length(ndr, &r->nc_dn)); - if (ndr_get_array_length(ndr, &r->nc_dn) > ndr_get_array_size(ndr, &r->nc_dn)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->nc_dn), ndr_get_array_length(ndr, &r->nc_dn)); + size_nc_dn_1 = ndr_get_array_size(ndr, &r->nc_dn); + length_nc_dn_1 = ndr_get_array_length(ndr, &r->nc_dn); + if (length_nc_dn_1 > size_nc_dn_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_nc_dn_1, length_nc_dn_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->nc_dn), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->nc_dn, ndr_get_array_length(ndr, &r->nc_dn), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_nc_dn_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->nc_dn, length_nc_dn_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_nc_dn_0, 0); } if (r->remote_dsa_obj_dn) { @@ -9688,11 +9915,13 @@ static enum ndr_err_code ndr_pull_drsuapi_DsReplicaOp(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->remote_dsa_obj_dn, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->remote_dsa_obj_dn)); NDR_CHECK(ndr_pull_array_length(ndr, &r->remote_dsa_obj_dn)); - if (ndr_get_array_length(ndr, &r->remote_dsa_obj_dn) > ndr_get_array_size(ndr, &r->remote_dsa_obj_dn)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->remote_dsa_obj_dn), ndr_get_array_length(ndr, &r->remote_dsa_obj_dn)); + size_remote_dsa_obj_dn_1 = ndr_get_array_size(ndr, &r->remote_dsa_obj_dn); + length_remote_dsa_obj_dn_1 = ndr_get_array_length(ndr, &r->remote_dsa_obj_dn); + if (length_remote_dsa_obj_dn_1 > size_remote_dsa_obj_dn_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_remote_dsa_obj_dn_1, length_remote_dsa_obj_dn_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->remote_dsa_obj_dn), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->remote_dsa_obj_dn, ndr_get_array_length(ndr, &r->remote_dsa_obj_dn), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_remote_dsa_obj_dn_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->remote_dsa_obj_dn, length_remote_dsa_obj_dn_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_remote_dsa_obj_dn_0, 0); } if (r->remote_dsa_address) { @@ -9700,11 +9929,13 @@ static enum ndr_err_code ndr_pull_drsuapi_DsReplicaOp(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->remote_dsa_address, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->remote_dsa_address)); NDR_CHECK(ndr_pull_array_length(ndr, &r->remote_dsa_address)); - if (ndr_get_array_length(ndr, &r->remote_dsa_address) > ndr_get_array_size(ndr, &r->remote_dsa_address)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->remote_dsa_address), ndr_get_array_length(ndr, &r->remote_dsa_address)); + size_remote_dsa_address_1 = ndr_get_array_size(ndr, &r->remote_dsa_address); + length_remote_dsa_address_1 = ndr_get_array_length(ndr, &r->remote_dsa_address); + if (length_remote_dsa_address_1 > size_remote_dsa_address_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_remote_dsa_address_1, length_remote_dsa_address_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->remote_dsa_address), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->remote_dsa_address, ndr_get_array_length(ndr, &r->remote_dsa_address), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_remote_dsa_address_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->remote_dsa_address, length_remote_dsa_address_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_remote_dsa_address_0, 0); } } @@ -9766,6 +9997,7 @@ static enum ndr_err_code ndr_push_drsuapi_DsReplicaOpCtr(struct ndr_push *ndr, i static enum ndr_err_code ndr_pull_drsuapi_DsReplicaOpCtr(struct ndr_pull *ndr, int ndr_flags, struct drsuapi_DsReplicaOpCtr *r) { + uint32_t size_array_0 = 0; uint32_t cntr_array_0; TALLOC_CTX *_mem_save_array_0; if (ndr_flags & NDR_SCALARS) { @@ -9773,10 +10005,11 @@ static enum ndr_err_code ndr_pull_drsuapi_DsReplicaOpCtr(struct ndr_pull *ndr, i NDR_CHECK(ndr_pull_align(ndr, 4)); NDR_CHECK(ndr_pull_NTTIME(ndr, NDR_SCALARS, &r->time)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->count)); - NDR_PULL_ALLOC_N(ndr, r->array, ndr_get_array_size(ndr, &r->array)); + size_array_0 = ndr_get_array_size(ndr, &r->array); + NDR_PULL_ALLOC_N(ndr, r->array, size_array_0); _mem_save_array_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); - for (cntr_array_0 = 0; cntr_array_0 < r->count; cntr_array_0++) { + for (cntr_array_0 = 0; cntr_array_0 < size_array_0; cntr_array_0++) { NDR_CHECK(ndr_pull_drsuapi_DsReplicaOp(ndr, NDR_SCALARS, &r->array[cntr_array_0])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_array_0, 0); @@ -9785,9 +10018,10 @@ static enum ndr_err_code ndr_pull_drsuapi_DsReplicaOpCtr(struct ndr_pull *ndr, i } } if (ndr_flags & NDR_BUFFERS) { + size_array_0 = ndr_get_array_size(ndr, &r->array); _mem_save_array_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); - for (cntr_array_0 = 0; cntr_array_0 < r->count; cntr_array_0++) { + for (cntr_array_0 = 0; cntr_array_0 < size_array_0; cntr_array_0++) { NDR_CHECK(ndr_pull_drsuapi_DsReplicaOp(ndr, NDR_BUFFERS, &r->array[cntr_array_0])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_array_0, 0); @@ -9854,8 +10088,12 @@ static enum ndr_err_code ndr_push_drsuapi_DsReplicaAttrValMetaData(struct ndr_pu static enum ndr_err_code ndr_pull_drsuapi_DsReplicaAttrValMetaData(struct ndr_pull *ndr, int ndr_flags, struct drsuapi_DsReplicaAttrValMetaData *r) { uint32_t _ptr_attribute_name; + uint32_t size_attribute_name_1 = 0; + uint32_t length_attribute_name_1 = 0; TALLOC_CTX *_mem_save_attribute_name_0; uint32_t _ptr_object_dn; + uint32_t size_object_dn_1 = 0; + uint32_t length_object_dn_1 = 0; TALLOC_CTX *_mem_save_object_dn_0; uint32_t _ptr_binary; TALLOC_CTX *_mem_save_binary_0; @@ -9894,11 +10132,13 @@ static enum ndr_err_code ndr_pull_drsuapi_DsReplicaAttrValMetaData(struct ndr_pu NDR_PULL_SET_MEM_CTX(ndr, r->attribute_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->attribute_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->attribute_name)); - if (ndr_get_array_length(ndr, &r->attribute_name) > ndr_get_array_size(ndr, &r->attribute_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->attribute_name), ndr_get_array_length(ndr, &r->attribute_name)); + size_attribute_name_1 = ndr_get_array_size(ndr, &r->attribute_name); + length_attribute_name_1 = ndr_get_array_length(ndr, &r->attribute_name); + if (length_attribute_name_1 > size_attribute_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_attribute_name_1, length_attribute_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->attribute_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->attribute_name, ndr_get_array_length(ndr, &r->attribute_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_attribute_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->attribute_name, length_attribute_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_attribute_name_0, 0); } if (r->object_dn) { @@ -9906,11 +10146,13 @@ static enum ndr_err_code ndr_pull_drsuapi_DsReplicaAttrValMetaData(struct ndr_pu NDR_PULL_SET_MEM_CTX(ndr, r->object_dn, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->object_dn)); NDR_CHECK(ndr_pull_array_length(ndr, &r->object_dn)); - if (ndr_get_array_length(ndr, &r->object_dn) > ndr_get_array_size(ndr, &r->object_dn)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->object_dn), ndr_get_array_length(ndr, &r->object_dn)); + size_object_dn_1 = ndr_get_array_size(ndr, &r->object_dn); + length_object_dn_1 = ndr_get_array_length(ndr, &r->object_dn); + if (length_object_dn_1 > size_object_dn_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_object_dn_1, length_object_dn_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->object_dn), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->object_dn, ndr_get_array_length(ndr, &r->object_dn), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_object_dn_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->object_dn, length_object_dn_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_object_dn_0, 0); } if (r->binary) { @@ -9978,6 +10220,7 @@ static enum ndr_err_code ndr_push_drsuapi_DsReplicaAttrValMetaDataCtr(struct ndr static enum ndr_err_code ndr_pull_drsuapi_DsReplicaAttrValMetaDataCtr(struct ndr_pull *ndr, int ndr_flags, struct drsuapi_DsReplicaAttrValMetaDataCtr *r) { + uint32_t size_array_0 = 0; uint32_t cntr_array_0; TALLOC_CTX *_mem_save_array_0; if (ndr_flags & NDR_SCALARS) { @@ -9985,10 +10228,11 @@ static enum ndr_err_code ndr_pull_drsuapi_DsReplicaAttrValMetaDataCtr(struct ndr NDR_CHECK(ndr_pull_align(ndr, 8)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->count)); NDR_CHECK(ndr_pull_int32(ndr, NDR_SCALARS, &r->enumeration_context)); - NDR_PULL_ALLOC_N(ndr, r->array, ndr_get_array_size(ndr, &r->array)); + size_array_0 = ndr_get_array_size(ndr, &r->array); + NDR_PULL_ALLOC_N(ndr, r->array, size_array_0); _mem_save_array_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); - for (cntr_array_0 = 0; cntr_array_0 < r->count; cntr_array_0++) { + for (cntr_array_0 = 0; cntr_array_0 < size_array_0; cntr_array_0++) { NDR_CHECK(ndr_pull_drsuapi_DsReplicaAttrValMetaData(ndr, NDR_SCALARS, &r->array[cntr_array_0])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_array_0, 0); @@ -9997,9 +10241,10 @@ static enum ndr_err_code ndr_pull_drsuapi_DsReplicaAttrValMetaDataCtr(struct ndr } } if (ndr_flags & NDR_BUFFERS) { + size_array_0 = ndr_get_array_size(ndr, &r->array); _mem_save_array_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); - for (cntr_array_0 = 0; cntr_array_0 < r->count; cntr_array_0++) { + for (cntr_array_0 = 0; cntr_array_0 < size_array_0; cntr_array_0++) { NDR_CHECK(ndr_pull_drsuapi_DsReplicaAttrValMetaData(ndr, NDR_BUFFERS, &r->array[cntr_array_0])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_array_0, 0); @@ -10046,6 +10291,7 @@ static enum ndr_err_code ndr_push_drsuapi_DsReplicaCursor2Ctr(struct ndr_push *n static enum ndr_err_code ndr_pull_drsuapi_DsReplicaCursor2Ctr(struct ndr_pull *ndr, int ndr_flags, struct drsuapi_DsReplicaCursor2Ctr *r) { + uint32_t size_array_0 = 0; uint32_t cntr_array_0; TALLOC_CTX *_mem_save_array_0; if (ndr_flags & NDR_SCALARS) { @@ -10053,10 +10299,11 @@ static enum ndr_err_code ndr_pull_drsuapi_DsReplicaCursor2Ctr(struct ndr_pull *n NDR_CHECK(ndr_pull_align(ndr, 8)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->count)); NDR_CHECK(ndr_pull_int32(ndr, NDR_SCALARS, &r->enumeration_context)); - NDR_PULL_ALLOC_N(ndr, r->array, ndr_get_array_size(ndr, &r->array)); + size_array_0 = ndr_get_array_size(ndr, &r->array); + NDR_PULL_ALLOC_N(ndr, r->array, size_array_0); _mem_save_array_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); - for (cntr_array_0 = 0; cntr_array_0 < r->count; cntr_array_0++) { + for (cntr_array_0 = 0; cntr_array_0 < size_array_0; cntr_array_0++) { NDR_CHECK(ndr_pull_drsuapi_DsReplicaCursor2(ndr, NDR_SCALARS, &r->array[cntr_array_0])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_array_0, 0); @@ -10112,6 +10359,8 @@ static enum ndr_err_code ndr_push_drsuapi_DsReplicaCursor3(struct ndr_push *ndr, static enum ndr_err_code ndr_pull_drsuapi_DsReplicaCursor3(struct ndr_pull *ndr, int ndr_flags, struct drsuapi_DsReplicaCursor3 *r) { uint32_t _ptr_source_dsa_obj_dn; + uint32_t size_source_dsa_obj_dn_1 = 0; + uint32_t length_source_dsa_obj_dn_1 = 0; TALLOC_CTX *_mem_save_source_dsa_obj_dn_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 8)); @@ -10131,11 +10380,13 @@ static enum ndr_err_code ndr_pull_drsuapi_DsReplicaCursor3(struct ndr_pull *ndr, NDR_PULL_SET_MEM_CTX(ndr, r->source_dsa_obj_dn, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->source_dsa_obj_dn)); NDR_CHECK(ndr_pull_array_length(ndr, &r->source_dsa_obj_dn)); - if (ndr_get_array_length(ndr, &r->source_dsa_obj_dn) > ndr_get_array_size(ndr, &r->source_dsa_obj_dn)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->source_dsa_obj_dn), ndr_get_array_length(ndr, &r->source_dsa_obj_dn)); + size_source_dsa_obj_dn_1 = ndr_get_array_size(ndr, &r->source_dsa_obj_dn); + length_source_dsa_obj_dn_1 = ndr_get_array_length(ndr, &r->source_dsa_obj_dn); + if (length_source_dsa_obj_dn_1 > size_source_dsa_obj_dn_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_source_dsa_obj_dn_1, length_source_dsa_obj_dn_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->source_dsa_obj_dn), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->source_dsa_obj_dn, ndr_get_array_length(ndr, &r->source_dsa_obj_dn), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_source_dsa_obj_dn_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->source_dsa_obj_dn, length_source_dsa_obj_dn_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_source_dsa_obj_dn_0, 0); } } @@ -10180,6 +10431,7 @@ static enum ndr_err_code ndr_push_drsuapi_DsReplicaCursor3Ctr(struct ndr_push *n static enum ndr_err_code ndr_pull_drsuapi_DsReplicaCursor3Ctr(struct ndr_pull *ndr, int ndr_flags, struct drsuapi_DsReplicaCursor3Ctr *r) { + uint32_t size_array_0 = 0; uint32_t cntr_array_0; TALLOC_CTX *_mem_save_array_0; if (ndr_flags & NDR_SCALARS) { @@ -10187,10 +10439,11 @@ static enum ndr_err_code ndr_pull_drsuapi_DsReplicaCursor3Ctr(struct ndr_pull *n NDR_CHECK(ndr_pull_align(ndr, 8)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->count)); NDR_CHECK(ndr_pull_int32(ndr, NDR_SCALARS, &r->enumeration_context)); - NDR_PULL_ALLOC_N(ndr, r->array, ndr_get_array_size(ndr, &r->array)); + size_array_0 = ndr_get_array_size(ndr, &r->array); + NDR_PULL_ALLOC_N(ndr, r->array, size_array_0); _mem_save_array_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); - for (cntr_array_0 = 0; cntr_array_0 < r->count; cntr_array_0++) { + for (cntr_array_0 = 0; cntr_array_0 < size_array_0; cntr_array_0++) { NDR_CHECK(ndr_pull_drsuapi_DsReplicaCursor3(ndr, NDR_SCALARS, &r->array[cntr_array_0])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_array_0, 0); @@ -10199,9 +10452,10 @@ static enum ndr_err_code ndr_pull_drsuapi_DsReplicaCursor3Ctr(struct ndr_pull *n } } if (ndr_flags & NDR_BUFFERS) { + size_array_0 = ndr_get_array_size(ndr, &r->array); _mem_save_array_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); - for (cntr_array_0 = 0; cntr_array_0 < r->count; cntr_array_0++) { + for (cntr_array_0 = 0; cntr_array_0 < size_array_0; cntr_array_0++) { NDR_CHECK(ndr_pull_drsuapi_DsReplicaCursor3(ndr, NDR_BUFFERS, &r->array[cntr_array_0])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_array_0, 0); @@ -10261,8 +10515,12 @@ static enum ndr_err_code ndr_push_drsuapi_DsReplicaObjMetaData2(struct ndr_push static enum ndr_err_code ndr_pull_drsuapi_DsReplicaObjMetaData2(struct ndr_pull *ndr, int ndr_flags, struct drsuapi_DsReplicaObjMetaData2 *r) { uint32_t _ptr_attribute_name; + uint32_t size_attribute_name_1 = 0; + uint32_t length_attribute_name_1 = 0; TALLOC_CTX *_mem_save_attribute_name_0; uint32_t _ptr_originating_dsa_dn; + uint32_t size_originating_dsa_dn_1 = 0; + uint32_t length_originating_dsa_dn_1 = 0; TALLOC_CTX *_mem_save_originating_dsa_dn_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 8)); @@ -10290,11 +10548,13 @@ static enum ndr_err_code ndr_pull_drsuapi_DsReplicaObjMetaData2(struct ndr_pull NDR_PULL_SET_MEM_CTX(ndr, r->attribute_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->attribute_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->attribute_name)); - if (ndr_get_array_length(ndr, &r->attribute_name) > ndr_get_array_size(ndr, &r->attribute_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->attribute_name), ndr_get_array_length(ndr, &r->attribute_name)); + size_attribute_name_1 = ndr_get_array_size(ndr, &r->attribute_name); + length_attribute_name_1 = ndr_get_array_length(ndr, &r->attribute_name); + if (length_attribute_name_1 > size_attribute_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_attribute_name_1, length_attribute_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->attribute_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->attribute_name, ndr_get_array_length(ndr, &r->attribute_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_attribute_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->attribute_name, length_attribute_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_attribute_name_0, 0); } if (r->originating_dsa_dn) { @@ -10302,11 +10562,13 @@ static enum ndr_err_code ndr_pull_drsuapi_DsReplicaObjMetaData2(struct ndr_pull NDR_PULL_SET_MEM_CTX(ndr, r->originating_dsa_dn, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->originating_dsa_dn)); NDR_CHECK(ndr_pull_array_length(ndr, &r->originating_dsa_dn)); - if (ndr_get_array_length(ndr, &r->originating_dsa_dn) > ndr_get_array_size(ndr, &r->originating_dsa_dn)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->originating_dsa_dn), ndr_get_array_length(ndr, &r->originating_dsa_dn)); + size_originating_dsa_dn_1 = ndr_get_array_size(ndr, &r->originating_dsa_dn); + length_originating_dsa_dn_1 = ndr_get_array_length(ndr, &r->originating_dsa_dn); + if (length_originating_dsa_dn_1 > size_originating_dsa_dn_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_originating_dsa_dn_1, length_originating_dsa_dn_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->originating_dsa_dn), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->originating_dsa_dn, ndr_get_array_length(ndr, &r->originating_dsa_dn), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_originating_dsa_dn_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->originating_dsa_dn, length_originating_dsa_dn_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_originating_dsa_dn_0, 0); } } @@ -10359,6 +10621,7 @@ static enum ndr_err_code ndr_push_drsuapi_DsReplicaObjMetaData2Ctr(struct ndr_pu static enum ndr_err_code ndr_pull_drsuapi_DsReplicaObjMetaData2Ctr(struct ndr_pull *ndr, int ndr_flags, struct drsuapi_DsReplicaObjMetaData2Ctr *r) { + uint32_t size_array_0 = 0; uint32_t cntr_array_0; TALLOC_CTX *_mem_save_array_0; if (ndr_flags & NDR_SCALARS) { @@ -10366,10 +10629,11 @@ static enum ndr_err_code ndr_pull_drsuapi_DsReplicaObjMetaData2Ctr(struct ndr_pu NDR_CHECK(ndr_pull_align(ndr, 8)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->count)); NDR_CHECK(ndr_pull_int32(ndr, NDR_SCALARS, &r->enumeration_context)); - NDR_PULL_ALLOC_N(ndr, r->array, ndr_get_array_size(ndr, &r->array)); + size_array_0 = ndr_get_array_size(ndr, &r->array); + NDR_PULL_ALLOC_N(ndr, r->array, size_array_0); _mem_save_array_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); - for (cntr_array_0 = 0; cntr_array_0 < r->count; cntr_array_0++) { + for (cntr_array_0 = 0; cntr_array_0 < size_array_0; cntr_array_0++) { NDR_CHECK(ndr_pull_drsuapi_DsReplicaObjMetaData2(ndr, NDR_SCALARS, &r->array[cntr_array_0])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_array_0, 0); @@ -10378,9 +10642,10 @@ static enum ndr_err_code ndr_pull_drsuapi_DsReplicaObjMetaData2Ctr(struct ndr_pu } } if (ndr_flags & NDR_BUFFERS) { + size_array_0 = ndr_get_array_size(ndr, &r->array); _mem_save_array_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); - for (cntr_array_0 = 0; cntr_array_0 < r->count; cntr_array_0++) { + for (cntr_array_0 = 0; cntr_array_0 < size_array_0; cntr_array_0++) { NDR_CHECK(ndr_pull_drsuapi_DsReplicaObjMetaData2(ndr, NDR_BUFFERS, &r->array[cntr_array_0])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_array_0, 0); @@ -10454,12 +10719,18 @@ static enum ndr_err_code ndr_push_drsuapi_DsReplicaAttrValMetaData2(struct ndr_p static enum ndr_err_code ndr_pull_drsuapi_DsReplicaAttrValMetaData2(struct ndr_pull *ndr, int ndr_flags, struct drsuapi_DsReplicaAttrValMetaData2 *r) { uint32_t _ptr_attribute_name; + uint32_t size_attribute_name_1 = 0; + uint32_t length_attribute_name_1 = 0; TALLOC_CTX *_mem_save_attribute_name_0; uint32_t _ptr_object_dn; + uint32_t size_object_dn_1 = 0; + uint32_t length_object_dn_1 = 0; TALLOC_CTX *_mem_save_object_dn_0; uint32_t _ptr_binary; TALLOC_CTX *_mem_save_binary_0; uint32_t _ptr_originating_dsa_dn; + uint32_t size_originating_dsa_dn_1 = 0; + uint32_t length_originating_dsa_dn_1 = 0; TALLOC_CTX *_mem_save_originating_dsa_dn_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 8)); @@ -10502,11 +10773,13 @@ static enum ndr_err_code ndr_pull_drsuapi_DsReplicaAttrValMetaData2(struct ndr_p NDR_PULL_SET_MEM_CTX(ndr, r->attribute_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->attribute_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->attribute_name)); - if (ndr_get_array_length(ndr, &r->attribute_name) > ndr_get_array_size(ndr, &r->attribute_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->attribute_name), ndr_get_array_length(ndr, &r->attribute_name)); + size_attribute_name_1 = ndr_get_array_size(ndr, &r->attribute_name); + length_attribute_name_1 = ndr_get_array_length(ndr, &r->attribute_name); + if (length_attribute_name_1 > size_attribute_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_attribute_name_1, length_attribute_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->attribute_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->attribute_name, ndr_get_array_length(ndr, &r->attribute_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_attribute_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->attribute_name, length_attribute_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_attribute_name_0, 0); } if (r->object_dn) { @@ -10514,11 +10787,13 @@ static enum ndr_err_code ndr_pull_drsuapi_DsReplicaAttrValMetaData2(struct ndr_p NDR_PULL_SET_MEM_CTX(ndr, r->object_dn, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->object_dn)); NDR_CHECK(ndr_pull_array_length(ndr, &r->object_dn)); - if (ndr_get_array_length(ndr, &r->object_dn) > ndr_get_array_size(ndr, &r->object_dn)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->object_dn), ndr_get_array_length(ndr, &r->object_dn)); + size_object_dn_1 = ndr_get_array_size(ndr, &r->object_dn); + length_object_dn_1 = ndr_get_array_length(ndr, &r->object_dn); + if (length_object_dn_1 > size_object_dn_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_object_dn_1, length_object_dn_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->object_dn), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->object_dn, ndr_get_array_length(ndr, &r->object_dn), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_object_dn_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->object_dn, length_object_dn_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_object_dn_0, 0); } if (r->binary) { @@ -10532,11 +10807,13 @@ static enum ndr_err_code ndr_pull_drsuapi_DsReplicaAttrValMetaData2(struct ndr_p NDR_PULL_SET_MEM_CTX(ndr, r->originating_dsa_dn, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->originating_dsa_dn)); NDR_CHECK(ndr_pull_array_length(ndr, &r->originating_dsa_dn)); - if (ndr_get_array_length(ndr, &r->originating_dsa_dn) > ndr_get_array_size(ndr, &r->originating_dsa_dn)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->originating_dsa_dn), ndr_get_array_length(ndr, &r->originating_dsa_dn)); + size_originating_dsa_dn_1 = ndr_get_array_size(ndr, &r->originating_dsa_dn); + length_originating_dsa_dn_1 = ndr_get_array_length(ndr, &r->originating_dsa_dn); + if (length_originating_dsa_dn_1 > size_originating_dsa_dn_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_originating_dsa_dn_1, length_originating_dsa_dn_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->originating_dsa_dn), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->originating_dsa_dn, ndr_get_array_length(ndr, &r->originating_dsa_dn), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_originating_dsa_dn_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->originating_dsa_dn, length_originating_dsa_dn_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_originating_dsa_dn_0, 0); } } @@ -10604,6 +10881,7 @@ static enum ndr_err_code ndr_push_drsuapi_DsReplicaAttrValMetaData2Ctr(struct nd static enum ndr_err_code ndr_pull_drsuapi_DsReplicaAttrValMetaData2Ctr(struct ndr_pull *ndr, int ndr_flags, struct drsuapi_DsReplicaAttrValMetaData2Ctr *r) { + uint32_t size_array_0 = 0; uint32_t cntr_array_0; TALLOC_CTX *_mem_save_array_0; if (ndr_flags & NDR_SCALARS) { @@ -10611,10 +10889,11 @@ static enum ndr_err_code ndr_pull_drsuapi_DsReplicaAttrValMetaData2Ctr(struct nd NDR_CHECK(ndr_pull_align(ndr, 8)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->count)); NDR_CHECK(ndr_pull_int32(ndr, NDR_SCALARS, &r->enumeration_context)); - NDR_PULL_ALLOC_N(ndr, r->array, ndr_get_array_size(ndr, &r->array)); + size_array_0 = ndr_get_array_size(ndr, &r->array); + NDR_PULL_ALLOC_N(ndr, r->array, size_array_0); _mem_save_array_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); - for (cntr_array_0 = 0; cntr_array_0 < r->count; cntr_array_0++) { + for (cntr_array_0 = 0; cntr_array_0 < size_array_0; cntr_array_0++) { NDR_CHECK(ndr_pull_drsuapi_DsReplicaAttrValMetaData2(ndr, NDR_SCALARS, &r->array[cntr_array_0])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_array_0, 0); @@ -10623,9 +10902,10 @@ static enum ndr_err_code ndr_pull_drsuapi_DsReplicaAttrValMetaData2Ctr(struct nd } } if (ndr_flags & NDR_BUFFERS) { + size_array_0 = ndr_get_array_size(ndr, &r->array); _mem_save_array_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); - for (cntr_array_0 = 0; cntr_array_0 < r->count; cntr_array_0++) { + for (cntr_array_0 = 0; cntr_array_0 < size_array_0; cntr_array_0++) { NDR_CHECK(ndr_pull_drsuapi_DsReplicaAttrValMetaData2(ndr, NDR_BUFFERS, &r->array[cntr_array_0])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_array_0, 0); @@ -10730,6 +11010,7 @@ static enum ndr_err_code ndr_push_drsuapi_DsReplicaConnection04Ctr(struct ndr_pu static enum ndr_err_code ndr_pull_drsuapi_DsReplicaConnection04Ctr(struct ndr_pull *ndr, int ndr_flags, struct drsuapi_DsReplicaConnection04Ctr *r) { + uint32_t size_array_0 = 0; uint32_t cntr_array_0; TALLOC_CTX *_mem_save_array_0; if (ndr_flags & NDR_SCALARS) { @@ -10740,10 +11021,11 @@ static enum ndr_err_code ndr_pull_drsuapi_DsReplicaConnection04Ctr(struct ndr_pu return ndr_pull_error(ndr, NDR_ERR_RANGE, "value out of range"); } NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->reserved)); - NDR_PULL_ALLOC_N(ndr, r->array, ndr_get_array_size(ndr, &r->array)); + size_array_0 = ndr_get_array_size(ndr, &r->array); + NDR_PULL_ALLOC_N(ndr, r->array, size_array_0); _mem_save_array_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); - for (cntr_array_0 = 0; cntr_array_0 < r->count; cntr_array_0++) { + for (cntr_array_0 = 0; cntr_array_0 < size_array_0; cntr_array_0++) { NDR_CHECK(ndr_pull_drsuapi_DsReplicaConnection04(ndr, NDR_SCALARS, &r->array[cntr_array_0])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_array_0, 0); @@ -10803,6 +11085,8 @@ static enum ndr_err_code ndr_push_drsuapi_DsReplica06(struct ndr_push *ndr, int static enum ndr_err_code ndr_pull_drsuapi_DsReplica06(struct ndr_pull *ndr, int ndr_flags, struct drsuapi_DsReplica06 *r) { uint32_t _ptr_str1; + uint32_t size_str1_1 = 0; + uint32_t length_str1_1 = 0; TALLOC_CTX *_mem_save_str1_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 8)); @@ -10826,11 +11110,13 @@ static enum ndr_err_code ndr_pull_drsuapi_DsReplica06(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->str1, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->str1)); NDR_CHECK(ndr_pull_array_length(ndr, &r->str1)); - if (ndr_get_array_length(ndr, &r->str1) > ndr_get_array_size(ndr, &r->str1)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->str1), ndr_get_array_length(ndr, &r->str1)); + size_str1_1 = ndr_get_array_size(ndr, &r->str1); + length_str1_1 = ndr_get_array_length(ndr, &r->str1); + if (length_str1_1 > size_str1_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_str1_1, length_str1_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->str1), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->str1, ndr_get_array_length(ndr, &r->str1), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_str1_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->str1, length_str1_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_str1_0, 0); } } @@ -10879,6 +11165,7 @@ static enum ndr_err_code ndr_push_drsuapi_DsReplica06Ctr(struct ndr_push *ndr, i static enum ndr_err_code ndr_pull_drsuapi_DsReplica06Ctr(struct ndr_pull *ndr, int ndr_flags, struct drsuapi_DsReplica06Ctr *r) { + uint32_t size_array_0 = 0; uint32_t cntr_array_0; TALLOC_CTX *_mem_save_array_0; if (ndr_flags & NDR_SCALARS) { @@ -10889,10 +11176,11 @@ static enum ndr_err_code ndr_pull_drsuapi_DsReplica06Ctr(struct ndr_pull *ndr, i return ndr_pull_error(ndr, NDR_ERR_RANGE, "value out of range"); } NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->reserved)); - NDR_PULL_ALLOC_N(ndr, r->array, ndr_get_array_size(ndr, &r->array)); + size_array_0 = ndr_get_array_size(ndr, &r->array); + NDR_PULL_ALLOC_N(ndr, r->array, size_array_0); _mem_save_array_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); - for (cntr_array_0 = 0; cntr_array_0 < r->count; cntr_array_0++) { + for (cntr_array_0 = 0; cntr_array_0 < size_array_0; cntr_array_0++) { NDR_CHECK(ndr_pull_drsuapi_DsReplica06(ndr, NDR_SCALARS, &r->array[cntr_array_0])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_array_0, 0); @@ -10901,9 +11189,10 @@ static enum ndr_err_code ndr_pull_drsuapi_DsReplica06Ctr(struct ndr_pull *ndr, i } } if (ndr_flags & NDR_BUFFERS) { + size_array_0 = ndr_get_array_size(ndr, &r->array); _mem_save_array_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); - for (cntr_array_0 = 0; cntr_array_0 < r->count; cntr_array_0++) { + for (cntr_array_0 = 0; cntr_array_0 < size_array_0; cntr_array_0++) { NDR_CHECK(ndr_pull_drsuapi_DsReplica06(ndr, NDR_BUFFERS, &r->array[cntr_array_0])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_array_0, 0); @@ -11106,20 +11395,35 @@ static enum ndr_err_code ndr_pull_drsuapi_DsReplicaInfo(struct ndr_pull *ndr, in int level; uint32_t _level; TALLOC_CTX *_mem_save_neighbours_0; + uint32_t _ptr_neighbours; TALLOC_CTX *_mem_save_cursors_0; + uint32_t _ptr_cursors; TALLOC_CTX *_mem_save_objmetadata_0; + uint32_t _ptr_objmetadata; TALLOC_CTX *_mem_save_connectfailures_0; + uint32_t _ptr_connectfailures; TALLOC_CTX *_mem_save_linkfailures_0; + uint32_t _ptr_linkfailures; TALLOC_CTX *_mem_save_pendingops_0; + uint32_t _ptr_pendingops; TALLOC_CTX *_mem_save_attrvalmetadata_0; + uint32_t _ptr_attrvalmetadata; TALLOC_CTX *_mem_save_cursors2_0; + uint32_t _ptr_cursors2; TALLOC_CTX *_mem_save_cursors3_0; + uint32_t _ptr_cursors3; TALLOC_CTX *_mem_save_objmetadata2_0; + uint32_t _ptr_objmetadata2; TALLOC_CTX *_mem_save_attrvalmetadata2_0; + uint32_t _ptr_attrvalmetadata2; TALLOC_CTX *_mem_save_neighbours02_0; + uint32_t _ptr_neighbours02; TALLOC_CTX *_mem_save_connections04_0; + uint32_t _ptr_connections04; TALLOC_CTX *_mem_save_cursors05_0; + uint32_t _ptr_cursors05; TALLOC_CTX *_mem_save_i06_0; + uint32_t _ptr_i06; level = ndr_pull_get_switch_value(ndr, r); if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &_level)); @@ -11128,7 +11432,6 @@ static enum ndr_err_code ndr_pull_drsuapi_DsReplicaInfo(struct ndr_pull *ndr, in } switch (level) { case DRSUAPI_DS_REPLICA_INFO_NEIGHBORS: { - uint32_t _ptr_neighbours; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_neighbours)); if (_ptr_neighbours) { NDR_PULL_ALLOC(ndr, r->neighbours); @@ -11138,7 +11441,6 @@ static enum ndr_err_code ndr_pull_drsuapi_DsReplicaInfo(struct ndr_pull *ndr, in break; } case DRSUAPI_DS_REPLICA_INFO_CURSORS: { - uint32_t _ptr_cursors; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_cursors)); if (_ptr_cursors) { NDR_PULL_ALLOC(ndr, r->cursors); @@ -11148,7 +11450,6 @@ static enum ndr_err_code ndr_pull_drsuapi_DsReplicaInfo(struct ndr_pull *ndr, in break; } case DRSUAPI_DS_REPLICA_INFO_OBJ_METADATA: { - uint32_t _ptr_objmetadata; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_objmetadata)); if (_ptr_objmetadata) { NDR_PULL_ALLOC(ndr, r->objmetadata); @@ -11158,7 +11459,6 @@ static enum ndr_err_code ndr_pull_drsuapi_DsReplicaInfo(struct ndr_pull *ndr, in break; } case DRSUAPI_DS_REPLICA_INFO_KCC_DSA_CONNECT_FAILURES: { - uint32_t _ptr_connectfailures; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_connectfailures)); if (_ptr_connectfailures) { NDR_PULL_ALLOC(ndr, r->connectfailures); @@ -11168,7 +11468,6 @@ static enum ndr_err_code ndr_pull_drsuapi_DsReplicaInfo(struct ndr_pull *ndr, in break; } case DRSUAPI_DS_REPLICA_INFO_KCC_DSA_LINK_FAILURES: { - uint32_t _ptr_linkfailures; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_linkfailures)); if (_ptr_linkfailures) { NDR_PULL_ALLOC(ndr, r->linkfailures); @@ -11178,7 +11477,6 @@ static enum ndr_err_code ndr_pull_drsuapi_DsReplicaInfo(struct ndr_pull *ndr, in break; } case DRSUAPI_DS_REPLICA_INFO_PENDING_OPS: { - uint32_t _ptr_pendingops; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_pendingops)); if (_ptr_pendingops) { NDR_PULL_ALLOC(ndr, r->pendingops); @@ -11188,7 +11486,6 @@ static enum ndr_err_code ndr_pull_drsuapi_DsReplicaInfo(struct ndr_pull *ndr, in break; } case DRSUAPI_DS_REPLICA_INFO_ATTRIBUTE_VALUE_METADATA: { - uint32_t _ptr_attrvalmetadata; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_attrvalmetadata)); if (_ptr_attrvalmetadata) { NDR_PULL_ALLOC(ndr, r->attrvalmetadata); @@ -11198,7 +11495,6 @@ static enum ndr_err_code ndr_pull_drsuapi_DsReplicaInfo(struct ndr_pull *ndr, in break; } case DRSUAPI_DS_REPLICA_INFO_CURSORS2: { - uint32_t _ptr_cursors2; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_cursors2)); if (_ptr_cursors2) { NDR_PULL_ALLOC(ndr, r->cursors2); @@ -11208,7 +11504,6 @@ static enum ndr_err_code ndr_pull_drsuapi_DsReplicaInfo(struct ndr_pull *ndr, in break; } case DRSUAPI_DS_REPLICA_INFO_CURSORS3: { - uint32_t _ptr_cursors3; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_cursors3)); if (_ptr_cursors3) { NDR_PULL_ALLOC(ndr, r->cursors3); @@ -11218,7 +11513,6 @@ static enum ndr_err_code ndr_pull_drsuapi_DsReplicaInfo(struct ndr_pull *ndr, in break; } case DRSUAPI_DS_REPLICA_INFO_OBJ_METADATA2: { - uint32_t _ptr_objmetadata2; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_objmetadata2)); if (_ptr_objmetadata2) { NDR_PULL_ALLOC(ndr, r->objmetadata2); @@ -11228,7 +11522,6 @@ static enum ndr_err_code ndr_pull_drsuapi_DsReplicaInfo(struct ndr_pull *ndr, in break; } case DRSUAPI_DS_REPLICA_INFO_ATTRIBUTE_VALUE_METADATA2: { - uint32_t _ptr_attrvalmetadata2; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_attrvalmetadata2)); if (_ptr_attrvalmetadata2) { NDR_PULL_ALLOC(ndr, r->attrvalmetadata2); @@ -11238,7 +11531,6 @@ static enum ndr_err_code ndr_pull_drsuapi_DsReplicaInfo(struct ndr_pull *ndr, in break; } case DRSUAPI_DS_REPLICA_INFO_NEIGHBORS02: { - uint32_t _ptr_neighbours02; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_neighbours02)); if (_ptr_neighbours02) { NDR_PULL_ALLOC(ndr, r->neighbours02); @@ -11248,7 +11540,6 @@ static enum ndr_err_code ndr_pull_drsuapi_DsReplicaInfo(struct ndr_pull *ndr, in break; } case DRSUAPI_DS_REPLICA_INFO_CONNECTIONS04: { - uint32_t _ptr_connections04; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_connections04)); if (_ptr_connections04) { NDR_PULL_ALLOC(ndr, r->connections04); @@ -11258,7 +11549,6 @@ static enum ndr_err_code ndr_pull_drsuapi_DsReplicaInfo(struct ndr_pull *ndr, in break; } case DRSUAPI_DS_REPLICA_INFO_CURSORS05: { - uint32_t _ptr_cursors05; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_cursors05)); if (_ptr_cursors05) { NDR_PULL_ALLOC(ndr, r->cursors05); @@ -11268,7 +11558,6 @@ static enum ndr_err_code ndr_pull_drsuapi_DsReplicaInfo(struct ndr_pull *ndr, in break; } case DRSUAPI_DS_REPLICA_INFO_06: { - uint32_t _ptr_i06; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_i06)); if (_ptr_i06) { NDR_PULL_ALLOC(ndr, r->i06); @@ -11673,6 +11962,7 @@ static enum ndr_err_code ndr_push_drsuapi_DsGetMemberships2Request1(struct ndr_p static enum ndr_err_code ndr_pull_drsuapi_DsGetMemberships2Request1(struct ndr_pull *ndr, int ndr_flags, struct drsuapi_DsGetMemberships2Request1 *r) { uint32_t _ptr_req_array; + uint32_t size_req_array_1 = 0; uint32_t cntr_req_array_1; TALLOC_CTX *_mem_save_req_array_0; TALLOC_CTX *_mem_save_req_array_1; @@ -11695,10 +11985,11 @@ static enum ndr_err_code ndr_pull_drsuapi_DsGetMemberships2Request1(struct ndr_p _mem_save_req_array_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->req_array, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->req_array)); - NDR_PULL_ALLOC_N(ndr, r->req_array, ndr_get_array_size(ndr, &r->req_array)); + size_req_array_1 = ndr_get_array_size(ndr, &r->req_array); + NDR_PULL_ALLOC_N(ndr, r->req_array, size_req_array_1); _mem_save_req_array_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->req_array, 0); - for (cntr_req_array_1 = 0; cntr_req_array_1 < r->num_req; cntr_req_array_1++) { + for (cntr_req_array_1 = 0; cntr_req_array_1 < size_req_array_1; cntr_req_array_1++) { NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_req_array)); if (_ptr_req_array) { NDR_PULL_ALLOC(ndr, r->req_array[cntr_req_array_1]); @@ -11706,7 +11997,7 @@ static enum ndr_err_code ndr_pull_drsuapi_DsGetMemberships2Request1(struct ndr_p r->req_array[cntr_req_array_1] = NULL; } } - for (cntr_req_array_1 = 0; cntr_req_array_1 < r->num_req; cntr_req_array_1++) { + for (cntr_req_array_1 = 0; cntr_req_array_1 < size_req_array_1; cntr_req_array_1++) { if (r->req_array[cntr_req_array_1]) { _mem_save_req_array_2 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->req_array[cntr_req_array_1], 0); @@ -11884,6 +12175,7 @@ static enum ndr_err_code ndr_push_drsuapi_QuerySitesByCostCtr1(struct ndr_push * static enum ndr_err_code ndr_pull_drsuapi_QuerySitesByCostCtr1(struct ndr_pull *ndr, int ndr_flags, struct drsuapi_QuerySitesByCostCtr1 *r) { uint32_t _ptr_info; + uint32_t size_info_1 = 0; uint32_t cntr_info_1; TALLOC_CTX *_mem_save_info_0; TALLOC_CTX *_mem_save_info_1; @@ -11906,10 +12198,11 @@ static enum ndr_err_code ndr_pull_drsuapi_QuerySitesByCostCtr1(struct ndr_pull * _mem_save_info_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->info, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->info)); - NDR_PULL_ALLOC_N(ndr, r->info, ndr_get_array_size(ndr, &r->info)); + size_info_1 = ndr_get_array_size(ndr, &r->info); + NDR_PULL_ALLOC_N(ndr, r->info, size_info_1); _mem_save_info_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->info, 0); - for (cntr_info_1 = 0; cntr_info_1 < r->num_info; cntr_info_1++) { + for (cntr_info_1 = 0; cntr_info_1 < size_info_1; cntr_info_1++) { NDR_CHECK(ndr_pull_drsuapi_DsSiteCostInfo(ndr, NDR_SCALARS, &r->info[cntr_info_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_info_1, 0); @@ -12060,9 +12353,14 @@ static enum ndr_err_code ndr_push_drsuapi_QuerySitesByCostRequest1(struct ndr_pu static enum ndr_err_code ndr_pull_drsuapi_QuerySitesByCostRequest1(struct ndr_pull *ndr, int ndr_flags, struct drsuapi_QuerySitesByCostRequest1 *r) { uint32_t _ptr_site_from; + uint32_t size_site_from_1 = 0; + uint32_t length_site_from_1 = 0; TALLOC_CTX *_mem_save_site_from_0; uint32_t _ptr_site_to; + uint32_t size_site_to_1 = 0; uint32_t cntr_site_to_1; + uint32_t size_site_to_3 = 0; + uint32_t length_site_to_3 = 0; TALLOC_CTX *_mem_save_site_to_0; TALLOC_CTX *_mem_save_site_to_1; TALLOC_CTX *_mem_save_site_to_2; @@ -12092,21 +12390,24 @@ static enum ndr_err_code ndr_pull_drsuapi_QuerySitesByCostRequest1(struct ndr_pu NDR_PULL_SET_MEM_CTX(ndr, r->site_from, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->site_from)); NDR_CHECK(ndr_pull_array_length(ndr, &r->site_from)); - if (ndr_get_array_length(ndr, &r->site_from) > ndr_get_array_size(ndr, &r->site_from)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->site_from), ndr_get_array_length(ndr, &r->site_from)); + size_site_from_1 = ndr_get_array_size(ndr, &r->site_from); + length_site_from_1 = ndr_get_array_length(ndr, &r->site_from); + if (length_site_from_1 > size_site_from_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_site_from_1, length_site_from_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->site_from), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->site_from, ndr_get_array_length(ndr, &r->site_from), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_site_from_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->site_from, length_site_from_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_site_from_0, 0); } if (r->site_to) { _mem_save_site_to_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->site_to, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->site_to)); - NDR_PULL_ALLOC_N(ndr, r->site_to, ndr_get_array_size(ndr, &r->site_to)); + size_site_to_1 = ndr_get_array_size(ndr, &r->site_to); + NDR_PULL_ALLOC_N(ndr, r->site_to, size_site_to_1); _mem_save_site_to_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->site_to, 0); - for (cntr_site_to_1 = 0; cntr_site_to_1 < r->num_req; cntr_site_to_1++) { + for (cntr_site_to_1 = 0; cntr_site_to_1 < size_site_to_1; cntr_site_to_1++) { NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_site_to)); if (_ptr_site_to) { NDR_PULL_ALLOC(ndr, r->site_to[cntr_site_to_1]); @@ -12114,17 +12415,19 @@ static enum ndr_err_code ndr_pull_drsuapi_QuerySitesByCostRequest1(struct ndr_pu r->site_to[cntr_site_to_1] = NULL; } } - for (cntr_site_to_1 = 0; cntr_site_to_1 < r->num_req; cntr_site_to_1++) { + for (cntr_site_to_1 = 0; cntr_site_to_1 < size_site_to_1; cntr_site_to_1++) { if (r->site_to[cntr_site_to_1]) { _mem_save_site_to_2 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->site_to[cntr_site_to_1], 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->site_to[cntr_site_to_1])); NDR_CHECK(ndr_pull_array_length(ndr, &r->site_to[cntr_site_to_1])); - if (ndr_get_array_length(ndr, &r->site_to[cntr_site_to_1]) > ndr_get_array_size(ndr, &r->site_to[cntr_site_to_1])) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->site_to[cntr_site_to_1]), ndr_get_array_length(ndr, &r->site_to[cntr_site_to_1])); + size_site_to_3 = ndr_get_array_size(ndr, &r->site_to[cntr_site_to_1]); + length_site_to_3 = ndr_get_array_length(ndr, &r->site_to[cntr_site_to_1]); + if (length_site_to_3 > size_site_to_3) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_site_to_3, length_site_to_3); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->site_to[cntr_site_to_1]), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->site_to[cntr_site_to_1], ndr_get_array_length(ndr, &r->site_to[cntr_site_to_1]), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_site_to_3, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->site_to[cntr_site_to_1], length_site_to_3, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_site_to_2, 0); } } diff --git a/source/librpc/gen_ndr/ndr_dssetup.c b/source/librpc/gen_ndr/ndr_dssetup.c index 0c02784..0660ea9 100644 --- a/source/librpc/gen_ndr/ndr_dssetup.c +++ b/source/librpc/gen_ndr/ndr_dssetup.c @@ -95,10 +95,16 @@ static enum ndr_err_code ndr_push_dssetup_DsRolePrimaryDomInfoBasic(struct ndr_p static enum ndr_err_code ndr_pull_dssetup_DsRolePrimaryDomInfoBasic(struct ndr_pull *ndr, int ndr_flags, struct dssetup_DsRolePrimaryDomInfoBasic *r) { uint32_t _ptr_domain; + uint32_t size_domain_1 = 0; + uint32_t length_domain_1 = 0; TALLOC_CTX *_mem_save_domain_0; uint32_t _ptr_dns_domain; + uint32_t size_dns_domain_1 = 0; + uint32_t length_dns_domain_1 = 0; TALLOC_CTX *_mem_save_dns_domain_0; uint32_t _ptr_forest; + uint32_t size_forest_1 = 0; + uint32_t length_forest_1 = 0; TALLOC_CTX *_mem_save_forest_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); @@ -130,11 +136,13 @@ static enum ndr_err_code ndr_pull_dssetup_DsRolePrimaryDomInfoBasic(struct ndr_p NDR_PULL_SET_MEM_CTX(ndr, r->domain, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->domain)); NDR_CHECK(ndr_pull_array_length(ndr, &r->domain)); - if (ndr_get_array_length(ndr, &r->domain) > ndr_get_array_size(ndr, &r->domain)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->domain), ndr_get_array_length(ndr, &r->domain)); + size_domain_1 = ndr_get_array_size(ndr, &r->domain); + length_domain_1 = ndr_get_array_length(ndr, &r->domain); + if (length_domain_1 > size_domain_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_domain_1, length_domain_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->domain), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->domain, ndr_get_array_length(ndr, &r->domain), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_domain_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->domain, length_domain_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_domain_0, 0); } if (r->dns_domain) { @@ -142,11 +150,13 @@ static enum ndr_err_code ndr_pull_dssetup_DsRolePrimaryDomInfoBasic(struct ndr_p NDR_PULL_SET_MEM_CTX(ndr, r->dns_domain, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->dns_domain)); NDR_CHECK(ndr_pull_array_length(ndr, &r->dns_domain)); - if (ndr_get_array_length(ndr, &r->dns_domain) > ndr_get_array_size(ndr, &r->dns_domain)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->dns_domain), ndr_get_array_length(ndr, &r->dns_domain)); + size_dns_domain_1 = ndr_get_array_size(ndr, &r->dns_domain); + length_dns_domain_1 = ndr_get_array_length(ndr, &r->dns_domain); + if (length_dns_domain_1 > size_dns_domain_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_dns_domain_1, length_dns_domain_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->dns_domain), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->dns_domain, ndr_get_array_length(ndr, &r->dns_domain), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_dns_domain_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->dns_domain, length_dns_domain_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_dns_domain_0, 0); } if (r->forest) { @@ -154,11 +164,13 @@ static enum ndr_err_code ndr_pull_dssetup_DsRolePrimaryDomInfoBasic(struct ndr_p NDR_PULL_SET_MEM_CTX(ndr, r->forest, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->forest)); NDR_CHECK(ndr_pull_array_length(ndr, &r->forest)); - if (ndr_get_array_length(ndr, &r->forest) > ndr_get_array_size(ndr, &r->forest)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->forest), ndr_get_array_length(ndr, &r->forest)); + size_forest_1 = ndr_get_array_size(ndr, &r->forest); + length_forest_1 = ndr_get_array_length(ndr, &r->forest); + if (length_forest_1 > size_forest_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_forest_1, length_forest_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->forest), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->forest, ndr_get_array_length(ndr, &r->forest), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_forest_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->forest, length_forest_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_forest_0, 0); } } diff --git a/source/librpc/gen_ndr/ndr_echo.c b/source/librpc/gen_ndr/ndr_echo.c index 93a8464..df87450 100644 --- a/source/librpc/gen_ndr/ndr_echo.c +++ b/source/librpc/gen_ndr/ndr_echo.c @@ -595,16 +595,18 @@ static enum ndr_err_code ndr_push_echo_Surrounding(struct ndr_push *ndr, int ndr static enum ndr_err_code ndr_pull_echo_Surrounding(struct ndr_pull *ndr, int ndr_flags, struct echo_Surrounding *r) { + uint32_t size_surrounding_0 = 0; uint32_t cntr_surrounding_0; TALLOC_CTX *_mem_save_surrounding_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_array_size(ndr, &r->surrounding)); NDR_CHECK(ndr_pull_align(ndr, 4)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->x)); - NDR_PULL_ALLOC_N(ndr, r->surrounding, ndr_get_array_size(ndr, &r->surrounding)); + size_surrounding_0 = ndr_get_array_size(ndr, &r->surrounding); + NDR_PULL_ALLOC_N(ndr, r->surrounding, size_surrounding_0); _mem_save_surrounding_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->surrounding, 0); - for (cntr_surrounding_0 = 0; cntr_surrounding_0 < r->x; cntr_surrounding_0++) { + for (cntr_surrounding_0 = 0; cntr_surrounding_0 < size_surrounding_0; cntr_surrounding_0++) { NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, &r->surrounding[cntr_surrounding_0])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_surrounding_0, 0); @@ -713,21 +715,25 @@ static enum ndr_err_code ndr_push_echo_EchoData(struct ndr_push *ndr, int flags, static enum ndr_err_code ndr_pull_echo_EchoData(struct ndr_pull *ndr, int flags, struct echo_EchoData *r) { + uint32_t size_in_data_0 = 0; + uint32_t size_out_data_0 = 0; if (flags & NDR_IN) { ZERO_STRUCT(r->out); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.len)); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.in_data)); - NDR_PULL_ALLOC_N(ndr, r->in.in_data, ndr_get_array_size(ndr, &r->in.in_data)); - NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->in.in_data, ndr_get_array_size(ndr, &r->in.in_data))); + size_in_data_0 = ndr_get_array_size(ndr, &r->in.in_data); + NDR_PULL_ALLOC_N(ndr, r->in.in_data, size_in_data_0); + NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->in.in_data, size_in_data_0)); if (r->in.in_data) { NDR_CHECK(ndr_check_array_size(ndr, (void*)&r->in.in_data, r->in.len)); } } if (flags & NDR_OUT) { NDR_CHECK(ndr_pull_array_size(ndr, &r->out.out_data)); - NDR_PULL_ALLOC_N(ndr, r->out.out_data, ndr_get_array_size(ndr, &r->out.out_data)); - NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->out.out_data, ndr_get_array_size(ndr, &r->out.out_data))); + size_out_data_0 = ndr_get_array_size(ndr, &r->out.out_data); + NDR_PULL_ALLOC_N(ndr, r->out.out_data, size_out_data_0); + NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->out.out_data, size_out_data_0)); if (r->out.out_data) { NDR_CHECK(ndr_check_array_size(ndr, (void*)&r->out.out_data, r->in.len)); } @@ -772,11 +778,13 @@ static enum ndr_err_code ndr_push_echo_SinkData(struct ndr_push *ndr, int flags, static enum ndr_err_code ndr_pull_echo_SinkData(struct ndr_pull *ndr, int flags, struct echo_SinkData *r) { + uint32_t size_data_0 = 0; if (flags & NDR_IN) { NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.len)); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.data)); - NDR_PULL_ALLOC_N(ndr, r->in.data, ndr_get_array_size(ndr, &r->in.data)); - NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->in.data, ndr_get_array_size(ndr, &r->in.data))); + size_data_0 = ndr_get_array_size(ndr, &r->in.data); + NDR_PULL_ALLOC_N(ndr, r->in.data, size_data_0); + NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->in.data, size_data_0)); if (r->in.data) { NDR_CHECK(ndr_check_array_size(ndr, (void*)&r->in.data, r->in.len)); } @@ -822,6 +830,7 @@ static enum ndr_err_code ndr_push_echo_SourceData(struct ndr_push *ndr, int flag static enum ndr_err_code ndr_pull_echo_SourceData(struct ndr_pull *ndr, int flags, struct echo_SourceData *r) { + uint32_t size_data_0 = 0; if (flags & NDR_IN) { ZERO_STRUCT(r->out); @@ -829,8 +838,9 @@ static enum ndr_err_code ndr_pull_echo_SourceData(struct ndr_pull *ndr, int flag } if (flags & NDR_OUT) { NDR_CHECK(ndr_pull_array_size(ndr, &r->out.data)); - NDR_PULL_ALLOC_N(ndr, r->out.data, ndr_get_array_size(ndr, &r->out.data)); - NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->out.data, ndr_get_array_size(ndr, &r->out.data))); + size_data_0 = ndr_get_array_size(ndr, &r->out.data); + NDR_PULL_ALLOC_N(ndr, r->out.data, size_data_0); + NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->out.data, size_data_0)); if (r->out.data) { NDR_CHECK(ndr_check_array_size(ndr, (void*)&r->out.data, r->in.len)); } @@ -888,7 +898,11 @@ static enum ndr_err_code ndr_push_echo_TestCall(struct ndr_push *ndr, int flags, static enum ndr_err_code ndr_pull_echo_TestCall(struct ndr_pull *ndr, int flags, struct echo_TestCall *r) { + uint32_t size_s1_1 = 0; + uint32_t length_s1_1 = 0; uint32_t _ptr_s2; + uint32_t size_s2_2 = 0; + uint32_t length_s2_2 = 0; TALLOC_CTX *_mem_save_s2_0; TALLOC_CTX *_mem_save_s2_1; if (flags & NDR_IN) { @@ -896,11 +910,13 @@ static enum ndr_err_code ndr_pull_echo_TestCall(struct ndr_pull *ndr, int flags, NDR_CHECK(ndr_pull_array_size(ndr, &r->in.s1)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.s1)); - if (ndr_get_array_length(ndr, &r->in.s1) > ndr_get_array_size(ndr, &r->in.s1)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.s1), ndr_get_array_length(ndr, &r->in.s1)); + size_s1_1 = ndr_get_array_size(ndr, &r->in.s1); + length_s1_1 = ndr_get_array_length(ndr, &r->in.s1); + if (length_s1_1 > size_s1_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_s1_1, length_s1_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.s1), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.s1, ndr_get_array_length(ndr, &r->in.s1), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_s1_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.s1, length_s1_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_ALLOC(ndr, r->out.s2); ZERO_STRUCTP(r->out.s2); } @@ -921,11 +937,13 @@ static enum ndr_err_code ndr_pull_echo_TestCall(struct ndr_pull *ndr, int flags, NDR_PULL_SET_MEM_CTX(ndr, *r->out.s2, 0); NDR_CHECK(ndr_pull_array_size(ndr, r->out.s2)); NDR_CHECK(ndr_pull_array_length(ndr, r->out.s2)); - if (ndr_get_array_length(ndr, r->out.s2) > ndr_get_array_size(ndr, r->out.s2)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, r->out.s2), ndr_get_array_length(ndr, r->out.s2)); + size_s2_2 = ndr_get_array_size(ndr, r->out.s2); + length_s2_2 = ndr_get_array_length(ndr, r->out.s2); + if (length_s2_2 > size_s2_2) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_s2_2, length_s2_2); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, r->out.s2), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, r->out.s2, ndr_get_array_length(ndr, r->out.s2), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_s2_2, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, r->out.s2, length_s2_2, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_s2_1, 0); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_s2_0, LIBNDR_FLAG_REF_ALLOC); diff --git a/source/librpc/gen_ndr/ndr_epmapper.c b/source/librpc/gen_ndr/ndr_epmapper.c index 0ffaba0..16fd596 100644 --- a/source/librpc/gen_ndr/ndr_epmapper.c +++ b/source/librpc/gen_ndr/ndr_epmapper.c @@ -1530,6 +1530,7 @@ static enum ndr_err_code ndr_push_epm_tower(struct ndr_push *ndr, int ndr_flags, static enum ndr_err_code ndr_pull_epm_tower(struct ndr_pull *ndr, int ndr_flags, struct epm_tower *r) { + uint32_t size_floors_0 = 0; uint32_t cntr_floors_0; TALLOC_CTX *_mem_save_floors_0; { @@ -1538,10 +1539,11 @@ static enum ndr_err_code ndr_pull_epm_tower(struct ndr_pull *ndr, int ndr_flags, if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 2)); NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, &r->num_floors)); - NDR_PULL_ALLOC_N(ndr, r->floors, r->num_floors); + size_floors_0 = r->num_floors; + NDR_PULL_ALLOC_N(ndr, r->floors, size_floors_0); _mem_save_floors_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->floors, 0); - for (cntr_floors_0 = 0; cntr_floors_0 < r->num_floors; cntr_floors_0++) { + for (cntr_floors_0 = 0; cntr_floors_0 < size_floors_0; cntr_floors_0++) { NDR_CHECK(ndr_pull_epm_floor(ndr, NDR_SCALARS, &r->floors[cntr_floors_0])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_floors_0, 0); @@ -1802,18 +1804,20 @@ static enum ndr_err_code ndr_push_epm_Insert(struct ndr_push *ndr, int flags, co static enum ndr_err_code ndr_pull_epm_Insert(struct ndr_pull *ndr, int flags, struct epm_Insert *r) { + uint32_t size_entries_0 = 0; uint32_t cntr_entries_0; TALLOC_CTX *_mem_save_entries_0; if (flags & NDR_IN) { NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.num_ents)); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.entries)); - NDR_PULL_ALLOC_N(ndr, r->in.entries, ndr_get_array_size(ndr, &r->in.entries)); + size_entries_0 = ndr_get_array_size(ndr, &r->in.entries); + NDR_PULL_ALLOC_N(ndr, r->in.entries, size_entries_0); _mem_save_entries_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->in.entries, 0); - for (cntr_entries_0 = 0; cntr_entries_0 < r->in.num_ents; cntr_entries_0++) { + for (cntr_entries_0 = 0; cntr_entries_0 < size_entries_0; cntr_entries_0++) { NDR_CHECK(ndr_pull_epm_entry_t(ndr, NDR_SCALARS, &r->in.entries[cntr_entries_0])); } - for (cntr_entries_0 = 0; cntr_entries_0 < r->in.num_ents; cntr_entries_0++) { + for (cntr_entries_0 = 0; cntr_entries_0 < size_entries_0; cntr_entries_0++) { NDR_CHECK(ndr_pull_epm_entry_t(ndr, NDR_BUFFERS, &r->in.entries[cntr_entries_0])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_entries_0, 0); @@ -1883,18 +1887,20 @@ static enum ndr_err_code ndr_push_epm_Delete(struct ndr_push *ndr, int flags, co static enum ndr_err_code ndr_pull_epm_Delete(struct ndr_pull *ndr, int flags, struct epm_Delete *r) { + uint32_t size_entries_0 = 0; uint32_t cntr_entries_0; TALLOC_CTX *_mem_save_entries_0; if (flags & NDR_IN) { NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.num_ents)); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.entries)); - NDR_PULL_ALLOC_N(ndr, r->in.entries, ndr_get_array_size(ndr, &r->in.entries)); + size_entries_0 = ndr_get_array_size(ndr, &r->in.entries); + NDR_PULL_ALLOC_N(ndr, r->in.entries, size_entries_0); _mem_save_entries_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->in.entries, 0); - for (cntr_entries_0 = 0; cntr_entries_0 < r->in.num_ents; cntr_entries_0++) { + for (cntr_entries_0 = 0; cntr_entries_0 < size_entries_0; cntr_entries_0++) { NDR_CHECK(ndr_pull_epm_entry_t(ndr, NDR_SCALARS, &r->in.entries[cntr_entries_0])); } - for (cntr_entries_0 = 0; cntr_entries_0 < r->in.num_ents; cntr_entries_0++) { + for (cntr_entries_0 = 0; cntr_entries_0 < size_entries_0; cntr_entries_0++) { NDR_CHECK(ndr_pull_epm_entry_t(ndr, NDR_BUFFERS, &r->in.entries[cntr_entries_0])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_entries_0, 0); @@ -1988,6 +1994,8 @@ static enum ndr_err_code ndr_pull_epm_Lookup(struct ndr_pull *ndr, int flags, st { uint32_t _ptr_object; uint32_t _ptr_interface_id; + uint32_t size_entries_0 = 0; + uint32_t length_entries_0 = 0; uint32_t cntr_entries_0; TALLOC_CTX *_mem_save_object_0; TALLOC_CTX *_mem_save_interface_id_0; @@ -2053,16 +2061,18 @@ static enum ndr_err_code ndr_pull_epm_Lookup(struct ndr_pull *ndr, int flags, st NDR_PULL_SET_MEM_CTX(ndr, _mem_save_num_ents_0, LIBNDR_FLAG_REF_ALLOC); NDR_CHECK(ndr_pull_array_size(ndr, &r->out.entries)); NDR_CHECK(ndr_pull_array_length(ndr, &r->out.entries)); - if (ndr_get_array_length(ndr, &r->out.entries) > ndr_get_array_size(ndr, &r->out.entries)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->out.entries), ndr_get_array_length(ndr, &r->out.entries)); + size_entries_0 = ndr_get_array_size(ndr, &r->out.entries); + length_entries_0 = ndr_get_array_length(ndr, &r->out.entries); + if (length_entries_0 > size_entries_0) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_entries_0, length_entries_0); } - NDR_PULL_ALLOC_N(ndr, r->out.entries, ndr_get_array_size(ndr, &r->out.entries)); + NDR_PULL_ALLOC_N(ndr, r->out.entries, size_entries_0); _mem_save_entries_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->out.entries, 0); - for (cntr_entries_0 = 0; cntr_entries_0 < *r->out.num_ents; cntr_entries_0++) { + for (cntr_entries_0 = 0; cntr_entries_0 < length_entries_0; cntr_entries_0++) { NDR_CHECK(ndr_pull_epm_entry_t(ndr, NDR_SCALARS, &r->out.entries[cntr_entries_0])); } - for (cntr_entries_0 = 0; cntr_entries_0 < *r->out.num_ents; cntr_entries_0++) { + for (cntr_entries_0 = 0; cntr_entries_0 < length_entries_0; cntr_entries_0++) { NDR_CHECK(ndr_pull_epm_entry_t(ndr, NDR_BUFFERS, &r->out.entries[cntr_entries_0])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_entries_0, 0); @@ -2181,6 +2191,8 @@ _PUBLIC_ enum ndr_err_code ndr_pull_epm_Map(struct ndr_pull *ndr, int flags, str { uint32_t _ptr_object; uint32_t _ptr_map_tower; + uint32_t size_towers_0 = 0; + uint32_t length_towers_0 = 0; uint32_t cntr_towers_0; TALLOC_CTX *_mem_save_object_0; TALLOC_CTX *_mem_save_map_tower_0; @@ -2244,16 +2256,18 @@ _PUBLIC_ enum ndr_err_code ndr_pull_epm_Map(struct ndr_pull *ndr, int flags, str NDR_PULL_SET_MEM_CTX(ndr, _mem_save_num_towers_0, LIBNDR_FLAG_REF_ALLOC); NDR_CHECK(ndr_pull_array_size(ndr, &r->out.towers)); NDR_CHECK(ndr_pull_array_length(ndr, &r->out.towers)); - if (ndr_get_array_length(ndr, &r->out.towers) > ndr_get_array_size(ndr, &r->out.towers)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->out.towers), ndr_get_array_length(ndr, &r->out.towers)); + size_towers_0 = ndr_get_array_size(ndr, &r->out.towers); + length_towers_0 = ndr_get_array_length(ndr, &r->out.towers); + if (length_towers_0 > size_towers_0) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_towers_0, length_towers_0); } - NDR_PULL_ALLOC_N(ndr, r->out.towers, ndr_get_array_size(ndr, &r->out.towers)); + NDR_PULL_ALLOC_N(ndr, r->out.towers, size_towers_0); _mem_save_towers_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->out.towers, 0); - for (cntr_towers_0 = 0; cntr_towers_0 < *r->out.num_towers; cntr_towers_0++) { + for (cntr_towers_0 = 0; cntr_towers_0 < length_towers_0; cntr_towers_0++) { NDR_CHECK(ndr_pull_epm_twr_p_t(ndr, NDR_SCALARS, &r->out.towers[cntr_towers_0])); } - for (cntr_towers_0 = 0; cntr_towers_0 < *r->out.num_towers; cntr_towers_0++) { + for (cntr_towers_0 = 0; cntr_towers_0 < length_towers_0; cntr_towers_0++) { NDR_CHECK(ndr_pull_epm_twr_p_t(ndr, NDR_BUFFERS, &r->out.towers[cntr_towers_0])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_towers_0, 0); diff --git a/source/librpc/gen_ndr/ndr_eventlog.c b/source/librpc/gen_ndr/ndr_eventlog.c index f0c7ee4..60ae875 100644 --- a/source/librpc/gen_ndr/ndr_eventlog.c +++ b/source/librpc/gen_ndr/ndr_eventlog.c @@ -93,6 +93,7 @@ _PUBLIC_ enum ndr_err_code ndr_push_eventlog_Record(struct ndr_push *ndr, int nd _PUBLIC_ enum ndr_err_code ndr_pull_eventlog_Record(struct ndr_pull *ndr, int ndr_flags, struct eventlog_Record *r) { + uint32_t size_strings_0 = 0; uint32_t cntr_strings_0; TALLOC_CTX *_mem_save_strings_0; if (ndr_flags & NDR_SCALARS) { @@ -128,10 +129,11 @@ _PUBLIC_ enum ndr_err_code ndr_pull_eventlog_Record(struct ndr_pull *ndr, int nd { uint32_t _flags_save_string = ndr->flags; ndr_set_flags(&ndr->flags, LIBNDR_FLAG_STR_NULLTERM); - NDR_PULL_ALLOC_N(ndr, r->strings, r->num_of_strings); + size_strings_0 = r->num_of_strings; + NDR_PULL_ALLOC_N(ndr, r->strings, size_strings_0); _mem_save_strings_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->strings, 0); - for (cntr_strings_0 = 0; cntr_strings_0 < r->num_of_strings; cntr_strings_0++) { + for (cntr_strings_0 = 0; cntr_strings_0 < size_strings_0; cntr_strings_0++) { NDR_CHECK(ndr_pull_string(ndr, NDR_SCALARS, &r->strings[cntr_strings_0])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_strings_0, 0); @@ -857,6 +859,7 @@ static enum ndr_err_code ndr_push_eventlog_ReadEventLogW(struct ndr_push *ndr, i static enum ndr_err_code ndr_pull_eventlog_ReadEventLogW(struct ndr_pull *ndr, int flags, struct eventlog_ReadEventLogW *r) { + uint32_t size_data_1 = 0; TALLOC_CTX *_mem_save_handle_0; TALLOC_CTX *_mem_save_sent_size_0; TALLOC_CTX *_mem_save_real_size_0; @@ -885,10 +888,11 @@ static enum ndr_err_code ndr_pull_eventlog_ReadEventLogW(struct ndr_pull *ndr, i } if (flags & NDR_OUT) { NDR_CHECK(ndr_pull_array_size(ndr, &r->out.data)); + size_data_1 = ndr_get_array_size(ndr, &r->out.data); if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) { - NDR_PULL_ALLOC_N(ndr, r->out.data, ndr_get_array_size(ndr, &r->out.data)); + NDR_PULL_ALLOC_N(ndr, r->out.data, size_data_1); } - NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->out.data, ndr_get_array_size(ndr, &r->out.data))); + NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->out.data, size_data_1)); if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) { NDR_PULL_ALLOC(ndr, r->out.sent_size); } diff --git a/source/librpc/gen_ndr/ndr_krb5pac.c b/source/librpc/gen_ndr/ndr_krb5pac.c index 6e06f90..6e1abad 100644 --- a/source/librpc/gen_ndr/ndr_krb5pac.c +++ b/source/librpc/gen_ndr/ndr_krb5pac.c @@ -21,11 +21,13 @@ static enum ndr_err_code ndr_push_PAC_LOGON_NAME(struct ndr_push *ndr, int ndr_f static enum ndr_err_code ndr_pull_PAC_LOGON_NAME(struct ndr_pull *ndr, int ndr_flags, struct PAC_LOGON_NAME *r) { + uint32_t size_account_name_0 = 0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); NDR_CHECK(ndr_pull_NTTIME(ndr, NDR_SCALARS, &r->logon_time)); NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, &r->size)); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->account_name, r->size, sizeof(uint8_t), CH_UTF16)); + size_account_name_0 = r->size; + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->account_name, size_account_name_0, sizeof(uint8_t), CH_UTF16)); } if (ndr_flags & NDR_BUFFERS) { } @@ -465,24 +467,27 @@ _PUBLIC_ enum ndr_err_code ndr_push_PAC_DATA(struct ndr_push *ndr, int ndr_flags _PUBLIC_ enum ndr_err_code ndr_pull_PAC_DATA(struct ndr_pull *ndr, int ndr_flags, struct PAC_DATA *r) { + uint32_t size_buffers_0 = 0; uint32_t cntr_buffers_0; TALLOC_CTX *_mem_save_buffers_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->num_buffers)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->version)); - NDR_PULL_ALLOC_N(ndr, r->buffers, r->num_buffers); + size_buffers_0 = r->num_buffers; + NDR_PULL_ALLOC_N(ndr, r->buffers, size_buffers_0); _mem_save_buffers_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->buffers, 0); - for (cntr_buffers_0 = 0; cntr_buffers_0 < r->num_buffers; cntr_buffers_0++) { + for (cntr_buffers_0 = 0; cntr_buffers_0 < size_buffers_0; cntr_buffers_0++) { NDR_CHECK(ndr_pull_PAC_BUFFER(ndr, NDR_SCALARS, &r->buffers[cntr_buffers_0])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_buffers_0, 0); } if (ndr_flags & NDR_BUFFERS) { + size_buffers_0 = r->num_buffers; _mem_save_buffers_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->buffers, 0); - for (cntr_buffers_0 = 0; cntr_buffers_0 < r->num_buffers; cntr_buffers_0++) { + for (cntr_buffers_0 = 0; cntr_buffers_0 < size_buffers_0; cntr_buffers_0++) { NDR_CHECK(ndr_pull_PAC_BUFFER(ndr, NDR_BUFFERS, &r->buffers[cntr_buffers_0])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_buffers_0, 0); @@ -627,24 +632,27 @@ _PUBLIC_ enum ndr_err_code ndr_push_PAC_DATA_RAW(struct ndr_push *ndr, int ndr_f _PUBLIC_ enum ndr_err_code ndr_pull_PAC_DATA_RAW(struct ndr_pull *ndr, int ndr_flags, struct PAC_DATA_RAW *r) { + uint32_t size_buffers_0 = 0; uint32_t cntr_buffers_0; TALLOC_CTX *_mem_save_buffers_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->num_buffers)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->version)); - NDR_PULL_ALLOC_N(ndr, r->buffers, r->num_buffers); + size_buffers_0 = r->num_buffers; + NDR_PULL_ALLOC_N(ndr, r->buffers, size_buffers_0); _mem_save_buffers_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->buffers, 0); - for (cntr_buffers_0 = 0; cntr_buffers_0 < r->num_buffers; cntr_buffers_0++) { + for (cntr_buffers_0 = 0; cntr_buffers_0 < size_buffers_0; cntr_buffers_0++) { NDR_CHECK(ndr_pull_PAC_BUFFER_RAW(ndr, NDR_SCALARS, &r->buffers[cntr_buffers_0])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_buffers_0, 0); } if (ndr_flags & NDR_BUFFERS) { + size_buffers_0 = r->num_buffers; _mem_save_buffers_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->buffers, 0); - for (cntr_buffers_0 = 0; cntr_buffers_0 < r->num_buffers; cntr_buffers_0++) { + for (cntr_buffers_0 = 0; cntr_buffers_0 < size_buffers_0; cntr_buffers_0++) { NDR_CHECK(ndr_pull_PAC_BUFFER_RAW(ndr, NDR_BUFFERS, &r->buffers[cntr_buffers_0])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_buffers_0, 0); diff --git a/source/librpc/gen_ndr/ndr_libnetapi.c b/source/librpc/gen_ndr/ndr_libnetapi.c index d7bf63e..d5d9d17 100644 --- a/source/librpc/gen_ndr/ndr_libnetapi.c +++ b/source/librpc/gen_ndr/ndr_libnetapi.c @@ -46,17 +46,21 @@ _PUBLIC_ enum ndr_err_code ndr_push_domsid(struct ndr_push *ndr, int ndr_flags, _PUBLIC_ enum ndr_err_code ndr_pull_domsid(struct ndr_pull *ndr, int ndr_flags, struct domsid *r) { + uint32_t size_id_auth_0 = 0; + uint32_t size_sub_auths_0 = 0; uint32_t cntr_sub_auths_0; TALLOC_CTX *_mem_save_sub_auths_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); NDR_CHECK(ndr_pull_uint8(ndr, NDR_SCALARS, &r->sid_rev_num)); NDR_CHECK(ndr_pull_uint8(ndr, NDR_SCALARS, &r->num_auths)); - NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->id_auth, 6)); - NDR_PULL_ALLOC_N(ndr, r->sub_auths, MAXSUBAUTHS); + size_id_auth_0 = 6; + NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->id_auth, size_id_auth_0)); + size_sub_auths_0 = MAXSUBAUTHS; + NDR_PULL_ALLOC_N(ndr, r->sub_auths, size_sub_auths_0); _mem_save_sub_auths_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->sub_auths, 0); - for (cntr_sub_auths_0 = 0; cntr_sub_auths_0 < MAXSUBAUTHS; cntr_sub_auths_0++) { + for (cntr_sub_auths_0 = 0; cntr_sub_auths_0 < size_sub_auths_0; cntr_sub_auths_0++) { NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->sub_auths[cntr_sub_auths_0])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_sub_auths_0, 0); @@ -1039,10 +1043,12 @@ _PUBLIC_ enum ndr_err_code ndr_push_USER_INFO_21(struct ndr_push *ndr, int ndr_f _PUBLIC_ enum ndr_err_code ndr_pull_USER_INFO_21(struct ndr_pull *ndr, int ndr_flags, struct USER_INFO_21 *r) { + uint32_t size_usri21_password_0 = 0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 1)); - NDR_PULL_ALLOC_N(ndr, r->usri21_password, ENCRYPTED_PWLEN); - NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->usri21_password, ENCRYPTED_PWLEN)); + size_usri21_password_0 = ENCRYPTED_PWLEN; + NDR_PULL_ALLOC_N(ndr, r->usri21_password, size_usri21_password_0); + NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->usri21_password, size_usri21_password_0)); } if (ndr_flags & NDR_BUFFERS) { } @@ -1096,13 +1102,15 @@ _PUBLIC_ enum ndr_err_code ndr_push_USER_INFO_22(struct ndr_push *ndr, int ndr_f _PUBLIC_ enum ndr_err_code ndr_pull_USER_INFO_22(struct ndr_pull *ndr, int ndr_flags, struct USER_INFO_22 *r) { + uint32_t size_usri22_password_0 = 0; uint32_t _ptr_usri22_logon_hours; TALLOC_CTX *_mem_save_usri22_logon_hours_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); NDR_CHECK(ndr_pull_string(ndr, NDR_SCALARS, &r->usri22_name)); - NDR_PULL_ALLOC_N(ndr, r->usri22_password, ENCRYPTED_PWLEN); - NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->usri22_password, ENCRYPTED_PWLEN)); + size_usri22_password_0 = ENCRYPTED_PWLEN; + NDR_PULL_ALLOC_N(ndr, r->usri22_password, size_usri22_password_0); + NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->usri22_password, size_usri22_password_0)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->usri22_password_age)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->usri22_priv)); NDR_CHECK(ndr_pull_string(ndr, NDR_SCALARS, &r->usri22_home_dir)); diff --git a/source/librpc/gen_ndr/ndr_lsa.c b/source/librpc/gen_ndr/ndr_lsa.c index 716984b..df58985 100644 --- a/source/librpc/gen_ndr/ndr_lsa.c +++ b/source/librpc/gen_ndr/ndr_lsa.c @@ -26,6 +26,8 @@ _PUBLIC_ enum ndr_err_code ndr_push_lsa_String(struct ndr_push *ndr, int ndr_fla _PUBLIC_ enum ndr_err_code ndr_pull_lsa_String(struct ndr_pull *ndr, int ndr_flags, struct lsa_String *r) { uint32_t _ptr_string; + uint32_t size_string_1 = 0; + uint32_t length_string_1 = 0; TALLOC_CTX *_mem_save_string_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); @@ -44,10 +46,12 @@ _PUBLIC_ enum ndr_err_code ndr_pull_lsa_String(struct ndr_pull *ndr, int ndr_fla NDR_PULL_SET_MEM_CTX(ndr, r->string, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->string)); NDR_CHECK(ndr_pull_array_length(ndr, &r->string)); - if (ndr_get_array_length(ndr, &r->string) > ndr_get_array_size(ndr, &r->string)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->string), ndr_get_array_length(ndr, &r->string)); + size_string_1 = ndr_get_array_size(ndr, &r->string); + length_string_1 = ndr_get_array_length(ndr, &r->string); + if (length_string_1 > size_string_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_string_1, length_string_1); } - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->string, ndr_get_array_length(ndr, &r->string), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->string, length_string_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_string_0, 0); } if (r->string) { @@ -97,6 +101,8 @@ _PUBLIC_ enum ndr_err_code ndr_push_lsa_StringLarge(struct ndr_push *ndr, int nd _PUBLIC_ enum ndr_err_code ndr_pull_lsa_StringLarge(struct ndr_pull *ndr, int ndr_flags, struct lsa_StringLarge *r) { uint32_t _ptr_string; + uint32_t size_string_1 = 0; + uint32_t length_string_1 = 0; TALLOC_CTX *_mem_save_string_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); @@ -115,10 +121,12 @@ _PUBLIC_ enum ndr_err_code ndr_pull_lsa_StringLarge(struct ndr_pull *ndr, int nd NDR_PULL_SET_MEM_CTX(ndr, r->string, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->string)); NDR_CHECK(ndr_pull_array_length(ndr, &r->string)); - if (ndr_get_array_length(ndr, &r->string) > ndr_get_array_size(ndr, &r->string)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->string), ndr_get_array_length(ndr, &r->string)); + size_string_1 = ndr_get_array_size(ndr, &r->string); + length_string_1 = ndr_get_array_length(ndr, &r->string); + if (length_string_1 > size_string_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_string_1, length_string_1); } - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->string, ndr_get_array_length(ndr, &r->string), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->string, length_string_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_string_0, 0); } if (r->string) { @@ -171,6 +179,7 @@ _PUBLIC_ enum ndr_err_code ndr_push_lsa_Strings(struct ndr_push *ndr, int ndr_fl _PUBLIC_ enum ndr_err_code ndr_pull_lsa_Strings(struct ndr_pull *ndr, int ndr_flags, struct lsa_Strings *r) { uint32_t _ptr_names; + uint32_t size_names_1 = 0; uint32_t cntr_names_1; TALLOC_CTX *_mem_save_names_0; TALLOC_CTX *_mem_save_names_1; @@ -189,13 +198,14 @@ _PUBLIC_ enum ndr_err_code ndr_pull_lsa_Strings(struct ndr_pull *ndr, int ndr_fl _mem_save_names_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->names, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->names)); - NDR_PULL_ALLOC_N(ndr, r->names, ndr_get_array_size(ndr, &r->names)); + size_names_1 = ndr_get_array_size(ndr, &r->names); + NDR_PULL_ALLOC_N(ndr, r->names, size_names_1); _mem_save_names_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->names, 0); - for (cntr_names_1 = 0; cntr_names_1 < r->count; cntr_names_1++) { + for (cntr_names_1 = 0; cntr_names_1 < size_names_1; cntr_names_1++) { NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_SCALARS, &r->names[cntr_names_1])); } - for (cntr_names_1 = 0; cntr_names_1 < r->count; cntr_names_1++) { + for (cntr_names_1 = 0; cntr_names_1 < size_names_1; cntr_names_1++) { NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_BUFFERS, &r->names[cntr_names_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_names_1, 0); @@ -254,6 +264,8 @@ _PUBLIC_ enum ndr_err_code ndr_push_lsa_AsciiString(struct ndr_push *ndr, int nd _PUBLIC_ enum ndr_err_code ndr_pull_lsa_AsciiString(struct ndr_pull *ndr, int ndr_flags, struct lsa_AsciiString *r) { uint32_t _ptr_string; + uint32_t size_string_1 = 0; + uint32_t length_string_1 = 0; TALLOC_CTX *_mem_save_string_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); @@ -272,10 +284,12 @@ _PUBLIC_ enum ndr_err_code ndr_pull_lsa_AsciiString(struct ndr_pull *ndr, int nd NDR_PULL_SET_MEM_CTX(ndr, r->string, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->string)); NDR_CHECK(ndr_pull_array_length(ndr, &r->string)); - if (ndr_get_array_length(ndr, &r->string) > ndr_get_array_size(ndr, &r->string)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->string), ndr_get_array_length(ndr, &r->string)); + size_string_1 = ndr_get_array_size(ndr, &r->string); + length_string_1 = ndr_get_array_length(ndr, &r->string); + if (length_string_1 > size_string_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_string_1, length_string_1); } - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->string, ndr_get_array_length(ndr, &r->string), sizeof(uint8_t), CH_DOS)); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->string, length_string_1, sizeof(uint8_t), CH_DOS)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_string_0, 0); } if (r->string) { @@ -325,6 +339,8 @@ _PUBLIC_ enum ndr_err_code ndr_push_lsa_AsciiStringLarge(struct ndr_push *ndr, i _PUBLIC_ enum ndr_err_code ndr_pull_lsa_AsciiStringLarge(struct ndr_pull *ndr, int ndr_flags, struct lsa_AsciiStringLarge *r) { uint32_t _ptr_string; + uint32_t size_string_1 = 0; + uint32_t length_string_1 = 0; TALLOC_CTX *_mem_save_string_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); @@ -343,10 +359,12 @@ _PUBLIC_ enum ndr_err_code ndr_pull_lsa_AsciiStringLarge(struct ndr_pull *ndr, i NDR_PULL_SET_MEM_CTX(ndr, r->string, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->string)); NDR_CHECK(ndr_pull_array_length(ndr, &r->string)); - if (ndr_get_array_length(ndr, &r->string) > ndr_get_array_size(ndr, &r->string)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->string), ndr_get_array_length(ndr, &r->string)); + size_string_1 = ndr_get_array_size(ndr, &r->string); + length_string_1 = ndr_get_array_length(ndr, &r->string); + if (length_string_1 > size_string_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_string_1, length_string_1); } - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->string, ndr_get_array_length(ndr, &r->string), sizeof(uint8_t), CH_DOS)); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->string, length_string_1, sizeof(uint8_t), CH_DOS)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_string_0, 0); } if (r->string) { @@ -399,6 +417,8 @@ _PUBLIC_ enum ndr_err_code ndr_push_lsa_BinaryString(struct ndr_push *ndr, int n _PUBLIC_ enum ndr_err_code ndr_pull_lsa_BinaryString(struct ndr_pull *ndr, int ndr_flags, struct lsa_BinaryString *r) { uint32_t _ptr_array; + uint32_t size_array_1 = 0; + uint32_t length_array_1 = 0; uint32_t cntr_array_1; TALLOC_CTX *_mem_save_array_0; TALLOC_CTX *_mem_save_array_1; @@ -419,13 +439,15 @@ _PUBLIC_ enum ndr_err_code ndr_pull_lsa_BinaryString(struct ndr_pull *ndr, int n NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->array)); NDR_CHECK(ndr_pull_array_length(ndr, &r->array)); - if (ndr_get_array_length(ndr, &r->array) > ndr_get_array_size(ndr, &r->array)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->array), ndr_get_array_length(ndr, &r->array)); + size_array_1 = ndr_get_array_size(ndr, &r->array); + length_array_1 = ndr_get_array_length(ndr, &r->array); + if (length_array_1 > size_array_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_array_1, length_array_1); } - NDR_PULL_ALLOC_N(ndr, r->array, ndr_get_array_size(ndr, &r->array)); + NDR_PULL_ALLOC_N(ndr, r->array, size_array_1); _mem_save_array_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); - for (cntr_array_1 = 0; cntr_array_1 < r->length / 2; cntr_array_1++) { + for (cntr_array_1 = 0; cntr_array_1 < length_array_1; cntr_array_1++) { NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, &r->array[cntr_array_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_array_1, 0); @@ -559,6 +581,7 @@ static enum ndr_err_code ndr_push_lsa_PrivArray(struct ndr_push *ndr, int ndr_fl static enum ndr_err_code ndr_pull_lsa_PrivArray(struct ndr_pull *ndr, int ndr_flags, struct lsa_PrivArray *r) { uint32_t _ptr_privs; + uint32_t size_privs_1 = 0; uint32_t cntr_privs_1; TALLOC_CTX *_mem_save_privs_0; TALLOC_CTX *_mem_save_privs_1; @@ -577,13 +600,14 @@ static enum ndr_err_code ndr_pull_lsa_PrivArray(struct ndr_pull *ndr, int ndr_fl _mem_save_privs_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->privs, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->privs)); - NDR_PULL_ALLOC_N(ndr, r->privs, ndr_get_array_size(ndr, &r->privs)); + size_privs_1 = ndr_get_array_size(ndr, &r->privs); + NDR_PULL_ALLOC_N(ndr, r->privs, size_privs_1); _mem_save_privs_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->privs, 0); - for (cntr_privs_1 = 0; cntr_privs_1 < r->count; cntr_privs_1++) { + for (cntr_privs_1 = 0; cntr_privs_1 < size_privs_1; cntr_privs_1++) { NDR_CHECK(ndr_pull_lsa_PrivEntry(ndr, NDR_SCALARS, &r->privs[cntr_privs_1])); } - for (cntr_privs_1 = 0; cntr_privs_1 < r->count; cntr_privs_1++) { + for (cntr_privs_1 = 0; cntr_privs_1 < size_privs_1; cntr_privs_1++) { NDR_CHECK(ndr_pull_lsa_PrivEntry(ndr, NDR_BUFFERS, &r->privs[cntr_privs_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_privs_1, 0); @@ -695,6 +719,8 @@ static enum ndr_err_code ndr_pull_lsa_ObjectAttribute(struct ndr_pull *ndr, int uint32_t _ptr_root_dir; TALLOC_CTX *_mem_save_root_dir_0; uint32_t _ptr_object_name; + uint32_t size_object_name_1 = 0; + uint32_t length_object_name_1 = 0; TALLOC_CTX *_mem_save_object_name_0; uint32_t _ptr_sec_desc; TALLOC_CTX *_mem_save_sec_desc_0; @@ -741,11 +767,13 @@ static enum ndr_err_code ndr_pull_lsa_ObjectAttribute(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->object_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->object_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->object_name)); - if (ndr_get_array_length(ndr, &r->object_name) > ndr_get_array_size(ndr, &r->object_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->object_name), ndr_get_array_length(ndr, &r->object_name)); + size_object_name_1 = ndr_get_array_size(ndr, &r->object_name); + length_object_name_1 = ndr_get_array_length(ndr, &r->object_name); + if (length_object_name_1 > size_object_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_object_name_1, length_object_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->object_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->object_name, ndr_get_array_length(ndr, &r->object_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_object_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->object_name, length_object_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_object_name_0, 0); } if (r->sec_desc) { @@ -929,6 +957,7 @@ static enum ndr_err_code ndr_push_lsa_AuditEventsInfo(struct ndr_push *ndr, int static enum ndr_err_code ndr_pull_lsa_AuditEventsInfo(struct ndr_pull *ndr, int ndr_flags, struct lsa_AuditEventsInfo *r) { uint32_t _ptr_settings; + uint32_t size_settings_1 = 0; uint32_t cntr_settings_1; TALLOC_CTX *_mem_save_settings_0; TALLOC_CTX *_mem_save_settings_1; @@ -948,10 +977,11 @@ static enum ndr_err_code ndr_pull_lsa_AuditEventsInfo(struct ndr_pull *ndr, int _mem_save_settings_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->settings, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->settings)); - NDR_PULL_ALLOC_N(ndr, r->settings, ndr_get_array_size(ndr, &r->settings)); + size_settings_1 = ndr_get_array_size(ndr, &r->settings); + NDR_PULL_ALLOC_N(ndr, r->settings, size_settings_1); _mem_save_settings_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->settings, 0); - for (cntr_settings_1 = 0; cntr_settings_1 < r->count; cntr_settings_1++) { + for (cntr_settings_1 = 0; cntr_settings_1 < size_settings_1; cntr_settings_1++) { NDR_CHECK(ndr_pull_lsa_PolicyAuditPolicy(ndr, NDR_SCALARS, &r->settings[cntr_settings_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_settings_1, 0); @@ -1754,6 +1784,7 @@ _PUBLIC_ enum ndr_err_code ndr_push_lsa_SidArray(struct ndr_push *ndr, int ndr_f _PUBLIC_ enum ndr_err_code ndr_pull_lsa_SidArray(struct ndr_pull *ndr, int ndr_flags, struct lsa_SidArray *r) { uint32_t _ptr_sids; + uint32_t size_sids_1 = 0; uint32_t cntr_sids_1; TALLOC_CTX *_mem_save_sids_0; TALLOC_CTX *_mem_save_sids_1; @@ -1775,13 +1806,14 @@ _PUBLIC_ enum ndr_err_code ndr_pull_lsa_SidArray(struct ndr_pull *ndr, int ndr_f _mem_save_sids_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->sids, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->sids)); - NDR_PULL_ALLOC_N(ndr, r->sids, ndr_get_array_size(ndr, &r->sids)); + size_sids_1 = ndr_get_array_size(ndr, &r->sids); + NDR_PULL_ALLOC_N(ndr, r->sids, size_sids_1); _mem_save_sids_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->sids, 0); - for (cntr_sids_1 = 0; cntr_sids_1 < r->num_sids; cntr_sids_1++) { + for (cntr_sids_1 = 0; cntr_sids_1 < size_sids_1; cntr_sids_1++) { NDR_CHECK(ndr_pull_lsa_SidPtr(ndr, NDR_SCALARS, &r->sids[cntr_sids_1])); } - for (cntr_sids_1 = 0; cntr_sids_1 < r->num_sids; cntr_sids_1++) { + for (cntr_sids_1 = 0; cntr_sids_1 < size_sids_1; cntr_sids_1++) { NDR_CHECK(ndr_pull_lsa_SidPtr(ndr, NDR_BUFFERS, &r->sids[cntr_sids_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_sids_1, 0); @@ -1843,6 +1875,7 @@ static enum ndr_err_code ndr_push_lsa_DomainList(struct ndr_push *ndr, int ndr_f static enum ndr_err_code ndr_pull_lsa_DomainList(struct ndr_pull *ndr, int ndr_flags, struct lsa_DomainList *r) { uint32_t _ptr_domains; + uint32_t size_domains_1 = 0; uint32_t cntr_domains_1; TALLOC_CTX *_mem_save_domains_0; TALLOC_CTX *_mem_save_domains_1; @@ -1861,13 +1894,14 @@ static enum ndr_err_code ndr_pull_lsa_DomainList(struct ndr_pull *ndr, int ndr_f _mem_save_domains_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->domains, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->domains)); - NDR_PULL_ALLOC_N(ndr, r->domains, ndr_get_array_size(ndr, &r->domains)); + size_domains_1 = ndr_get_array_size(ndr, &r->domains); + NDR_PULL_ALLOC_N(ndr, r->domains, size_domains_1); _mem_save_domains_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->domains, 0); - for (cntr_domains_1 = 0; cntr_domains_1 < r->count; cntr_domains_1++) { + for (cntr_domains_1 = 0; cntr_domains_1 < size_domains_1; cntr_domains_1++) { NDR_CHECK(ndr_pull_lsa_DomainInfo(ndr, NDR_SCALARS, &r->domains[cntr_domains_1])); } - for (cntr_domains_1 = 0; cntr_domains_1 < r->count; cntr_domains_1++) { + for (cntr_domains_1 = 0; cntr_domains_1 < size_domains_1; cntr_domains_1++) { NDR_CHECK(ndr_pull_lsa_DomainInfo(ndr, NDR_BUFFERS, &r->domains[cntr_domains_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_domains_1, 0); @@ -1995,6 +2029,7 @@ static enum ndr_err_code ndr_push_lsa_TransSidArray(struct ndr_push *ndr, int nd static enum ndr_err_code ndr_pull_lsa_TransSidArray(struct ndr_pull *ndr, int ndr_flags, struct lsa_TransSidArray *r) { uint32_t _ptr_sids; + uint32_t size_sids_1 = 0; uint32_t cntr_sids_1; TALLOC_CTX *_mem_save_sids_0; TALLOC_CTX *_mem_save_sids_1; @@ -2016,10 +2051,11 @@ static enum ndr_err_code ndr_pull_lsa_TransSidArray(struct ndr_pull *ndr, int nd _mem_save_sids_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->sids, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->sids)); - NDR_PULL_ALLOC_N(ndr, r->sids, ndr_get_array_size(ndr, &r->sids)); + size_sids_1 = ndr_get_array_size(ndr, &r->sids); + NDR_PULL_ALLOC_N(ndr, r->sids, size_sids_1); _mem_save_sids_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->sids, 0); - for (cntr_sids_1 = 0; cntr_sids_1 < r->count; cntr_sids_1++) { + for (cntr_sids_1 = 0; cntr_sids_1 < size_sids_1; cntr_sids_1++) { NDR_CHECK(ndr_pull_lsa_TranslatedSid(ndr, NDR_SCALARS, &r->sids[cntr_sids_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_sids_1, 0); @@ -2082,6 +2118,7 @@ static enum ndr_err_code ndr_push_lsa_RefDomainList(struct ndr_push *ndr, int nd static enum ndr_err_code ndr_pull_lsa_RefDomainList(struct ndr_pull *ndr, int ndr_flags, struct lsa_RefDomainList *r) { uint32_t _ptr_domains; + uint32_t size_domains_1 = 0; uint32_t cntr_domains_1; TALLOC_CTX *_mem_save_domains_0; TALLOC_CTX *_mem_save_domains_1; @@ -2104,13 +2141,14 @@ static enum ndr_err_code ndr_pull_lsa_RefDomainList(struct ndr_pull *ndr, int nd _mem_save_domains_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->domains, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->domains)); - NDR_PULL_ALLOC_N(ndr, r->domains, ndr_get_array_size(ndr, &r->domains)); + size_domains_1 = ndr_get_array_size(ndr, &r->domains); + NDR_PULL_ALLOC_N(ndr, r->domains, size_domains_1); _mem_save_domains_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->domains, 0); - for (cntr_domains_1 = 0; cntr_domains_1 < r->count; cntr_domains_1++) { + for (cntr_domains_1 = 0; cntr_domains_1 < size_domains_1; cntr_domains_1++) { NDR_CHECK(ndr_pull_lsa_DomainInfo(ndr, NDR_SCALARS, &r->domains[cntr_domains_1])); } - for (cntr_domains_1 = 0; cntr_domains_1 < r->count; cntr_domains_1++) { + for (cntr_domains_1 = 0; cntr_domains_1 < size_domains_1; cntr_domains_1++) { NDR_CHECK(ndr_pull_lsa_DomainInfo(ndr, NDR_BUFFERS, &r->domains[cntr_domains_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_domains_1, 0); @@ -2240,6 +2278,7 @@ static enum ndr_err_code ndr_push_lsa_TransNameArray(struct ndr_push *ndr, int n static enum ndr_err_code ndr_pull_lsa_TransNameArray(struct ndr_pull *ndr, int ndr_flags, struct lsa_TransNameArray *r) { uint32_t _ptr_names; + uint32_t size_names_1 = 0; uint32_t cntr_names_1; TALLOC_CTX *_mem_save_names_0; TALLOC_CTX *_mem_save_names_1; @@ -2261,13 +2300,14 @@ static enum ndr_err_code ndr_pull_lsa_TransNameArray(struct ndr_pull *ndr, int n _mem_save_names_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->names, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->names)); - NDR_PULL_ALLOC_N(ndr, r->names, ndr_get_array_size(ndr, &r->names)); + size_names_1 = ndr_get_array_size(ndr, &r->names); + NDR_PULL_ALLOC_N(ndr, r->names, size_names_1); _mem_save_names_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->names, 0); - for (cntr_names_1 = 0; cntr_names_1 < r->count; cntr_names_1++) { + for (cntr_names_1 = 0; cntr_names_1 < size_names_1; cntr_names_1++) { NDR_CHECK(ndr_pull_lsa_TranslatedName(ndr, NDR_SCALARS, &r->names[cntr_names_1])); } - for (cntr_names_1 = 0; cntr_names_1 < r->count; cntr_names_1++) { + for (cntr_names_1 = 0; cntr_names_1 < size_names_1; cntr_names_1++) { NDR_CHECK(ndr_pull_lsa_TranslatedName(ndr, NDR_BUFFERS, &r->names[cntr_names_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_names_1, 0); @@ -2356,6 +2396,7 @@ static enum ndr_err_code ndr_push_lsa_PrivilegeSet(struct ndr_push *ndr, int ndr static enum ndr_err_code ndr_pull_lsa_PrivilegeSet(struct ndr_pull *ndr, int ndr_flags, struct lsa_PrivilegeSet *r) { + uint32_t size_set_0 = 0; uint32_t cntr_set_0; TALLOC_CTX *_mem_save_set_0; if (ndr_flags & NDR_SCALARS) { @@ -2366,10 +2407,11 @@ static enum ndr_err_code ndr_pull_lsa_PrivilegeSet(struct ndr_pull *ndr, int ndr return ndr_pull_error(ndr, NDR_ERR_RANGE, "value out of range"); } NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->unknown)); - NDR_PULL_ALLOC_N(ndr, r->set, ndr_get_array_size(ndr, &r->set)); + size_set_0 = ndr_get_array_size(ndr, &r->set); + NDR_PULL_ALLOC_N(ndr, r->set, size_set_0); _mem_save_set_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->set, 0); - for (cntr_set_0 = 0; cntr_set_0 < r->count; cntr_set_0++) { + for (cntr_set_0 = 0; cntr_set_0 < size_set_0; cntr_set_0++) { NDR_CHECK(ndr_pull_lsa_LUIDAttribute(ndr, NDR_SCALARS, &r->set[cntr_set_0])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_set_0, 0); @@ -2429,6 +2471,8 @@ static enum ndr_err_code ndr_push_lsa_DATA_BUF(struct ndr_push *ndr, int ndr_fla static enum ndr_err_code ndr_pull_lsa_DATA_BUF(struct ndr_pull *ndr, int ndr_flags, struct lsa_DATA_BUF *r) { uint32_t _ptr_data; + uint32_t size_data_1 = 0; + uint32_t length_data_1 = 0; TALLOC_CTX *_mem_save_data_0; { uint32_t _flags_save_STRUCT = ndr->flags; @@ -2450,11 +2494,13 @@ static enum ndr_err_code ndr_pull_lsa_DATA_BUF(struct ndr_pull *ndr, int ndr_fla NDR_PULL_SET_MEM_CTX(ndr, r->data, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->data)); NDR_CHECK(ndr_pull_array_length(ndr, &r->data)); - if (ndr_get_array_length(ndr, &r->data) > ndr_get_array_size(ndr, &r->data)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->data), ndr_get_array_length(ndr, &r->data)); + size_data_1 = ndr_get_array_size(ndr, &r->data); + length_data_1 = ndr_get_array_length(ndr, &r->data); + if (length_data_1 > size_data_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_data_1, length_data_1); } - NDR_PULL_ALLOC_N(ndr, r->data, ndr_get_array_size(ndr, &r->data)); - NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->data, ndr_get_array_length(ndr, &r->data))); + NDR_PULL_ALLOC_N(ndr, r->data, size_data_1); + NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->data, length_data_1)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_data_0, 0); } if (r->data) { @@ -2513,6 +2559,7 @@ static enum ndr_err_code ndr_push_lsa_DATA_BUF2(struct ndr_push *ndr, int ndr_fl static enum ndr_err_code ndr_pull_lsa_DATA_BUF2(struct ndr_pull *ndr, int ndr_flags, struct lsa_DATA_BUF2 *r) { uint32_t _ptr_data; + uint32_t size_data_1 = 0; TALLOC_CTX *_mem_save_data_0; { uint32_t _flags_save_STRUCT = ndr->flags; @@ -2535,8 +2582,9 @@ static enum ndr_err_code ndr_pull_lsa_DATA_BUF2(struct ndr_pull *ndr, int ndr_fl _mem_save_data_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->data, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->data)); - NDR_PULL_ALLOC_N(ndr, r->data, ndr_get_array_size(ndr, &r->data)); - NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->data, ndr_get_array_size(ndr, &r->data))); + size_data_1 = ndr_get_array_size(ndr, &r->data); + NDR_PULL_ALLOC_N(ndr, r->data, size_data_1); + NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->data, size_data_1)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_data_0, 0); } if (r->data) { @@ -3461,6 +3509,7 @@ static enum ndr_err_code ndr_push_lsa_RightSet(struct ndr_push *ndr, int ndr_fla static enum ndr_err_code ndr_pull_lsa_RightSet(struct ndr_pull *ndr, int ndr_flags, struct lsa_RightSet *r) { uint32_t _ptr_names; + uint32_t size_names_1 = 0; uint32_t cntr_names_1; TALLOC_CTX *_mem_save_names_0; TALLOC_CTX *_mem_save_names_1; @@ -3482,13 +3531,14 @@ static enum ndr_err_code ndr_pull_lsa_RightSet(struct ndr_pull *ndr, int ndr_fla _mem_save_names_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->names, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->names)); - NDR_PULL_ALLOC_N(ndr, r->names, ndr_get_array_size(ndr, &r->names)); + size_names_1 = ndr_get_array_size(ndr, &r->names); + NDR_PULL_ALLOC_N(ndr, r->names, size_names_1); _mem_save_names_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->names, 0); - for (cntr_names_1 = 0; cntr_names_1 < r->count; cntr_names_1++) { + for (cntr_names_1 = 0; cntr_names_1 < size_names_1; cntr_names_1++) { NDR_CHECK(ndr_pull_lsa_StringLarge(ndr, NDR_SCALARS, &r->names[cntr_names_1])); } - for (cntr_names_1 = 0; cntr_names_1 < r->count; cntr_names_1++) { + for (cntr_names_1 = 0; cntr_names_1 < size_names_1; cntr_names_1++) { NDR_CHECK(ndr_pull_lsa_StringLarge(ndr, NDR_BUFFERS, &r->names[cntr_names_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_names_1, 0); @@ -3550,6 +3600,7 @@ static enum ndr_err_code ndr_push_lsa_DomainListEx(struct ndr_push *ndr, int ndr static enum ndr_err_code ndr_pull_lsa_DomainListEx(struct ndr_pull *ndr, int ndr_flags, struct lsa_DomainListEx *r) { uint32_t _ptr_domains; + uint32_t size_domains_1 = 0; uint32_t cntr_domains_1; TALLOC_CTX *_mem_save_domains_0; TALLOC_CTX *_mem_save_domains_1; @@ -3568,13 +3619,14 @@ static enum ndr_err_code ndr_pull_lsa_DomainListEx(struct ndr_pull *ndr, int ndr _mem_save_domains_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->domains, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->domains)); - NDR_PULL_ALLOC_N(ndr, r->domains, ndr_get_array_size(ndr, &r->domains)); + size_domains_1 = ndr_get_array_size(ndr, &r->domains); + NDR_PULL_ALLOC_N(ndr, r->domains, size_domains_1); _mem_save_domains_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->domains, 0); - for (cntr_domains_1 = 0; cntr_domains_1 < r->count; cntr_domains_1++) { + for (cntr_domains_1 = 0; cntr_domains_1 < size_domains_1; cntr_domains_1++) { NDR_CHECK(ndr_pull_lsa_TrustDomainInfoInfoEx(ndr, NDR_SCALARS, &r->domains[cntr_domains_1])); } - for (cntr_domains_1 = 0; cntr_domains_1 < r->count; cntr_domains_1++) { + for (cntr_domains_1 = 0; cntr_domains_1 < size_domains_1; cntr_domains_1++) { NDR_CHECK(ndr_pull_lsa_TrustDomainInfoInfoEx(ndr, NDR_BUFFERS, &r->domains[cntr_domains_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_domains_1, 0); @@ -3675,6 +3727,7 @@ static enum ndr_err_code ndr_push_lsa_DomainInfoEfs(struct ndr_push *ndr, int nd static enum ndr_err_code ndr_pull_lsa_DomainInfoEfs(struct ndr_pull *ndr, int ndr_flags, struct lsa_DomainInfoEfs *r) { uint32_t _ptr_efs_blob; + uint32_t size_efs_blob_1 = 0; TALLOC_CTX *_mem_save_efs_blob_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); @@ -3691,8 +3744,9 @@ static enum ndr_err_code ndr_pull_lsa_DomainInfoEfs(struct ndr_pull *ndr, int nd _mem_save_efs_blob_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->efs_blob, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->efs_blob)); - NDR_PULL_ALLOC_N(ndr, r->efs_blob, ndr_get_array_size(ndr, &r->efs_blob)); - NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->efs_blob, ndr_get_array_size(ndr, &r->efs_blob))); + size_efs_blob_1 = ndr_get_array_size(ndr, &r->efs_blob); + NDR_PULL_ALLOC_N(ndr, r->efs_blob, size_efs_blob_1); + NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->efs_blob, size_efs_blob_1)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_efs_blob_0, 0); } if (r->efs_blob) { @@ -3875,6 +3929,7 @@ static enum ndr_err_code ndr_push_lsa_TransNameArray2(struct ndr_push *ndr, int static enum ndr_err_code ndr_pull_lsa_TransNameArray2(struct ndr_pull *ndr, int ndr_flags, struct lsa_TransNameArray2 *r) { uint32_t _ptr_names; + uint32_t size_names_1 = 0; uint32_t cntr_names_1; TALLOC_CTX *_mem_save_names_0; TALLOC_CTX *_mem_save_names_1; @@ -3896,13 +3951,14 @@ static enum ndr_err_code ndr_pull_lsa_TransNameArray2(struct ndr_pull *ndr, int _mem_save_names_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->names, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->names)); - NDR_PULL_ALLOC_N(ndr, r->names, ndr_get_array_size(ndr, &r->names)); + size_names_1 = ndr_get_array_size(ndr, &r->names); + NDR_PULL_ALLOC_N(ndr, r->names, size_names_1); _mem_save_names_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->names, 0); - for (cntr_names_1 = 0; cntr_names_1 < r->count; cntr_names_1++) { + for (cntr_names_1 = 0; cntr_names_1 < size_names_1; cntr_names_1++) { NDR_CHECK(ndr_pull_lsa_TranslatedName2(ndr, NDR_SCALARS, &r->names[cntr_names_1])); } - for (cntr_names_1 = 0; cntr_names_1 < r->count; cntr_names_1++) { + for (cntr_names_1 = 0; cntr_names_1 < size_names_1; cntr_names_1++) { NDR_CHECK(ndr_pull_lsa_TranslatedName2(ndr, NDR_BUFFERS, &r->names[cntr_names_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_names_1, 0); @@ -4000,6 +4056,7 @@ static enum ndr_err_code ndr_push_lsa_TransSidArray2(struct ndr_push *ndr, int n static enum ndr_err_code ndr_pull_lsa_TransSidArray2(struct ndr_pull *ndr, int ndr_flags, struct lsa_TransSidArray2 *r) { uint32_t _ptr_sids; + uint32_t size_sids_1 = 0; uint32_t cntr_sids_1; TALLOC_CTX *_mem_save_sids_0; TALLOC_CTX *_mem_save_sids_1; @@ -4021,10 +4078,11 @@ static enum ndr_err_code ndr_pull_lsa_TransSidArray2(struct ndr_pull *ndr, int n _mem_save_sids_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->sids, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->sids)); - NDR_PULL_ALLOC_N(ndr, r->sids, ndr_get_array_size(ndr, &r->sids)); + size_sids_1 = ndr_get_array_size(ndr, &r->sids); + NDR_PULL_ALLOC_N(ndr, r->sids, size_sids_1); _mem_save_sids_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->sids, 0); - for (cntr_sids_1 = 0; cntr_sids_1 < r->count; cntr_sids_1++) { + for (cntr_sids_1 = 0; cntr_sids_1 < size_sids_1; cntr_sids_1++) { NDR_CHECK(ndr_pull_lsa_TranslatedSid2(ndr, NDR_SCALARS, &r->sids[cntr_sids_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_sids_1, 0); @@ -4146,6 +4204,7 @@ static enum ndr_err_code ndr_push_lsa_TransSidArray3(struct ndr_push *ndr, int n static enum ndr_err_code ndr_pull_lsa_TransSidArray3(struct ndr_pull *ndr, int ndr_flags, struct lsa_TransSidArray3 *r) { uint32_t _ptr_sids; + uint32_t size_sids_1 = 0; uint32_t cntr_sids_1; TALLOC_CTX *_mem_save_sids_0; TALLOC_CTX *_mem_save_sids_1; @@ -4167,13 +4226,14 @@ static enum ndr_err_code ndr_pull_lsa_TransSidArray3(struct ndr_pull *ndr, int n _mem_save_sids_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->sids, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->sids)); - NDR_PULL_ALLOC_N(ndr, r->sids, ndr_get_array_size(ndr, &r->sids)); + size_sids_1 = ndr_get_array_size(ndr, &r->sids); + NDR_PULL_ALLOC_N(ndr, r->sids, size_sids_1); _mem_save_sids_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->sids, 0); - for (cntr_sids_1 = 0; cntr_sids_1 < r->count; cntr_sids_1++) { + for (cntr_sids_1 = 0; cntr_sids_1 < size_sids_1; cntr_sids_1++) { NDR_CHECK(ndr_pull_lsa_TranslatedSid3(ndr, NDR_SCALARS, &r->sids[cntr_sids_1])); } - for (cntr_sids_1 = 0; cntr_sids_1 < r->count; cntr_sids_1++) { + for (cntr_sids_1 = 0; cntr_sids_1 < size_sids_1; cntr_sids_1++) { NDR_CHECK(ndr_pull_lsa_TranslatedSid3(ndr, NDR_BUFFERS, &r->sids[cntr_sids_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_sids_1, 0); @@ -4229,6 +4289,7 @@ static enum ndr_err_code ndr_push_lsa_ForestTrustBinaryData(struct ndr_push *ndr static enum ndr_err_code ndr_pull_lsa_ForestTrustBinaryData(struct ndr_pull *ndr, int ndr_flags, struct lsa_ForestTrustBinaryData *r) { uint32_t _ptr_data; + uint32_t size_data_1 = 0; TALLOC_CTX *_mem_save_data_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); @@ -4248,8 +4309,9 @@ static enum ndr_err_code ndr_pull_lsa_ForestTrustBinaryData(struct ndr_pull *ndr _mem_save_data_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->data, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->data)); - NDR_PULL_ALLOC_N(ndr, r->data, ndr_get_array_size(ndr, &r->data)); - NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->data, ndr_get_array_size(ndr, &r->data))); + size_data_1 = ndr_get_array_size(ndr, &r->data); + NDR_PULL_ALLOC_N(ndr, r->data, size_data_1); + NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->data, size_data_1)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_data_0, 0); } if (r->data) { @@ -4557,6 +4619,7 @@ _PUBLIC_ enum ndr_err_code ndr_push_lsa_ForestTrustInformation(struct ndr_push * _PUBLIC_ enum ndr_err_code ndr_pull_lsa_ForestTrustInformation(struct ndr_pull *ndr, int ndr_flags, struct lsa_ForestTrustInformation *r) { uint32_t _ptr_entries; + uint32_t size_entries_1 = 0; uint32_t cntr_entries_1; TALLOC_CTX *_mem_save_entries_0; TALLOC_CTX *_mem_save_entries_1; @@ -4579,10 +4642,11 @@ _PUBLIC_ enum ndr_err_code ndr_pull_lsa_ForestTrustInformation(struct ndr_pull * _mem_save_entries_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->entries, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->entries)); - NDR_PULL_ALLOC_N(ndr, r->entries, ndr_get_array_size(ndr, &r->entries)); + size_entries_1 = ndr_get_array_size(ndr, &r->entries); + NDR_PULL_ALLOC_N(ndr, r->entries, size_entries_1); _mem_save_entries_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->entries, 0); - for (cntr_entries_1 = 0; cntr_entries_1 < r->count; cntr_entries_1++) { + for (cntr_entries_1 = 0; cntr_entries_1 < size_entries_1; cntr_entries_1++) { NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_entries)); if (_ptr_entries) { NDR_PULL_ALLOC(ndr, r->entries[cntr_entries_1]); @@ -4590,7 +4654,7 @@ _PUBLIC_ enum ndr_err_code ndr_pull_lsa_ForestTrustInformation(struct ndr_pull * r->entries[cntr_entries_1] = NULL; } } - for (cntr_entries_1 = 0; cntr_entries_1 < r->count; cntr_entries_1++) { + for (cntr_entries_1 = 0; cntr_entries_1 < size_entries_1; cntr_entries_1++) { if (r->entries[cntr_entries_1]) { _mem_save_entries_2 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->entries[cntr_entries_1], 0); @@ -5899,6 +5963,7 @@ _PUBLIC_ enum ndr_err_code ndr_push_lsa_LookupNames(struct ndr_push *ndr, int fl _PUBLIC_ enum ndr_err_code ndr_pull_lsa_LookupNames(struct ndr_pull *ndr, int flags, struct lsa_LookupNames *r) { + uint32_t size_names_0 = 0; uint32_t cntr_names_0; uint32_t _ptr_domains; TALLOC_CTX *_mem_save_handle_0; @@ -5922,13 +5987,14 @@ _PUBLIC_ enum ndr_err_code ndr_pull_lsa_LookupNames(struct ndr_pull *ndr, int fl return ndr_pull_error(ndr, NDR_ERR_RANGE, "value out of range"); } NDR_CHECK(ndr_pull_array_size(ndr, &r->in.names)); - NDR_PULL_ALLOC_N(ndr, r->in.names, ndr_get_array_size(ndr, &r->in.names)); + size_names_0 = ndr_get_array_size(ndr, &r->in.names); + NDR_PULL_ALLOC_N(ndr, r->in.names, size_names_0); _mem_save_names_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->in.names, 0); - for (cntr_names_0 = 0; cntr_names_0 < r->in.num_names; cntr_names_0++) { + for (cntr_names_0 = 0; cntr_names_0 < size_names_0; cntr_names_0++) { NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_SCALARS, &r->in.names[cntr_names_0])); } - for (cntr_names_0 = 0; cntr_names_0 < r->in.num_names; cntr_names_0++) { + for (cntr_names_0 = 0; cntr_names_0 < size_names_0; cntr_names_0++) { NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_BUFFERS, &r->in.names[cntr_names_0])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_names_0, 0); @@ -8707,6 +8773,8 @@ _PUBLIC_ enum ndr_err_code ndr_push_lsa_OpenPolicy2(struct ndr_push *ndr, int fl _PUBLIC_ enum ndr_err_code ndr_pull_lsa_OpenPolicy2(struct ndr_pull *ndr, int flags, struct lsa_OpenPolicy2 *r) { uint32_t _ptr_system_name; + uint32_t size_system_name_1 = 0; + uint32_t length_system_name_1 = 0; TALLOC_CTX *_mem_save_system_name_0; TALLOC_CTX *_mem_save_attr_0; TALLOC_CTX *_mem_save_handle_0; @@ -8724,11 +8792,13 @@ _PUBLIC_ enum ndr_err_code ndr_pull_lsa_OpenPolicy2(struct ndr_pull *ndr, int fl NDR_PULL_SET_MEM_CTX(ndr, r->in.system_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.system_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.system_name)); - if (ndr_get_array_length(ndr, &r->in.system_name) > ndr_get_array_size(ndr, &r->in.system_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.system_name), ndr_get_array_length(ndr, &r->in.system_name)); + size_system_name_1 = ndr_get_array_size(ndr, &r->in.system_name); + length_system_name_1 = ndr_get_array_length(ndr, &r->in.system_name); + if (length_system_name_1 > size_system_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_system_name_1, length_system_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.system_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.system_name, ndr_get_array_length(ndr, &r->in.system_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_system_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.system_name, length_system_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_system_name_0, 0); } if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) { @@ -8839,6 +8909,8 @@ static enum ndr_err_code ndr_push_lsa_GetUserName(struct ndr_push *ndr, int flag static enum ndr_err_code ndr_pull_lsa_GetUserName(struct ndr_pull *ndr, int flags, struct lsa_GetUserName *r) { uint32_t _ptr_system_name; + uint32_t size_system_name_1 = 0; + uint32_t length_system_name_1 = 0; uint32_t _ptr_account_name; uint32_t _ptr_authority_name; TALLOC_CTX *_mem_save_system_name_0; @@ -8860,11 +8932,13 @@ static enum ndr_err_code ndr_pull_lsa_GetUserName(struct ndr_pull *ndr, int flag NDR_PULL_SET_MEM_CTX(ndr, r->in.system_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.system_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.system_name)); - if (ndr_get_array_length(ndr, &r->in.system_name) > ndr_get_array_size(ndr, &r->in.system_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.system_name), ndr_get_array_length(ndr, &r->in.system_name)); + size_system_name_1 = ndr_get_array_size(ndr, &r->in.system_name); + length_system_name_1 = ndr_get_array_length(ndr, &r->in.system_name); + if (length_system_name_1 > size_system_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_system_name_1, length_system_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.system_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.system_name, ndr_get_array_length(ndr, &r->in.system_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_system_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.system_name, length_system_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_system_name_0, 0); } if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) { @@ -10203,6 +10277,7 @@ _PUBLIC_ enum ndr_err_code ndr_push_lsa_LookupNames2(struct ndr_push *ndr, int f _PUBLIC_ enum ndr_err_code ndr_pull_lsa_LookupNames2(struct ndr_pull *ndr, int flags, struct lsa_LookupNames2 *r) { + uint32_t size_names_0 = 0; uint32_t cntr_names_0; uint32_t _ptr_domains; TALLOC_CTX *_mem_save_handle_0; @@ -10226,13 +10301,14 @@ _PUBLIC_ enum ndr_err_code ndr_pull_lsa_LookupNames2(struct ndr_pull *ndr, int f return ndr_pull_error(ndr, NDR_ERR_RANGE, "value out of range"); } NDR_CHECK(ndr_pull_array_size(ndr, &r->in.names)); - NDR_PULL_ALLOC_N(ndr, r->in.names, ndr_get_array_size(ndr, &r->in.names)); + size_names_0 = ndr_get_array_size(ndr, &r->in.names); + NDR_PULL_ALLOC_N(ndr, r->in.names, size_names_0); _mem_save_names_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->in.names, 0); - for (cntr_names_0 = 0; cntr_names_0 < r->in.num_names; cntr_names_0++) { + for (cntr_names_0 = 0; cntr_names_0 < size_names_0; cntr_names_0++) { NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_SCALARS, &r->in.names[cntr_names_0])); } - for (cntr_names_0 = 0; cntr_names_0 < r->in.num_names; cntr_names_0++) { + for (cntr_names_0 = 0; cntr_names_0 < size_names_0; cntr_names_0++) { NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_BUFFERS, &r->in.names[cntr_names_0])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_names_0, 0); @@ -10786,6 +10862,7 @@ _PUBLIC_ enum ndr_err_code ndr_push_lsa_LookupNames3(struct ndr_push *ndr, int f _PUBLIC_ enum ndr_err_code ndr_pull_lsa_LookupNames3(struct ndr_pull *ndr, int flags, struct lsa_LookupNames3 *r) { + uint32_t size_names_0 = 0; uint32_t cntr_names_0; uint32_t _ptr_domains; TALLOC_CTX *_mem_save_handle_0; @@ -10809,13 +10886,14 @@ _PUBLIC_ enum ndr_err_code ndr_pull_lsa_LookupNames3(struct ndr_pull *ndr, int f return ndr_pull_error(ndr, NDR_ERR_RANGE, "value out of range"); } NDR_CHECK(ndr_pull_array_size(ndr, &r->in.names)); - NDR_PULL_ALLOC_N(ndr, r->in.names, ndr_get_array_size(ndr, &r->in.names)); + size_names_0 = ndr_get_array_size(ndr, &r->in.names); + NDR_PULL_ALLOC_N(ndr, r->in.names, size_names_0); _mem_save_names_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->in.names, 0); - for (cntr_names_0 = 0; cntr_names_0 < r->in.num_names; cntr_names_0++) { + for (cntr_names_0 = 0; cntr_names_0 < size_names_0; cntr_names_0++) { NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_SCALARS, &r->in.names[cntr_names_0])); } - for (cntr_names_0 = 0; cntr_names_0 < r->in.num_names; cntr_names_0++) { + for (cntr_names_0 = 0; cntr_names_0 < size_names_0; cntr_names_0++) { NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_BUFFERS, &r->in.names[cntr_names_0])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_names_0, 0); @@ -11532,6 +11610,7 @@ static enum ndr_err_code ndr_push_lsa_LookupNames4(struct ndr_push *ndr, int fla static enum ndr_err_code ndr_pull_lsa_LookupNames4(struct ndr_pull *ndr, int flags, struct lsa_LookupNames4 *r) { + uint32_t size_names_0 = 0; uint32_t cntr_names_0; uint32_t _ptr_domains; TALLOC_CTX *_mem_save_names_0; @@ -11547,13 +11626,14 @@ static enum ndr_err_code ndr_pull_lsa_LookupNames4(struct ndr_pull *ndr, int fla return ndr_pull_error(ndr, NDR_ERR_RANGE, "value out of range"); } NDR_CHECK(ndr_pull_array_size(ndr, &r->in.names)); - NDR_PULL_ALLOC_N(ndr, r->in.names, ndr_get_array_size(ndr, &r->in.names)); + size_names_0 = ndr_get_array_size(ndr, &r->in.names); + NDR_PULL_ALLOC_N(ndr, r->in.names, size_names_0); _mem_save_names_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->in.names, 0); - for (cntr_names_0 = 0; cntr_names_0 < r->in.num_names; cntr_names_0++) { + for (cntr_names_0 = 0; cntr_names_0 < size_names_0; cntr_names_0++) { NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_SCALARS, &r->in.names[cntr_names_0])); } - for (cntr_names_0 = 0; cntr_names_0 < r->in.num_names; cntr_names_0++) { + for (cntr_names_0 = 0; cntr_names_0 < size_names_0; cntr_names_0++) { NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_BUFFERS, &r->in.names[cntr_names_0])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_names_0, 0); diff --git a/source/librpc/gen_ndr/ndr_messaging.c b/source/librpc/gen_ndr/ndr_messaging.c index e1e95ee..8eb778f 100644 --- a/source/librpc/gen_ndr/ndr_messaging.c +++ b/source/librpc/gen_ndr/ndr_messaging.c @@ -144,23 +144,26 @@ _PUBLIC_ enum ndr_err_code ndr_push_messaging_array(struct ndr_push *ndr, int nd _PUBLIC_ enum ndr_err_code ndr_pull_messaging_array(struct ndr_pull *ndr, int ndr_flags, struct messaging_array *r) { + uint32_t size_messages_0 = 0; uint32_t cntr_messages_0; TALLOC_CTX *_mem_save_messages_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->num_messages)); - NDR_PULL_ALLOC_N(ndr, r->messages, r->num_messages); + size_messages_0 = r->num_messages; + NDR_PULL_ALLOC_N(ndr, r->messages, size_messages_0); _mem_save_messages_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->messages, 0); - for (cntr_messages_0 = 0; cntr_messages_0 < r->num_messages; cntr_messages_0++) { + for (cntr_messages_0 = 0; cntr_messages_0 < size_messages_0; cntr_messages_0++) { NDR_CHECK(ndr_pull_messaging_rec(ndr, NDR_SCALARS, &r->messages[cntr_messages_0])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_messages_0, 0); } if (ndr_flags & NDR_BUFFERS) { + size_messages_0 = r->num_messages; _mem_save_messages_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->messages, 0); - for (cntr_messages_0 = 0; cntr_messages_0 < r->num_messages; cntr_messages_0++) { + for (cntr_messages_0 = 0; cntr_messages_0 < size_messages_0; cntr_messages_0++) { NDR_CHECK(ndr_pull_messaging_rec(ndr, NDR_BUFFERS, &r->messages[cntr_messages_0])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_messages_0, 0); @@ -213,27 +216,35 @@ _PUBLIC_ enum ndr_err_code ndr_push_dbwrap_tdb2_changes(struct ndr_push *ndr, in _PUBLIC_ enum ndr_err_code ndr_pull_dbwrap_tdb2_changes(struct ndr_pull *ndr, int ndr_flags, struct dbwrap_tdb2_changes *r) { + uint32_t size_magic_string_0 = 0; + uint32_t size_name_0 = 0; + uint32_t length_name_0 = 0; + uint32_t size_keys_0 = 0; uint32_t cntr_keys_0; TALLOC_CTX *_mem_save_keys_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->magic_string, 4, sizeof(uint8_t), CH_DOS)); + size_magic_string_0 = 4; + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->magic_string, size_magic_string_0, sizeof(uint8_t), CH_DOS)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->magic_version)); NDR_CHECK(ndr_pull_array_size(ndr, &r->name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->name)); - if (ndr_get_array_length(ndr, &r->name) > ndr_get_array_size(ndr, &r->name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->name), ndr_get_array_length(ndr, &r->name)); + size_name_0 = ndr_get_array_size(ndr, &r->name); + length_name_0 = ndr_get_array_length(ndr, &r->name); + if (length_name_0 > size_name_0) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_name_0, length_name_0); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->name), sizeof(uint8_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->name, ndr_get_array_length(ndr, &r->name), sizeof(uint8_t), CH_UTF8)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_name_0, sizeof(uint8_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->name, length_name_0, sizeof(uint8_t), CH_UTF8)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->old_seqnum)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->new_seqnum)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->num_changes)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->num_keys)); - NDR_PULL_ALLOC_N(ndr, r->keys, r->num_keys); + size_keys_0 = r->num_keys; + NDR_PULL_ALLOC_N(ndr, r->keys, size_keys_0); _mem_save_keys_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->keys, 0); - for (cntr_keys_0 = 0; cntr_keys_0 < r->num_keys; cntr_keys_0++) { + for (cntr_keys_0 = 0; cntr_keys_0 < size_keys_0; cntr_keys_0++) { NDR_CHECK(ndr_pull_DATA_BLOB(ndr, NDR_SCALARS, &r->keys[cntr_keys_0])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_keys_0, 0); diff --git a/source/librpc/gen_ndr/ndr_misc.c b/source/librpc/gen_ndr/ndr_misc.c index 56105d4..12da791 100644 --- a/source/librpc/gen_ndr/ndr_misc.c +++ b/source/librpc/gen_ndr/ndr_misc.c @@ -20,13 +20,17 @@ _PUBLIC_ enum ndr_err_code ndr_push_GUID(struct ndr_push *ndr, int ndr_flags, co _PUBLIC_ enum ndr_err_code ndr_pull_GUID(struct ndr_pull *ndr, int ndr_flags, struct GUID *r) { + uint32_t size_clock_seq_0 = 0; + uint32_t size_node_0 = 0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->time_low)); NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, &r->time_mid)); NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, &r->time_hi_and_version)); - NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->clock_seq, 2)); - NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->node, 6)); + size_clock_seq_0 = 2; + NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->clock_seq, size_clock_seq_0)); + size_node_0 = 6; + NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->node, size_node_0)); } if (ndr_flags & NDR_BUFFERS) { } diff --git a/source/librpc/gen_ndr/ndr_nbt.c b/source/librpc/gen_ndr/ndr_nbt.c index c02b539..bc050df 100644 --- a/source/librpc/gen_ndr/ndr_nbt.c +++ b/source/librpc/gen_ndr/ndr_nbt.c @@ -242,15 +242,17 @@ static enum ndr_err_code ndr_push_nbt_rdata_netbios(struct ndr_push *ndr, int nd static enum ndr_err_code ndr_pull_nbt_rdata_netbios(struct ndr_pull *ndr, int ndr_flags, struct nbt_rdata_netbios *r) { + uint32_t size_addresses_0 = 0; uint32_t cntr_addresses_0; TALLOC_CTX *_mem_save_addresses_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, &r->length)); - NDR_PULL_ALLOC_N(ndr, r->addresses, r->length / 6); + size_addresses_0 = r->length / 6; + NDR_PULL_ALLOC_N(ndr, r->addresses, size_addresses_0); _mem_save_addresses_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->addresses, 0); - for (cntr_addresses_0 = 0; cntr_addresses_0 < r->length / 6; cntr_addresses_0++) { + for (cntr_addresses_0 = 0; cntr_addresses_0 < size_addresses_0; cntr_addresses_0++) { NDR_CHECK(ndr_pull_nbt_rdata_address(ndr, NDR_SCALARS, &r->addresses[cntr_addresses_0])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_addresses_0, 0); @@ -311,9 +313,11 @@ static enum ndr_err_code ndr_push_nbt_statistics(struct ndr_push *ndr, int ndr_f static enum ndr_err_code ndr_pull_nbt_statistics(struct ndr_pull *ndr, int ndr_flags, struct nbt_statistics *r) { + uint32_t size_unit_id_0 = 0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); - NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->unit_id, 6)); + size_unit_id_0 = 6; + NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->unit_id, size_unit_id_0)); NDR_CHECK(ndr_pull_uint8(ndr, NDR_SCALARS, &r->jumpers)); NDR_CHECK(ndr_pull_uint8(ndr, NDR_SCALARS, &r->test_result)); NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, &r->version_number)); @@ -381,9 +385,11 @@ static enum ndr_err_code ndr_push_nbt_status_name(struct ndr_push *ndr, int ndr_ static enum ndr_err_code ndr_pull_nbt_status_name(struct ndr_pull *ndr, int ndr_flags, struct nbt_status_name *r) { + uint32_t size_name_0 = 0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 2)); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->name, 15, sizeof(uint8_t), CH_DOS)); + size_name_0 = 15; + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->name, size_name_0, sizeof(uint8_t), CH_DOS)); NDR_CHECK(ndr_pull_nbt_name_type(ndr, NDR_SCALARS, &r->type)); NDR_CHECK(ndr_pull_nb_flags(ndr, NDR_SCALARS, &r->nb_flags)); } @@ -421,16 +427,18 @@ static enum ndr_err_code ndr_push_nbt_rdata_status(struct ndr_push *ndr, int ndr static enum ndr_err_code ndr_pull_nbt_rdata_status(struct ndr_pull *ndr, int ndr_flags, struct nbt_rdata_status *r) { + uint32_t size_names_0 = 0; uint32_t cntr_names_0; TALLOC_CTX *_mem_save_names_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, &r->length)); NDR_CHECK(ndr_pull_uint8(ndr, NDR_SCALARS, &r->num_names)); - NDR_PULL_ALLOC_N(ndr, r->names, r->num_names); + size_names_0 = r->num_names; + NDR_PULL_ALLOC_N(ndr, r->names, size_names_0); _mem_save_names_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->names, 0); - for (cntr_names_0 = 0; cntr_names_0 < r->num_names; cntr_names_0++) { + for (cntr_names_0 = 0; cntr_names_0 < size_names_0; cntr_names_0++) { NDR_CHECK(ndr_pull_nbt_status_name(ndr, NDR_SCALARS, &r->names[cntr_names_0])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_names_0, 0); @@ -476,11 +484,13 @@ static enum ndr_err_code ndr_push_nbt_rdata_data(struct ndr_push *ndr, int ndr_f static enum ndr_err_code ndr_pull_nbt_rdata_data(struct ndr_pull *ndr, int ndr_flags, struct nbt_rdata_data *r) { + uint32_t size_data_0 = 0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 2)); NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, &r->length)); - NDR_PULL_ALLOC_N(ndr, r->data, r->length); - NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->data, r->length)); + size_data_0 = r->length; + NDR_PULL_ALLOC_N(ndr, r->data, size_data_0); + NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->data, size_data_0)); } if (ndr_flags & NDR_BUFFERS) { } @@ -673,12 +683,16 @@ _PUBLIC_ enum ndr_err_code ndr_push_nbt_name_packet(struct ndr_push *ndr, int nd _PUBLIC_ enum ndr_err_code ndr_pull_nbt_name_packet(struct ndr_pull *ndr, int ndr_flags, struct nbt_name_packet *r) { + uint32_t size_questions_0 = 0; uint32_t cntr_questions_0; TALLOC_CTX *_mem_save_questions_0; + uint32_t size_answers_0 = 0; uint32_t cntr_answers_0; TALLOC_CTX *_mem_save_answers_0; + uint32_t size_nsrecs_0 = 0; uint32_t cntr_nsrecs_0; TALLOC_CTX *_mem_save_nsrecs_0; + uint32_t size_additional_0 = 0; uint32_t cntr_additional_0; TALLOC_CTX *_mem_save_additional_0; { @@ -692,31 +706,35 @@ _PUBLIC_ enum ndr_err_code ndr_pull_nbt_name_packet(struct ndr_pull *ndr, int nd NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, &r->ancount)); NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, &r->nscount)); NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, &r->arcount)); - NDR_PULL_ALLOC_N(ndr, r->questions, r->qdcount); + size_questions_0 = r->qdcount; + NDR_PULL_ALLOC_N(ndr, r->questions, size_questions_0); _mem_save_questions_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->questions, 0); - for (cntr_questions_0 = 0; cntr_questions_0 < r->qdcount; cntr_questions_0++) { + for (cntr_questions_0 = 0; cntr_questions_0 < size_questions_0; cntr_questions_0++) { NDR_CHECK(ndr_pull_nbt_name_question(ndr, NDR_SCALARS, &r->questions[cntr_questions_0])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_questions_0, 0); - NDR_PULL_ALLOC_N(ndr, r->answers, r->ancount); + size_answers_0 = r->ancount; + NDR_PULL_ALLOC_N(ndr, r->answers, size_answers_0); _mem_save_answers_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->answers, 0); - for (cntr_answers_0 = 0; cntr_answers_0 < r->ancount; cntr_answers_0++) { + for (cntr_answers_0 = 0; cntr_answers_0 < size_answers_0; cntr_answers_0++) { NDR_CHECK(ndr_pull_nbt_res_rec(ndr, NDR_SCALARS, &r->answers[cntr_answers_0])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_answers_0, 0); - NDR_PULL_ALLOC_N(ndr, r->nsrecs, r->nscount); + size_nsrecs_0 = r->nscount; + NDR_PULL_ALLOC_N(ndr, r->nsrecs, size_nsrecs_0); _mem_save_nsrecs_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->nsrecs, 0); - for (cntr_nsrecs_0 = 0; cntr_nsrecs_0 < r->nscount; cntr_nsrecs_0++) { + for (cntr_nsrecs_0 = 0; cntr_nsrecs_0 < size_nsrecs_0; cntr_nsrecs_0++) { NDR_CHECK(ndr_pull_nbt_res_rec(ndr, NDR_SCALARS, &r->nsrecs[cntr_nsrecs_0])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_nsrecs_0, 0); - NDR_PULL_ALLOC_N(ndr, r->additional, r->arcount); + size_additional_0 = r->arcount; + NDR_PULL_ALLOC_N(ndr, r->additional, size_additional_0); _mem_save_additional_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->additional, 0); - for (cntr_additional_0 = 0; cntr_additional_0 < r->arcount; cntr_additional_0++) { + for (cntr_additional_0 = 0; cntr_additional_0 < size_additional_0; cntr_additional_0++) { NDR_CHECK(ndr_pull_nbt_res_rec(ndr, NDR_SCALARS, &r->additional[cntr_additional_0])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_additional_0, 0); @@ -1093,6 +1111,7 @@ _PUBLIC_ enum ndr_err_code ndr_push_dgram_smb_packet(struct ndr_push *ndr, int n _PUBLIC_ enum ndr_err_code ndr_pull_dgram_smb_packet(struct ndr_pull *ndr, int ndr_flags, struct dgram_smb_packet *r) { + uint32_t size_signature_0 = 0; { uint32_t _flags_save_STRUCT = ndr->flags; ndr_set_flags(&ndr->flags, LIBNDR_FLAG_NOALIGN|LIBNDR_FLAG_LITTLE_ENDIAN|LIBNDR_PRINT_ARRAY_HEX); @@ -1105,7 +1124,8 @@ _PUBLIC_ enum ndr_err_code ndr_pull_dgram_smb_packet(struct ndr_pull *ndr, int n NDR_CHECK(ndr_pull_uint8(ndr, NDR_SCALARS, &r->flags)); NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, &r->flags2)); NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, &r->pid_high)); - NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->signature, 8)); + size_signature_0 = 8; + NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->signature, size_signature_0)); NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, &r->reserved)); NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, &r->tid)); NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, &r->pid)); @@ -2306,6 +2326,7 @@ static enum ndr_err_code ndr_push_NETLOGON_DB_CHANGE(struct ndr_push *ndr, int n static enum ndr_err_code ndr_pull_NETLOGON_DB_CHANGE(struct ndr_pull *ndr, int ndr_flags, struct NETLOGON_DB_CHANGE *r) { + uint32_t size_dbchange_0 = 0; uint32_t cntr_dbchange_0; TALLOC_CTX *_mem_save_dbchange_0; if (ndr_flags & NDR_SCALARS) { @@ -2345,10 +2366,11 @@ static enum ndr_err_code ndr_pull_NETLOGON_DB_CHANGE(struct ndr_pull *ndr, int n ndr->flags = _flags_save_string; } NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->db_count)); - NDR_PULL_ALLOC_N(ndr, r->dbchange, r->db_count); + size_dbchange_0 = r->db_count; + NDR_PULL_ALLOC_N(ndr, r->dbchange, size_dbchange_0); _mem_save_dbchange_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->dbchange, 0); - for (cntr_dbchange_0 = 0; cntr_dbchange_0 < r->db_count; cntr_dbchange_0++) { + for (cntr_dbchange_0 = 0; cntr_dbchange_0 < size_dbchange_0; cntr_dbchange_0++) { NDR_CHECK(ndr_pull_nbt_db_change_info(ndr, NDR_SCALARS, &r->dbchange[cntr_dbchange_0])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_dbchange_0, 0); @@ -2619,11 +2641,13 @@ static enum ndr_err_code ndr_push_nbt_browse_host_announcement(struct ndr_push * static enum ndr_err_code ndr_pull_nbt_browse_host_announcement(struct ndr_pull *ndr, int ndr_flags, struct nbt_browse_host_announcement *r) { + uint32_t size_ServerName_0 = 0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); NDR_CHECK(ndr_pull_uint8(ndr, NDR_SCALARS, &r->UpdateCount)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->Periodicity)); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->ServerName, 16, sizeof(uint8_t), CH_DOS)); + size_ServerName_0 = 16; + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->ServerName, size_ServerName_0, sizeof(uint8_t), CH_DOS)); NDR_CHECK(ndr_pull_uint8(ndr, NDR_SCALARS, &r->OSMajor)); NDR_CHECK(ndr_pull_uint8(ndr, NDR_SCALARS, &r->OSMinor)); NDR_CHECK(ndr_pull_svcctl_ServerType(ndr, NDR_SCALARS, &r->ServerType)); @@ -2805,16 +2829,18 @@ static enum ndr_err_code ndr_push_nbt_browse_backup_list_response(struct ndr_pus static enum ndr_err_code ndr_pull_nbt_browse_backup_list_response(struct ndr_pull *ndr, int ndr_flags, struct nbt_browse_backup_list_response *r) { + uint32_t size_BackupServerList_0 = 0; uint32_t cntr_BackupServerList_0; TALLOC_CTX *_mem_save_BackupServerList_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); NDR_CHECK(ndr_pull_uint8(ndr, NDR_SCALARS, &r->BackupCount)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->Token)); - NDR_PULL_ALLOC_N(ndr, r->BackupServerList, r->BackupCount); + size_BackupServerList_0 = r->BackupCount; + NDR_PULL_ALLOC_N(ndr, r->BackupServerList, size_BackupServerList_0); _mem_save_BackupServerList_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->BackupServerList, 0); - for (cntr_BackupServerList_0 = 0; cntr_BackupServerList_0 < r->BackupCount; cntr_BackupServerList_0++) { + for (cntr_BackupServerList_0 = 0; cntr_BackupServerList_0 < size_BackupServerList_0; cntr_BackupServerList_0++) { NDR_CHECK(ndr_pull_nbt_name(ndr, NDR_SCALARS, &r->BackupServerList[cntr_BackupServerList_0])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_BackupServerList_0, 0); @@ -2909,11 +2935,13 @@ static enum ndr_err_code ndr_push_nbt_browse_domain_announcement(struct ndr_push static enum ndr_err_code ndr_pull_nbt_browse_domain_announcement(struct ndr_pull *ndr, int ndr_flags, struct nbt_browse_domain_announcement *r) { + uint32_t size_ServerName_0 = 0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); NDR_CHECK(ndr_pull_uint8(ndr, NDR_SCALARS, &r->UpdateCount)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->Periodicity)); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->ServerName, 16, sizeof(uint8_t), CH_DOS)); + size_ServerName_0 = 16; + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->ServerName, size_ServerName_0, sizeof(uint8_t), CH_DOS)); NDR_CHECK(ndr_pull_uint8(ndr, NDR_SCALARS, &r->OSMajor)); NDR_CHECK(ndr_pull_uint8(ndr, NDR_SCALARS, &r->OSMinor)); NDR_CHECK(ndr_pull_svcctl_ServerType(ndr, NDR_SCALARS, &r->ServerType)); @@ -3042,11 +3070,13 @@ static enum ndr_err_code ndr_push_nbt_browse_local_master_announcement(struct nd static enum ndr_err_code ndr_pull_nbt_browse_local_master_announcement(struct ndr_pull *ndr, int ndr_flags, struct nbt_browse_local_master_announcement *r) { + uint32_t size_ServerName_0 = 0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); NDR_CHECK(ndr_pull_uint8(ndr, NDR_SCALARS, &r->UpdateCount)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->Periodicity)); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->ServerName, 16, sizeof(uint8_t), CH_DOS)); + size_ServerName_0 = 16; + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->ServerName, size_ServerName_0, sizeof(uint8_t), CH_DOS)); NDR_CHECK(ndr_pull_uint8(ndr, NDR_SCALARS, &r->OSMajor)); NDR_CHECK(ndr_pull_uint8(ndr, NDR_SCALARS, &r->OSMinor)); NDR_CHECK(ndr_pull_svcctl_ServerType(ndr, NDR_SCALARS, &r->ServerType)); diff --git a/source/librpc/gen_ndr/ndr_netlogon.c b/source/librpc/gen_ndr/ndr_netlogon.c index f0e739c..48e9c58 100644 --- a/source/librpc/gen_ndr/ndr_netlogon.c +++ b/source/librpc/gen_ndr/ndr_netlogon.c @@ -60,12 +60,20 @@ static enum ndr_err_code ndr_push_netr_UasInfo(struct ndr_push *ndr, int ndr_fla static enum ndr_err_code ndr_pull_netr_UasInfo(struct ndr_pull *ndr, int ndr_flags, struct netr_UasInfo *r) { uint32_t _ptr_account_name; + uint32_t size_account_name_1 = 0; + uint32_t length_account_name_1 = 0; TALLOC_CTX *_mem_save_account_name_0; uint32_t _ptr_computer; + uint32_t size_computer_1 = 0; + uint32_t length_computer_1 = 0; TALLOC_CTX *_mem_save_computer_0; uint32_t _ptr_domain; + uint32_t size_domain_1 = 0; + uint32_t length_domain_1 = 0; TALLOC_CTX *_mem_save_domain_0; uint32_t _ptr_script_path; + uint32_t size_script_path_1 = 0; + uint32_t length_script_path_1 = 0; TALLOC_CTX *_mem_save_script_path_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); @@ -112,11 +120,13 @@ static enum ndr_err_code ndr_pull_netr_UasInfo(struct ndr_pull *ndr, int ndr_fla NDR_PULL_SET_MEM_CTX(ndr, r->account_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->account_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->account_name)); - if (ndr_get_array_length(ndr, &r->account_name) > ndr_get_array_size(ndr, &r->account_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->account_name), ndr_get_array_length(ndr, &r->account_name)); + size_account_name_1 = ndr_get_array_size(ndr, &r->account_name); + length_account_name_1 = ndr_get_array_length(ndr, &r->account_name); + if (length_account_name_1 > size_account_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_account_name_1, length_account_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->account_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->account_name, ndr_get_array_length(ndr, &r->account_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_account_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->account_name, length_account_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_account_name_0, 0); } if (r->computer) { @@ -124,11 +134,13 @@ static enum ndr_err_code ndr_pull_netr_UasInfo(struct ndr_pull *ndr, int ndr_fla NDR_PULL_SET_MEM_CTX(ndr, r->computer, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->computer)); NDR_CHECK(ndr_pull_array_length(ndr, &r->computer)); - if (ndr_get_array_length(ndr, &r->computer) > ndr_get_array_size(ndr, &r->computer)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->computer), ndr_get_array_length(ndr, &r->computer)); + size_computer_1 = ndr_get_array_size(ndr, &r->computer); + length_computer_1 = ndr_get_array_length(ndr, &r->computer); + if (length_computer_1 > size_computer_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_computer_1, length_computer_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->computer), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->computer, ndr_get_array_length(ndr, &r->computer), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_computer_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->computer, length_computer_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_computer_0, 0); } if (r->domain) { @@ -136,11 +148,13 @@ static enum ndr_err_code ndr_pull_netr_UasInfo(struct ndr_pull *ndr, int ndr_fla NDR_PULL_SET_MEM_CTX(ndr, r->domain, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->domain)); NDR_CHECK(ndr_pull_array_length(ndr, &r->domain)); - if (ndr_get_array_length(ndr, &r->domain) > ndr_get_array_size(ndr, &r->domain)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->domain), ndr_get_array_length(ndr, &r->domain)); + size_domain_1 = ndr_get_array_size(ndr, &r->domain); + length_domain_1 = ndr_get_array_length(ndr, &r->domain); + if (length_domain_1 > size_domain_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_domain_1, length_domain_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->domain), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->domain, ndr_get_array_length(ndr, &r->domain), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_domain_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->domain, length_domain_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_domain_0, 0); } if (r->script_path) { @@ -148,11 +162,13 @@ static enum ndr_err_code ndr_pull_netr_UasInfo(struct ndr_pull *ndr, int ndr_fla NDR_PULL_SET_MEM_CTX(ndr, r->script_path, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->script_path)); NDR_CHECK(ndr_pull_array_length(ndr, &r->script_path)); - if (ndr_get_array_length(ndr, &r->script_path) > ndr_get_array_size(ndr, &r->script_path)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->script_path), ndr_get_array_length(ndr, &r->script_path)); + size_script_path_1 = ndr_get_array_size(ndr, &r->script_path); + length_script_path_1 = ndr_get_array_length(ndr, &r->script_path); + if (length_script_path_1 > size_script_path_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_script_path_1, length_script_path_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->script_path), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->script_path, ndr_get_array_length(ndr, &r->script_path), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_script_path_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->script_path, length_script_path_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_script_path_0, 0); } } @@ -417,6 +433,8 @@ static enum ndr_err_code ndr_push_netr_ChallengeResponse(struct ndr_push *ndr, i static enum ndr_err_code ndr_pull_netr_ChallengeResponse(struct ndr_pull *ndr, int ndr_flags, struct netr_ChallengeResponse *r) { uint32_t _ptr_data; + uint32_t size_data_1 = 0; + uint32_t length_data_1 = 0; TALLOC_CTX *_mem_save_data_0; { uint32_t _flags_save_STRUCT = ndr->flags; @@ -438,11 +456,13 @@ static enum ndr_err_code ndr_pull_netr_ChallengeResponse(struct ndr_pull *ndr, i NDR_PULL_SET_MEM_CTX(ndr, r->data, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->data)); NDR_CHECK(ndr_pull_array_length(ndr, &r->data)); - if (ndr_get_array_length(ndr, &r->data) > ndr_get_array_size(ndr, &r->data)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->data), ndr_get_array_length(ndr, &r->data)); + size_data_1 = ndr_get_array_size(ndr, &r->data); + length_data_1 = ndr_get_array_length(ndr, &r->data); + if (length_data_1 > size_data_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_data_1, length_data_1); } - NDR_PULL_ALLOC_N(ndr, r->data, ndr_get_array_size(ndr, &r->data)); - NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->data, ndr_get_array_length(ndr, &r->data))); + NDR_PULL_ALLOC_N(ndr, r->data, size_data_1); + NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->data, length_data_1)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_data_0, 0); } if (r->data) { @@ -501,13 +521,15 @@ static enum ndr_err_code ndr_push_netr_NetworkInfo(struct ndr_push *ndr, int ndr static enum ndr_err_code ndr_pull_netr_NetworkInfo(struct ndr_pull *ndr, int ndr_flags, struct netr_NetworkInfo *r) { + uint32_t size_challenge_0 = 0; { uint32_t _flags_save_STRUCT = ndr->flags; ndr_set_flags(&ndr->flags, LIBNDR_PRINT_ARRAY_HEX); if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); NDR_CHECK(ndr_pull_netr_IdentityInfo(ndr, NDR_SCALARS, &r->identity_info)); - NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->challenge, 8)); + size_challenge_0 = 8; + NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->challenge, size_challenge_0)); NDR_CHECK(ndr_pull_netr_ChallengeResponse(ndr, NDR_SCALARS, &r->nt)); NDR_CHECK(ndr_pull_netr_ChallengeResponse(ndr, NDR_SCALARS, &r->lm)); } @@ -612,7 +634,9 @@ _PUBLIC_ enum ndr_err_code ndr_pull_netr_LogonInfo(struct ndr_pull *ndr, int ndr int level; uint16_t _level; TALLOC_CTX *_mem_save_password_0; + uint32_t _ptr_password; TALLOC_CTX *_mem_save_network_0; + uint32_t _ptr_network; level = ndr_pull_get_switch_value(ndr, r); if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, &_level)); @@ -621,7 +645,6 @@ _PUBLIC_ enum ndr_err_code ndr_pull_netr_LogonInfo(struct ndr_pull *ndr, int ndr } switch (level) { case 1: { - uint32_t _ptr_password; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_password)); if (_ptr_password) { NDR_PULL_ALLOC(ndr, r->password); @@ -631,7 +654,6 @@ _PUBLIC_ enum ndr_err_code ndr_pull_netr_LogonInfo(struct ndr_pull *ndr, int ndr break; } case 2: { - uint32_t _ptr_network; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_network)); if (_ptr_network) { NDR_PULL_ALLOC(ndr, r->network); @@ -641,7 +663,6 @@ _PUBLIC_ enum ndr_err_code ndr_pull_netr_LogonInfo(struct ndr_pull *ndr, int ndr break; } case 3: { - uint32_t _ptr_password; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_password)); if (_ptr_password) { NDR_PULL_ALLOC(ndr, r->password); @@ -651,7 +672,6 @@ _PUBLIC_ enum ndr_err_code ndr_pull_netr_LogonInfo(struct ndr_pull *ndr, int ndr break; } case 5: { - uint32_t _ptr_password; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_password)); if (_ptr_password) { NDR_PULL_ALLOC(ndr, r->password); @@ -661,7 +681,6 @@ _PUBLIC_ enum ndr_err_code ndr_pull_netr_LogonInfo(struct ndr_pull *ndr, int ndr break; } case 6: { - uint32_t _ptr_network; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_network)); if (_ptr_network) { NDR_PULL_ALLOC(ndr, r->network); @@ -802,12 +821,14 @@ _PUBLIC_ enum ndr_err_code ndr_push_netr_UserSessionKey(struct ndr_push *ndr, in _PUBLIC_ enum ndr_err_code ndr_pull_netr_UserSessionKey(struct ndr_pull *ndr, int ndr_flags, struct netr_UserSessionKey *r) { + uint32_t size_key_0 = 0; { uint32_t _flags_save_STRUCT = ndr->flags; ndr_set_flags(&ndr->flags, LIBNDR_PRINT_ARRAY_HEX); if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 1)); - NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->key, 16)); + size_key_0 = 16; + NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->key, size_key_0)); } if (ndr_flags & NDR_BUFFERS) { } @@ -847,12 +868,14 @@ _PUBLIC_ enum ndr_err_code ndr_push_netr_LMSessionKey(struct ndr_push *ndr, int _PUBLIC_ enum ndr_err_code ndr_pull_netr_LMSessionKey(struct ndr_pull *ndr, int ndr_flags, struct netr_LMSessionKey *r) { + uint32_t size_key_0 = 0; { uint32_t _flags_save_STRUCT = ndr->flags; ndr_set_flags(&ndr->flags, LIBNDR_PRINT_ARRAY_HEX); if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 1)); - NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->key, 8)); + size_key_0 = 8; + NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->key, size_key_0)); } if (ndr_flags & NDR_BUFFERS) { } @@ -960,6 +983,7 @@ static enum ndr_err_code ndr_pull_netr_SamBaseInfo(struct ndr_pull *ndr, int ndr { uint32_t _ptr_domain_sid; TALLOC_CTX *_mem_save_domain_sid_0; + uint32_t size_unknown_0 = 0; uint32_t cntr_unknown_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); @@ -992,7 +1016,8 @@ static enum ndr_err_code ndr_pull_netr_SamBaseInfo(struct ndr_pull *ndr, int ndr } NDR_CHECK(ndr_pull_netr_LMSessionKey(ndr, NDR_SCALARS, &r->LMSessKey)); NDR_CHECK(ndr_pull_samr_AcctFlags(ndr, NDR_SCALARS, &r->acct_flags)); - for (cntr_unknown_0 = 0; cntr_unknown_0 < 7; cntr_unknown_0++) { + size_unknown_0 = 7; + for (cntr_unknown_0 = 0; cntr_unknown_0 < size_unknown_0; cntr_unknown_0++) { NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->unknown[cntr_unknown_0])); } } @@ -1176,6 +1201,7 @@ _PUBLIC_ enum ndr_err_code ndr_push_netr_SamInfo3(struct ndr_push *ndr, int ndr_ _PUBLIC_ enum ndr_err_code ndr_pull_netr_SamInfo3(struct ndr_pull *ndr, int ndr_flags, struct netr_SamInfo3 *r) { uint32_t _ptr_sids; + uint32_t size_sids_1 = 0; uint32_t cntr_sids_1; TALLOC_CTX *_mem_save_sids_0; TALLOC_CTX *_mem_save_sids_1; @@ -1196,13 +1222,14 @@ _PUBLIC_ enum ndr_err_code ndr_pull_netr_SamInfo3(struct ndr_pull *ndr, int ndr_ _mem_save_sids_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->sids, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->sids)); - NDR_PULL_ALLOC_N(ndr, r->sids, ndr_get_array_size(ndr, &r->sids)); + size_sids_1 = ndr_get_array_size(ndr, &r->sids); + NDR_PULL_ALLOC_N(ndr, r->sids, size_sids_1); _mem_save_sids_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->sids, 0); - for (cntr_sids_1 = 0; cntr_sids_1 < r->sidcount; cntr_sids_1++) { + for (cntr_sids_1 = 0; cntr_sids_1 < size_sids_1; cntr_sids_1++) { NDR_CHECK(ndr_pull_netr_SidAttr(ndr, NDR_SCALARS, &r->sids[cntr_sids_1])); } - for (cntr_sids_1 = 0; cntr_sids_1 < r->sidcount; cntr_sids_1++) { + for (cntr_sids_1 = 0; cntr_sids_1 < size_sids_1; cntr_sids_1++) { NDR_CHECK(ndr_pull_netr_SidAttr(ndr, NDR_BUFFERS, &r->sids[cntr_sids_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_sids_1, 0); @@ -1275,9 +1302,11 @@ static enum ndr_err_code ndr_push_netr_SamInfo6(struct ndr_push *ndr, int ndr_fl static enum ndr_err_code ndr_pull_netr_SamInfo6(struct ndr_pull *ndr, int ndr_flags, struct netr_SamInfo6 *r) { uint32_t _ptr_sids; + uint32_t size_sids_1 = 0; uint32_t cntr_sids_1; TALLOC_CTX *_mem_save_sids_0; TALLOC_CTX *_mem_save_sids_1; + uint32_t size_unknown4_0 = 0; uint32_t cntr_unknown4_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); @@ -1291,7 +1320,8 @@ static enum ndr_err_code ndr_pull_netr_SamInfo6(struct ndr_pull *ndr, int ndr_fl } NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_SCALARS, &r->forest)); NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_SCALARS, &r->principle)); - for (cntr_unknown4_0 = 0; cntr_unknown4_0 < 20; cntr_unknown4_0++) { + size_unknown4_0 = 20; + for (cntr_unknown4_0 = 0; cntr_unknown4_0 < size_unknown4_0; cntr_unknown4_0++) { NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->unknown4[cntr_unknown4_0])); } } @@ -1301,13 +1331,14 @@ static enum ndr_err_code ndr_pull_netr_SamInfo6(struct ndr_pull *ndr, int ndr_fl _mem_save_sids_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->sids, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->sids)); - NDR_PULL_ALLOC_N(ndr, r->sids, ndr_get_array_size(ndr, &r->sids)); + size_sids_1 = ndr_get_array_size(ndr, &r->sids); + NDR_PULL_ALLOC_N(ndr, r->sids, size_sids_1); _mem_save_sids_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->sids, 0); - for (cntr_sids_1 = 0; cntr_sids_1 < r->sidcount; cntr_sids_1++) { + for (cntr_sids_1 = 0; cntr_sids_1 < size_sids_1; cntr_sids_1++) { NDR_CHECK(ndr_pull_netr_SidAttr(ndr, NDR_SCALARS, &r->sids[cntr_sids_1])); } - for (cntr_sids_1 = 0; cntr_sids_1 < r->sidcount; cntr_sids_1++) { + for (cntr_sids_1 = 0; cntr_sids_1 < size_sids_1; cntr_sids_1++) { NDR_CHECK(ndr_pull_netr_SidAttr(ndr, NDR_BUFFERS, &r->sids[cntr_sids_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_sids_1, 0); @@ -1404,9 +1435,12 @@ static enum ndr_err_code ndr_push_netr_PacInfo(struct ndr_push *ndr, int ndr_fla static enum ndr_err_code ndr_pull_netr_PacInfo(struct ndr_pull *ndr, int ndr_flags, struct netr_PacInfo *r) { uint32_t _ptr_pac; + uint32_t size_pac_1 = 0; TALLOC_CTX *_mem_save_pac_0; uint32_t _ptr_auth; + uint32_t size_auth_1 = 0; TALLOC_CTX *_mem_save_auth_0; + uint32_t size_expansionroom_0 = 0; uint32_t cntr_expansionroom_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); @@ -1428,7 +1462,8 @@ static enum ndr_err_code ndr_pull_netr_PacInfo(struct ndr_pull *ndr, int ndr_fla r->auth = NULL; } NDR_CHECK(ndr_pull_netr_UserSessionKey(ndr, NDR_SCALARS, &r->user_session_key)); - for (cntr_expansionroom_0 = 0; cntr_expansionroom_0 < 10; cntr_expansionroom_0++) { + size_expansionroom_0 = 10; + for (cntr_expansionroom_0 = 0; cntr_expansionroom_0 < size_expansionroom_0; cntr_expansionroom_0++) { NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->expansionroom[cntr_expansionroom_0])); } NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_SCALARS, &r->unknown1)); @@ -1441,8 +1476,9 @@ static enum ndr_err_code ndr_pull_netr_PacInfo(struct ndr_pull *ndr, int ndr_fla _mem_save_pac_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->pac, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->pac)); - NDR_PULL_ALLOC_N(ndr, r->pac, ndr_get_array_size(ndr, &r->pac)); - NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->pac, ndr_get_array_size(ndr, &r->pac))); + size_pac_1 = ndr_get_array_size(ndr, &r->pac); + NDR_PULL_ALLOC_N(ndr, r->pac, size_pac_1); + NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->pac, size_pac_1)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_pac_0, 0); } NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_BUFFERS, &r->logon_domain)); @@ -1452,8 +1488,9 @@ static enum ndr_err_code ndr_pull_netr_PacInfo(struct ndr_pull *ndr, int ndr_fla _mem_save_auth_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->auth, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->auth)); - NDR_PULL_ALLOC_N(ndr, r->auth, ndr_get_array_size(ndr, &r->auth)); - NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->auth, ndr_get_array_size(ndr, &r->auth))); + size_auth_1 = ndr_get_array_size(ndr, &r->auth); + NDR_PULL_ALLOC_N(ndr, r->auth, size_auth_1); + NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->auth, size_auth_1)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_auth_0, 0); } NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_BUFFERS, &r->unknown1)); @@ -1585,9 +1622,13 @@ _PUBLIC_ enum ndr_err_code ndr_pull_netr_Validation(struct ndr_pull *ndr, int nd int level; uint16_t _level; TALLOC_CTX *_mem_save_sam2_0; + uint32_t _ptr_sam2; TALLOC_CTX *_mem_save_sam3_0; + uint32_t _ptr_sam3; TALLOC_CTX *_mem_save_pac_0; + uint32_t _ptr_pac; TALLOC_CTX *_mem_save_sam6_0; + uint32_t _ptr_sam6; level = ndr_pull_get_switch_value(ndr, r); if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, &_level)); @@ -1596,7 +1637,6 @@ _PUBLIC_ enum ndr_err_code ndr_pull_netr_Validation(struct ndr_pull *ndr, int nd } switch (level) { case 2: { - uint32_t _ptr_sam2; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_sam2)); if (_ptr_sam2) { NDR_PULL_ALLOC(ndr, r->sam2); @@ -1606,7 +1646,6 @@ _PUBLIC_ enum ndr_err_code ndr_pull_netr_Validation(struct ndr_pull *ndr, int nd break; } case 3: { - uint32_t _ptr_sam3; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_sam3)); if (_ptr_sam3) { NDR_PULL_ALLOC(ndr, r->sam3); @@ -1616,7 +1655,6 @@ _PUBLIC_ enum ndr_err_code ndr_pull_netr_Validation(struct ndr_pull *ndr, int nd break; } case 4: { - uint32_t _ptr_pac; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_pac)); if (_ptr_pac) { NDR_PULL_ALLOC(ndr, r->pac); @@ -1626,7 +1664,6 @@ _PUBLIC_ enum ndr_err_code ndr_pull_netr_Validation(struct ndr_pull *ndr, int nd break; } case 5: { - uint32_t _ptr_pac; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_pac)); if (_ptr_pac) { NDR_PULL_ALLOC(ndr, r->pac); @@ -1636,7 +1673,6 @@ _PUBLIC_ enum ndr_err_code ndr_pull_netr_Validation(struct ndr_pull *ndr, int nd break; } case 6: { - uint32_t _ptr_sam6; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_sam6)); if (_ptr_sam6) { NDR_PULL_ALLOC(ndr, r->sam6); @@ -1777,12 +1813,14 @@ _PUBLIC_ enum ndr_err_code ndr_push_netr_Credential(struct ndr_push *ndr, int nd _PUBLIC_ enum ndr_err_code ndr_pull_netr_Credential(struct ndr_pull *ndr, int ndr_flags, struct netr_Credential *r) { + uint32_t size_data_0 = 0; { uint32_t _flags_save_STRUCT = ndr->flags; ndr_set_flags(&ndr->flags, LIBNDR_PRINT_ARRAY_HEX); if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 1)); - NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->data, 8)); + size_data_0 = 8; + NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->data, size_data_0)); } if (ndr_flags & NDR_BUFFERS) { } @@ -1894,6 +1932,8 @@ static enum ndr_err_code ndr_push_netr_DELTA_DELETE_USER(struct ndr_push *ndr, i static enum ndr_err_code ndr_pull_netr_DELTA_DELETE_USER(struct ndr_pull *ndr, int ndr_flags, struct netr_DELTA_DELETE_USER *r) { uint32_t _ptr_account_name; + uint32_t size_account_name_1 = 0; + uint32_t length_account_name_1 = 0; TALLOC_CTX *_mem_save_account_name_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); @@ -1918,11 +1958,13 @@ static enum ndr_err_code ndr_pull_netr_DELTA_DELETE_USER(struct ndr_pull *ndr, i NDR_PULL_SET_MEM_CTX(ndr, r->account_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->account_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->account_name)); - if (ndr_get_array_length(ndr, &r->account_name) > ndr_get_array_size(ndr, &r->account_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->account_name), ndr_get_array_length(ndr, &r->account_name)); + size_account_name_1 = ndr_get_array_size(ndr, &r->account_name); + length_account_name_1 = ndr_get_array_length(ndr, &r->account_name); + if (length_account_name_1 > size_account_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_account_name_1, length_account_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->account_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->account_name, ndr_get_array_length(ndr, &r->account_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_account_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->account_name, length_account_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_account_name_0, 0); } NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_BUFFERS, &r->unknown1)); @@ -2013,6 +2055,8 @@ static enum ndr_err_code ndr_push_netr_PasswordHistory(struct ndr_push *ndr, int static enum ndr_err_code ndr_pull_netr_PasswordHistory(struct ndr_pull *ndr, int ndr_flags, struct netr_PasswordHistory *r) { + uint32_t size_nt_history_0 = 0; + uint32_t size_lm_history_0 = 0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, &r->nt_length)); @@ -2021,10 +2065,12 @@ static enum ndr_err_code ndr_pull_netr_PasswordHistory(struct ndr_pull *ndr, int NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, &r->lm_length)); NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, &r->lm_size)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->lm_flags)); - NDR_PULL_ALLOC_N(ndr, r->nt_history, r->nt_length); - NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->nt_history, r->nt_length)); - NDR_PULL_ALLOC_N(ndr, r->lm_history, r->lm_length); - NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->lm_history, r->lm_length)); + size_nt_history_0 = r->nt_length; + NDR_PULL_ALLOC_N(ndr, r->nt_history, size_nt_history_0); + NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->nt_history, size_nt_history_0)); + size_lm_history_0 = r->lm_length; + NDR_PULL_ALLOC_N(ndr, r->lm_history, size_lm_history_0); + NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->lm_history, size_lm_history_0)); } if (ndr_flags & NDR_BUFFERS) { } @@ -2175,6 +2221,7 @@ static enum ndr_err_code ndr_push_netr_USER_PRIVATE_INFO(struct ndr_push *ndr, i static enum ndr_err_code ndr_pull_netr_USER_PRIVATE_INFO(struct ndr_pull *ndr, int ndr_flags, struct netr_USER_PRIVATE_INFO *r) { uint32_t _ptr_SensitiveData; + uint32_t size_SensitiveData_1 = 0; TALLOC_CTX *_mem_save_SensitiveData_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); @@ -2200,8 +2247,9 @@ static enum ndr_err_code ndr_pull_netr_USER_PRIVATE_INFO(struct ndr_pull *ndr, i _mem_save_SensitiveData_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->SensitiveData, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->SensitiveData)); - NDR_PULL_ALLOC_N(ndr, r->SensitiveData, ndr_get_array_size(ndr, &r->SensitiveData)); - NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->SensitiveData, ndr_get_array_size(ndr, &r->SensitiveData))); + size_SensitiveData_1 = ndr_get_array_size(ndr, &r->SensitiveData); + NDR_PULL_ALLOC_N(ndr, r->SensitiveData, size_SensitiveData_1); + NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->SensitiveData, size_SensitiveData_1)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_SensitiveData_0, 0); } ndr->flags = _flags_save_uint8; @@ -2682,10 +2730,12 @@ static enum ndr_err_code ndr_push_netr_DELTA_GROUP_MEMBER(struct ndr_push *ndr, static enum ndr_err_code ndr_pull_netr_DELTA_GROUP_MEMBER(struct ndr_pull *ndr, int ndr_flags, struct netr_DELTA_GROUP_MEMBER *r) { uint32_t _ptr_rids; + uint32_t size_rids_1 = 0; uint32_t cntr_rids_1; TALLOC_CTX *_mem_save_rids_0; TALLOC_CTX *_mem_save_rids_1; uint32_t _ptr_attribs; + uint32_t size_attribs_1 = 0; uint32_t cntr_attribs_1; TALLOC_CTX *_mem_save_attribs_0; TALLOC_CTX *_mem_save_attribs_1; @@ -2714,10 +2764,11 @@ static enum ndr_err_code ndr_pull_netr_DELTA_GROUP_MEMBER(struct ndr_pull *ndr, _mem_save_rids_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->rids, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->rids)); - NDR_PULL_ALLOC_N(ndr, r->rids, ndr_get_array_size(ndr, &r->rids)); + size_rids_1 = ndr_get_array_size(ndr, &r->rids); + NDR_PULL_ALLOC_N(ndr, r->rids, size_rids_1); _mem_save_rids_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->rids, 0); - for (cntr_rids_1 = 0; cntr_rids_1 < r->num_rids; cntr_rids_1++) { + for (cntr_rids_1 = 0; cntr_rids_1 < size_rids_1; cntr_rids_1++) { NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->rids[cntr_rids_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_rids_1, 0); @@ -2727,10 +2778,11 @@ static enum ndr_err_code ndr_pull_netr_DELTA_GROUP_MEMBER(struct ndr_pull *ndr, _mem_save_attribs_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->attribs, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->attribs)); - NDR_PULL_ALLOC_N(ndr, r->attribs, ndr_get_array_size(ndr, &r->attribs)); + size_attribs_1 = ndr_get_array_size(ndr, &r->attribs); + NDR_PULL_ALLOC_N(ndr, r->attribs, size_attribs_1); _mem_save_attribs_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->attribs, 0); - for (cntr_attribs_1 = 0; cntr_attribs_1 < r->num_rids; cntr_attribs_1++) { + for (cntr_attribs_1 = 0; cntr_attribs_1 < size_attribs_1; cntr_attribs_1++) { NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->attribs[cntr_attribs_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_attribs_1, 0); @@ -3003,6 +3055,7 @@ static enum ndr_err_code ndr_push_netr_DELTA_POLICY(struct ndr_push *ndr, int nd static enum ndr_err_code ndr_pull_netr_DELTA_POLICY(struct ndr_pull *ndr, int ndr_flags, struct netr_DELTA_POLICY *r) { uint32_t _ptr_eventauditoptions; + uint32_t size_eventauditoptions_1 = 0; uint32_t cntr_eventauditoptions_1; TALLOC_CTX *_mem_save_eventauditoptions_0; TALLOC_CTX *_mem_save_eventauditoptions_1; @@ -3046,10 +3099,11 @@ static enum ndr_err_code ndr_pull_netr_DELTA_POLICY(struct ndr_pull *ndr, int nd _mem_save_eventauditoptions_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->eventauditoptions, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->eventauditoptions)); - NDR_PULL_ALLOC_N(ndr, r->eventauditoptions, ndr_get_array_size(ndr, &r->eventauditoptions)); + size_eventauditoptions_1 = ndr_get_array_size(ndr, &r->eventauditoptions); + NDR_PULL_ALLOC_N(ndr, r->eventauditoptions, size_eventauditoptions_1); _mem_save_eventauditoptions_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->eventauditoptions, 0); - for (cntr_eventauditoptions_1 = 0; cntr_eventauditoptions_1 < r->maxauditeventcount + 1; cntr_eventauditoptions_1++) { + for (cntr_eventauditoptions_1 = 0; cntr_eventauditoptions_1 < size_eventauditoptions_1; cntr_eventauditoptions_1++) { NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->eventauditoptions[cntr_eventauditoptions_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_eventauditoptions_1, 0); @@ -3163,6 +3217,7 @@ static enum ndr_err_code ndr_push_netr_DELTA_TRUSTED_DOMAIN(struct ndr_push *ndr static enum ndr_err_code ndr_pull_netr_DELTA_TRUSTED_DOMAIN(struct ndr_pull *ndr, int ndr_flags, struct netr_DELTA_TRUSTED_DOMAIN *r) { uint32_t _ptr_controller_names; + uint32_t size_controller_names_1 = 0; uint32_t cntr_controller_names_1; TALLOC_CTX *_mem_save_controller_names_0; TALLOC_CTX *_mem_save_controller_names_1; @@ -3193,13 +3248,14 @@ static enum ndr_err_code ndr_pull_netr_DELTA_TRUSTED_DOMAIN(struct ndr_pull *ndr _mem_save_controller_names_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->controller_names, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->controller_names)); - NDR_PULL_ALLOC_N(ndr, r->controller_names, ndr_get_array_size(ndr, &r->controller_names)); + size_controller_names_1 = ndr_get_array_size(ndr, &r->controller_names); + NDR_PULL_ALLOC_N(ndr, r->controller_names, size_controller_names_1); _mem_save_controller_names_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->controller_names, 0); - for (cntr_controller_names_1 = 0; cntr_controller_names_1 < r->num_controllers; cntr_controller_names_1++) { + for (cntr_controller_names_1 = 0; cntr_controller_names_1 < size_controller_names_1; cntr_controller_names_1++) { NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_SCALARS, &r->controller_names[cntr_controller_names_1])); } - for (cntr_controller_names_1 = 0; cntr_controller_names_1 < r->num_controllers; cntr_controller_names_1++) { + for (cntr_controller_names_1 = 0; cntr_controller_names_1 < size_controller_names_1; cntr_controller_names_1++) { NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_BUFFERS, &r->controller_names[cntr_controller_names_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_controller_names_1, 0); @@ -3333,10 +3389,12 @@ static enum ndr_err_code ndr_push_netr_DELTA_ACCOUNT(struct ndr_push *ndr, int n static enum ndr_err_code ndr_pull_netr_DELTA_ACCOUNT(struct ndr_pull *ndr, int ndr_flags, struct netr_DELTA_ACCOUNT *r) { uint32_t _ptr_privilege_attrib; + uint32_t size_privilege_attrib_1 = 0; uint32_t cntr_privilege_attrib_1; TALLOC_CTX *_mem_save_privilege_attrib_0; TALLOC_CTX *_mem_save_privilege_attrib_1; uint32_t _ptr_privilege_name; + uint32_t size_privilege_name_1 = 0; uint32_t cntr_privilege_name_1; TALLOC_CTX *_mem_save_privilege_name_0; TALLOC_CTX *_mem_save_privilege_name_1; @@ -3374,10 +3432,11 @@ static enum ndr_err_code ndr_pull_netr_DELTA_ACCOUNT(struct ndr_pull *ndr, int n _mem_save_privilege_attrib_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->privilege_attrib, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->privilege_attrib)); - NDR_PULL_ALLOC_N(ndr, r->privilege_attrib, ndr_get_array_size(ndr, &r->privilege_attrib)); + size_privilege_attrib_1 = ndr_get_array_size(ndr, &r->privilege_attrib); + NDR_PULL_ALLOC_N(ndr, r->privilege_attrib, size_privilege_attrib_1); _mem_save_privilege_attrib_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->privilege_attrib, 0); - for (cntr_privilege_attrib_1 = 0; cntr_privilege_attrib_1 < r->privilege_entries; cntr_privilege_attrib_1++) { + for (cntr_privilege_attrib_1 = 0; cntr_privilege_attrib_1 < size_privilege_attrib_1; cntr_privilege_attrib_1++) { NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->privilege_attrib[cntr_privilege_attrib_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_privilege_attrib_1, 0); @@ -3387,13 +3446,14 @@ static enum ndr_err_code ndr_pull_netr_DELTA_ACCOUNT(struct ndr_pull *ndr, int n _mem_save_privilege_name_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->privilege_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->privilege_name)); - NDR_PULL_ALLOC_N(ndr, r->privilege_name, ndr_get_array_size(ndr, &r->privilege_name)); + size_privilege_name_1 = ndr_get_array_size(ndr, &r->privilege_name); + NDR_PULL_ALLOC_N(ndr, r->privilege_name, size_privilege_name_1); _mem_save_privilege_name_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->privilege_name, 0); - for (cntr_privilege_name_1 = 0; cntr_privilege_name_1 < r->privilege_entries; cntr_privilege_name_1++) { + for (cntr_privilege_name_1 = 0; cntr_privilege_name_1 < size_privilege_name_1; cntr_privilege_name_1++) { NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_SCALARS, &r->privilege_name[cntr_privilege_name_1])); } - for (cntr_privilege_name_1 = 0; cntr_privilege_name_1 < r->privilege_entries; cntr_privilege_name_1++) { + for (cntr_privilege_name_1 = 0; cntr_privilege_name_1 < size_privilege_name_1; cntr_privilege_name_1++) { NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_BUFFERS, &r->privilege_name[cntr_privilege_name_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_privilege_name_1, 0); @@ -3549,6 +3609,8 @@ static enum ndr_err_code ndr_push_netr_CIPHER_VALUE(struct ndr_push *ndr, int nd static enum ndr_err_code ndr_pull_netr_CIPHER_VALUE(struct ndr_pull *ndr, int ndr_flags, struct netr_CIPHER_VALUE *r) { uint32_t _ptr_cipher_data; + uint32_t size_cipher_data_1 = 0; + uint32_t length_cipher_data_1 = 0; TALLOC_CTX *_mem_save_cipher_data_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); @@ -3567,11 +3629,13 @@ static enum ndr_err_code ndr_pull_netr_CIPHER_VALUE(struct ndr_pull *ndr, int nd NDR_PULL_SET_MEM_CTX(ndr, r->cipher_data, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->cipher_data)); NDR_CHECK(ndr_pull_array_length(ndr, &r->cipher_data)); - if (ndr_get_array_length(ndr, &r->cipher_data) > ndr_get_array_size(ndr, &r->cipher_data)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->cipher_data), ndr_get_array_length(ndr, &r->cipher_data)); + size_cipher_data_1 = ndr_get_array_size(ndr, &r->cipher_data); + length_cipher_data_1 = ndr_get_array_length(ndr, &r->cipher_data); + if (length_cipher_data_1 > size_cipher_data_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_cipher_data_1, length_cipher_data_1); } - NDR_PULL_ALLOC_N(ndr, r->cipher_data, ndr_get_array_size(ndr, &r->cipher_data)); - NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->cipher_data, ndr_get_array_length(ndr, &r->cipher_data))); + NDR_PULL_ALLOC_N(ndr, r->cipher_data, size_cipher_data_1); + NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->cipher_data, length_cipher_data_1)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_cipher_data_0, 0); } if (r->cipher_data) { @@ -3951,21 +4015,37 @@ static enum ndr_err_code ndr_pull_netr_DELTA_UNION(struct ndr_pull *ndr, int ndr int level; uint16_t _level; TALLOC_CTX *_mem_save_domain_0; + uint32_t _ptr_domain; TALLOC_CTX *_mem_save_group_0; + uint32_t _ptr_group; TALLOC_CTX *_mem_save_rename_group_0; + uint32_t _ptr_rename_group; TALLOC_CTX *_mem_save_user_0; + uint32_t _ptr_user; TALLOC_CTX *_mem_save_rename_user_0; + uint32_t _ptr_rename_user; TALLOC_CTX *_mem_save_group_member_0; + uint32_t _ptr_group_member; TALLOC_CTX *_mem_save_alias_0; + uint32_t _ptr_alias; TALLOC_CTX *_mem_save_rename_alias_0; + uint32_t _ptr_rename_alias; TALLOC_CTX *_mem_save_alias_member_0; + uint32_t _ptr_alias_member; TALLOC_CTX *_mem_save_policy_0; + uint32_t _ptr_policy; TALLOC_CTX *_mem_save_trusted_domain_0; + uint32_t _ptr_trusted_domain; TALLOC_CTX *_mem_save_account_0; + uint32_t _ptr_account; TALLOC_CTX *_mem_save_secret_0; + uint32_t _ptr_secret; TALLOC_CTX *_mem_save_delete_group_0; + uint32_t _ptr_delete_group; TALLOC_CTX *_mem_save_delete_user_0; + uint32_t _ptr_delete_user; TALLOC_CTX *_mem_save_modified_count_0; + uint32_t _ptr_modified_count; level = ndr_pull_get_switch_value(ndr, r); if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, &_level)); @@ -3974,7 +4054,6 @@ static enum ndr_err_code ndr_pull_netr_DELTA_UNION(struct ndr_pull *ndr, int ndr } switch (level) { case NETR_DELTA_DOMAIN: { - uint32_t _ptr_domain; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_domain)); if (_ptr_domain) { NDR_PULL_ALLOC(ndr, r->domain); @@ -3984,7 +4063,6 @@ static enum ndr_err_code ndr_pull_netr_DELTA_UNION(struct ndr_pull *ndr, int ndr break; } case NETR_DELTA_GROUP: { - uint32_t _ptr_group; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_group)); if (_ptr_group) { NDR_PULL_ALLOC(ndr, r->group); @@ -3997,7 +4075,6 @@ static enum ndr_err_code ndr_pull_netr_DELTA_UNION(struct ndr_pull *ndr, int ndr break; } case NETR_DELTA_RENAME_GROUP: { - uint32_t _ptr_rename_group; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_rename_group)); if (_ptr_rename_group) { NDR_PULL_ALLOC(ndr, r->rename_group); @@ -4007,7 +4084,6 @@ static enum ndr_err_code ndr_pull_netr_DELTA_UNION(struct ndr_pull *ndr, int ndr break; } case NETR_DELTA_USER: { - uint32_t _ptr_user; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_user)); if (_ptr_user) { NDR_PULL_ALLOC(ndr, r->user); @@ -4020,7 +4096,6 @@ static enum ndr_err_code ndr_pull_netr_DELTA_UNION(struct ndr_pull *ndr, int ndr break; } case NETR_DELTA_RENAME_USER: { - uint32_t _ptr_rename_user; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_rename_user)); if (_ptr_rename_user) { NDR_PULL_ALLOC(ndr, r->rename_user); @@ -4030,7 +4105,6 @@ static enum ndr_err_code ndr_pull_netr_DELTA_UNION(struct ndr_pull *ndr, int ndr break; } case NETR_DELTA_GROUP_MEMBER: { - uint32_t _ptr_group_member; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_group_member)); if (_ptr_group_member) { NDR_PULL_ALLOC(ndr, r->group_member); @@ -4040,7 +4114,6 @@ static enum ndr_err_code ndr_pull_netr_DELTA_UNION(struct ndr_pull *ndr, int ndr break; } case NETR_DELTA_ALIAS: { - uint32_t _ptr_alias; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_alias)); if (_ptr_alias) { NDR_PULL_ALLOC(ndr, r->alias); @@ -4053,7 +4126,6 @@ static enum ndr_err_code ndr_pull_netr_DELTA_UNION(struct ndr_pull *ndr, int ndr break; } case NETR_DELTA_RENAME_ALIAS: { - uint32_t _ptr_rename_alias; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_rename_alias)); if (_ptr_rename_alias) { NDR_PULL_ALLOC(ndr, r->rename_alias); @@ -4063,7 +4135,6 @@ static enum ndr_err_code ndr_pull_netr_DELTA_UNION(struct ndr_pull *ndr, int ndr break; } case NETR_DELTA_ALIAS_MEMBER: { - uint32_t _ptr_alias_member; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_alias_member)); if (_ptr_alias_member) { NDR_PULL_ALLOC(ndr, r->alias_member); @@ -4073,7 +4144,6 @@ static enum ndr_err_code ndr_pull_netr_DELTA_UNION(struct ndr_pull *ndr, int ndr break; } case NETR_DELTA_POLICY: { - uint32_t _ptr_policy; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_policy)); if (_ptr_policy) { NDR_PULL_ALLOC(ndr, r->policy); @@ -4083,7 +4153,6 @@ static enum ndr_err_code ndr_pull_netr_DELTA_UNION(struct ndr_pull *ndr, int ndr break; } case NETR_DELTA_TRUSTED_DOMAIN: { - uint32_t _ptr_trusted_domain; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_trusted_domain)); if (_ptr_trusted_domain) { NDR_PULL_ALLOC(ndr, r->trusted_domain); @@ -4097,7 +4166,6 @@ static enum ndr_err_code ndr_pull_netr_DELTA_UNION(struct ndr_pull *ndr, int ndr break; } case NETR_DELTA_ACCOUNT: { - uint32_t _ptr_account; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_account)); if (_ptr_account) { NDR_PULL_ALLOC(ndr, r->account); @@ -4111,7 +4179,6 @@ static enum ndr_err_code ndr_pull_netr_DELTA_UNION(struct ndr_pull *ndr, int ndr break; } case NETR_DELTA_SECRET: { - uint32_t _ptr_secret; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_secret)); if (_ptr_secret) { NDR_PULL_ALLOC(ndr, r->secret); @@ -4125,7 +4192,6 @@ static enum ndr_err_code ndr_pull_netr_DELTA_UNION(struct ndr_pull *ndr, int ndr break; } case NETR_DELTA_DELETE_GROUP2: { - uint32_t _ptr_delete_group; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_delete_group)); if (_ptr_delete_group) { NDR_PULL_ALLOC(ndr, r->delete_group); @@ -4135,7 +4201,6 @@ static enum ndr_err_code ndr_pull_netr_DELTA_UNION(struct ndr_pull *ndr, int ndr break; } case NETR_DELTA_DELETE_USER2: { - uint32_t _ptr_delete_user; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_delete_user)); if (_ptr_delete_user) { NDR_PULL_ALLOC(ndr, r->delete_user); @@ -4145,7 +4210,6 @@ static enum ndr_err_code ndr_pull_netr_DELTA_UNION(struct ndr_pull *ndr, int ndr break; } case NETR_DELTA_MODIFY_COUNT: { - uint32_t _ptr_modified_count; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_modified_count)); if (_ptr_modified_count) { NDR_PULL_ALLOC(ndr, r->modified_count); @@ -4710,7 +4774,11 @@ static enum ndr_err_code ndr_pull_netr_DELTA_ID_UNION(struct ndr_pull *ndr, int int level; uint16_t _level; TALLOC_CTX *_mem_save_sid_0; + uint32_t _ptr_sid; TALLOC_CTX *_mem_save_name_0; + uint32_t _ptr_name; + uint32_t size_name_1 = 0; + uint32_t length_name_1 = 0; level = ndr_pull_get_switch_value(ndr, r); if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, &_level)); @@ -4767,7 +4835,6 @@ static enum ndr_err_code ndr_pull_netr_DELTA_ID_UNION(struct ndr_pull *ndr, int break; } case NETR_DELTA_POLICY: { - uint32_t _ptr_sid; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_sid)); if (_ptr_sid) { NDR_PULL_ALLOC(ndr, r->sid); @@ -4777,7 +4844,6 @@ static enum ndr_err_code ndr_pull_netr_DELTA_ID_UNION(struct ndr_pull *ndr, int break; } case NETR_DELTA_TRUSTED_DOMAIN: { - uint32_t _ptr_sid; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_sid)); if (_ptr_sid) { NDR_PULL_ALLOC(ndr, r->sid); @@ -4787,7 +4853,6 @@ static enum ndr_err_code ndr_pull_netr_DELTA_ID_UNION(struct ndr_pull *ndr, int break; } case NETR_DELTA_DELETE_TRUST: { - uint32_t _ptr_sid; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_sid)); if (_ptr_sid) { NDR_PULL_ALLOC(ndr, r->sid); @@ -4797,7 +4862,6 @@ static enum ndr_err_code ndr_pull_netr_DELTA_ID_UNION(struct ndr_pull *ndr, int break; } case NETR_DELTA_ACCOUNT: { - uint32_t _ptr_sid; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_sid)); if (_ptr_sid) { NDR_PULL_ALLOC(ndr, r->sid); @@ -4807,7 +4871,6 @@ static enum ndr_err_code ndr_pull_netr_DELTA_ID_UNION(struct ndr_pull *ndr, int break; } case NETR_DELTA_DELETE_ACCOUNT: { - uint32_t _ptr_sid; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_sid)); if (_ptr_sid) { NDR_PULL_ALLOC(ndr, r->sid); @@ -4817,7 +4880,6 @@ static enum ndr_err_code ndr_pull_netr_DELTA_ID_UNION(struct ndr_pull *ndr, int break; } case NETR_DELTA_SECRET: { - uint32_t _ptr_name; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_name)); if (_ptr_name) { NDR_PULL_ALLOC(ndr, r->name); @@ -4827,7 +4889,6 @@ static enum ndr_err_code ndr_pull_netr_DELTA_ID_UNION(struct ndr_pull *ndr, int break; } case NETR_DELTA_DELETE_SECRET: { - uint32_t _ptr_name; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_name)); if (_ptr_name) { NDR_PULL_ALLOC(ndr, r->name); @@ -4940,11 +5001,13 @@ static enum ndr_err_code ndr_pull_netr_DELTA_ID_UNION(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->name)); - if (ndr_get_array_length(ndr, &r->name) > ndr_get_array_size(ndr, &r->name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->name), ndr_get_array_length(ndr, &r->name)); + size_name_1 = ndr_get_array_size(ndr, &r->name); + length_name_1 = ndr_get_array_length(ndr, &r->name); + if (length_name_1 > size_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_name_1, length_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->name, ndr_get_array_length(ndr, &r->name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->name, length_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_name_0, 0); } break; @@ -4955,11 +5018,13 @@ static enum ndr_err_code ndr_pull_netr_DELTA_ID_UNION(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->name)); - if (ndr_get_array_length(ndr, &r->name) > ndr_get_array_size(ndr, &r->name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->name), ndr_get_array_length(ndr, &r->name)); + size_name_1 = ndr_get_array_size(ndr, &r->name); + length_name_1 = ndr_get_array_length(ndr, &r->name); + if (length_name_1 > size_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_name_1, length_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->name, ndr_get_array_length(ndr, &r->name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->name, length_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_name_0, 0); } break; @@ -5184,6 +5249,7 @@ static enum ndr_err_code ndr_push_netr_DELTA_ENUM_ARRAY(struct ndr_push *ndr, in static enum ndr_err_code ndr_pull_netr_DELTA_ENUM_ARRAY(struct ndr_pull *ndr, int ndr_flags, struct netr_DELTA_ENUM_ARRAY *r) { uint32_t _ptr_delta_enum; + uint32_t size_delta_enum_1 = 0; uint32_t cntr_delta_enum_1; TALLOC_CTX *_mem_save_delta_enum_0; TALLOC_CTX *_mem_save_delta_enum_1; @@ -5202,13 +5268,14 @@ static enum ndr_err_code ndr_pull_netr_DELTA_ENUM_ARRAY(struct ndr_pull *ndr, in _mem_save_delta_enum_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->delta_enum, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->delta_enum)); - NDR_PULL_ALLOC_N(ndr, r->delta_enum, ndr_get_array_size(ndr, &r->delta_enum)); + size_delta_enum_1 = ndr_get_array_size(ndr, &r->delta_enum); + NDR_PULL_ALLOC_N(ndr, r->delta_enum, size_delta_enum_1); _mem_save_delta_enum_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->delta_enum, 0); - for (cntr_delta_enum_1 = 0; cntr_delta_enum_1 < r->num_deltas; cntr_delta_enum_1++) { + for (cntr_delta_enum_1 = 0; cntr_delta_enum_1 < size_delta_enum_1; cntr_delta_enum_1++) { NDR_CHECK(ndr_pull_netr_DELTA_ENUM(ndr, NDR_SCALARS, &r->delta_enum[cntr_delta_enum_1])); } - for (cntr_delta_enum_1 = 0; cntr_delta_enum_1 < r->num_deltas; cntr_delta_enum_1++) { + for (cntr_delta_enum_1 = 0; cntr_delta_enum_1 < size_delta_enum_1; cntr_delta_enum_1++) { NDR_CHECK(ndr_pull_netr_DELTA_ENUM(ndr, NDR_BUFFERS, &r->delta_enum[cntr_delta_enum_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_delta_enum_1, 0); @@ -5265,12 +5332,14 @@ static enum ndr_err_code ndr_push_netr_UAS_INFO_0(struct ndr_push *ndr, int ndr_ static enum ndr_err_code ndr_pull_netr_UAS_INFO_0(struct ndr_pull *ndr, int ndr_flags, struct netr_UAS_INFO_0 *r) { + uint32_t size_computer_name_0 = 0; { uint32_t _flags_save_STRUCT = ndr->flags; ndr_set_flags(&ndr->flags, LIBNDR_PRINT_ARRAY_HEX); if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); - NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->computer_name, 16)); + size_computer_name_0 = 16; + NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->computer_name, size_computer_name_0)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->timecreated)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->serial_number)); } @@ -5416,6 +5485,8 @@ static enum ndr_err_code ndr_push_netr_NETLOGON_INFO_2(struct ndr_push *ndr, int static enum ndr_err_code ndr_pull_netr_NETLOGON_INFO_2(struct ndr_pull *ndr, int ndr_flags, struct netr_NETLOGON_INFO_2 *r) { uint32_t _ptr_trusted_dc_name; + uint32_t size_trusted_dc_name_1 = 0; + uint32_t length_trusted_dc_name_1 = 0; TALLOC_CTX *_mem_save_trusted_dc_name_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); @@ -5435,11 +5506,13 @@ static enum ndr_err_code ndr_pull_netr_NETLOGON_INFO_2(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->trusted_dc_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->trusted_dc_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->trusted_dc_name)); - if (ndr_get_array_length(ndr, &r->trusted_dc_name) > ndr_get_array_size(ndr, &r->trusted_dc_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->trusted_dc_name), ndr_get_array_length(ndr, &r->trusted_dc_name)); + size_trusted_dc_name_1 = ndr_get_array_size(ndr, &r->trusted_dc_name); + length_trusted_dc_name_1 = ndr_get_array_length(ndr, &r->trusted_dc_name); + if (length_trusted_dc_name_1 > size_trusted_dc_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_trusted_dc_name_1, length_trusted_dc_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->trusted_dc_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->trusted_dc_name, ndr_get_array_length(ndr, &r->trusted_dc_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_trusted_dc_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->trusted_dc_name, length_trusted_dc_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_trusted_dc_name_0, 0); } } @@ -5565,8 +5638,11 @@ static enum ndr_err_code ndr_pull_netr_CONTROL_QUERY_INFORMATION(struct ndr_pull int level; uint32_t _level; TALLOC_CTX *_mem_save_info1_0; + uint32_t _ptr_info1; TALLOC_CTX *_mem_save_info2_0; + uint32_t _ptr_info2; TALLOC_CTX *_mem_save_info3_0; + uint32_t _ptr_info3; level = ndr_pull_get_switch_value(ndr, r); if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &_level)); @@ -5575,7 +5651,6 @@ static enum ndr_err_code ndr_pull_netr_CONTROL_QUERY_INFORMATION(struct ndr_pull } switch (level) { case 1: { - uint32_t _ptr_info1; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info1)); if (_ptr_info1) { NDR_PULL_ALLOC(ndr, r->info1); @@ -5585,7 +5660,6 @@ static enum ndr_err_code ndr_pull_netr_CONTROL_QUERY_INFORMATION(struct ndr_pull break; } case 2: { - uint32_t _ptr_info2; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info2)); if (_ptr_info2) { NDR_PULL_ALLOC(ndr, r->info2); @@ -5595,7 +5669,6 @@ static enum ndr_err_code ndr_pull_netr_CONTROL_QUERY_INFORMATION(struct ndr_pull break; } case 3: { - uint32_t _ptr_info3; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info3)); if (_ptr_info3) { NDR_PULL_ALLOC(ndr, r->info3); @@ -5781,6 +5854,9 @@ static enum ndr_err_code ndr_pull_netr_CONTROL_DATA_INFORMATION(struct ndr_pull int level; uint32_t _level; TALLOC_CTX *_mem_save_domain_0; + uint32_t _ptr_domain; + uint32_t size_domain_1 = 0; + uint32_t length_domain_1 = 0; level = ndr_pull_get_switch_value(ndr, r); if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &_level)); @@ -5789,7 +5865,6 @@ static enum ndr_err_code ndr_pull_netr_CONTROL_DATA_INFORMATION(struct ndr_pull } switch (level) { case NETLOGON_CONTROL_REDISCOVER: { - uint32_t _ptr_domain; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_domain)); if (_ptr_domain) { NDR_PULL_ALLOC(ndr, r->domain); @@ -5799,7 +5874,6 @@ static enum ndr_err_code ndr_pull_netr_CONTROL_DATA_INFORMATION(struct ndr_pull break; } case NETLOGON_CONTROL_TC_QUERY: { - uint32_t _ptr_domain; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_domain)); if (_ptr_domain) { NDR_PULL_ALLOC(ndr, r->domain); @@ -5809,7 +5883,6 @@ static enum ndr_err_code ndr_pull_netr_CONTROL_DATA_INFORMATION(struct ndr_pull break; } case NETLOGON_CONTROL_TRANSPORT_NOTIFY: { - uint32_t _ptr_domain; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_domain)); if (_ptr_domain) { NDR_PULL_ALLOC(ndr, r->domain); @@ -5834,11 +5907,13 @@ static enum ndr_err_code ndr_pull_netr_CONTROL_DATA_INFORMATION(struct ndr_pull NDR_PULL_SET_MEM_CTX(ndr, r->domain, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->domain)); NDR_CHECK(ndr_pull_array_length(ndr, &r->domain)); - if (ndr_get_array_length(ndr, &r->domain) > ndr_get_array_size(ndr, &r->domain)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->domain), ndr_get_array_length(ndr, &r->domain)); + size_domain_1 = ndr_get_array_size(ndr, &r->domain); + length_domain_1 = ndr_get_array_length(ndr, &r->domain); + if (length_domain_1 > size_domain_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_domain_1, length_domain_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->domain), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->domain, ndr_get_array_length(ndr, &r->domain), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_domain_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->domain, length_domain_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_domain_0, 0); } break; @@ -5849,11 +5924,13 @@ static enum ndr_err_code ndr_pull_netr_CONTROL_DATA_INFORMATION(struct ndr_pull NDR_PULL_SET_MEM_CTX(ndr, r->domain, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->domain)); NDR_CHECK(ndr_pull_array_length(ndr, &r->domain)); - if (ndr_get_array_length(ndr, &r->domain) > ndr_get_array_size(ndr, &r->domain)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->domain), ndr_get_array_length(ndr, &r->domain)); + size_domain_1 = ndr_get_array_size(ndr, &r->domain); + length_domain_1 = ndr_get_array_length(ndr, &r->domain); + if (length_domain_1 > size_domain_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_domain_1, length_domain_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->domain), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->domain, ndr_get_array_length(ndr, &r->domain), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_domain_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->domain, length_domain_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_domain_0, 0); } break; @@ -5864,11 +5941,13 @@ static enum ndr_err_code ndr_pull_netr_CONTROL_DATA_INFORMATION(struct ndr_pull NDR_PULL_SET_MEM_CTX(ndr, r->domain, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->domain)); NDR_CHECK(ndr_pull_array_length(ndr, &r->domain)); - if (ndr_get_array_length(ndr, &r->domain) > ndr_get_array_size(ndr, &r->domain)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->domain), ndr_get_array_length(ndr, &r->domain)); + size_domain_1 = ndr_get_array_size(ndr, &r->domain); + length_domain_1 = ndr_get_array_length(ndr, &r->domain); + if (length_domain_1 > size_domain_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_domain_1, length_domain_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->domain), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->domain, ndr_get_array_length(ndr, &r->domain), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_domain_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->domain, length_domain_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_domain_0, 0); } break; @@ -6175,6 +6254,7 @@ static enum ndr_err_code ndr_push_netr_Blob(struct ndr_push *ndr, int ndr_flags, static enum ndr_err_code ndr_pull_netr_Blob(struct ndr_pull *ndr, int ndr_flags, struct netr_Blob *r) { uint32_t _ptr_data; + uint32_t size_data_1 = 0; TALLOC_CTX *_mem_save_data_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); @@ -6191,8 +6271,9 @@ static enum ndr_err_code ndr_pull_netr_Blob(struct ndr_pull *ndr, int ndr_flags, _mem_save_data_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->data, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->data)); - NDR_PULL_ALLOC_N(ndr, r->data, ndr_get_array_size(ndr, &r->data)); - NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->data, ndr_get_array_size(ndr, &r->data))); + size_data_1 = ndr_get_array_size(ndr, &r->data); + NDR_PULL_ALLOC_N(ndr, r->data, size_data_1); + NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->data, size_data_1)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_data_0, 0); } if (r->data) { @@ -6375,16 +6456,28 @@ _PUBLIC_ enum ndr_err_code ndr_push_netr_DsRGetDCNameInfo(struct ndr_push *ndr, _PUBLIC_ enum ndr_err_code ndr_pull_netr_DsRGetDCNameInfo(struct ndr_pull *ndr, int ndr_flags, struct netr_DsRGetDCNameInfo *r) { uint32_t _ptr_dc_unc; + uint32_t size_dc_unc_1 = 0; + uint32_t length_dc_unc_1 = 0; TALLOC_CTX *_mem_save_dc_unc_0; uint32_t _ptr_dc_address; + uint32_t size_dc_address_1 = 0; + uint32_t length_dc_address_1 = 0; TALLOC_CTX *_mem_save_dc_address_0; uint32_t _ptr_domain_name; + uint32_t size_domain_name_1 = 0; + uint32_t length_domain_name_1 = 0; TALLOC_CTX *_mem_save_domain_name_0; uint32_t _ptr_forest_name; + uint32_t size_forest_name_1 = 0; + uint32_t length_forest_name_1 = 0; TALLOC_CTX *_mem_save_forest_name_0; uint32_t _ptr_dc_site_name; + uint32_t size_dc_site_name_1 = 0; + uint32_t length_dc_site_name_1 = 0; TALLOC_CTX *_mem_save_dc_site_name_0; uint32_t _ptr_client_site_name; + uint32_t size_client_site_name_1 = 0; + uint32_t length_client_site_name_1 = 0; TALLOC_CTX *_mem_save_client_site_name_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); @@ -6434,11 +6527,13 @@ _PUBLIC_ enum ndr_err_code ndr_pull_netr_DsRGetDCNameInfo(struct ndr_pull *ndr, NDR_PULL_SET_MEM_CTX(ndr, r->dc_unc, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->dc_unc)); NDR_CHECK(ndr_pull_array_length(ndr, &r->dc_unc)); - if (ndr_get_array_length(ndr, &r->dc_unc) > ndr_get_array_size(ndr, &r->dc_unc)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->dc_unc), ndr_get_array_length(ndr, &r->dc_unc)); + size_dc_unc_1 = ndr_get_array_size(ndr, &r->dc_unc); + length_dc_unc_1 = ndr_get_array_length(ndr, &r->dc_unc); + if (length_dc_unc_1 > size_dc_unc_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_dc_unc_1, length_dc_unc_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->dc_unc), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->dc_unc, ndr_get_array_length(ndr, &r->dc_unc), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_dc_unc_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->dc_unc, length_dc_unc_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_dc_unc_0, 0); } if (r->dc_address) { @@ -6446,11 +6541,13 @@ _PUBLIC_ enum ndr_err_code ndr_pull_netr_DsRGetDCNameInfo(struct ndr_pull *ndr, NDR_PULL_SET_MEM_CTX(ndr, r->dc_address, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->dc_address)); NDR_CHECK(ndr_pull_array_length(ndr, &r->dc_address)); - if (ndr_get_array_length(ndr, &r->dc_address) > ndr_get_array_size(ndr, &r->dc_address)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->dc_address), ndr_get_array_length(ndr, &r->dc_address)); + size_dc_address_1 = ndr_get_array_size(ndr, &r->dc_address); + length_dc_address_1 = ndr_get_array_length(ndr, &r->dc_address); + if (length_dc_address_1 > size_dc_address_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_dc_address_1, length_dc_address_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->dc_address), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->dc_address, ndr_get_array_length(ndr, &r->dc_address), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_dc_address_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->dc_address, length_dc_address_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_dc_address_0, 0); } if (r->domain_name) { @@ -6458,11 +6555,13 @@ _PUBLIC_ enum ndr_err_code ndr_pull_netr_DsRGetDCNameInfo(struct ndr_pull *ndr, NDR_PULL_SET_MEM_CTX(ndr, r->domain_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->domain_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->domain_name)); - if (ndr_get_array_length(ndr, &r->domain_name) > ndr_get_array_size(ndr, &r->domain_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->domain_name), ndr_get_array_length(ndr, &r->domain_name)); + size_domain_name_1 = ndr_get_array_size(ndr, &r->domain_name); + length_domain_name_1 = ndr_get_array_length(ndr, &r->domain_name); + if (length_domain_name_1 > size_domain_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_domain_name_1, length_domain_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->domain_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->domain_name, ndr_get_array_length(ndr, &r->domain_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_domain_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->domain_name, length_domain_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_domain_name_0, 0); } if (r->forest_name) { @@ -6470,11 +6569,13 @@ _PUBLIC_ enum ndr_err_code ndr_pull_netr_DsRGetDCNameInfo(struct ndr_pull *ndr, NDR_PULL_SET_MEM_CTX(ndr, r->forest_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->forest_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->forest_name)); - if (ndr_get_array_length(ndr, &r->forest_name) > ndr_get_array_size(ndr, &r->forest_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->forest_name), ndr_get_array_length(ndr, &r->forest_name)); + size_forest_name_1 = ndr_get_array_size(ndr, &r->forest_name); + length_forest_name_1 = ndr_get_array_length(ndr, &r->forest_name); + if (length_forest_name_1 > size_forest_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_forest_name_1, length_forest_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->forest_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->forest_name, ndr_get_array_length(ndr, &r->forest_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_forest_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->forest_name, length_forest_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_forest_name_0, 0); } if (r->dc_site_name) { @@ -6482,11 +6583,13 @@ _PUBLIC_ enum ndr_err_code ndr_pull_netr_DsRGetDCNameInfo(struct ndr_pull *ndr, NDR_PULL_SET_MEM_CTX(ndr, r->dc_site_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->dc_site_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->dc_site_name)); - if (ndr_get_array_length(ndr, &r->dc_site_name) > ndr_get_array_size(ndr, &r->dc_site_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->dc_site_name), ndr_get_array_length(ndr, &r->dc_site_name)); + size_dc_site_name_1 = ndr_get_array_size(ndr, &r->dc_site_name); + length_dc_site_name_1 = ndr_get_array_length(ndr, &r->dc_site_name); + if (length_dc_site_name_1 > size_dc_site_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_dc_site_name_1, length_dc_site_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->dc_site_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->dc_site_name, ndr_get_array_length(ndr, &r->dc_site_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_dc_site_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->dc_site_name, length_dc_site_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_dc_site_name_0, 0); } if (r->client_site_name) { @@ -6494,11 +6597,13 @@ _PUBLIC_ enum ndr_err_code ndr_pull_netr_DsRGetDCNameInfo(struct ndr_pull *ndr, NDR_PULL_SET_MEM_CTX(ndr, r->client_site_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->client_site_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->client_site_name)); - if (ndr_get_array_length(ndr, &r->client_site_name) > ndr_get_array_size(ndr, &r->client_site_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->client_site_name), ndr_get_array_length(ndr, &r->client_site_name)); + size_client_site_name_1 = ndr_get_array_size(ndr, &r->client_site_name); + length_client_site_name_1 = ndr_get_array_length(ndr, &r->client_site_name); + if (length_client_site_name_1 > size_client_site_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_client_site_name_1, length_client_site_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->client_site_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->client_site_name, ndr_get_array_length(ndr, &r->client_site_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_client_site_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->client_site_name, length_client_site_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_client_site_name_0, 0); } } @@ -6654,6 +6759,8 @@ static enum ndr_err_code ndr_push_netr_BinaryString(struct ndr_push *ndr, int nd static enum ndr_err_code ndr_pull_netr_BinaryString(struct ndr_pull *ndr, int ndr_flags, struct netr_BinaryString *r) { uint32_t _ptr_data; + uint32_t size_data_1 = 0; + uint32_t length_data_1 = 0; uint32_t cntr_data_1; TALLOC_CTX *_mem_save_data_0; TALLOC_CTX *_mem_save_data_1; @@ -6677,13 +6784,15 @@ static enum ndr_err_code ndr_pull_netr_BinaryString(struct ndr_pull *ndr, int nd NDR_PULL_SET_MEM_CTX(ndr, r->data, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->data)); NDR_CHECK(ndr_pull_array_length(ndr, &r->data)); - if (ndr_get_array_length(ndr, &r->data) > ndr_get_array_size(ndr, &r->data)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->data), ndr_get_array_length(ndr, &r->data)); + size_data_1 = ndr_get_array_size(ndr, &r->data); + length_data_1 = ndr_get_array_length(ndr, &r->data); + if (length_data_1 > size_data_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_data_1, length_data_1); } - NDR_PULL_ALLOC_N(ndr, r->data, ndr_get_array_size(ndr, &r->data)); + NDR_PULL_ALLOC_N(ndr, r->data, size_data_1); _mem_save_data_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->data, 0); - for (cntr_data_1 = 0; cntr_data_1 < r->length / 2; cntr_data_1++) { + for (cntr_data_1 = 0; cntr_data_1 < length_data_1; cntr_data_1++) { NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, &r->data[cntr_data_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_data_1, 0); @@ -6800,17 +6909,30 @@ static enum ndr_err_code ndr_push_netr_DomainQuery1(struct ndr_push *ndr, int nd static enum ndr_err_code ndr_pull_netr_DomainQuery1(struct ndr_pull *ndr, int ndr_flags, struct netr_DomainQuery1 *r) { uint32_t _ptr_workstation_domain; + uint32_t size_workstation_domain_1 = 0; + uint32_t length_workstation_domain_1 = 0; TALLOC_CTX *_mem_save_workstation_domain_0; uint32_t _ptr_workstation_site; + uint32_t size_workstation_site_1 = 0; + uint32_t length_workstation_site_1 = 0; TALLOC_CTX *_mem_save_workstation_site_0; uint32_t _ptr_unknown1; + uint32_t size_unknown1_1 = 0; + uint32_t length_unknown1_1 = 0; TALLOC_CTX *_mem_save_unknown1_0; uint32_t _ptr_unknown2; + uint32_t size_unknown2_1 = 0; + uint32_t length_unknown2_1 = 0; TALLOC_CTX *_mem_save_unknown2_0; uint32_t _ptr_unknown3; + uint32_t size_unknown3_1 = 0; + uint32_t length_unknown3_1 = 0; TALLOC_CTX *_mem_save_unknown3_0; uint32_t _ptr_unknown4; + uint32_t size_unknown4_1 = 0; + uint32_t length_unknown4_1 = 0; TALLOC_CTX *_mem_save_unknown4_0; + uint32_t size_unknown7_0 = 0; uint32_t cntr_unknown7_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); @@ -6855,7 +6977,8 @@ static enum ndr_err_code ndr_pull_netr_DomainQuery1(struct ndr_pull *ndr, int nd NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_SCALARS, &r->product)); NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_SCALARS, &r->unknown5)); NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_SCALARS, &r->unknown6)); - for (cntr_unknown7_0 = 0; cntr_unknown7_0 < 4; cntr_unknown7_0++) { + size_unknown7_0 = 4; + for (cntr_unknown7_0 = 0; cntr_unknown7_0 < size_unknown7_0; cntr_unknown7_0++) { NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->unknown7[cntr_unknown7_0])); } } @@ -6866,11 +6989,13 @@ static enum ndr_err_code ndr_pull_netr_DomainQuery1(struct ndr_pull *ndr, int nd NDR_PULL_SET_MEM_CTX(ndr, r->workstation_domain, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->workstation_domain)); NDR_CHECK(ndr_pull_array_length(ndr, &r->workstation_domain)); - if (ndr_get_array_length(ndr, &r->workstation_domain) > ndr_get_array_size(ndr, &r->workstation_domain)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->workstation_domain), ndr_get_array_length(ndr, &r->workstation_domain)); + size_workstation_domain_1 = ndr_get_array_size(ndr, &r->workstation_domain); + length_workstation_domain_1 = ndr_get_array_length(ndr, &r->workstation_domain); + if (length_workstation_domain_1 > size_workstation_domain_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_workstation_domain_1, length_workstation_domain_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->workstation_domain), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->workstation_domain, ndr_get_array_length(ndr, &r->workstation_domain), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_workstation_domain_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->workstation_domain, length_workstation_domain_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_workstation_domain_0, 0); } if (r->workstation_site) { @@ -6878,11 +7003,13 @@ static enum ndr_err_code ndr_pull_netr_DomainQuery1(struct ndr_pull *ndr, int nd NDR_PULL_SET_MEM_CTX(ndr, r->workstation_site, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->workstation_site)); NDR_CHECK(ndr_pull_array_length(ndr, &r->workstation_site)); - if (ndr_get_array_length(ndr, &r->workstation_site) > ndr_get_array_size(ndr, &r->workstation_site)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->workstation_site), ndr_get_array_length(ndr, &r->workstation_site)); + size_workstation_site_1 = ndr_get_array_size(ndr, &r->workstation_site); + length_workstation_site_1 = ndr_get_array_length(ndr, &r->workstation_site); + if (length_workstation_site_1 > size_workstation_site_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_workstation_site_1, length_workstation_site_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->workstation_site), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->workstation_site, ndr_get_array_length(ndr, &r->workstation_site), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_workstation_site_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->workstation_site, length_workstation_site_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_workstation_site_0, 0); } if (r->unknown1) { @@ -6890,11 +7017,13 @@ static enum ndr_err_code ndr_pull_netr_DomainQuery1(struct ndr_pull *ndr, int nd NDR_PULL_SET_MEM_CTX(ndr, r->unknown1, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->unknown1)); NDR_CHECK(ndr_pull_array_length(ndr, &r->unknown1)); - if (ndr_get_array_length(ndr, &r->unknown1) > ndr_get_array_size(ndr, &r->unknown1)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->unknown1), ndr_get_array_length(ndr, &r->unknown1)); + size_unknown1_1 = ndr_get_array_size(ndr, &r->unknown1); + length_unknown1_1 = ndr_get_array_length(ndr, &r->unknown1); + if (length_unknown1_1 > size_unknown1_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_unknown1_1, length_unknown1_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->unknown1), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->unknown1, ndr_get_array_length(ndr, &r->unknown1), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_unknown1_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->unknown1, length_unknown1_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_unknown1_0, 0); } if (r->unknown2) { @@ -6902,11 +7031,13 @@ static enum ndr_err_code ndr_pull_netr_DomainQuery1(struct ndr_pull *ndr, int nd NDR_PULL_SET_MEM_CTX(ndr, r->unknown2, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->unknown2)); NDR_CHECK(ndr_pull_array_length(ndr, &r->unknown2)); - if (ndr_get_array_length(ndr, &r->unknown2) > ndr_get_array_size(ndr, &r->unknown2)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->unknown2), ndr_get_array_length(ndr, &r->unknown2)); + size_unknown2_1 = ndr_get_array_size(ndr, &r->unknown2); + length_unknown2_1 = ndr_get_array_length(ndr, &r->unknown2); + if (length_unknown2_1 > size_unknown2_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_unknown2_1, length_unknown2_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->unknown2), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->unknown2, ndr_get_array_length(ndr, &r->unknown2), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_unknown2_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->unknown2, length_unknown2_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_unknown2_0, 0); } if (r->unknown3) { @@ -6914,11 +7045,13 @@ static enum ndr_err_code ndr_pull_netr_DomainQuery1(struct ndr_pull *ndr, int nd NDR_PULL_SET_MEM_CTX(ndr, r->unknown3, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->unknown3)); NDR_CHECK(ndr_pull_array_length(ndr, &r->unknown3)); - if (ndr_get_array_length(ndr, &r->unknown3) > ndr_get_array_size(ndr, &r->unknown3)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->unknown3), ndr_get_array_length(ndr, &r->unknown3)); + size_unknown3_1 = ndr_get_array_size(ndr, &r->unknown3); + length_unknown3_1 = ndr_get_array_length(ndr, &r->unknown3); + if (length_unknown3_1 > size_unknown3_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_unknown3_1, length_unknown3_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->unknown3), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->unknown3, ndr_get_array_length(ndr, &r->unknown3), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_unknown3_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->unknown3, length_unknown3_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_unknown3_0, 0); } if (r->unknown4) { @@ -6926,11 +7059,13 @@ static enum ndr_err_code ndr_pull_netr_DomainQuery1(struct ndr_pull *ndr, int nd NDR_PULL_SET_MEM_CTX(ndr, r->unknown4, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->unknown4)); NDR_CHECK(ndr_pull_array_length(ndr, &r->unknown4)); - if (ndr_get_array_length(ndr, &r->unknown4) > ndr_get_array_size(ndr, &r->unknown4)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->unknown4), ndr_get_array_length(ndr, &r->unknown4)); + size_unknown4_1 = ndr_get_array_size(ndr, &r->unknown4); + length_unknown4_1 = ndr_get_array_length(ndr, &r->unknown4); + if (length_unknown4_1 > size_unknown4_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_unknown4_1, length_unknown4_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->unknown4), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->unknown4, ndr_get_array_length(ndr, &r->unknown4), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_unknown4_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->unknown4, length_unknown4_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_unknown4_0, 0); } NDR_CHECK(ndr_pull_netr_BinaryString(ndr, NDR_BUFFERS, &r->blob2)); @@ -7045,6 +7180,7 @@ static enum ndr_err_code ndr_pull_netr_DomainQuery(struct ndr_pull *ndr, int ndr int level; uint32_t _level; TALLOC_CTX *_mem_save_query1_0; + uint32_t _ptr_query1; level = ndr_pull_get_switch_value(ndr, r); if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &_level)); @@ -7053,7 +7189,6 @@ static enum ndr_err_code ndr_pull_netr_DomainQuery(struct ndr_pull *ndr, int ndr } switch (level) { case 1: { - uint32_t _ptr_query1; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_query1)); if (_ptr_query1) { NDR_PULL_ALLOC(ndr, r->query1); @@ -7063,7 +7198,6 @@ static enum ndr_err_code ndr_pull_netr_DomainQuery(struct ndr_pull *ndr, int ndr break; } case 2: { - uint32_t _ptr_query1; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_query1)); if (_ptr_query1) { NDR_PULL_ALLOC(ndr, r->query1); @@ -7168,7 +7302,9 @@ static enum ndr_err_code ndr_pull_netr_DomainTrustInfo(struct ndr_pull *ndr, int { uint32_t _ptr_sid; TALLOC_CTX *_mem_save_sid_0; + uint32_t size_unknown1_0 = 0; uint32_t cntr_unknown1_0; + uint32_t size_unknown_0 = 0; uint32_t cntr_unknown_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); @@ -7182,10 +7318,12 @@ static enum ndr_err_code ndr_pull_netr_DomainTrustInfo(struct ndr_pull *ndr, int } else { r->sid = NULL; } - for (cntr_unknown1_0 = 0; cntr_unknown1_0 < 4; cntr_unknown1_0++) { + size_unknown1_0 = 4; + for (cntr_unknown1_0 = 0; cntr_unknown1_0 < size_unknown1_0; cntr_unknown1_0++) { NDR_CHECK(ndr_pull_netr_BinaryString(ndr, NDR_SCALARS, &r->unknown1[cntr_unknown1_0])); } - for (cntr_unknown_0 = 0; cntr_unknown_0 < 4; cntr_unknown_0++) { + size_unknown_0 = 4; + for (cntr_unknown_0 = 0; cntr_unknown_0 < size_unknown_0; cntr_unknown_0++) { NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->unknown[cntr_unknown_0])); } } @@ -7199,7 +7337,8 @@ static enum ndr_err_code ndr_pull_netr_DomainTrustInfo(struct ndr_pull *ndr, int NDR_CHECK(ndr_pull_dom_sid2(ndr, NDR_SCALARS|NDR_BUFFERS, r->sid)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_sid_0, 0); } - for (cntr_unknown1_0 = 0; cntr_unknown1_0 < 4; cntr_unknown1_0++) { + size_unknown1_0 = 4; + for (cntr_unknown1_0 = 0; cntr_unknown1_0 < size_unknown1_0; cntr_unknown1_0++) { NDR_CHECK(ndr_pull_netr_BinaryString(ndr, NDR_BUFFERS, &r->unknown1[cntr_unknown1_0])); } } @@ -7276,9 +7415,11 @@ static enum ndr_err_code ndr_push_netr_DomainInfo1(struct ndr_push *ndr, int ndr static enum ndr_err_code ndr_pull_netr_DomainInfo1(struct ndr_pull *ndr, int ndr_flags, struct netr_DomainInfo1 *r) { uint32_t _ptr_trusts; + uint32_t size_trusts_1 = 0; uint32_t cntr_trusts_1; TALLOC_CTX *_mem_save_trusts_0; TALLOC_CTX *_mem_save_trusts_1; + uint32_t size_unknown_0 = 0; uint32_t cntr_unknown_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); @@ -7290,7 +7431,8 @@ static enum ndr_err_code ndr_pull_netr_DomainInfo1(struct ndr_pull *ndr, int ndr } else { r->trusts = NULL; } - for (cntr_unknown_0 = 0; cntr_unknown_0 < 14; cntr_unknown_0++) { + size_unknown_0 = 14; + for (cntr_unknown_0 = 0; cntr_unknown_0 < size_unknown_0; cntr_unknown_0++) { NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->unknown[cntr_unknown_0])); } } @@ -7300,13 +7442,14 @@ static enum ndr_err_code ndr_pull_netr_DomainInfo1(struct ndr_pull *ndr, int ndr _mem_save_trusts_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->trusts, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->trusts)); - NDR_PULL_ALLOC_N(ndr, r->trusts, ndr_get_array_size(ndr, &r->trusts)); + size_trusts_1 = ndr_get_array_size(ndr, &r->trusts); + NDR_PULL_ALLOC_N(ndr, r->trusts, size_trusts_1); _mem_save_trusts_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->trusts, 0); - for (cntr_trusts_1 = 0; cntr_trusts_1 < r->num_trusts; cntr_trusts_1++) { + for (cntr_trusts_1 = 0; cntr_trusts_1 < size_trusts_1; cntr_trusts_1++) { NDR_CHECK(ndr_pull_netr_DomainTrustInfo(ndr, NDR_SCALARS, &r->trusts[cntr_trusts_1])); } - for (cntr_trusts_1 = 0; cntr_trusts_1 < r->num_trusts; cntr_trusts_1++) { + for (cntr_trusts_1 = 0; cntr_trusts_1 < size_trusts_1; cntr_trusts_1++) { NDR_CHECK(ndr_pull_netr_DomainTrustInfo(ndr, NDR_BUFFERS, &r->trusts[cntr_trusts_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_trusts_1, 0); @@ -7400,6 +7543,7 @@ static enum ndr_err_code ndr_pull_netr_DomainInfo(struct ndr_pull *ndr, int ndr_ int level; uint32_t _level; TALLOC_CTX *_mem_save_info1_0; + uint32_t _ptr_info1; level = ndr_pull_get_switch_value(ndr, r); if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &_level)); @@ -7408,7 +7552,6 @@ static enum ndr_err_code ndr_pull_netr_DomainInfo(struct ndr_pull *ndr, int ndr_ } switch (level) { case 1: { - uint32_t _ptr_info1; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info1)); if (_ptr_info1) { NDR_PULL_ALLOC(ndr, r->info1); @@ -7418,7 +7561,6 @@ static enum ndr_err_code ndr_pull_netr_DomainInfo(struct ndr_pull *ndr, int ndr_ break; } case 2: { - uint32_t _ptr_info1; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info1)); if (_ptr_info1) { NDR_PULL_ALLOC(ndr, r->info1); @@ -7506,12 +7648,14 @@ static enum ndr_err_code ndr_push_netr_CryptPassword(struct ndr_push *ndr, int n static enum ndr_err_code ndr_pull_netr_CryptPassword(struct ndr_pull *ndr, int ndr_flags, struct netr_CryptPassword *r) { + uint32_t size_data_0 = 0; { uint32_t _flags_save_STRUCT = ndr->flags; ndr_set_flags(&ndr->flags, LIBNDR_PRINT_ARRAY_HEX); if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); - NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->data, 512)); + size_data_0 = 512; + NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->data, size_data_0)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->length)); } if (ndr_flags & NDR_BUFFERS) { @@ -7560,6 +7704,7 @@ static enum ndr_err_code ndr_push_netr_DsRAddressToSitenamesWCtr(struct ndr_push static enum ndr_err_code ndr_pull_netr_DsRAddressToSitenamesWCtr(struct ndr_pull *ndr, int ndr_flags, struct netr_DsRAddressToSitenamesWCtr *r) { uint32_t _ptr_sitename; + uint32_t size_sitename_1 = 0; uint32_t cntr_sitename_1; TALLOC_CTX *_mem_save_sitename_0; TALLOC_CTX *_mem_save_sitename_1; @@ -7578,13 +7723,14 @@ static enum ndr_err_code ndr_pull_netr_DsRAddressToSitenamesWCtr(struct ndr_pull _mem_save_sitename_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->sitename, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->sitename)); - NDR_PULL_ALLOC_N(ndr, r->sitename, ndr_get_array_size(ndr, &r->sitename)); + size_sitename_1 = ndr_get_array_size(ndr, &r->sitename); + NDR_PULL_ALLOC_N(ndr, r->sitename, size_sitename_1); _mem_save_sitename_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->sitename, 0); - for (cntr_sitename_1 = 0; cntr_sitename_1 < r->count; cntr_sitename_1++) { + for (cntr_sitename_1 = 0; cntr_sitename_1 < size_sitename_1; cntr_sitename_1++) { NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_SCALARS, &r->sitename[cntr_sitename_1])); } - for (cntr_sitename_1 = 0; cntr_sitename_1 < r->count; cntr_sitename_1++) { + for (cntr_sitename_1 = 0; cntr_sitename_1 < size_sitename_1; cntr_sitename_1++) { NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_BUFFERS, &r->sitename[cntr_sitename_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_sitename_1, 0); @@ -7640,6 +7786,7 @@ static enum ndr_err_code ndr_push_netr_DsRAddress(struct ndr_push *ndr, int ndr_ static enum ndr_err_code ndr_pull_netr_DsRAddress(struct ndr_pull *ndr, int ndr_flags, struct netr_DsRAddress *r) { uint32_t _ptr_buffer; + uint32_t size_buffer_1 = 0; TALLOC_CTX *_mem_save_buffer_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); @@ -7656,8 +7803,9 @@ static enum ndr_err_code ndr_pull_netr_DsRAddress(struct ndr_pull *ndr, int ndr_ _mem_save_buffer_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->buffer, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->buffer)); - NDR_PULL_ALLOC_N(ndr, r->buffer, ndr_get_array_size(ndr, &r->buffer)); - NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->buffer, ndr_get_array_size(ndr, &r->buffer))); + size_buffer_1 = ndr_get_array_size(ndr, &r->buffer); + NDR_PULL_ALLOC_N(ndr, r->buffer, size_buffer_1); + NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->buffer, size_buffer_1)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_buffer_0, 0); } if (r->buffer) { @@ -7799,8 +7947,12 @@ static enum ndr_err_code ndr_push_netr_DomainTrust(struct ndr_push *ndr, int ndr static enum ndr_err_code ndr_pull_netr_DomainTrust(struct ndr_pull *ndr, int ndr_flags, struct netr_DomainTrust *r) { uint32_t _ptr_netbios_name; + uint32_t size_netbios_name_1 = 0; + uint32_t length_netbios_name_1 = 0; TALLOC_CTX *_mem_save_netbios_name_0; uint32_t _ptr_dns_name; + uint32_t size_dns_name_1 = 0; + uint32_t length_dns_name_1 = 0; TALLOC_CTX *_mem_save_dns_name_0; uint32_t _ptr_sid; TALLOC_CTX *_mem_save_sid_0; @@ -7836,11 +7988,13 @@ static enum ndr_err_code ndr_pull_netr_DomainTrust(struct ndr_pull *ndr, int ndr NDR_PULL_SET_MEM_CTX(ndr, r->netbios_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->netbios_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->netbios_name)); - if (ndr_get_array_length(ndr, &r->netbios_name) > ndr_get_array_size(ndr, &r->netbios_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->netbios_name), ndr_get_array_length(ndr, &r->netbios_name)); + size_netbios_name_1 = ndr_get_array_size(ndr, &r->netbios_name); + length_netbios_name_1 = ndr_get_array_length(ndr, &r->netbios_name); + if (length_netbios_name_1 > size_netbios_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_netbios_name_1, length_netbios_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->netbios_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->netbios_name, ndr_get_array_length(ndr, &r->netbios_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_netbios_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->netbios_name, length_netbios_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_netbios_name_0, 0); } if (r->dns_name) { @@ -7848,11 +8002,13 @@ static enum ndr_err_code ndr_pull_netr_DomainTrust(struct ndr_pull *ndr, int ndr NDR_PULL_SET_MEM_CTX(ndr, r->dns_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->dns_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->dns_name)); - if (ndr_get_array_length(ndr, &r->dns_name) > ndr_get_array_size(ndr, &r->dns_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->dns_name), ndr_get_array_length(ndr, &r->dns_name)); + size_dns_name_1 = ndr_get_array_size(ndr, &r->dns_name); + length_dns_name_1 = ndr_get_array_length(ndr, &r->dns_name); + if (length_dns_name_1 > size_dns_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_dns_name_1, length_dns_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->dns_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->dns_name, ndr_get_array_length(ndr, &r->dns_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_dns_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->dns_name, length_dns_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_dns_name_0, 0); } if (r->sid) { @@ -7920,6 +8076,7 @@ static enum ndr_err_code ndr_push_netr_DomainTrustList(struct ndr_push *ndr, int static enum ndr_err_code ndr_pull_netr_DomainTrustList(struct ndr_pull *ndr, int ndr_flags, struct netr_DomainTrustList *r) { uint32_t _ptr_array; + uint32_t size_array_1 = 0; uint32_t cntr_array_1; TALLOC_CTX *_mem_save_array_0; TALLOC_CTX *_mem_save_array_1; @@ -7938,13 +8095,14 @@ static enum ndr_err_code ndr_pull_netr_DomainTrustList(struct ndr_pull *ndr, int _mem_save_array_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->array)); - NDR_PULL_ALLOC_N(ndr, r->array, ndr_get_array_size(ndr, &r->array)); + size_array_1 = ndr_get_array_size(ndr, &r->array); + NDR_PULL_ALLOC_N(ndr, r->array, size_array_1); _mem_save_array_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); - for (cntr_array_1 = 0; cntr_array_1 < r->count; cntr_array_1++) { + for (cntr_array_1 = 0; cntr_array_1 < size_array_1; cntr_array_1++) { NDR_CHECK(ndr_pull_netr_DomainTrust(ndr, NDR_SCALARS, &r->array[cntr_array_1])); } - for (cntr_array_1 = 0; cntr_array_1 < r->count; cntr_array_1++) { + for (cntr_array_1 = 0; cntr_array_1 < size_array_1; cntr_array_1++) { NDR_CHECK(ndr_pull_netr_DomainTrust(ndr, NDR_BUFFERS, &r->array[cntr_array_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_array_1, 0); @@ -8017,10 +8175,12 @@ static enum ndr_err_code ndr_push_netr_DsRAddressToSitenamesExWCtr(struct ndr_pu static enum ndr_err_code ndr_pull_netr_DsRAddressToSitenamesExWCtr(struct ndr_pull *ndr, int ndr_flags, struct netr_DsRAddressToSitenamesExWCtr *r) { uint32_t _ptr_sitename; + uint32_t size_sitename_1 = 0; uint32_t cntr_sitename_1; TALLOC_CTX *_mem_save_sitename_0; TALLOC_CTX *_mem_save_sitename_1; uint32_t _ptr_subnetname; + uint32_t size_subnetname_1 = 0; uint32_t cntr_subnetname_1; TALLOC_CTX *_mem_save_subnetname_0; TALLOC_CTX *_mem_save_subnetname_1; @@ -8045,13 +8205,14 @@ static enum ndr_err_code ndr_pull_netr_DsRAddressToSitenamesExWCtr(struct ndr_pu _mem_save_sitename_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->sitename, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->sitename)); - NDR_PULL_ALLOC_N(ndr, r->sitename, ndr_get_array_size(ndr, &r->sitename)); + size_sitename_1 = ndr_get_array_size(ndr, &r->sitename); + NDR_PULL_ALLOC_N(ndr, r->sitename, size_sitename_1); _mem_save_sitename_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->sitename, 0); - for (cntr_sitename_1 = 0; cntr_sitename_1 < r->count; cntr_sitename_1++) { + for (cntr_sitename_1 = 0; cntr_sitename_1 < size_sitename_1; cntr_sitename_1++) { NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_SCALARS, &r->sitename[cntr_sitename_1])); } - for (cntr_sitename_1 = 0; cntr_sitename_1 < r->count; cntr_sitename_1++) { + for (cntr_sitename_1 = 0; cntr_sitename_1 < size_sitename_1; cntr_sitename_1++) { NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_BUFFERS, &r->sitename[cntr_sitename_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_sitename_1, 0); @@ -8061,13 +8222,14 @@ static enum ndr_err_code ndr_pull_netr_DsRAddressToSitenamesExWCtr(struct ndr_pu _mem_save_subnetname_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->subnetname, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->subnetname)); - NDR_PULL_ALLOC_N(ndr, r->subnetname, ndr_get_array_size(ndr, &r->subnetname)); + size_subnetname_1 = ndr_get_array_size(ndr, &r->subnetname); + NDR_PULL_ALLOC_N(ndr, r->subnetname, size_subnetname_1); _mem_save_subnetname_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->subnetname, 0); - for (cntr_subnetname_1 = 0; cntr_subnetname_1 < r->count; cntr_subnetname_1++) { + for (cntr_subnetname_1 = 0; cntr_subnetname_1 < size_subnetname_1; cntr_subnetname_1++) { NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_SCALARS, &r->subnetname[cntr_subnetname_1])); } - for (cntr_subnetname_1 = 0; cntr_subnetname_1 < r->count; cntr_subnetname_1++) { + for (cntr_subnetname_1 = 0; cntr_subnetname_1 < size_subnetname_1; cntr_subnetname_1++) { NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_BUFFERS, &r->subnetname[cntr_subnetname_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_subnetname_1, 0); @@ -8148,6 +8310,7 @@ static enum ndr_err_code ndr_push_DcSitesCtr(struct ndr_push *ndr, int ndr_flags static enum ndr_err_code ndr_pull_DcSitesCtr(struct ndr_pull *ndr, int ndr_flags, struct DcSitesCtr *r) { uint32_t _ptr_sites; + uint32_t size_sites_1 = 0; uint32_t cntr_sites_1; TALLOC_CTX *_mem_save_sites_0; TALLOC_CTX *_mem_save_sites_1; @@ -8166,13 +8329,14 @@ static enum ndr_err_code ndr_pull_DcSitesCtr(struct ndr_pull *ndr, int ndr_flags _mem_save_sites_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->sites, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->sites)); - NDR_PULL_ALLOC_N(ndr, r->sites, ndr_get_array_size(ndr, &r->sites)); + size_sites_1 = ndr_get_array_size(ndr, &r->sites); + NDR_PULL_ALLOC_N(ndr, r->sites, size_sites_1); _mem_save_sites_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->sites, 0); - for (cntr_sites_1 = 0; cntr_sites_1 < r->num_sites; cntr_sites_1++) { + for (cntr_sites_1 = 0; cntr_sites_1 < size_sites_1; cntr_sites_1++) { NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_SCALARS, &r->sites[cntr_sites_1])); } - for (cntr_sites_1 = 0; cntr_sites_1 < r->num_sites; cntr_sites_1++) { + for (cntr_sites_1 = 0; cntr_sites_1 < size_sites_1; cntr_sites_1++) { NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_BUFFERS, &r->sites[cntr_sites_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_sites_1, 0); @@ -8241,6 +8405,12 @@ static enum ndr_err_code ndr_push_netr_LogonUasLogon(struct ndr_push *ndr, int f static enum ndr_err_code ndr_pull_netr_LogonUasLogon(struct ndr_pull *ndr, int flags, struct netr_LogonUasLogon *r) { uint32_t _ptr_server_name; + uint32_t size_server_name_1 = 0; + uint32_t length_server_name_1 = 0; + uint32_t size_account_name_0 = 0; + uint32_t length_account_name_0 = 0; + uint32_t size_workstation_0 = 0; + uint32_t length_workstation_0 = 0; TALLOC_CTX *_mem_save_server_name_0; TALLOC_CTX *_mem_save_info_0; if (flags & NDR_IN) { @@ -8257,27 +8427,33 @@ static enum ndr_err_code ndr_pull_netr_LogonUasLogon(struct ndr_pull *ndr, int f NDR_PULL_SET_MEM_CTX(ndr, r->in.server_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.server_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.server_name)); - if (ndr_get_array_length(ndr, &r->in.server_name) > ndr_get_array_size(ndr, &r->in.server_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.server_name), ndr_get_array_length(ndr, &r->in.server_name)); + size_server_name_1 = ndr_get_array_size(ndr, &r->in.server_name); + length_server_name_1 = ndr_get_array_length(ndr, &r->in.server_name); + if (length_server_name_1 > size_server_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_name_1, length_server_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.server_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_name, ndr_get_array_length(ndr, &r->in.server_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_name, length_server_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_name_0, 0); } NDR_CHECK(ndr_pull_array_size(ndr, &r->in.account_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.account_name)); - if (ndr_get_array_length(ndr, &r->in.account_name) > ndr_get_array_size(ndr, &r->in.account_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.account_name), ndr_get_array_length(ndr, &r->in.account_name)); + size_account_name_0 = ndr_get_array_size(ndr, &r->in.account_name); + length_account_name_0 = ndr_get_array_length(ndr, &r->in.account_name); + if (length_account_name_0 > size_account_name_0) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_account_name_0, length_account_name_0); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.account_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.account_name, ndr_get_array_length(ndr, &r->in.account_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_account_name_0, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.account_name, length_account_name_0, sizeof(uint16_t), CH_UTF16)); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.workstation)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.workstation)); - if (ndr_get_array_length(ndr, &r->in.workstation) > ndr_get_array_size(ndr, &r->in.workstation)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.workstation), ndr_get_array_length(ndr, &r->in.workstation)); + size_workstation_0 = ndr_get_array_size(ndr, &r->in.workstation); + length_workstation_0 = ndr_get_array_length(ndr, &r->in.workstation); + if (length_workstation_0 > size_workstation_0) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_workstation_0, length_workstation_0); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.workstation), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.workstation, ndr_get_array_length(ndr, &r->in.workstation), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_workstation_0, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.workstation, length_workstation_0, sizeof(uint16_t), CH_UTF16)); NDR_PULL_ALLOC(ndr, r->out.info); ZERO_STRUCTP(r->out.info); } @@ -8359,6 +8535,12 @@ static enum ndr_err_code ndr_push_netr_LogonUasLogoff(struct ndr_push *ndr, int static enum ndr_err_code ndr_pull_netr_LogonUasLogoff(struct ndr_pull *ndr, int flags, struct netr_LogonUasLogoff *r) { uint32_t _ptr_server_name; + uint32_t size_server_name_1 = 0; + uint32_t length_server_name_1 = 0; + uint32_t size_account_name_0 = 0; + uint32_t length_account_name_0 = 0; + uint32_t size_workstation_0 = 0; + uint32_t length_workstation_0 = 0; TALLOC_CTX *_mem_save_server_name_0; TALLOC_CTX *_mem_save_info_0; if (flags & NDR_IN) { @@ -8375,27 +8557,33 @@ static enum ndr_err_code ndr_pull_netr_LogonUasLogoff(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->in.server_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.server_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.server_name)); - if (ndr_get_array_length(ndr, &r->in.server_name) > ndr_get_array_size(ndr, &r->in.server_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.server_name), ndr_get_array_length(ndr, &r->in.server_name)); + size_server_name_1 = ndr_get_array_size(ndr, &r->in.server_name); + length_server_name_1 = ndr_get_array_length(ndr, &r->in.server_name); + if (length_server_name_1 > size_server_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_name_1, length_server_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.server_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_name, ndr_get_array_length(ndr, &r->in.server_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_name, length_server_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_name_0, 0); } NDR_CHECK(ndr_pull_array_size(ndr, &r->in.account_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.account_name)); - if (ndr_get_array_length(ndr, &r->in.account_name) > ndr_get_array_size(ndr, &r->in.account_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.account_name), ndr_get_array_length(ndr, &r->in.account_name)); + size_account_name_0 = ndr_get_array_size(ndr, &r->in.account_name); + length_account_name_0 = ndr_get_array_length(ndr, &r->in.account_name); + if (length_account_name_0 > size_account_name_0) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_account_name_0, length_account_name_0); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.account_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.account_name, ndr_get_array_length(ndr, &r->in.account_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_account_name_0, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.account_name, length_account_name_0, sizeof(uint16_t), CH_UTF16)); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.workstation)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.workstation)); - if (ndr_get_array_length(ndr, &r->in.workstation) > ndr_get_array_size(ndr, &r->in.workstation)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.workstation), ndr_get_array_length(ndr, &r->in.workstation)); + size_workstation_0 = ndr_get_array_size(ndr, &r->in.workstation); + length_workstation_0 = ndr_get_array_length(ndr, &r->in.workstation); + if (length_workstation_0 > size_workstation_0) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_workstation_0, length_workstation_0); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.workstation), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.workstation, ndr_get_array_length(ndr, &r->in.workstation), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_workstation_0, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.workstation, length_workstation_0, sizeof(uint16_t), CH_UTF16)); NDR_PULL_ALLOC(ndr, r->out.info); ZERO_STRUCTP(r->out.info); } @@ -8500,7 +8688,11 @@ static enum ndr_err_code ndr_push_netr_LogonSamLogon(struct ndr_push *ndr, int f static enum ndr_err_code ndr_pull_netr_LogonSamLogon(struct ndr_pull *ndr, int flags, struct netr_LogonSamLogon *r) { uint32_t _ptr_server_name; + uint32_t size_server_name_1 = 0; + uint32_t length_server_name_1 = 0; uint32_t _ptr_computer_name; + uint32_t size_computer_name_1 = 0; + uint32_t length_computer_name_1 = 0; uint32_t _ptr_credential; uint32_t _ptr_return_authenticator; TALLOC_CTX *_mem_save_server_name_0; @@ -8524,11 +8716,13 @@ static enum ndr_err_code ndr_pull_netr_LogonSamLogon(struct ndr_pull *ndr, int f NDR_PULL_SET_MEM_CTX(ndr, r->in.server_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.server_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.server_name)); - if (ndr_get_array_length(ndr, &r->in.server_name) > ndr_get_array_size(ndr, &r->in.server_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.server_name), ndr_get_array_length(ndr, &r->in.server_name)); + size_server_name_1 = ndr_get_array_size(ndr, &r->in.server_name); + length_server_name_1 = ndr_get_array_length(ndr, &r->in.server_name); + if (length_server_name_1 > size_server_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_name_1, length_server_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.server_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_name, ndr_get_array_length(ndr, &r->in.server_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_name, length_server_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_name_0, 0); } NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_computer_name)); @@ -8542,11 +8736,13 @@ static enum ndr_err_code ndr_pull_netr_LogonSamLogon(struct ndr_pull *ndr, int f NDR_PULL_SET_MEM_CTX(ndr, r->in.computer_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.computer_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.computer_name)); - if (ndr_get_array_length(ndr, &r->in.computer_name) > ndr_get_array_size(ndr, &r->in.computer_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.computer_name), ndr_get_array_length(ndr, &r->in.computer_name)); + size_computer_name_1 = ndr_get_array_size(ndr, &r->in.computer_name); + length_computer_name_1 = ndr_get_array_length(ndr, &r->in.computer_name); + if (length_computer_name_1 > size_computer_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_computer_name_1, length_computer_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.computer_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.computer_name, ndr_get_array_length(ndr, &r->in.computer_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_computer_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.computer_name, length_computer_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_computer_name_0, 0); } NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_credential)); @@ -8730,7 +8926,11 @@ static enum ndr_err_code ndr_push_netr_LogonSamLogoff(struct ndr_push *ndr, int static enum ndr_err_code ndr_pull_netr_LogonSamLogoff(struct ndr_pull *ndr, int flags, struct netr_LogonSamLogoff *r) { uint32_t _ptr_server_name; + uint32_t size_server_name_1 = 0; + uint32_t length_server_name_1 = 0; uint32_t _ptr_computer_name; + uint32_t size_computer_name_1 = 0; + uint32_t length_computer_name_1 = 0; uint32_t _ptr_credential; uint32_t _ptr_return_authenticator; TALLOC_CTX *_mem_save_server_name_0; @@ -8751,11 +8951,13 @@ static enum ndr_err_code ndr_pull_netr_LogonSamLogoff(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->in.server_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.server_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.server_name)); - if (ndr_get_array_length(ndr, &r->in.server_name) > ndr_get_array_size(ndr, &r->in.server_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.server_name), ndr_get_array_length(ndr, &r->in.server_name)); + size_server_name_1 = ndr_get_array_size(ndr, &r->in.server_name); + length_server_name_1 = ndr_get_array_length(ndr, &r->in.server_name); + if (length_server_name_1 > size_server_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_name_1, length_server_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.server_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_name, ndr_get_array_length(ndr, &r->in.server_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_name, length_server_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_name_0, 0); } NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_computer_name)); @@ -8769,11 +8971,13 @@ static enum ndr_err_code ndr_pull_netr_LogonSamLogoff(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->in.computer_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.computer_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.computer_name)); - if (ndr_get_array_length(ndr, &r->in.computer_name) > ndr_get_array_size(ndr, &r->in.computer_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.computer_name), ndr_get_array_length(ndr, &r->in.computer_name)); + size_computer_name_1 = ndr_get_array_size(ndr, &r->in.computer_name); + length_computer_name_1 = ndr_get_array_length(ndr, &r->in.computer_name); + if (length_computer_name_1 > size_computer_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_computer_name_1, length_computer_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.computer_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.computer_name, ndr_get_array_length(ndr, &r->in.computer_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_computer_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.computer_name, length_computer_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_computer_name_0, 0); } NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_credential)); @@ -8908,6 +9112,10 @@ static enum ndr_err_code ndr_push_netr_ServerReqChallenge(struct ndr_push *ndr, static enum ndr_err_code ndr_pull_netr_ServerReqChallenge(struct ndr_pull *ndr, int flags, struct netr_ServerReqChallenge *r) { uint32_t _ptr_server_name; + uint32_t size_server_name_1 = 0; + uint32_t length_server_name_1 = 0; + uint32_t size_computer_name_0 = 0; + uint32_t length_computer_name_0 = 0; TALLOC_CTX *_mem_save_server_name_0; TALLOC_CTX *_mem_save_credentials_0; TALLOC_CTX *_mem_save_return_credentials_0; @@ -8925,20 +9133,24 @@ static enum ndr_err_code ndr_pull_netr_ServerReqChallenge(struct ndr_pull *ndr, NDR_PULL_SET_MEM_CTX(ndr, r->in.server_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.server_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.server_name)); - if (ndr_get_array_length(ndr, &r->in.server_name) > ndr_get_array_size(ndr, &r->in.server_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.server_name), ndr_get_array_length(ndr, &r->in.server_name)); + size_server_name_1 = ndr_get_array_size(ndr, &r->in.server_name); + length_server_name_1 = ndr_get_array_length(ndr, &r->in.server_name); + if (length_server_name_1 > size_server_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_name_1, length_server_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.server_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_name, ndr_get_array_length(ndr, &r->in.server_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_name, length_server_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_name_0, 0); } NDR_CHECK(ndr_pull_array_size(ndr, &r->in.computer_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.computer_name)); - if (ndr_get_array_length(ndr, &r->in.computer_name) > ndr_get_array_size(ndr, &r->in.computer_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.computer_name), ndr_get_array_length(ndr, &r->in.computer_name)); + size_computer_name_0 = ndr_get_array_size(ndr, &r->in.computer_name); + length_computer_name_0 = ndr_get_array_length(ndr, &r->in.computer_name); + if (length_computer_name_0 > size_computer_name_0) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_computer_name_0, length_computer_name_0); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.computer_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.computer_name, ndr_get_array_length(ndr, &r->in.computer_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_computer_name_0, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.computer_name, length_computer_name_0, sizeof(uint16_t), CH_UTF16)); if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) { NDR_PULL_ALLOC(ndr, r->in.credentials); } @@ -9035,6 +9247,12 @@ static enum ndr_err_code ndr_push_netr_ServerAuthenticate(struct ndr_push *ndr, static enum ndr_err_code ndr_pull_netr_ServerAuthenticate(struct ndr_pull *ndr, int flags, struct netr_ServerAuthenticate *r) { uint32_t _ptr_server_name; + uint32_t size_server_name_1 = 0; + uint32_t length_server_name_1 = 0; + uint32_t size_account_name_0 = 0; + uint32_t length_account_name_0 = 0; + uint32_t size_computer_name_0 = 0; + uint32_t length_computer_name_0 = 0; TALLOC_CTX *_mem_save_server_name_0; TALLOC_CTX *_mem_save_credentials_0; TALLOC_CTX *_mem_save_return_credentials_0; @@ -9052,28 +9270,34 @@ static enum ndr_err_code ndr_pull_netr_ServerAuthenticate(struct ndr_pull *ndr, NDR_PULL_SET_MEM_CTX(ndr, r->in.server_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.server_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.server_name)); - if (ndr_get_array_length(ndr, &r->in.server_name) > ndr_get_array_size(ndr, &r->in.server_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.server_name), ndr_get_array_length(ndr, &r->in.server_name)); + size_server_name_1 = ndr_get_array_size(ndr, &r->in.server_name); + length_server_name_1 = ndr_get_array_length(ndr, &r->in.server_name); + if (length_server_name_1 > size_server_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_name_1, length_server_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.server_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_name, ndr_get_array_length(ndr, &r->in.server_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_name, length_server_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_name_0, 0); } NDR_CHECK(ndr_pull_array_size(ndr, &r->in.account_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.account_name)); - if (ndr_get_array_length(ndr, &r->in.account_name) > ndr_get_array_size(ndr, &r->in.account_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.account_name), ndr_get_array_length(ndr, &r->in.account_name)); + size_account_name_0 = ndr_get_array_size(ndr, &r->in.account_name); + length_account_name_0 = ndr_get_array_length(ndr, &r->in.account_name); + if (length_account_name_0 > size_account_name_0) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_account_name_0, length_account_name_0); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.account_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.account_name, ndr_get_array_length(ndr, &r->in.account_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_account_name_0, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.account_name, length_account_name_0, sizeof(uint16_t), CH_UTF16)); NDR_CHECK(ndr_pull_netr_SchannelType(ndr, NDR_SCALARS, &r->in.secure_channel_type)); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.computer_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.computer_name)); - if (ndr_get_array_length(ndr, &r->in.computer_name) > ndr_get_array_size(ndr, &r->in.computer_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.computer_name), ndr_get_array_length(ndr, &r->in.computer_name)); + size_computer_name_0 = ndr_get_array_size(ndr, &r->in.computer_name); + length_computer_name_0 = ndr_get_array_length(ndr, &r->in.computer_name); + if (length_computer_name_0 > size_computer_name_0) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_computer_name_0, length_computer_name_0); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.computer_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.computer_name, ndr_get_array_length(ndr, &r->in.computer_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_computer_name_0, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.computer_name, length_computer_name_0, sizeof(uint16_t), CH_UTF16)); if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) { NDR_PULL_ALLOC(ndr, r->in.credentials); } @@ -9176,6 +9400,12 @@ static enum ndr_err_code ndr_push_netr_ServerPasswordSet(struct ndr_push *ndr, i static enum ndr_err_code ndr_pull_netr_ServerPasswordSet(struct ndr_pull *ndr, int flags, struct netr_ServerPasswordSet *r) { uint32_t _ptr_server_name; + uint32_t size_server_name_1 = 0; + uint32_t length_server_name_1 = 0; + uint32_t size_account_name_0 = 0; + uint32_t length_account_name_0 = 0; + uint32_t size_computer_name_0 = 0; + uint32_t length_computer_name_0 = 0; TALLOC_CTX *_mem_save_server_name_0; TALLOC_CTX *_mem_save_credential_0; TALLOC_CTX *_mem_save_return_authenticator_0; @@ -9194,28 +9424,34 @@ static enum ndr_err_code ndr_pull_netr_ServerPasswordSet(struct ndr_pull *ndr, i NDR_PULL_SET_MEM_CTX(ndr, r->in.server_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.server_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.server_name)); - if (ndr_get_array_length(ndr, &r->in.server_name) > ndr_get_array_size(ndr, &r->in.server_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.server_name), ndr_get_array_length(ndr, &r->in.server_name)); + size_server_name_1 = ndr_get_array_size(ndr, &r->in.server_name); + length_server_name_1 = ndr_get_array_length(ndr, &r->in.server_name); + if (length_server_name_1 > size_server_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_name_1, length_server_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.server_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_name, ndr_get_array_length(ndr, &r->in.server_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_name, length_server_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_name_0, 0); } NDR_CHECK(ndr_pull_array_size(ndr, &r->in.account_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.account_name)); - if (ndr_get_array_length(ndr, &r->in.account_name) > ndr_get_array_size(ndr, &r->in.account_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.account_name), ndr_get_array_length(ndr, &r->in.account_name)); + size_account_name_0 = ndr_get_array_size(ndr, &r->in.account_name); + length_account_name_0 = ndr_get_array_length(ndr, &r->in.account_name); + if (length_account_name_0 > size_account_name_0) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_account_name_0, length_account_name_0); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.account_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.account_name, ndr_get_array_length(ndr, &r->in.account_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_account_name_0, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.account_name, length_account_name_0, sizeof(uint16_t), CH_UTF16)); NDR_CHECK(ndr_pull_netr_SchannelType(ndr, NDR_SCALARS, &r->in.secure_channel_type)); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.computer_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.computer_name)); - if (ndr_get_array_length(ndr, &r->in.computer_name) > ndr_get_array_size(ndr, &r->in.computer_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.computer_name), ndr_get_array_length(ndr, &r->in.computer_name)); + size_computer_name_0 = ndr_get_array_size(ndr, &r->in.computer_name); + length_computer_name_0 = ndr_get_array_length(ndr, &r->in.computer_name); + if (length_computer_name_0 > size_computer_name_0) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_computer_name_0, length_computer_name_0); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.computer_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.computer_name, ndr_get_array_length(ndr, &r->in.computer_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_computer_name_0, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.computer_name, length_computer_name_0, sizeof(uint16_t), CH_UTF16)); if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) { NDR_PULL_ALLOC(ndr, r->in.credential); } @@ -9337,6 +9573,10 @@ static enum ndr_err_code ndr_push_netr_DatabaseDeltas(struct ndr_push *ndr, int static enum ndr_err_code ndr_pull_netr_DatabaseDeltas(struct ndr_pull *ndr, int flags, struct netr_DatabaseDeltas *r) { + uint32_t size_logon_server_0 = 0; + uint32_t length_logon_server_0 = 0; + uint32_t size_computername_0 = 0; + uint32_t length_computername_0 = 0; uint32_t _ptr_delta_enum_array; TALLOC_CTX *_mem_save_credential_0; TALLOC_CTX *_mem_save_return_authenticator_0; @@ -9348,18 +9588,22 @@ static enum ndr_err_code ndr_pull_netr_DatabaseDeltas(struct ndr_pull *ndr, int NDR_CHECK(ndr_pull_array_size(ndr, &r->in.logon_server)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.logon_server)); - if (ndr_get_array_length(ndr, &r->in.logon_server) > ndr_get_array_size(ndr, &r->in.logon_server)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.logon_server), ndr_get_array_length(ndr, &r->in.logon_server)); + size_logon_server_0 = ndr_get_array_size(ndr, &r->in.logon_server); + length_logon_server_0 = ndr_get_array_length(ndr, &r->in.logon_server); + if (length_logon_server_0 > size_logon_server_0) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_logon_server_0, length_logon_server_0); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.logon_server), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.logon_server, ndr_get_array_length(ndr, &r->in.logon_server), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_logon_server_0, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.logon_server, length_logon_server_0, sizeof(uint16_t), CH_UTF16)); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.computername)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.computername)); - if (ndr_get_array_length(ndr, &r->in.computername) > ndr_get_array_size(ndr, &r->in.computername)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.computername), ndr_get_array_length(ndr, &r->in.computername)); + size_computername_0 = ndr_get_array_size(ndr, &r->in.computername); + length_computername_0 = ndr_get_array_length(ndr, &r->in.computername); + if (length_computername_0 > size_computername_0) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_computername_0, length_computername_0); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.computername), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.computername, ndr_get_array_length(ndr, &r->in.computername), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_computername_0, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.computername, length_computername_0, sizeof(uint16_t), CH_UTF16)); if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) { NDR_PULL_ALLOC(ndr, r->in.credential); } @@ -9525,6 +9769,10 @@ static enum ndr_err_code ndr_push_netr_DatabaseSync(struct ndr_push *ndr, int fl static enum ndr_err_code ndr_pull_netr_DatabaseSync(struct ndr_pull *ndr, int flags, struct netr_DatabaseSync *r) { + uint32_t size_logon_server_0 = 0; + uint32_t length_logon_server_0 = 0; + uint32_t size_computername_0 = 0; + uint32_t length_computername_0 = 0; TALLOC_CTX *_mem_save_return_authenticator_0; TALLOC_CTX *_mem_save_sync_context_0; TALLOC_CTX *_mem_save_delta_enum_array_0; @@ -9533,18 +9781,22 @@ static enum ndr_err_code ndr_pull_netr_DatabaseSync(struct ndr_pull *ndr, int fl NDR_CHECK(ndr_pull_array_size(ndr, &r->in.logon_server)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.logon_server)); - if (ndr_get_array_length(ndr, &r->in.logon_server) > ndr_get_array_size(ndr, &r->in.logon_server)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.logon_server), ndr_get_array_length(ndr, &r->in.logon_server)); + size_logon_server_0 = ndr_get_array_size(ndr, &r->in.logon_server); + length_logon_server_0 = ndr_get_array_length(ndr, &r->in.logon_server); + if (length_logon_server_0 > size_logon_server_0) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_logon_server_0, length_logon_server_0); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.logon_server), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.logon_server, ndr_get_array_length(ndr, &r->in.logon_server), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_logon_server_0, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.logon_server, length_logon_server_0, sizeof(uint16_t), CH_UTF16)); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.computername)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.computername)); - if (ndr_get_array_length(ndr, &r->in.computername) > ndr_get_array_size(ndr, &r->in.computername)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.computername), ndr_get_array_length(ndr, &r->in.computername)); + size_computername_0 = ndr_get_array_size(ndr, &r->in.computername); + length_computername_0 = ndr_get_array_length(ndr, &r->in.computername); + if (length_computername_0 > size_computername_0) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_computername_0, length_computername_0); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.computername), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.computername, ndr_get_array_length(ndr, &r->in.computername), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_computername_0, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.computername, length_computername_0, sizeof(uint16_t), CH_UTF16)); NDR_CHECK(ndr_pull_netr_Authenticator(ndr, NDR_SCALARS, &r->in.credential)); if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) { NDR_PULL_ALLOC(ndr, r->in.return_authenticator); @@ -9700,6 +9952,10 @@ static enum ndr_err_code ndr_push_netr_AccountDeltas(struct ndr_push *ndr, int f static enum ndr_err_code ndr_pull_netr_AccountDeltas(struct ndr_pull *ndr, int flags, struct netr_AccountDeltas *r) { uint32_t _ptr_logon_server; + uint32_t size_logon_server_1 = 0; + uint32_t length_logon_server_1 = 0; + uint32_t size_computername_0 = 0; + uint32_t length_computername_0 = 0; TALLOC_CTX *_mem_save_logon_server_0; TALLOC_CTX *_mem_save_return_authenticator_0; TALLOC_CTX *_mem_save_buffer_0; @@ -9720,20 +9976,24 @@ static enum ndr_err_code ndr_pull_netr_AccountDeltas(struct ndr_pull *ndr, int f NDR_PULL_SET_MEM_CTX(ndr, r->in.logon_server, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.logon_server)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.logon_server)); - if (ndr_get_array_length(ndr, &r->in.logon_server) > ndr_get_array_size(ndr, &r->in.logon_server)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.logon_server), ndr_get_array_length(ndr, &r->in.logon_server)); + size_logon_server_1 = ndr_get_array_size(ndr, &r->in.logon_server); + length_logon_server_1 = ndr_get_array_length(ndr, &r->in.logon_server); + if (length_logon_server_1 > size_logon_server_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_logon_server_1, length_logon_server_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.logon_server), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.logon_server, ndr_get_array_length(ndr, &r->in.logon_server), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_logon_server_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.logon_server, length_logon_server_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_logon_server_0, 0); } NDR_CHECK(ndr_pull_array_size(ndr, &r->in.computername)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.computername)); - if (ndr_get_array_length(ndr, &r->in.computername) > ndr_get_array_size(ndr, &r->in.computername)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.computername), ndr_get_array_length(ndr, &r->in.computername)); + size_computername_0 = ndr_get_array_size(ndr, &r->in.computername); + length_computername_0 = ndr_get_array_length(ndr, &r->in.computername); + if (length_computername_0 > size_computername_0) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_computername_0, length_computername_0); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.computername), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.computername, ndr_get_array_length(ndr, &r->in.computername), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_computername_0, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.computername, length_computername_0, sizeof(uint16_t), CH_UTF16)); NDR_CHECK(ndr_pull_netr_Authenticator(ndr, NDR_SCALARS, &r->in.credential)); if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) { NDR_PULL_ALLOC(ndr, r->in.return_authenticator); @@ -9925,6 +10185,10 @@ static enum ndr_err_code ndr_push_netr_AccountSync(struct ndr_push *ndr, int fla static enum ndr_err_code ndr_pull_netr_AccountSync(struct ndr_pull *ndr, int flags, struct netr_AccountSync *r) { uint32_t _ptr_logon_server; + uint32_t size_logon_server_1 = 0; + uint32_t length_logon_server_1 = 0; + uint32_t size_computername_0 = 0; + uint32_t length_computername_0 = 0; TALLOC_CTX *_mem_save_logon_server_0; TALLOC_CTX *_mem_save_return_authenticator_0; TALLOC_CTX *_mem_save_buffer_0; @@ -9946,20 +10210,24 @@ static enum ndr_err_code ndr_pull_netr_AccountSync(struct ndr_pull *ndr, int fla NDR_PULL_SET_MEM_CTX(ndr, r->in.logon_server, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.logon_server)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.logon_server)); - if (ndr_get_array_length(ndr, &r->in.logon_server) > ndr_get_array_size(ndr, &r->in.logon_server)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.logon_server), ndr_get_array_length(ndr, &r->in.logon_server)); + size_logon_server_1 = ndr_get_array_size(ndr, &r->in.logon_server); + length_logon_server_1 = ndr_get_array_length(ndr, &r->in.logon_server); + if (length_logon_server_1 > size_logon_server_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_logon_server_1, length_logon_server_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.logon_server), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.logon_server, ndr_get_array_length(ndr, &r->in.logon_server), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_logon_server_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.logon_server, length_logon_server_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_logon_server_0, 0); } NDR_CHECK(ndr_pull_array_size(ndr, &r->in.computername)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.computername)); - if (ndr_get_array_length(ndr, &r->in.computername) > ndr_get_array_size(ndr, &r->in.computername)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.computername), ndr_get_array_length(ndr, &r->in.computername)); + size_computername_0 = ndr_get_array_size(ndr, &r->in.computername); + length_computername_0 = ndr_get_array_length(ndr, &r->in.computername); + if (length_computername_0 > size_computername_0) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_computername_0, length_computername_0); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.computername), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.computername, ndr_get_array_length(ndr, &r->in.computername), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_computername_0, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.computername, length_computername_0, sizeof(uint16_t), CH_UTF16)); NDR_CHECK(ndr_pull_netr_Authenticator(ndr, NDR_SCALARS, &r->in.credential)); if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) { NDR_PULL_ALLOC(ndr, r->in.return_authenticator); @@ -10141,8 +10409,14 @@ static enum ndr_err_code ndr_push_netr_GetDcName(struct ndr_push *ndr, int flags static enum ndr_err_code ndr_pull_netr_GetDcName(struct ndr_pull *ndr, int flags, struct netr_GetDcName *r) { + uint32_t size_logon_server_0 = 0; + uint32_t length_logon_server_0 = 0; uint32_t _ptr_domainname; + uint32_t size_domainname_1 = 0; + uint32_t length_domainname_1 = 0; uint32_t _ptr_dcname; + uint32_t size_dcname_2 = 0; + uint32_t length_dcname_2 = 0; TALLOC_CTX *_mem_save_domainname_0; TALLOC_CTX *_mem_save_dcname_0; TALLOC_CTX *_mem_save_dcname_1; @@ -10151,11 +10425,13 @@ static enum ndr_err_code ndr_pull_netr_GetDcName(struct ndr_pull *ndr, int flags NDR_CHECK(ndr_pull_array_size(ndr, &r->in.logon_server)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.logon_server)); - if (ndr_get_array_length(ndr, &r->in.logon_server) > ndr_get_array_size(ndr, &r->in.logon_server)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.logon_server), ndr_get_array_length(ndr, &r->in.logon_server)); + size_logon_server_0 = ndr_get_array_size(ndr, &r->in.logon_server); + length_logon_server_0 = ndr_get_array_length(ndr, &r->in.logon_server); + if (length_logon_server_0 > size_logon_server_0) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_logon_server_0, length_logon_server_0); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.logon_server), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.logon_server, ndr_get_array_length(ndr, &r->in.logon_server), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_logon_server_0, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.logon_server, length_logon_server_0, sizeof(uint16_t), CH_UTF16)); NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_domainname)); if (_ptr_domainname) { NDR_PULL_ALLOC(ndr, r->in.domainname); @@ -10167,11 +10443,13 @@ static enum ndr_err_code ndr_pull_netr_GetDcName(struct ndr_pull *ndr, int flags NDR_PULL_SET_MEM_CTX(ndr, r->in.domainname, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.domainname)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.domainname)); - if (ndr_get_array_length(ndr, &r->in.domainname) > ndr_get_array_size(ndr, &r->in.domainname)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.domainname), ndr_get_array_length(ndr, &r->in.domainname)); + size_domainname_1 = ndr_get_array_size(ndr, &r->in.domainname); + length_domainname_1 = ndr_get_array_length(ndr, &r->in.domainname); + if (length_domainname_1 > size_domainname_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_domainname_1, length_domainname_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.domainname), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.domainname, ndr_get_array_length(ndr, &r->in.domainname), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_domainname_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.domainname, length_domainname_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_domainname_0, 0); } NDR_PULL_ALLOC(ndr, r->out.dcname); @@ -10194,11 +10472,13 @@ static enum ndr_err_code ndr_pull_netr_GetDcName(struct ndr_pull *ndr, int flags NDR_PULL_SET_MEM_CTX(ndr, *r->out.dcname, 0); NDR_CHECK(ndr_pull_array_size(ndr, r->out.dcname)); NDR_CHECK(ndr_pull_array_length(ndr, r->out.dcname)); - if (ndr_get_array_length(ndr, r->out.dcname) > ndr_get_array_size(ndr, r->out.dcname)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, r->out.dcname), ndr_get_array_length(ndr, r->out.dcname)); + size_dcname_2 = ndr_get_array_size(ndr, r->out.dcname); + length_dcname_2 = ndr_get_array_length(ndr, r->out.dcname); + if (length_dcname_2 > size_dcname_2) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_dcname_2, length_dcname_2); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, r->out.dcname), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, r->out.dcname, ndr_get_array_length(ndr, r->out.dcname), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_dcname_2, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, r->out.dcname, length_dcname_2, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_dcname_1, 0); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_dcname_0, LIBNDR_FLAG_REF_ALLOC); @@ -10271,6 +10551,8 @@ static enum ndr_err_code ndr_push_netr_LogonControl(struct ndr_push *ndr, int fl static enum ndr_err_code ndr_pull_netr_LogonControl(struct ndr_pull *ndr, int flags, struct netr_LogonControl *r) { uint32_t _ptr_logon_server; + uint32_t size_logon_server_1 = 0; + uint32_t length_logon_server_1 = 0; TALLOC_CTX *_mem_save_logon_server_0; TALLOC_CTX *_mem_save_info_0; if (flags & NDR_IN) { @@ -10287,11 +10569,13 @@ static enum ndr_err_code ndr_pull_netr_LogonControl(struct ndr_pull *ndr, int fl NDR_PULL_SET_MEM_CTX(ndr, r->in.logon_server, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.logon_server)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.logon_server)); - if (ndr_get_array_length(ndr, &r->in.logon_server) > ndr_get_array_size(ndr, &r->in.logon_server)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.logon_server), ndr_get_array_length(ndr, &r->in.logon_server)); + size_logon_server_1 = ndr_get_array_size(ndr, &r->in.logon_server); + length_logon_server_1 = ndr_get_array_length(ndr, &r->in.logon_server); + if (length_logon_server_1 > size_logon_server_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_logon_server_1, length_logon_server_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.logon_server), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.logon_server, ndr_get_array_length(ndr, &r->in.logon_server), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_logon_server_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.logon_server, length_logon_server_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_logon_server_0, 0); } NDR_CHECK(ndr_pull_netr_LogonControlCode(ndr, NDR_SCALARS, &r->in.function_code)); @@ -10384,8 +10668,14 @@ static enum ndr_err_code ndr_push_netr_GetAnyDCName(struct ndr_push *ndr, int fl static enum ndr_err_code ndr_pull_netr_GetAnyDCName(struct ndr_pull *ndr, int flags, struct netr_GetAnyDCName *r) { uint32_t _ptr_logon_server; + uint32_t size_logon_server_1 = 0; + uint32_t length_logon_server_1 = 0; uint32_t _ptr_domainname; + uint32_t size_domainname_1 = 0; + uint32_t length_domainname_1 = 0; uint32_t _ptr_dcname; + uint32_t size_dcname_2 = 0; + uint32_t length_dcname_2 = 0; TALLOC_CTX *_mem_save_logon_server_0; TALLOC_CTX *_mem_save_domainname_0; TALLOC_CTX *_mem_save_dcname_0; @@ -10404,11 +10694,13 @@ static enum ndr_err_code ndr_pull_netr_GetAnyDCName(struct ndr_pull *ndr, int fl NDR_PULL_SET_MEM_CTX(ndr, r->in.logon_server, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.logon_server)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.logon_server)); - if (ndr_get_array_length(ndr, &r->in.logon_server) > ndr_get_array_size(ndr, &r->in.logon_server)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.logon_server), ndr_get_array_length(ndr, &r->in.logon_server)); + size_logon_server_1 = ndr_get_array_size(ndr, &r->in.logon_server); + length_logon_server_1 = ndr_get_array_length(ndr, &r->in.logon_server); + if (length_logon_server_1 > size_logon_server_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_logon_server_1, length_logon_server_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.logon_server), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.logon_server, ndr_get_array_length(ndr, &r->in.logon_server), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_logon_server_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.logon_server, length_logon_server_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_logon_server_0, 0); } NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_domainname)); @@ -10422,11 +10714,13 @@ static enum ndr_err_code ndr_pull_netr_GetAnyDCName(struct ndr_pull *ndr, int fl NDR_PULL_SET_MEM_CTX(ndr, r->in.domainname, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.domainname)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.domainname)); - if (ndr_get_array_length(ndr, &r->in.domainname) > ndr_get_array_size(ndr, &r->in.domainname)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.domainname), ndr_get_array_length(ndr, &r->in.domainname)); + size_domainname_1 = ndr_get_array_size(ndr, &r->in.domainname); + length_domainname_1 = ndr_get_array_length(ndr, &r->in.domainname); + if (length_domainname_1 > size_domainname_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_domainname_1, length_domainname_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.domainname), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.domainname, ndr_get_array_length(ndr, &r->in.domainname), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_domainname_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.domainname, length_domainname_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_domainname_0, 0); } NDR_PULL_ALLOC(ndr, r->out.dcname); @@ -10449,11 +10743,13 @@ static enum ndr_err_code ndr_pull_netr_GetAnyDCName(struct ndr_pull *ndr, int fl NDR_PULL_SET_MEM_CTX(ndr, *r->out.dcname, 0); NDR_CHECK(ndr_pull_array_size(ndr, r->out.dcname)); NDR_CHECK(ndr_pull_array_length(ndr, r->out.dcname)); - if (ndr_get_array_length(ndr, r->out.dcname) > ndr_get_array_size(ndr, r->out.dcname)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, r->out.dcname), ndr_get_array_length(ndr, r->out.dcname)); + size_dcname_2 = ndr_get_array_size(ndr, r->out.dcname); + length_dcname_2 = ndr_get_array_length(ndr, r->out.dcname); + if (length_dcname_2 > size_dcname_2) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_dcname_2, length_dcname_2); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, r->out.dcname), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, r->out.dcname, ndr_get_array_length(ndr, r->out.dcname), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_dcname_2, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, r->out.dcname, length_dcname_2, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_dcname_1, 0); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_dcname_0, LIBNDR_FLAG_REF_ALLOC); @@ -10536,6 +10832,8 @@ static enum ndr_err_code ndr_push_netr_LogonControl2(struct ndr_push *ndr, int f static enum ndr_err_code ndr_pull_netr_LogonControl2(struct ndr_pull *ndr, int flags, struct netr_LogonControl2 *r) { uint32_t _ptr_logon_server; + uint32_t size_logon_server_1 = 0; + uint32_t length_logon_server_1 = 0; TALLOC_CTX *_mem_save_logon_server_0; TALLOC_CTX *_mem_save_data_0; TALLOC_CTX *_mem_save_query_0; @@ -10553,11 +10851,13 @@ static enum ndr_err_code ndr_pull_netr_LogonControl2(struct ndr_pull *ndr, int f NDR_PULL_SET_MEM_CTX(ndr, r->in.logon_server, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.logon_server)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.logon_server)); - if (ndr_get_array_length(ndr, &r->in.logon_server) > ndr_get_array_size(ndr, &r->in.logon_server)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.logon_server), ndr_get_array_length(ndr, &r->in.logon_server)); + size_logon_server_1 = ndr_get_array_size(ndr, &r->in.logon_server); + length_logon_server_1 = ndr_get_array_length(ndr, &r->in.logon_server); + if (length_logon_server_1 > size_logon_server_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_logon_server_1, length_logon_server_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.logon_server), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.logon_server, ndr_get_array_length(ndr, &r->in.logon_server), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_logon_server_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.logon_server, length_logon_server_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_logon_server_0, 0); } NDR_CHECK(ndr_pull_netr_LogonControlCode(ndr, NDR_SCALARS, &r->in.function_code)); @@ -10671,6 +10971,12 @@ static enum ndr_err_code ndr_push_netr_ServerAuthenticate2(struct ndr_push *ndr, static enum ndr_err_code ndr_pull_netr_ServerAuthenticate2(struct ndr_pull *ndr, int flags, struct netr_ServerAuthenticate2 *r) { uint32_t _ptr_server_name; + uint32_t size_server_name_1 = 0; + uint32_t length_server_name_1 = 0; + uint32_t size_account_name_0 = 0; + uint32_t length_account_name_0 = 0; + uint32_t size_computer_name_0 = 0; + uint32_t length_computer_name_0 = 0; TALLOC_CTX *_mem_save_server_name_0; TALLOC_CTX *_mem_save_credentials_0; TALLOC_CTX *_mem_save_return_credentials_0; @@ -10689,28 +10995,34 @@ static enum ndr_err_code ndr_pull_netr_ServerAuthenticate2(struct ndr_pull *ndr, NDR_PULL_SET_MEM_CTX(ndr, r->in.server_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.server_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.server_name)); - if (ndr_get_array_length(ndr, &r->in.server_name) > ndr_get_array_size(ndr, &r->in.server_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.server_name), ndr_get_array_length(ndr, &r->in.server_name)); + size_server_name_1 = ndr_get_array_size(ndr, &r->in.server_name); + length_server_name_1 = ndr_get_array_length(ndr, &r->in.server_name); + if (length_server_name_1 > size_server_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_name_1, length_server_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.server_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_name, ndr_get_array_length(ndr, &r->in.server_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_name, length_server_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_name_0, 0); } NDR_CHECK(ndr_pull_array_size(ndr, &r->in.account_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.account_name)); - if (ndr_get_array_length(ndr, &r->in.account_name) > ndr_get_array_size(ndr, &r->in.account_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.account_name), ndr_get_array_length(ndr, &r->in.account_name)); + size_account_name_0 = ndr_get_array_size(ndr, &r->in.account_name); + length_account_name_0 = ndr_get_array_length(ndr, &r->in.account_name); + if (length_account_name_0 > size_account_name_0) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_account_name_0, length_account_name_0); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.account_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.account_name, ndr_get_array_length(ndr, &r->in.account_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_account_name_0, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.account_name, length_account_name_0, sizeof(uint16_t), CH_UTF16)); NDR_CHECK(ndr_pull_netr_SchannelType(ndr, NDR_SCALARS, &r->in.secure_channel_type)); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.computer_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.computer_name)); - if (ndr_get_array_length(ndr, &r->in.computer_name) > ndr_get_array_size(ndr, &r->in.computer_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.computer_name), ndr_get_array_length(ndr, &r->in.computer_name)); + size_computer_name_0 = ndr_get_array_size(ndr, &r->in.computer_name); + length_computer_name_0 = ndr_get_array_length(ndr, &r->in.computer_name); + if (length_computer_name_0 > size_computer_name_0) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_computer_name_0, length_computer_name_0); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.computer_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.computer_name, ndr_get_array_length(ndr, &r->in.computer_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_computer_name_0, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.computer_name, length_computer_name_0, sizeof(uint16_t), CH_UTF16)); if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) { NDR_PULL_ALLOC(ndr, r->in.credentials); } @@ -10846,6 +11158,10 @@ static enum ndr_err_code ndr_push_netr_DatabaseSync2(struct ndr_push *ndr, int f static enum ndr_err_code ndr_pull_netr_DatabaseSync2(struct ndr_pull *ndr, int flags, struct netr_DatabaseSync2 *r) { + uint32_t size_logon_server_0 = 0; + uint32_t length_logon_server_0 = 0; + uint32_t size_computername_0 = 0; + uint32_t length_computername_0 = 0; uint32_t _ptr_delta_enum_array; TALLOC_CTX *_mem_save_credential_0; TALLOC_CTX *_mem_save_return_authenticator_0; @@ -10857,18 +11173,22 @@ static enum ndr_err_code ndr_pull_netr_DatabaseSync2(struct ndr_pull *ndr, int f NDR_CHECK(ndr_pull_array_size(ndr, &r->in.logon_server)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.logon_server)); - if (ndr_get_array_length(ndr, &r->in.logon_server) > ndr_get_array_size(ndr, &r->in.logon_server)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.logon_server), ndr_get_array_length(ndr, &r->in.logon_server)); + size_logon_server_0 = ndr_get_array_size(ndr, &r->in.logon_server); + length_logon_server_0 = ndr_get_array_length(ndr, &r->in.logon_server); + if (length_logon_server_0 > size_logon_server_0) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_logon_server_0, length_logon_server_0); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.logon_server), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.logon_server, ndr_get_array_length(ndr, &r->in.logon_server), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_logon_server_0, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.logon_server, length_logon_server_0, sizeof(uint16_t), CH_UTF16)); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.computername)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.computername)); - if (ndr_get_array_length(ndr, &r->in.computername) > ndr_get_array_size(ndr, &r->in.computername)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.computername), ndr_get_array_length(ndr, &r->in.computername)); + size_computername_0 = ndr_get_array_size(ndr, &r->in.computername); + length_computername_0 = ndr_get_array_length(ndr, &r->in.computername); + if (length_computername_0 > size_computername_0) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_computername_0, length_computername_0); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.computername), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.computername, ndr_get_array_length(ndr, &r->in.computername), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_computername_0, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.computername, length_computername_0, sizeof(uint16_t), CH_UTF16)); if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) { NDR_PULL_ALLOC(ndr, r->in.credential); } @@ -11039,6 +11359,10 @@ static enum ndr_err_code ndr_push_netr_DatabaseRedo(struct ndr_push *ndr, int fl static enum ndr_err_code ndr_pull_netr_DatabaseRedo(struct ndr_pull *ndr, int flags, struct netr_DatabaseRedo *r) { + uint32_t size_logon_server_0 = 0; + uint32_t length_logon_server_0 = 0; + uint32_t size_computername_0 = 0; + uint32_t length_computername_0 = 0; uint32_t _ptr_delta_enum_array; TALLOC_CTX *_mem_save_credential_0; TALLOC_CTX *_mem_save_return_authenticator_0; @@ -11049,18 +11373,22 @@ static enum ndr_err_code ndr_pull_netr_DatabaseRedo(struct ndr_pull *ndr, int fl NDR_CHECK(ndr_pull_array_size(ndr, &r->in.logon_server)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.logon_server)); - if (ndr_get_array_length(ndr, &r->in.logon_server) > ndr_get_array_size(ndr, &r->in.logon_server)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.logon_server), ndr_get_array_length(ndr, &r->in.logon_server)); + size_logon_server_0 = ndr_get_array_size(ndr, &r->in.logon_server); + length_logon_server_0 = ndr_get_array_length(ndr, &r->in.logon_server); + if (length_logon_server_0 > size_logon_server_0) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_logon_server_0, length_logon_server_0); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.logon_server), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.logon_server, ndr_get_array_length(ndr, &r->in.logon_server), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_logon_server_0, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.logon_server, length_logon_server_0, sizeof(uint16_t), CH_UTF16)); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.computername)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.computername)); - if (ndr_get_array_length(ndr, &r->in.computername) > ndr_get_array_size(ndr, &r->in.computername)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.computername), ndr_get_array_length(ndr, &r->in.computername)); + size_computername_0 = ndr_get_array_size(ndr, &r->in.computername); + length_computername_0 = ndr_get_array_length(ndr, &r->in.computername); + if (length_computername_0 > size_computername_0) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_computername_0, length_computername_0); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.computername), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.computername, ndr_get_array_length(ndr, &r->in.computername), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_computername_0, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.computername, length_computername_0, sizeof(uint16_t), CH_UTF16)); if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) { NDR_PULL_ALLOC(ndr, r->in.credential); } @@ -11193,6 +11521,8 @@ static enum ndr_err_code ndr_push_netr_LogonControl2Ex(struct ndr_push *ndr, int static enum ndr_err_code ndr_pull_netr_LogonControl2Ex(struct ndr_pull *ndr, int flags, struct netr_LogonControl2Ex *r) { uint32_t _ptr_logon_server; + uint32_t size_logon_server_1 = 0; + uint32_t length_logon_server_1 = 0; TALLOC_CTX *_mem_save_logon_server_0; TALLOC_CTX *_mem_save_query_0; if (flags & NDR_IN) { @@ -11209,11 +11539,13 @@ static enum ndr_err_code ndr_pull_netr_LogonControl2Ex(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->in.logon_server, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.logon_server)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.logon_server)); - if (ndr_get_array_length(ndr, &r->in.logon_server) > ndr_get_array_size(ndr, &r->in.logon_server)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.logon_server), ndr_get_array_length(ndr, &r->in.logon_server)); + size_logon_server_1 = ndr_get_array_size(ndr, &r->in.logon_server); + length_logon_server_1 = ndr_get_array_length(ndr, &r->in.logon_server); + if (length_logon_server_1 > size_logon_server_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_logon_server_1, length_logon_server_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.logon_server), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.logon_server, ndr_get_array_length(ndr, &r->in.logon_server), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_logon_server_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.logon_server, length_logon_server_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_logon_server_0, 0); } NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.function_code)); @@ -11297,6 +11629,8 @@ static enum ndr_err_code ndr_push_netr_NetrEnumerateTrustedDomains(struct ndr_pu static enum ndr_err_code ndr_pull_netr_NetrEnumerateTrustedDomains(struct ndr_pull *ndr, int flags, struct netr_NetrEnumerateTrustedDomains *r) { uint32_t _ptr_server_name; + uint32_t size_server_name_1 = 0; + uint32_t length_server_name_1 = 0; TALLOC_CTX *_mem_save_server_name_0; TALLOC_CTX *_mem_save_trusted_domains_blob_0; if (flags & NDR_IN) { @@ -11313,11 +11647,13 @@ static enum ndr_err_code ndr_pull_netr_NetrEnumerateTrustedDomains(struct ndr_pu NDR_PULL_SET_MEM_CTX(ndr, r->in.server_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.server_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.server_name)); - if (ndr_get_array_length(ndr, &r->in.server_name) > ndr_get_array_size(ndr, &r->in.server_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.server_name), ndr_get_array_length(ndr, &r->in.server_name)); + size_server_name_1 = ndr_get_array_size(ndr, &r->in.server_name); + length_server_name_1 = ndr_get_array_length(ndr, &r->in.server_name); + if (length_server_name_1 > size_server_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_name_1, length_server_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.server_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_name, ndr_get_array_length(ndr, &r->in.server_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_name, length_server_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_name_0, 0); } NDR_PULL_ALLOC(ndr, r->out.trusted_domains_blob); @@ -11410,7 +11746,11 @@ static enum ndr_err_code ndr_push_netr_DsRGetDCName(struct ndr_push *ndr, int fl static enum ndr_err_code ndr_pull_netr_DsRGetDCName(struct ndr_pull *ndr, int flags, struct netr_DsRGetDCName *r) { uint32_t _ptr_server_unc; + uint32_t size_server_unc_1 = 0; + uint32_t length_server_unc_1 = 0; uint32_t _ptr_domain_name; + uint32_t size_domain_name_1 = 0; + uint32_t length_domain_name_1 = 0; uint32_t _ptr_domain_guid; uint32_t _ptr_site_guid; uint32_t _ptr_info; @@ -11434,11 +11774,13 @@ static enum ndr_err_code ndr_pull_netr_DsRGetDCName(struct ndr_pull *ndr, int fl NDR_PULL_SET_MEM_CTX(ndr, r->in.server_unc, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.server_unc)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.server_unc)); - if (ndr_get_array_length(ndr, &r->in.server_unc) > ndr_get_array_size(ndr, &r->in.server_unc)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.server_unc), ndr_get_array_length(ndr, &r->in.server_unc)); + size_server_unc_1 = ndr_get_array_size(ndr, &r->in.server_unc); + length_server_unc_1 = ndr_get_array_length(ndr, &r->in.server_unc); + if (length_server_unc_1 > size_server_unc_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_unc_1, length_server_unc_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.server_unc), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_unc, ndr_get_array_length(ndr, &r->in.server_unc), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_unc_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_unc, length_server_unc_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_unc_0, 0); } NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_domain_name)); @@ -11452,11 +11794,13 @@ static enum ndr_err_code ndr_pull_netr_DsRGetDCName(struct ndr_pull *ndr, int fl NDR_PULL_SET_MEM_CTX(ndr, r->in.domain_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.domain_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.domain_name)); - if (ndr_get_array_length(ndr, &r->in.domain_name) > ndr_get_array_size(ndr, &r->in.domain_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.domain_name), ndr_get_array_length(ndr, &r->in.domain_name)); + size_domain_name_1 = ndr_get_array_size(ndr, &r->in.domain_name); + length_domain_name_1 = ndr_get_array_length(ndr, &r->in.domain_name); + if (length_domain_name_1 > size_domain_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_domain_name_1, length_domain_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.domain_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.domain_name, ndr_get_array_length(ndr, &r->in.domain_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_domain_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.domain_name, length_domain_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_domain_name_0, 0); } NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_domain_guid)); @@ -11607,7 +11951,11 @@ static enum ndr_err_code ndr_push_netr_LogonGetCapabilities(struct ndr_push *ndr static enum ndr_err_code ndr_pull_netr_LogonGetCapabilities(struct ndr_pull *ndr, int flags, struct netr_LogonGetCapabilities *r) { + uint32_t size_server_name_0 = 0; + uint32_t length_server_name_0 = 0; uint32_t _ptr_computer_name; + uint32_t size_computer_name_1 = 0; + uint32_t length_computer_name_1 = 0; TALLOC_CTX *_mem_save_computer_name_0; TALLOC_CTX *_mem_save_credential_0; TALLOC_CTX *_mem_save_return_authenticator_0; @@ -11617,11 +11965,13 @@ static enum ndr_err_code ndr_pull_netr_LogonGetCapabilities(struct ndr_pull *ndr NDR_CHECK(ndr_pull_array_size(ndr, &r->in.server_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.server_name)); - if (ndr_get_array_length(ndr, &r->in.server_name) > ndr_get_array_size(ndr, &r->in.server_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.server_name), ndr_get_array_length(ndr, &r->in.server_name)); + size_server_name_0 = ndr_get_array_size(ndr, &r->in.server_name); + length_server_name_0 = ndr_get_array_length(ndr, &r->in.server_name); + if (length_server_name_0 > size_server_name_0) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_name_0, length_server_name_0); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.server_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_name, ndr_get_array_length(ndr, &r->in.server_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_name_0, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_name, length_server_name_0, sizeof(uint16_t), CH_UTF16)); NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_computer_name)); if (_ptr_computer_name) { NDR_PULL_ALLOC(ndr, r->in.computer_name); @@ -11633,11 +11983,13 @@ static enum ndr_err_code ndr_pull_netr_LogonGetCapabilities(struct ndr_pull *ndr NDR_PULL_SET_MEM_CTX(ndr, r->in.computer_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.computer_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.computer_name)); - if (ndr_get_array_length(ndr, &r->in.computer_name) > ndr_get_array_size(ndr, &r->in.computer_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.computer_name), ndr_get_array_length(ndr, &r->in.computer_name)); + size_computer_name_1 = ndr_get_array_size(ndr, &r->in.computer_name); + length_computer_name_1 = ndr_get_array_length(ndr, &r->in.computer_name); + if (length_computer_name_1 > size_computer_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_computer_name_1, length_computer_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.computer_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.computer_name, ndr_get_array_length(ndr, &r->in.computer_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_computer_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.computer_name, length_computer_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_computer_name_0, 0); } if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) { @@ -11799,7 +12151,11 @@ static enum ndr_err_code ndr_push_netr_LogonGetTrustRid(struct ndr_push *ndr, in static enum ndr_err_code ndr_pull_netr_LogonGetTrustRid(struct ndr_pull *ndr, int flags, struct netr_LogonGetTrustRid *r) { uint32_t _ptr_server_name; + uint32_t size_server_name_1 = 0; + uint32_t length_server_name_1 = 0; uint32_t _ptr_domain_name; + uint32_t size_domain_name_1 = 0; + uint32_t length_domain_name_1 = 0; TALLOC_CTX *_mem_save_server_name_0; TALLOC_CTX *_mem_save_domain_name_0; TALLOC_CTX *_mem_save_rid_0; @@ -11817,11 +12173,13 @@ static enum ndr_err_code ndr_pull_netr_LogonGetTrustRid(struct ndr_pull *ndr, in NDR_PULL_SET_MEM_CTX(ndr, r->in.server_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.server_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.server_name)); - if (ndr_get_array_length(ndr, &r->in.server_name) > ndr_get_array_size(ndr, &r->in.server_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.server_name), ndr_get_array_length(ndr, &r->in.server_name)); + size_server_name_1 = ndr_get_array_size(ndr, &r->in.server_name); + length_server_name_1 = ndr_get_array_length(ndr, &r->in.server_name); + if (length_server_name_1 > size_server_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_name_1, length_server_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.server_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_name, ndr_get_array_length(ndr, &r->in.server_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_name, length_server_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_name_0, 0); } NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_domain_name)); @@ -11835,11 +12193,13 @@ static enum ndr_err_code ndr_pull_netr_LogonGetTrustRid(struct ndr_pull *ndr, in NDR_PULL_SET_MEM_CTX(ndr, r->in.domain_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.domain_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.domain_name)); - if (ndr_get_array_length(ndr, &r->in.domain_name) > ndr_get_array_size(ndr, &r->in.domain_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.domain_name), ndr_get_array_length(ndr, &r->in.domain_name)); + size_domain_name_1 = ndr_get_array_size(ndr, &r->in.domain_name); + length_domain_name_1 = ndr_get_array_length(ndr, &r->in.domain_name); + if (length_domain_name_1 > size_domain_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_domain_name_1, length_domain_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.domain_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.domain_name, ndr_get_array_length(ndr, &r->in.domain_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_domain_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.domain_name, length_domain_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_domain_name_0, 0); } NDR_PULL_ALLOC(ndr, r->out.rid); @@ -12026,6 +12386,12 @@ static enum ndr_err_code ndr_push_netr_ServerAuthenticate3(struct ndr_push *ndr, static enum ndr_err_code ndr_pull_netr_ServerAuthenticate3(struct ndr_pull *ndr, int flags, struct netr_ServerAuthenticate3 *r) { uint32_t _ptr_server_name; + uint32_t size_server_name_1 = 0; + uint32_t length_server_name_1 = 0; + uint32_t size_account_name_0 = 0; + uint32_t length_account_name_0 = 0; + uint32_t size_computer_name_0 = 0; + uint32_t length_computer_name_0 = 0; TALLOC_CTX *_mem_save_server_name_0; TALLOC_CTX *_mem_save_credentials_0; TALLOC_CTX *_mem_save_negotiate_flags_0; @@ -12044,28 +12410,34 @@ static enum ndr_err_code ndr_pull_netr_ServerAuthenticate3(struct ndr_pull *ndr, NDR_PULL_SET_MEM_CTX(ndr, r->in.server_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.server_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.server_name)); - if (ndr_get_array_length(ndr, &r->in.server_name) > ndr_get_array_size(ndr, &r->in.server_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.server_name), ndr_get_array_length(ndr, &r->in.server_name)); + size_server_name_1 = ndr_get_array_size(ndr, &r->in.server_name); + length_server_name_1 = ndr_get_array_length(ndr, &r->in.server_name); + if (length_server_name_1 > size_server_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_name_1, length_server_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.server_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_name, ndr_get_array_length(ndr, &r->in.server_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_name, length_server_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_name_0, 0); } NDR_CHECK(ndr_pull_array_size(ndr, &r->in.account_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.account_name)); - if (ndr_get_array_length(ndr, &r->in.account_name) > ndr_get_array_size(ndr, &r->in.account_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.account_name), ndr_get_array_length(ndr, &r->in.account_name)); + size_account_name_0 = ndr_get_array_size(ndr, &r->in.account_name); + length_account_name_0 = ndr_get_array_length(ndr, &r->in.account_name); + if (length_account_name_0 > size_account_name_0) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_account_name_0, length_account_name_0); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.account_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.account_name, ndr_get_array_length(ndr, &r->in.account_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_account_name_0, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.account_name, length_account_name_0, sizeof(uint16_t), CH_UTF16)); NDR_CHECK(ndr_pull_netr_SchannelType(ndr, NDR_SCALARS, &r->in.secure_channel_type)); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.computer_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.computer_name)); - if (ndr_get_array_length(ndr, &r->in.computer_name) > ndr_get_array_size(ndr, &r->in.computer_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.computer_name), ndr_get_array_length(ndr, &r->in.computer_name)); + size_computer_name_0 = ndr_get_array_size(ndr, &r->in.computer_name); + length_computer_name_0 = ndr_get_array_length(ndr, &r->in.computer_name); + if (length_computer_name_0 > size_computer_name_0) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_computer_name_0, length_computer_name_0); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.computer_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.computer_name, ndr_get_array_length(ndr, &r->in.computer_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_computer_name_0, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.computer_name, length_computer_name_0, sizeof(uint16_t), CH_UTF16)); if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) { NDR_PULL_ALLOC(ndr, r->in.credentials); } @@ -12210,9 +12582,15 @@ static enum ndr_err_code ndr_push_netr_DsRGetDCNameEx(struct ndr_push *ndr, int static enum ndr_err_code ndr_pull_netr_DsRGetDCNameEx(struct ndr_pull *ndr, int flags, struct netr_DsRGetDCNameEx *r) { uint32_t _ptr_server_unc; + uint32_t size_server_unc_1 = 0; + uint32_t length_server_unc_1 = 0; uint32_t _ptr_domain_name; + uint32_t size_domain_name_1 = 0; + uint32_t length_domain_name_1 = 0; uint32_t _ptr_domain_guid; uint32_t _ptr_site_name; + uint32_t size_site_name_1 = 0; + uint32_t length_site_name_1 = 0; uint32_t _ptr_info; TALLOC_CTX *_mem_save_server_unc_0; TALLOC_CTX *_mem_save_domain_name_0; @@ -12234,11 +12612,13 @@ static enum ndr_err_code ndr_pull_netr_DsRGetDCNameEx(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->in.server_unc, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.server_unc)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.server_unc)); - if (ndr_get_array_length(ndr, &r->in.server_unc) > ndr_get_array_size(ndr, &r->in.server_unc)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.server_unc), ndr_get_array_length(ndr, &r->in.server_unc)); + size_server_unc_1 = ndr_get_array_size(ndr, &r->in.server_unc); + length_server_unc_1 = ndr_get_array_length(ndr, &r->in.server_unc); + if (length_server_unc_1 > size_server_unc_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_unc_1, length_server_unc_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.server_unc), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_unc, ndr_get_array_length(ndr, &r->in.server_unc), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_unc_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_unc, length_server_unc_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_unc_0, 0); } NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_domain_name)); @@ -12252,11 +12632,13 @@ static enum ndr_err_code ndr_pull_netr_DsRGetDCNameEx(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->in.domain_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.domain_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.domain_name)); - if (ndr_get_array_length(ndr, &r->in.domain_name) > ndr_get_array_size(ndr, &r->in.domain_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.domain_name), ndr_get_array_length(ndr, &r->in.domain_name)); + size_domain_name_1 = ndr_get_array_size(ndr, &r->in.domain_name); + length_domain_name_1 = ndr_get_array_length(ndr, &r->in.domain_name); + if (length_domain_name_1 > size_domain_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_domain_name_1, length_domain_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.domain_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.domain_name, ndr_get_array_length(ndr, &r->in.domain_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_domain_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.domain_name, length_domain_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_domain_name_0, 0); } NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_domain_guid)); @@ -12282,11 +12664,13 @@ static enum ndr_err_code ndr_pull_netr_DsRGetDCNameEx(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->in.site_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.site_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.site_name)); - if (ndr_get_array_length(ndr, &r->in.site_name) > ndr_get_array_size(ndr, &r->in.site_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.site_name), ndr_get_array_length(ndr, &r->in.site_name)); + size_site_name_1 = ndr_get_array_size(ndr, &r->in.site_name); + length_site_name_1 = ndr_get_array_length(ndr, &r->in.site_name); + if (length_site_name_1 > size_site_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_site_name_1, length_site_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.site_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.site_name, ndr_get_array_length(ndr, &r->in.site_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_site_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.site_name, length_site_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_site_name_0, 0); } NDR_CHECK(ndr_pull_netr_DsRGetDCName_flags(ndr, NDR_SCALARS, &r->in.flags)); @@ -12402,7 +12786,11 @@ static enum ndr_err_code ndr_push_netr_DsRGetSiteName(struct ndr_push *ndr, int static enum ndr_err_code ndr_pull_netr_DsRGetSiteName(struct ndr_pull *ndr, int flags, struct netr_DsRGetSiteName *r) { uint32_t _ptr_computer_name; + uint32_t size_computer_name_1 = 0; + uint32_t length_computer_name_1 = 0; uint32_t _ptr_site; + uint32_t size_site_2 = 0; + uint32_t length_site_2 = 0; TALLOC_CTX *_mem_save_computer_name_0; TALLOC_CTX *_mem_save_site_0; TALLOC_CTX *_mem_save_site_1; @@ -12420,11 +12808,13 @@ static enum ndr_err_code ndr_pull_netr_DsRGetSiteName(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->in.computer_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.computer_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.computer_name)); - if (ndr_get_array_length(ndr, &r->in.computer_name) > ndr_get_array_size(ndr, &r->in.computer_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.computer_name), ndr_get_array_length(ndr, &r->in.computer_name)); + size_computer_name_1 = ndr_get_array_size(ndr, &r->in.computer_name); + length_computer_name_1 = ndr_get_array_length(ndr, &r->in.computer_name); + if (length_computer_name_1 > size_computer_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_computer_name_1, length_computer_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.computer_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.computer_name, ndr_get_array_length(ndr, &r->in.computer_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_computer_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.computer_name, length_computer_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_computer_name_0, 0); } NDR_PULL_ALLOC(ndr, r->out.site); @@ -12447,11 +12837,13 @@ static enum ndr_err_code ndr_pull_netr_DsRGetSiteName(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, *r->out.site, 0); NDR_CHECK(ndr_pull_array_size(ndr, r->out.site)); NDR_CHECK(ndr_pull_array_length(ndr, r->out.site)); - if (ndr_get_array_length(ndr, r->out.site) > ndr_get_array_size(ndr, r->out.site)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, r->out.site), ndr_get_array_length(ndr, r->out.site)); + size_site_2 = ndr_get_array_size(ndr, r->out.site); + length_site_2 = ndr_get_array_length(ndr, r->out.site); + if (length_site_2 > size_site_2) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_site_2, length_site_2); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, r->out.site), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, r->out.site, ndr_get_array_length(ndr, r->out.site), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_site_2, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, r->out.site, length_site_2, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_site_1, 0); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_site_0, LIBNDR_FLAG_REF_ALLOC); @@ -12539,7 +12931,11 @@ static enum ndr_err_code ndr_push_netr_LogonGetDomainInfo(struct ndr_push *ndr, static enum ndr_err_code ndr_pull_netr_LogonGetDomainInfo(struct ndr_pull *ndr, int flags, struct netr_LogonGetDomainInfo *r) { + uint32_t size_server_name_0 = 0; + uint32_t length_server_name_0 = 0; uint32_t _ptr_computer_name; + uint32_t size_computer_name_1 = 0; + uint32_t length_computer_name_1 = 0; TALLOC_CTX *_mem_save_computer_name_0; TALLOC_CTX *_mem_save_credential_0; TALLOC_CTX *_mem_save_return_authenticator_0; @@ -12549,11 +12945,13 @@ static enum ndr_err_code ndr_pull_netr_LogonGetDomainInfo(struct ndr_pull *ndr, NDR_CHECK(ndr_pull_array_size(ndr, &r->in.server_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.server_name)); - if (ndr_get_array_length(ndr, &r->in.server_name) > ndr_get_array_size(ndr, &r->in.server_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.server_name), ndr_get_array_length(ndr, &r->in.server_name)); + size_server_name_0 = ndr_get_array_size(ndr, &r->in.server_name); + length_server_name_0 = ndr_get_array_length(ndr, &r->in.server_name); + if (length_server_name_0 > size_server_name_0) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_name_0, length_server_name_0); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.server_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_name, ndr_get_array_length(ndr, &r->in.server_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_name_0, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_name, length_server_name_0, sizeof(uint16_t), CH_UTF16)); NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_computer_name)); if (_ptr_computer_name) { NDR_PULL_ALLOC(ndr, r->in.computer_name); @@ -12565,11 +12963,13 @@ static enum ndr_err_code ndr_pull_netr_LogonGetDomainInfo(struct ndr_pull *ndr, NDR_PULL_SET_MEM_CTX(ndr, r->in.computer_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.computer_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.computer_name)); - if (ndr_get_array_length(ndr, &r->in.computer_name) > ndr_get_array_size(ndr, &r->in.computer_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.computer_name), ndr_get_array_length(ndr, &r->in.computer_name)); + size_computer_name_1 = ndr_get_array_size(ndr, &r->in.computer_name); + length_computer_name_1 = ndr_get_array_length(ndr, &r->in.computer_name); + if (length_computer_name_1 > size_computer_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_computer_name_1, length_computer_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.computer_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.computer_name, ndr_get_array_length(ndr, &r->in.computer_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_computer_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.computer_name, length_computer_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_computer_name_0, 0); } if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) { @@ -12704,6 +13104,12 @@ static enum ndr_err_code ndr_push_netr_ServerPasswordSet2(struct ndr_push *ndr, static enum ndr_err_code ndr_pull_netr_ServerPasswordSet2(struct ndr_pull *ndr, int flags, struct netr_ServerPasswordSet2 *r) { uint32_t _ptr_server_name; + uint32_t size_server_name_1 = 0; + uint32_t length_server_name_1 = 0; + uint32_t size_account_name_0 = 0; + uint32_t length_account_name_0 = 0; + uint32_t size_computer_name_0 = 0; + uint32_t length_computer_name_0 = 0; TALLOC_CTX *_mem_save_server_name_0; TALLOC_CTX *_mem_save_credential_0; TALLOC_CTX *_mem_save_return_authenticator_0; @@ -12722,28 +13128,34 @@ static enum ndr_err_code ndr_pull_netr_ServerPasswordSet2(struct ndr_pull *ndr, NDR_PULL_SET_MEM_CTX(ndr, r->in.server_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.server_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.server_name)); - if (ndr_get_array_length(ndr, &r->in.server_name) > ndr_get_array_size(ndr, &r->in.server_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.server_name), ndr_get_array_length(ndr, &r->in.server_name)); + size_server_name_1 = ndr_get_array_size(ndr, &r->in.server_name); + length_server_name_1 = ndr_get_array_length(ndr, &r->in.server_name); + if (length_server_name_1 > size_server_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_name_1, length_server_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.server_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_name, ndr_get_array_length(ndr, &r->in.server_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_name, length_server_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_name_0, 0); } NDR_CHECK(ndr_pull_array_size(ndr, &r->in.account_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.account_name)); - if (ndr_get_array_length(ndr, &r->in.account_name) > ndr_get_array_size(ndr, &r->in.account_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.account_name), ndr_get_array_length(ndr, &r->in.account_name)); + size_account_name_0 = ndr_get_array_size(ndr, &r->in.account_name); + length_account_name_0 = ndr_get_array_length(ndr, &r->in.account_name); + if (length_account_name_0 > size_account_name_0) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_account_name_0, length_account_name_0); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.account_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.account_name, ndr_get_array_length(ndr, &r->in.account_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_account_name_0, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.account_name, length_account_name_0, sizeof(uint16_t), CH_UTF16)); NDR_CHECK(ndr_pull_netr_SchannelType(ndr, NDR_SCALARS, &r->in.secure_channel_type)); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.computer_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.computer_name)); - if (ndr_get_array_length(ndr, &r->in.computer_name) > ndr_get_array_size(ndr, &r->in.computer_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.computer_name), ndr_get_array_length(ndr, &r->in.computer_name)); + size_computer_name_0 = ndr_get_array_size(ndr, &r->in.computer_name); + length_computer_name_0 = ndr_get_array_length(ndr, &r->in.computer_name); + if (length_computer_name_0 > size_computer_name_0) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_computer_name_0, length_computer_name_0); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.computer_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.computer_name, ndr_get_array_length(ndr, &r->in.computer_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_computer_name_0, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.computer_name, length_computer_name_0, sizeof(uint16_t), CH_UTF16)); if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) { NDR_PULL_ALLOC(ndr, r->in.credential); } @@ -12857,6 +13269,12 @@ static enum ndr_err_code ndr_push_netr_ServerPasswordGet(struct ndr_push *ndr, i static enum ndr_err_code ndr_pull_netr_ServerPasswordGet(struct ndr_pull *ndr, int flags, struct netr_ServerPasswordGet *r) { uint32_t _ptr_server_name; + uint32_t size_server_name_1 = 0; + uint32_t length_server_name_1 = 0; + uint32_t size_account_name_0 = 0; + uint32_t length_account_name_0 = 0; + uint32_t size_computer_name_0 = 0; + uint32_t length_computer_name_0 = 0; TALLOC_CTX *_mem_save_server_name_0; TALLOC_CTX *_mem_save_credential_0; TALLOC_CTX *_mem_save_return_authenticator_0; @@ -12875,28 +13293,34 @@ static enum ndr_err_code ndr_pull_netr_ServerPasswordGet(struct ndr_pull *ndr, i NDR_PULL_SET_MEM_CTX(ndr, r->in.server_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.server_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.server_name)); - if (ndr_get_array_length(ndr, &r->in.server_name) > ndr_get_array_size(ndr, &r->in.server_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.server_name), ndr_get_array_length(ndr, &r->in.server_name)); + size_server_name_1 = ndr_get_array_size(ndr, &r->in.server_name); + length_server_name_1 = ndr_get_array_length(ndr, &r->in.server_name); + if (length_server_name_1 > size_server_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_name_1, length_server_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.server_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_name, ndr_get_array_length(ndr, &r->in.server_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_name, length_server_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_name_0, 0); } NDR_CHECK(ndr_pull_array_size(ndr, &r->in.account_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.account_name)); - if (ndr_get_array_length(ndr, &r->in.account_name) > ndr_get_array_size(ndr, &r->in.account_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.account_name), ndr_get_array_length(ndr, &r->in.account_name)); + size_account_name_0 = ndr_get_array_size(ndr, &r->in.account_name); + length_account_name_0 = ndr_get_array_length(ndr, &r->in.account_name); + if (length_account_name_0 > size_account_name_0) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_account_name_0, length_account_name_0); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.account_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.account_name, ndr_get_array_length(ndr, &r->in.account_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_account_name_0, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.account_name, length_account_name_0, sizeof(uint16_t), CH_UTF16)); NDR_CHECK(ndr_pull_netr_SchannelType(ndr, NDR_SCALARS, &r->in.secure_channel_type)); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.computer_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.computer_name)); - if (ndr_get_array_length(ndr, &r->in.computer_name) > ndr_get_array_size(ndr, &r->in.computer_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.computer_name), ndr_get_array_length(ndr, &r->in.computer_name)); + size_computer_name_0 = ndr_get_array_size(ndr, &r->in.computer_name); + length_computer_name_0 = ndr_get_array_length(ndr, &r->in.computer_name); + if (length_computer_name_0 > size_computer_name_0) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_computer_name_0, length_computer_name_0); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.computer_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.computer_name, ndr_get_array_length(ndr, &r->in.computer_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_computer_name_0, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.computer_name, length_computer_name_0, sizeof(uint16_t), CH_UTF16)); if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) { NDR_PULL_ALLOC(ndr, r->in.credential); } @@ -13051,6 +13475,9 @@ static enum ndr_err_code ndr_push_netr_DsRAddressToSitenamesW(struct ndr_push *n static enum ndr_err_code ndr_pull_netr_DsRAddressToSitenamesW(struct ndr_pull *ndr, int flags, struct netr_DsRAddressToSitenamesW *r) { uint32_t _ptr_server_name; + uint32_t size_server_name_1 = 0; + uint32_t length_server_name_1 = 0; + uint32_t size_addresses_1 = 0; uint32_t cntr_addresses_1; uint32_t _ptr_ctr; TALLOC_CTX *_mem_save_server_name_0; @@ -13071,11 +13498,13 @@ static enum ndr_err_code ndr_pull_netr_DsRAddressToSitenamesW(struct ndr_pull *n NDR_PULL_SET_MEM_CTX(ndr, r->in.server_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.server_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.server_name)); - if (ndr_get_array_length(ndr, &r->in.server_name) > ndr_get_array_size(ndr, &r->in.server_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.server_name), ndr_get_array_length(ndr, &r->in.server_name)); + size_server_name_1 = ndr_get_array_size(ndr, &r->in.server_name); + length_server_name_1 = ndr_get_array_length(ndr, &r->in.server_name); + if (length_server_name_1 > size_server_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_name_1, length_server_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.server_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_name, ndr_get_array_length(ndr, &r->in.server_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_name, length_server_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_name_0, 0); } NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.count)); @@ -13083,15 +13512,16 @@ static enum ndr_err_code ndr_pull_netr_DsRAddressToSitenamesW(struct ndr_pull *n return ndr_pull_error(ndr, NDR_ERR_RANGE, "value out of range"); } NDR_CHECK(ndr_pull_array_size(ndr, &r->in.addresses)); + size_addresses_1 = ndr_get_array_size(ndr, &r->in.addresses); if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) { - NDR_PULL_ALLOC_N(ndr, r->in.addresses, ndr_get_array_size(ndr, &r->in.addresses)); + NDR_PULL_ALLOC_N(ndr, r->in.addresses, size_addresses_1); } _mem_save_addresses_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->in.addresses, 0); - for (cntr_addresses_1 = 0; cntr_addresses_1 < r->in.count; cntr_addresses_1++) { + for (cntr_addresses_1 = 0; cntr_addresses_1 < size_addresses_1; cntr_addresses_1++) { NDR_CHECK(ndr_pull_netr_DsRAddress(ndr, NDR_SCALARS, &r->in.addresses[cntr_addresses_1])); } - for (cntr_addresses_1 = 0; cntr_addresses_1 < r->in.count; cntr_addresses_1++) { + for (cntr_addresses_1 = 0; cntr_addresses_1 < size_addresses_1; cntr_addresses_1++) { NDR_CHECK(ndr_pull_netr_DsRAddress(ndr, NDR_BUFFERS, &r->in.addresses[cntr_addresses_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_addresses_1, 0); @@ -13230,10 +13660,18 @@ static enum ndr_err_code ndr_push_netr_DsRGetDCNameEx2(struct ndr_push *ndr, int static enum ndr_err_code ndr_pull_netr_DsRGetDCNameEx2(struct ndr_pull *ndr, int flags, struct netr_DsRGetDCNameEx2 *r) { uint32_t _ptr_server_unc; + uint32_t size_server_unc_1 = 0; + uint32_t length_server_unc_1 = 0; uint32_t _ptr_client_account; + uint32_t size_client_account_1 = 0; + uint32_t length_client_account_1 = 0; uint32_t _ptr_domain_name; + uint32_t size_domain_name_1 = 0; + uint32_t length_domain_name_1 = 0; uint32_t _ptr_domain_guid; uint32_t _ptr_site_name; + uint32_t size_site_name_1 = 0; + uint32_t length_site_name_1 = 0; uint32_t _ptr_info; TALLOC_CTX *_mem_save_server_unc_0; TALLOC_CTX *_mem_save_client_account_0; @@ -13256,11 +13694,13 @@ static enum ndr_err_code ndr_pull_netr_DsRGetDCNameEx2(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->in.server_unc, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.server_unc)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.server_unc)); - if (ndr_get_array_length(ndr, &r->in.server_unc) > ndr_get_array_size(ndr, &r->in.server_unc)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.server_unc), ndr_get_array_length(ndr, &r->in.server_unc)); + size_server_unc_1 = ndr_get_array_size(ndr, &r->in.server_unc); + length_server_unc_1 = ndr_get_array_length(ndr, &r->in.server_unc); + if (length_server_unc_1 > size_server_unc_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_unc_1, length_server_unc_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.server_unc), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_unc, ndr_get_array_length(ndr, &r->in.server_unc), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_unc_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_unc, length_server_unc_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_unc_0, 0); } NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_client_account)); @@ -13274,11 +13714,13 @@ static enum ndr_err_code ndr_pull_netr_DsRGetDCNameEx2(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->in.client_account, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.client_account)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.client_account)); - if (ndr_get_array_length(ndr, &r->in.client_account) > ndr_get_array_size(ndr, &r->in.client_account)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.client_account), ndr_get_array_length(ndr, &r->in.client_account)); + size_client_account_1 = ndr_get_array_size(ndr, &r->in.client_account); + length_client_account_1 = ndr_get_array_length(ndr, &r->in.client_account); + if (length_client_account_1 > size_client_account_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_client_account_1, length_client_account_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.client_account), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.client_account, ndr_get_array_length(ndr, &r->in.client_account), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_client_account_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.client_account, length_client_account_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_client_account_0, 0); } NDR_CHECK(ndr_pull_samr_AcctFlags(ndr, NDR_SCALARS, &r->in.mask)); @@ -13293,11 +13735,13 @@ static enum ndr_err_code ndr_pull_netr_DsRGetDCNameEx2(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->in.domain_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.domain_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.domain_name)); - if (ndr_get_array_length(ndr, &r->in.domain_name) > ndr_get_array_size(ndr, &r->in.domain_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.domain_name), ndr_get_array_length(ndr, &r->in.domain_name)); + size_domain_name_1 = ndr_get_array_size(ndr, &r->in.domain_name); + length_domain_name_1 = ndr_get_array_length(ndr, &r->in.domain_name); + if (length_domain_name_1 > size_domain_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_domain_name_1, length_domain_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.domain_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.domain_name, ndr_get_array_length(ndr, &r->in.domain_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_domain_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.domain_name, length_domain_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_domain_name_0, 0); } NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_domain_guid)); @@ -13323,11 +13767,13 @@ static enum ndr_err_code ndr_pull_netr_DsRGetDCNameEx2(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->in.site_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.site_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.site_name)); - if (ndr_get_array_length(ndr, &r->in.site_name) > ndr_get_array_size(ndr, &r->in.site_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.site_name), ndr_get_array_length(ndr, &r->in.site_name)); + size_site_name_1 = ndr_get_array_size(ndr, &r->in.site_name); + length_site_name_1 = ndr_get_array_length(ndr, &r->in.site_name); + if (length_site_name_1 > size_site_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_site_name_1, length_site_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.site_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.site_name, ndr_get_array_length(ndr, &r->in.site_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_site_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.site_name, length_site_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_site_name_0, 0); } NDR_CHECK(ndr_pull_netr_DsRGetDCName_flags(ndr, NDR_SCALARS, &r->in.flags)); @@ -13485,6 +13931,8 @@ static enum ndr_err_code ndr_push_netr_NetrEnumerateTrustedDomainsEx(struct ndr_ static enum ndr_err_code ndr_pull_netr_NetrEnumerateTrustedDomainsEx(struct ndr_pull *ndr, int flags, struct netr_NetrEnumerateTrustedDomainsEx *r) { uint32_t _ptr_server_name; + uint32_t size_server_name_1 = 0; + uint32_t length_server_name_1 = 0; TALLOC_CTX *_mem_save_server_name_0; TALLOC_CTX *_mem_save_dom_trust_list_0; if (flags & NDR_IN) { @@ -13501,11 +13949,13 @@ static enum ndr_err_code ndr_pull_netr_NetrEnumerateTrustedDomainsEx(struct ndr_ NDR_PULL_SET_MEM_CTX(ndr, r->in.server_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.server_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.server_name)); - if (ndr_get_array_length(ndr, &r->in.server_name) > ndr_get_array_size(ndr, &r->in.server_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.server_name), ndr_get_array_length(ndr, &r->in.server_name)); + size_server_name_1 = ndr_get_array_size(ndr, &r->in.server_name); + length_server_name_1 = ndr_get_array_length(ndr, &r->in.server_name); + if (length_server_name_1 > size_server_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_name_1, length_server_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.server_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_name, ndr_get_array_length(ndr, &r->in.server_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_name, length_server_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_name_0, 0); } NDR_PULL_ALLOC(ndr, r->out.dom_trust_list); @@ -13594,6 +14044,9 @@ static enum ndr_err_code ndr_push_netr_DsRAddressToSitenamesExW(struct ndr_push static enum ndr_err_code ndr_pull_netr_DsRAddressToSitenamesExW(struct ndr_pull *ndr, int flags, struct netr_DsRAddressToSitenamesExW *r) { uint32_t _ptr_server_name; + uint32_t size_server_name_1 = 0; + uint32_t length_server_name_1 = 0; + uint32_t size_addresses_1 = 0; uint32_t cntr_addresses_1; uint32_t _ptr_ctr; TALLOC_CTX *_mem_save_server_name_0; @@ -13614,11 +14067,13 @@ static enum ndr_err_code ndr_pull_netr_DsRAddressToSitenamesExW(struct ndr_pull NDR_PULL_SET_MEM_CTX(ndr, r->in.server_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.server_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.server_name)); - if (ndr_get_array_length(ndr, &r->in.server_name) > ndr_get_array_size(ndr, &r->in.server_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.server_name), ndr_get_array_length(ndr, &r->in.server_name)); + size_server_name_1 = ndr_get_array_size(ndr, &r->in.server_name); + length_server_name_1 = ndr_get_array_length(ndr, &r->in.server_name); + if (length_server_name_1 > size_server_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_name_1, length_server_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.server_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_name, ndr_get_array_length(ndr, &r->in.server_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_name, length_server_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_name_0, 0); } NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.count)); @@ -13626,15 +14081,16 @@ static enum ndr_err_code ndr_pull_netr_DsRAddressToSitenamesExW(struct ndr_pull return ndr_pull_error(ndr, NDR_ERR_RANGE, "value out of range"); } NDR_CHECK(ndr_pull_array_size(ndr, &r->in.addresses)); + size_addresses_1 = ndr_get_array_size(ndr, &r->in.addresses); if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) { - NDR_PULL_ALLOC_N(ndr, r->in.addresses, ndr_get_array_size(ndr, &r->in.addresses)); + NDR_PULL_ALLOC_N(ndr, r->in.addresses, size_addresses_1); } _mem_save_addresses_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->in.addresses, 0); - for (cntr_addresses_1 = 0; cntr_addresses_1 < r->in.count; cntr_addresses_1++) { + for (cntr_addresses_1 = 0; cntr_addresses_1 < size_addresses_1; cntr_addresses_1++) { NDR_CHECK(ndr_pull_netr_DsRAddress(ndr, NDR_SCALARS, &r->in.addresses[cntr_addresses_1])); } - for (cntr_addresses_1 = 0; cntr_addresses_1 < r->in.count; cntr_addresses_1++) { + for (cntr_addresses_1 = 0; cntr_addresses_1 < size_addresses_1; cntr_addresses_1++) { NDR_CHECK(ndr_pull_netr_DsRAddress(ndr, NDR_BUFFERS, &r->in.addresses[cntr_addresses_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_addresses_1, 0); @@ -13743,6 +14199,8 @@ static enum ndr_err_code ndr_push_netr_DsrGetDcSiteCoverageW(struct ndr_push *nd static enum ndr_err_code ndr_pull_netr_DsrGetDcSiteCoverageW(struct ndr_pull *ndr, int flags, struct netr_DsrGetDcSiteCoverageW *r) { uint32_t _ptr_server_name; + uint32_t size_server_name_1 = 0; + uint32_t length_server_name_1 = 0; TALLOC_CTX *_mem_save_server_name_0; TALLOC_CTX *_mem_save_ctr_0; if (flags & NDR_IN) { @@ -13759,11 +14217,13 @@ static enum ndr_err_code ndr_pull_netr_DsrGetDcSiteCoverageW(struct ndr_pull *nd NDR_PULL_SET_MEM_CTX(ndr, r->in.server_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.server_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.server_name)); - if (ndr_get_array_length(ndr, &r->in.server_name) > ndr_get_array_size(ndr, &r->in.server_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.server_name), ndr_get_array_length(ndr, &r->in.server_name)); + size_server_name_1 = ndr_get_array_size(ndr, &r->in.server_name); + length_server_name_1 = ndr_get_array_length(ndr, &r->in.server_name); + if (length_server_name_1 > size_server_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_name_1, length_server_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.server_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_name, ndr_get_array_length(ndr, &r->in.server_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_name, length_server_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_name_0, 0); } NDR_PULL_ALLOC(ndr, r->out.ctr); @@ -13864,7 +14324,11 @@ static enum ndr_err_code ndr_push_netr_LogonSamLogonEx(struct ndr_push *ndr, int static enum ndr_err_code ndr_pull_netr_LogonSamLogonEx(struct ndr_pull *ndr, int flags, struct netr_LogonSamLogonEx *r) { uint32_t _ptr_server_name; + uint32_t size_server_name_1 = 0; + uint32_t length_server_name_1 = 0; uint32_t _ptr_computer_name; + uint32_t size_computer_name_1 = 0; + uint32_t length_computer_name_1 = 0; TALLOC_CTX *_mem_save_server_name_0; TALLOC_CTX *_mem_save_computer_name_0; TALLOC_CTX *_mem_save_logon_0; @@ -13885,11 +14349,13 @@ static enum ndr_err_code ndr_pull_netr_LogonSamLogonEx(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->in.server_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.server_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.server_name)); - if (ndr_get_array_length(ndr, &r->in.server_name) > ndr_get_array_size(ndr, &r->in.server_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.server_name), ndr_get_array_length(ndr, &r->in.server_name)); + size_server_name_1 = ndr_get_array_size(ndr, &r->in.server_name); + length_server_name_1 = ndr_get_array_length(ndr, &r->in.server_name); + if (length_server_name_1 > size_server_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_name_1, length_server_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.server_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_name, ndr_get_array_length(ndr, &r->in.server_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_name, length_server_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_name_0, 0); } NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_computer_name)); @@ -13903,11 +14369,13 @@ static enum ndr_err_code ndr_pull_netr_LogonSamLogonEx(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->in.computer_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.computer_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.computer_name)); - if (ndr_get_array_length(ndr, &r->in.computer_name) > ndr_get_array_size(ndr, &r->in.computer_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.computer_name), ndr_get_array_length(ndr, &r->in.computer_name)); + size_computer_name_1 = ndr_get_array_size(ndr, &r->in.computer_name); + length_computer_name_1 = ndr_get_array_length(ndr, &r->in.computer_name); + if (length_computer_name_1 > size_computer_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_computer_name_1, length_computer_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.computer_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.computer_name, ndr_get_array_length(ndr, &r->in.computer_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_computer_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.computer_name, length_computer_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_computer_name_0, 0); } NDR_CHECK(ndr_pull_netr_LogonLevel(ndr, NDR_SCALARS, &r->in.logon_level)); @@ -14044,6 +14512,8 @@ static enum ndr_err_code ndr_push_netr_DsrEnumerateDomainTrusts(struct ndr_push static enum ndr_err_code ndr_pull_netr_DsrEnumerateDomainTrusts(struct ndr_pull *ndr, int flags, struct netr_DsrEnumerateDomainTrusts *r) { uint32_t _ptr_server_name; + uint32_t size_server_name_1 = 0; + uint32_t length_server_name_1 = 0; TALLOC_CTX *_mem_save_server_name_0; TALLOC_CTX *_mem_save_trusts_0; if (flags & NDR_IN) { @@ -14060,11 +14530,13 @@ static enum ndr_err_code ndr_pull_netr_DsrEnumerateDomainTrusts(struct ndr_pull NDR_PULL_SET_MEM_CTX(ndr, r->in.server_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.server_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.server_name)); - if (ndr_get_array_length(ndr, &r->in.server_name) > ndr_get_array_size(ndr, &r->in.server_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.server_name), ndr_get_array_length(ndr, &r->in.server_name)); + size_server_name_1 = ndr_get_array_size(ndr, &r->in.server_name); + length_server_name_1 = ndr_get_array_length(ndr, &r->in.server_name); + if (length_server_name_1 > size_server_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_name_1, length_server_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.server_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_name, ndr_get_array_length(ndr, &r->in.server_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_name, length_server_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_name_0, 0); } NDR_CHECK(ndr_pull_netr_TrustFlags(ndr, NDR_SCALARS, &r->in.trust_flags)); @@ -14158,9 +14630,15 @@ static enum ndr_err_code ndr_push_netr_DsrDeregisterDNSHostRecords(struct ndr_pu static enum ndr_err_code ndr_pull_netr_DsrDeregisterDNSHostRecords(struct ndr_pull *ndr, int flags, struct netr_DsrDeregisterDNSHostRecords *r) { uint32_t _ptr_server_name; + uint32_t size_server_name_1 = 0; + uint32_t length_server_name_1 = 0; uint32_t _ptr_domain; + uint32_t size_domain_1 = 0; + uint32_t length_domain_1 = 0; uint32_t _ptr_domain_guid; uint32_t _ptr_dsa_guid; + uint32_t size_dns_host_1 = 0; + uint32_t length_dns_host_1 = 0; TALLOC_CTX *_mem_save_server_name_0; TALLOC_CTX *_mem_save_domain_0; TALLOC_CTX *_mem_save_domain_guid_0; @@ -14177,11 +14655,13 @@ static enum ndr_err_code ndr_pull_netr_DsrDeregisterDNSHostRecords(struct ndr_pu NDR_PULL_SET_MEM_CTX(ndr, r->in.server_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.server_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.server_name)); - if (ndr_get_array_length(ndr, &r->in.server_name) > ndr_get_array_size(ndr, &r->in.server_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.server_name), ndr_get_array_length(ndr, &r->in.server_name)); + size_server_name_1 = ndr_get_array_size(ndr, &r->in.server_name); + length_server_name_1 = ndr_get_array_length(ndr, &r->in.server_name); + if (length_server_name_1 > size_server_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_name_1, length_server_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.server_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_name, ndr_get_array_length(ndr, &r->in.server_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_name, length_server_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_name_0, 0); } NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_domain)); @@ -14195,11 +14675,13 @@ static enum ndr_err_code ndr_pull_netr_DsrDeregisterDNSHostRecords(struct ndr_pu NDR_PULL_SET_MEM_CTX(ndr, r->in.domain, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.domain)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.domain)); - if (ndr_get_array_length(ndr, &r->in.domain) > ndr_get_array_size(ndr, &r->in.domain)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.domain), ndr_get_array_length(ndr, &r->in.domain)); + size_domain_1 = ndr_get_array_size(ndr, &r->in.domain); + length_domain_1 = ndr_get_array_length(ndr, &r->in.domain); + if (length_domain_1 > size_domain_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_domain_1, length_domain_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.domain), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.domain, ndr_get_array_length(ndr, &r->in.domain), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_domain_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.domain, length_domain_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_domain_0, 0); } NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_domain_guid)); @@ -14228,11 +14710,13 @@ static enum ndr_err_code ndr_pull_netr_DsrDeregisterDNSHostRecords(struct ndr_pu } NDR_CHECK(ndr_pull_array_size(ndr, &r->in.dns_host)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.dns_host)); - if (ndr_get_array_length(ndr, &r->in.dns_host) > ndr_get_array_size(ndr, &r->in.dns_host)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.dns_host), ndr_get_array_length(ndr, &r->in.dns_host)); + size_dns_host_1 = ndr_get_array_size(ndr, &r->in.dns_host); + length_dns_host_1 = ndr_get_array_length(ndr, &r->in.dns_host); + if (length_dns_host_1 > size_dns_host_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_dns_host_1, length_dns_host_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.dns_host), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.dns_host, ndr_get_array_length(ndr, &r->in.dns_host), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_dns_host_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.dns_host, length_dns_host_1, sizeof(uint16_t), CH_UTF16)); } if (flags & NDR_OUT) { NDR_CHECK(ndr_pull_WERROR(ndr, NDR_SCALARS, &r->out.result)); @@ -14334,6 +14818,12 @@ static enum ndr_err_code ndr_push_netr_ServerTrustPasswordsGet(struct ndr_push * static enum ndr_err_code ndr_pull_netr_ServerTrustPasswordsGet(struct ndr_pull *ndr, int flags, struct netr_ServerTrustPasswordsGet *r) { uint32_t _ptr_server_name; + uint32_t size_server_name_1 = 0; + uint32_t length_server_name_1 = 0; + uint32_t size_account_name_0 = 0; + uint32_t length_account_name_0 = 0; + uint32_t size_computer_name_0 = 0; + uint32_t length_computer_name_0 = 0; TALLOC_CTX *_mem_save_server_name_0; TALLOC_CTX *_mem_save_credential_0; TALLOC_CTX *_mem_save_return_authenticator_0; @@ -14353,28 +14843,34 @@ static enum ndr_err_code ndr_pull_netr_ServerTrustPasswordsGet(struct ndr_pull * NDR_PULL_SET_MEM_CTX(ndr, r->in.server_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.server_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.server_name)); - if (ndr_get_array_length(ndr, &r->in.server_name) > ndr_get_array_size(ndr, &r->in.server_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.server_name), ndr_get_array_length(ndr, &r->in.server_name)); + size_server_name_1 = ndr_get_array_size(ndr, &r->in.server_name); + length_server_name_1 = ndr_get_array_length(ndr, &r->in.server_name); + if (length_server_name_1 > size_server_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_name_1, length_server_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.server_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_name, ndr_get_array_length(ndr, &r->in.server_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_name, length_server_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_name_0, 0); } NDR_CHECK(ndr_pull_array_size(ndr, &r->in.account_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.account_name)); - if (ndr_get_array_length(ndr, &r->in.account_name) > ndr_get_array_size(ndr, &r->in.account_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.account_name), ndr_get_array_length(ndr, &r->in.account_name)); + size_account_name_0 = ndr_get_array_size(ndr, &r->in.account_name); + length_account_name_0 = ndr_get_array_length(ndr, &r->in.account_name); + if (length_account_name_0 > size_account_name_0) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_account_name_0, length_account_name_0); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.account_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.account_name, ndr_get_array_length(ndr, &r->in.account_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_account_name_0, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.account_name, length_account_name_0, sizeof(uint16_t), CH_UTF16)); NDR_CHECK(ndr_pull_netr_SchannelType(ndr, NDR_SCALARS, &r->in.secure_channel_type)); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.computer_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.computer_name)); - if (ndr_get_array_length(ndr, &r->in.computer_name) > ndr_get_array_size(ndr, &r->in.computer_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.computer_name), ndr_get_array_length(ndr, &r->in.computer_name)); + size_computer_name_0 = ndr_get_array_size(ndr, &r->in.computer_name); + length_computer_name_0 = ndr_get_array_length(ndr, &r->in.computer_name); + if (length_computer_name_0 > size_computer_name_0) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_computer_name_0, length_computer_name_0); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.computer_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.computer_name, ndr_get_array_length(ndr, &r->in.computer_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_computer_name_0, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.computer_name, length_computer_name_0, sizeof(uint16_t), CH_UTF16)); if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) { NDR_PULL_ALLOC(ndr, r->in.credential); } @@ -14497,7 +14993,11 @@ static enum ndr_err_code ndr_push_netr_DsRGetForestTrustInformation(struct ndr_p static enum ndr_err_code ndr_pull_netr_DsRGetForestTrustInformation(struct ndr_pull *ndr, int flags, struct netr_DsRGetForestTrustInformation *r) { uint32_t _ptr_server_name; + uint32_t size_server_name_1 = 0; + uint32_t length_server_name_1 = 0; uint32_t _ptr_trusted_domain_name; + uint32_t size_trusted_domain_name_1 = 0; + uint32_t length_trusted_domain_name_1 = 0; uint32_t _ptr_forest_trust_info; TALLOC_CTX *_mem_save_server_name_0; TALLOC_CTX *_mem_save_trusted_domain_name_0; @@ -14517,11 +15017,13 @@ static enum ndr_err_code ndr_pull_netr_DsRGetForestTrustInformation(struct ndr_p NDR_PULL_SET_MEM_CTX(ndr, r->in.server_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.server_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.server_name)); - if (ndr_get_array_length(ndr, &r->in.server_name) > ndr_get_array_size(ndr, &r->in.server_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.server_name), ndr_get_array_length(ndr, &r->in.server_name)); + size_server_name_1 = ndr_get_array_size(ndr, &r->in.server_name); + length_server_name_1 = ndr_get_array_length(ndr, &r->in.server_name); + if (length_server_name_1 > size_server_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_name_1, length_server_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.server_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_name, ndr_get_array_length(ndr, &r->in.server_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_name, length_server_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_name_0, 0); } NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_trusted_domain_name)); @@ -14535,11 +15037,13 @@ static enum ndr_err_code ndr_pull_netr_DsRGetForestTrustInformation(struct ndr_p NDR_PULL_SET_MEM_CTX(ndr, r->in.trusted_domain_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.trusted_domain_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.trusted_domain_name)); - if (ndr_get_array_length(ndr, &r->in.trusted_domain_name) > ndr_get_array_size(ndr, &r->in.trusted_domain_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.trusted_domain_name), ndr_get_array_length(ndr, &r->in.trusted_domain_name)); + size_trusted_domain_name_1 = ndr_get_array_size(ndr, &r->in.trusted_domain_name); + length_trusted_domain_name_1 = ndr_get_array_length(ndr, &r->in.trusted_domain_name); + if (length_trusted_domain_name_1 > size_trusted_domain_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_trusted_domain_name_1, length_trusted_domain_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.trusted_domain_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.trusted_domain_name, ndr_get_array_length(ndr, &r->in.trusted_domain_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_trusted_domain_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.trusted_domain_name, length_trusted_domain_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_trusted_domain_name_0, 0); } NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.flags)); @@ -14656,6 +15160,10 @@ static enum ndr_err_code ndr_push_netr_GetForestTrustInformation(struct ndr_push static enum ndr_err_code ndr_pull_netr_GetForestTrustInformation(struct ndr_pull *ndr, int flags, struct netr_GetForestTrustInformation *r) { uint32_t _ptr_server_name; + uint32_t size_server_name_1 = 0; + uint32_t length_server_name_1 = 0; + uint32_t size_trusted_domain_name_1 = 0; + uint32_t length_trusted_domain_name_1 = 0; uint32_t _ptr_forest_trust_info; TALLOC_CTX *_mem_save_server_name_0; TALLOC_CTX *_mem_save_credential_0; @@ -14676,20 +15184,24 @@ static enum ndr_err_code ndr_pull_netr_GetForestTrustInformation(struct ndr_pull NDR_PULL_SET_MEM_CTX(ndr, r->in.server_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.server_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.server_name)); - if (ndr_get_array_length(ndr, &r->in.server_name) > ndr_get_array_size(ndr, &r->in.server_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.server_name), ndr_get_array_length(ndr, &r->in.server_name)); + size_server_name_1 = ndr_get_array_size(ndr, &r->in.server_name); + length_server_name_1 = ndr_get_array_length(ndr, &r->in.server_name); + if (length_server_name_1 > size_server_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_name_1, length_server_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.server_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_name, ndr_get_array_length(ndr, &r->in.server_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_name, length_server_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_name_0, 0); } NDR_CHECK(ndr_pull_array_size(ndr, &r->in.trusted_domain_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.trusted_domain_name)); - if (ndr_get_array_length(ndr, &r->in.trusted_domain_name) > ndr_get_array_size(ndr, &r->in.trusted_domain_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.trusted_domain_name), ndr_get_array_length(ndr, &r->in.trusted_domain_name)); + size_trusted_domain_name_1 = ndr_get_array_size(ndr, &r->in.trusted_domain_name); + length_trusted_domain_name_1 = ndr_get_array_length(ndr, &r->in.trusted_domain_name); + if (length_trusted_domain_name_1 > size_trusted_domain_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_trusted_domain_name_1, length_trusted_domain_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.trusted_domain_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.trusted_domain_name, ndr_get_array_length(ndr, &r->in.trusted_domain_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_trusted_domain_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.trusted_domain_name, length_trusted_domain_name_1, sizeof(uint16_t), CH_UTF16)); if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) { NDR_PULL_ALLOC(ndr, r->in.credential); } @@ -14843,7 +15355,11 @@ static enum ndr_err_code ndr_push_netr_LogonSamLogonWithFlags(struct ndr_push *n static enum ndr_err_code ndr_pull_netr_LogonSamLogonWithFlags(struct ndr_pull *ndr, int flags, struct netr_LogonSamLogonWithFlags *r) { uint32_t _ptr_server_name; + uint32_t size_server_name_1 = 0; + uint32_t length_server_name_1 = 0; uint32_t _ptr_computer_name; + uint32_t size_computer_name_1 = 0; + uint32_t length_computer_name_1 = 0; uint32_t _ptr_credential; uint32_t _ptr_return_authenticator; TALLOC_CTX *_mem_save_server_name_0; @@ -14867,11 +15383,13 @@ static enum ndr_err_code ndr_pull_netr_LogonSamLogonWithFlags(struct ndr_pull *n NDR_PULL_SET_MEM_CTX(ndr, r->in.server_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.server_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.server_name)); - if (ndr_get_array_length(ndr, &r->in.server_name) > ndr_get_array_size(ndr, &r->in.server_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.server_name), ndr_get_array_length(ndr, &r->in.server_name)); + size_server_name_1 = ndr_get_array_size(ndr, &r->in.server_name); + length_server_name_1 = ndr_get_array_length(ndr, &r->in.server_name); + if (length_server_name_1 > size_server_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_name_1, length_server_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.server_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_name, ndr_get_array_length(ndr, &r->in.server_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_name, length_server_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_name_0, 0); } NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_computer_name)); @@ -14885,11 +15403,13 @@ static enum ndr_err_code ndr_pull_netr_LogonSamLogonWithFlags(struct ndr_pull *n NDR_PULL_SET_MEM_CTX(ndr, r->in.computer_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.computer_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.computer_name)); - if (ndr_get_array_length(ndr, &r->in.computer_name) > ndr_get_array_size(ndr, &r->in.computer_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.computer_name), ndr_get_array_length(ndr, &r->in.computer_name)); + size_computer_name_1 = ndr_get_array_size(ndr, &r->in.computer_name); + length_computer_name_1 = ndr_get_array_length(ndr, &r->in.computer_name); + if (length_computer_name_1 > size_computer_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_computer_name_1, length_computer_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.computer_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.computer_name, ndr_get_array_length(ndr, &r->in.computer_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_computer_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.computer_name, length_computer_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_computer_name_0, 0); } NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_credential)); diff --git a/source/librpc/gen_ndr/ndr_notify.c b/source/librpc/gen_ndr/ndr_notify.c index 00ba8bc..f390b9e 100644 --- a/source/librpc/gen_ndr/ndr_notify.c +++ b/source/librpc/gen_ndr/ndr_notify.c @@ -82,6 +82,7 @@ static enum ndr_err_code ndr_push_notify_depth(struct ndr_push *ndr, int ndr_fla static enum ndr_err_code ndr_pull_notify_depth(struct ndr_pull *ndr, int ndr_flags, struct notify_depth *r) { + uint32_t size_entries_0 = 0; uint32_t cntr_entries_0; TALLOC_CTX *_mem_save_entries_0; if (ndr_flags & NDR_SCALARS) { @@ -89,18 +90,20 @@ static enum ndr_err_code ndr_pull_notify_depth(struct ndr_pull *ndr, int ndr_fla NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->max_mask)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->max_mask_subdir)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->num_entries)); - NDR_PULL_ALLOC_N(ndr, r->entries, r->num_entries); + size_entries_0 = r->num_entries; + NDR_PULL_ALLOC_N(ndr, r->entries, size_entries_0); _mem_save_entries_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->entries, 0); - for (cntr_entries_0 = 0; cntr_entries_0 < r->num_entries; cntr_entries_0++) { + for (cntr_entries_0 = 0; cntr_entries_0 < size_entries_0; cntr_entries_0++) { NDR_CHECK(ndr_pull_notify_entry(ndr, NDR_SCALARS, &r->entries[cntr_entries_0])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_entries_0, 0); } if (ndr_flags & NDR_BUFFERS) { + size_entries_0 = r->num_entries; _mem_save_entries_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->entries, 0); - for (cntr_entries_0 = 0; cntr_entries_0 < r->num_entries; cntr_entries_0++) { + for (cntr_entries_0 = 0; cntr_entries_0 < size_entries_0; cntr_entries_0++) { NDR_CHECK(ndr_pull_notify_entry(ndr, NDR_BUFFERS, &r->entries[cntr_entries_0])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_entries_0, 0); @@ -149,23 +152,26 @@ _PUBLIC_ enum ndr_err_code ndr_push_notify_array(struct ndr_push *ndr, int ndr_f _PUBLIC_ enum ndr_err_code ndr_pull_notify_array(struct ndr_pull *ndr, int ndr_flags, struct notify_array *r) { + uint32_t size_depth_0 = 0; uint32_t cntr_depth_0; TALLOC_CTX *_mem_save_depth_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 8)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->num_depths)); - NDR_PULL_ALLOC_N(ndr, r->depth, r->num_depths); + size_depth_0 = r->num_depths; + NDR_PULL_ALLOC_N(ndr, r->depth, size_depth_0); _mem_save_depth_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->depth, 0); - for (cntr_depth_0 = 0; cntr_depth_0 < r->num_depths; cntr_depth_0++) { + for (cntr_depth_0 = 0; cntr_depth_0 < size_depth_0; cntr_depth_0++) { NDR_CHECK(ndr_pull_notify_depth(ndr, NDR_SCALARS, &r->depth[cntr_depth_0])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_depth_0, 0); } if (ndr_flags & NDR_BUFFERS) { + size_depth_0 = r->num_depths; _mem_save_depth_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->depth, 0); - for (cntr_depth_0 = 0; cntr_depth_0 < r->num_depths; cntr_depth_0++) { + for (cntr_depth_0 = 0; cntr_depth_0 < size_depth_0; cntr_depth_0++) { NDR_CHECK(ndr_pull_notify_depth(ndr, NDR_BUFFERS, &r->depth[cntr_depth_0])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_depth_0, 0); diff --git a/source/librpc/gen_ndr/ndr_ntsvcs.c b/source/librpc/gen_ndr/ndr_ntsvcs.c index 6502970..9cf8fe6 100644 --- a/source/librpc/gen_ndr/ndr_ntsvcs.c +++ b/source/librpc/gen_ndr/ndr_ntsvcs.c @@ -21,11 +21,13 @@ static enum ndr_err_code ndr_push_PNP_HwProfInfo(struct ndr_push *ndr, int ndr_f static enum ndr_err_code ndr_pull_PNP_HwProfInfo(struct ndr_pull *ndr, int ndr_flags, struct PNP_HwProfInfo *r) { + uint32_t size_friendly_name_0 = 0; uint32_t cntr_friendly_name_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->profile_handle)); - for (cntr_friendly_name_0 = 0; cntr_friendly_name_0 < 80; cntr_friendly_name_0++) { + size_friendly_name_0 = 80; + for (cntr_friendly_name_0 = 0; cntr_friendly_name_0 < size_friendly_name_0; cntr_friendly_name_0++) { NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, &r->friendly_name[cntr_friendly_name_0])); } NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->flags)); @@ -341,14 +343,18 @@ static enum ndr_err_code ndr_push_PNP_ValidateDeviceInstance(struct ndr_push *nd static enum ndr_err_code ndr_pull_PNP_ValidateDeviceInstance(struct ndr_pull *ndr, int flags, struct PNP_ValidateDeviceInstance *r) { + uint32_t size_devicepath_1 = 0; + uint32_t length_devicepath_1 = 0; if (flags & NDR_IN) { NDR_CHECK(ndr_pull_array_size(ndr, &r->in.devicepath)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.devicepath)); - if (ndr_get_array_length(ndr, &r->in.devicepath) > ndr_get_array_size(ndr, &r->in.devicepath)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.devicepath), ndr_get_array_length(ndr, &r->in.devicepath)); + size_devicepath_1 = ndr_get_array_size(ndr, &r->in.devicepath); + length_devicepath_1 = ndr_get_array_length(ndr, &r->in.devicepath); + if (length_devicepath_1 > size_devicepath_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_devicepath_1, length_devicepath_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.devicepath), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.devicepath, ndr_get_array_length(ndr, &r->in.devicepath), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_devicepath_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.devicepath, length_devicepath_1, sizeof(uint16_t), CH_UTF16)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.flags)); } if (flags & NDR_OUT) { @@ -572,6 +578,8 @@ static enum ndr_err_code ndr_push_PNP_GetDeviceListSize(struct ndr_push *ndr, in static enum ndr_err_code ndr_pull_PNP_GetDeviceListSize(struct ndr_pull *ndr, int flags, struct PNP_GetDeviceListSize *r) { uint32_t _ptr_devicename; + uint32_t size_devicename_1 = 0; + uint32_t length_devicename_1 = 0; TALLOC_CTX *_mem_save_devicename_0; TALLOC_CTX *_mem_save_size_0; if (flags & NDR_IN) { @@ -588,11 +596,13 @@ static enum ndr_err_code ndr_pull_PNP_GetDeviceListSize(struct ndr_pull *ndr, in NDR_PULL_SET_MEM_CTX(ndr, r->in.devicename, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.devicename)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.devicename)); - if (ndr_get_array_length(ndr, &r->in.devicename) > ndr_get_array_size(ndr, &r->in.devicename)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.devicename), ndr_get_array_length(ndr, &r->in.devicename)); + size_devicename_1 = ndr_get_array_size(ndr, &r->in.devicename); + length_devicename_1 = ndr_get_array_length(ndr, &r->in.devicename); + if (length_devicename_1 > size_devicename_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_devicename_1, length_devicename_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.devicename), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.devicename, ndr_get_array_length(ndr, &r->in.devicename), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_devicename_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.devicename, length_devicename_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_devicename_0, 0); } NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.flags)); @@ -737,6 +747,10 @@ static enum ndr_err_code ndr_push_PNP_GetDeviceRegProp(struct ndr_push *ndr, int static enum ndr_err_code ndr_pull_PNP_GetDeviceRegProp(struct ndr_pull *ndr, int flags, struct PNP_GetDeviceRegProp *r) { + uint32_t size_devicepath_1 = 0; + uint32_t length_devicepath_1 = 0; + uint32_t size_buffer_1 = 0; + uint32_t length_buffer_1 = 0; TALLOC_CTX *_mem_save_unknown1_0; TALLOC_CTX *_mem_save_buffer_size_0; TALLOC_CTX *_mem_save_needed_0; @@ -745,11 +759,13 @@ static enum ndr_err_code ndr_pull_PNP_GetDeviceRegProp(struct ndr_pull *ndr, int NDR_CHECK(ndr_pull_array_size(ndr, &r->in.devicepath)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.devicepath)); - if (ndr_get_array_length(ndr, &r->in.devicepath) > ndr_get_array_size(ndr, &r->in.devicepath)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.devicepath), ndr_get_array_length(ndr, &r->in.devicepath)); + size_devicepath_1 = ndr_get_array_size(ndr, &r->in.devicepath); + length_devicepath_1 = ndr_get_array_length(ndr, &r->in.devicepath); + if (length_devicepath_1 > size_devicepath_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_devicepath_1, length_devicepath_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.devicepath), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.devicepath, ndr_get_array_length(ndr, &r->in.devicepath), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_devicepath_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.devicepath, length_devicepath_1, sizeof(uint16_t), CH_UTF16)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.property)); if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) { NDR_PULL_ALLOC(ndr, r->in.unknown1); @@ -792,13 +808,15 @@ static enum ndr_err_code ndr_pull_PNP_GetDeviceRegProp(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, _mem_save_unknown1_0, LIBNDR_FLAG_REF_ALLOC); NDR_CHECK(ndr_pull_array_size(ndr, &r->out.buffer)); NDR_CHECK(ndr_pull_array_length(ndr, &r->out.buffer)); - if (ndr_get_array_length(ndr, &r->out.buffer) > ndr_get_array_size(ndr, &r->out.buffer)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->out.buffer), ndr_get_array_length(ndr, &r->out.buffer)); + size_buffer_1 = ndr_get_array_size(ndr, &r->out.buffer); + length_buffer_1 = ndr_get_array_length(ndr, &r->out.buffer); + if (length_buffer_1 > size_buffer_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_buffer_1, length_buffer_1); } if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) { - NDR_PULL_ALLOC_N(ndr, r->out.buffer, ndr_get_array_size(ndr, &r->out.buffer)); + NDR_PULL_ALLOC_N(ndr, r->out.buffer, size_buffer_1); } - NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->out.buffer, ndr_get_array_length(ndr, &r->out.buffer))); + NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->out.buffer, length_buffer_1)); if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) { NDR_PULL_ALLOC(ndr, r->out.buffer_size); } @@ -2001,9 +2019,15 @@ static enum ndr_err_code ndr_push_PNP_HwProfFlags(struct ndr_push *ndr, int flag static enum ndr_err_code ndr_pull_PNP_HwProfFlags(struct ndr_pull *ndr, int flags, struct PNP_HwProfFlags *r) { + uint32_t size_devicepath_1 = 0; + uint32_t length_devicepath_1 = 0; uint32_t _ptr_unknown4; uint32_t _ptr_unknown5; + uint32_t size_unknown5_1 = 0; + uint32_t length_unknown5_1 = 0; uint32_t _ptr_unknown5a; + uint32_t size_unknown5a_2 = 0; + uint32_t length_unknown5a_2 = 0; TALLOC_CTX *_mem_save_unknown3_0; TALLOC_CTX *_mem_save_unknown4_0; TALLOC_CTX *_mem_save_unknown5_0; @@ -2015,11 +2039,13 @@ static enum ndr_err_code ndr_pull_PNP_HwProfFlags(struct ndr_pull *ndr, int flag NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.unknown1)); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.devicepath)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.devicepath)); - if (ndr_get_array_length(ndr, &r->in.devicepath) > ndr_get_array_size(ndr, &r->in.devicepath)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.devicepath), ndr_get_array_length(ndr, &r->in.devicepath)); + size_devicepath_1 = ndr_get_array_size(ndr, &r->in.devicepath); + length_devicepath_1 = ndr_get_array_length(ndr, &r->in.devicepath); + if (length_devicepath_1 > size_devicepath_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_devicepath_1, length_devicepath_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.devicepath), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.devicepath, ndr_get_array_length(ndr, &r->in.devicepath), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_devicepath_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.devicepath, length_devicepath_1, sizeof(uint16_t), CH_UTF16)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.unknown2)); if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) { NDR_PULL_ALLOC(ndr, r->in.unknown3); @@ -2051,11 +2077,13 @@ static enum ndr_err_code ndr_pull_PNP_HwProfFlags(struct ndr_pull *ndr, int flag NDR_PULL_SET_MEM_CTX(ndr, r->in.unknown5, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.unknown5)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.unknown5)); - if (ndr_get_array_length(ndr, &r->in.unknown5) > ndr_get_array_size(ndr, &r->in.unknown5)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.unknown5), ndr_get_array_length(ndr, &r->in.unknown5)); + size_unknown5_1 = ndr_get_array_size(ndr, &r->in.unknown5); + length_unknown5_1 = ndr_get_array_length(ndr, &r->in.unknown5); + if (length_unknown5_1 > size_unknown5_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_unknown5_1, length_unknown5_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.unknown5), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.unknown5, ndr_get_array_length(ndr, &r->in.unknown5), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_unknown5_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.unknown5, length_unknown5_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_unknown5_0, 0); } NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.unknown6)); @@ -2103,11 +2131,13 @@ static enum ndr_err_code ndr_pull_PNP_HwProfFlags(struct ndr_pull *ndr, int flag NDR_PULL_SET_MEM_CTX(ndr, *r->out.unknown5a, 0); NDR_CHECK(ndr_pull_array_size(ndr, r->out.unknown5a)); NDR_CHECK(ndr_pull_array_length(ndr, r->out.unknown5a)); - if (ndr_get_array_length(ndr, r->out.unknown5a) > ndr_get_array_size(ndr, r->out.unknown5a)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, r->out.unknown5a), ndr_get_array_length(ndr, r->out.unknown5a)); + size_unknown5a_2 = ndr_get_array_size(ndr, r->out.unknown5a); + length_unknown5a_2 = ndr_get_array_length(ndr, r->out.unknown5a); + if (length_unknown5a_2 > size_unknown5a_2) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_unknown5a_2, length_unknown5a_2); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, r->out.unknown5a), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, r->out.unknown5a, ndr_get_array_length(ndr, r->out.unknown5a), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_unknown5a_2, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, r->out.unknown5a, length_unknown5a_2, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_unknown5a_1, 0); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_unknown5a_0, 0); diff --git a/source/librpc/gen_ndr/ndr_samr.c b/source/librpc/gen_ndr/ndr_samr.c index ae3605b..639647b 100644 --- a/source/librpc/gen_ndr/ndr_samr.c +++ b/source/librpc/gen_ndr/ndr_samr.c @@ -249,6 +249,7 @@ static enum ndr_err_code ndr_push_samr_SamArray(struct ndr_push *ndr, int ndr_fl static enum ndr_err_code ndr_pull_samr_SamArray(struct ndr_pull *ndr, int ndr_flags, struct samr_SamArray *r) { uint32_t _ptr_entries; + uint32_t size_entries_1 = 0; uint32_t cntr_entries_1; TALLOC_CTX *_mem_save_entries_0; TALLOC_CTX *_mem_save_entries_1; @@ -267,13 +268,14 @@ static enum ndr_err_code ndr_pull_samr_SamArray(struct ndr_pull *ndr, int ndr_fl _mem_save_entries_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->entries, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->entries)); - NDR_PULL_ALLOC_N(ndr, r->entries, ndr_get_array_size(ndr, &r->entries)); + size_entries_1 = ndr_get_array_size(ndr, &r->entries); + NDR_PULL_ALLOC_N(ndr, r->entries, size_entries_1); _mem_save_entries_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->entries, 0); - for (cntr_entries_1 = 0; cntr_entries_1 < r->count; cntr_entries_1++) { + for (cntr_entries_1 = 0; cntr_entries_1 < size_entries_1; cntr_entries_1++) { NDR_CHECK(ndr_pull_samr_SamEntry(ndr, NDR_SCALARS, &r->entries[cntr_entries_1])); } - for (cntr_entries_1 = 0; cntr_entries_1 < r->count; cntr_entries_1++) { + for (cntr_entries_1 = 0; cntr_entries_1 < size_entries_1; cntr_entries_1++) { NDR_CHECK(ndr_pull_samr_SamEntry(ndr, NDR_BUFFERS, &r->entries[cntr_entries_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_entries_1, 0); @@ -1107,6 +1109,7 @@ static enum ndr_err_code ndr_push_samr_Ids(struct ndr_push *ndr, int ndr_flags, static enum ndr_err_code ndr_pull_samr_Ids(struct ndr_pull *ndr, int ndr_flags, struct samr_Ids *r) { uint32_t _ptr_ids; + uint32_t size_ids_1 = 0; uint32_t cntr_ids_1; TALLOC_CTX *_mem_save_ids_0; TALLOC_CTX *_mem_save_ids_1; @@ -1128,10 +1131,11 @@ static enum ndr_err_code ndr_pull_samr_Ids(struct ndr_pull *ndr, int ndr_flags, _mem_save_ids_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->ids, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->ids)); - NDR_PULL_ALLOC_N(ndr, r->ids, ndr_get_array_size(ndr, &r->ids)); + size_ids_1 = ndr_get_array_size(ndr, &r->ids); + NDR_PULL_ALLOC_N(ndr, r->ids, size_ids_1); _mem_save_ids_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->ids, 0); - for (cntr_ids_1 = 0; cntr_ids_1 < r->count; cntr_ids_1++) { + for (cntr_ids_1 = 0; cntr_ids_1 < size_ids_1; cntr_ids_1++) { NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->ids[cntr_ids_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_ids_1, 0); @@ -1480,10 +1484,12 @@ static enum ndr_err_code ndr_push_samr_RidTypeArray(struct ndr_push *ndr, int nd static enum ndr_err_code ndr_pull_samr_RidTypeArray(struct ndr_pull *ndr, int ndr_flags, struct samr_RidTypeArray *r) { uint32_t _ptr_rids; + uint32_t size_rids_1 = 0; uint32_t cntr_rids_1; TALLOC_CTX *_mem_save_rids_0; TALLOC_CTX *_mem_save_rids_1; uint32_t _ptr_types; + uint32_t size_types_1 = 0; uint32_t cntr_types_1; TALLOC_CTX *_mem_save_types_0; TALLOC_CTX *_mem_save_types_1; @@ -1508,10 +1514,11 @@ static enum ndr_err_code ndr_pull_samr_RidTypeArray(struct ndr_pull *ndr, int nd _mem_save_rids_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->rids, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->rids)); - NDR_PULL_ALLOC_N(ndr, r->rids, ndr_get_array_size(ndr, &r->rids)); + size_rids_1 = ndr_get_array_size(ndr, &r->rids); + NDR_PULL_ALLOC_N(ndr, r->rids, size_rids_1); _mem_save_rids_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->rids, 0); - for (cntr_rids_1 = 0; cntr_rids_1 < r->count; cntr_rids_1++) { + for (cntr_rids_1 = 0; cntr_rids_1 < size_rids_1; cntr_rids_1++) { NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->rids[cntr_rids_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_rids_1, 0); @@ -1521,10 +1528,11 @@ static enum ndr_err_code ndr_pull_samr_RidTypeArray(struct ndr_pull *ndr, int nd _mem_save_types_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->types, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->types)); - NDR_PULL_ALLOC_N(ndr, r->types, ndr_get_array_size(ndr, &r->types)); + size_types_1 = ndr_get_array_size(ndr, &r->types); + NDR_PULL_ALLOC_N(ndr, r->types, size_types_1); _mem_save_types_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->types, 0); - for (cntr_types_1 = 0; cntr_types_1 < r->count; cntr_types_1++) { + for (cntr_types_1 = 0; cntr_types_1 < size_types_1; cntr_types_1++) { NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->types[cntr_types_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_types_1, 0); @@ -1880,6 +1888,8 @@ _PUBLIC_ enum ndr_err_code ndr_push_samr_LogonHours(struct ndr_push *ndr, int nd _PUBLIC_ enum ndr_err_code ndr_pull_samr_LogonHours(struct ndr_pull *ndr, int ndr_flags, struct samr_LogonHours *r) { uint32_t _ptr_bits; + uint32_t size_bits_1 = 0; + uint32_t length_bits_1 = 0; TALLOC_CTX *_mem_save_bits_0; { uint32_t _flags_save_STRUCT = ndr->flags; @@ -1900,11 +1910,13 @@ _PUBLIC_ enum ndr_err_code ndr_pull_samr_LogonHours(struct ndr_pull *ndr, int nd NDR_PULL_SET_MEM_CTX(ndr, r->bits, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->bits)); NDR_CHECK(ndr_pull_array_length(ndr, &r->bits)); - if (ndr_get_array_length(ndr, &r->bits) > ndr_get_array_size(ndr, &r->bits)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->bits), ndr_get_array_length(ndr, &r->bits)); + size_bits_1 = ndr_get_array_size(ndr, &r->bits); + length_bits_1 = ndr_get_array_length(ndr, &r->bits); + if (length_bits_1 > size_bits_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_bits_1, length_bits_1); } - NDR_PULL_ALLOC_N(ndr, r->bits, ndr_get_array_size(ndr, &r->bits)); - NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->bits, ndr_get_array_length(ndr, &r->bits))); + NDR_PULL_ALLOC_N(ndr, r->bits, size_bits_1); + NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->bits, length_bits_1)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_bits_0, 0); } if (r->bits) { @@ -2540,12 +2552,14 @@ _PUBLIC_ enum ndr_err_code ndr_push_samr_Password(struct ndr_push *ndr, int ndr_ _PUBLIC_ enum ndr_err_code ndr_pull_samr_Password(struct ndr_pull *ndr, int ndr_flags, struct samr_Password *r) { + uint32_t size_hash_0 = 0; { uint32_t _flags_save_STRUCT = ndr->flags; ndr_set_flags(&ndr->flags, LIBNDR_PRINT_ARRAY_HEX); if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 1)); - NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->hash, 16)); + size_hash_0 = 16; + NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->hash, size_hash_0)); } if (ndr_flags & NDR_BUFFERS) { } @@ -2757,6 +2771,7 @@ static enum ndr_err_code ndr_push_samr_UserInfo21(struct ndr_push *ndr, int ndr_ static enum ndr_err_code ndr_pull_samr_UserInfo21(struct ndr_pull *ndr, int ndr_flags, struct samr_UserInfo21 *r) { uint32_t _ptr_buffer; + uint32_t size_buffer_1 = 0; TALLOC_CTX *_mem_save_buffer_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); @@ -2818,8 +2833,9 @@ static enum ndr_err_code ndr_pull_samr_UserInfo21(struct ndr_pull *ndr, int ndr_ _mem_save_buffer_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->buffer, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->buffer)); - NDR_PULL_ALLOC_N(ndr, r->buffer, ndr_get_array_size(ndr, &r->buffer)); - NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->buffer, ndr_get_array_size(ndr, &r->buffer))); + size_buffer_1 = ndr_get_array_size(ndr, &r->buffer); + NDR_PULL_ALLOC_N(ndr, r->buffer, size_buffer_1); + NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->buffer, size_buffer_1)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_buffer_0, 0); } NDR_CHECK(ndr_pull_samr_LogonHours(ndr, NDR_BUFFERS, &r->logon_hours)); @@ -2894,12 +2910,14 @@ _PUBLIC_ enum ndr_err_code ndr_push_samr_CryptPassword(struct ndr_push *ndr, int _PUBLIC_ enum ndr_err_code ndr_pull_samr_CryptPassword(struct ndr_pull *ndr, int ndr_flags, struct samr_CryptPassword *r) { + uint32_t size_data_0 = 0; { uint32_t _flags_save_STRUCT = ndr->flags; ndr_set_flags(&ndr->flags, LIBNDR_PRINT_ARRAY_HEX); if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 1)); - NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->data, 516)); + size_data_0 = 516; + NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->data, size_data_0)); } if (ndr_flags & NDR_BUFFERS) { } @@ -3007,12 +3025,14 @@ static enum ndr_err_code ndr_push_samr_CryptPasswordEx(struct ndr_push *ndr, int static enum ndr_err_code ndr_pull_samr_CryptPasswordEx(struct ndr_pull *ndr, int ndr_flags, struct samr_CryptPasswordEx *r) { + uint32_t size_data_0 = 0; { uint32_t _flags_save_STRUCT = ndr->flags; ndr_set_flags(&ndr->flags, LIBNDR_PRINT_ARRAY_HEX); if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 1)); - NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->data, 532)); + size_data_0 = 532; + NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->data, size_data_0)); } if (ndr_flags & NDR_BUFFERS) { } @@ -3660,6 +3680,7 @@ _PUBLIC_ enum ndr_err_code ndr_push_samr_RidWithAttributeArray(struct ndr_push * _PUBLIC_ enum ndr_err_code ndr_pull_samr_RidWithAttributeArray(struct ndr_pull *ndr, int ndr_flags, struct samr_RidWithAttributeArray *r) { uint32_t _ptr_rids; + uint32_t size_rids_1 = 0; uint32_t cntr_rids_1; TALLOC_CTX *_mem_save_rids_0; TALLOC_CTX *_mem_save_rids_1; @@ -3678,10 +3699,11 @@ _PUBLIC_ enum ndr_err_code ndr_pull_samr_RidWithAttributeArray(struct ndr_pull * _mem_save_rids_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->rids, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->rids)); - NDR_PULL_ALLOC_N(ndr, r->rids, ndr_get_array_size(ndr, &r->rids)); + size_rids_1 = ndr_get_array_size(ndr, &r->rids); + NDR_PULL_ALLOC_N(ndr, r->rids, size_rids_1); _mem_save_rids_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->rids, 0); - for (cntr_rids_1 = 0; cntr_rids_1 < r->count; cntr_rids_1++) { + for (cntr_rids_1 = 0; cntr_rids_1 < size_rids_1; cntr_rids_1++) { NDR_CHECK(ndr_pull_samr_RidWithAttribute(ndr, NDR_SCALARS, &r->rids[cntr_rids_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_rids_1, 0); @@ -3794,6 +3816,7 @@ static enum ndr_err_code ndr_push_samr_DispInfoGeneral(struct ndr_push *ndr, int static enum ndr_err_code ndr_pull_samr_DispInfoGeneral(struct ndr_pull *ndr, int ndr_flags, struct samr_DispInfoGeneral *r) { uint32_t _ptr_entries; + uint32_t size_entries_1 = 0; uint32_t cntr_entries_1; TALLOC_CTX *_mem_save_entries_0; TALLOC_CTX *_mem_save_entries_1; @@ -3812,13 +3835,14 @@ static enum ndr_err_code ndr_pull_samr_DispInfoGeneral(struct ndr_pull *ndr, int _mem_save_entries_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->entries, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->entries)); - NDR_PULL_ALLOC_N(ndr, r->entries, ndr_get_array_size(ndr, &r->entries)); + size_entries_1 = ndr_get_array_size(ndr, &r->entries); + NDR_PULL_ALLOC_N(ndr, r->entries, size_entries_1); _mem_save_entries_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->entries, 0); - for (cntr_entries_1 = 0; cntr_entries_1 < r->count; cntr_entries_1++) { + for (cntr_entries_1 = 0; cntr_entries_1 < size_entries_1; cntr_entries_1++) { NDR_CHECK(ndr_pull_samr_DispEntryGeneral(ndr, NDR_SCALARS, &r->entries[cntr_entries_1])); } - for (cntr_entries_1 = 0; cntr_entries_1 < r->count; cntr_entries_1++) { + for (cntr_entries_1 = 0; cntr_entries_1 < size_entries_1; cntr_entries_1++) { NDR_CHECK(ndr_pull_samr_DispEntryGeneral(ndr, NDR_BUFFERS, &r->entries[cntr_entries_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_entries_1, 0); @@ -3926,6 +3950,7 @@ static enum ndr_err_code ndr_push_samr_DispInfoFull(struct ndr_push *ndr, int nd static enum ndr_err_code ndr_pull_samr_DispInfoFull(struct ndr_pull *ndr, int ndr_flags, struct samr_DispInfoFull *r) { uint32_t _ptr_entries; + uint32_t size_entries_1 = 0; uint32_t cntr_entries_1; TALLOC_CTX *_mem_save_entries_0; TALLOC_CTX *_mem_save_entries_1; @@ -3944,13 +3969,14 @@ static enum ndr_err_code ndr_pull_samr_DispInfoFull(struct ndr_pull *ndr, int nd _mem_save_entries_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->entries, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->entries)); - NDR_PULL_ALLOC_N(ndr, r->entries, ndr_get_array_size(ndr, &r->entries)); + size_entries_1 = ndr_get_array_size(ndr, &r->entries); + NDR_PULL_ALLOC_N(ndr, r->entries, size_entries_1); _mem_save_entries_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->entries, 0); - for (cntr_entries_1 = 0; cntr_entries_1 < r->count; cntr_entries_1++) { + for (cntr_entries_1 = 0; cntr_entries_1 < size_entries_1; cntr_entries_1++) { NDR_CHECK(ndr_pull_samr_DispEntryFull(ndr, NDR_SCALARS, &r->entries[cntr_entries_1])); } - for (cntr_entries_1 = 0; cntr_entries_1 < r->count; cntr_entries_1++) { + for (cntr_entries_1 = 0; cntr_entries_1 < size_entries_1; cntr_entries_1++) { NDR_CHECK(ndr_pull_samr_DispEntryFull(ndr, NDR_BUFFERS, &r->entries[cntr_entries_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_entries_1, 0); @@ -4058,6 +4084,7 @@ static enum ndr_err_code ndr_push_samr_DispInfoFullGroups(struct ndr_push *ndr, static enum ndr_err_code ndr_pull_samr_DispInfoFullGroups(struct ndr_pull *ndr, int ndr_flags, struct samr_DispInfoFullGroups *r) { uint32_t _ptr_entries; + uint32_t size_entries_1 = 0; uint32_t cntr_entries_1; TALLOC_CTX *_mem_save_entries_0; TALLOC_CTX *_mem_save_entries_1; @@ -4076,13 +4103,14 @@ static enum ndr_err_code ndr_pull_samr_DispInfoFullGroups(struct ndr_pull *ndr, _mem_save_entries_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->entries, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->entries)); - NDR_PULL_ALLOC_N(ndr, r->entries, ndr_get_array_size(ndr, &r->entries)); + size_entries_1 = ndr_get_array_size(ndr, &r->entries); + NDR_PULL_ALLOC_N(ndr, r->entries, size_entries_1); _mem_save_entries_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->entries, 0); - for (cntr_entries_1 = 0; cntr_entries_1 < r->count; cntr_entries_1++) { + for (cntr_entries_1 = 0; cntr_entries_1 < size_entries_1; cntr_entries_1++) { NDR_CHECK(ndr_pull_samr_DispEntryFullGroup(ndr, NDR_SCALARS, &r->entries[cntr_entries_1])); } - for (cntr_entries_1 = 0; cntr_entries_1 < r->count; cntr_entries_1++) { + for (cntr_entries_1 = 0; cntr_entries_1 < size_entries_1; cntr_entries_1++) { NDR_CHECK(ndr_pull_samr_DispEntryFullGroup(ndr, NDR_BUFFERS, &r->entries[cntr_entries_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_entries_1, 0); @@ -4179,6 +4207,7 @@ static enum ndr_err_code ndr_push_samr_DispInfoAscii(struct ndr_push *ndr, int n static enum ndr_err_code ndr_pull_samr_DispInfoAscii(struct ndr_pull *ndr, int ndr_flags, struct samr_DispInfoAscii *r) { uint32_t _ptr_entries; + uint32_t size_entries_1 = 0; uint32_t cntr_entries_1; TALLOC_CTX *_mem_save_entries_0; TALLOC_CTX *_mem_save_entries_1; @@ -4197,13 +4226,14 @@ static enum ndr_err_code ndr_pull_samr_DispInfoAscii(struct ndr_pull *ndr, int n _mem_save_entries_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->entries, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->entries)); - NDR_PULL_ALLOC_N(ndr, r->entries, ndr_get_array_size(ndr, &r->entries)); + size_entries_1 = ndr_get_array_size(ndr, &r->entries); + NDR_PULL_ALLOC_N(ndr, r->entries, size_entries_1); _mem_save_entries_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->entries, 0); - for (cntr_entries_1 = 0; cntr_entries_1 < r->count; cntr_entries_1++) { + for (cntr_entries_1 = 0; cntr_entries_1 < size_entries_1; cntr_entries_1++) { NDR_CHECK(ndr_pull_samr_DispEntryAscii(ndr, NDR_SCALARS, &r->entries[cntr_entries_1])); } - for (cntr_entries_1 = 0; cntr_entries_1 < r->count; cntr_entries_1++) { + for (cntr_entries_1 = 0; cntr_entries_1 < size_entries_1; cntr_entries_1++) { NDR_CHECK(ndr_pull_samr_DispEntryAscii(ndr, NDR_BUFFERS, &r->entries[cntr_entries_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_entries_1, 0); @@ -4700,6 +4730,7 @@ static enum ndr_err_code ndr_push_samr_ValidationBlob(struct ndr_push *ndr, int static enum ndr_err_code ndr_pull_samr_ValidationBlob(struct ndr_pull *ndr, int ndr_flags, struct samr_ValidationBlob *r) { uint32_t _ptr_data; + uint32_t size_data_1 = 0; TALLOC_CTX *_mem_save_data_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); @@ -4716,8 +4747,9 @@ static enum ndr_err_code ndr_pull_samr_ValidationBlob(struct ndr_pull *ndr, int _mem_save_data_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->data, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->data)); - NDR_PULL_ALLOC_N(ndr, r->data, ndr_get_array_size(ndr, &r->data)); - NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->data, ndr_get_array_size(ndr, &r->data))); + size_data_1 = ndr_get_array_size(ndr, &r->data); + NDR_PULL_ALLOC_N(ndr, r->data, size_data_1); + NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->data, size_data_1)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_data_0, 0); } if (r->data) { @@ -4771,6 +4803,7 @@ static enum ndr_err_code ndr_push_samr_ValidatePasswordInfo(struct ndr_push *ndr static enum ndr_err_code ndr_pull_samr_ValidatePasswordInfo(struct ndr_pull *ndr, int ndr_flags, struct samr_ValidatePasswordInfo *r) { uint32_t _ptr_pwd_history; + uint32_t size_pwd_history_1 = 0; uint32_t cntr_pwd_history_1; TALLOC_CTX *_mem_save_pwd_history_0; TALLOC_CTX *_mem_save_pwd_history_1; @@ -4794,13 +4827,14 @@ static enum ndr_err_code ndr_pull_samr_ValidatePasswordInfo(struct ndr_pull *ndr _mem_save_pwd_history_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->pwd_history, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->pwd_history)); - NDR_PULL_ALLOC_N(ndr, r->pwd_history, ndr_get_array_size(ndr, &r->pwd_history)); + size_pwd_history_1 = ndr_get_array_size(ndr, &r->pwd_history); + NDR_PULL_ALLOC_N(ndr, r->pwd_history, size_pwd_history_1); _mem_save_pwd_history_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->pwd_history, 0); - for (cntr_pwd_history_1 = 0; cntr_pwd_history_1 < r->pwd_history_len; cntr_pwd_history_1++) { + for (cntr_pwd_history_1 = 0; cntr_pwd_history_1 < size_pwd_history_1; cntr_pwd_history_1++) { NDR_CHECK(ndr_pull_samr_ValidationBlob(ndr, NDR_SCALARS, &r->pwd_history[cntr_pwd_history_1])); } - for (cntr_pwd_history_1 = 0; cntr_pwd_history_1 < r->pwd_history_len; cntr_pwd_history_1++) { + for (cntr_pwd_history_1 = 0; cntr_pwd_history_1 < size_pwd_history_1; cntr_pwd_history_1++) { NDR_CHECK(ndr_pull_samr_ValidationBlob(ndr, NDR_BUFFERS, &r->pwd_history[cntr_pwd_history_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_pwd_history_1, 0); @@ -7117,6 +7151,8 @@ _PUBLIC_ enum ndr_err_code ndr_push_samr_LookupNames(struct ndr_push *ndr, int f _PUBLIC_ enum ndr_err_code ndr_pull_samr_LookupNames(struct ndr_pull *ndr, int flags, struct samr_LookupNames *r) { + uint32_t size_names_0 = 0; + uint32_t length_names_0 = 0; uint32_t cntr_names_0; TALLOC_CTX *_mem_save_domain_handle_0; TALLOC_CTX *_mem_save_names_0; @@ -7138,16 +7174,18 @@ _PUBLIC_ enum ndr_err_code ndr_pull_samr_LookupNames(struct ndr_pull *ndr, int f } NDR_CHECK(ndr_pull_array_size(ndr, &r->in.names)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.names)); - if (ndr_get_array_length(ndr, &r->in.names) > ndr_get_array_size(ndr, &r->in.names)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.names), ndr_get_array_length(ndr, &r->in.names)); + size_names_0 = ndr_get_array_size(ndr, &r->in.names); + length_names_0 = ndr_get_array_length(ndr, &r->in.names); + if (length_names_0 > size_names_0) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_names_0, length_names_0); } - NDR_PULL_ALLOC_N(ndr, r->in.names, ndr_get_array_size(ndr, &r->in.names)); + NDR_PULL_ALLOC_N(ndr, r->in.names, size_names_0); _mem_save_names_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->in.names, 0); - for (cntr_names_0 = 0; cntr_names_0 < r->in.num_names; cntr_names_0++) { + for (cntr_names_0 = 0; cntr_names_0 < length_names_0; cntr_names_0++) { NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_SCALARS, &r->in.names[cntr_names_0])); } - for (cntr_names_0 = 0; cntr_names_0 < r->in.num_names; cntr_names_0++) { + for (cntr_names_0 = 0; cntr_names_0 < length_names_0; cntr_names_0++) { NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_BUFFERS, &r->in.names[cntr_names_0])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_names_0, 0); @@ -7259,6 +7297,8 @@ static enum ndr_err_code ndr_push_samr_LookupRids(struct ndr_push *ndr, int flag static enum ndr_err_code ndr_pull_samr_LookupRids(struct ndr_pull *ndr, int flags, struct samr_LookupRids *r) { + uint32_t size_rids_0 = 0; + uint32_t length_rids_0 = 0; uint32_t cntr_rids_0; TALLOC_CTX *_mem_save_domain_handle_0; TALLOC_CTX *_mem_save_rids_0; @@ -7280,13 +7320,15 @@ static enum ndr_err_code ndr_pull_samr_LookupRids(struct ndr_pull *ndr, int flag } NDR_CHECK(ndr_pull_array_size(ndr, &r->in.rids)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.rids)); - if (ndr_get_array_length(ndr, &r->in.rids) > ndr_get_array_size(ndr, &r->in.rids)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.rids), ndr_get_array_length(ndr, &r->in.rids)); + size_rids_0 = ndr_get_array_size(ndr, &r->in.rids); + length_rids_0 = ndr_get_array_length(ndr, &r->in.rids); + if (length_rids_0 > size_rids_0) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_rids_0, length_rids_0); } - NDR_PULL_ALLOC_N(ndr, r->in.rids, ndr_get_array_size(ndr, &r->in.rids)); + NDR_PULL_ALLOC_N(ndr, r->in.rids, size_rids_0); _mem_save_rids_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->in.rids, 0); - for (cntr_rids_0 = 0; cntr_rids_0 < r->in.num_rids; cntr_rids_0++) { + for (cntr_rids_0 = 0; cntr_rids_0 < length_rids_0; cntr_rids_0++) { NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.rids[cntr_rids_0])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_rids_0, 0); @@ -10958,6 +11000,8 @@ static enum ndr_err_code ndr_push_samr_Connect2(struct ndr_push *ndr, int flags, static enum ndr_err_code ndr_pull_samr_Connect2(struct ndr_pull *ndr, int flags, struct samr_Connect2 *r) { uint32_t _ptr_system_name; + uint32_t size_system_name_1 = 0; + uint32_t length_system_name_1 = 0; TALLOC_CTX *_mem_save_system_name_0; TALLOC_CTX *_mem_save_connect_handle_0; if (flags & NDR_IN) { @@ -10974,11 +11018,13 @@ static enum ndr_err_code ndr_pull_samr_Connect2(struct ndr_pull *ndr, int flags, NDR_PULL_SET_MEM_CTX(ndr, r->in.system_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.system_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.system_name)); - if (ndr_get_array_length(ndr, &r->in.system_name) > ndr_get_array_size(ndr, &r->in.system_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.system_name), ndr_get_array_length(ndr, &r->in.system_name)); + size_system_name_1 = ndr_get_array_size(ndr, &r->in.system_name); + length_system_name_1 = ndr_get_array_length(ndr, &r->in.system_name); + if (length_system_name_1 > size_system_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_system_name_1, length_system_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.system_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.system_name, ndr_get_array_length(ndr, &r->in.system_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_system_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.system_name, length_system_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_system_name_0, 0); } NDR_CHECK(ndr_pull_samr_ConnectAccessMask(ndr, NDR_SCALARS, &r->in.access_mask)); @@ -11278,6 +11324,8 @@ static enum ndr_err_code ndr_push_samr_Connect3(struct ndr_push *ndr, int flags, static enum ndr_err_code ndr_pull_samr_Connect3(struct ndr_pull *ndr, int flags, struct samr_Connect3 *r) { uint32_t _ptr_system_name; + uint32_t size_system_name_1 = 0; + uint32_t length_system_name_1 = 0; TALLOC_CTX *_mem_save_system_name_0; TALLOC_CTX *_mem_save_connect_handle_0; if (flags & NDR_IN) { @@ -11294,11 +11342,13 @@ static enum ndr_err_code ndr_pull_samr_Connect3(struct ndr_pull *ndr, int flags, NDR_PULL_SET_MEM_CTX(ndr, r->in.system_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.system_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.system_name)); - if (ndr_get_array_length(ndr, &r->in.system_name) > ndr_get_array_size(ndr, &r->in.system_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.system_name), ndr_get_array_length(ndr, &r->in.system_name)); + size_system_name_1 = ndr_get_array_size(ndr, &r->in.system_name); + length_system_name_1 = ndr_get_array_length(ndr, &r->in.system_name); + if (length_system_name_1 > size_system_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_system_name_1, length_system_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.system_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.system_name, ndr_get_array_length(ndr, &r->in.system_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_system_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.system_name, length_system_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_system_name_0, 0); } NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.unknown)); @@ -11378,6 +11428,8 @@ static enum ndr_err_code ndr_push_samr_Connect4(struct ndr_push *ndr, int flags, static enum ndr_err_code ndr_pull_samr_Connect4(struct ndr_pull *ndr, int flags, struct samr_Connect4 *r) { uint32_t _ptr_system_name; + uint32_t size_system_name_1 = 0; + uint32_t length_system_name_1 = 0; TALLOC_CTX *_mem_save_system_name_0; TALLOC_CTX *_mem_save_connect_handle_0; if (flags & NDR_IN) { @@ -11394,11 +11446,13 @@ static enum ndr_err_code ndr_pull_samr_Connect4(struct ndr_pull *ndr, int flags, NDR_PULL_SET_MEM_CTX(ndr, r->in.system_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.system_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.system_name)); - if (ndr_get_array_length(ndr, &r->in.system_name) > ndr_get_array_size(ndr, &r->in.system_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.system_name), ndr_get_array_length(ndr, &r->in.system_name)); + size_system_name_1 = ndr_get_array_size(ndr, &r->in.system_name); + length_system_name_1 = ndr_get_array_length(ndr, &r->in.system_name); + if (length_system_name_1 > size_system_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_system_name_1, length_system_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.system_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.system_name, ndr_get_array_length(ndr, &r->in.system_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_system_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.system_name, length_system_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_system_name_0, 0); } NDR_CHECK(ndr_pull_samr_ConnectVersion(ndr, NDR_SCALARS, &r->in.client_version)); @@ -11776,6 +11830,8 @@ _PUBLIC_ enum ndr_err_code ndr_push_samr_Connect5(struct ndr_push *ndr, int flag _PUBLIC_ enum ndr_err_code ndr_pull_samr_Connect5(struct ndr_pull *ndr, int flags, struct samr_Connect5 *r) { uint32_t _ptr_system_name; + uint32_t size_system_name_1 = 0; + uint32_t length_system_name_1 = 0; TALLOC_CTX *_mem_save_system_name_0; TALLOC_CTX *_mem_save_info_in_0; TALLOC_CTX *_mem_save_level_out_0; @@ -11795,11 +11851,13 @@ _PUBLIC_ enum ndr_err_code ndr_pull_samr_Connect5(struct ndr_pull *ndr, int flag NDR_PULL_SET_MEM_CTX(ndr, r->in.system_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.system_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.system_name)); - if (ndr_get_array_length(ndr, &r->in.system_name) > ndr_get_array_size(ndr, &r->in.system_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.system_name), ndr_get_array_length(ndr, &r->in.system_name)); + size_system_name_1 = ndr_get_array_size(ndr, &r->in.system_name); + length_system_name_1 = ndr_get_array_length(ndr, &r->in.system_name); + if (length_system_name_1 > size_system_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_system_name_1, length_system_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.system_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.system_name, ndr_get_array_length(ndr, &r->in.system_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_system_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.system_name, length_system_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_system_name_0, 0); } NDR_CHECK(ndr_pull_samr_ConnectAccessMask(ndr, NDR_SCALARS, &r->in.access_mask)); diff --git a/source/librpc/gen_ndr/ndr_security.c b/source/librpc/gen_ndr/ndr_security.c index d031c46..6a3ab10 100644 --- a/source/librpc/gen_ndr/ndr_security.c +++ b/source/librpc/gen_ndr/ndr_security.c @@ -492,6 +492,7 @@ _PUBLIC_ enum ndr_err_code ndr_push_security_acl(struct ndr_push *ndr, int ndr_f _PUBLIC_ enum ndr_err_code ndr_pull_security_acl(struct ndr_pull *ndr, int ndr_flags, struct security_acl *r) { + uint32_t size_aces_0 = 0; uint32_t cntr_aces_0; TALLOC_CTX *_mem_save_aces_0; if (ndr_flags & NDR_SCALARS) { @@ -502,18 +503,20 @@ _PUBLIC_ enum ndr_err_code ndr_pull_security_acl(struct ndr_pull *ndr, int ndr_f if (r->num_aces < 0 || r->num_aces > 1000) { return ndr_pull_error(ndr, NDR_ERR_RANGE, "value out of range"); } - NDR_PULL_ALLOC_N(ndr, r->aces, r->num_aces); + size_aces_0 = r->num_aces; + NDR_PULL_ALLOC_N(ndr, r->aces, size_aces_0); _mem_save_aces_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->aces, 0); - for (cntr_aces_0 = 0; cntr_aces_0 < r->num_aces; cntr_aces_0++) { + for (cntr_aces_0 = 0; cntr_aces_0 < size_aces_0; cntr_aces_0++) { NDR_CHECK(ndr_pull_security_ace(ndr, NDR_SCALARS, &r->aces[cntr_aces_0])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_aces_0, 0); } if (ndr_flags & NDR_BUFFERS) { + size_aces_0 = r->num_aces; _mem_save_aces_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->aces, 0); - for (cntr_aces_0 = 0; cntr_aces_0 < r->num_aces; cntr_aces_0++) { + for (cntr_aces_0 = 0; cntr_aces_0 < size_aces_0; cntr_aces_0++) { NDR_CHECK(ndr_pull_security_ace(ndr, NDR_BUFFERS, &r->aces[cntr_aces_0])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_aces_0, 0); @@ -875,6 +878,7 @@ _PUBLIC_ enum ndr_err_code ndr_pull_security_token(struct ndr_pull *ndr, int ndr uint32_t _ptr_group_sid; TALLOC_CTX *_mem_save_group_sid_0; uint32_t _ptr_sids; + uint32_t size_sids_0 = 0; uint32_t cntr_sids_0; TALLOC_CTX *_mem_save_sids_0; TALLOC_CTX *_mem_save_sids_1; @@ -894,10 +898,11 @@ _PUBLIC_ enum ndr_err_code ndr_pull_security_token(struct ndr_pull *ndr, int ndr } NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->num_sids)); NDR_CHECK(ndr_pull_array_size(ndr, &r->sids)); - NDR_PULL_ALLOC_N(ndr, r->sids, ndr_get_array_size(ndr, &r->sids)); + size_sids_0 = ndr_get_array_size(ndr, &r->sids); + NDR_PULL_ALLOC_N(ndr, r->sids, size_sids_0); _mem_save_sids_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->sids, 0); - for (cntr_sids_0 = 0; cntr_sids_0 < r->num_sids; cntr_sids_0++) { + for (cntr_sids_0 = 0; cntr_sids_0 < size_sids_0; cntr_sids_0++) { NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_sids)); if (_ptr_sids) { NDR_PULL_ALLOC(ndr, r->sids[cntr_sids_0]); @@ -924,9 +929,10 @@ _PUBLIC_ enum ndr_err_code ndr_pull_security_token(struct ndr_pull *ndr, int ndr NDR_CHECK(ndr_pull_dom_sid(ndr, NDR_SCALARS|NDR_BUFFERS, r->group_sid)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_group_sid_0, 0); } + size_sids_0 = ndr_get_array_size(ndr, &r->sids); _mem_save_sids_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->sids, 0); - for (cntr_sids_0 = 0; cntr_sids_0 < r->num_sids; cntr_sids_0++) { + for (cntr_sids_0 = 0; cntr_sids_0 < size_sids_0; cntr_sids_0++) { if (r->sids[cntr_sids_0]) { _mem_save_sids_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->sids[cntr_sids_0], 0); diff --git a/source/librpc/gen_ndr/ndr_srvsvc.c b/source/librpc/gen_ndr/ndr_srvsvc.c index 36c3dbe..029b632 100644 --- a/source/librpc/gen_ndr/ndr_srvsvc.c +++ b/source/librpc/gen_ndr/ndr_srvsvc.c @@ -25,6 +25,8 @@ static enum ndr_err_code ndr_push_srvsvc_NetCharDevInfo0(struct ndr_push *ndr, i static enum ndr_err_code ndr_pull_srvsvc_NetCharDevInfo0(struct ndr_pull *ndr, int ndr_flags, struct srvsvc_NetCharDevInfo0 *r) { uint32_t _ptr_device; + uint32_t size_device_1 = 0; + uint32_t length_device_1 = 0; TALLOC_CTX *_mem_save_device_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); @@ -41,11 +43,13 @@ static enum ndr_err_code ndr_pull_srvsvc_NetCharDevInfo0(struct ndr_pull *ndr, i NDR_PULL_SET_MEM_CTX(ndr, r->device, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->device)); NDR_CHECK(ndr_pull_array_length(ndr, &r->device)); - if (ndr_get_array_length(ndr, &r->device) > ndr_get_array_size(ndr, &r->device)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->device), ndr_get_array_length(ndr, &r->device)); + size_device_1 = ndr_get_array_size(ndr, &r->device); + length_device_1 = ndr_get_array_length(ndr, &r->device); + if (length_device_1 > size_device_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_device_1, length_device_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->device), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->device, ndr_get_array_length(ndr, &r->device), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_device_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->device, length_device_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_device_0, 0); } } @@ -90,6 +94,7 @@ static enum ndr_err_code ndr_push_srvsvc_NetCharDevCtr0(struct ndr_push *ndr, in static enum ndr_err_code ndr_pull_srvsvc_NetCharDevCtr0(struct ndr_pull *ndr, int ndr_flags, struct srvsvc_NetCharDevCtr0 *r) { uint32_t _ptr_array; + uint32_t size_array_1 = 0; uint32_t cntr_array_1; TALLOC_CTX *_mem_save_array_0; TALLOC_CTX *_mem_save_array_1; @@ -108,13 +113,14 @@ static enum ndr_err_code ndr_pull_srvsvc_NetCharDevCtr0(struct ndr_pull *ndr, in _mem_save_array_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->array)); - NDR_PULL_ALLOC_N(ndr, r->array, ndr_get_array_size(ndr, &r->array)); + size_array_1 = ndr_get_array_size(ndr, &r->array); + NDR_PULL_ALLOC_N(ndr, r->array, size_array_1); _mem_save_array_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); - for (cntr_array_1 = 0; cntr_array_1 < r->count; cntr_array_1++) { + for (cntr_array_1 = 0; cntr_array_1 < size_array_1; cntr_array_1++) { NDR_CHECK(ndr_pull_srvsvc_NetCharDevInfo0(ndr, NDR_SCALARS, &r->array[cntr_array_1])); } - for (cntr_array_1 = 0; cntr_array_1 < r->count; cntr_array_1++) { + for (cntr_array_1 = 0; cntr_array_1 < size_array_1; cntr_array_1++) { NDR_CHECK(ndr_pull_srvsvc_NetCharDevInfo0(ndr, NDR_BUFFERS, &r->array[cntr_array_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_array_1, 0); @@ -180,8 +186,12 @@ static enum ndr_err_code ndr_push_srvsvc_NetCharDevInfo1(struct ndr_push *ndr, i static enum ndr_err_code ndr_pull_srvsvc_NetCharDevInfo1(struct ndr_pull *ndr, int ndr_flags, struct srvsvc_NetCharDevInfo1 *r) { uint32_t _ptr_device; + uint32_t size_device_1 = 0; + uint32_t length_device_1 = 0; TALLOC_CTX *_mem_save_device_0; uint32_t _ptr_user; + uint32_t size_user_1 = 0; + uint32_t length_user_1 = 0; TALLOC_CTX *_mem_save_user_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); @@ -206,11 +216,13 @@ static enum ndr_err_code ndr_pull_srvsvc_NetCharDevInfo1(struct ndr_pull *ndr, i NDR_PULL_SET_MEM_CTX(ndr, r->device, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->device)); NDR_CHECK(ndr_pull_array_length(ndr, &r->device)); - if (ndr_get_array_length(ndr, &r->device) > ndr_get_array_size(ndr, &r->device)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->device), ndr_get_array_length(ndr, &r->device)); + size_device_1 = ndr_get_array_size(ndr, &r->device); + length_device_1 = ndr_get_array_length(ndr, &r->device); + if (length_device_1 > size_device_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_device_1, length_device_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->device), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->device, ndr_get_array_length(ndr, &r->device), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_device_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->device, length_device_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_device_0, 0); } if (r->user) { @@ -218,11 +230,13 @@ static enum ndr_err_code ndr_pull_srvsvc_NetCharDevInfo1(struct ndr_pull *ndr, i NDR_PULL_SET_MEM_CTX(ndr, r->user, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->user)); NDR_CHECK(ndr_pull_array_length(ndr, &r->user)); - if (ndr_get_array_length(ndr, &r->user) > ndr_get_array_size(ndr, &r->user)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->user), ndr_get_array_length(ndr, &r->user)); + size_user_1 = ndr_get_array_size(ndr, &r->user); + length_user_1 = ndr_get_array_length(ndr, &r->user); + if (length_user_1 > size_user_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_user_1, length_user_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->user), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->user, ndr_get_array_length(ndr, &r->user), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_user_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->user, length_user_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_user_0, 0); } } @@ -275,6 +289,7 @@ static enum ndr_err_code ndr_push_srvsvc_NetCharDevCtr1(struct ndr_push *ndr, in static enum ndr_err_code ndr_pull_srvsvc_NetCharDevCtr1(struct ndr_pull *ndr, int ndr_flags, struct srvsvc_NetCharDevCtr1 *r) { uint32_t _ptr_array; + uint32_t size_array_1 = 0; uint32_t cntr_array_1; TALLOC_CTX *_mem_save_array_0; TALLOC_CTX *_mem_save_array_1; @@ -293,13 +308,14 @@ static enum ndr_err_code ndr_pull_srvsvc_NetCharDevCtr1(struct ndr_pull *ndr, in _mem_save_array_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->array)); - NDR_PULL_ALLOC_N(ndr, r->array, ndr_get_array_size(ndr, &r->array)); + size_array_1 = ndr_get_array_size(ndr, &r->array); + NDR_PULL_ALLOC_N(ndr, r->array, size_array_1); _mem_save_array_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); - for (cntr_array_1 = 0; cntr_array_1 < r->count; cntr_array_1++) { + for (cntr_array_1 = 0; cntr_array_1 < size_array_1; cntr_array_1++) { NDR_CHECK(ndr_pull_srvsvc_NetCharDevInfo1(ndr, NDR_SCALARS, &r->array[cntr_array_1])); } - for (cntr_array_1 = 0; cntr_array_1 < r->count; cntr_array_1++) { + for (cntr_array_1 = 0; cntr_array_1 < size_array_1; cntr_array_1++) { NDR_CHECK(ndr_pull_srvsvc_NetCharDevInfo1(ndr, NDR_BUFFERS, &r->array[cntr_array_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_array_1, 0); @@ -383,7 +399,9 @@ static enum ndr_err_code ndr_pull_srvsvc_NetCharDevInfo(struct ndr_pull *ndr, in int level; uint32_t _level; TALLOC_CTX *_mem_save_info0_0; + uint32_t _ptr_info0; TALLOC_CTX *_mem_save_info1_0; + uint32_t _ptr_info1; level = ndr_pull_get_switch_value(ndr, r); if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &_level)); @@ -392,7 +410,6 @@ static enum ndr_err_code ndr_pull_srvsvc_NetCharDevInfo(struct ndr_pull *ndr, in } switch (level) { case 0: { - uint32_t _ptr_info0; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info0)); if (_ptr_info0) { NDR_PULL_ALLOC(ndr, r->info0); @@ -402,7 +419,6 @@ static enum ndr_err_code ndr_pull_srvsvc_NetCharDevInfo(struct ndr_pull *ndr, in break; } case 1: { - uint32_t _ptr_info1; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info1)); if (_ptr_info1) { NDR_PULL_ALLOC(ndr, r->info1); @@ -521,7 +537,9 @@ static enum ndr_err_code ndr_pull_srvsvc_NetCharDevCtr(struct ndr_pull *ndr, int int level; uint32_t _level; TALLOC_CTX *_mem_save_ctr0_0; + uint32_t _ptr_ctr0; TALLOC_CTX *_mem_save_ctr1_0; + uint32_t _ptr_ctr1; level = ndr_pull_get_switch_value(ndr, r); if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &_level)); @@ -530,7 +548,6 @@ static enum ndr_err_code ndr_pull_srvsvc_NetCharDevCtr(struct ndr_pull *ndr, int } switch (level) { case 0: { - uint32_t _ptr_ctr0; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_ctr0)); if (_ptr_ctr0) { NDR_PULL_ALLOC(ndr, r->ctr0); @@ -540,7 +557,6 @@ static enum ndr_err_code ndr_pull_srvsvc_NetCharDevCtr(struct ndr_pull *ndr, int break; } case 1: { - uint32_t _ptr_ctr1; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_ctr1)); if (_ptr_ctr1) { NDR_PULL_ALLOC(ndr, r->ctr1); @@ -632,6 +648,8 @@ static enum ndr_err_code ndr_push_srvsvc_NetCharDevQInfo0(struct ndr_push *ndr, static enum ndr_err_code ndr_pull_srvsvc_NetCharDevQInfo0(struct ndr_pull *ndr, int ndr_flags, struct srvsvc_NetCharDevQInfo0 *r) { uint32_t _ptr_device; + uint32_t size_device_1 = 0; + uint32_t length_device_1 = 0; TALLOC_CTX *_mem_save_device_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); @@ -648,11 +666,13 @@ static enum ndr_err_code ndr_pull_srvsvc_NetCharDevQInfo0(struct ndr_pull *ndr, NDR_PULL_SET_MEM_CTX(ndr, r->device, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->device)); NDR_CHECK(ndr_pull_array_length(ndr, &r->device)); - if (ndr_get_array_length(ndr, &r->device) > ndr_get_array_size(ndr, &r->device)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->device), ndr_get_array_length(ndr, &r->device)); + size_device_1 = ndr_get_array_size(ndr, &r->device); + length_device_1 = ndr_get_array_length(ndr, &r->device); + if (length_device_1 > size_device_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_device_1, length_device_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->device), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->device, ndr_get_array_length(ndr, &r->device), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_device_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->device, length_device_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_device_0, 0); } } @@ -697,6 +717,7 @@ static enum ndr_err_code ndr_push_srvsvc_NetCharDevQCtr0(struct ndr_push *ndr, i static enum ndr_err_code ndr_pull_srvsvc_NetCharDevQCtr0(struct ndr_pull *ndr, int ndr_flags, struct srvsvc_NetCharDevQCtr0 *r) { uint32_t _ptr_array; + uint32_t size_array_1 = 0; uint32_t cntr_array_1; TALLOC_CTX *_mem_save_array_0; TALLOC_CTX *_mem_save_array_1; @@ -715,13 +736,14 @@ static enum ndr_err_code ndr_pull_srvsvc_NetCharDevQCtr0(struct ndr_pull *ndr, i _mem_save_array_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->array)); - NDR_PULL_ALLOC_N(ndr, r->array, ndr_get_array_size(ndr, &r->array)); + size_array_1 = ndr_get_array_size(ndr, &r->array); + NDR_PULL_ALLOC_N(ndr, r->array, size_array_1); _mem_save_array_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); - for (cntr_array_1 = 0; cntr_array_1 < r->count; cntr_array_1++) { + for (cntr_array_1 = 0; cntr_array_1 < size_array_1; cntr_array_1++) { NDR_CHECK(ndr_pull_srvsvc_NetCharDevQInfo0(ndr, NDR_SCALARS, &r->array[cntr_array_1])); } - for (cntr_array_1 = 0; cntr_array_1 < r->count; cntr_array_1++) { + for (cntr_array_1 = 0; cntr_array_1 < size_array_1; cntr_array_1++) { NDR_CHECK(ndr_pull_srvsvc_NetCharDevQInfo0(ndr, NDR_BUFFERS, &r->array[cntr_array_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_array_1, 0); @@ -788,8 +810,12 @@ static enum ndr_err_code ndr_push_srvsvc_NetCharDevQInfo1(struct ndr_push *ndr, static enum ndr_err_code ndr_pull_srvsvc_NetCharDevQInfo1(struct ndr_pull *ndr, int ndr_flags, struct srvsvc_NetCharDevQInfo1 *r) { uint32_t _ptr_device; + uint32_t size_device_1 = 0; + uint32_t length_device_1 = 0; TALLOC_CTX *_mem_save_device_0; uint32_t _ptr_devices; + uint32_t size_devices_1 = 0; + uint32_t length_devices_1 = 0; TALLOC_CTX *_mem_save_devices_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); @@ -815,11 +841,13 @@ static enum ndr_err_code ndr_pull_srvsvc_NetCharDevQInfo1(struct ndr_pull *ndr, NDR_PULL_SET_MEM_CTX(ndr, r->device, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->device)); NDR_CHECK(ndr_pull_array_length(ndr, &r->device)); - if (ndr_get_array_length(ndr, &r->device) > ndr_get_array_size(ndr, &r->device)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->device), ndr_get_array_length(ndr, &r->device)); + size_device_1 = ndr_get_array_size(ndr, &r->device); + length_device_1 = ndr_get_array_length(ndr, &r->device); + if (length_device_1 > size_device_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_device_1, length_device_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->device), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->device, ndr_get_array_length(ndr, &r->device), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_device_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->device, length_device_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_device_0, 0); } if (r->devices) { @@ -827,11 +855,13 @@ static enum ndr_err_code ndr_pull_srvsvc_NetCharDevQInfo1(struct ndr_pull *ndr, NDR_PULL_SET_MEM_CTX(ndr, r->devices, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->devices)); NDR_CHECK(ndr_pull_array_length(ndr, &r->devices)); - if (ndr_get_array_length(ndr, &r->devices) > ndr_get_array_size(ndr, &r->devices)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->devices), ndr_get_array_length(ndr, &r->devices)); + size_devices_1 = ndr_get_array_size(ndr, &r->devices); + length_devices_1 = ndr_get_array_length(ndr, &r->devices); + if (length_devices_1 > size_devices_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_devices_1, length_devices_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->devices), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->devices, ndr_get_array_length(ndr, &r->devices), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_devices_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->devices, length_devices_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_devices_0, 0); } } @@ -885,6 +915,7 @@ static enum ndr_err_code ndr_push_srvsvc_NetCharDevQCtr1(struct ndr_push *ndr, i static enum ndr_err_code ndr_pull_srvsvc_NetCharDevQCtr1(struct ndr_pull *ndr, int ndr_flags, struct srvsvc_NetCharDevQCtr1 *r) { uint32_t _ptr_array; + uint32_t size_array_1 = 0; uint32_t cntr_array_1; TALLOC_CTX *_mem_save_array_0; TALLOC_CTX *_mem_save_array_1; @@ -903,13 +934,14 @@ static enum ndr_err_code ndr_pull_srvsvc_NetCharDevQCtr1(struct ndr_pull *ndr, i _mem_save_array_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->array)); - NDR_PULL_ALLOC_N(ndr, r->array, ndr_get_array_size(ndr, &r->array)); + size_array_1 = ndr_get_array_size(ndr, &r->array); + NDR_PULL_ALLOC_N(ndr, r->array, size_array_1); _mem_save_array_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); - for (cntr_array_1 = 0; cntr_array_1 < r->count; cntr_array_1++) { + for (cntr_array_1 = 0; cntr_array_1 < size_array_1; cntr_array_1++) { NDR_CHECK(ndr_pull_srvsvc_NetCharDevQInfo1(ndr, NDR_SCALARS, &r->array[cntr_array_1])); } - for (cntr_array_1 = 0; cntr_array_1 < r->count; cntr_array_1++) { + for (cntr_array_1 = 0; cntr_array_1 < size_array_1; cntr_array_1++) { NDR_CHECK(ndr_pull_srvsvc_NetCharDevQInfo1(ndr, NDR_BUFFERS, &r->array[cntr_array_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_array_1, 0); @@ -993,7 +1025,9 @@ static enum ndr_err_code ndr_pull_srvsvc_NetCharDevQInfo(struct ndr_pull *ndr, i int level; uint32_t _level; TALLOC_CTX *_mem_save_info0_0; + uint32_t _ptr_info0; TALLOC_CTX *_mem_save_info1_0; + uint32_t _ptr_info1; level = ndr_pull_get_switch_value(ndr, r); if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &_level)); @@ -1002,7 +1036,6 @@ static enum ndr_err_code ndr_pull_srvsvc_NetCharDevQInfo(struct ndr_pull *ndr, i } switch (level) { case 0: { - uint32_t _ptr_info0; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info0)); if (_ptr_info0) { NDR_PULL_ALLOC(ndr, r->info0); @@ -1012,7 +1045,6 @@ static enum ndr_err_code ndr_pull_srvsvc_NetCharDevQInfo(struct ndr_pull *ndr, i break; } case 1: { - uint32_t _ptr_info1; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info1)); if (_ptr_info1) { NDR_PULL_ALLOC(ndr, r->info1); @@ -1131,7 +1163,9 @@ static enum ndr_err_code ndr_pull_srvsvc_NetCharDevQCtr(struct ndr_pull *ndr, in int level; uint32_t _level; TALLOC_CTX *_mem_save_ctr0_0; + uint32_t _ptr_ctr0; TALLOC_CTX *_mem_save_ctr1_0; + uint32_t _ptr_ctr1; level = ndr_pull_get_switch_value(ndr, r); if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &_level)); @@ -1140,7 +1174,6 @@ static enum ndr_err_code ndr_pull_srvsvc_NetCharDevQCtr(struct ndr_pull *ndr, in } switch (level) { case 0: { - uint32_t _ptr_ctr0; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_ctr0)); if (_ptr_ctr0) { NDR_PULL_ALLOC(ndr, r->ctr0); @@ -1150,7 +1183,6 @@ static enum ndr_err_code ndr_pull_srvsvc_NetCharDevQCtr(struct ndr_pull *ndr, in break; } case 1: { - uint32_t _ptr_ctr1; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_ctr1)); if (_ptr_ctr1) { NDR_PULL_ALLOC(ndr, r->ctr1); @@ -1274,6 +1306,7 @@ static enum ndr_err_code ndr_push_srvsvc_NetConnCtr0(struct ndr_push *ndr, int n static enum ndr_err_code ndr_pull_srvsvc_NetConnCtr0(struct ndr_pull *ndr, int ndr_flags, struct srvsvc_NetConnCtr0 *r) { uint32_t _ptr_array; + uint32_t size_array_1 = 0; uint32_t cntr_array_1; TALLOC_CTX *_mem_save_array_0; TALLOC_CTX *_mem_save_array_1; @@ -1292,10 +1325,11 @@ static enum ndr_err_code ndr_pull_srvsvc_NetConnCtr0(struct ndr_pull *ndr, int n _mem_save_array_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->array)); - NDR_PULL_ALLOC_N(ndr, r->array, ndr_get_array_size(ndr, &r->array)); + size_array_1 = ndr_get_array_size(ndr, &r->array); + NDR_PULL_ALLOC_N(ndr, r->array, size_array_1); _mem_save_array_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); - for (cntr_array_1 = 0; cntr_array_1 < r->count; cntr_array_1++) { + for (cntr_array_1 = 0; cntr_array_1 < size_array_1; cntr_array_1++) { NDR_CHECK(ndr_pull_srvsvc_NetConnInfo0(ndr, NDR_SCALARS, &r->array[cntr_array_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_array_1, 0); @@ -1364,8 +1398,12 @@ static enum ndr_err_code ndr_push_srvsvc_NetConnInfo1(struct ndr_push *ndr, int static enum ndr_err_code ndr_pull_srvsvc_NetConnInfo1(struct ndr_pull *ndr, int ndr_flags, struct srvsvc_NetConnInfo1 *r) { uint32_t _ptr_user; + uint32_t size_user_1 = 0; + uint32_t length_user_1 = 0; TALLOC_CTX *_mem_save_user_0; uint32_t _ptr_share; + uint32_t size_share_1 = 0; + uint32_t length_share_1 = 0; TALLOC_CTX *_mem_save_share_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); @@ -1393,11 +1431,13 @@ static enum ndr_err_code ndr_pull_srvsvc_NetConnInfo1(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->user, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->user)); NDR_CHECK(ndr_pull_array_length(ndr, &r->user)); - if (ndr_get_array_length(ndr, &r->user) > ndr_get_array_size(ndr, &r->user)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->user), ndr_get_array_length(ndr, &r->user)); + size_user_1 = ndr_get_array_size(ndr, &r->user); + length_user_1 = ndr_get_array_length(ndr, &r->user); + if (length_user_1 > size_user_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_user_1, length_user_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->user), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->user, ndr_get_array_length(ndr, &r->user), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_user_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->user, length_user_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_user_0, 0); } if (r->share) { @@ -1405,11 +1445,13 @@ static enum ndr_err_code ndr_pull_srvsvc_NetConnInfo1(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->share, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->share)); NDR_CHECK(ndr_pull_array_length(ndr, &r->share)); - if (ndr_get_array_length(ndr, &r->share) > ndr_get_array_size(ndr, &r->share)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->share), ndr_get_array_length(ndr, &r->share)); + size_share_1 = ndr_get_array_size(ndr, &r->share); + length_share_1 = ndr_get_array_length(ndr, &r->share); + if (length_share_1 > size_share_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_share_1, length_share_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->share), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->share, ndr_get_array_length(ndr, &r->share), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_share_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->share, length_share_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_share_0, 0); } } @@ -1465,6 +1507,7 @@ static enum ndr_err_code ndr_push_srvsvc_NetConnCtr1(struct ndr_push *ndr, int n static enum ndr_err_code ndr_pull_srvsvc_NetConnCtr1(struct ndr_pull *ndr, int ndr_flags, struct srvsvc_NetConnCtr1 *r) { uint32_t _ptr_array; + uint32_t size_array_1 = 0; uint32_t cntr_array_1; TALLOC_CTX *_mem_save_array_0; TALLOC_CTX *_mem_save_array_1; @@ -1483,13 +1526,14 @@ static enum ndr_err_code ndr_pull_srvsvc_NetConnCtr1(struct ndr_pull *ndr, int n _mem_save_array_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->array)); - NDR_PULL_ALLOC_N(ndr, r->array, ndr_get_array_size(ndr, &r->array)); + size_array_1 = ndr_get_array_size(ndr, &r->array); + NDR_PULL_ALLOC_N(ndr, r->array, size_array_1); _mem_save_array_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); - for (cntr_array_1 = 0; cntr_array_1 < r->count; cntr_array_1++) { + for (cntr_array_1 = 0; cntr_array_1 < size_array_1; cntr_array_1++) { NDR_CHECK(ndr_pull_srvsvc_NetConnInfo1(ndr, NDR_SCALARS, &r->array[cntr_array_1])); } - for (cntr_array_1 = 0; cntr_array_1 < r->count; cntr_array_1++) { + for (cntr_array_1 = 0; cntr_array_1 < size_array_1; cntr_array_1++) { NDR_CHECK(ndr_pull_srvsvc_NetConnInfo1(ndr, NDR_BUFFERS, &r->array[cntr_array_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_array_1, 0); @@ -1573,7 +1617,9 @@ static enum ndr_err_code ndr_pull_srvsvc_NetConnCtr(struct ndr_pull *ndr, int nd int level; uint32_t _level; TALLOC_CTX *_mem_save_ctr0_0; + uint32_t _ptr_ctr0; TALLOC_CTX *_mem_save_ctr1_0; + uint32_t _ptr_ctr1; level = ndr_pull_get_switch_value(ndr, r); if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &_level)); @@ -1582,7 +1628,6 @@ static enum ndr_err_code ndr_pull_srvsvc_NetConnCtr(struct ndr_pull *ndr, int nd } switch (level) { case 0: { - uint32_t _ptr_ctr0; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_ctr0)); if (_ptr_ctr0) { NDR_PULL_ALLOC(ndr, r->ctr0); @@ -1592,7 +1637,6 @@ static enum ndr_err_code ndr_pull_srvsvc_NetConnCtr(struct ndr_pull *ndr, int nd break; } case 1: { - uint32_t _ptr_ctr1; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_ctr1)); if (_ptr_ctr1) { NDR_PULL_ALLOC(ndr, r->ctr1); @@ -1754,6 +1798,7 @@ static enum ndr_err_code ndr_push_srvsvc_NetFileCtr2(struct ndr_push *ndr, int n static enum ndr_err_code ndr_pull_srvsvc_NetFileCtr2(struct ndr_pull *ndr, int ndr_flags, struct srvsvc_NetFileCtr2 *r) { uint32_t _ptr_array; + uint32_t size_array_1 = 0; uint32_t cntr_array_1; TALLOC_CTX *_mem_save_array_0; TALLOC_CTX *_mem_save_array_1; @@ -1772,10 +1817,11 @@ static enum ndr_err_code ndr_pull_srvsvc_NetFileCtr2(struct ndr_pull *ndr, int n _mem_save_array_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->array)); - NDR_PULL_ALLOC_N(ndr, r->array, ndr_get_array_size(ndr, &r->array)); + size_array_1 = ndr_get_array_size(ndr, &r->array); + NDR_PULL_ALLOC_N(ndr, r->array, size_array_1); _mem_save_array_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); - for (cntr_array_1 = 0; cntr_array_1 < r->count; cntr_array_1++) { + for (cntr_array_1 = 0; cntr_array_1 < size_array_1; cntr_array_1++) { NDR_CHECK(ndr_pull_srvsvc_NetFileInfo2(ndr, NDR_SCALARS, &r->array[cntr_array_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_array_1, 0); @@ -1842,8 +1888,12 @@ static enum ndr_err_code ndr_push_srvsvc_NetFileInfo3(struct ndr_push *ndr, int static enum ndr_err_code ndr_pull_srvsvc_NetFileInfo3(struct ndr_pull *ndr, int ndr_flags, struct srvsvc_NetFileInfo3 *r) { uint32_t _ptr_path; + uint32_t size_path_1 = 0; + uint32_t length_path_1 = 0; TALLOC_CTX *_mem_save_path_0; uint32_t _ptr_user; + uint32_t size_user_1 = 0; + uint32_t length_user_1 = 0; TALLOC_CTX *_mem_save_user_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); @@ -1869,11 +1919,13 @@ static enum ndr_err_code ndr_pull_srvsvc_NetFileInfo3(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->path, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->path)); NDR_CHECK(ndr_pull_array_length(ndr, &r->path)); - if (ndr_get_array_length(ndr, &r->path) > ndr_get_array_size(ndr, &r->path)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->path), ndr_get_array_length(ndr, &r->path)); + size_path_1 = ndr_get_array_size(ndr, &r->path); + length_path_1 = ndr_get_array_length(ndr, &r->path); + if (length_path_1 > size_path_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_path_1, length_path_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->path), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->path, ndr_get_array_length(ndr, &r->path), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_path_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->path, length_path_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_path_0, 0); } if (r->user) { @@ -1881,11 +1933,13 @@ static enum ndr_err_code ndr_pull_srvsvc_NetFileInfo3(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->user, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->user)); NDR_CHECK(ndr_pull_array_length(ndr, &r->user)); - if (ndr_get_array_length(ndr, &r->user) > ndr_get_array_size(ndr, &r->user)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->user), ndr_get_array_length(ndr, &r->user)); + size_user_1 = ndr_get_array_size(ndr, &r->user); + length_user_1 = ndr_get_array_length(ndr, &r->user); + if (length_user_1 > size_user_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_user_1, length_user_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->user), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->user, ndr_get_array_length(ndr, &r->user), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_user_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->user, length_user_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_user_0, 0); } } @@ -1939,6 +1993,7 @@ static enum ndr_err_code ndr_push_srvsvc_NetFileCtr3(struct ndr_push *ndr, int n static enum ndr_err_code ndr_pull_srvsvc_NetFileCtr3(struct ndr_pull *ndr, int ndr_flags, struct srvsvc_NetFileCtr3 *r) { uint32_t _ptr_array; + uint32_t size_array_1 = 0; uint32_t cntr_array_1; TALLOC_CTX *_mem_save_array_0; TALLOC_CTX *_mem_save_array_1; @@ -1957,13 +2012,14 @@ static enum ndr_err_code ndr_pull_srvsvc_NetFileCtr3(struct ndr_pull *ndr, int n _mem_save_array_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->array)); - NDR_PULL_ALLOC_N(ndr, r->array, ndr_get_array_size(ndr, &r->array)); + size_array_1 = ndr_get_array_size(ndr, &r->array); + NDR_PULL_ALLOC_N(ndr, r->array, size_array_1); _mem_save_array_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); - for (cntr_array_1 = 0; cntr_array_1 < r->count; cntr_array_1++) { + for (cntr_array_1 = 0; cntr_array_1 < size_array_1; cntr_array_1++) { NDR_CHECK(ndr_pull_srvsvc_NetFileInfo3(ndr, NDR_SCALARS, &r->array[cntr_array_1])); } - for (cntr_array_1 = 0; cntr_array_1 < r->count; cntr_array_1++) { + for (cntr_array_1 = 0; cntr_array_1 < size_array_1; cntr_array_1++) { NDR_CHECK(ndr_pull_srvsvc_NetFileInfo3(ndr, NDR_BUFFERS, &r->array[cntr_array_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_array_1, 0); @@ -2047,7 +2103,9 @@ static enum ndr_err_code ndr_pull_srvsvc_NetFileInfo(struct ndr_pull *ndr, int n int level; uint32_t _level; TALLOC_CTX *_mem_save_info2_0; + uint32_t _ptr_info2; TALLOC_CTX *_mem_save_info3_0; + uint32_t _ptr_info3; level = ndr_pull_get_switch_value(ndr, r); if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &_level)); @@ -2056,7 +2114,6 @@ static enum ndr_err_code ndr_pull_srvsvc_NetFileInfo(struct ndr_pull *ndr, int n } switch (level) { case 2: { - uint32_t _ptr_info2; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info2)); if (_ptr_info2) { NDR_PULL_ALLOC(ndr, r->info2); @@ -2066,7 +2123,6 @@ static enum ndr_err_code ndr_pull_srvsvc_NetFileInfo(struct ndr_pull *ndr, int n break; } case 3: { - uint32_t _ptr_info3; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info3)); if (_ptr_info3) { NDR_PULL_ALLOC(ndr, r->info3); @@ -2185,7 +2241,9 @@ static enum ndr_err_code ndr_pull_srvsvc_NetFileCtr(struct ndr_pull *ndr, int nd int level; uint32_t _level; TALLOC_CTX *_mem_save_ctr2_0; + uint32_t _ptr_ctr2; TALLOC_CTX *_mem_save_ctr3_0; + uint32_t _ptr_ctr3; level = ndr_pull_get_switch_value(ndr, r); if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &_level)); @@ -2194,7 +2252,6 @@ static enum ndr_err_code ndr_pull_srvsvc_NetFileCtr(struct ndr_pull *ndr, int nd } switch (level) { case 2: { - uint32_t _ptr_ctr2; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_ctr2)); if (_ptr_ctr2) { NDR_PULL_ALLOC(ndr, r->ctr2); @@ -2204,7 +2261,6 @@ static enum ndr_err_code ndr_pull_srvsvc_NetFileCtr(struct ndr_pull *ndr, int nd break; } case 3: { - uint32_t _ptr_ctr3; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_ctr3)); if (_ptr_ctr3) { NDR_PULL_ALLOC(ndr, r->ctr3); @@ -2334,6 +2390,8 @@ static enum ndr_err_code ndr_push_srvsvc_NetSessInfo0(struct ndr_push *ndr, int static enum ndr_err_code ndr_pull_srvsvc_NetSessInfo0(struct ndr_pull *ndr, int ndr_flags, struct srvsvc_NetSessInfo0 *r) { uint32_t _ptr_client; + uint32_t size_client_1 = 0; + uint32_t length_client_1 = 0; TALLOC_CTX *_mem_save_client_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); @@ -2350,11 +2408,13 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSessInfo0(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->client, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->client)); NDR_CHECK(ndr_pull_array_length(ndr, &r->client)); - if (ndr_get_array_length(ndr, &r->client) > ndr_get_array_size(ndr, &r->client)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->client), ndr_get_array_length(ndr, &r->client)); + size_client_1 = ndr_get_array_size(ndr, &r->client); + length_client_1 = ndr_get_array_length(ndr, &r->client); + if (length_client_1 > size_client_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_client_1, length_client_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->client), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->client, ndr_get_array_length(ndr, &r->client), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_client_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->client, length_client_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_client_0, 0); } } @@ -2399,6 +2459,7 @@ static enum ndr_err_code ndr_push_srvsvc_NetSessCtr0(struct ndr_push *ndr, int n static enum ndr_err_code ndr_pull_srvsvc_NetSessCtr0(struct ndr_pull *ndr, int ndr_flags, struct srvsvc_NetSessCtr0 *r) { uint32_t _ptr_array; + uint32_t size_array_1 = 0; uint32_t cntr_array_1; TALLOC_CTX *_mem_save_array_0; TALLOC_CTX *_mem_save_array_1; @@ -2417,13 +2478,14 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSessCtr0(struct ndr_pull *ndr, int n _mem_save_array_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->array)); - NDR_PULL_ALLOC_N(ndr, r->array, ndr_get_array_size(ndr, &r->array)); + size_array_1 = ndr_get_array_size(ndr, &r->array); + NDR_PULL_ALLOC_N(ndr, r->array, size_array_1); _mem_save_array_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); - for (cntr_array_1 = 0; cntr_array_1 < r->count; cntr_array_1++) { + for (cntr_array_1 = 0; cntr_array_1 < size_array_1; cntr_array_1++) { NDR_CHECK(ndr_pull_srvsvc_NetSessInfo0(ndr, NDR_SCALARS, &r->array[cntr_array_1])); } - for (cntr_array_1 = 0; cntr_array_1 < r->count; cntr_array_1++) { + for (cntr_array_1 = 0; cntr_array_1 < size_array_1; cntr_array_1++) { NDR_CHECK(ndr_pull_srvsvc_NetSessInfo0(ndr, NDR_BUFFERS, &r->array[cntr_array_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_array_1, 0); @@ -2491,8 +2553,12 @@ static enum ndr_err_code ndr_push_srvsvc_NetSessInfo1(struct ndr_push *ndr, int static enum ndr_err_code ndr_pull_srvsvc_NetSessInfo1(struct ndr_pull *ndr, int ndr_flags, struct srvsvc_NetSessInfo1 *r) { uint32_t _ptr_client; + uint32_t size_client_1 = 0; + uint32_t length_client_1 = 0; TALLOC_CTX *_mem_save_client_0; uint32_t _ptr_user; + uint32_t size_user_1 = 0; + uint32_t length_user_1 = 0; TALLOC_CTX *_mem_save_user_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); @@ -2519,11 +2585,13 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSessInfo1(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->client, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->client)); NDR_CHECK(ndr_pull_array_length(ndr, &r->client)); - if (ndr_get_array_length(ndr, &r->client) > ndr_get_array_size(ndr, &r->client)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->client), ndr_get_array_length(ndr, &r->client)); + size_client_1 = ndr_get_array_size(ndr, &r->client); + length_client_1 = ndr_get_array_length(ndr, &r->client); + if (length_client_1 > size_client_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_client_1, length_client_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->client), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->client, ndr_get_array_length(ndr, &r->client), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_client_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->client, length_client_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_client_0, 0); } if (r->user) { @@ -2531,11 +2599,13 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSessInfo1(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->user, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->user)); NDR_CHECK(ndr_pull_array_length(ndr, &r->user)); - if (ndr_get_array_length(ndr, &r->user) > ndr_get_array_size(ndr, &r->user)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->user), ndr_get_array_length(ndr, &r->user)); + size_user_1 = ndr_get_array_size(ndr, &r->user); + length_user_1 = ndr_get_array_length(ndr, &r->user); + if (length_user_1 > size_user_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_user_1, length_user_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->user), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->user, ndr_get_array_length(ndr, &r->user), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_user_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->user, length_user_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_user_0, 0); } } @@ -2590,6 +2660,7 @@ static enum ndr_err_code ndr_push_srvsvc_NetSessCtr1(struct ndr_push *ndr, int n static enum ndr_err_code ndr_pull_srvsvc_NetSessCtr1(struct ndr_pull *ndr, int ndr_flags, struct srvsvc_NetSessCtr1 *r) { uint32_t _ptr_array; + uint32_t size_array_1 = 0; uint32_t cntr_array_1; TALLOC_CTX *_mem_save_array_0; TALLOC_CTX *_mem_save_array_1; @@ -2608,13 +2679,14 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSessCtr1(struct ndr_pull *ndr, int n _mem_save_array_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->array)); - NDR_PULL_ALLOC_N(ndr, r->array, ndr_get_array_size(ndr, &r->array)); + size_array_1 = ndr_get_array_size(ndr, &r->array); + NDR_PULL_ALLOC_N(ndr, r->array, size_array_1); _mem_save_array_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); - for (cntr_array_1 = 0; cntr_array_1 < r->count; cntr_array_1++) { + for (cntr_array_1 = 0; cntr_array_1 < size_array_1; cntr_array_1++) { NDR_CHECK(ndr_pull_srvsvc_NetSessInfo1(ndr, NDR_SCALARS, &r->array[cntr_array_1])); } - for (cntr_array_1 = 0; cntr_array_1 < r->count; cntr_array_1++) { + for (cntr_array_1 = 0; cntr_array_1 < size_array_1; cntr_array_1++) { NDR_CHECK(ndr_pull_srvsvc_NetSessInfo1(ndr, NDR_BUFFERS, &r->array[cntr_array_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_array_1, 0); @@ -2689,10 +2761,16 @@ static enum ndr_err_code ndr_push_srvsvc_NetSessInfo2(struct ndr_push *ndr, int static enum ndr_err_code ndr_pull_srvsvc_NetSessInfo2(struct ndr_pull *ndr, int ndr_flags, struct srvsvc_NetSessInfo2 *r) { uint32_t _ptr_client; + uint32_t size_client_1 = 0; + uint32_t length_client_1 = 0; TALLOC_CTX *_mem_save_client_0; uint32_t _ptr_user; + uint32_t size_user_1 = 0; + uint32_t length_user_1 = 0; TALLOC_CTX *_mem_save_user_0; uint32_t _ptr_client_type; + uint32_t size_client_type_1 = 0; + uint32_t length_client_type_1 = 0; TALLOC_CTX *_mem_save_client_type_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); @@ -2725,11 +2803,13 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSessInfo2(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->client, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->client)); NDR_CHECK(ndr_pull_array_length(ndr, &r->client)); - if (ndr_get_array_length(ndr, &r->client) > ndr_get_array_size(ndr, &r->client)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->client), ndr_get_array_length(ndr, &r->client)); + size_client_1 = ndr_get_array_size(ndr, &r->client); + length_client_1 = ndr_get_array_length(ndr, &r->client); + if (length_client_1 > size_client_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_client_1, length_client_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->client), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->client, ndr_get_array_length(ndr, &r->client), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_client_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->client, length_client_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_client_0, 0); } if (r->user) { @@ -2737,11 +2817,13 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSessInfo2(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->user, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->user)); NDR_CHECK(ndr_pull_array_length(ndr, &r->user)); - if (ndr_get_array_length(ndr, &r->user) > ndr_get_array_size(ndr, &r->user)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->user), ndr_get_array_length(ndr, &r->user)); + size_user_1 = ndr_get_array_size(ndr, &r->user); + length_user_1 = ndr_get_array_length(ndr, &r->user); + if (length_user_1 > size_user_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_user_1, length_user_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->user), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->user, ndr_get_array_length(ndr, &r->user), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_user_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->user, length_user_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_user_0, 0); } if (r->client_type) { @@ -2749,11 +2831,13 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSessInfo2(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->client_type, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->client_type)); NDR_CHECK(ndr_pull_array_length(ndr, &r->client_type)); - if (ndr_get_array_length(ndr, &r->client_type) > ndr_get_array_size(ndr, &r->client_type)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->client_type), ndr_get_array_length(ndr, &r->client_type)); + size_client_type_1 = ndr_get_array_size(ndr, &r->client_type); + length_client_type_1 = ndr_get_array_length(ndr, &r->client_type); + if (length_client_type_1 > size_client_type_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_client_type_1, length_client_type_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->client_type), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->client_type, ndr_get_array_length(ndr, &r->client_type), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_client_type_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->client_type, length_client_type_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_client_type_0, 0); } } @@ -2814,6 +2898,7 @@ static enum ndr_err_code ndr_push_srvsvc_NetSessCtr2(struct ndr_push *ndr, int n static enum ndr_err_code ndr_pull_srvsvc_NetSessCtr2(struct ndr_pull *ndr, int ndr_flags, struct srvsvc_NetSessCtr2 *r) { uint32_t _ptr_array; + uint32_t size_array_1 = 0; uint32_t cntr_array_1; TALLOC_CTX *_mem_save_array_0; TALLOC_CTX *_mem_save_array_1; @@ -2832,13 +2917,14 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSessCtr2(struct ndr_pull *ndr, int n _mem_save_array_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->array)); - NDR_PULL_ALLOC_N(ndr, r->array, ndr_get_array_size(ndr, &r->array)); + size_array_1 = ndr_get_array_size(ndr, &r->array); + NDR_PULL_ALLOC_N(ndr, r->array, size_array_1); _mem_save_array_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); - for (cntr_array_1 = 0; cntr_array_1 < r->count; cntr_array_1++) { + for (cntr_array_1 = 0; cntr_array_1 < size_array_1; cntr_array_1++) { NDR_CHECK(ndr_pull_srvsvc_NetSessInfo2(ndr, NDR_SCALARS, &r->array[cntr_array_1])); } - for (cntr_array_1 = 0; cntr_array_1 < r->count; cntr_array_1++) { + for (cntr_array_1 = 0; cntr_array_1 < size_array_1; cntr_array_1++) { NDR_CHECK(ndr_pull_srvsvc_NetSessInfo2(ndr, NDR_BUFFERS, &r->array[cntr_array_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_array_1, 0); @@ -2904,8 +2990,12 @@ static enum ndr_err_code ndr_push_srvsvc_NetSessInfo10(struct ndr_push *ndr, int static enum ndr_err_code ndr_pull_srvsvc_NetSessInfo10(struct ndr_pull *ndr, int ndr_flags, struct srvsvc_NetSessInfo10 *r) { uint32_t _ptr_client; + uint32_t size_client_1 = 0; + uint32_t length_client_1 = 0; TALLOC_CTX *_mem_save_client_0; uint32_t _ptr_user; + uint32_t size_user_1 = 0; + uint32_t length_user_1 = 0; TALLOC_CTX *_mem_save_user_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); @@ -2930,11 +3020,13 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSessInfo10(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->client, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->client)); NDR_CHECK(ndr_pull_array_length(ndr, &r->client)); - if (ndr_get_array_length(ndr, &r->client) > ndr_get_array_size(ndr, &r->client)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->client), ndr_get_array_length(ndr, &r->client)); + size_client_1 = ndr_get_array_size(ndr, &r->client); + length_client_1 = ndr_get_array_length(ndr, &r->client); + if (length_client_1 > size_client_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_client_1, length_client_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->client), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->client, ndr_get_array_length(ndr, &r->client), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_client_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->client, length_client_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_client_0, 0); } if (r->user) { @@ -2942,11 +3034,13 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSessInfo10(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->user, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->user)); NDR_CHECK(ndr_pull_array_length(ndr, &r->user)); - if (ndr_get_array_length(ndr, &r->user) > ndr_get_array_size(ndr, &r->user)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->user), ndr_get_array_length(ndr, &r->user)); + size_user_1 = ndr_get_array_size(ndr, &r->user); + length_user_1 = ndr_get_array_length(ndr, &r->user); + if (length_user_1 > size_user_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_user_1, length_user_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->user), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->user, ndr_get_array_length(ndr, &r->user), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_user_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->user, length_user_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_user_0, 0); } } @@ -2999,6 +3093,7 @@ static enum ndr_err_code ndr_push_srvsvc_NetSessCtr10(struct ndr_push *ndr, int static enum ndr_err_code ndr_pull_srvsvc_NetSessCtr10(struct ndr_pull *ndr, int ndr_flags, struct srvsvc_NetSessCtr10 *r) { uint32_t _ptr_array; + uint32_t size_array_1 = 0; uint32_t cntr_array_1; TALLOC_CTX *_mem_save_array_0; TALLOC_CTX *_mem_save_array_1; @@ -3017,13 +3112,14 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSessCtr10(struct ndr_pull *ndr, int _mem_save_array_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->array)); - NDR_PULL_ALLOC_N(ndr, r->array, ndr_get_array_size(ndr, &r->array)); + size_array_1 = ndr_get_array_size(ndr, &r->array); + NDR_PULL_ALLOC_N(ndr, r->array, size_array_1); _mem_save_array_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); - for (cntr_array_1 = 0; cntr_array_1 < r->count; cntr_array_1++) { + for (cntr_array_1 = 0; cntr_array_1 < size_array_1; cntr_array_1++) { NDR_CHECK(ndr_pull_srvsvc_NetSessInfo10(ndr, NDR_SCALARS, &r->array[cntr_array_1])); } - for (cntr_array_1 = 0; cntr_array_1 < r->count; cntr_array_1++) { + for (cntr_array_1 = 0; cntr_array_1 < size_array_1; cntr_array_1++) { NDR_CHECK(ndr_pull_srvsvc_NetSessInfo10(ndr, NDR_BUFFERS, &r->array[cntr_array_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_array_1, 0); @@ -3105,12 +3201,20 @@ static enum ndr_err_code ndr_push_srvsvc_NetSessInfo502(struct ndr_push *ndr, in static enum ndr_err_code ndr_pull_srvsvc_NetSessInfo502(struct ndr_pull *ndr, int ndr_flags, struct srvsvc_NetSessInfo502 *r) { uint32_t _ptr_client; + uint32_t size_client_1 = 0; + uint32_t length_client_1 = 0; TALLOC_CTX *_mem_save_client_0; uint32_t _ptr_user; + uint32_t size_user_1 = 0; + uint32_t length_user_1 = 0; TALLOC_CTX *_mem_save_user_0; uint32_t _ptr_client_type; + uint32_t size_client_type_1 = 0; + uint32_t length_client_type_1 = 0; TALLOC_CTX *_mem_save_client_type_0; uint32_t _ptr_transport; + uint32_t size_transport_1 = 0; + uint32_t length_transport_1 = 0; TALLOC_CTX *_mem_save_transport_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); @@ -3149,11 +3253,13 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSessInfo502(struct ndr_pull *ndr, in NDR_PULL_SET_MEM_CTX(ndr, r->client, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->client)); NDR_CHECK(ndr_pull_array_length(ndr, &r->client)); - if (ndr_get_array_length(ndr, &r->client) > ndr_get_array_size(ndr, &r->client)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->client), ndr_get_array_length(ndr, &r->client)); + size_client_1 = ndr_get_array_size(ndr, &r->client); + length_client_1 = ndr_get_array_length(ndr, &r->client); + if (length_client_1 > size_client_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_client_1, length_client_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->client), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->client, ndr_get_array_length(ndr, &r->client), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_client_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->client, length_client_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_client_0, 0); } if (r->user) { @@ -3161,11 +3267,13 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSessInfo502(struct ndr_pull *ndr, in NDR_PULL_SET_MEM_CTX(ndr, r->user, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->user)); NDR_CHECK(ndr_pull_array_length(ndr, &r->user)); - if (ndr_get_array_length(ndr, &r->user) > ndr_get_array_size(ndr, &r->user)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->user), ndr_get_array_length(ndr, &r->user)); + size_user_1 = ndr_get_array_size(ndr, &r->user); + length_user_1 = ndr_get_array_length(ndr, &r->user); + if (length_user_1 > size_user_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_user_1, length_user_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->user), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->user, ndr_get_array_length(ndr, &r->user), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_user_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->user, length_user_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_user_0, 0); } if (r->client_type) { @@ -3173,11 +3281,13 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSessInfo502(struct ndr_pull *ndr, in NDR_PULL_SET_MEM_CTX(ndr, r->client_type, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->client_type)); NDR_CHECK(ndr_pull_array_length(ndr, &r->client_type)); - if (ndr_get_array_length(ndr, &r->client_type) > ndr_get_array_size(ndr, &r->client_type)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->client_type), ndr_get_array_length(ndr, &r->client_type)); + size_client_type_1 = ndr_get_array_size(ndr, &r->client_type); + length_client_type_1 = ndr_get_array_length(ndr, &r->client_type); + if (length_client_type_1 > size_client_type_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_client_type_1, length_client_type_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->client_type), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->client_type, ndr_get_array_length(ndr, &r->client_type), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_client_type_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->client_type, length_client_type_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_client_type_0, 0); } if (r->transport) { @@ -3185,11 +3295,13 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSessInfo502(struct ndr_pull *ndr, in NDR_PULL_SET_MEM_CTX(ndr, r->transport, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->transport)); NDR_CHECK(ndr_pull_array_length(ndr, &r->transport)); - if (ndr_get_array_length(ndr, &r->transport) > ndr_get_array_size(ndr, &r->transport)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->transport), ndr_get_array_length(ndr, &r->transport)); + size_transport_1 = ndr_get_array_size(ndr, &r->transport); + length_transport_1 = ndr_get_array_length(ndr, &r->transport); + if (length_transport_1 > size_transport_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_transport_1, length_transport_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->transport), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->transport, ndr_get_array_length(ndr, &r->transport), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_transport_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->transport, length_transport_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_transport_0, 0); } } @@ -3256,6 +3368,7 @@ static enum ndr_err_code ndr_push_srvsvc_NetSessCtr502(struct ndr_push *ndr, int static enum ndr_err_code ndr_pull_srvsvc_NetSessCtr502(struct ndr_pull *ndr, int ndr_flags, struct srvsvc_NetSessCtr502 *r) { uint32_t _ptr_array; + uint32_t size_array_1 = 0; uint32_t cntr_array_1; TALLOC_CTX *_mem_save_array_0; TALLOC_CTX *_mem_save_array_1; @@ -3274,13 +3387,14 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSessCtr502(struct ndr_pull *ndr, int _mem_save_array_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->array)); - NDR_PULL_ALLOC_N(ndr, r->array, ndr_get_array_size(ndr, &r->array)); + size_array_1 = ndr_get_array_size(ndr, &r->array); + NDR_PULL_ALLOC_N(ndr, r->array, size_array_1); _mem_save_array_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); - for (cntr_array_1 = 0; cntr_array_1 < r->count; cntr_array_1++) { + for (cntr_array_1 = 0; cntr_array_1 < size_array_1; cntr_array_1++) { NDR_CHECK(ndr_pull_srvsvc_NetSessInfo502(ndr, NDR_SCALARS, &r->array[cntr_array_1])); } - for (cntr_array_1 = 0; cntr_array_1 < r->count; cntr_array_1++) { + for (cntr_array_1 = 0; cntr_array_1 < size_array_1; cntr_array_1++) { NDR_CHECK(ndr_pull_srvsvc_NetSessInfo502(ndr, NDR_BUFFERS, &r->array[cntr_array_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_array_1, 0); @@ -3394,10 +3508,15 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSessCtr(struct ndr_pull *ndr, int nd int level; uint32_t _level; TALLOC_CTX *_mem_save_ctr0_0; + uint32_t _ptr_ctr0; TALLOC_CTX *_mem_save_ctr1_0; + uint32_t _ptr_ctr1; TALLOC_CTX *_mem_save_ctr2_0; + uint32_t _ptr_ctr2; TALLOC_CTX *_mem_save_ctr10_0; + uint32_t _ptr_ctr10; TALLOC_CTX *_mem_save_ctr502_0; + uint32_t _ptr_ctr502; level = ndr_pull_get_switch_value(ndr, r); if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &_level)); @@ -3406,7 +3525,6 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSessCtr(struct ndr_pull *ndr, int nd } switch (level) { case 0: { - uint32_t _ptr_ctr0; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_ctr0)); if (_ptr_ctr0) { NDR_PULL_ALLOC(ndr, r->ctr0); @@ -3416,7 +3534,6 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSessCtr(struct ndr_pull *ndr, int nd break; } case 1: { - uint32_t _ptr_ctr1; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_ctr1)); if (_ptr_ctr1) { NDR_PULL_ALLOC(ndr, r->ctr1); @@ -3426,7 +3543,6 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSessCtr(struct ndr_pull *ndr, int nd break; } case 2: { - uint32_t _ptr_ctr2; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_ctr2)); if (_ptr_ctr2) { NDR_PULL_ALLOC(ndr, r->ctr2); @@ -3436,7 +3552,6 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSessCtr(struct ndr_pull *ndr, int nd break; } case 10: { - uint32_t _ptr_ctr10; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_ctr10)); if (_ptr_ctr10) { NDR_PULL_ALLOC(ndr, r->ctr10); @@ -3446,7 +3561,6 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSessCtr(struct ndr_pull *ndr, int nd break; } case 502: { - uint32_t _ptr_ctr502; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_ctr502)); if (_ptr_ctr502) { NDR_PULL_ALLOC(ndr, r->ctr502); @@ -3680,6 +3794,8 @@ static enum ndr_err_code ndr_push_srvsvc_NetShareInfo0(struct ndr_push *ndr, int static enum ndr_err_code ndr_pull_srvsvc_NetShareInfo0(struct ndr_pull *ndr, int ndr_flags, struct srvsvc_NetShareInfo0 *r) { uint32_t _ptr_name; + uint32_t size_name_1 = 0; + uint32_t length_name_1 = 0; TALLOC_CTX *_mem_save_name_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); @@ -3696,11 +3812,13 @@ static enum ndr_err_code ndr_pull_srvsvc_NetShareInfo0(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->name)); - if (ndr_get_array_length(ndr, &r->name) > ndr_get_array_size(ndr, &r->name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->name), ndr_get_array_length(ndr, &r->name)); + size_name_1 = ndr_get_array_size(ndr, &r->name); + length_name_1 = ndr_get_array_length(ndr, &r->name); + if (length_name_1 > size_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_name_1, length_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->name, ndr_get_array_length(ndr, &r->name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->name, length_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_name_0, 0); } } @@ -3745,6 +3863,7 @@ static enum ndr_err_code ndr_push_srvsvc_NetShareCtr0(struct ndr_push *ndr, int static enum ndr_err_code ndr_pull_srvsvc_NetShareCtr0(struct ndr_pull *ndr, int ndr_flags, struct srvsvc_NetShareCtr0 *r) { uint32_t _ptr_array; + uint32_t size_array_1 = 0; uint32_t cntr_array_1; TALLOC_CTX *_mem_save_array_0; TALLOC_CTX *_mem_save_array_1; @@ -3763,13 +3882,14 @@ static enum ndr_err_code ndr_pull_srvsvc_NetShareCtr0(struct ndr_pull *ndr, int _mem_save_array_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->array)); - NDR_PULL_ALLOC_N(ndr, r->array, ndr_get_array_size(ndr, &r->array)); + size_array_1 = ndr_get_array_size(ndr, &r->array); + NDR_PULL_ALLOC_N(ndr, r->array, size_array_1); _mem_save_array_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); - for (cntr_array_1 = 0; cntr_array_1 < r->count; cntr_array_1++) { + for (cntr_array_1 = 0; cntr_array_1 < size_array_1; cntr_array_1++) { NDR_CHECK(ndr_pull_srvsvc_NetShareInfo0(ndr, NDR_SCALARS, &r->array[cntr_array_1])); } - for (cntr_array_1 = 0; cntr_array_1 < r->count; cntr_array_1++) { + for (cntr_array_1 = 0; cntr_array_1 < size_array_1; cntr_array_1++) { NDR_CHECK(ndr_pull_srvsvc_NetShareInfo0(ndr, NDR_BUFFERS, &r->array[cntr_array_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_array_1, 0); @@ -3834,8 +3954,12 @@ static enum ndr_err_code ndr_push_srvsvc_NetShareInfo1(struct ndr_push *ndr, int static enum ndr_err_code ndr_pull_srvsvc_NetShareInfo1(struct ndr_pull *ndr, int ndr_flags, struct srvsvc_NetShareInfo1 *r) { uint32_t _ptr_name; + uint32_t size_name_1 = 0; + uint32_t length_name_1 = 0; TALLOC_CTX *_mem_save_name_0; uint32_t _ptr_comment; + uint32_t size_comment_1 = 0; + uint32_t length_comment_1 = 0; TALLOC_CTX *_mem_save_comment_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); @@ -3859,11 +3983,13 @@ static enum ndr_err_code ndr_pull_srvsvc_NetShareInfo1(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->name)); - if (ndr_get_array_length(ndr, &r->name) > ndr_get_array_size(ndr, &r->name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->name), ndr_get_array_length(ndr, &r->name)); + size_name_1 = ndr_get_array_size(ndr, &r->name); + length_name_1 = ndr_get_array_length(ndr, &r->name); + if (length_name_1 > size_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_name_1, length_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->name, ndr_get_array_length(ndr, &r->name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->name, length_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_name_0, 0); } if (r->comment) { @@ -3871,11 +3997,13 @@ static enum ndr_err_code ndr_pull_srvsvc_NetShareInfo1(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->comment, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->comment)); NDR_CHECK(ndr_pull_array_length(ndr, &r->comment)); - if (ndr_get_array_length(ndr, &r->comment) > ndr_get_array_size(ndr, &r->comment)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->comment), ndr_get_array_length(ndr, &r->comment)); + size_comment_1 = ndr_get_array_size(ndr, &r->comment); + length_comment_1 = ndr_get_array_length(ndr, &r->comment); + if (length_comment_1 > size_comment_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_comment_1, length_comment_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->comment), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->comment, ndr_get_array_length(ndr, &r->comment), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_comment_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->comment, length_comment_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_comment_0, 0); } } @@ -3927,6 +4055,7 @@ static enum ndr_err_code ndr_push_srvsvc_NetShareCtr1(struct ndr_push *ndr, int static enum ndr_err_code ndr_pull_srvsvc_NetShareCtr1(struct ndr_pull *ndr, int ndr_flags, struct srvsvc_NetShareCtr1 *r) { uint32_t _ptr_array; + uint32_t size_array_1 = 0; uint32_t cntr_array_1; TALLOC_CTX *_mem_save_array_0; TALLOC_CTX *_mem_save_array_1; @@ -3945,13 +4074,14 @@ static enum ndr_err_code ndr_pull_srvsvc_NetShareCtr1(struct ndr_pull *ndr, int _mem_save_array_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->array)); - NDR_PULL_ALLOC_N(ndr, r->array, ndr_get_array_size(ndr, &r->array)); + size_array_1 = ndr_get_array_size(ndr, &r->array); + NDR_PULL_ALLOC_N(ndr, r->array, size_array_1); _mem_save_array_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); - for (cntr_array_1 = 0; cntr_array_1 < r->count; cntr_array_1++) { + for (cntr_array_1 = 0; cntr_array_1 < size_array_1; cntr_array_1++) { NDR_CHECK(ndr_pull_srvsvc_NetShareInfo1(ndr, NDR_SCALARS, &r->array[cntr_array_1])); } - for (cntr_array_1 = 0; cntr_array_1 < r->count; cntr_array_1++) { + for (cntr_array_1 = 0; cntr_array_1 < size_array_1; cntr_array_1++) { NDR_CHECK(ndr_pull_srvsvc_NetShareInfo1(ndr, NDR_BUFFERS, &r->array[cntr_array_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_array_1, 0); @@ -4033,12 +4163,20 @@ static enum ndr_err_code ndr_push_srvsvc_NetShareInfo2(struct ndr_push *ndr, int static enum ndr_err_code ndr_pull_srvsvc_NetShareInfo2(struct ndr_pull *ndr, int ndr_flags, struct srvsvc_NetShareInfo2 *r) { uint32_t _ptr_name; + uint32_t size_name_1 = 0; + uint32_t length_name_1 = 0; TALLOC_CTX *_mem_save_name_0; uint32_t _ptr_comment; + uint32_t size_comment_1 = 0; + uint32_t length_comment_1 = 0; TALLOC_CTX *_mem_save_comment_0; uint32_t _ptr_path; + uint32_t size_path_1 = 0; + uint32_t length_path_1 = 0; TALLOC_CTX *_mem_save_path_0; uint32_t _ptr_password; + uint32_t size_password_1 = 0; + uint32_t length_password_1 = 0; TALLOC_CTX *_mem_save_password_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); @@ -4077,11 +4215,13 @@ static enum ndr_err_code ndr_pull_srvsvc_NetShareInfo2(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->name)); - if (ndr_get_array_length(ndr, &r->name) > ndr_get_array_size(ndr, &r->name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->name), ndr_get_array_length(ndr, &r->name)); + size_name_1 = ndr_get_array_size(ndr, &r->name); + length_name_1 = ndr_get_array_length(ndr, &r->name); + if (length_name_1 > size_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_name_1, length_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->name, ndr_get_array_length(ndr, &r->name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->name, length_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_name_0, 0); } if (r->comment) { @@ -4089,11 +4229,13 @@ static enum ndr_err_code ndr_pull_srvsvc_NetShareInfo2(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->comment, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->comment)); NDR_CHECK(ndr_pull_array_length(ndr, &r->comment)); - if (ndr_get_array_length(ndr, &r->comment) > ndr_get_array_size(ndr, &r->comment)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->comment), ndr_get_array_length(ndr, &r->comment)); + size_comment_1 = ndr_get_array_size(ndr, &r->comment); + length_comment_1 = ndr_get_array_length(ndr, &r->comment); + if (length_comment_1 > size_comment_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_comment_1, length_comment_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->comment), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->comment, ndr_get_array_length(ndr, &r->comment), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_comment_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->comment, length_comment_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_comment_0, 0); } if (r->path) { @@ -4101,11 +4243,13 @@ static enum ndr_err_code ndr_pull_srvsvc_NetShareInfo2(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->path, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->path)); NDR_CHECK(ndr_pull_array_length(ndr, &r->path)); - if (ndr_get_array_length(ndr, &r->path) > ndr_get_array_size(ndr, &r->path)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->path), ndr_get_array_length(ndr, &r->path)); + size_path_1 = ndr_get_array_size(ndr, &r->path); + length_path_1 = ndr_get_array_length(ndr, &r->path); + if (length_path_1 > size_path_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_path_1, length_path_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->path), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->path, ndr_get_array_length(ndr, &r->path), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_path_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->path, length_path_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_path_0, 0); } if (r->password) { @@ -4113,11 +4257,13 @@ static enum ndr_err_code ndr_pull_srvsvc_NetShareInfo2(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->password, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->password)); NDR_CHECK(ndr_pull_array_length(ndr, &r->password)); - if (ndr_get_array_length(ndr, &r->password) > ndr_get_array_size(ndr, &r->password)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->password), ndr_get_array_length(ndr, &r->password)); + size_password_1 = ndr_get_array_size(ndr, &r->password); + length_password_1 = ndr_get_array_length(ndr, &r->password); + if (length_password_1 > size_password_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_password_1, length_password_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->password), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->password, ndr_get_array_length(ndr, &r->password), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_password_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->password, length_password_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_password_0, 0); } } @@ -4184,6 +4330,7 @@ static enum ndr_err_code ndr_push_srvsvc_NetShareCtr2(struct ndr_push *ndr, int static enum ndr_err_code ndr_pull_srvsvc_NetShareCtr2(struct ndr_pull *ndr, int ndr_flags, struct srvsvc_NetShareCtr2 *r) { uint32_t _ptr_array; + uint32_t size_array_1 = 0; uint32_t cntr_array_1; TALLOC_CTX *_mem_save_array_0; TALLOC_CTX *_mem_save_array_1; @@ -4202,13 +4349,14 @@ static enum ndr_err_code ndr_pull_srvsvc_NetShareCtr2(struct ndr_pull *ndr, int _mem_save_array_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->array)); - NDR_PULL_ALLOC_N(ndr, r->array, ndr_get_array_size(ndr, &r->array)); + size_array_1 = ndr_get_array_size(ndr, &r->array); + NDR_PULL_ALLOC_N(ndr, r->array, size_array_1); _mem_save_array_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); - for (cntr_array_1 = 0; cntr_array_1 < r->count; cntr_array_1++) { + for (cntr_array_1 = 0; cntr_array_1 < size_array_1; cntr_array_1++) { NDR_CHECK(ndr_pull_srvsvc_NetShareInfo2(ndr, NDR_SCALARS, &r->array[cntr_array_1])); } - for (cntr_array_1 = 0; cntr_array_1 < r->count; cntr_array_1++) { + for (cntr_array_1 = 0; cntr_array_1 < size_array_1; cntr_array_1++) { NDR_CHECK(ndr_pull_srvsvc_NetShareInfo2(ndr, NDR_BUFFERS, &r->array[cntr_array_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_array_1, 0); @@ -4274,8 +4422,12 @@ static enum ndr_err_code ndr_push_srvsvc_NetShareInfo501(struct ndr_push *ndr, i static enum ndr_err_code ndr_pull_srvsvc_NetShareInfo501(struct ndr_pull *ndr, int ndr_flags, struct srvsvc_NetShareInfo501 *r) { uint32_t _ptr_name; + uint32_t size_name_1 = 0; + uint32_t length_name_1 = 0; TALLOC_CTX *_mem_save_name_0; uint32_t _ptr_comment; + uint32_t size_comment_1 = 0; + uint32_t length_comment_1 = 0; TALLOC_CTX *_mem_save_comment_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); @@ -4300,11 +4452,13 @@ static enum ndr_err_code ndr_pull_srvsvc_NetShareInfo501(struct ndr_pull *ndr, i NDR_PULL_SET_MEM_CTX(ndr, r->name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->name)); - if (ndr_get_array_length(ndr, &r->name) > ndr_get_array_size(ndr, &r->name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->name), ndr_get_array_length(ndr, &r->name)); + size_name_1 = ndr_get_array_size(ndr, &r->name); + length_name_1 = ndr_get_array_length(ndr, &r->name); + if (length_name_1 > size_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_name_1, length_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->name, ndr_get_array_length(ndr, &r->name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->name, length_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_name_0, 0); } if (r->comment) { @@ -4312,11 +4466,13 @@ static enum ndr_err_code ndr_pull_srvsvc_NetShareInfo501(struct ndr_pull *ndr, i NDR_PULL_SET_MEM_CTX(ndr, r->comment, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->comment)); NDR_CHECK(ndr_pull_array_length(ndr, &r->comment)); - if (ndr_get_array_length(ndr, &r->comment) > ndr_get_array_size(ndr, &r->comment)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->comment), ndr_get_array_length(ndr, &r->comment)); + size_comment_1 = ndr_get_array_size(ndr, &r->comment); + length_comment_1 = ndr_get_array_length(ndr, &r->comment); + if (length_comment_1 > size_comment_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_comment_1, length_comment_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->comment), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->comment, ndr_get_array_length(ndr, &r->comment), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_comment_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->comment, length_comment_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_comment_0, 0); } } @@ -4369,6 +4525,7 @@ static enum ndr_err_code ndr_push_srvsvc_NetShareCtr501(struct ndr_push *ndr, in static enum ndr_err_code ndr_pull_srvsvc_NetShareCtr501(struct ndr_pull *ndr, int ndr_flags, struct srvsvc_NetShareCtr501 *r) { uint32_t _ptr_array; + uint32_t size_array_1 = 0; uint32_t cntr_array_1; TALLOC_CTX *_mem_save_array_0; TALLOC_CTX *_mem_save_array_1; @@ -4387,13 +4544,14 @@ static enum ndr_err_code ndr_pull_srvsvc_NetShareCtr501(struct ndr_pull *ndr, in _mem_save_array_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->array)); - NDR_PULL_ALLOC_N(ndr, r->array, ndr_get_array_size(ndr, &r->array)); + size_array_1 = ndr_get_array_size(ndr, &r->array); + NDR_PULL_ALLOC_N(ndr, r->array, size_array_1); _mem_save_array_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); - for (cntr_array_1 = 0; cntr_array_1 < r->count; cntr_array_1++) { + for (cntr_array_1 = 0; cntr_array_1 < size_array_1; cntr_array_1++) { NDR_CHECK(ndr_pull_srvsvc_NetShareInfo501(ndr, NDR_SCALARS, &r->array[cntr_array_1])); } - for (cntr_array_1 = 0; cntr_array_1 < r->count; cntr_array_1++) { + for (cntr_array_1 = 0; cntr_array_1 < size_array_1; cntr_array_1++) { NDR_CHECK(ndr_pull_srvsvc_NetShareInfo501(ndr, NDR_BUFFERS, &r->array[cntr_array_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_array_1, 0); @@ -4477,12 +4635,20 @@ static enum ndr_err_code ndr_push_srvsvc_NetShareInfo502(struct ndr_push *ndr, i static enum ndr_err_code ndr_pull_srvsvc_NetShareInfo502(struct ndr_pull *ndr, int ndr_flags, struct srvsvc_NetShareInfo502 *r) { uint32_t _ptr_name; + uint32_t size_name_1 = 0; + uint32_t length_name_1 = 0; TALLOC_CTX *_mem_save_name_0; uint32_t _ptr_comment; + uint32_t size_comment_1 = 0; + uint32_t length_comment_1 = 0; TALLOC_CTX *_mem_save_comment_0; uint32_t _ptr_path; + uint32_t size_path_1 = 0; + uint32_t length_path_1 = 0; TALLOC_CTX *_mem_save_path_0; uint32_t _ptr_password; + uint32_t size_password_1 = 0; + uint32_t length_password_1 = 0; TALLOC_CTX *_mem_save_password_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); @@ -4522,11 +4688,13 @@ static enum ndr_err_code ndr_pull_srvsvc_NetShareInfo502(struct ndr_pull *ndr, i NDR_PULL_SET_MEM_CTX(ndr, r->name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->name)); - if (ndr_get_array_length(ndr, &r->name) > ndr_get_array_size(ndr, &r->name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->name), ndr_get_array_length(ndr, &r->name)); + size_name_1 = ndr_get_array_size(ndr, &r->name); + length_name_1 = ndr_get_array_length(ndr, &r->name); + if (length_name_1 > size_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_name_1, length_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->name, ndr_get_array_length(ndr, &r->name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->name, length_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_name_0, 0); } if (r->comment) { @@ -4534,11 +4702,13 @@ static enum ndr_err_code ndr_pull_srvsvc_NetShareInfo502(struct ndr_pull *ndr, i NDR_PULL_SET_MEM_CTX(ndr, r->comment, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->comment)); NDR_CHECK(ndr_pull_array_length(ndr, &r->comment)); - if (ndr_get_array_length(ndr, &r->comment) > ndr_get_array_size(ndr, &r->comment)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->comment), ndr_get_array_length(ndr, &r->comment)); + size_comment_1 = ndr_get_array_size(ndr, &r->comment); + length_comment_1 = ndr_get_array_length(ndr, &r->comment); + if (length_comment_1 > size_comment_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_comment_1, length_comment_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->comment), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->comment, ndr_get_array_length(ndr, &r->comment), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_comment_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->comment, length_comment_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_comment_0, 0); } if (r->path) { @@ -4546,11 +4716,13 @@ static enum ndr_err_code ndr_pull_srvsvc_NetShareInfo502(struct ndr_pull *ndr, i NDR_PULL_SET_MEM_CTX(ndr, r->path, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->path)); NDR_CHECK(ndr_pull_array_length(ndr, &r->path)); - if (ndr_get_array_length(ndr, &r->path) > ndr_get_array_size(ndr, &r->path)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->path), ndr_get_array_length(ndr, &r->path)); + size_path_1 = ndr_get_array_size(ndr, &r->path); + length_path_1 = ndr_get_array_length(ndr, &r->path); + if (length_path_1 > size_path_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_path_1, length_path_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->path), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->path, ndr_get_array_length(ndr, &r->path), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_path_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->path, length_path_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_path_0, 0); } if (r->password) { @@ -4558,11 +4730,13 @@ static enum ndr_err_code ndr_pull_srvsvc_NetShareInfo502(struct ndr_pull *ndr, i NDR_PULL_SET_MEM_CTX(ndr, r->password, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->password)); NDR_CHECK(ndr_pull_array_length(ndr, &r->password)); - if (ndr_get_array_length(ndr, &r->password) > ndr_get_array_size(ndr, &r->password)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->password), ndr_get_array_length(ndr, &r->password)); + size_password_1 = ndr_get_array_size(ndr, &r->password); + length_password_1 = ndr_get_array_length(ndr, &r->password); + if (length_password_1 > size_password_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_password_1, length_password_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->password), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->password, ndr_get_array_length(ndr, &r->password), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_password_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->password, length_password_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_password_0, 0); } NDR_CHECK(ndr_pull_sec_desc_buf(ndr, NDR_BUFFERS, &r->sd_buf)); @@ -4631,6 +4805,7 @@ static enum ndr_err_code ndr_push_srvsvc_NetShareCtr502(struct ndr_push *ndr, in static enum ndr_err_code ndr_pull_srvsvc_NetShareCtr502(struct ndr_pull *ndr, int ndr_flags, struct srvsvc_NetShareCtr502 *r) { uint32_t _ptr_array; + uint32_t size_array_1 = 0; uint32_t cntr_array_1; TALLOC_CTX *_mem_save_array_0; TALLOC_CTX *_mem_save_array_1; @@ -4649,13 +4824,14 @@ static enum ndr_err_code ndr_pull_srvsvc_NetShareCtr502(struct ndr_pull *ndr, in _mem_save_array_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->array)); - NDR_PULL_ALLOC_N(ndr, r->array, ndr_get_array_size(ndr, &r->array)); + size_array_1 = ndr_get_array_size(ndr, &r->array); + NDR_PULL_ALLOC_N(ndr, r->array, size_array_1); _mem_save_array_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); - for (cntr_array_1 = 0; cntr_array_1 < r->count; cntr_array_1++) { + for (cntr_array_1 = 0; cntr_array_1 < size_array_1; cntr_array_1++) { NDR_CHECK(ndr_pull_srvsvc_NetShareInfo502(ndr, NDR_SCALARS, &r->array[cntr_array_1])); } - for (cntr_array_1 = 0; cntr_array_1 < r->count; cntr_array_1++) { + for (cntr_array_1 = 0; cntr_array_1 < size_array_1; cntr_array_1++) { NDR_CHECK(ndr_pull_srvsvc_NetShareInfo502(ndr, NDR_BUFFERS, &r->array[cntr_array_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_array_1, 0); @@ -4712,6 +4888,8 @@ static enum ndr_err_code ndr_push_srvsvc_NetShareInfo1004(struct ndr_push *ndr, static enum ndr_err_code ndr_pull_srvsvc_NetShareInfo1004(struct ndr_pull *ndr, int ndr_flags, struct srvsvc_NetShareInfo1004 *r) { uint32_t _ptr_comment; + uint32_t size_comment_1 = 0; + uint32_t length_comment_1 = 0; TALLOC_CTX *_mem_save_comment_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); @@ -4728,11 +4906,13 @@ static enum ndr_err_code ndr_pull_srvsvc_NetShareInfo1004(struct ndr_pull *ndr, NDR_PULL_SET_MEM_CTX(ndr, r->comment, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->comment)); NDR_CHECK(ndr_pull_array_length(ndr, &r->comment)); - if (ndr_get_array_length(ndr, &r->comment) > ndr_get_array_size(ndr, &r->comment)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->comment), ndr_get_array_length(ndr, &r->comment)); + size_comment_1 = ndr_get_array_size(ndr, &r->comment); + length_comment_1 = ndr_get_array_length(ndr, &r->comment); + if (length_comment_1 > size_comment_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_comment_1, length_comment_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->comment), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->comment, ndr_get_array_length(ndr, &r->comment), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_comment_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->comment, length_comment_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_comment_0, 0); } } @@ -4777,6 +4957,7 @@ static enum ndr_err_code ndr_push_srvsvc_NetShareCtr1004(struct ndr_push *ndr, i static enum ndr_err_code ndr_pull_srvsvc_NetShareCtr1004(struct ndr_pull *ndr, int ndr_flags, struct srvsvc_NetShareCtr1004 *r) { uint32_t _ptr_array; + uint32_t size_array_1 = 0; uint32_t cntr_array_1; TALLOC_CTX *_mem_save_array_0; TALLOC_CTX *_mem_save_array_1; @@ -4795,13 +4976,14 @@ static enum ndr_err_code ndr_pull_srvsvc_NetShareCtr1004(struct ndr_pull *ndr, i _mem_save_array_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->array)); - NDR_PULL_ALLOC_N(ndr, r->array, ndr_get_array_size(ndr, &r->array)); + size_array_1 = ndr_get_array_size(ndr, &r->array); + NDR_PULL_ALLOC_N(ndr, r->array, size_array_1); _mem_save_array_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); - for (cntr_array_1 = 0; cntr_array_1 < r->count; cntr_array_1++) { + for (cntr_array_1 = 0; cntr_array_1 < size_array_1; cntr_array_1++) { NDR_CHECK(ndr_pull_srvsvc_NetShareInfo1004(ndr, NDR_SCALARS, &r->array[cntr_array_1])); } - for (cntr_array_1 = 0; cntr_array_1 < r->count; cntr_array_1++) { + for (cntr_array_1 = 0; cntr_array_1 < size_array_1; cntr_array_1++) { NDR_CHECK(ndr_pull_srvsvc_NetShareInfo1004(ndr, NDR_BUFFERS, &r->array[cntr_array_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_array_1, 0); @@ -4913,6 +5095,7 @@ static enum ndr_err_code ndr_push_srvsvc_NetShareCtr1005(struct ndr_push *ndr, i static enum ndr_err_code ndr_pull_srvsvc_NetShareCtr1005(struct ndr_pull *ndr, int ndr_flags, struct srvsvc_NetShareCtr1005 *r) { uint32_t _ptr_array; + uint32_t size_array_1 = 0; uint32_t cntr_array_1; TALLOC_CTX *_mem_save_array_0; TALLOC_CTX *_mem_save_array_1; @@ -4931,10 +5114,11 @@ static enum ndr_err_code ndr_pull_srvsvc_NetShareCtr1005(struct ndr_pull *ndr, i _mem_save_array_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->array)); - NDR_PULL_ALLOC_N(ndr, r->array, ndr_get_array_size(ndr, &r->array)); + size_array_1 = ndr_get_array_size(ndr, &r->array); + NDR_PULL_ALLOC_N(ndr, r->array, size_array_1); _mem_save_array_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); - for (cntr_array_1 = 0; cntr_array_1 < r->count; cntr_array_1++) { + for (cntr_array_1 = 0; cntr_array_1 < size_array_1; cntr_array_1++) { NDR_CHECK(ndr_pull_srvsvc_NetShareInfo1005(ndr, NDR_SCALARS, &r->array[cntr_array_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_array_1, 0); @@ -5023,6 +5207,7 @@ static enum ndr_err_code ndr_push_srvsvc_NetShareCtr1006(struct ndr_push *ndr, i static enum ndr_err_code ndr_pull_srvsvc_NetShareCtr1006(struct ndr_pull *ndr, int ndr_flags, struct srvsvc_NetShareCtr1006 *r) { uint32_t _ptr_array; + uint32_t size_array_1 = 0; uint32_t cntr_array_1; TALLOC_CTX *_mem_save_array_0; TALLOC_CTX *_mem_save_array_1; @@ -5041,10 +5226,11 @@ static enum ndr_err_code ndr_pull_srvsvc_NetShareCtr1006(struct ndr_pull *ndr, i _mem_save_array_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->array)); - NDR_PULL_ALLOC_N(ndr, r->array, ndr_get_array_size(ndr, &r->array)); + size_array_1 = ndr_get_array_size(ndr, &r->array); + NDR_PULL_ALLOC_N(ndr, r->array, size_array_1); _mem_save_array_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); - for (cntr_array_1 = 0; cntr_array_1 < r->count; cntr_array_1++) { + for (cntr_array_1 = 0; cntr_array_1 < size_array_1; cntr_array_1++) { NDR_CHECK(ndr_pull_srvsvc_NetShareInfo1006(ndr, NDR_SCALARS, &r->array[cntr_array_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_array_1, 0); @@ -5102,6 +5288,8 @@ static enum ndr_err_code ndr_push_srvsvc_NetShareInfo1007(struct ndr_push *ndr, static enum ndr_err_code ndr_pull_srvsvc_NetShareInfo1007(struct ndr_pull *ndr, int ndr_flags, struct srvsvc_NetShareInfo1007 *r) { uint32_t _ptr_alternate_directory_name; + uint32_t size_alternate_directory_name_1 = 0; + uint32_t length_alternate_directory_name_1 = 0; TALLOC_CTX *_mem_save_alternate_directory_name_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); @@ -5119,11 +5307,13 @@ static enum ndr_err_code ndr_pull_srvsvc_NetShareInfo1007(struct ndr_pull *ndr, NDR_PULL_SET_MEM_CTX(ndr, r->alternate_directory_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->alternate_directory_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->alternate_directory_name)); - if (ndr_get_array_length(ndr, &r->alternate_directory_name) > ndr_get_array_size(ndr, &r->alternate_directory_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->alternate_directory_name), ndr_get_array_length(ndr, &r->alternate_directory_name)); + size_alternate_directory_name_1 = ndr_get_array_size(ndr, &r->alternate_directory_name); + length_alternate_directory_name_1 = ndr_get_array_length(ndr, &r->alternate_directory_name); + if (length_alternate_directory_name_1 > size_alternate_directory_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_alternate_directory_name_1, length_alternate_directory_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->alternate_directory_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->alternate_directory_name, ndr_get_array_length(ndr, &r->alternate_directory_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_alternate_directory_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->alternate_directory_name, length_alternate_directory_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_alternate_directory_name_0, 0); } } @@ -5169,6 +5359,7 @@ static enum ndr_err_code ndr_push_srvsvc_NetShareCtr1007(struct ndr_push *ndr, i static enum ndr_err_code ndr_pull_srvsvc_NetShareCtr1007(struct ndr_pull *ndr, int ndr_flags, struct srvsvc_NetShareCtr1007 *r) { uint32_t _ptr_array; + uint32_t size_array_1 = 0; uint32_t cntr_array_1; TALLOC_CTX *_mem_save_array_0; TALLOC_CTX *_mem_save_array_1; @@ -5187,13 +5378,14 @@ static enum ndr_err_code ndr_pull_srvsvc_NetShareCtr1007(struct ndr_pull *ndr, i _mem_save_array_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->array)); - NDR_PULL_ALLOC_N(ndr, r->array, ndr_get_array_size(ndr, &r->array)); + size_array_1 = ndr_get_array_size(ndr, &r->array); + NDR_PULL_ALLOC_N(ndr, r->array, size_array_1); _mem_save_array_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); - for (cntr_array_1 = 0; cntr_array_1 < r->count; cntr_array_1++) { + for (cntr_array_1 = 0; cntr_array_1 < size_array_1; cntr_array_1++) { NDR_CHECK(ndr_pull_srvsvc_NetShareInfo1007(ndr, NDR_SCALARS, &r->array[cntr_array_1])); } - for (cntr_array_1 = 0; cntr_array_1 < r->count; cntr_array_1++) { + for (cntr_array_1 = 0; cntr_array_1 < size_array_1; cntr_array_1++) { NDR_CHECK(ndr_pull_srvsvc_NetShareInfo1007(ndr, NDR_BUFFERS, &r->array[cntr_array_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_array_1, 0); @@ -5255,6 +5447,7 @@ static enum ndr_err_code ndr_push_srvsvc_NetShareCtr1501(struct ndr_push *ndr, i static enum ndr_err_code ndr_pull_srvsvc_NetShareCtr1501(struct ndr_pull *ndr, int ndr_flags, struct srvsvc_NetShareCtr1501 *r) { uint32_t _ptr_array; + uint32_t size_array_1 = 0; uint32_t cntr_array_1; TALLOC_CTX *_mem_save_array_0; TALLOC_CTX *_mem_save_array_1; @@ -5273,13 +5466,14 @@ static enum ndr_err_code ndr_pull_srvsvc_NetShareCtr1501(struct ndr_pull *ndr, i _mem_save_array_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->array)); - NDR_PULL_ALLOC_N(ndr, r->array, ndr_get_array_size(ndr, &r->array)); + size_array_1 = ndr_get_array_size(ndr, &r->array); + NDR_PULL_ALLOC_N(ndr, r->array, size_array_1); _mem_save_array_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); - for (cntr_array_1 = 0; cntr_array_1 < r->count; cntr_array_1++) { + for (cntr_array_1 = 0; cntr_array_1 < size_array_1; cntr_array_1++) { NDR_CHECK(ndr_pull_sec_desc_buf(ndr, NDR_SCALARS, &r->array[cntr_array_1])); } - for (cntr_array_1 = 0; cntr_array_1 < r->count; cntr_array_1++) { + for (cntr_array_1 = 0; cntr_array_1 < size_array_1; cntr_array_1++) { NDR_CHECK(ndr_pull_sec_desc_buf(ndr, NDR_BUFFERS, &r->array[cntr_array_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_array_1, 0); @@ -5443,15 +5637,25 @@ static enum ndr_err_code ndr_pull_srvsvc_NetShareInfo(struct ndr_pull *ndr, int int level; uint32_t _level; TALLOC_CTX *_mem_save_info0_0; + uint32_t _ptr_info0; TALLOC_CTX *_mem_save_info1_0; + uint32_t _ptr_info1; TALLOC_CTX *_mem_save_info2_0; + uint32_t _ptr_info2; TALLOC_CTX *_mem_save_info501_0; + uint32_t _ptr_info501; TALLOC_CTX *_mem_save_info502_0; + uint32_t _ptr_info502; TALLOC_CTX *_mem_save_info1004_0; + uint32_t _ptr_info1004; TALLOC_CTX *_mem_save_info1005_0; + uint32_t _ptr_info1005; TALLOC_CTX *_mem_save_info1006_0; + uint32_t _ptr_info1006; TALLOC_CTX *_mem_save_info1007_0; + uint32_t _ptr_info1007; TALLOC_CTX *_mem_save_info1501_0; + uint32_t _ptr_info1501; level = ndr_pull_get_switch_value(ndr, r); if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &_level)); @@ -5460,7 +5664,6 @@ static enum ndr_err_code ndr_pull_srvsvc_NetShareInfo(struct ndr_pull *ndr, int } switch (level) { case 0: { - uint32_t _ptr_info0; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info0)); if (_ptr_info0) { NDR_PULL_ALLOC(ndr, r->info0); @@ -5470,7 +5673,6 @@ static enum ndr_err_code ndr_pull_srvsvc_NetShareInfo(struct ndr_pull *ndr, int break; } case 1: { - uint32_t _ptr_info1; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info1)); if (_ptr_info1) { NDR_PULL_ALLOC(ndr, r->info1); @@ -5480,7 +5682,6 @@ static enum ndr_err_code ndr_pull_srvsvc_NetShareInfo(struct ndr_pull *ndr, int break; } case 2: { - uint32_t _ptr_info2; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info2)); if (_ptr_info2) { NDR_PULL_ALLOC(ndr, r->info2); @@ -5490,7 +5691,6 @@ static enum ndr_err_code ndr_pull_srvsvc_NetShareInfo(struct ndr_pull *ndr, int break; } case 501: { - uint32_t _ptr_info501; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info501)); if (_ptr_info501) { NDR_PULL_ALLOC(ndr, r->info501); @@ -5500,7 +5700,6 @@ static enum ndr_err_code ndr_pull_srvsvc_NetShareInfo(struct ndr_pull *ndr, int break; } case 502: { - uint32_t _ptr_info502; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info502)); if (_ptr_info502) { NDR_PULL_ALLOC(ndr, r->info502); @@ -5510,7 +5709,6 @@ static enum ndr_err_code ndr_pull_srvsvc_NetShareInfo(struct ndr_pull *ndr, int break; } case 1004: { - uint32_t _ptr_info1004; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info1004)); if (_ptr_info1004) { NDR_PULL_ALLOC(ndr, r->info1004); @@ -5520,7 +5718,6 @@ static enum ndr_err_code ndr_pull_srvsvc_NetShareInfo(struct ndr_pull *ndr, int break; } case 1005: { - uint32_t _ptr_info1005; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info1005)); if (_ptr_info1005) { NDR_PULL_ALLOC(ndr, r->info1005); @@ -5530,7 +5727,6 @@ static enum ndr_err_code ndr_pull_srvsvc_NetShareInfo(struct ndr_pull *ndr, int break; } case 1006: { - uint32_t _ptr_info1006; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info1006)); if (_ptr_info1006) { NDR_PULL_ALLOC(ndr, r->info1006); @@ -5540,7 +5736,6 @@ static enum ndr_err_code ndr_pull_srvsvc_NetShareInfo(struct ndr_pull *ndr, int break; } case 1007: { - uint32_t _ptr_info1007; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info1007)); if (_ptr_info1007) { NDR_PULL_ALLOC(ndr, r->info1007); @@ -5550,7 +5745,6 @@ static enum ndr_err_code ndr_pull_srvsvc_NetShareInfo(struct ndr_pull *ndr, int break; } case 1501: { - uint32_t _ptr_info1501; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info1501)); if (_ptr_info1501) { NDR_PULL_ALLOC(ndr, r->info1501); @@ -5893,15 +6087,25 @@ static enum ndr_err_code ndr_pull_srvsvc_NetShareCtr(struct ndr_pull *ndr, int n int level; uint32_t _level; TALLOC_CTX *_mem_save_ctr0_0; + uint32_t _ptr_ctr0; TALLOC_CTX *_mem_save_ctr1_0; + uint32_t _ptr_ctr1; TALLOC_CTX *_mem_save_ctr2_0; + uint32_t _ptr_ctr2; TALLOC_CTX *_mem_save_ctr501_0; + uint32_t _ptr_ctr501; TALLOC_CTX *_mem_save_ctr502_0; + uint32_t _ptr_ctr502; TALLOC_CTX *_mem_save_ctr1004_0; + uint32_t _ptr_ctr1004; TALLOC_CTX *_mem_save_ctr1005_0; + uint32_t _ptr_ctr1005; TALLOC_CTX *_mem_save_ctr1006_0; + uint32_t _ptr_ctr1006; TALLOC_CTX *_mem_save_ctr1007_0; + uint32_t _ptr_ctr1007; TALLOC_CTX *_mem_save_ctr1501_0; + uint32_t _ptr_ctr1501; level = ndr_pull_get_switch_value(ndr, r); if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &_level)); @@ -5910,7 +6114,6 @@ static enum ndr_err_code ndr_pull_srvsvc_NetShareCtr(struct ndr_pull *ndr, int n } switch (level) { case 0: { - uint32_t _ptr_ctr0; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_ctr0)); if (_ptr_ctr0) { NDR_PULL_ALLOC(ndr, r->ctr0); @@ -5920,7 +6123,6 @@ static enum ndr_err_code ndr_pull_srvsvc_NetShareCtr(struct ndr_pull *ndr, int n break; } case 1: { - uint32_t _ptr_ctr1; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_ctr1)); if (_ptr_ctr1) { NDR_PULL_ALLOC(ndr, r->ctr1); @@ -5930,7 +6132,6 @@ static enum ndr_err_code ndr_pull_srvsvc_NetShareCtr(struct ndr_pull *ndr, int n break; } case 2: { - uint32_t _ptr_ctr2; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_ctr2)); if (_ptr_ctr2) { NDR_PULL_ALLOC(ndr, r->ctr2); @@ -5940,7 +6141,6 @@ static enum ndr_err_code ndr_pull_srvsvc_NetShareCtr(struct ndr_pull *ndr, int n break; } case 501: { - uint32_t _ptr_ctr501; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_ctr501)); if (_ptr_ctr501) { NDR_PULL_ALLOC(ndr, r->ctr501); @@ -5950,7 +6150,6 @@ static enum ndr_err_code ndr_pull_srvsvc_NetShareCtr(struct ndr_pull *ndr, int n break; } case 502: { - uint32_t _ptr_ctr502; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_ctr502)); if (_ptr_ctr502) { NDR_PULL_ALLOC(ndr, r->ctr502); @@ -5960,7 +6159,6 @@ static enum ndr_err_code ndr_pull_srvsvc_NetShareCtr(struct ndr_pull *ndr, int n break; } case 1004: { - uint32_t _ptr_ctr1004; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_ctr1004)); if (_ptr_ctr1004) { NDR_PULL_ALLOC(ndr, r->ctr1004); @@ -5970,7 +6168,6 @@ static enum ndr_err_code ndr_pull_srvsvc_NetShareCtr(struct ndr_pull *ndr, int n break; } case 1005: { - uint32_t _ptr_ctr1005; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_ctr1005)); if (_ptr_ctr1005) { NDR_PULL_ALLOC(ndr, r->ctr1005); @@ -5980,7 +6177,6 @@ static enum ndr_err_code ndr_pull_srvsvc_NetShareCtr(struct ndr_pull *ndr, int n break; } case 1006: { - uint32_t _ptr_ctr1006; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_ctr1006)); if (_ptr_ctr1006) { NDR_PULL_ALLOC(ndr, r->ctr1006); @@ -5990,7 +6186,6 @@ static enum ndr_err_code ndr_pull_srvsvc_NetShareCtr(struct ndr_pull *ndr, int n break; } case 1007: { - uint32_t _ptr_ctr1007; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_ctr1007)); if (_ptr_ctr1007) { NDR_PULL_ALLOC(ndr, r->ctr1007); @@ -6000,7 +6195,6 @@ static enum ndr_err_code ndr_pull_srvsvc_NetShareCtr(struct ndr_pull *ndr, int n break; } case 1501: { - uint32_t _ptr_ctr1501; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_ctr1501)); if (_ptr_ctr1501) { NDR_PULL_ALLOC(ndr, r->ctr1501); @@ -6303,6 +6497,8 @@ static enum ndr_err_code ndr_push_srvsvc_NetSrvInfo100(struct ndr_push *ndr, int static enum ndr_err_code ndr_pull_srvsvc_NetSrvInfo100(struct ndr_pull *ndr, int ndr_flags, struct srvsvc_NetSrvInfo100 *r) { uint32_t _ptr_server_name; + uint32_t size_server_name_1 = 0; + uint32_t length_server_name_1 = 0; TALLOC_CTX *_mem_save_server_name_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); @@ -6320,11 +6516,13 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSrvInfo100(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->server_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->server_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->server_name)); - if (ndr_get_array_length(ndr, &r->server_name) > ndr_get_array_size(ndr, &r->server_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->server_name), ndr_get_array_length(ndr, &r->server_name)); + size_server_name_1 = ndr_get_array_size(ndr, &r->server_name); + length_server_name_1 = ndr_get_array_length(ndr, &r->server_name); + if (length_server_name_1 > size_server_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_name_1, length_server_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->server_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->server_name, ndr_get_array_length(ndr, &r->server_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->server_name, length_server_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_name_0, 0); } } @@ -6376,8 +6574,12 @@ static enum ndr_err_code ndr_push_srvsvc_NetSrvInfo101(struct ndr_push *ndr, int static enum ndr_err_code ndr_pull_srvsvc_NetSrvInfo101(struct ndr_pull *ndr, int ndr_flags, struct srvsvc_NetSrvInfo101 *r) { uint32_t _ptr_server_name; + uint32_t size_server_name_1 = 0; + uint32_t length_server_name_1 = 0; TALLOC_CTX *_mem_save_server_name_0; uint32_t _ptr_comment; + uint32_t size_comment_1 = 0; + uint32_t length_comment_1 = 0; TALLOC_CTX *_mem_save_comment_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); @@ -6404,11 +6606,13 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSrvInfo101(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->server_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->server_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->server_name)); - if (ndr_get_array_length(ndr, &r->server_name) > ndr_get_array_size(ndr, &r->server_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->server_name), ndr_get_array_length(ndr, &r->server_name)); + size_server_name_1 = ndr_get_array_size(ndr, &r->server_name); + length_server_name_1 = ndr_get_array_length(ndr, &r->server_name); + if (length_server_name_1 > size_server_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_name_1, length_server_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->server_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->server_name, ndr_get_array_length(ndr, &r->server_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->server_name, length_server_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_name_0, 0); } if (r->comment) { @@ -6416,11 +6620,13 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSrvInfo101(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->comment, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->comment)); NDR_CHECK(ndr_pull_array_length(ndr, &r->comment)); - if (ndr_get_array_length(ndr, &r->comment) > ndr_get_array_size(ndr, &r->comment)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->comment), ndr_get_array_length(ndr, &r->comment)); + size_comment_1 = ndr_get_array_size(ndr, &r->comment); + length_comment_1 = ndr_get_array_length(ndr, &r->comment); + if (length_comment_1 > size_comment_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_comment_1, length_comment_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->comment), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->comment, ndr_get_array_length(ndr, &r->comment), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_comment_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->comment, length_comment_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_comment_0, 0); } } @@ -6494,10 +6700,16 @@ static enum ndr_err_code ndr_push_srvsvc_NetSrvInfo102(struct ndr_push *ndr, int static enum ndr_err_code ndr_pull_srvsvc_NetSrvInfo102(struct ndr_pull *ndr, int ndr_flags, struct srvsvc_NetSrvInfo102 *r) { uint32_t _ptr_server_name; + uint32_t size_server_name_1 = 0; + uint32_t length_server_name_1 = 0; TALLOC_CTX *_mem_save_server_name_0; uint32_t _ptr_comment; + uint32_t size_comment_1 = 0; + uint32_t length_comment_1 = 0; TALLOC_CTX *_mem_save_comment_0; uint32_t _ptr_userpath; + uint32_t size_userpath_1 = 0; + uint32_t length_userpath_1 = 0; TALLOC_CTX *_mem_save_userpath_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); @@ -6536,11 +6748,13 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSrvInfo102(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->server_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->server_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->server_name)); - if (ndr_get_array_length(ndr, &r->server_name) > ndr_get_array_size(ndr, &r->server_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->server_name), ndr_get_array_length(ndr, &r->server_name)); + size_server_name_1 = ndr_get_array_size(ndr, &r->server_name); + length_server_name_1 = ndr_get_array_length(ndr, &r->server_name); + if (length_server_name_1 > size_server_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_name_1, length_server_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->server_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->server_name, ndr_get_array_length(ndr, &r->server_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->server_name, length_server_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_name_0, 0); } if (r->comment) { @@ -6548,11 +6762,13 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSrvInfo102(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->comment, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->comment)); NDR_CHECK(ndr_pull_array_length(ndr, &r->comment)); - if (ndr_get_array_length(ndr, &r->comment) > ndr_get_array_size(ndr, &r->comment)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->comment), ndr_get_array_length(ndr, &r->comment)); + size_comment_1 = ndr_get_array_size(ndr, &r->comment); + length_comment_1 = ndr_get_array_length(ndr, &r->comment); + if (length_comment_1 > size_comment_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_comment_1, length_comment_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->comment), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->comment, ndr_get_array_length(ndr, &r->comment), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_comment_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->comment, length_comment_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_comment_0, 0); } if (r->userpath) { @@ -6560,11 +6776,13 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSrvInfo102(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->userpath, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->userpath)); NDR_CHECK(ndr_pull_array_length(ndr, &r->userpath)); - if (ndr_get_array_length(ndr, &r->userpath) > ndr_get_array_size(ndr, &r->userpath)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->userpath), ndr_get_array_length(ndr, &r->userpath)); + size_userpath_1 = ndr_get_array_size(ndr, &r->userpath); + length_userpath_1 = ndr_get_array_length(ndr, &r->userpath); + if (length_userpath_1 > size_userpath_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_userpath_1, length_userpath_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->userpath), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->userpath, ndr_get_array_length(ndr, &r->userpath), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_userpath_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->userpath, length_userpath_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_userpath_0, 0); } } @@ -6667,10 +6885,16 @@ static enum ndr_err_code ndr_push_srvsvc_NetSrvInfo402(struct ndr_push *ndr, int static enum ndr_err_code ndr_pull_srvsvc_NetSrvInfo402(struct ndr_pull *ndr, int ndr_flags, struct srvsvc_NetSrvInfo402 *r) { uint32_t _ptr_alerts; + uint32_t size_alerts_1 = 0; + uint32_t length_alerts_1 = 0; TALLOC_CTX *_mem_save_alerts_0; uint32_t _ptr_guestaccount; + uint32_t size_guestaccount_1 = 0; + uint32_t length_guestaccount_1 = 0; TALLOC_CTX *_mem_save_guestaccount_0; uint32_t _ptr_srvheuristics; + uint32_t size_srvheuristics_1 = 0; + uint32_t length_srvheuristics_1 = 0; TALLOC_CTX *_mem_save_srvheuristics_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); @@ -6726,11 +6950,13 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSrvInfo402(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->alerts, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->alerts)); NDR_CHECK(ndr_pull_array_length(ndr, &r->alerts)); - if (ndr_get_array_length(ndr, &r->alerts) > ndr_get_array_size(ndr, &r->alerts)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->alerts), ndr_get_array_length(ndr, &r->alerts)); + size_alerts_1 = ndr_get_array_size(ndr, &r->alerts); + length_alerts_1 = ndr_get_array_length(ndr, &r->alerts); + if (length_alerts_1 > size_alerts_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_alerts_1, length_alerts_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->alerts), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->alerts, ndr_get_array_length(ndr, &r->alerts), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_alerts_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->alerts, length_alerts_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_alerts_0, 0); } if (r->guestaccount) { @@ -6738,11 +6964,13 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSrvInfo402(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->guestaccount, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->guestaccount)); NDR_CHECK(ndr_pull_array_length(ndr, &r->guestaccount)); - if (ndr_get_array_length(ndr, &r->guestaccount) > ndr_get_array_size(ndr, &r->guestaccount)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->guestaccount), ndr_get_array_length(ndr, &r->guestaccount)); + size_guestaccount_1 = ndr_get_array_size(ndr, &r->guestaccount); + length_guestaccount_1 = ndr_get_array_length(ndr, &r->guestaccount); + if (length_guestaccount_1 > size_guestaccount_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_guestaccount_1, length_guestaccount_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->guestaccount), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->guestaccount, ndr_get_array_length(ndr, &r->guestaccount), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_guestaccount_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->guestaccount, length_guestaccount_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_guestaccount_0, 0); } if (r->srvheuristics) { @@ -6750,11 +6978,13 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSrvInfo402(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->srvheuristics, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->srvheuristics)); NDR_CHECK(ndr_pull_array_length(ndr, &r->srvheuristics)); - if (ndr_get_array_length(ndr, &r->srvheuristics) > ndr_get_array_size(ndr, &r->srvheuristics)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->srvheuristics), ndr_get_array_length(ndr, &r->srvheuristics)); + size_srvheuristics_1 = ndr_get_array_size(ndr, &r->srvheuristics); + length_srvheuristics_1 = ndr_get_array_length(ndr, &r->srvheuristics); + if (length_srvheuristics_1 > size_srvheuristics_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_srvheuristics_1, length_srvheuristics_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->srvheuristics), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->srvheuristics, ndr_get_array_length(ndr, &r->srvheuristics), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_srvheuristics_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->srvheuristics, length_srvheuristics_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_srvheuristics_0, 0); } } @@ -6883,12 +7113,20 @@ static enum ndr_err_code ndr_push_srvsvc_NetSrvInfo403(struct ndr_push *ndr, int static enum ndr_err_code ndr_pull_srvsvc_NetSrvInfo403(struct ndr_pull *ndr, int ndr_flags, struct srvsvc_NetSrvInfo403 *r) { uint32_t _ptr_alerts; + uint32_t size_alerts_1 = 0; + uint32_t length_alerts_1 = 0; TALLOC_CTX *_mem_save_alerts_0; uint32_t _ptr_guestaccount; + uint32_t size_guestaccount_1 = 0; + uint32_t length_guestaccount_1 = 0; TALLOC_CTX *_mem_save_guestaccount_0; uint32_t _ptr_srvheuristics; + uint32_t size_srvheuristics_1 = 0; + uint32_t length_srvheuristics_1 = 0; TALLOC_CTX *_mem_save_srvheuristics_0; uint32_t _ptr_autopath; + uint32_t size_autopath_1 = 0; + uint32_t length_autopath_1 = 0; TALLOC_CTX *_mem_save_autopath_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); @@ -6952,11 +7190,13 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSrvInfo403(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->alerts, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->alerts)); NDR_CHECK(ndr_pull_array_length(ndr, &r->alerts)); - if (ndr_get_array_length(ndr, &r->alerts) > ndr_get_array_size(ndr, &r->alerts)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->alerts), ndr_get_array_length(ndr, &r->alerts)); + size_alerts_1 = ndr_get_array_size(ndr, &r->alerts); + length_alerts_1 = ndr_get_array_length(ndr, &r->alerts); + if (length_alerts_1 > size_alerts_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_alerts_1, length_alerts_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->alerts), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->alerts, ndr_get_array_length(ndr, &r->alerts), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_alerts_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->alerts, length_alerts_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_alerts_0, 0); } if (r->guestaccount) { @@ -6964,11 +7204,13 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSrvInfo403(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->guestaccount, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->guestaccount)); NDR_CHECK(ndr_pull_array_length(ndr, &r->guestaccount)); - if (ndr_get_array_length(ndr, &r->guestaccount) > ndr_get_array_size(ndr, &r->guestaccount)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->guestaccount), ndr_get_array_length(ndr, &r->guestaccount)); + size_guestaccount_1 = ndr_get_array_size(ndr, &r->guestaccount); + length_guestaccount_1 = ndr_get_array_length(ndr, &r->guestaccount); + if (length_guestaccount_1 > size_guestaccount_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_guestaccount_1, length_guestaccount_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->guestaccount), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->guestaccount, ndr_get_array_length(ndr, &r->guestaccount), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_guestaccount_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->guestaccount, length_guestaccount_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_guestaccount_0, 0); } if (r->srvheuristics) { @@ -6976,11 +7218,13 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSrvInfo403(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->srvheuristics, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->srvheuristics)); NDR_CHECK(ndr_pull_array_length(ndr, &r->srvheuristics)); - if (ndr_get_array_length(ndr, &r->srvheuristics) > ndr_get_array_size(ndr, &r->srvheuristics)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->srvheuristics), ndr_get_array_length(ndr, &r->srvheuristics)); + size_srvheuristics_1 = ndr_get_array_size(ndr, &r->srvheuristics); + length_srvheuristics_1 = ndr_get_array_length(ndr, &r->srvheuristics); + if (length_srvheuristics_1 > size_srvheuristics_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_srvheuristics_1, length_srvheuristics_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->srvheuristics), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->srvheuristics, ndr_get_array_length(ndr, &r->srvheuristics), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_srvheuristics_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->srvheuristics, length_srvheuristics_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_srvheuristics_0, 0); } if (r->autopath) { @@ -6988,11 +7232,13 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSrvInfo403(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->autopath, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->autopath)); NDR_CHECK(ndr_pull_array_length(ndr, &r->autopath)); - if (ndr_get_array_length(ndr, &r->autopath) > ndr_get_array_size(ndr, &r->autopath)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->autopath), ndr_get_array_length(ndr, &r->autopath)); + size_autopath_1 = ndr_get_array_size(ndr, &r->autopath); + length_autopath_1 = ndr_get_array_length(ndr, &r->autopath); + if (length_autopath_1 > size_autopath_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_autopath_1, length_autopath_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->autopath), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->autopath, ndr_get_array_length(ndr, &r->autopath), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_autopath_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->autopath, length_autopath_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_autopath_0, 0); } } @@ -7201,6 +7447,8 @@ static enum ndr_err_code ndr_push_srvsvc_NetSrvInfo503(struct ndr_push *ndr, int static enum ndr_err_code ndr_pull_srvsvc_NetSrvInfo503(struct ndr_pull *ndr, int ndr_flags, struct srvsvc_NetSrvInfo503 *r) { uint32_t _ptr_domain; + uint32_t size_domain_1 = 0; + uint32_t length_domain_1 = 0; TALLOC_CTX *_mem_save_domain_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); @@ -7258,11 +7506,13 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSrvInfo503(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->domain, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->domain)); NDR_CHECK(ndr_pull_array_length(ndr, &r->domain)); - if (ndr_get_array_length(ndr, &r->domain) > ndr_get_array_size(ndr, &r->domain)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->domain), ndr_get_array_length(ndr, &r->domain)); + size_domain_1 = ndr_get_array_size(ndr, &r->domain); + length_domain_1 = ndr_get_array_length(ndr, &r->domain); + if (length_domain_1 > size_domain_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_domain_1, length_domain_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->domain), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->domain, ndr_get_array_length(ndr, &r->domain), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_domain_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->domain, length_domain_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_domain_0, 0); } } @@ -7397,6 +7647,8 @@ static enum ndr_err_code ndr_push_srvsvc_NetSrvInfo599(struct ndr_push *ndr, int static enum ndr_err_code ndr_pull_srvsvc_NetSrvInfo599(struct ndr_pull *ndr, int ndr_flags, struct srvsvc_NetSrvInfo599 *r) { uint32_t _ptr_domain; + uint32_t size_domain_1 = 0; + uint32_t length_domain_1 = 0; TALLOC_CTX *_mem_save_domain_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); @@ -7467,11 +7719,13 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSrvInfo599(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->domain, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->domain)); NDR_CHECK(ndr_pull_array_length(ndr, &r->domain)); - if (ndr_get_array_length(ndr, &r->domain) > ndr_get_array_size(ndr, &r->domain)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->domain), ndr_get_array_length(ndr, &r->domain)); + size_domain_1 = ndr_get_array_size(ndr, &r->domain); + length_domain_1 = ndr_get_array_length(ndr, &r->domain); + if (length_domain_1 > size_domain_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_domain_1, length_domain_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->domain), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->domain, ndr_get_array_length(ndr, &r->domain), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_domain_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->domain, length_domain_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_domain_0, 0); } } @@ -7565,6 +7819,8 @@ static enum ndr_err_code ndr_push_srvsvc_NetSrvInfo1005(struct ndr_push *ndr, in static enum ndr_err_code ndr_pull_srvsvc_NetSrvInfo1005(struct ndr_pull *ndr, int ndr_flags, struct srvsvc_NetSrvInfo1005 *r) { uint32_t _ptr_comment; + uint32_t size_comment_1 = 0; + uint32_t length_comment_1 = 0; TALLOC_CTX *_mem_save_comment_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); @@ -7581,11 +7837,13 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSrvInfo1005(struct ndr_pull *ndr, in NDR_PULL_SET_MEM_CTX(ndr, r->comment, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->comment)); NDR_CHECK(ndr_pull_array_length(ndr, &r->comment)); - if (ndr_get_array_length(ndr, &r->comment) > ndr_get_array_size(ndr, &r->comment)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->comment), ndr_get_array_length(ndr, &r->comment)); + size_comment_1 = ndr_get_array_size(ndr, &r->comment); + length_comment_1 = ndr_get_array_length(ndr, &r->comment); + if (length_comment_1 > size_comment_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_comment_1, length_comment_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->comment), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->comment, ndr_get_array_length(ndr, &r->comment), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_comment_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->comment, length_comment_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_comment_0, 0); } } @@ -9722,64 +9980,123 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSrvInfo(struct ndr_pull *ndr, int nd int level; uint32_t _level; TALLOC_CTX *_mem_save_info100_0; + uint32_t _ptr_info100; TALLOC_CTX *_mem_save_info101_0; + uint32_t _ptr_info101; TALLOC_CTX *_mem_save_info102_0; + uint32_t _ptr_info102; TALLOC_CTX *_mem_save_info402_0; + uint32_t _ptr_info402; TALLOC_CTX *_mem_save_info403_0; + uint32_t _ptr_info403; TALLOC_CTX *_mem_save_info502_0; + uint32_t _ptr_info502; TALLOC_CTX *_mem_save_info503_0; + uint32_t _ptr_info503; TALLOC_CTX *_mem_save_info599_0; + uint32_t _ptr_info599; TALLOC_CTX *_mem_save_info1005_0; + uint32_t _ptr_info1005; TALLOC_CTX *_mem_save_info1010_0; + uint32_t _ptr_info1010; TALLOC_CTX *_mem_save_info1016_0; + uint32_t _ptr_info1016; TALLOC_CTX *_mem_save_info1017_0; + uint32_t _ptr_info1017; TALLOC_CTX *_mem_save_info1018_0; + uint32_t _ptr_info1018; TALLOC_CTX *_mem_save_info1107_0; + uint32_t _ptr_info1107; TALLOC_CTX *_mem_save_info1501_0; + uint32_t _ptr_info1501; TALLOC_CTX *_mem_save_info1502_0; + uint32_t _ptr_info1502; TALLOC_CTX *_mem_save_info1503_0; + uint32_t _ptr_info1503; TALLOC_CTX *_mem_save_info1506_0; + uint32_t _ptr_info1506; TALLOC_CTX *_mem_save_info1509_0; + uint32_t _ptr_info1509; TALLOC_CTX *_mem_save_info1510_0; + uint32_t _ptr_info1510; TALLOC_CTX *_mem_save_info1511_0; + uint32_t _ptr_info1511; TALLOC_CTX *_mem_save_info1512_0; + uint32_t _ptr_info1512; TALLOC_CTX *_mem_save_info1513_0; + uint32_t _ptr_info1513; TALLOC_CTX *_mem_save_info1514_0; + uint32_t _ptr_info1514; TALLOC_CTX *_mem_save_info1515_0; + uint32_t _ptr_info1515; TALLOC_CTX *_mem_save_info1516_0; + uint32_t _ptr_info1516; TALLOC_CTX *_mem_save_info1518_0; + uint32_t _ptr_info1518; TALLOC_CTX *_mem_save_info1520_0; + uint32_t _ptr_info1520; TALLOC_CTX *_mem_save_info1521_0; + uint32_t _ptr_info1521; TALLOC_CTX *_mem_save_info1522_0; + uint32_t _ptr_info1522; TALLOC_CTX *_mem_save_info1523_0; + uint32_t _ptr_info1523; TALLOC_CTX *_mem_save_info1524_0; + uint32_t _ptr_info1524; TALLOC_CTX *_mem_save_info1525_0; + uint32_t _ptr_info1525; TALLOC_CTX *_mem_save_info1528_0; + uint32_t _ptr_info1528; TALLOC_CTX *_mem_save_info1529_0; + uint32_t _ptr_info1529; TALLOC_CTX *_mem_save_info1530_0; + uint32_t _ptr_info1530; TALLOC_CTX *_mem_save_info1533_0; + uint32_t _ptr_info1533; TALLOC_CTX *_mem_save_info1534_0; + uint32_t _ptr_info1534; TALLOC_CTX *_mem_save_info1535_0; + uint32_t _ptr_info1535; TALLOC_CTX *_mem_save_info1536_0; + uint32_t _ptr_info1536; TALLOC_CTX *_mem_save_info1537_0; + uint32_t _ptr_info1537; TALLOC_CTX *_mem_save_info1538_0; + uint32_t _ptr_info1538; TALLOC_CTX *_mem_save_info1539_0; + uint32_t _ptr_info1539; TALLOC_CTX *_mem_save_info1540_0; + uint32_t _ptr_info1540; TALLOC_CTX *_mem_save_info1541_0; + uint32_t _ptr_info1541; TALLOC_CTX *_mem_save_info1542_0; + uint32_t _ptr_info1542; TALLOC_CTX *_mem_save_info1543_0; + uint32_t _ptr_info1543; TALLOC_CTX *_mem_save_info1544_0; + uint32_t _ptr_info1544; TALLOC_CTX *_mem_save_info1545_0; + uint32_t _ptr_info1545; TALLOC_CTX *_mem_save_info1546_0; + uint32_t _ptr_info1546; TALLOC_CTX *_mem_save_info1547_0; + uint32_t _ptr_info1547; TALLOC_CTX *_mem_save_info1548_0; + uint32_t _ptr_info1548; TALLOC_CTX *_mem_save_info1549_0; + uint32_t _ptr_info1549; TALLOC_CTX *_mem_save_info1550_0; + uint32_t _ptr_info1550; TALLOC_CTX *_mem_save_info1552_0; + uint32_t _ptr_info1552; TALLOC_CTX *_mem_save_info1553_0; + uint32_t _ptr_info1553; TALLOC_CTX *_mem_save_info1554_0; + uint32_t _ptr_info1554; TALLOC_CTX *_mem_save_info1555_0; + uint32_t _ptr_info1555; TALLOC_CTX *_mem_save_info1556_0; + uint32_t _ptr_info1556; level = ndr_pull_get_switch_value(ndr, r); if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &_level)); @@ -9788,7 +10105,6 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSrvInfo(struct ndr_pull *ndr, int nd } switch (level) { case 100: { - uint32_t _ptr_info100; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info100)); if (_ptr_info100) { NDR_PULL_ALLOC(ndr, r->info100); @@ -9798,7 +10114,6 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSrvInfo(struct ndr_pull *ndr, int nd break; } case 101: { - uint32_t _ptr_info101; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info101)); if (_ptr_info101) { NDR_PULL_ALLOC(ndr, r->info101); @@ -9808,7 +10123,6 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSrvInfo(struct ndr_pull *ndr, int nd break; } case 102: { - uint32_t _ptr_info102; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info102)); if (_ptr_info102) { NDR_PULL_ALLOC(ndr, r->info102); @@ -9818,7 +10132,6 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSrvInfo(struct ndr_pull *ndr, int nd break; } case 402: { - uint32_t _ptr_info402; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info402)); if (_ptr_info402) { NDR_PULL_ALLOC(ndr, r->info402); @@ -9828,7 +10141,6 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSrvInfo(struct ndr_pull *ndr, int nd break; } case 403: { - uint32_t _ptr_info403; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info403)); if (_ptr_info403) { NDR_PULL_ALLOC(ndr, r->info403); @@ -9838,7 +10150,6 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSrvInfo(struct ndr_pull *ndr, int nd break; } case 502: { - uint32_t _ptr_info502; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info502)); if (_ptr_info502) { NDR_PULL_ALLOC(ndr, r->info502); @@ -9848,7 +10159,6 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSrvInfo(struct ndr_pull *ndr, int nd break; } case 503: { - uint32_t _ptr_info503; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info503)); if (_ptr_info503) { NDR_PULL_ALLOC(ndr, r->info503); @@ -9858,7 +10168,6 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSrvInfo(struct ndr_pull *ndr, int nd break; } case 599: { - uint32_t _ptr_info599; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info599)); if (_ptr_info599) { NDR_PULL_ALLOC(ndr, r->info599); @@ -9868,7 +10177,6 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSrvInfo(struct ndr_pull *ndr, int nd break; } case 1005: { - uint32_t _ptr_info1005; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info1005)); if (_ptr_info1005) { NDR_PULL_ALLOC(ndr, r->info1005); @@ -9878,7 +10186,6 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSrvInfo(struct ndr_pull *ndr, int nd break; } case 1010: { - uint32_t _ptr_info1010; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info1010)); if (_ptr_info1010) { NDR_PULL_ALLOC(ndr, r->info1010); @@ -9888,7 +10195,6 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSrvInfo(struct ndr_pull *ndr, int nd break; } case 1016: { - uint32_t _ptr_info1016; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info1016)); if (_ptr_info1016) { NDR_PULL_ALLOC(ndr, r->info1016); @@ -9898,7 +10204,6 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSrvInfo(struct ndr_pull *ndr, int nd break; } case 1017: { - uint32_t _ptr_info1017; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info1017)); if (_ptr_info1017) { NDR_PULL_ALLOC(ndr, r->info1017); @@ -9908,7 +10213,6 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSrvInfo(struct ndr_pull *ndr, int nd break; } case 1018: { - uint32_t _ptr_info1018; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info1018)); if (_ptr_info1018) { NDR_PULL_ALLOC(ndr, r->info1018); @@ -9918,7 +10222,6 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSrvInfo(struct ndr_pull *ndr, int nd break; } case 1107: { - uint32_t _ptr_info1107; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info1107)); if (_ptr_info1107) { NDR_PULL_ALLOC(ndr, r->info1107); @@ -9928,7 +10231,6 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSrvInfo(struct ndr_pull *ndr, int nd break; } case 1501: { - uint32_t _ptr_info1501; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info1501)); if (_ptr_info1501) { NDR_PULL_ALLOC(ndr, r->info1501); @@ -9938,7 +10240,6 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSrvInfo(struct ndr_pull *ndr, int nd break; } case 1502: { - uint32_t _ptr_info1502; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info1502)); if (_ptr_info1502) { NDR_PULL_ALLOC(ndr, r->info1502); @@ -9948,7 +10249,6 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSrvInfo(struct ndr_pull *ndr, int nd break; } case 1503: { - uint32_t _ptr_info1503; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info1503)); if (_ptr_info1503) { NDR_PULL_ALLOC(ndr, r->info1503); @@ -9958,7 +10258,6 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSrvInfo(struct ndr_pull *ndr, int nd break; } case 1506: { - uint32_t _ptr_info1506; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info1506)); if (_ptr_info1506) { NDR_PULL_ALLOC(ndr, r->info1506); @@ -9968,7 +10267,6 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSrvInfo(struct ndr_pull *ndr, int nd break; } case 1509: { - uint32_t _ptr_info1509; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info1509)); if (_ptr_info1509) { NDR_PULL_ALLOC(ndr, r->info1509); @@ -9978,7 +10276,6 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSrvInfo(struct ndr_pull *ndr, int nd break; } case 1510: { - uint32_t _ptr_info1510; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info1510)); if (_ptr_info1510) { NDR_PULL_ALLOC(ndr, r->info1510); @@ -9988,7 +10285,6 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSrvInfo(struct ndr_pull *ndr, int nd break; } case 1511: { - uint32_t _ptr_info1511; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info1511)); if (_ptr_info1511) { NDR_PULL_ALLOC(ndr, r->info1511); @@ -9998,7 +10294,6 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSrvInfo(struct ndr_pull *ndr, int nd break; } case 1512: { - uint32_t _ptr_info1512; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info1512)); if (_ptr_info1512) { NDR_PULL_ALLOC(ndr, r->info1512); @@ -10008,7 +10303,6 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSrvInfo(struct ndr_pull *ndr, int nd break; } case 1513: { - uint32_t _ptr_info1513; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info1513)); if (_ptr_info1513) { NDR_PULL_ALLOC(ndr, r->info1513); @@ -10018,7 +10312,6 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSrvInfo(struct ndr_pull *ndr, int nd break; } case 1514: { - uint32_t _ptr_info1514; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info1514)); if (_ptr_info1514) { NDR_PULL_ALLOC(ndr, r->info1514); @@ -10028,7 +10321,6 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSrvInfo(struct ndr_pull *ndr, int nd break; } case 1515: { - uint32_t _ptr_info1515; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info1515)); if (_ptr_info1515) { NDR_PULL_ALLOC(ndr, r->info1515); @@ -10038,7 +10330,6 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSrvInfo(struct ndr_pull *ndr, int nd break; } case 1516: { - uint32_t _ptr_info1516; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info1516)); if (_ptr_info1516) { NDR_PULL_ALLOC(ndr, r->info1516); @@ -10048,7 +10339,6 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSrvInfo(struct ndr_pull *ndr, int nd break; } case 1518: { - uint32_t _ptr_info1518; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info1518)); if (_ptr_info1518) { NDR_PULL_ALLOC(ndr, r->info1518); @@ -10058,7 +10348,6 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSrvInfo(struct ndr_pull *ndr, int nd break; } case 1520: { - uint32_t _ptr_info1520; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info1520)); if (_ptr_info1520) { NDR_PULL_ALLOC(ndr, r->info1520); @@ -10068,7 +10357,6 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSrvInfo(struct ndr_pull *ndr, int nd break; } case 1521: { - uint32_t _ptr_info1521; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info1521)); if (_ptr_info1521) { NDR_PULL_ALLOC(ndr, r->info1521); @@ -10078,7 +10366,6 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSrvInfo(struct ndr_pull *ndr, int nd break; } case 1522: { - uint32_t _ptr_info1522; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info1522)); if (_ptr_info1522) { NDR_PULL_ALLOC(ndr, r->info1522); @@ -10088,7 +10375,6 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSrvInfo(struct ndr_pull *ndr, int nd break; } case 1523: { - uint32_t _ptr_info1523; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info1523)); if (_ptr_info1523) { NDR_PULL_ALLOC(ndr, r->info1523); @@ -10098,7 +10384,6 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSrvInfo(struct ndr_pull *ndr, int nd break; } case 1524: { - uint32_t _ptr_info1524; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info1524)); if (_ptr_info1524) { NDR_PULL_ALLOC(ndr, r->info1524); @@ -10108,7 +10393,6 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSrvInfo(struct ndr_pull *ndr, int nd break; } case 1525: { - uint32_t _ptr_info1525; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info1525)); if (_ptr_info1525) { NDR_PULL_ALLOC(ndr, r->info1525); @@ -10118,7 +10402,6 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSrvInfo(struct ndr_pull *ndr, int nd break; } case 1528: { - uint32_t _ptr_info1528; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info1528)); if (_ptr_info1528) { NDR_PULL_ALLOC(ndr, r->info1528); @@ -10128,7 +10411,6 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSrvInfo(struct ndr_pull *ndr, int nd break; } case 1529: { - uint32_t _ptr_info1529; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info1529)); if (_ptr_info1529) { NDR_PULL_ALLOC(ndr, r->info1529); @@ -10138,7 +10420,6 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSrvInfo(struct ndr_pull *ndr, int nd break; } case 1530: { - uint32_t _ptr_info1530; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info1530)); if (_ptr_info1530) { NDR_PULL_ALLOC(ndr, r->info1530); @@ -10148,7 +10429,6 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSrvInfo(struct ndr_pull *ndr, int nd break; } case 1533: { - uint32_t _ptr_info1533; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info1533)); if (_ptr_info1533) { NDR_PULL_ALLOC(ndr, r->info1533); @@ -10158,7 +10438,6 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSrvInfo(struct ndr_pull *ndr, int nd break; } case 1534: { - uint32_t _ptr_info1534; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info1534)); if (_ptr_info1534) { NDR_PULL_ALLOC(ndr, r->info1534); @@ -10168,7 +10447,6 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSrvInfo(struct ndr_pull *ndr, int nd break; } case 1535: { - uint32_t _ptr_info1535; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info1535)); if (_ptr_info1535) { NDR_PULL_ALLOC(ndr, r->info1535); @@ -10178,7 +10456,6 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSrvInfo(struct ndr_pull *ndr, int nd break; } case 1536: { - uint32_t _ptr_info1536; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info1536)); if (_ptr_info1536) { NDR_PULL_ALLOC(ndr, r->info1536); @@ -10188,7 +10465,6 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSrvInfo(struct ndr_pull *ndr, int nd break; } case 1537: { - uint32_t _ptr_info1537; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info1537)); if (_ptr_info1537) { NDR_PULL_ALLOC(ndr, r->info1537); @@ -10198,7 +10474,6 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSrvInfo(struct ndr_pull *ndr, int nd break; } case 1538: { - uint32_t _ptr_info1538; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info1538)); if (_ptr_info1538) { NDR_PULL_ALLOC(ndr, r->info1538); @@ -10208,7 +10483,6 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSrvInfo(struct ndr_pull *ndr, int nd break; } case 1539: { - uint32_t _ptr_info1539; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info1539)); if (_ptr_info1539) { NDR_PULL_ALLOC(ndr, r->info1539); @@ -10218,7 +10492,6 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSrvInfo(struct ndr_pull *ndr, int nd break; } case 1540: { - uint32_t _ptr_info1540; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info1540)); if (_ptr_info1540) { NDR_PULL_ALLOC(ndr, r->info1540); @@ -10228,7 +10501,6 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSrvInfo(struct ndr_pull *ndr, int nd break; } case 1541: { - uint32_t _ptr_info1541; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info1541)); if (_ptr_info1541) { NDR_PULL_ALLOC(ndr, r->info1541); @@ -10238,7 +10510,6 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSrvInfo(struct ndr_pull *ndr, int nd break; } case 1542: { - uint32_t _ptr_info1542; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info1542)); if (_ptr_info1542) { NDR_PULL_ALLOC(ndr, r->info1542); @@ -10248,7 +10519,6 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSrvInfo(struct ndr_pull *ndr, int nd break; } case 1543: { - uint32_t _ptr_info1543; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info1543)); if (_ptr_info1543) { NDR_PULL_ALLOC(ndr, r->info1543); @@ -10258,7 +10528,6 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSrvInfo(struct ndr_pull *ndr, int nd break; } case 1544: { - uint32_t _ptr_info1544; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info1544)); if (_ptr_info1544) { NDR_PULL_ALLOC(ndr, r->info1544); @@ -10268,7 +10537,6 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSrvInfo(struct ndr_pull *ndr, int nd break; } case 1545: { - uint32_t _ptr_info1545; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info1545)); if (_ptr_info1545) { NDR_PULL_ALLOC(ndr, r->info1545); @@ -10278,7 +10546,6 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSrvInfo(struct ndr_pull *ndr, int nd break; } case 1546: { - uint32_t _ptr_info1546; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info1546)); if (_ptr_info1546) { NDR_PULL_ALLOC(ndr, r->info1546); @@ -10288,7 +10555,6 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSrvInfo(struct ndr_pull *ndr, int nd break; } case 1547: { - uint32_t _ptr_info1547; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info1547)); if (_ptr_info1547) { NDR_PULL_ALLOC(ndr, r->info1547); @@ -10298,7 +10564,6 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSrvInfo(struct ndr_pull *ndr, int nd break; } case 1548: { - uint32_t _ptr_info1548; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info1548)); if (_ptr_info1548) { NDR_PULL_ALLOC(ndr, r->info1548); @@ -10308,7 +10573,6 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSrvInfo(struct ndr_pull *ndr, int nd break; } case 1549: { - uint32_t _ptr_info1549; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info1549)); if (_ptr_info1549) { NDR_PULL_ALLOC(ndr, r->info1549); @@ -10318,7 +10582,6 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSrvInfo(struct ndr_pull *ndr, int nd break; } case 1550: { - uint32_t _ptr_info1550; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info1550)); if (_ptr_info1550) { NDR_PULL_ALLOC(ndr, r->info1550); @@ -10328,7 +10591,6 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSrvInfo(struct ndr_pull *ndr, int nd break; } case 1552: { - uint32_t _ptr_info1552; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info1552)); if (_ptr_info1552) { NDR_PULL_ALLOC(ndr, r->info1552); @@ -10338,7 +10600,6 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSrvInfo(struct ndr_pull *ndr, int nd break; } case 1553: { - uint32_t _ptr_info1553; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info1553)); if (_ptr_info1553) { NDR_PULL_ALLOC(ndr, r->info1553); @@ -10348,7 +10609,6 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSrvInfo(struct ndr_pull *ndr, int nd break; } case 1554: { - uint32_t _ptr_info1554; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info1554)); if (_ptr_info1554) { NDR_PULL_ALLOC(ndr, r->info1554); @@ -10358,7 +10618,6 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSrvInfo(struct ndr_pull *ndr, int nd break; } case 1555: { - uint32_t _ptr_info1555; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info1555)); if (_ptr_info1555) { NDR_PULL_ALLOC(ndr, r->info1555); @@ -10368,7 +10627,6 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSrvInfo(struct ndr_pull *ndr, int nd break; } case 1556: { - uint32_t _ptr_info1556; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info1556)); if (_ptr_info1556) { NDR_PULL_ALLOC(ndr, r->info1556); @@ -11530,6 +11788,8 @@ static enum ndr_err_code ndr_push_srvsvc_NetDiskInfo(struct ndr_push *ndr, int n static enum ndr_err_code ndr_pull_srvsvc_NetDiskInfo(struct ndr_pull *ndr, int ndr_flags, struct srvsvc_NetDiskInfo *r) { uint32_t _ptr_disks; + uint32_t size_disks_1 = 0; + uint32_t length_disks_1 = 0; uint32_t cntr_disks_1; TALLOC_CTX *_mem_save_disks_0; TALLOC_CTX *_mem_save_disks_1; @@ -11549,13 +11809,15 @@ static enum ndr_err_code ndr_pull_srvsvc_NetDiskInfo(struct ndr_pull *ndr, int n NDR_PULL_SET_MEM_CTX(ndr, r->disks, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->disks)); NDR_CHECK(ndr_pull_array_length(ndr, &r->disks)); - if (ndr_get_array_length(ndr, &r->disks) > ndr_get_array_size(ndr, &r->disks)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->disks), ndr_get_array_length(ndr, &r->disks)); + size_disks_1 = ndr_get_array_size(ndr, &r->disks); + length_disks_1 = ndr_get_array_length(ndr, &r->disks); + if (length_disks_1 > size_disks_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_disks_1, length_disks_1); } - NDR_PULL_ALLOC_N(ndr, r->disks, ndr_get_array_size(ndr, &r->disks)); + NDR_PULL_ALLOC_N(ndr, r->disks, size_disks_1); _mem_save_disks_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->disks, 0); - for (cntr_disks_1 = 0; cntr_disks_1 < r->count; cntr_disks_1++) { + for (cntr_disks_1 = 0; cntr_disks_1 < length_disks_1; cntr_disks_1++) { NDR_CHECK(ndr_pull_srvsvc_NetDiskInfo0(ndr, NDR_SCALARS, &r->disks[cntr_disks_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_disks_1, 0); @@ -11707,10 +11969,15 @@ static enum ndr_err_code ndr_push_srvsvc_NetTransportInfo0(struct ndr_push *ndr, static enum ndr_err_code ndr_pull_srvsvc_NetTransportInfo0(struct ndr_pull *ndr, int ndr_flags, struct srvsvc_NetTransportInfo0 *r) { uint32_t _ptr_name; + uint32_t size_name_1 = 0; + uint32_t length_name_1 = 0; TALLOC_CTX *_mem_save_name_0; uint32_t _ptr_addr; + uint32_t size_addr_1 = 0; TALLOC_CTX *_mem_save_addr_0; uint32_t _ptr_net_addr; + uint32_t size_net_addr_1 = 0; + uint32_t length_net_addr_1 = 0; TALLOC_CTX *_mem_save_net_addr_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); @@ -11741,19 +12008,22 @@ static enum ndr_err_code ndr_pull_srvsvc_NetTransportInfo0(struct ndr_pull *ndr, NDR_PULL_SET_MEM_CTX(ndr, r->name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->name)); - if (ndr_get_array_length(ndr, &r->name) > ndr_get_array_size(ndr, &r->name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->name), ndr_get_array_length(ndr, &r->name)); + size_name_1 = ndr_get_array_size(ndr, &r->name); + length_name_1 = ndr_get_array_length(ndr, &r->name); + if (length_name_1 > size_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_name_1, length_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->name, ndr_get_array_length(ndr, &r->name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->name, length_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_name_0, 0); } if (r->addr) { _mem_save_addr_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->addr, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->addr)); - NDR_PULL_ALLOC_N(ndr, r->addr, ndr_get_array_size(ndr, &r->addr)); - NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->addr, ndr_get_array_size(ndr, &r->addr))); + size_addr_1 = ndr_get_array_size(ndr, &r->addr); + NDR_PULL_ALLOC_N(ndr, r->addr, size_addr_1); + NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->addr, size_addr_1)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_addr_0, 0); } if (r->net_addr) { @@ -11761,11 +12031,13 @@ static enum ndr_err_code ndr_pull_srvsvc_NetTransportInfo0(struct ndr_pull *ndr, NDR_PULL_SET_MEM_CTX(ndr, r->net_addr, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->net_addr)); NDR_CHECK(ndr_pull_array_length(ndr, &r->net_addr)); - if (ndr_get_array_length(ndr, &r->net_addr) > ndr_get_array_size(ndr, &r->net_addr)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->net_addr), ndr_get_array_length(ndr, &r->net_addr)); + size_net_addr_1 = ndr_get_array_size(ndr, &r->net_addr); + length_net_addr_1 = ndr_get_array_length(ndr, &r->net_addr); + if (length_net_addr_1 > size_net_addr_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_net_addr_1, length_net_addr_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->net_addr), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->net_addr, ndr_get_array_length(ndr, &r->net_addr), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_net_addr_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->net_addr, length_net_addr_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_net_addr_0, 0); } if (r->addr) { @@ -11827,6 +12099,7 @@ static enum ndr_err_code ndr_push_srvsvc_NetTransportCtr0(struct ndr_push *ndr, static enum ndr_err_code ndr_pull_srvsvc_NetTransportCtr0(struct ndr_pull *ndr, int ndr_flags, struct srvsvc_NetTransportCtr0 *r) { uint32_t _ptr_array; + uint32_t size_array_1 = 0; uint32_t cntr_array_1; TALLOC_CTX *_mem_save_array_0; TALLOC_CTX *_mem_save_array_1; @@ -11845,13 +12118,14 @@ static enum ndr_err_code ndr_pull_srvsvc_NetTransportCtr0(struct ndr_pull *ndr, _mem_save_array_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->array)); - NDR_PULL_ALLOC_N(ndr, r->array, ndr_get_array_size(ndr, &r->array)); + size_array_1 = ndr_get_array_size(ndr, &r->array); + NDR_PULL_ALLOC_N(ndr, r->array, size_array_1); _mem_save_array_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); - for (cntr_array_1 = 0; cntr_array_1 < r->count; cntr_array_1++) { + for (cntr_array_1 = 0; cntr_array_1 < size_array_1; cntr_array_1++) { NDR_CHECK(ndr_pull_srvsvc_NetTransportInfo0(ndr, NDR_SCALARS, &r->array[cntr_array_1])); } - for (cntr_array_1 = 0; cntr_array_1 < r->count; cntr_array_1++) { + for (cntr_array_1 = 0; cntr_array_1 < size_array_1; cntr_array_1++) { NDR_CHECK(ndr_pull_srvsvc_NetTransportInfo0(ndr, NDR_BUFFERS, &r->array[cntr_array_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_array_1, 0); @@ -11929,12 +12203,19 @@ static enum ndr_err_code ndr_push_srvsvc_NetTransportInfo1(struct ndr_push *ndr, static enum ndr_err_code ndr_pull_srvsvc_NetTransportInfo1(struct ndr_pull *ndr, int ndr_flags, struct srvsvc_NetTransportInfo1 *r) { uint32_t _ptr_name; + uint32_t size_name_1 = 0; + uint32_t length_name_1 = 0; TALLOC_CTX *_mem_save_name_0; uint32_t _ptr_addr; + uint32_t size_addr_1 = 0; TALLOC_CTX *_mem_save_addr_0; uint32_t _ptr_net_addr; + uint32_t size_net_addr_1 = 0; + uint32_t length_net_addr_1 = 0; TALLOC_CTX *_mem_save_net_addr_0; uint32_t _ptr_domain; + uint32_t size_domain_1 = 0; + uint32_t length_domain_1 = 0; TALLOC_CTX *_mem_save_domain_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); @@ -11971,19 +12252,22 @@ static enum ndr_err_code ndr_pull_srvsvc_NetTransportInfo1(struct ndr_pull *ndr, NDR_PULL_SET_MEM_CTX(ndr, r->name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->name)); - if (ndr_get_array_length(ndr, &r->name) > ndr_get_array_size(ndr, &r->name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->name), ndr_get_array_length(ndr, &r->name)); + size_name_1 = ndr_get_array_size(ndr, &r->name); + length_name_1 = ndr_get_array_length(ndr, &r->name); + if (length_name_1 > size_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_name_1, length_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->name, ndr_get_array_length(ndr, &r->name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->name, length_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_name_0, 0); } if (r->addr) { _mem_save_addr_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->addr, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->addr)); - NDR_PULL_ALLOC_N(ndr, r->addr, ndr_get_array_size(ndr, &r->addr)); - NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->addr, ndr_get_array_size(ndr, &r->addr))); + size_addr_1 = ndr_get_array_size(ndr, &r->addr); + NDR_PULL_ALLOC_N(ndr, r->addr, size_addr_1); + NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->addr, size_addr_1)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_addr_0, 0); } if (r->net_addr) { @@ -11991,11 +12275,13 @@ static enum ndr_err_code ndr_pull_srvsvc_NetTransportInfo1(struct ndr_pull *ndr, NDR_PULL_SET_MEM_CTX(ndr, r->net_addr, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->net_addr)); NDR_CHECK(ndr_pull_array_length(ndr, &r->net_addr)); - if (ndr_get_array_length(ndr, &r->net_addr) > ndr_get_array_size(ndr, &r->net_addr)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->net_addr), ndr_get_array_length(ndr, &r->net_addr)); + size_net_addr_1 = ndr_get_array_size(ndr, &r->net_addr); + length_net_addr_1 = ndr_get_array_length(ndr, &r->net_addr); + if (length_net_addr_1 > size_net_addr_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_net_addr_1, length_net_addr_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->net_addr), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->net_addr, ndr_get_array_length(ndr, &r->net_addr), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_net_addr_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->net_addr, length_net_addr_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_net_addr_0, 0); } if (r->domain) { @@ -12003,11 +12289,13 @@ static enum ndr_err_code ndr_pull_srvsvc_NetTransportInfo1(struct ndr_pull *ndr, NDR_PULL_SET_MEM_CTX(ndr, r->domain, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->domain)); NDR_CHECK(ndr_pull_array_length(ndr, &r->domain)); - if (ndr_get_array_length(ndr, &r->domain) > ndr_get_array_size(ndr, &r->domain)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->domain), ndr_get_array_length(ndr, &r->domain)); + size_domain_1 = ndr_get_array_size(ndr, &r->domain); + length_domain_1 = ndr_get_array_length(ndr, &r->domain); + if (length_domain_1 > size_domain_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_domain_1, length_domain_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->domain), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->domain, ndr_get_array_length(ndr, &r->domain), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_domain_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->domain, length_domain_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_domain_0, 0); } if (r->addr) { @@ -12075,6 +12363,7 @@ static enum ndr_err_code ndr_push_srvsvc_NetTransportCtr1(struct ndr_push *ndr, static enum ndr_err_code ndr_pull_srvsvc_NetTransportCtr1(struct ndr_pull *ndr, int ndr_flags, struct srvsvc_NetTransportCtr1 *r) { uint32_t _ptr_array; + uint32_t size_array_1 = 0; uint32_t cntr_array_1; TALLOC_CTX *_mem_save_array_0; TALLOC_CTX *_mem_save_array_1; @@ -12093,13 +12382,14 @@ static enum ndr_err_code ndr_pull_srvsvc_NetTransportCtr1(struct ndr_pull *ndr, _mem_save_array_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->array)); - NDR_PULL_ALLOC_N(ndr, r->array, ndr_get_array_size(ndr, &r->array)); + size_array_1 = ndr_get_array_size(ndr, &r->array); + NDR_PULL_ALLOC_N(ndr, r->array, size_array_1); _mem_save_array_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); - for (cntr_array_1 = 0; cntr_array_1 < r->count; cntr_array_1++) { + for (cntr_array_1 = 0; cntr_array_1 < size_array_1; cntr_array_1++) { NDR_CHECK(ndr_pull_srvsvc_NetTransportInfo1(ndr, NDR_SCALARS, &r->array[cntr_array_1])); } - for (cntr_array_1 = 0; cntr_array_1 < r->count; cntr_array_1++) { + for (cntr_array_1 = 0; cntr_array_1 < size_array_1; cntr_array_1++) { NDR_CHECK(ndr_pull_srvsvc_NetTransportInfo1(ndr, NDR_BUFFERS, &r->array[cntr_array_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_array_1, 0); @@ -12178,12 +12468,19 @@ static enum ndr_err_code ndr_push_srvsvc_NetTransportInfo2(struct ndr_push *ndr, static enum ndr_err_code ndr_pull_srvsvc_NetTransportInfo2(struct ndr_pull *ndr, int ndr_flags, struct srvsvc_NetTransportInfo2 *r) { uint32_t _ptr_name; + uint32_t size_name_1 = 0; + uint32_t length_name_1 = 0; TALLOC_CTX *_mem_save_name_0; uint32_t _ptr_addr; + uint32_t size_addr_1 = 0; TALLOC_CTX *_mem_save_addr_0; uint32_t _ptr_net_addr; + uint32_t size_net_addr_1 = 0; + uint32_t length_net_addr_1 = 0; TALLOC_CTX *_mem_save_net_addr_0; uint32_t _ptr_domain; + uint32_t size_domain_1 = 0; + uint32_t length_domain_1 = 0; TALLOC_CTX *_mem_save_domain_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); @@ -12221,19 +12518,22 @@ static enum ndr_err_code ndr_pull_srvsvc_NetTransportInfo2(struct ndr_pull *ndr, NDR_PULL_SET_MEM_CTX(ndr, r->name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->name)); - if (ndr_get_array_length(ndr, &r->name) > ndr_get_array_size(ndr, &r->name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->name), ndr_get_array_length(ndr, &r->name)); + size_name_1 = ndr_get_array_size(ndr, &r->name); + length_name_1 = ndr_get_array_length(ndr, &r->name); + if (length_name_1 > size_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_name_1, length_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->name, ndr_get_array_length(ndr, &r->name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->name, length_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_name_0, 0); } if (r->addr) { _mem_save_addr_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->addr, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->addr)); - NDR_PULL_ALLOC_N(ndr, r->addr, ndr_get_array_size(ndr, &r->addr)); - NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->addr, ndr_get_array_size(ndr, &r->addr))); + size_addr_1 = ndr_get_array_size(ndr, &r->addr); + NDR_PULL_ALLOC_N(ndr, r->addr, size_addr_1); + NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->addr, size_addr_1)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_addr_0, 0); } if (r->net_addr) { @@ -12241,11 +12541,13 @@ static enum ndr_err_code ndr_pull_srvsvc_NetTransportInfo2(struct ndr_pull *ndr, NDR_PULL_SET_MEM_CTX(ndr, r->net_addr, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->net_addr)); NDR_CHECK(ndr_pull_array_length(ndr, &r->net_addr)); - if (ndr_get_array_length(ndr, &r->net_addr) > ndr_get_array_size(ndr, &r->net_addr)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->net_addr), ndr_get_array_length(ndr, &r->net_addr)); + size_net_addr_1 = ndr_get_array_size(ndr, &r->net_addr); + length_net_addr_1 = ndr_get_array_length(ndr, &r->net_addr); + if (length_net_addr_1 > size_net_addr_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_net_addr_1, length_net_addr_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->net_addr), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->net_addr, ndr_get_array_length(ndr, &r->net_addr), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_net_addr_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->net_addr, length_net_addr_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_net_addr_0, 0); } if (r->domain) { @@ -12253,11 +12555,13 @@ static enum ndr_err_code ndr_pull_srvsvc_NetTransportInfo2(struct ndr_pull *ndr, NDR_PULL_SET_MEM_CTX(ndr, r->domain, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->domain)); NDR_CHECK(ndr_pull_array_length(ndr, &r->domain)); - if (ndr_get_array_length(ndr, &r->domain) > ndr_get_array_size(ndr, &r->domain)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->domain), ndr_get_array_length(ndr, &r->domain)); + size_domain_1 = ndr_get_array_size(ndr, &r->domain); + length_domain_1 = ndr_get_array_length(ndr, &r->domain); + if (length_domain_1 > size_domain_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_domain_1, length_domain_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->domain), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->domain, ndr_get_array_length(ndr, &r->domain), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_domain_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->domain, length_domain_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_domain_0, 0); } if (r->addr) { @@ -12326,6 +12630,7 @@ static enum ndr_err_code ndr_push_srvsvc_NetTransportCtr2(struct ndr_push *ndr, static enum ndr_err_code ndr_pull_srvsvc_NetTransportCtr2(struct ndr_pull *ndr, int ndr_flags, struct srvsvc_NetTransportCtr2 *r) { uint32_t _ptr_array; + uint32_t size_array_1 = 0; uint32_t cntr_array_1; TALLOC_CTX *_mem_save_array_0; TALLOC_CTX *_mem_save_array_1; @@ -12344,13 +12649,14 @@ static enum ndr_err_code ndr_pull_srvsvc_NetTransportCtr2(struct ndr_pull *ndr, _mem_save_array_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->array)); - NDR_PULL_ALLOC_N(ndr, r->array, ndr_get_array_size(ndr, &r->array)); + size_array_1 = ndr_get_array_size(ndr, &r->array); + NDR_PULL_ALLOC_N(ndr, r->array, size_array_1); _mem_save_array_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); - for (cntr_array_1 = 0; cntr_array_1 < r->count; cntr_array_1++) { + for (cntr_array_1 = 0; cntr_array_1 < size_array_1; cntr_array_1++) { NDR_CHECK(ndr_pull_srvsvc_NetTransportInfo2(ndr, NDR_SCALARS, &r->array[cntr_array_1])); } - for (cntr_array_1 = 0; cntr_array_1 < r->count; cntr_array_1++) { + for (cntr_array_1 = 0; cntr_array_1 < size_array_1; cntr_array_1++) { NDR_CHECK(ndr_pull_srvsvc_NetTransportInfo2(ndr, NDR_BUFFERS, &r->array[cntr_array_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_array_1, 0); @@ -12431,13 +12737,21 @@ static enum ndr_err_code ndr_push_srvsvc_NetTransportInfo3(struct ndr_push *ndr, static enum ndr_err_code ndr_pull_srvsvc_NetTransportInfo3(struct ndr_pull *ndr, int ndr_flags, struct srvsvc_NetTransportInfo3 *r) { uint32_t _ptr_name; + uint32_t size_name_1 = 0; + uint32_t length_name_1 = 0; TALLOC_CTX *_mem_save_name_0; uint32_t _ptr_addr; + uint32_t size_addr_1 = 0; TALLOC_CTX *_mem_save_addr_0; uint32_t _ptr_net_addr; + uint32_t size_net_addr_1 = 0; + uint32_t length_net_addr_1 = 0; TALLOC_CTX *_mem_save_net_addr_0; uint32_t _ptr_domain; + uint32_t size_domain_1 = 0; + uint32_t length_domain_1 = 0; TALLOC_CTX *_mem_save_domain_0; + uint32_t size_unknown3_0 = 0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->vcs)); @@ -12468,7 +12782,8 @@ static enum ndr_err_code ndr_pull_srvsvc_NetTransportInfo3(struct ndr_pull *ndr, } NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->unknown1)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->unknown2)); - NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->unknown3, 256)); + size_unknown3_0 = 256; + NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->unknown3, size_unknown3_0)); } if (ndr_flags & NDR_BUFFERS) { if (r->name) { @@ -12476,19 +12791,22 @@ static enum ndr_err_code ndr_pull_srvsvc_NetTransportInfo3(struct ndr_pull *ndr, NDR_PULL_SET_MEM_CTX(ndr, r->name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->name)); - if (ndr_get_array_length(ndr, &r->name) > ndr_get_array_size(ndr, &r->name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->name), ndr_get_array_length(ndr, &r->name)); + size_name_1 = ndr_get_array_size(ndr, &r->name); + length_name_1 = ndr_get_array_length(ndr, &r->name); + if (length_name_1 > size_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_name_1, length_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->name, ndr_get_array_length(ndr, &r->name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->name, length_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_name_0, 0); } if (r->addr) { _mem_save_addr_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->addr, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->addr)); - NDR_PULL_ALLOC_N(ndr, r->addr, ndr_get_array_size(ndr, &r->addr)); - NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->addr, ndr_get_array_size(ndr, &r->addr))); + size_addr_1 = ndr_get_array_size(ndr, &r->addr); + NDR_PULL_ALLOC_N(ndr, r->addr, size_addr_1); + NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->addr, size_addr_1)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_addr_0, 0); } if (r->net_addr) { @@ -12496,11 +12814,13 @@ static enum ndr_err_code ndr_pull_srvsvc_NetTransportInfo3(struct ndr_pull *ndr, NDR_PULL_SET_MEM_CTX(ndr, r->net_addr, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->net_addr)); NDR_CHECK(ndr_pull_array_length(ndr, &r->net_addr)); - if (ndr_get_array_length(ndr, &r->net_addr) > ndr_get_array_size(ndr, &r->net_addr)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->net_addr), ndr_get_array_length(ndr, &r->net_addr)); + size_net_addr_1 = ndr_get_array_size(ndr, &r->net_addr); + length_net_addr_1 = ndr_get_array_length(ndr, &r->net_addr); + if (length_net_addr_1 > size_net_addr_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_net_addr_1, length_net_addr_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->net_addr), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->net_addr, ndr_get_array_length(ndr, &r->net_addr), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_net_addr_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->net_addr, length_net_addr_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_net_addr_0, 0); } if (r->domain) { @@ -12508,11 +12828,13 @@ static enum ndr_err_code ndr_pull_srvsvc_NetTransportInfo3(struct ndr_pull *ndr, NDR_PULL_SET_MEM_CTX(ndr, r->domain, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->domain)); NDR_CHECK(ndr_pull_array_length(ndr, &r->domain)); - if (ndr_get_array_length(ndr, &r->domain) > ndr_get_array_size(ndr, &r->domain)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->domain), ndr_get_array_length(ndr, &r->domain)); + size_domain_1 = ndr_get_array_size(ndr, &r->domain); + length_domain_1 = ndr_get_array_length(ndr, &r->domain); + if (length_domain_1 > size_domain_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_domain_1, length_domain_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->domain), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->domain, ndr_get_array_length(ndr, &r->domain), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_domain_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->domain, length_domain_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_domain_0, 0); } if (r->addr) { @@ -12583,6 +12905,7 @@ static enum ndr_err_code ndr_push_srvsvc_NetTransportCtr3(struct ndr_push *ndr, static enum ndr_err_code ndr_pull_srvsvc_NetTransportCtr3(struct ndr_pull *ndr, int ndr_flags, struct srvsvc_NetTransportCtr3 *r) { uint32_t _ptr_array; + uint32_t size_array_1 = 0; uint32_t cntr_array_1; TALLOC_CTX *_mem_save_array_0; TALLOC_CTX *_mem_save_array_1; @@ -12601,13 +12924,14 @@ static enum ndr_err_code ndr_pull_srvsvc_NetTransportCtr3(struct ndr_pull *ndr, _mem_save_array_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->array)); - NDR_PULL_ALLOC_N(ndr, r->array, ndr_get_array_size(ndr, &r->array)); + size_array_1 = ndr_get_array_size(ndr, &r->array); + NDR_PULL_ALLOC_N(ndr, r->array, size_array_1); _mem_save_array_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); - for (cntr_array_1 = 0; cntr_array_1 < r->count; cntr_array_1++) { + for (cntr_array_1 = 0; cntr_array_1 < size_array_1; cntr_array_1++) { NDR_CHECK(ndr_pull_srvsvc_NetTransportInfo3(ndr, NDR_SCALARS, &r->array[cntr_array_1])); } - for (cntr_array_1 = 0; cntr_array_1 < r->count; cntr_array_1++) { + for (cntr_array_1 = 0; cntr_array_1 < size_array_1; cntr_array_1++) { NDR_CHECK(ndr_pull_srvsvc_NetTransportInfo3(ndr, NDR_BUFFERS, &r->array[cntr_array_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_array_1, 0); @@ -12711,9 +13035,13 @@ static enum ndr_err_code ndr_pull_srvsvc_NetTransportCtr(struct ndr_pull *ndr, i int level; uint32_t _level; TALLOC_CTX *_mem_save_ctr0_0; + uint32_t _ptr_ctr0; TALLOC_CTX *_mem_save_ctr1_0; + uint32_t _ptr_ctr1; TALLOC_CTX *_mem_save_ctr2_0; + uint32_t _ptr_ctr2; TALLOC_CTX *_mem_save_ctr3_0; + uint32_t _ptr_ctr3; level = ndr_pull_get_switch_value(ndr, r); if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &_level)); @@ -12722,7 +13050,6 @@ static enum ndr_err_code ndr_pull_srvsvc_NetTransportCtr(struct ndr_pull *ndr, i } switch (level) { case 0: { - uint32_t _ptr_ctr0; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_ctr0)); if (_ptr_ctr0) { NDR_PULL_ALLOC(ndr, r->ctr0); @@ -12732,7 +13059,6 @@ static enum ndr_err_code ndr_pull_srvsvc_NetTransportCtr(struct ndr_pull *ndr, i break; } case 1: { - uint32_t _ptr_ctr1; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_ctr1)); if (_ptr_ctr1) { NDR_PULL_ALLOC(ndr, r->ctr1); @@ -12742,7 +13068,6 @@ static enum ndr_err_code ndr_pull_srvsvc_NetTransportCtr(struct ndr_pull *ndr, i break; } case 2: { - uint32_t _ptr_ctr2; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_ctr2)); if (_ptr_ctr2) { NDR_PULL_ALLOC(ndr, r->ctr2); @@ -12752,7 +13077,6 @@ static enum ndr_err_code ndr_pull_srvsvc_NetTransportCtr(struct ndr_pull *ndr, i break; } case 3: { - uint32_t _ptr_ctr3; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_ctr3)); if (_ptr_ctr3) { NDR_PULL_ALLOC(ndr, r->ctr3); @@ -13109,6 +13433,8 @@ static enum ndr_err_code ndr_push_srvsvc_NetCharDevEnum(struct ndr_push *ndr, in static enum ndr_err_code ndr_pull_srvsvc_NetCharDevEnum(struct ndr_pull *ndr, int flags, struct srvsvc_NetCharDevEnum *r) { uint32_t _ptr_server_unc; + uint32_t size_server_unc_1 = 0; + uint32_t length_server_unc_1 = 0; uint32_t _ptr_resume_handle; TALLOC_CTX *_mem_save_server_unc_0; TALLOC_CTX *_mem_save_level_0; @@ -13129,11 +13455,13 @@ static enum ndr_err_code ndr_pull_srvsvc_NetCharDevEnum(struct ndr_pull *ndr, in NDR_PULL_SET_MEM_CTX(ndr, r->in.server_unc, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.server_unc)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.server_unc)); - if (ndr_get_array_length(ndr, &r->in.server_unc) > ndr_get_array_size(ndr, &r->in.server_unc)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.server_unc), ndr_get_array_length(ndr, &r->in.server_unc)); + size_server_unc_1 = ndr_get_array_size(ndr, &r->in.server_unc); + length_server_unc_1 = ndr_get_array_length(ndr, &r->in.server_unc); + if (length_server_unc_1 > size_server_unc_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_unc_1, length_server_unc_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.server_unc), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_unc, ndr_get_array_length(ndr, &r->in.server_unc), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_unc_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_unc, length_server_unc_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_unc_0, 0); } if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) { @@ -13303,6 +13631,10 @@ static enum ndr_err_code ndr_push_srvsvc_NetCharDevGetInfo(struct ndr_push *ndr, static enum ndr_err_code ndr_pull_srvsvc_NetCharDevGetInfo(struct ndr_pull *ndr, int flags, struct srvsvc_NetCharDevGetInfo *r) { uint32_t _ptr_server_unc; + uint32_t size_server_unc_1 = 0; + uint32_t length_server_unc_1 = 0; + uint32_t size_device_name_0 = 0; + uint32_t length_device_name_0 = 0; TALLOC_CTX *_mem_save_server_unc_0; TALLOC_CTX *_mem_save_info_0; if (flags & NDR_IN) { @@ -13319,20 +13651,24 @@ static enum ndr_err_code ndr_pull_srvsvc_NetCharDevGetInfo(struct ndr_pull *ndr, NDR_PULL_SET_MEM_CTX(ndr, r->in.server_unc, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.server_unc)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.server_unc)); - if (ndr_get_array_length(ndr, &r->in.server_unc) > ndr_get_array_size(ndr, &r->in.server_unc)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.server_unc), ndr_get_array_length(ndr, &r->in.server_unc)); + size_server_unc_1 = ndr_get_array_size(ndr, &r->in.server_unc); + length_server_unc_1 = ndr_get_array_length(ndr, &r->in.server_unc); + if (length_server_unc_1 > size_server_unc_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_unc_1, length_server_unc_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.server_unc), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_unc, ndr_get_array_length(ndr, &r->in.server_unc), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_unc_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_unc, length_server_unc_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_unc_0, 0); } NDR_CHECK(ndr_pull_array_size(ndr, &r->in.device_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.device_name)); - if (ndr_get_array_length(ndr, &r->in.device_name) > ndr_get_array_size(ndr, &r->in.device_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.device_name), ndr_get_array_length(ndr, &r->in.device_name)); + size_device_name_0 = ndr_get_array_size(ndr, &r->in.device_name); + length_device_name_0 = ndr_get_array_length(ndr, &r->in.device_name); + if (length_device_name_0 > size_device_name_0) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_device_name_0, length_device_name_0); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.device_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.device_name, ndr_get_array_length(ndr, &r->in.device_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_device_name_0, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.device_name, length_device_name_0, sizeof(uint16_t), CH_UTF16)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.level)); NDR_PULL_ALLOC(ndr, r->out.info); ZERO_STRUCTP(r->out.info); @@ -13410,6 +13746,10 @@ static enum ndr_err_code ndr_push_srvsvc_NetCharDevControl(struct ndr_push *ndr, static enum ndr_err_code ndr_pull_srvsvc_NetCharDevControl(struct ndr_pull *ndr, int flags, struct srvsvc_NetCharDevControl *r) { uint32_t _ptr_server_unc; + uint32_t size_server_unc_1 = 0; + uint32_t length_server_unc_1 = 0; + uint32_t size_device_name_0 = 0; + uint32_t length_device_name_0 = 0; TALLOC_CTX *_mem_save_server_unc_0; if (flags & NDR_IN) { NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_server_unc)); @@ -13423,20 +13763,24 @@ static enum ndr_err_code ndr_pull_srvsvc_NetCharDevControl(struct ndr_pull *ndr, NDR_PULL_SET_MEM_CTX(ndr, r->in.server_unc, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.server_unc)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.server_unc)); - if (ndr_get_array_length(ndr, &r->in.server_unc) > ndr_get_array_size(ndr, &r->in.server_unc)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.server_unc), ndr_get_array_length(ndr, &r->in.server_unc)); + size_server_unc_1 = ndr_get_array_size(ndr, &r->in.server_unc); + length_server_unc_1 = ndr_get_array_length(ndr, &r->in.server_unc); + if (length_server_unc_1 > size_server_unc_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_unc_1, length_server_unc_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.server_unc), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_unc, ndr_get_array_length(ndr, &r->in.server_unc), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_unc_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_unc, length_server_unc_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_unc_0, 0); } NDR_CHECK(ndr_pull_array_size(ndr, &r->in.device_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.device_name)); - if (ndr_get_array_length(ndr, &r->in.device_name) > ndr_get_array_size(ndr, &r->in.device_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.device_name), ndr_get_array_length(ndr, &r->in.device_name)); + size_device_name_0 = ndr_get_array_size(ndr, &r->in.device_name); + length_device_name_0 = ndr_get_array_length(ndr, &r->in.device_name); + if (length_device_name_0 > size_device_name_0) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_device_name_0, length_device_name_0); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.device_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.device_name, ndr_get_array_length(ndr, &r->in.device_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_device_name_0, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.device_name, length_device_name_0, sizeof(uint16_t), CH_UTF16)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.opcode)); } if (flags & NDR_OUT) { @@ -13532,7 +13876,11 @@ static enum ndr_err_code ndr_push_srvsvc_NetCharDevQEnum(struct ndr_push *ndr, i static enum ndr_err_code ndr_pull_srvsvc_NetCharDevQEnum(struct ndr_pull *ndr, int flags, struct srvsvc_NetCharDevQEnum *r) { uint32_t _ptr_server_unc; + uint32_t size_server_unc_1 = 0; + uint32_t length_server_unc_1 = 0; uint32_t _ptr_user; + uint32_t size_user_1 = 0; + uint32_t length_user_1 = 0; uint32_t _ptr_resume_handle; TALLOC_CTX *_mem_save_server_unc_0; TALLOC_CTX *_mem_save_user_0; @@ -13554,11 +13902,13 @@ static enum ndr_err_code ndr_pull_srvsvc_NetCharDevQEnum(struct ndr_pull *ndr, i NDR_PULL_SET_MEM_CTX(ndr, r->in.server_unc, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.server_unc)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.server_unc)); - if (ndr_get_array_length(ndr, &r->in.server_unc) > ndr_get_array_size(ndr, &r->in.server_unc)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.server_unc), ndr_get_array_length(ndr, &r->in.server_unc)); + size_server_unc_1 = ndr_get_array_size(ndr, &r->in.server_unc); + length_server_unc_1 = ndr_get_array_length(ndr, &r->in.server_unc); + if (length_server_unc_1 > size_server_unc_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_unc_1, length_server_unc_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.server_unc), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_unc, ndr_get_array_length(ndr, &r->in.server_unc), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_unc_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_unc, length_server_unc_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_unc_0, 0); } NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_user)); @@ -13572,11 +13922,13 @@ static enum ndr_err_code ndr_pull_srvsvc_NetCharDevQEnum(struct ndr_pull *ndr, i NDR_PULL_SET_MEM_CTX(ndr, r->in.user, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.user)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.user)); - if (ndr_get_array_length(ndr, &r->in.user) > ndr_get_array_size(ndr, &r->in.user)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.user), ndr_get_array_length(ndr, &r->in.user)); + size_user_1 = ndr_get_array_size(ndr, &r->in.user); + length_user_1 = ndr_get_array_length(ndr, &r->in.user); + if (length_user_1 > size_user_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_user_1, length_user_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.user), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.user, ndr_get_array_length(ndr, &r->in.user), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_user_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.user, length_user_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_user_0, 0); } if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) { @@ -13756,6 +14108,12 @@ static enum ndr_err_code ndr_push_srvsvc_NetCharDevQGetInfo(struct ndr_push *ndr static enum ndr_err_code ndr_pull_srvsvc_NetCharDevQGetInfo(struct ndr_pull *ndr, int flags, struct srvsvc_NetCharDevQGetInfo *r) { uint32_t _ptr_server_unc; + uint32_t size_server_unc_1 = 0; + uint32_t length_server_unc_1 = 0; + uint32_t size_queue_name_0 = 0; + uint32_t length_queue_name_0 = 0; + uint32_t size_user_0 = 0; + uint32_t length_user_0 = 0; TALLOC_CTX *_mem_save_server_unc_0; TALLOC_CTX *_mem_save_info_0; if (flags & NDR_IN) { @@ -13772,27 +14130,33 @@ static enum ndr_err_code ndr_pull_srvsvc_NetCharDevQGetInfo(struct ndr_pull *ndr NDR_PULL_SET_MEM_CTX(ndr, r->in.server_unc, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.server_unc)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.server_unc)); - if (ndr_get_array_length(ndr, &r->in.server_unc) > ndr_get_array_size(ndr, &r->in.server_unc)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.server_unc), ndr_get_array_length(ndr, &r->in.server_unc)); + size_server_unc_1 = ndr_get_array_size(ndr, &r->in.server_unc); + length_server_unc_1 = ndr_get_array_length(ndr, &r->in.server_unc); + if (length_server_unc_1 > size_server_unc_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_unc_1, length_server_unc_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.server_unc), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_unc, ndr_get_array_length(ndr, &r->in.server_unc), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_unc_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_unc, length_server_unc_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_unc_0, 0); } NDR_CHECK(ndr_pull_array_size(ndr, &r->in.queue_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.queue_name)); - if (ndr_get_array_length(ndr, &r->in.queue_name) > ndr_get_array_size(ndr, &r->in.queue_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.queue_name), ndr_get_array_length(ndr, &r->in.queue_name)); + size_queue_name_0 = ndr_get_array_size(ndr, &r->in.queue_name); + length_queue_name_0 = ndr_get_array_length(ndr, &r->in.queue_name); + if (length_queue_name_0 > size_queue_name_0) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_queue_name_0, length_queue_name_0); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.queue_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.queue_name, ndr_get_array_length(ndr, &r->in.queue_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_queue_name_0, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.queue_name, length_queue_name_0, sizeof(uint16_t), CH_UTF16)); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.user)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.user)); - if (ndr_get_array_length(ndr, &r->in.user) > ndr_get_array_size(ndr, &r->in.user)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.user), ndr_get_array_length(ndr, &r->in.user)); + size_user_0 = ndr_get_array_size(ndr, &r->in.user); + length_user_0 = ndr_get_array_length(ndr, &r->in.user); + if (length_user_0 > size_user_0) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_user_0, length_user_0); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.user), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.user, ndr_get_array_length(ndr, &r->in.user), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_user_0, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.user, length_user_0, sizeof(uint16_t), CH_UTF16)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.level)); NDR_PULL_ALLOC(ndr, r->out.info); ZERO_STRUCTP(r->out.info); @@ -13881,6 +14245,10 @@ static enum ndr_err_code ndr_push_srvsvc_NetCharDevQSetInfo(struct ndr_push *ndr static enum ndr_err_code ndr_pull_srvsvc_NetCharDevQSetInfo(struct ndr_pull *ndr, int flags, struct srvsvc_NetCharDevQSetInfo *r) { uint32_t _ptr_server_unc; + uint32_t size_server_unc_1 = 0; + uint32_t length_server_unc_1 = 0; + uint32_t size_queue_name_0 = 0; + uint32_t length_queue_name_0 = 0; uint32_t _ptr_parm_error; TALLOC_CTX *_mem_save_server_unc_0; TALLOC_CTX *_mem_save_parm_error_0; @@ -13898,20 +14266,24 @@ static enum ndr_err_code ndr_pull_srvsvc_NetCharDevQSetInfo(struct ndr_pull *ndr NDR_PULL_SET_MEM_CTX(ndr, r->in.server_unc, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.server_unc)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.server_unc)); - if (ndr_get_array_length(ndr, &r->in.server_unc) > ndr_get_array_size(ndr, &r->in.server_unc)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.server_unc), ndr_get_array_length(ndr, &r->in.server_unc)); + size_server_unc_1 = ndr_get_array_size(ndr, &r->in.server_unc); + length_server_unc_1 = ndr_get_array_length(ndr, &r->in.server_unc); + if (length_server_unc_1 > size_server_unc_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_unc_1, length_server_unc_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.server_unc), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_unc, ndr_get_array_length(ndr, &r->in.server_unc), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_unc_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_unc, length_server_unc_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_unc_0, 0); } NDR_CHECK(ndr_pull_array_size(ndr, &r->in.queue_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.queue_name)); - if (ndr_get_array_length(ndr, &r->in.queue_name) > ndr_get_array_size(ndr, &r->in.queue_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.queue_name), ndr_get_array_length(ndr, &r->in.queue_name)); + size_queue_name_0 = ndr_get_array_size(ndr, &r->in.queue_name); + length_queue_name_0 = ndr_get_array_length(ndr, &r->in.queue_name); + if (length_queue_name_0 > size_queue_name_0) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_queue_name_0, length_queue_name_0); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.queue_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.queue_name, ndr_get_array_length(ndr, &r->in.queue_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_queue_name_0, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.queue_name, length_queue_name_0, sizeof(uint16_t), CH_UTF16)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.level)); NDR_CHECK(ndr_pull_set_switch_value(ndr, &r->in.info, r->in.level)); NDR_CHECK(ndr_pull_srvsvc_NetCharDevQInfo(ndr, NDR_SCALARS|NDR_BUFFERS, &r->in.info)); @@ -14013,6 +14385,10 @@ static enum ndr_err_code ndr_push_srvsvc_NetCharDevQPurge(struct ndr_push *ndr, static enum ndr_err_code ndr_pull_srvsvc_NetCharDevQPurge(struct ndr_pull *ndr, int flags, struct srvsvc_NetCharDevQPurge *r) { uint32_t _ptr_server_unc; + uint32_t size_server_unc_1 = 0; + uint32_t length_server_unc_1 = 0; + uint32_t size_queue_name_0 = 0; + uint32_t length_queue_name_0 = 0; TALLOC_CTX *_mem_save_server_unc_0; if (flags & NDR_IN) { NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_server_unc)); @@ -14026,20 +14402,24 @@ static enum ndr_err_code ndr_pull_srvsvc_NetCharDevQPurge(struct ndr_pull *ndr, NDR_PULL_SET_MEM_CTX(ndr, r->in.server_unc, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.server_unc)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.server_unc)); - if (ndr_get_array_length(ndr, &r->in.server_unc) > ndr_get_array_size(ndr, &r->in.server_unc)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.server_unc), ndr_get_array_length(ndr, &r->in.server_unc)); + size_server_unc_1 = ndr_get_array_size(ndr, &r->in.server_unc); + length_server_unc_1 = ndr_get_array_length(ndr, &r->in.server_unc); + if (length_server_unc_1 > size_server_unc_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_unc_1, length_server_unc_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.server_unc), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_unc, ndr_get_array_length(ndr, &r->in.server_unc), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_unc_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_unc, length_server_unc_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_unc_0, 0); } NDR_CHECK(ndr_pull_array_size(ndr, &r->in.queue_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.queue_name)); - if (ndr_get_array_length(ndr, &r->in.queue_name) > ndr_get_array_size(ndr, &r->in.queue_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.queue_name), ndr_get_array_length(ndr, &r->in.queue_name)); + size_queue_name_0 = ndr_get_array_size(ndr, &r->in.queue_name); + length_queue_name_0 = ndr_get_array_length(ndr, &r->in.queue_name); + if (length_queue_name_0 > size_queue_name_0) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_queue_name_0, length_queue_name_0); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.queue_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.queue_name, ndr_get_array_length(ndr, &r->in.queue_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_queue_name_0, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.queue_name, length_queue_name_0, sizeof(uint16_t), CH_UTF16)); } if (flags & NDR_OUT) { NDR_CHECK(ndr_pull_WERROR(ndr, NDR_SCALARS, &r->out.result)); @@ -14103,6 +14483,12 @@ static enum ndr_err_code ndr_push_srvsvc_NetCharDevQPurgeSelf(struct ndr_push *n static enum ndr_err_code ndr_pull_srvsvc_NetCharDevQPurgeSelf(struct ndr_pull *ndr, int flags, struct srvsvc_NetCharDevQPurgeSelf *r) { uint32_t _ptr_server_unc; + uint32_t size_server_unc_1 = 0; + uint32_t length_server_unc_1 = 0; + uint32_t size_queue_name_0 = 0; + uint32_t length_queue_name_0 = 0; + uint32_t size_computer_name_0 = 0; + uint32_t length_computer_name_0 = 0; TALLOC_CTX *_mem_save_server_unc_0; if (flags & NDR_IN) { NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_server_unc)); @@ -14116,27 +14502,33 @@ static enum ndr_err_code ndr_pull_srvsvc_NetCharDevQPurgeSelf(struct ndr_pull *n NDR_PULL_SET_MEM_CTX(ndr, r->in.server_unc, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.server_unc)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.server_unc)); - if (ndr_get_array_length(ndr, &r->in.server_unc) > ndr_get_array_size(ndr, &r->in.server_unc)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.server_unc), ndr_get_array_length(ndr, &r->in.server_unc)); + size_server_unc_1 = ndr_get_array_size(ndr, &r->in.server_unc); + length_server_unc_1 = ndr_get_array_length(ndr, &r->in.server_unc); + if (length_server_unc_1 > size_server_unc_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_unc_1, length_server_unc_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.server_unc), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_unc, ndr_get_array_length(ndr, &r->in.server_unc), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_unc_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_unc, length_server_unc_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_unc_0, 0); } NDR_CHECK(ndr_pull_array_size(ndr, &r->in.queue_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.queue_name)); - if (ndr_get_array_length(ndr, &r->in.queue_name) > ndr_get_array_size(ndr, &r->in.queue_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.queue_name), ndr_get_array_length(ndr, &r->in.queue_name)); + size_queue_name_0 = ndr_get_array_size(ndr, &r->in.queue_name); + length_queue_name_0 = ndr_get_array_length(ndr, &r->in.queue_name); + if (length_queue_name_0 > size_queue_name_0) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_queue_name_0, length_queue_name_0); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.queue_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.queue_name, ndr_get_array_length(ndr, &r->in.queue_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_queue_name_0, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.queue_name, length_queue_name_0, sizeof(uint16_t), CH_UTF16)); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.computer_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.computer_name)); - if (ndr_get_array_length(ndr, &r->in.computer_name) > ndr_get_array_size(ndr, &r->in.computer_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.computer_name), ndr_get_array_length(ndr, &r->in.computer_name)); + size_computer_name_0 = ndr_get_array_size(ndr, &r->in.computer_name); + length_computer_name_0 = ndr_get_array_length(ndr, &r->in.computer_name); + if (length_computer_name_0 > size_computer_name_0) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_computer_name_0, length_computer_name_0); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.computer_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.computer_name, ndr_get_array_length(ndr, &r->in.computer_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_computer_name_0, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.computer_name, length_computer_name_0, sizeof(uint16_t), CH_UTF16)); } if (flags & NDR_OUT) { NDR_CHECK(ndr_pull_WERROR(ndr, NDR_SCALARS, &r->out.result)); @@ -14221,7 +14613,11 @@ static enum ndr_err_code ndr_push_srvsvc_NetConnEnum(struct ndr_push *ndr, int f static enum ndr_err_code ndr_pull_srvsvc_NetConnEnum(struct ndr_pull *ndr, int flags, struct srvsvc_NetConnEnum *r) { uint32_t _ptr_server_unc; + uint32_t size_server_unc_1 = 0; + uint32_t length_server_unc_1 = 0; uint32_t _ptr_path; + uint32_t size_path_1 = 0; + uint32_t length_path_1 = 0; uint32_t _ptr_resume_handle; TALLOC_CTX *_mem_save_server_unc_0; TALLOC_CTX *_mem_save_path_0; @@ -14242,11 +14638,13 @@ static enum ndr_err_code ndr_pull_srvsvc_NetConnEnum(struct ndr_pull *ndr, int f NDR_PULL_SET_MEM_CTX(ndr, r->in.server_unc, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.server_unc)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.server_unc)); - if (ndr_get_array_length(ndr, &r->in.server_unc) > ndr_get_array_size(ndr, &r->in.server_unc)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.server_unc), ndr_get_array_length(ndr, &r->in.server_unc)); + size_server_unc_1 = ndr_get_array_size(ndr, &r->in.server_unc); + length_server_unc_1 = ndr_get_array_length(ndr, &r->in.server_unc); + if (length_server_unc_1 > size_server_unc_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_unc_1, length_server_unc_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.server_unc), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_unc, ndr_get_array_length(ndr, &r->in.server_unc), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_unc_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_unc, length_server_unc_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_unc_0, 0); } NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_path)); @@ -14260,11 +14658,13 @@ static enum ndr_err_code ndr_pull_srvsvc_NetConnEnum(struct ndr_pull *ndr, int f NDR_PULL_SET_MEM_CTX(ndr, r->in.path, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.path)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.path)); - if (ndr_get_array_length(ndr, &r->in.path) > ndr_get_array_size(ndr, &r->in.path)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.path), ndr_get_array_length(ndr, &r->in.path)); + size_path_1 = ndr_get_array_size(ndr, &r->in.path); + length_path_1 = ndr_get_array_length(ndr, &r->in.path); + if (length_path_1 > size_path_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_path_1, length_path_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.path), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.path, ndr_get_array_length(ndr, &r->in.path), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_path_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.path, length_path_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_path_0, 0); } if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) { @@ -14437,8 +14837,14 @@ static enum ndr_err_code ndr_push_srvsvc_NetFileEnum(struct ndr_push *ndr, int f static enum ndr_err_code ndr_pull_srvsvc_NetFileEnum(struct ndr_pull *ndr, int flags, struct srvsvc_NetFileEnum *r) { uint32_t _ptr_server_unc; + uint32_t size_server_unc_1 = 0; + uint32_t length_server_unc_1 = 0; uint32_t _ptr_path; + uint32_t size_path_1 = 0; + uint32_t length_path_1 = 0; uint32_t _ptr_user; + uint32_t size_user_1 = 0; + uint32_t length_user_1 = 0; uint32_t _ptr_resume_handle; TALLOC_CTX *_mem_save_server_unc_0; TALLOC_CTX *_mem_save_path_0; @@ -14460,11 +14866,13 @@ static enum ndr_err_code ndr_pull_srvsvc_NetFileEnum(struct ndr_pull *ndr, int f NDR_PULL_SET_MEM_CTX(ndr, r->in.server_unc, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.server_unc)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.server_unc)); - if (ndr_get_array_length(ndr, &r->in.server_unc) > ndr_get_array_size(ndr, &r->in.server_unc)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.server_unc), ndr_get_array_length(ndr, &r->in.server_unc)); + size_server_unc_1 = ndr_get_array_size(ndr, &r->in.server_unc); + length_server_unc_1 = ndr_get_array_length(ndr, &r->in.server_unc); + if (length_server_unc_1 > size_server_unc_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_unc_1, length_server_unc_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.server_unc), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_unc, ndr_get_array_length(ndr, &r->in.server_unc), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_unc_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_unc, length_server_unc_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_unc_0, 0); } NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_path)); @@ -14478,11 +14886,13 @@ static enum ndr_err_code ndr_pull_srvsvc_NetFileEnum(struct ndr_pull *ndr, int f NDR_PULL_SET_MEM_CTX(ndr, r->in.path, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.path)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.path)); - if (ndr_get_array_length(ndr, &r->in.path) > ndr_get_array_size(ndr, &r->in.path)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.path), ndr_get_array_length(ndr, &r->in.path)); + size_path_1 = ndr_get_array_size(ndr, &r->in.path); + length_path_1 = ndr_get_array_length(ndr, &r->in.path); + if (length_path_1 > size_path_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_path_1, length_path_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.path), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.path, ndr_get_array_length(ndr, &r->in.path), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_path_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.path, length_path_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_path_0, 0); } NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_user)); @@ -14496,11 +14906,13 @@ static enum ndr_err_code ndr_pull_srvsvc_NetFileEnum(struct ndr_pull *ndr, int f NDR_PULL_SET_MEM_CTX(ndr, r->in.user, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.user)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.user)); - if (ndr_get_array_length(ndr, &r->in.user) > ndr_get_array_size(ndr, &r->in.user)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.user), ndr_get_array_length(ndr, &r->in.user)); + size_user_1 = ndr_get_array_size(ndr, &r->in.user); + length_user_1 = ndr_get_array_length(ndr, &r->in.user); + if (length_user_1 > size_user_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_user_1, length_user_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.user), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.user, ndr_get_array_length(ndr, &r->in.user), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_user_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.user, length_user_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_user_0, 0); } if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) { @@ -14651,6 +15063,8 @@ static enum ndr_err_code ndr_push_srvsvc_NetFileGetInfo(struct ndr_push *ndr, in static enum ndr_err_code ndr_pull_srvsvc_NetFileGetInfo(struct ndr_pull *ndr, int flags, struct srvsvc_NetFileGetInfo *r) { uint32_t _ptr_server_unc; + uint32_t size_server_unc_1 = 0; + uint32_t length_server_unc_1 = 0; TALLOC_CTX *_mem_save_server_unc_0; TALLOC_CTX *_mem_save_info_0; if (flags & NDR_IN) { @@ -14667,11 +15081,13 @@ static enum ndr_err_code ndr_pull_srvsvc_NetFileGetInfo(struct ndr_pull *ndr, in NDR_PULL_SET_MEM_CTX(ndr, r->in.server_unc, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.server_unc)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.server_unc)); - if (ndr_get_array_length(ndr, &r->in.server_unc) > ndr_get_array_size(ndr, &r->in.server_unc)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.server_unc), ndr_get_array_length(ndr, &r->in.server_unc)); + size_server_unc_1 = ndr_get_array_size(ndr, &r->in.server_unc); + length_server_unc_1 = ndr_get_array_length(ndr, &r->in.server_unc); + if (length_server_unc_1 > size_server_unc_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_unc_1, length_server_unc_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.server_unc), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_unc, ndr_get_array_length(ndr, &r->in.server_unc), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_unc_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_unc, length_server_unc_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_unc_0, 0); } NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.fid)); @@ -14748,6 +15164,8 @@ static enum ndr_err_code ndr_push_srvsvc_NetFileClose(struct ndr_push *ndr, int static enum ndr_err_code ndr_pull_srvsvc_NetFileClose(struct ndr_pull *ndr, int flags, struct srvsvc_NetFileClose *r) { uint32_t _ptr_server_unc; + uint32_t size_server_unc_1 = 0; + uint32_t length_server_unc_1 = 0; TALLOC_CTX *_mem_save_server_unc_0; if (flags & NDR_IN) { NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_server_unc)); @@ -14761,11 +15179,13 @@ static enum ndr_err_code ndr_pull_srvsvc_NetFileClose(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->in.server_unc, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.server_unc)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.server_unc)); - if (ndr_get_array_length(ndr, &r->in.server_unc) > ndr_get_array_size(ndr, &r->in.server_unc)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.server_unc), ndr_get_array_length(ndr, &r->in.server_unc)); + size_server_unc_1 = ndr_get_array_size(ndr, &r->in.server_unc); + length_server_unc_1 = ndr_get_array_length(ndr, &r->in.server_unc); + if (length_server_unc_1 > size_server_unc_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_unc_1, length_server_unc_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.server_unc), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_unc, ndr_get_array_length(ndr, &r->in.server_unc), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_unc_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_unc, length_server_unc_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_unc_0, 0); } NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.fid)); @@ -14859,8 +15279,14 @@ static enum ndr_err_code ndr_push_srvsvc_NetSessEnum(struct ndr_push *ndr, int f static enum ndr_err_code ndr_pull_srvsvc_NetSessEnum(struct ndr_pull *ndr, int flags, struct srvsvc_NetSessEnum *r) { uint32_t _ptr_server_unc; + uint32_t size_server_unc_1 = 0; + uint32_t length_server_unc_1 = 0; uint32_t _ptr_client; + uint32_t size_client_1 = 0; + uint32_t length_client_1 = 0; uint32_t _ptr_user; + uint32_t size_user_1 = 0; + uint32_t length_user_1 = 0; uint32_t _ptr_resume_handle; TALLOC_CTX *_mem_save_server_unc_0; TALLOC_CTX *_mem_save_client_0; @@ -14882,11 +15308,13 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSessEnum(struct ndr_pull *ndr, int f NDR_PULL_SET_MEM_CTX(ndr, r->in.server_unc, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.server_unc)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.server_unc)); - if (ndr_get_array_length(ndr, &r->in.server_unc) > ndr_get_array_size(ndr, &r->in.server_unc)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.server_unc), ndr_get_array_length(ndr, &r->in.server_unc)); + size_server_unc_1 = ndr_get_array_size(ndr, &r->in.server_unc); + length_server_unc_1 = ndr_get_array_length(ndr, &r->in.server_unc); + if (length_server_unc_1 > size_server_unc_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_unc_1, length_server_unc_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.server_unc), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_unc, ndr_get_array_length(ndr, &r->in.server_unc), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_unc_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_unc, length_server_unc_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_unc_0, 0); } NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_client)); @@ -14900,11 +15328,13 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSessEnum(struct ndr_pull *ndr, int f NDR_PULL_SET_MEM_CTX(ndr, r->in.client, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.client)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.client)); - if (ndr_get_array_length(ndr, &r->in.client) > ndr_get_array_size(ndr, &r->in.client)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.client), ndr_get_array_length(ndr, &r->in.client)); + size_client_1 = ndr_get_array_size(ndr, &r->in.client); + length_client_1 = ndr_get_array_length(ndr, &r->in.client); + if (length_client_1 > size_client_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_client_1, length_client_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.client), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.client, ndr_get_array_length(ndr, &r->in.client), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_client_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.client, length_client_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_client_0, 0); } NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_user)); @@ -14918,11 +15348,13 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSessEnum(struct ndr_pull *ndr, int f NDR_PULL_SET_MEM_CTX(ndr, r->in.user, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.user)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.user)); - if (ndr_get_array_length(ndr, &r->in.user) > ndr_get_array_size(ndr, &r->in.user)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.user), ndr_get_array_length(ndr, &r->in.user)); + size_user_1 = ndr_get_array_size(ndr, &r->in.user); + length_user_1 = ndr_get_array_length(ndr, &r->in.user); + if (length_user_1 > size_user_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_user_1, length_user_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.user), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.user, ndr_get_array_length(ndr, &r->in.user), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_user_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.user, length_user_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_user_0, 0); } if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) { @@ -15080,8 +15512,14 @@ static enum ndr_err_code ndr_push_srvsvc_NetSessDel(struct ndr_push *ndr, int fl static enum ndr_err_code ndr_pull_srvsvc_NetSessDel(struct ndr_pull *ndr, int flags, struct srvsvc_NetSessDel *r) { uint32_t _ptr_server_unc; + uint32_t size_server_unc_1 = 0; + uint32_t length_server_unc_1 = 0; uint32_t _ptr_client; + uint32_t size_client_1 = 0; + uint32_t length_client_1 = 0; uint32_t _ptr_user; + uint32_t size_user_1 = 0; + uint32_t length_user_1 = 0; TALLOC_CTX *_mem_save_server_unc_0; TALLOC_CTX *_mem_save_client_0; TALLOC_CTX *_mem_save_user_0; @@ -15097,11 +15535,13 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSessDel(struct ndr_pull *ndr, int fl NDR_PULL_SET_MEM_CTX(ndr, r->in.server_unc, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.server_unc)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.server_unc)); - if (ndr_get_array_length(ndr, &r->in.server_unc) > ndr_get_array_size(ndr, &r->in.server_unc)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.server_unc), ndr_get_array_length(ndr, &r->in.server_unc)); + size_server_unc_1 = ndr_get_array_size(ndr, &r->in.server_unc); + length_server_unc_1 = ndr_get_array_length(ndr, &r->in.server_unc); + if (length_server_unc_1 > size_server_unc_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_unc_1, length_server_unc_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.server_unc), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_unc, ndr_get_array_length(ndr, &r->in.server_unc), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_unc_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_unc, length_server_unc_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_unc_0, 0); } NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_client)); @@ -15115,11 +15555,13 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSessDel(struct ndr_pull *ndr, int fl NDR_PULL_SET_MEM_CTX(ndr, r->in.client, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.client)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.client)); - if (ndr_get_array_length(ndr, &r->in.client) > ndr_get_array_size(ndr, &r->in.client)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.client), ndr_get_array_length(ndr, &r->in.client)); + size_client_1 = ndr_get_array_size(ndr, &r->in.client); + length_client_1 = ndr_get_array_length(ndr, &r->in.client); + if (length_client_1 > size_client_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_client_1, length_client_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.client), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.client, ndr_get_array_length(ndr, &r->in.client), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_client_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.client, length_client_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_client_0, 0); } NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_user)); @@ -15133,11 +15575,13 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSessDel(struct ndr_pull *ndr, int fl NDR_PULL_SET_MEM_CTX(ndr, r->in.user, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.user)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.user)); - if (ndr_get_array_length(ndr, &r->in.user) > ndr_get_array_size(ndr, &r->in.user)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.user), ndr_get_array_length(ndr, &r->in.user)); + size_user_1 = ndr_get_array_size(ndr, &r->in.user); + length_user_1 = ndr_get_array_length(ndr, &r->in.user); + if (length_user_1 > size_user_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_user_1, length_user_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.user), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.user, ndr_get_array_length(ndr, &r->in.user), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_user_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.user, length_user_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_user_0, 0); } } @@ -15220,6 +15664,8 @@ static enum ndr_err_code ndr_push_srvsvc_NetShareAdd(struct ndr_push *ndr, int f static enum ndr_err_code ndr_pull_srvsvc_NetShareAdd(struct ndr_pull *ndr, int flags, struct srvsvc_NetShareAdd *r) { uint32_t _ptr_server_unc; + uint32_t size_server_unc_1 = 0; + uint32_t length_server_unc_1 = 0; uint32_t _ptr_parm_error; TALLOC_CTX *_mem_save_server_unc_0; TALLOC_CTX *_mem_save_info_0; @@ -15238,11 +15684,13 @@ static enum ndr_err_code ndr_pull_srvsvc_NetShareAdd(struct ndr_pull *ndr, int f NDR_PULL_SET_MEM_CTX(ndr, r->in.server_unc, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.server_unc)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.server_unc)); - if (ndr_get_array_length(ndr, &r->in.server_unc) > ndr_get_array_size(ndr, &r->in.server_unc)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.server_unc), ndr_get_array_length(ndr, &r->in.server_unc)); + size_server_unc_1 = ndr_get_array_size(ndr, &r->in.server_unc); + length_server_unc_1 = ndr_get_array_length(ndr, &r->in.server_unc); + if (length_server_unc_1 > size_server_unc_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_unc_1, length_server_unc_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.server_unc), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_unc, ndr_get_array_length(ndr, &r->in.server_unc), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_unc_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_unc, length_server_unc_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_unc_0, 0); } NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.level)); @@ -15371,6 +15819,8 @@ static enum ndr_err_code ndr_push_srvsvc_NetShareEnumAll(struct ndr_push *ndr, i static enum ndr_err_code ndr_pull_srvsvc_NetShareEnumAll(struct ndr_pull *ndr, int flags, struct srvsvc_NetShareEnumAll *r) { uint32_t _ptr_server_unc; + uint32_t size_server_unc_1 = 0; + uint32_t length_server_unc_1 = 0; uint32_t _ptr_resume_handle; TALLOC_CTX *_mem_save_server_unc_0; TALLOC_CTX *_mem_save_info_ctr_0; @@ -15390,11 +15840,13 @@ static enum ndr_err_code ndr_pull_srvsvc_NetShareEnumAll(struct ndr_pull *ndr, i NDR_PULL_SET_MEM_CTX(ndr, r->in.server_unc, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.server_unc)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.server_unc)); - if (ndr_get_array_length(ndr, &r->in.server_unc) > ndr_get_array_size(ndr, &r->in.server_unc)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.server_unc), ndr_get_array_length(ndr, &r->in.server_unc)); + size_server_unc_1 = ndr_get_array_size(ndr, &r->in.server_unc); + length_server_unc_1 = ndr_get_array_length(ndr, &r->in.server_unc); + if (length_server_unc_1 > size_server_unc_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_unc_1, length_server_unc_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.server_unc), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_unc, ndr_get_array_length(ndr, &r->in.server_unc), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_unc_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_unc, length_server_unc_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_unc_0, 0); } if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) { @@ -15536,6 +15988,10 @@ static enum ndr_err_code ndr_push_srvsvc_NetShareGetInfo(struct ndr_push *ndr, i static enum ndr_err_code ndr_pull_srvsvc_NetShareGetInfo(struct ndr_pull *ndr, int flags, struct srvsvc_NetShareGetInfo *r) { uint32_t _ptr_server_unc; + uint32_t size_server_unc_1 = 0; + uint32_t length_server_unc_1 = 0; + uint32_t size_share_name_0 = 0; + uint32_t length_share_name_0 = 0; TALLOC_CTX *_mem_save_server_unc_0; TALLOC_CTX *_mem_save_info_0; if (flags & NDR_IN) { @@ -15552,20 +16008,24 @@ static enum ndr_err_code ndr_pull_srvsvc_NetShareGetInfo(struct ndr_pull *ndr, i NDR_PULL_SET_MEM_CTX(ndr, r->in.server_unc, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.server_unc)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.server_unc)); - if (ndr_get_array_length(ndr, &r->in.server_unc) > ndr_get_array_size(ndr, &r->in.server_unc)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.server_unc), ndr_get_array_length(ndr, &r->in.server_unc)); + size_server_unc_1 = ndr_get_array_size(ndr, &r->in.server_unc); + length_server_unc_1 = ndr_get_array_length(ndr, &r->in.server_unc); + if (length_server_unc_1 > size_server_unc_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_unc_1, length_server_unc_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.server_unc), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_unc, ndr_get_array_length(ndr, &r->in.server_unc), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_unc_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_unc, length_server_unc_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_unc_0, 0); } NDR_CHECK(ndr_pull_array_size(ndr, &r->in.share_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.share_name)); - if (ndr_get_array_length(ndr, &r->in.share_name) > ndr_get_array_size(ndr, &r->in.share_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.share_name), ndr_get_array_length(ndr, &r->in.share_name)); + size_share_name_0 = ndr_get_array_size(ndr, &r->in.share_name); + length_share_name_0 = ndr_get_array_length(ndr, &r->in.share_name); + if (length_share_name_0 > size_share_name_0) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_share_name_0, length_share_name_0); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.share_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.share_name, ndr_get_array_length(ndr, &r->in.share_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_share_name_0, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.share_name, length_share_name_0, sizeof(uint16_t), CH_UTF16)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.level)); NDR_PULL_ALLOC(ndr, r->out.info); ZERO_STRUCTP(r->out.info); @@ -15656,6 +16116,10 @@ static enum ndr_err_code ndr_push_srvsvc_NetShareSetInfo(struct ndr_push *ndr, i static enum ndr_err_code ndr_pull_srvsvc_NetShareSetInfo(struct ndr_pull *ndr, int flags, struct srvsvc_NetShareSetInfo *r) { uint32_t _ptr_server_unc; + uint32_t size_server_unc_1 = 0; + uint32_t length_server_unc_1 = 0; + uint32_t size_share_name_0 = 0; + uint32_t length_share_name_0 = 0; uint32_t _ptr_parm_error; TALLOC_CTX *_mem_save_server_unc_0; TALLOC_CTX *_mem_save_info_0; @@ -15674,20 +16138,24 @@ static enum ndr_err_code ndr_pull_srvsvc_NetShareSetInfo(struct ndr_pull *ndr, i NDR_PULL_SET_MEM_CTX(ndr, r->in.server_unc, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.server_unc)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.server_unc)); - if (ndr_get_array_length(ndr, &r->in.server_unc) > ndr_get_array_size(ndr, &r->in.server_unc)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.server_unc), ndr_get_array_length(ndr, &r->in.server_unc)); + size_server_unc_1 = ndr_get_array_size(ndr, &r->in.server_unc); + length_server_unc_1 = ndr_get_array_length(ndr, &r->in.server_unc); + if (length_server_unc_1 > size_server_unc_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_unc_1, length_server_unc_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.server_unc), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_unc, ndr_get_array_length(ndr, &r->in.server_unc), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_unc_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_unc, length_server_unc_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_unc_0, 0); } NDR_CHECK(ndr_pull_array_size(ndr, &r->in.share_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.share_name)); - if (ndr_get_array_length(ndr, &r->in.share_name) > ndr_get_array_size(ndr, &r->in.share_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.share_name), ndr_get_array_length(ndr, &r->in.share_name)); + size_share_name_0 = ndr_get_array_size(ndr, &r->in.share_name); + length_share_name_0 = ndr_get_array_length(ndr, &r->in.share_name); + if (length_share_name_0 > size_share_name_0) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_share_name_0, length_share_name_0); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.share_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.share_name, ndr_get_array_length(ndr, &r->in.share_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_share_name_0, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.share_name, length_share_name_0, sizeof(uint16_t), CH_UTF16)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.level)); if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) { NDR_PULL_ALLOC(ndr, r->in.info); @@ -15799,6 +16267,10 @@ static enum ndr_err_code ndr_push_srvsvc_NetShareDel(struct ndr_push *ndr, int f static enum ndr_err_code ndr_pull_srvsvc_NetShareDel(struct ndr_pull *ndr, int flags, struct srvsvc_NetShareDel *r) { uint32_t _ptr_server_unc; + uint32_t size_server_unc_1 = 0; + uint32_t length_server_unc_1 = 0; + uint32_t size_share_name_0 = 0; + uint32_t length_share_name_0 = 0; TALLOC_CTX *_mem_save_server_unc_0; if (flags & NDR_IN) { NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_server_unc)); @@ -15812,20 +16284,24 @@ static enum ndr_err_code ndr_pull_srvsvc_NetShareDel(struct ndr_pull *ndr, int f NDR_PULL_SET_MEM_CTX(ndr, r->in.server_unc, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.server_unc)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.server_unc)); - if (ndr_get_array_length(ndr, &r->in.server_unc) > ndr_get_array_size(ndr, &r->in.server_unc)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.server_unc), ndr_get_array_length(ndr, &r->in.server_unc)); + size_server_unc_1 = ndr_get_array_size(ndr, &r->in.server_unc); + length_server_unc_1 = ndr_get_array_length(ndr, &r->in.server_unc); + if (length_server_unc_1 > size_server_unc_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_unc_1, length_server_unc_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.server_unc), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_unc, ndr_get_array_length(ndr, &r->in.server_unc), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_unc_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_unc, length_server_unc_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_unc_0, 0); } NDR_CHECK(ndr_pull_array_size(ndr, &r->in.share_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.share_name)); - if (ndr_get_array_length(ndr, &r->in.share_name) > ndr_get_array_size(ndr, &r->in.share_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.share_name), ndr_get_array_length(ndr, &r->in.share_name)); + size_share_name_0 = ndr_get_array_size(ndr, &r->in.share_name); + length_share_name_0 = ndr_get_array_length(ndr, &r->in.share_name); + if (length_share_name_0 > size_share_name_0) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_share_name_0, length_share_name_0); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.share_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.share_name, ndr_get_array_length(ndr, &r->in.share_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_share_name_0, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.share_name, length_share_name_0, sizeof(uint16_t), CH_UTF16)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.reserved)); } if (flags & NDR_OUT) { @@ -15888,6 +16364,10 @@ static enum ndr_err_code ndr_push_srvsvc_NetShareDelSticky(struct ndr_push *ndr, static enum ndr_err_code ndr_pull_srvsvc_NetShareDelSticky(struct ndr_pull *ndr, int flags, struct srvsvc_NetShareDelSticky *r) { uint32_t _ptr_server_unc; + uint32_t size_server_unc_1 = 0; + uint32_t length_server_unc_1 = 0; + uint32_t size_share_name_0 = 0; + uint32_t length_share_name_0 = 0; TALLOC_CTX *_mem_save_server_unc_0; if (flags & NDR_IN) { NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_server_unc)); @@ -15901,20 +16381,24 @@ static enum ndr_err_code ndr_pull_srvsvc_NetShareDelSticky(struct ndr_pull *ndr, NDR_PULL_SET_MEM_CTX(ndr, r->in.server_unc, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.server_unc)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.server_unc)); - if (ndr_get_array_length(ndr, &r->in.server_unc) > ndr_get_array_size(ndr, &r->in.server_unc)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.server_unc), ndr_get_array_length(ndr, &r->in.server_unc)); + size_server_unc_1 = ndr_get_array_size(ndr, &r->in.server_unc); + length_server_unc_1 = ndr_get_array_length(ndr, &r->in.server_unc); + if (length_server_unc_1 > size_server_unc_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_unc_1, length_server_unc_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.server_unc), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_unc, ndr_get_array_length(ndr, &r->in.server_unc), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_unc_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_unc, length_server_unc_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_unc_0, 0); } NDR_CHECK(ndr_pull_array_size(ndr, &r->in.share_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.share_name)); - if (ndr_get_array_length(ndr, &r->in.share_name) > ndr_get_array_size(ndr, &r->in.share_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.share_name), ndr_get_array_length(ndr, &r->in.share_name)); + size_share_name_0 = ndr_get_array_size(ndr, &r->in.share_name); + length_share_name_0 = ndr_get_array_length(ndr, &r->in.share_name); + if (length_share_name_0 > size_share_name_0) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_share_name_0, length_share_name_0); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.share_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.share_name, ndr_get_array_length(ndr, &r->in.share_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_share_name_0, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.share_name, length_share_name_0, sizeof(uint16_t), CH_UTF16)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.reserved)); } if (flags & NDR_OUT) { @@ -15980,6 +16464,10 @@ static enum ndr_err_code ndr_push_srvsvc_NetShareCheck(struct ndr_push *ndr, int static enum ndr_err_code ndr_pull_srvsvc_NetShareCheck(struct ndr_pull *ndr, int flags, struct srvsvc_NetShareCheck *r) { uint32_t _ptr_server_unc; + uint32_t size_server_unc_1 = 0; + uint32_t length_server_unc_1 = 0; + uint32_t size_device_name_0 = 0; + uint32_t length_device_name_0 = 0; TALLOC_CTX *_mem_save_server_unc_0; TALLOC_CTX *_mem_save_type_0; if (flags & NDR_IN) { @@ -15996,20 +16484,24 @@ static enum ndr_err_code ndr_pull_srvsvc_NetShareCheck(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->in.server_unc, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.server_unc)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.server_unc)); - if (ndr_get_array_length(ndr, &r->in.server_unc) > ndr_get_array_size(ndr, &r->in.server_unc)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.server_unc), ndr_get_array_length(ndr, &r->in.server_unc)); + size_server_unc_1 = ndr_get_array_size(ndr, &r->in.server_unc); + length_server_unc_1 = ndr_get_array_length(ndr, &r->in.server_unc); + if (length_server_unc_1 > size_server_unc_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_unc_1, length_server_unc_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.server_unc), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_unc, ndr_get_array_length(ndr, &r->in.server_unc), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_unc_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_unc, length_server_unc_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_unc_0, 0); } NDR_CHECK(ndr_pull_array_size(ndr, &r->in.device_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.device_name)); - if (ndr_get_array_length(ndr, &r->in.device_name) > ndr_get_array_size(ndr, &r->in.device_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.device_name), ndr_get_array_length(ndr, &r->in.device_name)); + size_device_name_0 = ndr_get_array_size(ndr, &r->in.device_name); + length_device_name_0 = ndr_get_array_length(ndr, &r->in.device_name); + if (length_device_name_0 > size_device_name_0) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_device_name_0, length_device_name_0); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.device_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.device_name, ndr_get_array_length(ndr, &r->in.device_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_device_name_0, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.device_name, length_device_name_0, sizeof(uint16_t), CH_UTF16)); NDR_PULL_ALLOC(ndr, r->out.type); ZERO_STRUCTP(r->out.type); } @@ -16084,6 +16576,8 @@ static enum ndr_err_code ndr_push_srvsvc_NetSrvGetInfo(struct ndr_push *ndr, int static enum ndr_err_code ndr_pull_srvsvc_NetSrvGetInfo(struct ndr_pull *ndr, int flags, struct srvsvc_NetSrvGetInfo *r) { uint32_t _ptr_server_unc; + uint32_t size_server_unc_1 = 0; + uint32_t length_server_unc_1 = 0; TALLOC_CTX *_mem_save_server_unc_0; TALLOC_CTX *_mem_save_info_0; if (flags & NDR_IN) { @@ -16100,11 +16594,13 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSrvGetInfo(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->in.server_unc, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.server_unc)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.server_unc)); - if (ndr_get_array_length(ndr, &r->in.server_unc) > ndr_get_array_size(ndr, &r->in.server_unc)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.server_unc), ndr_get_array_length(ndr, &r->in.server_unc)); + size_server_unc_1 = ndr_get_array_size(ndr, &r->in.server_unc); + length_server_unc_1 = ndr_get_array_length(ndr, &r->in.server_unc); + if (length_server_unc_1 > size_server_unc_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_unc_1, length_server_unc_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.server_unc), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_unc, ndr_get_array_length(ndr, &r->in.server_unc), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_unc_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_unc, length_server_unc_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_unc_0, 0); } NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.level)); @@ -16192,6 +16688,8 @@ static enum ndr_err_code ndr_push_srvsvc_NetSrvSetInfo(struct ndr_push *ndr, int static enum ndr_err_code ndr_pull_srvsvc_NetSrvSetInfo(struct ndr_pull *ndr, int flags, struct srvsvc_NetSrvSetInfo *r) { uint32_t _ptr_server_unc; + uint32_t size_server_unc_1 = 0; + uint32_t length_server_unc_1 = 0; uint32_t _ptr_parm_error; TALLOC_CTX *_mem_save_server_unc_0; TALLOC_CTX *_mem_save_info_0; @@ -16210,11 +16708,13 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSrvSetInfo(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->in.server_unc, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.server_unc)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.server_unc)); - if (ndr_get_array_length(ndr, &r->in.server_unc) > ndr_get_array_size(ndr, &r->in.server_unc)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.server_unc), ndr_get_array_length(ndr, &r->in.server_unc)); + size_server_unc_1 = ndr_get_array_size(ndr, &r->in.server_unc); + length_server_unc_1 = ndr_get_array_length(ndr, &r->in.server_unc); + if (length_server_unc_1 > size_server_unc_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_unc_1, length_server_unc_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.server_unc), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_unc, ndr_get_array_length(ndr, &r->in.server_unc), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_unc_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_unc, length_server_unc_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_unc_0, 0); } NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.level)); @@ -16344,6 +16844,8 @@ static enum ndr_err_code ndr_push_srvsvc_NetDiskEnum(struct ndr_push *ndr, int f static enum ndr_err_code ndr_pull_srvsvc_NetDiskEnum(struct ndr_pull *ndr, int flags, struct srvsvc_NetDiskEnum *r) { uint32_t _ptr_server_unc; + uint32_t size_server_unc_1 = 0; + uint32_t length_server_unc_1 = 0; uint32_t _ptr_resume_handle; TALLOC_CTX *_mem_save_server_unc_0; TALLOC_CTX *_mem_save_info_0; @@ -16363,11 +16865,13 @@ static enum ndr_err_code ndr_pull_srvsvc_NetDiskEnum(struct ndr_pull *ndr, int f NDR_PULL_SET_MEM_CTX(ndr, r->in.server_unc, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.server_unc)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.server_unc)); - if (ndr_get_array_length(ndr, &r->in.server_unc) > ndr_get_array_size(ndr, &r->in.server_unc)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.server_unc), ndr_get_array_length(ndr, &r->in.server_unc)); + size_server_unc_1 = ndr_get_array_size(ndr, &r->in.server_unc); + length_server_unc_1 = ndr_get_array_length(ndr, &r->in.server_unc); + if (length_server_unc_1 > size_server_unc_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_unc_1, length_server_unc_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.server_unc), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_unc, ndr_get_array_length(ndr, &r->in.server_unc), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_unc_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_unc, length_server_unc_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_unc_0, 0); } NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.level)); @@ -16514,7 +17018,11 @@ static enum ndr_err_code ndr_push_srvsvc_NetServerStatisticsGet(struct ndr_push static enum ndr_err_code ndr_pull_srvsvc_NetServerStatisticsGet(struct ndr_pull *ndr, int flags, struct srvsvc_NetServerStatisticsGet *r) { uint32_t _ptr_server_unc; + uint32_t size_server_unc_1 = 0; + uint32_t length_server_unc_1 = 0; uint32_t _ptr_service; + uint32_t size_service_1 = 0; + uint32_t length_service_1 = 0; TALLOC_CTX *_mem_save_server_unc_0; TALLOC_CTX *_mem_save_service_0; TALLOC_CTX *_mem_save_stats_0; @@ -16532,11 +17040,13 @@ static enum ndr_err_code ndr_pull_srvsvc_NetServerStatisticsGet(struct ndr_pull NDR_PULL_SET_MEM_CTX(ndr, r->in.server_unc, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.server_unc)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.server_unc)); - if (ndr_get_array_length(ndr, &r->in.server_unc) > ndr_get_array_size(ndr, &r->in.server_unc)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.server_unc), ndr_get_array_length(ndr, &r->in.server_unc)); + size_server_unc_1 = ndr_get_array_size(ndr, &r->in.server_unc); + length_server_unc_1 = ndr_get_array_length(ndr, &r->in.server_unc); + if (length_server_unc_1 > size_server_unc_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_unc_1, length_server_unc_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.server_unc), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_unc, ndr_get_array_length(ndr, &r->in.server_unc), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_unc_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_unc, length_server_unc_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_unc_0, 0); } NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_service)); @@ -16550,11 +17060,13 @@ static enum ndr_err_code ndr_pull_srvsvc_NetServerStatisticsGet(struct ndr_pull NDR_PULL_SET_MEM_CTX(ndr, r->in.service, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.service)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.service)); - if (ndr_get_array_length(ndr, &r->in.service) > ndr_get_array_size(ndr, &r->in.service)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.service), ndr_get_array_length(ndr, &r->in.service)); + size_service_1 = ndr_get_array_size(ndr, &r->in.service); + length_service_1 = ndr_get_array_length(ndr, &r->in.service); + if (length_service_1 > size_service_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_service_1, length_service_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.service), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.service, ndr_get_array_length(ndr, &r->in.service), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_service_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.service, length_service_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_service_0, 0); } NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.level)); @@ -16637,6 +17149,8 @@ static enum ndr_err_code ndr_push_srvsvc_NetTransportAdd(struct ndr_push *ndr, i static enum ndr_err_code ndr_pull_srvsvc_NetTransportAdd(struct ndr_pull *ndr, int flags, struct srvsvc_NetTransportAdd *r) { uint32_t _ptr_server_unc; + uint32_t size_server_unc_1 = 0; + uint32_t length_server_unc_1 = 0; TALLOC_CTX *_mem_save_server_unc_0; if (flags & NDR_IN) { NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_server_unc)); @@ -16650,11 +17164,13 @@ static enum ndr_err_code ndr_pull_srvsvc_NetTransportAdd(struct ndr_pull *ndr, i NDR_PULL_SET_MEM_CTX(ndr, r->in.server_unc, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.server_unc)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.server_unc)); - if (ndr_get_array_length(ndr, &r->in.server_unc) > ndr_get_array_size(ndr, &r->in.server_unc)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.server_unc), ndr_get_array_length(ndr, &r->in.server_unc)); + size_server_unc_1 = ndr_get_array_size(ndr, &r->in.server_unc); + length_server_unc_1 = ndr_get_array_length(ndr, &r->in.server_unc); + if (length_server_unc_1 > size_server_unc_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_unc_1, length_server_unc_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.server_unc), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_unc, ndr_get_array_length(ndr, &r->in.server_unc), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_unc_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_unc, length_server_unc_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_unc_0, 0); } NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.level)); @@ -16748,6 +17264,8 @@ static enum ndr_err_code ndr_push_srvsvc_NetTransportEnum(struct ndr_push *ndr, static enum ndr_err_code ndr_pull_srvsvc_NetTransportEnum(struct ndr_pull *ndr, int flags, struct srvsvc_NetTransportEnum *r) { uint32_t _ptr_server_unc; + uint32_t size_server_unc_1 = 0; + uint32_t length_server_unc_1 = 0; uint32_t _ptr_resume_handle; TALLOC_CTX *_mem_save_server_unc_0; TALLOC_CTX *_mem_save_level_0; @@ -16768,11 +17286,13 @@ static enum ndr_err_code ndr_pull_srvsvc_NetTransportEnum(struct ndr_pull *ndr, NDR_PULL_SET_MEM_CTX(ndr, r->in.server_unc, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.server_unc)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.server_unc)); - if (ndr_get_array_length(ndr, &r->in.server_unc) > ndr_get_array_size(ndr, &r->in.server_unc)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.server_unc), ndr_get_array_length(ndr, &r->in.server_unc)); + size_server_unc_1 = ndr_get_array_size(ndr, &r->in.server_unc); + length_server_unc_1 = ndr_get_array_length(ndr, &r->in.server_unc); + if (length_server_unc_1 > size_server_unc_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_unc_1, length_server_unc_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.server_unc), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_unc, ndr_get_array_length(ndr, &r->in.server_unc), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_unc_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_unc, length_server_unc_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_unc_0, 0); } if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) { @@ -16934,6 +17454,8 @@ static enum ndr_err_code ndr_push_srvsvc_NetTransportDel(struct ndr_push *ndr, i static enum ndr_err_code ndr_pull_srvsvc_NetTransportDel(struct ndr_pull *ndr, int flags, struct srvsvc_NetTransportDel *r) { uint32_t _ptr_server_unc; + uint32_t size_server_unc_1 = 0; + uint32_t length_server_unc_1 = 0; TALLOC_CTX *_mem_save_server_unc_0; if (flags & NDR_IN) { NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_server_unc)); @@ -16947,11 +17469,13 @@ static enum ndr_err_code ndr_pull_srvsvc_NetTransportDel(struct ndr_pull *ndr, i NDR_PULL_SET_MEM_CTX(ndr, r->in.server_unc, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.server_unc)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.server_unc)); - if (ndr_get_array_length(ndr, &r->in.server_unc) > ndr_get_array_size(ndr, &r->in.server_unc)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.server_unc), ndr_get_array_length(ndr, &r->in.server_unc)); + size_server_unc_1 = ndr_get_array_size(ndr, &r->in.server_unc); + length_server_unc_1 = ndr_get_array_length(ndr, &r->in.server_unc); + if (length_server_unc_1 > size_server_unc_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_unc_1, length_server_unc_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.server_unc), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_unc, ndr_get_array_length(ndr, &r->in.server_unc), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_unc_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_unc, length_server_unc_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_unc_0, 0); } NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.unknown)); @@ -17019,6 +17543,8 @@ static enum ndr_err_code ndr_push_srvsvc_NetRemoteTOD(struct ndr_push *ndr, int static enum ndr_err_code ndr_pull_srvsvc_NetRemoteTOD(struct ndr_pull *ndr, int flags, struct srvsvc_NetRemoteTOD *r) { uint32_t _ptr_server_unc; + uint32_t size_server_unc_1 = 0; + uint32_t length_server_unc_1 = 0; uint32_t _ptr_info; TALLOC_CTX *_mem_save_server_unc_0; TALLOC_CTX *_mem_save_info_0; @@ -17037,11 +17563,13 @@ static enum ndr_err_code ndr_pull_srvsvc_NetRemoteTOD(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->in.server_unc, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.server_unc)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.server_unc)); - if (ndr_get_array_length(ndr, &r->in.server_unc) > ndr_get_array_size(ndr, &r->in.server_unc)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.server_unc), ndr_get_array_length(ndr, &r->in.server_unc)); + size_server_unc_1 = ndr_get_array_size(ndr, &r->in.server_unc); + length_server_unc_1 = ndr_get_array_length(ndr, &r->in.server_unc); + if (length_server_unc_1 > size_server_unc_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_unc_1, length_server_unc_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.server_unc), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_unc, ndr_get_array_length(ndr, &r->in.server_unc), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_unc_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_unc, length_server_unc_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_unc_0, 0); } NDR_PULL_ALLOC(ndr, r->out.info); @@ -17136,7 +17664,11 @@ static enum ndr_err_code ndr_push_srvsvc_NetSetServiceBits(struct ndr_push *ndr, static enum ndr_err_code ndr_pull_srvsvc_NetSetServiceBits(struct ndr_pull *ndr, int flags, struct srvsvc_NetSetServiceBits *r) { uint32_t _ptr_server_unc; + uint32_t size_server_unc_1 = 0; + uint32_t length_server_unc_1 = 0; uint32_t _ptr_transport; + uint32_t size_transport_1 = 0; + uint32_t length_transport_1 = 0; TALLOC_CTX *_mem_save_server_unc_0; TALLOC_CTX *_mem_save_transport_0; if (flags & NDR_IN) { @@ -17151,11 +17683,13 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSetServiceBits(struct ndr_pull *ndr, NDR_PULL_SET_MEM_CTX(ndr, r->in.server_unc, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.server_unc)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.server_unc)); - if (ndr_get_array_length(ndr, &r->in.server_unc) > ndr_get_array_size(ndr, &r->in.server_unc)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.server_unc), ndr_get_array_length(ndr, &r->in.server_unc)); + size_server_unc_1 = ndr_get_array_size(ndr, &r->in.server_unc); + length_server_unc_1 = ndr_get_array_length(ndr, &r->in.server_unc); + if (length_server_unc_1 > size_server_unc_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_unc_1, length_server_unc_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.server_unc), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_unc, ndr_get_array_length(ndr, &r->in.server_unc), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_unc_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_unc, length_server_unc_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_unc_0, 0); } NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_transport)); @@ -17169,11 +17703,13 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSetServiceBits(struct ndr_pull *ndr, NDR_PULL_SET_MEM_CTX(ndr, r->in.transport, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.transport)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.transport)); - if (ndr_get_array_length(ndr, &r->in.transport) > ndr_get_array_size(ndr, &r->in.transport)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.transport), ndr_get_array_length(ndr, &r->in.transport)); + size_transport_1 = ndr_get_array_size(ndr, &r->in.transport); + length_transport_1 = ndr_get_array_length(ndr, &r->in.transport); + if (length_transport_1 > size_transport_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_transport_1, length_transport_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.transport), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.transport, ndr_get_array_length(ndr, &r->in.transport), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_transport_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.transport, length_transport_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_transport_0, 0); } NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.servicebits)); @@ -17249,6 +17785,10 @@ static enum ndr_err_code ndr_push_srvsvc_NetPathType(struct ndr_push *ndr, int f static enum ndr_err_code ndr_pull_srvsvc_NetPathType(struct ndr_pull *ndr, int flags, struct srvsvc_NetPathType *r) { uint32_t _ptr_server_unc; + uint32_t size_server_unc_1 = 0; + uint32_t length_server_unc_1 = 0; + uint32_t size_path_0 = 0; + uint32_t length_path_0 = 0; TALLOC_CTX *_mem_save_server_unc_0; TALLOC_CTX *_mem_save_pathtype_0; if (flags & NDR_IN) { @@ -17265,20 +17805,24 @@ static enum ndr_err_code ndr_pull_srvsvc_NetPathType(struct ndr_pull *ndr, int f NDR_PULL_SET_MEM_CTX(ndr, r->in.server_unc, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.server_unc)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.server_unc)); - if (ndr_get_array_length(ndr, &r->in.server_unc) > ndr_get_array_size(ndr, &r->in.server_unc)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.server_unc), ndr_get_array_length(ndr, &r->in.server_unc)); + size_server_unc_1 = ndr_get_array_size(ndr, &r->in.server_unc); + length_server_unc_1 = ndr_get_array_length(ndr, &r->in.server_unc); + if (length_server_unc_1 > size_server_unc_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_unc_1, length_server_unc_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.server_unc), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_unc, ndr_get_array_length(ndr, &r->in.server_unc), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_unc_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_unc, length_server_unc_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_unc_0, 0); } NDR_CHECK(ndr_pull_array_size(ndr, &r->in.path)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.path)); - if (ndr_get_array_length(ndr, &r->in.path) > ndr_get_array_size(ndr, &r->in.path)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.path), ndr_get_array_length(ndr, &r->in.path)); + size_path_0 = ndr_get_array_size(ndr, &r->in.path); + length_path_0 = ndr_get_array_length(ndr, &r->in.path); + if (length_path_0 > size_path_0) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_path_0, length_path_0); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.path), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.path, ndr_get_array_length(ndr, &r->in.path), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_path_0, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.path, length_path_0, sizeof(uint16_t), CH_UTF16)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.pathflags)); NDR_PULL_ALLOC(ndr, r->out.pathtype); ZERO_STRUCTP(r->out.pathtype); @@ -17369,6 +17913,13 @@ static enum ndr_err_code ndr_push_srvsvc_NetPathCanonicalize(struct ndr_push *nd static enum ndr_err_code ndr_pull_srvsvc_NetPathCanonicalize(struct ndr_pull *ndr, int flags, struct srvsvc_NetPathCanonicalize *r) { uint32_t _ptr_server_unc; + uint32_t size_server_unc_1 = 0; + uint32_t length_server_unc_1 = 0; + uint32_t size_path_0 = 0; + uint32_t length_path_0 = 0; + uint32_t size_can_path_0 = 0; + uint32_t size_prefix_0 = 0; + uint32_t length_prefix_0 = 0; TALLOC_CTX *_mem_save_server_unc_0; TALLOC_CTX *_mem_save_pathtype_0; if (flags & NDR_IN) { @@ -17385,28 +17936,34 @@ static enum ndr_err_code ndr_pull_srvsvc_NetPathCanonicalize(struct ndr_pull *nd NDR_PULL_SET_MEM_CTX(ndr, r->in.server_unc, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.server_unc)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.server_unc)); - if (ndr_get_array_length(ndr, &r->in.server_unc) > ndr_get_array_size(ndr, &r->in.server_unc)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.server_unc), ndr_get_array_length(ndr, &r->in.server_unc)); + size_server_unc_1 = ndr_get_array_size(ndr, &r->in.server_unc); + length_server_unc_1 = ndr_get_array_length(ndr, &r->in.server_unc); + if (length_server_unc_1 > size_server_unc_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_unc_1, length_server_unc_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.server_unc), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_unc, ndr_get_array_length(ndr, &r->in.server_unc), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_unc_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_unc, length_server_unc_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_unc_0, 0); } NDR_CHECK(ndr_pull_array_size(ndr, &r->in.path)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.path)); - if (ndr_get_array_length(ndr, &r->in.path) > ndr_get_array_size(ndr, &r->in.path)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.path), ndr_get_array_length(ndr, &r->in.path)); + size_path_0 = ndr_get_array_size(ndr, &r->in.path); + length_path_0 = ndr_get_array_length(ndr, &r->in.path); + if (length_path_0 > size_path_0) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_path_0, length_path_0); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.path), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.path, ndr_get_array_length(ndr, &r->in.path), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_path_0, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.path, length_path_0, sizeof(uint16_t), CH_UTF16)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.maxbuf)); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.prefix)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.prefix)); - if (ndr_get_array_length(ndr, &r->in.prefix) > ndr_get_array_size(ndr, &r->in.prefix)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.prefix), ndr_get_array_length(ndr, &r->in.prefix)); + size_prefix_0 = ndr_get_array_size(ndr, &r->in.prefix); + length_prefix_0 = ndr_get_array_length(ndr, &r->in.prefix); + if (length_prefix_0 > size_prefix_0) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_prefix_0, length_prefix_0); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.prefix), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.prefix, ndr_get_array_length(ndr, &r->in.prefix), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_prefix_0, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.prefix, length_prefix_0, sizeof(uint16_t), CH_UTF16)); if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) { NDR_PULL_ALLOC(ndr, r->in.pathtype); } @@ -17420,8 +17977,9 @@ static enum ndr_err_code ndr_pull_srvsvc_NetPathCanonicalize(struct ndr_pull *nd } if (flags & NDR_OUT) { NDR_CHECK(ndr_pull_array_size(ndr, &r->out.can_path)); - NDR_PULL_ALLOC_N(ndr, r->out.can_path, ndr_get_array_size(ndr, &r->out.can_path)); - NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->out.can_path, ndr_get_array_size(ndr, &r->out.can_path))); + size_can_path_0 = ndr_get_array_size(ndr, &r->out.can_path); + NDR_PULL_ALLOC_N(ndr, r->out.can_path, size_can_path_0); + NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->out.can_path, size_can_path_0)); if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) { NDR_PULL_ALLOC(ndr, r->out.pathtype); } @@ -17507,6 +18065,12 @@ static enum ndr_err_code ndr_push_srvsvc_NetPathCompare(struct ndr_push *ndr, in static enum ndr_err_code ndr_pull_srvsvc_NetPathCompare(struct ndr_pull *ndr, int flags, struct srvsvc_NetPathCompare *r) { uint32_t _ptr_server_unc; + uint32_t size_server_unc_1 = 0; + uint32_t length_server_unc_1 = 0; + uint32_t size_path1_0 = 0; + uint32_t length_path1_0 = 0; + uint32_t size_path2_0 = 0; + uint32_t length_path2_0 = 0; TALLOC_CTX *_mem_save_server_unc_0; if (flags & NDR_IN) { NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_server_unc)); @@ -17520,27 +18084,33 @@ static enum ndr_err_code ndr_pull_srvsvc_NetPathCompare(struct ndr_pull *ndr, in NDR_PULL_SET_MEM_CTX(ndr, r->in.server_unc, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.server_unc)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.server_unc)); - if (ndr_get_array_length(ndr, &r->in.server_unc) > ndr_get_array_size(ndr, &r->in.server_unc)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.server_unc), ndr_get_array_length(ndr, &r->in.server_unc)); + size_server_unc_1 = ndr_get_array_size(ndr, &r->in.server_unc); + length_server_unc_1 = ndr_get_array_length(ndr, &r->in.server_unc); + if (length_server_unc_1 > size_server_unc_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_unc_1, length_server_unc_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.server_unc), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_unc, ndr_get_array_length(ndr, &r->in.server_unc), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_unc_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_unc, length_server_unc_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_unc_0, 0); } NDR_CHECK(ndr_pull_array_size(ndr, &r->in.path1)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.path1)); - if (ndr_get_array_length(ndr, &r->in.path1) > ndr_get_array_size(ndr, &r->in.path1)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.path1), ndr_get_array_length(ndr, &r->in.path1)); + size_path1_0 = ndr_get_array_size(ndr, &r->in.path1); + length_path1_0 = ndr_get_array_length(ndr, &r->in.path1); + if (length_path1_0 > size_path1_0) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_path1_0, length_path1_0); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.path1), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.path1, ndr_get_array_length(ndr, &r->in.path1), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_path1_0, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.path1, length_path1_0, sizeof(uint16_t), CH_UTF16)); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.path2)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.path2)); - if (ndr_get_array_length(ndr, &r->in.path2) > ndr_get_array_size(ndr, &r->in.path2)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.path2), ndr_get_array_length(ndr, &r->in.path2)); + size_path2_0 = ndr_get_array_size(ndr, &r->in.path2); + length_path2_0 = ndr_get_array_length(ndr, &r->in.path2); + if (length_path2_0 > size_path2_0) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_path2_0, length_path2_0); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.path2), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.path2, ndr_get_array_length(ndr, &r->in.path2), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_path2_0, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.path2, length_path2_0, sizeof(uint16_t), CH_UTF16)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.pathtype)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.pathflags)); } @@ -17607,6 +18177,10 @@ static enum ndr_err_code ndr_push_srvsvc_NetNameValidate(struct ndr_push *ndr, i static enum ndr_err_code ndr_pull_srvsvc_NetNameValidate(struct ndr_pull *ndr, int flags, struct srvsvc_NetNameValidate *r) { uint32_t _ptr_server_unc; + uint32_t size_server_unc_1 = 0; + uint32_t length_server_unc_1 = 0; + uint32_t size_name_0 = 0; + uint32_t length_name_0 = 0; TALLOC_CTX *_mem_save_server_unc_0; if (flags & NDR_IN) { NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_server_unc)); @@ -17620,20 +18194,24 @@ static enum ndr_err_code ndr_pull_srvsvc_NetNameValidate(struct ndr_pull *ndr, i NDR_PULL_SET_MEM_CTX(ndr, r->in.server_unc, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.server_unc)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.server_unc)); - if (ndr_get_array_length(ndr, &r->in.server_unc) > ndr_get_array_size(ndr, &r->in.server_unc)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.server_unc), ndr_get_array_length(ndr, &r->in.server_unc)); + size_server_unc_1 = ndr_get_array_size(ndr, &r->in.server_unc); + length_server_unc_1 = ndr_get_array_length(ndr, &r->in.server_unc); + if (length_server_unc_1 > size_server_unc_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_unc_1, length_server_unc_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.server_unc), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_unc, ndr_get_array_length(ndr, &r->in.server_unc), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_unc_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_unc, length_server_unc_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_unc_0, 0); } NDR_CHECK(ndr_pull_array_size(ndr, &r->in.name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.name)); - if (ndr_get_array_length(ndr, &r->in.name) > ndr_get_array_size(ndr, &r->in.name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.name), ndr_get_array_length(ndr, &r->in.name)); + size_name_0 = ndr_get_array_size(ndr, &r->in.name); + length_name_0 = ndr_get_array_length(ndr, &r->in.name); + if (length_name_0 > size_name_0) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_name_0, length_name_0); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.name, ndr_get_array_length(ndr, &r->in.name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_name_0, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.name, length_name_0, sizeof(uint16_t), CH_UTF16)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.name_type)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.flags)); } @@ -17744,6 +18322,12 @@ static enum ndr_err_code ndr_push_srvsvc_NetPRNameCompare(struct ndr_push *ndr, static enum ndr_err_code ndr_pull_srvsvc_NetPRNameCompare(struct ndr_pull *ndr, int flags, struct srvsvc_NetPRNameCompare *r) { uint32_t _ptr_server_unc; + uint32_t size_server_unc_1 = 0; + uint32_t length_server_unc_1 = 0; + uint32_t size_name1_0 = 0; + uint32_t length_name1_0 = 0; + uint32_t size_name2_0 = 0; + uint32_t length_name2_0 = 0; TALLOC_CTX *_mem_save_server_unc_0; if (flags & NDR_IN) { NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_server_unc)); @@ -17757,27 +18341,33 @@ static enum ndr_err_code ndr_pull_srvsvc_NetPRNameCompare(struct ndr_pull *ndr, NDR_PULL_SET_MEM_CTX(ndr, r->in.server_unc, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.server_unc)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.server_unc)); - if (ndr_get_array_length(ndr, &r->in.server_unc) > ndr_get_array_size(ndr, &r->in.server_unc)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.server_unc), ndr_get_array_length(ndr, &r->in.server_unc)); + size_server_unc_1 = ndr_get_array_size(ndr, &r->in.server_unc); + length_server_unc_1 = ndr_get_array_length(ndr, &r->in.server_unc); + if (length_server_unc_1 > size_server_unc_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_unc_1, length_server_unc_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.server_unc), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_unc, ndr_get_array_length(ndr, &r->in.server_unc), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_unc_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_unc, length_server_unc_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_unc_0, 0); } NDR_CHECK(ndr_pull_array_size(ndr, &r->in.name1)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.name1)); - if (ndr_get_array_length(ndr, &r->in.name1) > ndr_get_array_size(ndr, &r->in.name1)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.name1), ndr_get_array_length(ndr, &r->in.name1)); + size_name1_0 = ndr_get_array_size(ndr, &r->in.name1); + length_name1_0 = ndr_get_array_length(ndr, &r->in.name1); + if (length_name1_0 > size_name1_0) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_name1_0, length_name1_0); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.name1), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.name1, ndr_get_array_length(ndr, &r->in.name1), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_name1_0, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.name1, length_name1_0, sizeof(uint16_t), CH_UTF16)); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.name2)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.name2)); - if (ndr_get_array_length(ndr, &r->in.name2) > ndr_get_array_size(ndr, &r->in.name2)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.name2), ndr_get_array_length(ndr, &r->in.name2)); + size_name2_0 = ndr_get_array_size(ndr, &r->in.name2); + length_name2_0 = ndr_get_array_length(ndr, &r->in.name2); + if (length_name2_0 > size_name2_0) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_name2_0, length_name2_0); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.name2), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.name2, ndr_get_array_length(ndr, &r->in.name2), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_name2_0, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.name2, length_name2_0, sizeof(uint16_t), CH_UTF16)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.name_type)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.flags)); } @@ -17859,6 +18449,8 @@ static enum ndr_err_code ndr_push_srvsvc_NetShareEnum(struct ndr_push *ndr, int static enum ndr_err_code ndr_pull_srvsvc_NetShareEnum(struct ndr_pull *ndr, int flags, struct srvsvc_NetShareEnum *r) { uint32_t _ptr_server_unc; + uint32_t size_server_unc_1 = 0; + uint32_t length_server_unc_1 = 0; uint32_t _ptr_resume_handle; TALLOC_CTX *_mem_save_server_unc_0; TALLOC_CTX *_mem_save_info_ctr_0; @@ -17878,11 +18470,13 @@ static enum ndr_err_code ndr_pull_srvsvc_NetShareEnum(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->in.server_unc, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.server_unc)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.server_unc)); - if (ndr_get_array_length(ndr, &r->in.server_unc) > ndr_get_array_size(ndr, &r->in.server_unc)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.server_unc), ndr_get_array_length(ndr, &r->in.server_unc)); + size_server_unc_1 = ndr_get_array_size(ndr, &r->in.server_unc); + length_server_unc_1 = ndr_get_array_length(ndr, &r->in.server_unc); + if (length_server_unc_1 > size_server_unc_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_unc_1, length_server_unc_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.server_unc), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_unc, ndr_get_array_length(ndr, &r->in.server_unc), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_unc_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_unc, length_server_unc_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_unc_0, 0); } if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) { @@ -18023,6 +18617,10 @@ static enum ndr_err_code ndr_push_srvsvc_NetShareDelStart(struct ndr_push *ndr, static enum ndr_err_code ndr_pull_srvsvc_NetShareDelStart(struct ndr_pull *ndr, int flags, struct srvsvc_NetShareDelStart *r) { uint32_t _ptr_server_unc; + uint32_t size_server_unc_1 = 0; + uint32_t length_server_unc_1 = 0; + uint32_t size_share_0 = 0; + uint32_t length_share_0 = 0; uint32_t _ptr_hnd; TALLOC_CTX *_mem_save_server_unc_0; TALLOC_CTX *_mem_save_hnd_0; @@ -18040,20 +18638,24 @@ static enum ndr_err_code ndr_pull_srvsvc_NetShareDelStart(struct ndr_pull *ndr, NDR_PULL_SET_MEM_CTX(ndr, r->in.server_unc, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.server_unc)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.server_unc)); - if (ndr_get_array_length(ndr, &r->in.server_unc) > ndr_get_array_size(ndr, &r->in.server_unc)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.server_unc), ndr_get_array_length(ndr, &r->in.server_unc)); + size_server_unc_1 = ndr_get_array_size(ndr, &r->in.server_unc); + length_server_unc_1 = ndr_get_array_length(ndr, &r->in.server_unc); + if (length_server_unc_1 > size_server_unc_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_unc_1, length_server_unc_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.server_unc), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_unc, ndr_get_array_length(ndr, &r->in.server_unc), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_unc_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_unc, length_server_unc_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_unc_0, 0); } NDR_CHECK(ndr_pull_array_size(ndr, &r->in.share)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.share)); - if (ndr_get_array_length(ndr, &r->in.share) > ndr_get_array_size(ndr, &r->in.share)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.share), ndr_get_array_length(ndr, &r->in.share)); + size_share_0 = ndr_get_array_size(ndr, &r->in.share); + length_share_0 = ndr_get_array_length(ndr, &r->in.share); + if (length_share_0 > size_share_0) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_share_0, length_share_0); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.share), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.share, ndr_get_array_length(ndr, &r->in.share), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_share_0, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.share, length_share_0, sizeof(uint16_t), CH_UTF16)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.reserved)); } if (flags & NDR_OUT) { @@ -18237,7 +18839,13 @@ static enum ndr_err_code ndr_push_srvsvc_NetGetFileSecurity(struct ndr_push *ndr static enum ndr_err_code ndr_pull_srvsvc_NetGetFileSecurity(struct ndr_pull *ndr, int flags, struct srvsvc_NetGetFileSecurity *r) { uint32_t _ptr_server_unc; + uint32_t size_server_unc_1 = 0; + uint32_t length_server_unc_1 = 0; uint32_t _ptr_share; + uint32_t size_share_1 = 0; + uint32_t length_share_1 = 0; + uint32_t size_file_0 = 0; + uint32_t length_file_0 = 0; uint32_t _ptr_sd_buf; TALLOC_CTX *_mem_save_server_unc_0; TALLOC_CTX *_mem_save_share_0; @@ -18257,11 +18865,13 @@ static enum ndr_err_code ndr_pull_srvsvc_NetGetFileSecurity(struct ndr_pull *ndr NDR_PULL_SET_MEM_CTX(ndr, r->in.server_unc, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.server_unc)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.server_unc)); - if (ndr_get_array_length(ndr, &r->in.server_unc) > ndr_get_array_size(ndr, &r->in.server_unc)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.server_unc), ndr_get_array_length(ndr, &r->in.server_unc)); + size_server_unc_1 = ndr_get_array_size(ndr, &r->in.server_unc); + length_server_unc_1 = ndr_get_array_length(ndr, &r->in.server_unc); + if (length_server_unc_1 > size_server_unc_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_unc_1, length_server_unc_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.server_unc), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_unc, ndr_get_array_length(ndr, &r->in.server_unc), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_unc_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_unc, length_server_unc_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_unc_0, 0); } NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_share)); @@ -18275,20 +18885,24 @@ static enum ndr_err_code ndr_pull_srvsvc_NetGetFileSecurity(struct ndr_pull *ndr NDR_PULL_SET_MEM_CTX(ndr, r->in.share, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.share)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.share)); - if (ndr_get_array_length(ndr, &r->in.share) > ndr_get_array_size(ndr, &r->in.share)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.share), ndr_get_array_length(ndr, &r->in.share)); + size_share_1 = ndr_get_array_size(ndr, &r->in.share); + length_share_1 = ndr_get_array_length(ndr, &r->in.share); + if (length_share_1 > size_share_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_share_1, length_share_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.share), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.share, ndr_get_array_length(ndr, &r->in.share), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_share_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.share, length_share_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_share_0, 0); } NDR_CHECK(ndr_pull_array_size(ndr, &r->in.file)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.file)); - if (ndr_get_array_length(ndr, &r->in.file) > ndr_get_array_size(ndr, &r->in.file)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.file), ndr_get_array_length(ndr, &r->in.file)); + size_file_0 = ndr_get_array_size(ndr, &r->in.file); + length_file_0 = ndr_get_array_length(ndr, &r->in.file); + if (length_file_0 > size_file_0) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_file_0, length_file_0); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.file), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.file, ndr_get_array_length(ndr, &r->in.file), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_file_0, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.file, length_file_0, sizeof(uint16_t), CH_UTF16)); NDR_CHECK(ndr_pull_security_secinfo(ndr, NDR_SCALARS, &r->in.securityinformation)); NDR_PULL_ALLOC(ndr, r->out.sd_buf); ZERO_STRUCTP(r->out.sd_buf); @@ -18397,7 +19011,13 @@ static enum ndr_err_code ndr_push_srvsvc_NetSetFileSecurity(struct ndr_push *ndr static enum ndr_err_code ndr_pull_srvsvc_NetSetFileSecurity(struct ndr_pull *ndr, int flags, struct srvsvc_NetSetFileSecurity *r) { uint32_t _ptr_server_unc; + uint32_t size_server_unc_1 = 0; + uint32_t length_server_unc_1 = 0; uint32_t _ptr_share; + uint32_t size_share_1 = 0; + uint32_t length_share_1 = 0; + uint32_t size_file_0 = 0; + uint32_t length_file_0 = 0; TALLOC_CTX *_mem_save_server_unc_0; TALLOC_CTX *_mem_save_share_0; TALLOC_CTX *_mem_save_sd_buf_0; @@ -18413,11 +19033,13 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSetFileSecurity(struct ndr_pull *ndr NDR_PULL_SET_MEM_CTX(ndr, r->in.server_unc, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.server_unc)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.server_unc)); - if (ndr_get_array_length(ndr, &r->in.server_unc) > ndr_get_array_size(ndr, &r->in.server_unc)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.server_unc), ndr_get_array_length(ndr, &r->in.server_unc)); + size_server_unc_1 = ndr_get_array_size(ndr, &r->in.server_unc); + length_server_unc_1 = ndr_get_array_length(ndr, &r->in.server_unc); + if (length_server_unc_1 > size_server_unc_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_unc_1, length_server_unc_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.server_unc), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_unc, ndr_get_array_length(ndr, &r->in.server_unc), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_unc_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_unc, length_server_unc_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_unc_0, 0); } NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_share)); @@ -18431,20 +19053,24 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSetFileSecurity(struct ndr_pull *ndr NDR_PULL_SET_MEM_CTX(ndr, r->in.share, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.share)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.share)); - if (ndr_get_array_length(ndr, &r->in.share) > ndr_get_array_size(ndr, &r->in.share)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.share), ndr_get_array_length(ndr, &r->in.share)); + size_share_1 = ndr_get_array_size(ndr, &r->in.share); + length_share_1 = ndr_get_array_length(ndr, &r->in.share); + if (length_share_1 > size_share_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_share_1, length_share_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.share), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.share, ndr_get_array_length(ndr, &r->in.share), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_share_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.share, length_share_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_share_0, 0); } NDR_CHECK(ndr_pull_array_size(ndr, &r->in.file)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.file)); - if (ndr_get_array_length(ndr, &r->in.file) > ndr_get_array_size(ndr, &r->in.file)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.file), ndr_get_array_length(ndr, &r->in.file)); + size_file_0 = ndr_get_array_size(ndr, &r->in.file); + length_file_0 = ndr_get_array_length(ndr, &r->in.file); + if (length_file_0 > size_file_0) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_file_0, length_file_0); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.file), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.file, ndr_get_array_length(ndr, &r->in.file), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_file_0, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.file, length_file_0, sizeof(uint16_t), CH_UTF16)); NDR_CHECK(ndr_pull_security_secinfo(ndr, NDR_SCALARS, &r->in.securityinformation)); if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) { NDR_PULL_ALLOC(ndr, r->in.sd_buf); @@ -18522,6 +19148,8 @@ static enum ndr_err_code ndr_push_srvsvc_NetServerTransportAddEx(struct ndr_push static enum ndr_err_code ndr_pull_srvsvc_NetServerTransportAddEx(struct ndr_pull *ndr, int flags, struct srvsvc_NetServerTransportAddEx *r) { uint32_t _ptr_server_unc; + uint32_t size_server_unc_1 = 0; + uint32_t length_server_unc_1 = 0; TALLOC_CTX *_mem_save_server_unc_0; if (flags & NDR_IN) { NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_server_unc)); @@ -18535,11 +19163,13 @@ static enum ndr_err_code ndr_pull_srvsvc_NetServerTransportAddEx(struct ndr_pull NDR_PULL_SET_MEM_CTX(ndr, r->in.server_unc, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.server_unc)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.server_unc)); - if (ndr_get_array_length(ndr, &r->in.server_unc) > ndr_get_array_size(ndr, &r->in.server_unc)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.server_unc), ndr_get_array_length(ndr, &r->in.server_unc)); + size_server_unc_1 = ndr_get_array_size(ndr, &r->in.server_unc); + length_server_unc_1 = ndr_get_array_length(ndr, &r->in.server_unc); + if (length_server_unc_1 > size_server_unc_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_unc_1, length_server_unc_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.server_unc), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_unc, ndr_get_array_length(ndr, &r->in.server_unc), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_unc_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_unc, length_server_unc_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_unc_0, 0); } NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.level)); @@ -18619,8 +19249,14 @@ static enum ndr_err_code ndr_push_srvsvc_NetServerSetServiceBitsEx(struct ndr_pu static enum ndr_err_code ndr_pull_srvsvc_NetServerSetServiceBitsEx(struct ndr_pull *ndr, int flags, struct srvsvc_NetServerSetServiceBitsEx *r) { uint32_t _ptr_server_unc; + uint32_t size_server_unc_1 = 0; + uint32_t length_server_unc_1 = 0; uint32_t _ptr_emulated_server_unc; + uint32_t size_emulated_server_unc_1 = 0; + uint32_t length_emulated_server_unc_1 = 0; uint32_t _ptr_transport; + uint32_t size_transport_1 = 0; + uint32_t length_transport_1 = 0; TALLOC_CTX *_mem_save_server_unc_0; TALLOC_CTX *_mem_save_emulated_server_unc_0; TALLOC_CTX *_mem_save_transport_0; @@ -18636,11 +19272,13 @@ static enum ndr_err_code ndr_pull_srvsvc_NetServerSetServiceBitsEx(struct ndr_pu NDR_PULL_SET_MEM_CTX(ndr, r->in.server_unc, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.server_unc)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.server_unc)); - if (ndr_get_array_length(ndr, &r->in.server_unc) > ndr_get_array_size(ndr, &r->in.server_unc)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.server_unc), ndr_get_array_length(ndr, &r->in.server_unc)); + size_server_unc_1 = ndr_get_array_size(ndr, &r->in.server_unc); + length_server_unc_1 = ndr_get_array_length(ndr, &r->in.server_unc); + if (length_server_unc_1 > size_server_unc_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_unc_1, length_server_unc_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.server_unc), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_unc, ndr_get_array_length(ndr, &r->in.server_unc), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_unc_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_unc, length_server_unc_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_unc_0, 0); } NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_emulated_server_unc)); @@ -18654,11 +19292,13 @@ static enum ndr_err_code ndr_pull_srvsvc_NetServerSetServiceBitsEx(struct ndr_pu NDR_PULL_SET_MEM_CTX(ndr, r->in.emulated_server_unc, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.emulated_server_unc)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.emulated_server_unc)); - if (ndr_get_array_length(ndr, &r->in.emulated_server_unc) > ndr_get_array_size(ndr, &r->in.emulated_server_unc)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.emulated_server_unc), ndr_get_array_length(ndr, &r->in.emulated_server_unc)); + size_emulated_server_unc_1 = ndr_get_array_size(ndr, &r->in.emulated_server_unc); + length_emulated_server_unc_1 = ndr_get_array_length(ndr, &r->in.emulated_server_unc); + if (length_emulated_server_unc_1 > size_emulated_server_unc_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_emulated_server_unc_1, length_emulated_server_unc_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.emulated_server_unc), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.emulated_server_unc, ndr_get_array_length(ndr, &r->in.emulated_server_unc), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_emulated_server_unc_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.emulated_server_unc, length_emulated_server_unc_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_emulated_server_unc_0, 0); } NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_transport)); @@ -18672,11 +19312,13 @@ static enum ndr_err_code ndr_pull_srvsvc_NetServerSetServiceBitsEx(struct ndr_pu NDR_PULL_SET_MEM_CTX(ndr, r->in.transport, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.transport)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.transport)); - if (ndr_get_array_length(ndr, &r->in.transport) > ndr_get_array_size(ndr, &r->in.transport)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.transport), ndr_get_array_length(ndr, &r->in.transport)); + size_transport_1 = ndr_get_array_size(ndr, &r->in.transport); + length_transport_1 = ndr_get_array_length(ndr, &r->in.transport); + if (length_transport_1 > size_transport_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_transport_1, length_transport_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.transport), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.transport, ndr_get_array_length(ndr, &r->in.transport), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_transport_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.transport, length_transport_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_transport_0, 0); } NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.servicebitsofinterest)); diff --git a/source/librpc/gen_ndr/ndr_svcctl.c b/source/librpc/gen_ndr/ndr_svcctl.c index d0deffe..982da8a 100644 --- a/source/librpc/gen_ndr/ndr_svcctl.c +++ b/source/librpc/gen_ndr/ndr_svcctl.c @@ -25,6 +25,8 @@ static enum ndr_err_code ndr_push_SERVICE_LOCK_STATUS(struct ndr_push *ndr, int static enum ndr_err_code ndr_pull_SERVICE_LOCK_STATUS(struct ndr_pull *ndr, int ndr_flags, struct SERVICE_LOCK_STATUS *r) { uint32_t _ptr_lock_owner; + uint32_t size_lock_owner_1 = 0; + uint32_t length_lock_owner_1 = 0; TALLOC_CTX *_mem_save_lock_owner_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); @@ -43,11 +45,13 @@ static enum ndr_err_code ndr_pull_SERVICE_LOCK_STATUS(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->lock_owner, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->lock_owner)); NDR_CHECK(ndr_pull_array_length(ndr, &r->lock_owner)); - if (ndr_get_array_length(ndr, &r->lock_owner) > ndr_get_array_size(ndr, &r->lock_owner)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->lock_owner), ndr_get_array_length(ndr, &r->lock_owner)); + size_lock_owner_1 = ndr_get_array_size(ndr, &r->lock_owner); + length_lock_owner_1 = ndr_get_array_length(ndr, &r->lock_owner); + if (length_lock_owner_1 > size_lock_owner_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_lock_owner_1, length_lock_owner_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->lock_owner), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->lock_owner, ndr_get_array_length(ndr, &r->lock_owner), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_lock_owner_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->lock_owner, length_lock_owner_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_lock_owner_0, 0); } } @@ -404,14 +408,24 @@ _PUBLIC_ enum ndr_err_code ndr_push_QUERY_SERVICE_CONFIG(struct ndr_push *ndr, i _PUBLIC_ enum ndr_err_code ndr_pull_QUERY_SERVICE_CONFIG(struct ndr_pull *ndr, int ndr_flags, struct QUERY_SERVICE_CONFIG *r) { uint32_t _ptr_executablepath; + uint32_t size_executablepath_1 = 0; + uint32_t length_executablepath_1 = 0; TALLOC_CTX *_mem_save_executablepath_0; uint32_t _ptr_loadordergroup; + uint32_t size_loadordergroup_1 = 0; + uint32_t length_loadordergroup_1 = 0; TALLOC_CTX *_mem_save_loadordergroup_0; uint32_t _ptr_dependencies; + uint32_t size_dependencies_1 = 0; + uint32_t length_dependencies_1 = 0; TALLOC_CTX *_mem_save_dependencies_0; uint32_t _ptr_startname; + uint32_t size_startname_1 = 0; + uint32_t length_startname_1 = 0; TALLOC_CTX *_mem_save_startname_0; uint32_t _ptr_displayname; + uint32_t size_displayname_1 = 0; + uint32_t length_displayname_1 = 0; TALLOC_CTX *_mem_save_displayname_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); @@ -456,11 +470,19 @@ _PUBLIC_ enum ndr_err_code ndr_pull_QUERY_SERVICE_CONFIG(struct ndr_pull *ndr, i NDR_PULL_SET_MEM_CTX(ndr, r->executablepath, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->executablepath)); NDR_CHECK(ndr_pull_array_length(ndr, &r->executablepath)); - if (ndr_get_array_length(ndr, &r->executablepath) > ndr_get_array_size(ndr, &r->executablepath)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->executablepath), ndr_get_array_length(ndr, &r->executablepath)); + size_executablepath_1 = ndr_get_array_size(ndr, &r->executablepath); + if (size_executablepath_1 > 8192) { + return ndr_pull_error(ndr, NDR_ERR_RANGE, "value out of range"); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->executablepath), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->executablepath, ndr_get_array_length(ndr, &r->executablepath), sizeof(uint16_t), CH_UTF16)); + length_executablepath_1 = ndr_get_array_length(ndr, &r->executablepath); + if (length_executablepath_1 > 8192) { + return ndr_pull_error(ndr, NDR_ERR_RANGE, "value out of range"); + } + if (length_executablepath_1 > size_executablepath_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_executablepath_1, length_executablepath_1); + } + NDR_CHECK(ndr_check_string_terminator(ndr, length_executablepath_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->executablepath, length_executablepath_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_executablepath_0, 0); } if (r->loadordergroup) { @@ -468,11 +490,19 @@ _PUBLIC_ enum ndr_err_code ndr_pull_QUERY_SERVICE_CONFIG(struct ndr_pull *ndr, i NDR_PULL_SET_MEM_CTX(ndr, r->loadordergroup, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->loadordergroup)); NDR_CHECK(ndr_pull_array_length(ndr, &r->loadordergroup)); - if (ndr_get_array_length(ndr, &r->loadordergroup) > ndr_get_array_size(ndr, &r->loadordergroup)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->loadordergroup), ndr_get_array_length(ndr, &r->loadordergroup)); + size_loadordergroup_1 = ndr_get_array_size(ndr, &r->loadordergroup); + if (size_loadordergroup_1 > 8192) { + return ndr_pull_error(ndr, NDR_ERR_RANGE, "value out of range"); + } + length_loadordergroup_1 = ndr_get_array_length(ndr, &r->loadordergroup); + if (length_loadordergroup_1 > 8192) { +