From 463681d47fcc05fece8e0c8fcfb1b76d7de8e31f Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Tue, 21 Sep 2010 05:41:37 +0200 Subject: [PATCH 01/10] pidl:NDR/Parser: fix range() for arrays metze (cherry picked from commit bea4948acb4bbee2fbf886adeb53edbc84de96da) --- pidl/lib/Parse/Pidl/Samba4/NDR/Parser.pm | 33 +++++++++++++++++++++++++++++- 1 files changed, 32 insertions(+), 1 deletions(-) diff --git a/pidl/lib/Parse/Pidl/Samba4/NDR/Parser.pm b/pidl/lib/Parse/Pidl/Samba4/NDR/Parser.pm index da536be..bd8d676 100644 --- a/pidl/lib/Parse/Pidl/Samba4/NDR/Parser.pm +++ b/pidl/lib/Parse/Pidl/Samba4/NDR/Parser.pm @@ -865,7 +865,10 @@ sub ParseDataPull($$$$$$$) $self->pidl("NDR_CHECK(".TypeFunctionName("ndr_pull", $l->{DATA_TYPE})."($ndr, $ndr_flags, $var_name));"); - if (my $range = has_property($e, "range")) { + my $pl = GetPrevLevel($e, $l); + + my $range = has_property($e, "range"); + if ($range and $pl->{TYPE} ne "ARRAY") { $var_name = get_value_of($var_name); my $signed = Parse::Pidl::Typelist::is_signed($l->{DATA_TYPE}); my ($low, $high) = split(/,/, $range, 2); @@ -1010,6 +1013,20 @@ sub ParseElementPullLevel } elsif ($l->{TYPE} eq "ARRAY") { my $length = $self->ParseArrayPullHeader($e, $l, $ndr, $var_name, $env); + if (my $range = has_property($e, "range")) { + my ($low, $high) = split(/,/, $range, 2); + if ($low < 0) { + warning(0, "$low is invalid for the range of an array size"); + } + if ($low == 0) { + $self->pidl("if ($length > $high) {"); + } else { + $self->pidl("if ($length < $low || $length > $high) {"); + } + $self->pidl("\treturn ndr_pull_error($ndr, NDR_ERR_RANGE, \"value out of range\");"); + $self->pidl("}"); + } + my $nl = GetNextLevel($e, $l); if (is_charset_array($e,$l)) { @@ -1073,6 +1090,20 @@ sub ParseElementPullLevel $length = "ndr_get_array_length($ndr, " . get_pointer_to($var_name) .")"; } + if (my $range = has_property($e, "range")) { + my ($low, $high) = split(/,/, $range, 2); + if ($low < 0) { + warning(0, "$low is invalid for the range of an array size"); + } + if ($low == 0) { + $self->pidl("if ($length > $high) {"); + } else { + $self->pidl("if ($length < $low || $length > $high) {"); + } + $self->pidl("\treturn ndr_pull_error($ndr, NDR_ERR_RANGE, \"value out of range\");"); + $self->pidl("}"); + } + $var_name = get_array_element($var_name, $counter); $self->ParseMemCtxPullStart($e, $l, $ndr, $array_name); -- 1.7.4.1 From 10768bf2174f3168120e823cf32f19af96ccf92a Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Thu, 15 Mar 2012 13:09:51 +0100 Subject: [PATCH 02/10] pidl/NDR/Parser: declare all union helper variables in ParseUnionPull() metze --- pidl/lib/Parse/Pidl/Samba4/NDR/Parser.pm | 4 ++-- 1 files changed, 2 insertions(+), 2 deletions(-) diff --git a/pidl/lib/Parse/Pidl/Samba4/NDR/Parser.pm b/pidl/lib/Parse/Pidl/Samba4/NDR/Parser.pm index bd8d676..a4957bb 100644 --- a/pidl/lib/Parse/Pidl/Samba4/NDR/Parser.pm +++ b/pidl/lib/Parse/Pidl/Samba4/NDR/Parser.pm @@ -1845,8 +1845,6 @@ sub ParseUnionPullPrimitives($$$$$) if ($el->{TYPE} ne "EMPTY") { $self->indent; - $self->DeclarePtrVariables($el); - $self->DeclareArrayVariables($el); if (defined($e->{PROPERTIES}{relative_base})) { $self->pidl("NDR_CHECK(ndr_pull_align($ndr, $el->{ALIGN}));"); # set the current offset as base for relative pointers @@ -1923,6 +1921,8 @@ sub ParseUnionPull($$$$) next if ($el->{TYPE} eq "EMPTY"); next if ($double_cases{"$el->{NAME}"}); $self->DeclareMemCtxVariables($el); + $self->DeclarePtrVariables($el); + $self->DeclareArrayVariables($el); $double_cases{"$el->{NAME}"} = 1; } -- 1.7.4.1 From 374353e9987c901759461d4ace6c6324a7b97a3e Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Thu, 15 Mar 2012 13:12:04 +0100 Subject: [PATCH 03/10] pidl/NDR/Parser: simplify logic in DeclareArrayVariables*() metze --- pidl/lib/Parse/Pidl/Samba4/NDR/Parser.pm | 14 ++++++-------- 1 files changed, 6 insertions(+), 8 deletions(-) diff --git a/pidl/lib/Parse/Pidl/Samba4/NDR/Parser.pm b/pidl/lib/Parse/Pidl/Samba4/NDR/Parser.pm index a4957bb..d1982f8 100644 --- a/pidl/lib/Parse/Pidl/Samba4/NDR/Parser.pm +++ b/pidl/lib/Parse/Pidl/Samba4/NDR/Parser.pm @@ -1514,11 +1514,10 @@ sub DeclareArrayVariables($$) my ($self,$e) = @_; foreach my $l (@{$e->{LEVELS}}) { + next if ($l->{TYPE} ne "ARRAY"); next if has_fast_array($e,$l); next if is_charset_array($e,$l); - if ($l->{TYPE} eq "ARRAY") { - $self->pidl("uint32_t cntr_$e->{NAME}_$l->{LEVEL_INDEX};"); - } + $self->pidl("uint32_t cntr_$e->{NAME}_$l->{LEVEL_INDEX};"); } } @@ -1527,15 +1526,14 @@ sub DeclareArrayVariablesNoZero($$$) my ($self,$e,$env) = @_; foreach my $l (@{$e->{LEVELS}}) { + next if ($l->{TYPE} ne "ARRAY"); next if has_fast_array($e,$l); next if is_charset_array($e,$l); - if ($l->{TYPE} eq "ARRAY") { - my $length = ParseExpr($l->{LENGTH_IS}, $env, $e->{ORIGINAL}); - if ($length eq "0") { + my $length = ParseExpr($l->{LENGTH_IS}, $env, $e->{ORIGINAL}); + if ($length eq "0") { warning($e->{ORIGINAL}, "pointless array cntr: 'cntr_$e->{NAME}_$l->{LEVEL_INDEX}': length=$length"); - } else { + } else { $self->pidl("uint32_t cntr_$e->{NAME}_$l->{LEVEL_INDEX};"); - } } } } -- 1.7.4.1 From f3ccdb86bf8278c370a32395f5e499553dadd9f1 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Thu, 15 Mar 2012 13:05:39 +0100 Subject: [PATCH 04/10] pidl/NDR/Parser: split off ParseArrayPullGetSize() and ParseArrayPullGetLength() metze --- pidl/lib/Parse/Pidl/Samba4/NDR/Parser.pm | 55 +++++++++++++++++++++++------- 1 files changed, 42 insertions(+), 13 deletions(-) diff --git a/pidl/lib/Parse/Pidl/Samba4/NDR/Parser.pm b/pidl/lib/Parse/Pidl/Samba4/NDR/Parser.pm index d1982f8..285a056 100644 --- a/pidl/lib/Parse/Pidl/Samba4/NDR/Parser.pm +++ b/pidl/lib/Parse/Pidl/Samba4/NDR/Parser.pm @@ -315,39 +315,68 @@ sub check_null_pointer($$$$) } } -##################################################################### -# parse an array - pull side -sub ParseArrayPullHeader($$$$$$) +sub ParseArrayPullGetSize($$$$$$) { my ($self,$e,$l,$ndr,$var_name,$env) = @_; - my $length; my $size; if ($l->{IS_CONFORMANT}) { - $length = $size = "ndr_get_array_size($ndr, " . get_pointer_to($var_name) . ")"; + $size = "ndr_get_array_size($ndr, " . get_pointer_to($var_name) . ")"; } elsif ($l->{IS_ZERO_TERMINATED} and $l->{SIZE_IS} == 0 and $l->{LENGTH_IS} == 0) { # Noheader arrays - $length = $size = "ndr_get_string_size($ndr, sizeof(*$var_name))"; + $size = "ndr_get_string_size($ndr, sizeof(*$var_name))"; } else { - $length = $size = ParseExprExt($l->{SIZE_IS}, $env, $e->{ORIGINAL}, + $size = ParseExprExt($l->{SIZE_IS}, $env, $e->{ORIGINAL}, check_null_pointer($e, $env, sub { $self->pidl(shift); }, "return ndr_pull_error($ndr, NDR_ERR_INVALID_POINTER, \"NULL Pointer for size_is()\");"), check_fully_dereferenced($e, $env)); } + my $array_size = $size; + + return $array_size; +} + +##################################################################### +# parse an array - pull side +sub ParseArrayPullGetLength($$$$$$;$) +{ + my ($self,$e,$l,$ndr,$var_name,$env,$array_size) = @_; + + if (not defined($array_size)) { + $array_size = $self->ParseArrayPullGetSize($e, $l, $ndr, $var_name, $env); + } + + my $array_length = $array_size; + if ($l->{IS_VARYING}) { + my $length = "ndr_get_array_length($ndr, " . get_pointer_to($var_name) .")"; + $array_length = $length; + } + + return $array_length; +} + +##################################################################### +# parse an array - pull side +sub ParseArrayPullHeader($$$$$$) +{ + my ($self,$e,$l,$ndr,$var_name,$env) = @_; + if ((!$l->{IS_SURROUNDING}) and $l->{IS_CONFORMANT}) { $self->pidl("NDR_CHECK(ndr_pull_array_size($ndr, " . get_pointer_to($var_name) . "));"); } if ($l->{IS_VARYING}) { $self->pidl("NDR_CHECK(ndr_pull_array_length($ndr, " . get_pointer_to($var_name) . "));"); - $length = "ndr_get_array_length($ndr, " . get_pointer_to($var_name) .")"; } - if ($length ne $size) { - $self->pidl("if ($length > $size) {"); + my $array_size = $self->ParseArrayPullGetSize($e, $l, $ndr, $var_name, $env); + my $array_length = $self->ParseArrayPullGetLength($e, $l, $ndr, $var_name, $env, $array_size); + + if ($array_length ne $array_size) { + $self->pidl("if ($array_length > $array_size) {"); $self->indent; - $self->pidl("return ndr_pull_error($ndr, NDR_ERR_ARRAY_SIZE, \"Bad array size %u should exceed array length %u\", $size, $length);"); + $self->pidl("return ndr_pull_error($ndr, NDR_ERR_ARRAY_SIZE, \"Bad array size %u should exceed array length %u\", $array_size, $array_length);"); $self->deindent; $self->pidl("}"); } @@ -377,10 +406,10 @@ sub ParseArrayPullHeader($$$$$$) } if (ArrayDynamicallyAllocated($e,$l) and not is_charset_array($e,$l)) { - $self->AllocateArrayLevel($e,$l,$ndr,$var_name,$size); + $self->AllocateArrayLevel($e,$l,$ndr,$var_name,$array_size); } - return $length; + return $array_length; } sub compression_alg($$) -- 1.7.4.1 From 3afef1549118254289821131cecd0a2b46b46332 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Thu, 15 Mar 2012 13:07:47 +0100 Subject: [PATCH 05/10] pidl/NDR/Parser: use ParseArrayPullGetLength() to get the number of array elements (bug #8815 / CVE-2012-1182) An anonymous researcher and Brian Gorenc (HP DVLabs) working with HP's Zero Day Initiative program have found this and notified us. metze --- pidl/lib/Parse/Pidl/Samba4/NDR/Parser.pm | 6 +----- 1 files changed, 1 insertions(+), 5 deletions(-) diff --git a/pidl/lib/Parse/Pidl/Samba4/NDR/Parser.pm b/pidl/lib/Parse/Pidl/Samba4/NDR/Parser.pm index 285a056..e398cae 100644 --- a/pidl/lib/Parse/Pidl/Samba4/NDR/Parser.pm +++ b/pidl/lib/Parse/Pidl/Samba4/NDR/Parser.pm @@ -1111,14 +1111,10 @@ sub ParseElementPullLevel } } elsif ($l->{TYPE} eq "ARRAY" and not has_fast_array($e,$l) and not is_charset_array($e, $l)) { - my $length = ParseExpr($l->{LENGTH_IS}, $env, $e->{ORIGINAL}); + my $length = $self->ParseArrayPullGetLength($e, $l, $ndr, $var_name, $env); my $counter = "cntr_$e->{NAME}_$l->{LEVEL_INDEX}"; my $array_name = $var_name; - if ($l->{IS_VARYING}) { - $length = "ndr_get_array_length($ndr, " . get_pointer_to($var_name) .")"; - } - if (my $range = has_property($e, "range")) { my ($low, $high) = split(/,/, $range, 2); if ($low < 0) { -- 1.7.4.1 From d1847c51531f1283fddcf8fe64cccf4cd23518a0 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Thu, 15 Mar 2012 15:07:08 +0100 Subject: [PATCH 06/10] pidl/NDR/Parser: remember if we already know the array length metze --- pidl/lib/Parse/Pidl/Samba4/NDR/Parser.pm | 8 +++++++- 1 files changed, 7 insertions(+), 1 deletions(-) diff --git a/pidl/lib/Parse/Pidl/Samba4/NDR/Parser.pm b/pidl/lib/Parse/Pidl/Samba4/NDR/Parser.pm index e398cae..ff1f0c1 100644 --- a/pidl/lib/Parse/Pidl/Samba4/NDR/Parser.pm +++ b/pidl/lib/Parse/Pidl/Samba4/NDR/Parser.pm @@ -1028,6 +1028,7 @@ sub ParseElementPullLevel my($self,$e,$l,$ndr,$var_name,$env,$primitives,$deferred) = @_; my $ndr_flags = CalcNdrFlags($l, $primitives, $deferred); + my $array_length = undef; if ($l->{TYPE} eq "ARRAY" and ($l->{IS_VARYING} or $l->{IS_CONFORMANT})) { $var_name = get_pointer_to($var_name); @@ -1041,6 +1042,7 @@ sub ParseElementPullLevel $self->ParseSubcontextPullEnd($e, $l, $ndr, $env); } elsif ($l->{TYPE} eq "ARRAY") { my $length = $self->ParseArrayPullHeader($e, $l, $ndr, $var_name, $env); + $array_length = $length; if (my $range = has_property($e, "range")) { my ($low, $high) = split(/,/, $range, 2); @@ -1111,10 +1113,14 @@ sub ParseElementPullLevel } } elsif ($l->{TYPE} eq "ARRAY" and not has_fast_array($e,$l) and not is_charset_array($e, $l)) { - my $length = $self->ParseArrayPullGetLength($e, $l, $ndr, $var_name, $env); + my $length = $array_length; my $counter = "cntr_$e->{NAME}_$l->{LEVEL_INDEX}"; my $array_name = $var_name; + if (not defined($length)) { + $length = $self->ParseArrayPullGetLength($e, $l, $ndr, $var_name, $env); + } + if (my $range = has_property($e, "range")) { my ($low, $high) = split(/,/, $range, 2); if ($low < 0) { -- 1.7.4.1 From 0daa94c88e0098831467283725b943f9d8e2cb34 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Thu, 15 Mar 2012 13:13:20 +0100 Subject: [PATCH 07/10] pidl/NDR/Parser: use helper variables for array size and length metze --- pidl/lib/Parse/Pidl/Samba4/NDR/Parser.pm | 22 +++++++++++++++------- 1 files changed, 15 insertions(+), 7 deletions(-) diff --git a/pidl/lib/Parse/Pidl/Samba4/NDR/Parser.pm b/pidl/lib/Parse/Pidl/Samba4/NDR/Parser.pm index ff1f0c1..a98ec6e 100644 --- a/pidl/lib/Parse/Pidl/Samba4/NDR/Parser.pm +++ b/pidl/lib/Parse/Pidl/Samba4/NDR/Parser.pm @@ -332,7 +332,8 @@ sub ParseArrayPullGetSize($$$$$$) check_fully_dereferenced($e, $env)); } - my $array_size = $size; + $self->pidl("size_$e->{NAME}_$l->{LEVEL_INDEX} = $size;"); + my $array_size = "size_$e->{NAME}_$l->{LEVEL_INDEX}"; return $array_size; } @@ -350,7 +351,8 @@ sub ParseArrayPullGetLength($$$$$$;$) my $array_length = $array_size; if ($l->{IS_VARYING}) { my $length = "ndr_get_array_length($ndr, " . get_pointer_to($var_name) .")"; - $array_length = $length; + $self->pidl("length_$e->{NAME}_$l->{LEVEL_INDEX} = $length;"); + $array_length = "length_$e->{NAME}_$l->{LEVEL_INDEX}"; } return $array_length; @@ -1540,12 +1542,18 @@ sub DeclarePtrVariables($$) } } -sub DeclareArrayVariables($$) +sub DeclareArrayVariables($$;$) { - my ($self,$e) = @_; + my ($self,$e,$pull) = @_; foreach my $l (@{$e->{LEVELS}}) { next if ($l->{TYPE} ne "ARRAY"); + if (defined($pull)) { + $self->pidl("uint32_t size_$e->{NAME}_$l->{LEVEL_INDEX} = 0;"); + if ($l->{IS_VARYING}) { + $self->pidl("uint32_t length_$e->{NAME}_$l->{LEVEL_INDEX} = 0;"); + } + } next if has_fast_array($e,$l); next if is_charset_array($e,$l); $self->pidl("uint32_t cntr_$e->{NAME}_$l->{LEVEL_INDEX};"); @@ -1630,7 +1638,7 @@ sub ParseStructPull($$$$) # declare any internal pointers we need foreach my $e (@{$struct->{ELEMENTS}}) { $self->DeclarePtrVariables($e); - $self->DeclareArrayVariables($e); + $self->DeclareArrayVariables($e, "pull"); $self->DeclareMemCtxVariables($e); } @@ -1951,7 +1959,7 @@ sub ParseUnionPull($$$$) next if ($double_cases{"$el->{NAME}"}); $self->DeclareMemCtxVariables($el); $self->DeclarePtrVariables($el); - $self->DeclareArrayVariables($el); + $self->DeclareArrayVariables($el, "pull"); $double_cases{"$el->{NAME}"} = 1; } @@ -2223,7 +2231,7 @@ sub ParseFunctionPull($$) # declare any internal pointers we need foreach my $e (@{$fn->{ELEMENTS}}) { $self->DeclarePtrVariables($e); - $self->DeclareArrayVariables($e); + $self->DeclareArrayVariables($e, "pull"); } my %double_cases = (); -- 1.7.4.1 From dbf4a376011fff07e67fe097255043d406dc2723 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Thu, 15 Mar 2012 13:14:48 +0100 Subject: [PATCH 08/10] pidl/NDR/Parser: do array range validation in ParseArrayPullGetLength() metze --- pidl/lib/Parse/Pidl/Samba4/NDR/Parser.pm | 42 ++++++++++-------------------- 1 files changed, 14 insertions(+), 28 deletions(-) diff --git a/pidl/lib/Parse/Pidl/Samba4/NDR/Parser.pm b/pidl/lib/Parse/Pidl/Samba4/NDR/Parser.pm index a98ec6e..48a94ef 100644 --- a/pidl/lib/Parse/Pidl/Samba4/NDR/Parser.pm +++ b/pidl/lib/Parse/Pidl/Samba4/NDR/Parser.pm @@ -355,6 +355,20 @@ sub ParseArrayPullGetLength($$$$$$;$) $array_length = "length_$e->{NAME}_$l->{LEVEL_INDEX}"; } + if (my $range = has_property($e, "range")) { + my ($low, $high) = split(/,/, $range, 2); + if ($low < 0) { + warning(0, "$low is invalid for the range of an array size"); + } + if ($low == 0) { + $self->pidl("if ($array_length > $high) {"); + } else { + $self->pidl("if ($array_length < $low || $array_length > $high) {"); + } + $self->pidl("\treturn ndr_pull_error($ndr, NDR_ERR_RANGE, \"value out of range\");"); + $self->pidl("}"); + } + return $array_length; } @@ -1046,20 +1060,6 @@ sub ParseElementPullLevel my $length = $self->ParseArrayPullHeader($e, $l, $ndr, $var_name, $env); $array_length = $length; - if (my $range = has_property($e, "range")) { - my ($low, $high) = split(/,/, $range, 2); - if ($low < 0) { - warning(0, "$low is invalid for the range of an array size"); - } - if ($low == 0) { - $self->pidl("if ($length > $high) {"); - } else { - $self->pidl("if ($length < $low || $length > $high) {"); - } - $self->pidl("\treturn ndr_pull_error($ndr, NDR_ERR_RANGE, \"value out of range\");"); - $self->pidl("}"); - } - my $nl = GetNextLevel($e, $l); if (is_charset_array($e,$l)) { @@ -1123,20 +1123,6 @@ sub ParseElementPullLevel $length = $self->ParseArrayPullGetLength($e, $l, $ndr, $var_name, $env); } - if (my $range = has_property($e, "range")) { - my ($low, $high) = split(/,/, $range, 2); - if ($low < 0) { - warning(0, "$low is invalid for the range of an array size"); - } - if ($low == 0) { - $self->pidl("if ($length > $high) {"); - } else { - $self->pidl("if ($length < $low || $length > $high) {"); - } - $self->pidl("\treturn ndr_pull_error($ndr, NDR_ERR_RANGE, \"value out of range\");"); - $self->pidl("}"); - } - $var_name = get_array_element($var_name, $counter); $self->ParseMemCtxPullStart($e, $l, $ndr, $array_name); -- 1.7.4.1 From a15404044986635d4b89fccca8e5087492a0ef78 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Thu, 15 Mar 2012 17:03:05 +0100 Subject: [PATCH 09/10] pidl/NDR/Parser: also do range checks on the array size metze --- pidl/lib/Parse/Pidl/Samba4/NDR/Parser.pm | 25 ++++++++++++++++++++----- 1 files changed, 20 insertions(+), 5 deletions(-) diff --git a/pidl/lib/Parse/Pidl/Samba4/NDR/Parser.pm b/pidl/lib/Parse/Pidl/Samba4/NDR/Parser.pm index 48a94ef..1543984 100644 --- a/pidl/lib/Parse/Pidl/Samba4/NDR/Parser.pm +++ b/pidl/lib/Parse/Pidl/Samba4/NDR/Parser.pm @@ -335,6 +335,20 @@ sub ParseArrayPullGetSize($$$$$$) $self->pidl("size_$e->{NAME}_$l->{LEVEL_INDEX} = $size;"); my $array_size = "size_$e->{NAME}_$l->{LEVEL_INDEX}"; + if (my $range = has_property($e, "range")) { + my ($low, $high) = split(/,/, $range, 2); + if ($low < 0) { + warning(0, "$low is invalid for the range of an array size"); + } + if ($low == 0) { + $self->pidl("if ($array_size > $high) {"); + } else { + $self->pidl("if ($array_size < $low || $array_size > $high) {"); + } + $self->pidl("\treturn ndr_pull_error($ndr, NDR_ERR_RANGE, \"value out of range\");"); + $self->pidl("}"); + } + return $array_size; } @@ -348,13 +362,14 @@ sub ParseArrayPullGetLength($$$$$$;$) $array_size = $self->ParseArrayPullGetSize($e, $l, $ndr, $var_name, $env); } - my $array_length = $array_size; - if ($l->{IS_VARYING}) { - my $length = "ndr_get_array_length($ndr, " . get_pointer_to($var_name) .")"; - $self->pidl("length_$e->{NAME}_$l->{LEVEL_INDEX} = $length;"); - $array_length = "length_$e->{NAME}_$l->{LEVEL_INDEX}"; + if (not $l->{IS_VARYING}) { + return $array_size; } + my $length = "ndr_get_array_length($ndr, " . get_pointer_to($var_name) .")"; + $self->pidl("length_$e->{NAME}_$l->{LEVEL_INDEX} = $length;"); + my $array_length = "length_$e->{NAME}_$l->{LEVEL_INDEX}"; + if (my $range = has_property($e, "range")) { my ($low, $high) = split(/,/, $range, 2); if ($low < 0) { -- 1.7.4.1 From 578ebd77cabc017fc23451ae9a43d9fb2de7e227 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Thu, 15 Mar 2012 18:46:44 +0100 Subject: [PATCH 10/10] rerun 'make samba3-idl' metze --- librpc/gen_ndr/ndr_dcerpc.c | 42 +- librpc/gen_ndr/ndr_dfs.c | 840 ++++++++---- librpc/gen_ndr/ndr_drsblobs.c | 160 ++- librpc/gen_ndr/ndr_drsuapi.c | 1031 ++++++++++----- librpc/gen_ndr/ndr_dssetup.c | 36 +- librpc/gen_ndr/ndr_echo.c | 54 +- librpc/gen_ndr/ndr_epmapper.c | 54 +- librpc/gen_ndr/ndr_eventlog.c | 79 +- librpc/gen_ndr/ndr_krb5pac.c | 22 +- librpc/gen_ndr/ndr_lsa.c | 276 +++-- librpc/gen_ndr/ndr_misc.c | 8 +- librpc/gen_ndr/ndr_named_pipe_auth.c | 122 ++- librpc/gen_ndr/ndr_nbt.c | 78 +- librpc/gen_ndr/ndr_netlogon.c | 1789 ++++++++++++++++--------- librpc/gen_ndr/ndr_ntlmssp.c | 60 +- librpc/gen_ndr/ndr_ntsvcs.c | 112 +- librpc/gen_ndr/ndr_samr.c | 182 ++- librpc/gen_ndr/ndr_schannel.c | 52 +- librpc/gen_ndr/ndr_security.c | 18 +- librpc/gen_ndr/ndr_spoolss.c | 2321 +++++++++++++++++++++----------- librpc/gen_ndr/ndr_srvsvc.c | 2178 +++++++++++++++++++----------- librpc/gen_ndr/ndr_svcctl.c | 704 +++++++--- librpc/gen_ndr/ndr_winreg.c | 158 ++- librpc/gen_ndr/ndr_wkssvc.c | 1378 ++++++++++++------- librpc/gen_ndr/ndr_xattr.c | 32 +- source3/librpc/gen_ndr/ndr_libnetapi.c | 22 +- source3/librpc/gen_ndr/ndr_messaging.c | 31 +- source3/librpc/gen_ndr/ndr_notify.c | 27 +- source3/librpc/gen_ndr/ndr_perfcount.c | 34 +- source3/librpc/gen_ndr/ndr_printcap.c | 59 +- source3/librpc/gen_ndr/ndr_secrets.c | 4 +- source3/librpc/gen_ndr/ndr_wbint.c | 222 ++- 32 files changed, 8030 insertions(+), 4155 deletions(-) diff --git a/librpc/gen_ndr/ndr_dcerpc.c b/librpc/gen_ndr/ndr_dcerpc.c index 37f6d54..bf0ae29 100644 --- a/librpc/gen_ndr/ndr_dcerpc.c +++ b/librpc/gen_ndr/ndr_dcerpc.c @@ -24,6 +24,7 @@ static enum ndr_err_code ndr_push_dcerpc_ctx_list(struct ndr_push *ndr, int ndr_ static enum ndr_err_code ndr_pull_dcerpc_ctx_list(struct ndr_pull *ndr, int ndr_flags, struct dcerpc_ctx_list *r) { + uint32_t size_transfer_syntaxes_0 = 0; uint32_t cntr_transfer_syntaxes_0; TALLOC_CTX *_mem_save_transfer_syntaxes_0; if (ndr_flags & NDR_SCALARS) { @@ -31,10 +32,11 @@ static enum ndr_err_code ndr_pull_dcerpc_ctx_list(struct ndr_pull *ndr, int ndr_ NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, &r->context_id)); NDR_CHECK(ndr_pull_uint8(ndr, NDR_SCALARS, &r->num_transfer_syntaxes)); NDR_CHECK(ndr_pull_ndr_syntax_id(ndr, NDR_SCALARS, &r->abstract_syntax)); - NDR_PULL_ALLOC_N(ndr, r->transfer_syntaxes, r->num_transfer_syntaxes); + size_transfer_syntaxes_0 = r->num_transfer_syntaxes; + NDR_PULL_ALLOC_N(ndr, r->transfer_syntaxes, size_transfer_syntaxes_0); _mem_save_transfer_syntaxes_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->transfer_syntaxes, 0); - for (cntr_transfer_syntaxes_0 = 0; cntr_transfer_syntaxes_0 < r->num_transfer_syntaxes; cntr_transfer_syntaxes_0++) { + for (cntr_transfer_syntaxes_0 = 0; cntr_transfer_syntaxes_0 < size_transfer_syntaxes_0; cntr_transfer_syntaxes_0++) { NDR_CHECK(ndr_pull_ndr_syntax_id(ndr, NDR_SCALARS, &r->transfer_syntaxes[cntr_transfer_syntaxes_0])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_transfer_syntaxes_0, 0); @@ -99,6 +101,7 @@ static enum ndr_err_code ndr_push_dcerpc_bind(struct ndr_push *ndr, int ndr_flag static enum ndr_err_code ndr_pull_dcerpc_bind(struct ndr_pull *ndr, int ndr_flags, struct dcerpc_bind *r) { + uint32_t size_ctx_list_0 = 0; uint32_t cntr_ctx_list_0; TALLOC_CTX *_mem_save_ctx_list_0; if (ndr_flags & NDR_SCALARS) { @@ -107,10 +110,11 @@ static enum ndr_err_code ndr_pull_dcerpc_bind(struct ndr_pull *ndr, int ndr_flag NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, &r->max_recv_frag)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->assoc_group_id)); NDR_CHECK(ndr_pull_uint8(ndr, NDR_SCALARS, &r->num_contexts)); - NDR_PULL_ALLOC_N(ndr, r->ctx_list, r->num_contexts); + size_ctx_list_0 = r->num_contexts; + NDR_PULL_ALLOC_N(ndr, r->ctx_list, size_ctx_list_0); _mem_save_ctx_list_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->ctx_list, 0); - for (cntr_ctx_list_0 = 0; cntr_ctx_list_0 < r->num_contexts; cntr_ctx_list_0++) { + for (cntr_ctx_list_0 = 0; cntr_ctx_list_0 < size_ctx_list_0; cntr_ctx_list_0++) { NDR_CHECK(ndr_pull_dcerpc_ctx_list(ndr, NDR_SCALARS, &r->ctx_list[cntr_ctx_list_0])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_ctx_list_0, 0); @@ -406,6 +410,8 @@ static enum ndr_err_code ndr_push_dcerpc_bind_ack(struct ndr_push *ndr, int ndr_ static enum ndr_err_code ndr_pull_dcerpc_bind_ack(struct ndr_pull *ndr, int ndr_flags, struct dcerpc_bind_ack *r) { + uint32_t size_secondary_address_0 = 0; + uint32_t size_ctx_list_0 = 0; uint32_t cntr_ctx_list_0; TALLOC_CTX *_mem_save_ctx_list_0; if (ndr_flags & NDR_SCALARS) { @@ -414,7 +420,8 @@ static enum ndr_err_code ndr_pull_dcerpc_bind_ack(struct ndr_pull *ndr, int ndr_ NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, &r->max_recv_frag)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->assoc_group_id)); NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, &r->secondary_address_size)); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->secondary_address, r->secondary_address_size, sizeof(uint8_t), CH_DOS)); + size_secondary_address_0 = r->secondary_address_size; + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->secondary_address, size_secondary_address_0, sizeof(uint8_t), CH_DOS)); { uint32_t _flags_save_DATA_BLOB = ndr->flags; ndr_set_flags(&ndr->flags, LIBNDR_FLAG_ALIGN4); @@ -422,10 +429,11 @@ static enum ndr_err_code ndr_pull_dcerpc_bind_ack(struct ndr_pull *ndr, int ndr_ ndr->flags = _flags_save_DATA_BLOB; } NDR_CHECK(ndr_pull_uint8(ndr, NDR_SCALARS, &r->num_results)); - NDR_PULL_ALLOC_N(ndr, r->ctx_list, r->num_results); + size_ctx_list_0 = r->num_results; + NDR_PULL_ALLOC_N(ndr, r->ctx_list, size_ctx_list_0); _mem_save_ctx_list_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->ctx_list, 0); - for (cntr_ctx_list_0 = 0; cntr_ctx_list_0 < r->num_results; cntr_ctx_list_0++) { + for (cntr_ctx_list_0 = 0; cntr_ctx_list_0 < size_ctx_list_0; cntr_ctx_list_0++) { NDR_CHECK(ndr_pull_dcerpc_ack_ctx(ndr, NDR_SCALARS, &r->ctx_list[cntr_ctx_list_0])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_ctx_list_0, 0); @@ -486,15 +494,17 @@ static enum ndr_err_code ndr_push_dcerpc_bind_nak_versions(struct ndr_push *ndr, static enum ndr_err_code ndr_pull_dcerpc_bind_nak_versions(struct ndr_pull *ndr, int ndr_flags, struct dcerpc_bind_nak_versions *r) { + uint32_t size_versions_0 = 0; uint32_t cntr_versions_0; TALLOC_CTX *_mem_save_versions_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->num_versions)); - NDR_PULL_ALLOC_N(ndr, r->versions, r->num_versions); + size_versions_0 = r->num_versions; + NDR_PULL_ALLOC_N(ndr, r->versions, size_versions_0); _mem_save_versions_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->versions, 0); - for (cntr_versions_0 = 0; cntr_versions_0 < r->num_versions; cntr_versions_0++) { + for (cntr_versions_0 = 0; cntr_versions_0 < size_versions_0; cntr_versions_0++) { NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->versions[cntr_versions_0])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_versions_0, 0); @@ -1107,6 +1117,7 @@ _PUBLIC_ enum ndr_err_code ndr_push_dcerpc_fack(struct ndr_push *ndr, int ndr_fl _PUBLIC_ enum ndr_err_code ndr_pull_dcerpc_fack(struct ndr_pull *ndr, int ndr_flags, struct dcerpc_fack *r) { + uint32_t size_selack_0 = 0; uint32_t cntr_selack_0; TALLOC_CTX *_mem_save_selack_0; if (ndr_flags & NDR_SCALARS) { @@ -1118,10 +1129,11 @@ _PUBLIC_ enum ndr_err_code ndr_pull_dcerpc_fack(struct ndr_pull *ndr, int ndr_fl NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->max_frag_size)); NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, &r->serial_no)); NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, &r->selack_size)); - NDR_PULL_ALLOC_N(ndr, r->selack, r->selack_size); + size_selack_0 = r->selack_size; + NDR_PULL_ALLOC_N(ndr, r->selack, size_selack_0); _mem_save_selack_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->selack, 0); - for (cntr_selack_0 = 0; cntr_selack_0 < r->selack_size; cntr_selack_0++) { + for (cntr_selack_0 = 0; cntr_selack_0 < size_selack_0; cntr_selack_0++) { NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->selack[cntr_selack_0])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_selack_0, 0); @@ -1753,13 +1765,15 @@ _PUBLIC_ enum ndr_err_code ndr_push_ncacn_packet(struct ndr_push *ndr, int ndr_f _PUBLIC_ enum ndr_err_code ndr_pull_ncacn_packet(struct ndr_pull *ndr, int ndr_flags, struct ncacn_packet *r) { + uint32_t size_drep_0 = 0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); NDR_CHECK(ndr_pull_uint8(ndr, NDR_SCALARS, &r->rpc_vers)); NDR_CHECK(ndr_pull_uint8(ndr, NDR_SCALARS, &r->rpc_vers_minor)); NDR_CHECK(ndr_pull_dcerpc_pkt_type(ndr, NDR_SCALARS, &r->ptype)); NDR_CHECK(ndr_pull_uint8(ndr, NDR_SCALARS, &r->pfc_flags)); - NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->drep, 4)); + size_drep_0 = 4; + NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->drep, size_drep_0)); NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, &r->frag_length)); NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, &r->auth_length)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->call_id)); @@ -1825,13 +1839,15 @@ _PUBLIC_ enum ndr_err_code ndr_push_ncadg_packet(struct ndr_push *ndr, int ndr_f _PUBLIC_ enum ndr_err_code ndr_pull_ncadg_packet(struct ndr_pull *ndr, int ndr_flags, struct ncadg_packet *r) { + uint32_t size_drep_0 = 0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); NDR_CHECK(ndr_pull_uint8(ndr, NDR_SCALARS, &r->rpc_vers)); NDR_CHECK(ndr_pull_uint8(ndr, NDR_SCALARS, &r->ptype)); NDR_CHECK(ndr_pull_uint8(ndr, NDR_SCALARS, &r->pfc_flags)); NDR_CHECK(ndr_pull_uint8(ndr, NDR_SCALARS, &r->ncadg_flags)); - NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->drep, 3)); + size_drep_0 = 3; + NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->drep, size_drep_0)); NDR_CHECK(ndr_pull_uint8(ndr, NDR_SCALARS, &r->serial_high)); NDR_CHECK(ndr_pull_GUID(ndr, NDR_SCALARS, &r->object)); NDR_CHECK(ndr_pull_GUID(ndr, NDR_SCALARS, &r->iface)); diff --git a/librpc/gen_ndr/ndr_dfs.c b/librpc/gen_ndr/ndr_dfs.c index 62f42ba..bbadbeb 100644 --- a/librpc/gen_ndr/ndr_dfs.c +++ b/librpc/gen_ndr/ndr_dfs.c @@ -81,6 +81,8 @@ static enum ndr_err_code ndr_push_dfs_Info1(struct ndr_push *ndr, int ndr_flags, static enum ndr_err_code ndr_pull_dfs_Info1(struct ndr_pull *ndr, int ndr_flags, struct dfs_Info1 *r) { uint32_t _ptr_path; + uint32_t size_path_1 = 0; + uint32_t length_path_1 = 0; TALLOC_CTX *_mem_save_path_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 5)); @@ -98,11 +100,13 @@ static enum ndr_err_code ndr_pull_dfs_Info1(struct ndr_pull *ndr, int ndr_flags, NDR_PULL_SET_MEM_CTX(ndr, r->path, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->path)); NDR_CHECK(ndr_pull_array_length(ndr, &r->path)); - if (ndr_get_array_length(ndr, &r->path) > ndr_get_array_size(ndr, &r->path)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->path), ndr_get_array_length(ndr, &r->path)); + size_path_1 = ndr_get_array_size(ndr, &r->path); + length_path_1 = ndr_get_array_length(ndr, &r->path); + if (length_path_1 > size_path_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_path_1, length_path_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->path), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->path, ndr_get_array_length(ndr, &r->path), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_path_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->path, length_path_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_path_0, 0); } } @@ -179,8 +183,12 @@ static enum ndr_err_code ndr_push_dfs_Info2(struct ndr_push *ndr, int ndr_flags, static enum ndr_err_code ndr_pull_dfs_Info2(struct ndr_pull *ndr, int ndr_flags, struct dfs_Info2 *r) { uint32_t _ptr_path; + uint32_t size_path_1 = 0; + uint32_t length_path_1 = 0; TALLOC_CTX *_mem_save_path_0; uint32_t _ptr_comment; + uint32_t size_comment_1 = 0; + uint32_t length_comment_1 = 0; TALLOC_CTX *_mem_save_comment_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 5)); @@ -206,11 +214,13 @@ static enum ndr_err_code ndr_pull_dfs_Info2(struct ndr_pull *ndr, int ndr_flags, NDR_PULL_SET_MEM_CTX(ndr, r->path, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->path)); NDR_CHECK(ndr_pull_array_length(ndr, &r->path)); - if (ndr_get_array_length(ndr, &r->path) > ndr_get_array_size(ndr, &r->path)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->path), ndr_get_array_length(ndr, &r->path)); + size_path_1 = ndr_get_array_size(ndr, &r->path); + length_path_1 = ndr_get_array_length(ndr, &r->path); + if (length_path_1 > size_path_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_path_1, length_path_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->path), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->path, ndr_get_array_length(ndr, &r->path), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_path_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->path, length_path_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_path_0, 0); } if (r->comment) { @@ -218,11 +228,13 @@ static enum ndr_err_code ndr_pull_dfs_Info2(struct ndr_pull *ndr, int ndr_flags, NDR_PULL_SET_MEM_CTX(ndr, r->comment, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->comment)); NDR_CHECK(ndr_pull_array_length(ndr, &r->comment)); - if (ndr_get_array_length(ndr, &r->comment) > ndr_get_array_size(ndr, &r->comment)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->comment), ndr_get_array_length(ndr, &r->comment)); + size_comment_1 = ndr_get_array_size(ndr, &r->comment); + length_comment_1 = ndr_get_array_length(ndr, &r->comment); + if (length_comment_1 > size_comment_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_comment_1, length_comment_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->comment), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->comment, ndr_get_array_length(ndr, &r->comment), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_comment_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->comment, length_comment_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_comment_0, 0); } } @@ -303,8 +315,12 @@ static enum ndr_err_code ndr_push_dfs_StorageInfo(struct ndr_push *ndr, int ndr_ static enum ndr_err_code ndr_pull_dfs_StorageInfo(struct ndr_pull *ndr, int ndr_flags, struct dfs_StorageInfo *r) { uint32_t _ptr_server; + uint32_t size_server_1 = 0; + uint32_t length_server_1 = 0; TALLOC_CTX *_mem_save_server_0; uint32_t _ptr_share; + uint32_t size_share_1 = 0; + uint32_t length_share_1 = 0; TALLOC_CTX *_mem_save_share_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 5)); @@ -329,11 +345,13 @@ static enum ndr_err_code ndr_pull_dfs_StorageInfo(struct ndr_pull *ndr, int ndr_ NDR_PULL_SET_MEM_CTX(ndr, r->server, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->server)); NDR_CHECK(ndr_pull_array_length(ndr, &r->server)); - if (ndr_get_array_length(ndr, &r->server) > ndr_get_array_size(ndr, &r->server)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->server), ndr_get_array_length(ndr, &r->server)); + size_server_1 = ndr_get_array_size(ndr, &r->server); + length_server_1 = ndr_get_array_length(ndr, &r->server); + if (length_server_1 > size_server_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_1, length_server_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->server), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->server, ndr_get_array_length(ndr, &r->server), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->server, length_server_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_0, 0); } if (r->share) { @@ -341,11 +359,13 @@ static enum ndr_err_code ndr_pull_dfs_StorageInfo(struct ndr_pull *ndr, int ndr_ NDR_PULL_SET_MEM_CTX(ndr, r->share, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->share)); NDR_CHECK(ndr_pull_array_length(ndr, &r->share)); - if (ndr_get_array_length(ndr, &r->share) > ndr_get_array_size(ndr, &r->share)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->share), ndr_get_array_length(ndr, &r->share)); + size_share_1 = ndr_get_array_size(ndr, &r->share); + length_share_1 = ndr_get_array_length(ndr, &r->share); + if (length_share_1 > size_share_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_share_1, length_share_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->share), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->share, ndr_get_array_length(ndr, &r->share), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_share_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->share, length_share_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_share_0, 0); } } @@ -413,10 +433,15 @@ static enum ndr_err_code ndr_push_dfs_Info3(struct ndr_push *ndr, int ndr_flags, static enum ndr_err_code ndr_pull_dfs_Info3(struct ndr_pull *ndr, int ndr_flags, struct dfs_Info3 *r) { uint32_t _ptr_path; + uint32_t size_path_1 = 0; + uint32_t length_path_1 = 0; TALLOC_CTX *_mem_save_path_0; uint32_t _ptr_comment; + uint32_t size_comment_1 = 0; + uint32_t length_comment_1 = 0; TALLOC_CTX *_mem_save_comment_0; uint32_t _ptr_stores; + uint32_t size_stores_1 = 0; uint32_t cntr_stores_1; TALLOC_CTX *_mem_save_stores_0; TALLOC_CTX *_mem_save_stores_1; @@ -450,11 +475,13 @@ static enum ndr_err_code ndr_pull_dfs_Info3(struct ndr_pull *ndr, int ndr_flags, NDR_PULL_SET_MEM_CTX(ndr, r->path, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->path)); NDR_CHECK(ndr_pull_array_length(ndr, &r->path)); - if (ndr_get_array_length(ndr, &r->path) > ndr_get_array_size(ndr, &r->path)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->path), ndr_get_array_length(ndr, &r->path)); + size_path_1 = ndr_get_array_size(ndr, &r->path); + length_path_1 = ndr_get_array_length(ndr, &r->path); + if (length_path_1 > size_path_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_path_1, length_path_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->path), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->path, ndr_get_array_length(ndr, &r->path), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_path_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->path, length_path_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_path_0, 0); } if (r->comment) { @@ -462,24 +489,27 @@ static enum ndr_err_code ndr_pull_dfs_Info3(struct ndr_pull *ndr, int ndr_flags, NDR_PULL_SET_MEM_CTX(ndr, r->comment, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->comment)); NDR_CHECK(ndr_pull_array_length(ndr, &r->comment)); - if (ndr_get_array_length(ndr, &r->comment) > ndr_get_array_size(ndr, &r->comment)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->comment), ndr_get_array_length(ndr, &r->comment)); + size_comment_1 = ndr_get_array_size(ndr, &r->comment); + length_comment_1 = ndr_get_array_length(ndr, &r->comment); + if (length_comment_1 > size_comment_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_comment_1, length_comment_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->comment), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->comment, ndr_get_array_length(ndr, &r->comment), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_comment_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->comment, length_comment_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_comment_0, 0); } if (r->stores) { _mem_save_stores_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->stores, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->stores)); - NDR_PULL_ALLOC_N(ndr, r->stores, ndr_get_array_size(ndr, &r->stores)); + size_stores_1 = ndr_get_array_size(ndr, &r->stores); + NDR_PULL_ALLOC_N(ndr, r->stores, size_stores_1); _mem_save_stores_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->stores, 0); - for (cntr_stores_1 = 0; cntr_stores_1 < r->num_stores; cntr_stores_1++) { + for (cntr_stores_1 = 0; cntr_stores_1 < size_stores_1; cntr_stores_1++) { NDR_CHECK(ndr_pull_dfs_StorageInfo(ndr, NDR_SCALARS, &r->stores[cntr_stores_1])); } - for (cntr_stores_1 = 0; cntr_stores_1 < r->num_stores; cntr_stores_1++) { + for (cntr_stores_1 = 0; cntr_stores_1 < size_stores_1; cntr_stores_1++) { NDR_CHECK(ndr_pull_dfs_StorageInfo(ndr, NDR_BUFFERS, &r->stores[cntr_stores_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_stores_1, 0); @@ -572,10 +602,15 @@ static enum ndr_err_code ndr_push_dfs_Info4(struct ndr_push *ndr, int ndr_flags, static enum ndr_err_code ndr_pull_dfs_Info4(struct ndr_pull *ndr, int ndr_flags, struct dfs_Info4 *r) { uint32_t _ptr_path; + uint32_t size_path_1 = 0; + uint32_t length_path_1 = 0; TALLOC_CTX *_mem_save_path_0; uint32_t _ptr_comment; + uint32_t size_comment_1 = 0; + uint32_t length_comment_1 = 0; TALLOC_CTX *_mem_save_comment_0; uint32_t _ptr_stores; + uint32_t size_stores_1 = 0; uint32_t cntr_stores_1; TALLOC_CTX *_mem_save_stores_0; TALLOC_CTX *_mem_save_stores_1; @@ -611,11 +646,13 @@ static enum ndr_err_code ndr_pull_dfs_Info4(struct ndr_pull *ndr, int ndr_flags, NDR_PULL_SET_MEM_CTX(ndr, r->path, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->path)); NDR_CHECK(ndr_pull_array_length(ndr, &r->path)); - if (ndr_get_array_length(ndr, &r->path) > ndr_get_array_size(ndr, &r->path)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->path), ndr_get_array_length(ndr, &r->path)); + size_path_1 = ndr_get_array_size(ndr, &r->path); + length_path_1 = ndr_get_array_length(ndr, &r->path); + if (length_path_1 > size_path_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_path_1, length_path_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->path), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->path, ndr_get_array_length(ndr, &r->path), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_path_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->path, length_path_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_path_0, 0); } if (r->comment) { @@ -623,24 +660,27 @@ static enum ndr_err_code ndr_pull_dfs_Info4(struct ndr_pull *ndr, int ndr_flags, NDR_PULL_SET_MEM_CTX(ndr, r->comment, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->comment)); NDR_CHECK(ndr_pull_array_length(ndr, &r->comment)); - if (ndr_get_array_length(ndr, &r->comment) > ndr_get_array_size(ndr, &r->comment)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->comment), ndr_get_array_length(ndr, &r->comment)); + size_comment_1 = ndr_get_array_size(ndr, &r->comment); + length_comment_1 = ndr_get_array_length(ndr, &r->comment); + if (length_comment_1 > size_comment_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_comment_1, length_comment_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->comment), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->comment, ndr_get_array_length(ndr, &r->comment), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_comment_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->comment, length_comment_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_comment_0, 0); } if (r->stores) { _mem_save_stores_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->stores, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->stores)); - NDR_PULL_ALLOC_N(ndr, r->stores, ndr_get_array_size(ndr, &r->stores)); + size_stores_1 = ndr_get_array_size(ndr, &r->stores); + NDR_PULL_ALLOC_N(ndr, r->stores, size_stores_1); _mem_save_stores_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->stores, 0); - for (cntr_stores_1 = 0; cntr_stores_1 < r->num_stores; cntr_stores_1++) { + for (cntr_stores_1 = 0; cntr_stores_1 < size_stores_1; cntr_stores_1++) { NDR_CHECK(ndr_pull_dfs_StorageInfo(ndr, NDR_SCALARS, &r->stores[cntr_stores_1])); } - for (cntr_stores_1 = 0; cntr_stores_1 < r->num_stores; cntr_stores_1++) { + for (cntr_stores_1 = 0; cntr_stores_1 < size_stores_1; cntr_stores_1++) { NDR_CHECK(ndr_pull_dfs_StorageInfo(ndr, NDR_BUFFERS, &r->stores[cntr_stores_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_stores_1, 0); @@ -752,8 +792,12 @@ static enum ndr_err_code ndr_push_dfs_Info5(struct ndr_push *ndr, int ndr_flags, static enum ndr_err_code ndr_pull_dfs_Info5(struct ndr_pull *ndr, int ndr_flags, struct dfs_Info5 *r) { uint32_t _ptr_path; + uint32_t size_path_1 = 0; + uint32_t length_path_1 = 0; TALLOC_CTX *_mem_save_path_0; uint32_t _ptr_comment; + uint32_t size_comment_1 = 0; + uint32_t length_comment_1 = 0; TALLOC_CTX *_mem_save_comment_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 5)); @@ -783,11 +827,13 @@ static enum ndr_err_code ndr_pull_dfs_Info5(struct ndr_pull *ndr, int ndr_flags, NDR_PULL_SET_MEM_CTX(ndr, r->path, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->path)); NDR_CHECK(ndr_pull_array_length(ndr, &r->path)); - if (ndr_get_array_length(ndr, &r->path) > ndr_get_array_size(ndr, &r->path)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->path), ndr_get_array_length(ndr, &r->path)); + size_path_1 = ndr_get_array_size(ndr, &r->path); + length_path_1 = ndr_get_array_length(ndr, &r->path); + if (length_path_1 > size_path_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_path_1, length_path_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->path), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->path, ndr_get_array_length(ndr, &r->path), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_path_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->path, length_path_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_path_0, 0); } if (r->comment) { @@ -795,11 +841,13 @@ static enum ndr_err_code ndr_pull_dfs_Info5(struct ndr_pull *ndr, int ndr_flags, NDR_PULL_SET_MEM_CTX(ndr, r->comment, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->comment)); NDR_CHECK(ndr_pull_array_length(ndr, &r->comment)); - if (ndr_get_array_length(ndr, &r->comment) > ndr_get_array_size(ndr, &r->comment)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->comment), ndr_get_array_length(ndr, &r->comment)); + size_comment_1 = ndr_get_array_size(ndr, &r->comment); + length_comment_1 = ndr_get_array_length(ndr, &r->comment); + if (length_comment_1 > size_comment_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_comment_1, length_comment_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->comment), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->comment, ndr_get_array_length(ndr, &r->comment), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_comment_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->comment, length_comment_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_comment_0, 0); } } @@ -980,10 +1028,15 @@ static enum ndr_err_code ndr_push_dfs_Info6(struct ndr_push *ndr, int ndr_flags, static enum ndr_err_code ndr_pull_dfs_Info6(struct ndr_pull *ndr, int ndr_flags, struct dfs_Info6 *r) { uint32_t _ptr_entry_path; + uint32_t size_entry_path_1 = 0; + uint32_t length_entry_path_1 = 0; TALLOC_CTX *_mem_save_entry_path_0; uint32_t _ptr_comment; + uint32_t size_comment_1 = 0; + uint32_t length_comment_1 = 0; TALLOC_CTX *_mem_save_comment_0; uint32_t _ptr_stores; + uint32_t size_stores_1 = 0; uint32_t cntr_stores_1; TALLOC_CTX *_mem_save_stores_0; TALLOC_CTX *_mem_save_stores_1; @@ -1021,11 +1074,13 @@ static enum ndr_err_code ndr_pull_dfs_Info6(struct ndr_pull *ndr, int ndr_flags, NDR_PULL_SET_MEM_CTX(ndr, r->entry_path, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->entry_path)); NDR_CHECK(ndr_pull_array_length(ndr, &r->entry_path)); - if (ndr_get_array_length(ndr, &r->entry_path) > ndr_get_array_size(ndr, &r->entry_path)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->entry_path), ndr_get_array_length(ndr, &r->entry_path)); + size_entry_path_1 = ndr_get_array_size(ndr, &r->entry_path); + length_entry_path_1 = ndr_get_array_length(ndr, &r->entry_path); + if (length_entry_path_1 > size_entry_path_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_entry_path_1, length_entry_path_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->entry_path), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->entry_path, ndr_get_array_length(ndr, &r->entry_path), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_entry_path_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->entry_path, length_entry_path_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_entry_path_0, 0); } if (r->comment) { @@ -1033,24 +1088,27 @@ static enum ndr_err_code ndr_pull_dfs_Info6(struct ndr_pull *ndr, int ndr_flags, NDR_PULL_SET_MEM_CTX(ndr, r->comment, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->comment)); NDR_CHECK(ndr_pull_array_length(ndr, &r->comment)); - if (ndr_get_array_length(ndr, &r->comment) > ndr_get_array_size(ndr, &r->comment)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->comment), ndr_get_array_length(ndr, &r->comment)); + size_comment_1 = ndr_get_array_size(ndr, &r->comment); + length_comment_1 = ndr_get_array_length(ndr, &r->comment); + if (length_comment_1 > size_comment_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_comment_1, length_comment_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->comment), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->comment, ndr_get_array_length(ndr, &r->comment), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_comment_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->comment, length_comment_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_comment_0, 0); } if (r->stores) { _mem_save_stores_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->stores, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->stores)); - NDR_PULL_ALLOC_N(ndr, r->stores, ndr_get_array_size(ndr, &r->stores)); + size_stores_1 = ndr_get_array_size(ndr, &r->stores); + NDR_PULL_ALLOC_N(ndr, r->stores, size_stores_1); _mem_save_stores_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->stores, 0); - for (cntr_stores_1 = 0; cntr_stores_1 < r->num_stores; cntr_stores_1++) { + for (cntr_stores_1 = 0; cntr_stores_1 < size_stores_1; cntr_stores_1++) { NDR_CHECK(ndr_pull_dfs_StorageInfo2(ndr, NDR_SCALARS, &r->stores[cntr_stores_1])); } - for (cntr_stores_1 = 0; cntr_stores_1 < r->num_stores; cntr_stores_1++) { + for (cntr_stores_1 = 0; cntr_stores_1 < size_stores_1; cntr_stores_1++) { NDR_CHECK(ndr_pull_dfs_StorageInfo2(ndr, NDR_BUFFERS, &r->stores[cntr_stores_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_stores_1, 0); @@ -1157,6 +1215,8 @@ static enum ndr_err_code ndr_push_dfs_Info100(struct ndr_push *ndr, int ndr_flag static enum ndr_err_code ndr_pull_dfs_Info100(struct ndr_pull *ndr, int ndr_flags, struct dfs_Info100 *r) { uint32_t _ptr_comment; + uint32_t size_comment_1 = 0; + uint32_t length_comment_1 = 0; TALLOC_CTX *_mem_save_comment_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 5)); @@ -1174,11 +1234,13 @@ static enum ndr_err_code ndr_pull_dfs_Info100(struct ndr_pull *ndr, int ndr_flag NDR_PULL_SET_MEM_CTX(ndr, r->comment, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->comment)); NDR_CHECK(ndr_pull_array_length(ndr, &r->comment)); - if (ndr_get_array_length(ndr, &r->comment) > ndr_get_array_size(ndr, &r->comment)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->comment), ndr_get_array_length(ndr, &r->comment)); + size_comment_1 = ndr_get_array_size(ndr, &r->comment); + length_comment_1 = ndr_get_array_length(ndr, &r->comment); + if (length_comment_1 > size_comment_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_comment_1, length_comment_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->comment), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->comment, ndr_get_array_length(ndr, &r->comment), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_comment_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->comment, length_comment_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_comment_0, 0); } } @@ -1351,6 +1413,8 @@ static enum ndr_err_code ndr_push_dfs_Info105(struct ndr_push *ndr, int ndr_flag static enum ndr_err_code ndr_pull_dfs_Info105(struct ndr_pull *ndr, int ndr_flags, struct dfs_Info105 *r) { uint32_t _ptr_comment; + uint32_t size_comment_1 = 0; + uint32_t length_comment_1 = 0; TALLOC_CTX *_mem_save_comment_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 5)); @@ -1372,11 +1436,13 @@ static enum ndr_err_code ndr_pull_dfs_Info105(struct ndr_pull *ndr, int ndr_flag NDR_PULL_SET_MEM_CTX(ndr, r->comment, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->comment)); NDR_CHECK(ndr_pull_array_length(ndr, &r->comment)); - if (ndr_get_array_length(ndr, &r->comment) > ndr_get_array_size(ndr, &r->comment)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->comment), ndr_get_array_length(ndr, &r->comment)); + size_comment_1 = ndr_get_array_size(ndr, &r->comment); + length_comment_1 = ndr_get_array_length(ndr, &r->comment); + if (length_comment_1 > size_comment_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_comment_1, length_comment_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->comment), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->comment, ndr_get_array_length(ndr, &r->comment), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_comment_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->comment, length_comment_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_comment_0, 0); } } @@ -1456,6 +1522,8 @@ static enum ndr_err_code ndr_push_dfs_Info200(struct ndr_push *ndr, int ndr_flag static enum ndr_err_code ndr_pull_dfs_Info200(struct ndr_pull *ndr, int ndr_flags, struct dfs_Info200 *r) { uint32_t _ptr_dom_root; + uint32_t size_dom_root_1 = 0; + uint32_t length_dom_root_1 = 0; TALLOC_CTX *_mem_save_dom_root_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 5)); @@ -1473,11 +1541,13 @@ static enum ndr_err_code ndr_pull_dfs_Info200(struct ndr_pull *ndr, int ndr_flag NDR_PULL_SET_MEM_CTX(ndr, r->dom_root, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->dom_root)); NDR_CHECK(ndr_pull_array_length(ndr, &r->dom_root)); - if (ndr_get_array_length(ndr, &r->dom_root) > ndr_get_array_size(ndr, &r->dom_root)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->dom_root), ndr_get_array_length(ndr, &r->dom_root)); + size_dom_root_1 = ndr_get_array_size(ndr, &r->dom_root); + length_dom_root_1 = ndr_get_array_length(ndr, &r->dom_root); + if (length_dom_root_1 > size_dom_root_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_dom_root_1, length_dom_root_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->dom_root), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->dom_root, ndr_get_array_length(ndr, &r->dom_root), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_dom_root_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->dom_root, length_dom_root_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_dom_root_0, 0); } } @@ -1544,6 +1614,8 @@ static enum ndr_err_code ndr_push_dfs_Info300(struct ndr_push *ndr, int ndr_flag static enum ndr_err_code ndr_pull_dfs_Info300(struct ndr_pull *ndr, int ndr_flags, struct dfs_Info300 *r) { uint32_t _ptr_dom_root; + uint32_t size_dom_root_1 = 0; + uint32_t length_dom_root_1 = 0; TALLOC_CTX *_mem_save_dom_root_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 5)); @@ -1562,11 +1634,13 @@ static enum ndr_err_code ndr_pull_dfs_Info300(struct ndr_pull *ndr, int ndr_flag NDR_PULL_SET_MEM_CTX(ndr, r->dom_root, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->dom_root)); NDR_CHECK(ndr_pull_array_length(ndr, &r->dom_root)); - if (ndr_get_array_length(ndr, &r->dom_root) > ndr_get_array_size(ndr, &r->dom_root)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->dom_root), ndr_get_array_length(ndr, &r->dom_root)); + size_dom_root_1 = ndr_get_array_size(ndr, &r->dom_root); + length_dom_root_1 = ndr_get_array_length(ndr, &r->dom_root); + if (length_dom_root_1 > size_dom_root_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_dom_root_1, length_dom_root_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->dom_root), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->dom_root, ndr_get_array_length(ndr, &r->dom_root), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_dom_root_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->dom_root, length_dom_root_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_dom_root_0, 0); } } @@ -1763,20 +1837,35 @@ static enum ndr_err_code ndr_pull_dfs_Info(struct ndr_pull *ndr, int ndr_flags, int level; uint32_t _level; TALLOC_CTX *_mem_save_info0_0; + uint32_t _ptr_info0; TALLOC_CTX *_mem_save_info1_0; + uint32_t _ptr_info1; TALLOC_CTX *_mem_save_info2_0; + uint32_t _ptr_info2; TALLOC_CTX *_mem_save_info3_0; + uint32_t _ptr_info3; TALLOC_CTX *_mem_save_info4_0; + uint32_t _ptr_info4; TALLOC_CTX *_mem_save_info5_0; + uint32_t _ptr_info5; TALLOC_CTX *_mem_save_info6_0; + uint32_t _ptr_info6; TALLOC_CTX *_mem_save_info7_0; + uint32_t _ptr_info7; TALLOC_CTX *_mem_save_info100_0; + uint32_t _ptr_info100; TALLOC_CTX *_mem_save_info101_0; + uint32_t _ptr_info101; TALLOC_CTX *_mem_save_info102_0; + uint32_t _ptr_info102; TALLOC_CTX *_mem_save_info103_0; + uint32_t _ptr_info103; TALLOC_CTX *_mem_save_info104_0; + uint32_t _ptr_info104; TALLOC_CTX *_mem_save_info105_0; + uint32_t _ptr_info105; TALLOC_CTX *_mem_save_info106_0; + uint32_t _ptr_info106; level = ndr_pull_get_switch_value(ndr, r); if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &_level)); @@ -1786,7 +1875,6 @@ static enum ndr_err_code ndr_pull_dfs_Info(struct ndr_pull *ndr, int ndr_flags, NDR_CHECK(ndr_pull_union_align(ndr, 5)); switch (level) { case 0: { - uint32_t _ptr_info0; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info0)); if (_ptr_info0) { NDR_PULL_ALLOC(ndr, r->info0); @@ -1796,7 +1884,6 @@ static enum ndr_err_code ndr_pull_dfs_Info(struct ndr_pull *ndr, int ndr_flags, break; } case 1: { - uint32_t _ptr_info1; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info1)); if (_ptr_info1) { NDR_PULL_ALLOC(ndr, r->info1); @@ -1806,7 +1893,6 @@ static enum ndr_err_code ndr_pull_dfs_Info(struct ndr_pull *ndr, int ndr_flags, break; } case 2: { - uint32_t _ptr_info2; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info2)); if (_ptr_info2) { NDR_PULL_ALLOC(ndr, r->info2); @@ -1816,7 +1902,6 @@ static enum ndr_err_code ndr_pull_dfs_Info(struct ndr_pull *ndr, int ndr_flags, break; } case 3: { - uint32_t _ptr_info3; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info3)); if (_ptr_info3) { NDR_PULL_ALLOC(ndr, r->info3); @@ -1826,7 +1911,6 @@ static enum ndr_err_code ndr_pull_dfs_Info(struct ndr_pull *ndr, int ndr_flags, break; } case 4: { - uint32_t _ptr_info4; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info4)); if (_ptr_info4) { NDR_PULL_ALLOC(ndr, r->info4); @@ -1836,7 +1920,6 @@ static enum ndr_err_code ndr_pull_dfs_Info(struct ndr_pull *ndr, int ndr_flags, break; } case 5: { - uint32_t _ptr_info5; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info5)); if (_ptr_info5) { NDR_PULL_ALLOC(ndr, r->info5); @@ -1846,7 +1929,6 @@ static enum ndr_err_code ndr_pull_dfs_Info(struct ndr_pull *ndr, int ndr_flags, break; } case 6: { - uint32_t _ptr_info6; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info6)); if (_ptr_info6) { NDR_PULL_ALLOC(ndr, r->info6); @@ -1856,7 +1938,6 @@ static enum ndr_err_code ndr_pull_dfs_Info(struct ndr_pull *ndr, int ndr_flags, break; } case 7: { - uint32_t _ptr_info7; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info7)); if (_ptr_info7) { NDR_PULL_ALLOC(ndr, r->info7); @@ -1866,7 +1947,6 @@ static enum ndr_err_code ndr_pull_dfs_Info(struct ndr_pull *ndr, int ndr_flags, break; } case 100: { - uint32_t _ptr_info100; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info100)); if (_ptr_info100) { NDR_PULL_ALLOC(ndr, r->info100); @@ -1876,7 +1956,6 @@ static enum ndr_err_code ndr_pull_dfs_Info(struct ndr_pull *ndr, int ndr_flags, break; } case 101: { - uint32_t _ptr_info101; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info101)); if (_ptr_info101) { NDR_PULL_ALLOC(ndr, r->info101); @@ -1886,7 +1965,6 @@ static enum ndr_err_code ndr_pull_dfs_Info(struct ndr_pull *ndr, int ndr_flags, break; } case 102: { - uint32_t _ptr_info102; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info102)); if (_ptr_info102) { NDR_PULL_ALLOC(ndr, r->info102); @@ -1896,7 +1974,6 @@ static enum ndr_err_code ndr_pull_dfs_Info(struct ndr_pull *ndr, int ndr_flags, break; } case 103: { - uint32_t _ptr_info103; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info103)); if (_ptr_info103) { NDR_PULL_ALLOC(ndr, r->info103); @@ -1906,7 +1983,6 @@ static enum ndr_err_code ndr_pull_dfs_Info(struct ndr_pull *ndr, int ndr_flags, break; } case 104: { - uint32_t _ptr_info104; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info104)); if (_ptr_info104) { NDR_PULL_ALLOC(ndr, r->info104); @@ -1916,7 +1992,6 @@ static enum ndr_err_code ndr_pull_dfs_Info(struct ndr_pull *ndr, int ndr_flags, break; } case 105: { - uint32_t _ptr_info105; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info105)); if (_ptr_info105) { NDR_PULL_ALLOC(ndr, r->info105); @@ -1926,7 +2001,6 @@ static enum ndr_err_code ndr_pull_dfs_Info(struct ndr_pull *ndr, int ndr_flags, break; } case 106: { - uint32_t _ptr_info106; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info106)); if (_ptr_info106) { NDR_PULL_ALLOC(ndr, r->info106); @@ -2255,6 +2329,7 @@ static enum ndr_err_code ndr_push_dfs_EnumArray1(struct ndr_push *ndr, int ndr_f static enum ndr_err_code ndr_pull_dfs_EnumArray1(struct ndr_pull *ndr, int ndr_flags, struct dfs_EnumArray1 *r) { uint32_t _ptr_s; + uint32_t size_s_1 = 0; uint32_t cntr_s_1; TALLOC_CTX *_mem_save_s_0; TALLOC_CTX *_mem_save_s_1; @@ -2274,13 +2349,14 @@ static enum ndr_err_code ndr_pull_dfs_EnumArray1(struct ndr_pull *ndr, int ndr_f _mem_save_s_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->s, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->s)); - NDR_PULL_ALLOC_N(ndr, r->s, ndr_get_array_size(ndr, &r->s)); + size_s_1 = ndr_get_array_size(ndr, &r->s); + NDR_PULL_ALLOC_N(ndr, r->s, size_s_1); _mem_save_s_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->s, 0); - for (cntr_s_1 = 0; cntr_s_1 < r->count; cntr_s_1++) { + for (cntr_s_1 = 0; cntr_s_1 < size_s_1; cntr_s_1++) { NDR_CHECK(ndr_pull_dfs_Info1(ndr, NDR_SCALARS, &r->s[cntr_s_1])); } - for (cntr_s_1 = 0; cntr_s_1 < r->count; cntr_s_1++) { + for (cntr_s_1 = 0; cntr_s_1 < size_s_1; cntr_s_1++) { NDR_CHECK(ndr_pull_dfs_Info1(ndr, NDR_BUFFERS, &r->s[cntr_s_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_s_1, 0); @@ -2343,6 +2419,7 @@ static enum ndr_err_code ndr_push_dfs_EnumArray2(struct ndr_push *ndr, int ndr_f static enum ndr_err_code ndr_pull_dfs_EnumArray2(struct ndr_pull *ndr, int ndr_flags, struct dfs_EnumArray2 *r) { uint32_t _ptr_s; + uint32_t size_s_1 = 0; uint32_t cntr_s_1; TALLOC_CTX *_mem_save_s_0; TALLOC_CTX *_mem_save_s_1; @@ -2362,13 +2439,14 @@ static enum ndr_err_code ndr_pull_dfs_EnumArray2(struct ndr_pull *ndr, int ndr_f _mem_save_s_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->s, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->s)); - NDR_PULL_ALLOC_N(ndr, r->s, ndr_get_array_size(ndr, &r->s)); + size_s_1 = ndr_get_array_size(ndr, &r->s); + NDR_PULL_ALLOC_N(ndr, r->s, size_s_1); _mem_save_s_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->s, 0); - for (cntr_s_1 = 0; cntr_s_1 < r->count; cntr_s_1++) { + for (cntr_s_1 = 0; cntr_s_1 < size_s_1; cntr_s_1++) { NDR_CHECK(ndr_pull_dfs_Info2(ndr, NDR_SCALARS, &r->s[cntr_s_1])); } - for (cntr_s_1 = 0; cntr_s_1 < r->count; cntr_s_1++) { + for (cntr_s_1 = 0; cntr_s_1 < size_s_1; cntr_s_1++) { NDR_CHECK(ndr_pull_dfs_Info2(ndr, NDR_BUFFERS, &r->s[cntr_s_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_s_1, 0); @@ -2431,6 +2509,7 @@ static enum ndr_err_code ndr_push_dfs_EnumArray3(struct ndr_push *ndr, int ndr_f static enum ndr_err_code ndr_pull_dfs_EnumArray3(struct ndr_pull *ndr, int ndr_flags, struct dfs_EnumArray3 *r) { uint32_t _ptr_s; + uint32_t size_s_1 = 0; uint32_t cntr_s_1; TALLOC_CTX *_mem_save_s_0; TALLOC_CTX *_mem_save_s_1; @@ -2450,13 +2529,14 @@ static enum ndr_err_code ndr_pull_dfs_EnumArray3(struct ndr_pull *ndr, int ndr_f _mem_save_s_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->s, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->s)); - NDR_PULL_ALLOC_N(ndr, r->s, ndr_get_array_size(ndr, &r->s)); + size_s_1 = ndr_get_array_size(ndr, &r->s); + NDR_PULL_ALLOC_N(ndr, r->s, size_s_1); _mem_save_s_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->s, 0); - for (cntr_s_1 = 0; cntr_s_1 < r->count; cntr_s_1++) { + for (cntr_s_1 = 0; cntr_s_1 < size_s_1; cntr_s_1++) { NDR_CHECK(ndr_pull_dfs_Info3(ndr, NDR_SCALARS, &r->s[cntr_s_1])); } - for (cntr_s_1 = 0; cntr_s_1 < r->count; cntr_s_1++) { + for (cntr_s_1 = 0; cntr_s_1 < size_s_1; cntr_s_1++) { NDR_CHECK(ndr_pull_dfs_Info3(ndr, NDR_BUFFERS, &r->s[cntr_s_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_s_1, 0); @@ -2519,6 +2599,7 @@ static enum ndr_err_code ndr_push_dfs_EnumArray4(struct ndr_push *ndr, int ndr_f static enum ndr_err_code ndr_pull_dfs_EnumArray4(struct ndr_pull *ndr, int ndr_flags, struct dfs_EnumArray4 *r) { uint32_t _ptr_s; + uint32_t size_s_1 = 0; uint32_t cntr_s_1; TALLOC_CTX *_mem_save_s_0; TALLOC_CTX *_mem_save_s_1; @@ -2538,13 +2619,14 @@ static enum ndr_err_code ndr_pull_dfs_EnumArray4(struct ndr_pull *ndr, int ndr_f _mem_save_s_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->s, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->s)); - NDR_PULL_ALLOC_N(ndr, r->s, ndr_get_array_size(ndr, &r->s)); + size_s_1 = ndr_get_array_size(ndr, &r->s); + NDR_PULL_ALLOC_N(ndr, r->s, size_s_1); _mem_save_s_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->s, 0); - for (cntr_s_1 = 0; cntr_s_1 < r->count; cntr_s_1++) { + for (cntr_s_1 = 0; cntr_s_1 < size_s_1; cntr_s_1++) { NDR_CHECK(ndr_pull_dfs_Info4(ndr, NDR_SCALARS, &r->s[cntr_s_1])); } - for (cntr_s_1 = 0; cntr_s_1 < r->count; cntr_s_1++) { + for (cntr_s_1 = 0; cntr_s_1 < size_s_1; cntr_s_1++) { NDR_CHECK(ndr_pull_dfs_Info4(ndr, NDR_BUFFERS, &r->s[cntr_s_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_s_1, 0); @@ -2607,6 +2689,7 @@ static enum ndr_err_code ndr_push_dfs_EnumArray5(struct ndr_push *ndr, int ndr_f static enum ndr_err_code ndr_pull_dfs_EnumArray5(struct ndr_pull *ndr, int ndr_flags, struct dfs_EnumArray5 *r) { uint32_t _ptr_s; + uint32_t size_s_1 = 0; uint32_t cntr_s_1; TALLOC_CTX *_mem_save_s_0; TALLOC_CTX *_mem_save_s_1; @@ -2626,13 +2709,14 @@ static enum ndr_err_code ndr_pull_dfs_EnumArray5(struct ndr_pull *ndr, int ndr_f _mem_save_s_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->s, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->s)); - NDR_PULL_ALLOC_N(ndr, r->s, ndr_get_array_size(ndr, &r->s)); + size_s_1 = ndr_get_array_size(ndr, &r->s); + NDR_PULL_ALLOC_N(ndr, r->s, size_s_1); _mem_save_s_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->s, 0); - for (cntr_s_1 = 0; cntr_s_1 < r->count; cntr_s_1++) { + for (cntr_s_1 = 0; cntr_s_1 < size_s_1; cntr_s_1++) { NDR_CHECK(ndr_pull_dfs_Info5(ndr, NDR_SCALARS, &r->s[cntr_s_1])); } - for (cntr_s_1 = 0; cntr_s_1 < r->count; cntr_s_1++) { + for (cntr_s_1 = 0; cntr_s_1 < size_s_1; cntr_s_1++) { NDR_CHECK(ndr_pull_dfs_Info5(ndr, NDR_BUFFERS, &r->s[cntr_s_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_s_1, 0); @@ -2695,6 +2779,7 @@ static enum ndr_err_code ndr_push_dfs_EnumArray6(struct ndr_push *ndr, int ndr_f static enum ndr_err_code ndr_pull_dfs_EnumArray6(struct ndr_pull *ndr, int ndr_flags, struct dfs_EnumArray6 *r) { uint32_t _ptr_s; + uint32_t size_s_1 = 0; uint32_t cntr_s_1; TALLOC_CTX *_mem_save_s_0; TALLOC_CTX *_mem_save_s_1; @@ -2714,13 +2799,14 @@ static enum ndr_err_code ndr_pull_dfs_EnumArray6(struct ndr_pull *ndr, int ndr_f _mem_save_s_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->s, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->s)); - NDR_PULL_ALLOC_N(ndr, r->s, ndr_get_array_size(ndr, &r->s)); + size_s_1 = ndr_get_array_size(ndr, &r->s); + NDR_PULL_ALLOC_N(ndr, r->s, size_s_1); _mem_save_s_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->s, 0); - for (cntr_s_1 = 0; cntr_s_1 < r->count; cntr_s_1++) { + for (cntr_s_1 = 0; cntr_s_1 < size_s_1; cntr_s_1++) { NDR_CHECK(ndr_pull_dfs_Info6(ndr, NDR_SCALARS, &r->s[cntr_s_1])); } - for (cntr_s_1 = 0; cntr_s_1 < r->count; cntr_s_1++) { + for (cntr_s_1 = 0; cntr_s_1 < size_s_1; cntr_s_1++) { NDR_CHECK(ndr_pull_dfs_Info6(ndr, NDR_BUFFERS, &r->s[cntr_s_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_s_1, 0); @@ -2783,6 +2869,7 @@ static enum ndr_err_code ndr_push_dfs_EnumArray200(struct ndr_push *ndr, int ndr static enum ndr_err_code ndr_pull_dfs_EnumArray200(struct ndr_pull *ndr, int ndr_flags, struct dfs_EnumArray200 *r) { uint32_t _ptr_s; + uint32_t size_s_1 = 0; uint32_t cntr_s_1; TALLOC_CTX *_mem_save_s_0; TALLOC_CTX *_mem_save_s_1; @@ -2802,13 +2889,14 @@ static enum ndr_err_code ndr_pull_dfs_EnumArray200(struct ndr_pull *ndr, int ndr _mem_save_s_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->s, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->s)); - NDR_PULL_ALLOC_N(ndr, r->s, ndr_get_array_size(ndr, &r->s)); + size_s_1 = ndr_get_array_size(ndr, &r->s); + NDR_PULL_ALLOC_N(ndr, r->s, size_s_1); _mem_save_s_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->s, 0); - for (cntr_s_1 = 0; cntr_s_1 < r->count; cntr_s_1++) { + for (cntr_s_1 = 0; cntr_s_1 < size_s_1; cntr_s_1++) { NDR_CHECK(ndr_pull_dfs_Info200(ndr, NDR_SCALARS, &r->s[cntr_s_1])); } - for (cntr_s_1 = 0; cntr_s_1 < r->count; cntr_s_1++) { + for (cntr_s_1 = 0; cntr_s_1 < size_s_1; cntr_s_1++) { NDR_CHECK(ndr_pull_dfs_Info200(ndr, NDR_BUFFERS, &r->s[cntr_s_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_s_1, 0); @@ -2871,6 +2959,7 @@ static enum ndr_err_code ndr_push_dfs_EnumArray300(struct ndr_push *ndr, int ndr static enum ndr_err_code ndr_pull_dfs_EnumArray300(struct ndr_pull *ndr, int ndr_flags, struct dfs_EnumArray300 *r) { uint32_t _ptr_s; + uint32_t size_s_1 = 0; uint32_t cntr_s_1; TALLOC_CTX *_mem_save_s_0; TALLOC_CTX *_mem_save_s_1; @@ -2890,13 +2979,14 @@ static enum ndr_err_code ndr_pull_dfs_EnumArray300(struct ndr_pull *ndr, int ndr _mem_save_s_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->s, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->s)); - NDR_PULL_ALLOC_N(ndr, r->s, ndr_get_array_size(ndr, &r->s)); + size_s_1 = ndr_get_array_size(ndr, &r->s); + NDR_PULL_ALLOC_N(ndr, r->s, size_s_1); _mem_save_s_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->s, 0); - for (cntr_s_1 = 0; cntr_s_1 < r->count; cntr_s_1++) { + for (cntr_s_1 = 0; cntr_s_1 < size_s_1; cntr_s_1++) { NDR_CHECK(ndr_pull_dfs_Info300(ndr, NDR_SCALARS, &r->s[cntr_s_1])); } - for (cntr_s_1 = 0; cntr_s_1 < r->count; cntr_s_1++) { + for (cntr_s_1 = 0; cntr_s_1 < size_s_1; cntr_s_1++) { NDR_CHECK(ndr_pull_dfs_Info300(ndr, NDR_BUFFERS, &r->s[cntr_s_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_s_1, 0); @@ -3039,13 +3129,21 @@ static enum ndr_err_code ndr_pull_dfs_EnumInfo(struct ndr_pull *ndr, int ndr_fla int level; uint32_t _level; TALLOC_CTX *_mem_save_info1_0; + uint32_t _ptr_info1; TALLOC_CTX *_mem_save_info2_0; + uint32_t _ptr_info2; TALLOC_CTX *_mem_save_info3_0; + uint32_t _ptr_info3; TALLOC_CTX *_mem_save_info4_0; + uint32_t _ptr_info4; TALLOC_CTX *_mem_save_info5_0; + uint32_t _ptr_info5; TALLOC_CTX *_mem_save_info6_0; + uint32_t _ptr_info6; TALLOC_CTX *_mem_save_info200_0; + uint32_t _ptr_info200; TALLOC_CTX *_mem_save_info300_0; + uint32_t _ptr_info300; level = ndr_pull_get_switch_value(ndr, r); if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &_level)); @@ -3055,7 +3153,6 @@ static enum ndr_err_code ndr_pull_dfs_EnumInfo(struct ndr_pull *ndr, int ndr_fla NDR_CHECK(ndr_pull_union_align(ndr, 5)); switch (level) { case 1: { - uint32_t _ptr_info1; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info1)); if (_ptr_info1) { NDR_PULL_ALLOC(ndr, r->info1); @@ -3065,7 +3162,6 @@ static enum ndr_err_code ndr_pull_dfs_EnumInfo(struct ndr_pull *ndr, int ndr_fla break; } case 2: { - uint32_t _ptr_info2; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info2)); if (_ptr_info2) { NDR_PULL_ALLOC(ndr, r->info2); @@ -3075,7 +3171,6 @@ static enum ndr_err_code ndr_pull_dfs_EnumInfo(struct ndr_pull *ndr, int ndr_fla break; } case 3: { - uint32_t _ptr_info3; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info3)); if (_ptr_info3) { NDR_PULL_ALLOC(ndr, r->info3); @@ -3085,7 +3180,6 @@ static enum ndr_err_code ndr_pull_dfs_EnumInfo(struct ndr_pull *ndr, int ndr_fla break; } case 4: { - uint32_t _ptr_info4; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info4)); if (_ptr_info4) { NDR_PULL_ALLOC(ndr, r->info4); @@ -3095,7 +3189,6 @@ static enum ndr_err_code ndr_pull_dfs_EnumInfo(struct ndr_pull *ndr, int ndr_fla break; } case 5: { - uint32_t _ptr_info5; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info5)); if (_ptr_info5) { NDR_PULL_ALLOC(ndr, r->info5); @@ -3105,7 +3198,6 @@ static enum ndr_err_code ndr_pull_dfs_EnumInfo(struct ndr_pull *ndr, int ndr_fla break; } case 6: { - uint32_t _ptr_info6; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info6)); if (_ptr_info6) { NDR_PULL_ALLOC(ndr, r->info6); @@ -3115,7 +3207,6 @@ static enum ndr_err_code ndr_pull_dfs_EnumInfo(struct ndr_pull *ndr, int ndr_fla break; } case 200: { - uint32_t _ptr_info200; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info200)); if (_ptr_info200) { NDR_PULL_ALLOC(ndr, r->info200); @@ -3125,7 +3216,6 @@ static enum ndr_err_code ndr_pull_dfs_EnumInfo(struct ndr_pull *ndr, int ndr_fla break; } case 300: { - uint32_t _ptr_info300; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info300)); if (_ptr_info300) { NDR_PULL_ALLOC(ndr, r->info300); @@ -3364,6 +3454,8 @@ static enum ndr_err_code ndr_push_dfs_UnknownStruct(struct ndr_push *ndr, int nd static enum ndr_err_code ndr_pull_dfs_UnknownStruct(struct ndr_pull *ndr, int ndr_flags, struct dfs_UnknownStruct *r) { uint32_t _ptr_unknown2; + uint32_t size_unknown2_1 = 0; + uint32_t length_unknown2_1 = 0; TALLOC_CTX *_mem_save_unknown2_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 5)); @@ -3382,11 +3474,13 @@ static enum ndr_err_code ndr_pull_dfs_UnknownStruct(struct ndr_pull *ndr, int nd NDR_PULL_SET_MEM_CTX(ndr, r->unknown2, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->unknown2)); NDR_CHECK(ndr_pull_array_length(ndr, &r->unknown2)); - if (ndr_get_array_length(ndr, &r->unknown2) > ndr_get_array_size(ndr, &r->unknown2)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->unknown2), ndr_get_array_length(ndr, &r->unknown2)); + size_unknown2_1 = ndr_get_array_size(ndr, &r->unknown2); + length_unknown2_1 = ndr_get_array_length(ndr, &r->unknown2); + if (length_unknown2_1 > size_unknown2_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_unknown2_1, length_unknown2_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->unknown2), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->unknown2, ndr_get_array_length(ndr, &r->unknown2), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_unknown2_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->unknown2, length_unknown2_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_unknown2_0, 0); } } @@ -3506,25 +3600,37 @@ static enum ndr_err_code ndr_push_dfs_Add(struct ndr_push *ndr, int flags, const static enum ndr_err_code ndr_pull_dfs_Add(struct ndr_pull *ndr, int flags, struct dfs_Add *r) { + uint32_t size_path_1 = 0; + uint32_t length_path_1 = 0; + uint32_t size_server_1 = 0; + uint32_t length_server_1 = 0; uint32_t _ptr_share; + uint32_t size_share_1 = 0; + uint32_t length_share_1 = 0; uint32_t _ptr_comment; + uint32_t size_comment_1 = 0; + uint32_t length_comment_1 = 0; TALLOC_CTX *_mem_save_share_0; TALLOC_CTX *_mem_save_comment_0; if (flags & NDR_IN) { NDR_CHECK(ndr_pull_array_size(ndr, &r->in.path)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.path)); - if (ndr_get_array_length(ndr, &r->in.path) > ndr_get_array_size(ndr, &r->in.path)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.path), ndr_get_array_length(ndr, &r->in.path)); + size_path_1 = ndr_get_array_size(ndr, &r->in.path); + length_path_1 = ndr_get_array_length(ndr, &r->in.path); + if (length_path_1 > size_path_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_path_1, length_path_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.path), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.path, ndr_get_array_length(ndr, &r->in.path), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_path_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.path, length_path_1, sizeof(uint16_t), CH_UTF16)); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.server)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.server)); - if (ndr_get_array_length(ndr, &r->in.server) > ndr_get_array_size(ndr, &r->in.server)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.server), ndr_get_array_length(ndr, &r->in.server)); + size_server_1 = ndr_get_array_size(ndr, &r->in.server); + length_server_1 = ndr_get_array_length(ndr, &r->in.server); + if (length_server_1 > size_server_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_1, length_server_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.server), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server, ndr_get_array_length(ndr, &r->in.server), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server, length_server_1, sizeof(uint16_t), CH_UTF16)); NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_share)); if (_ptr_share) { NDR_PULL_ALLOC(ndr, r->in.share); @@ -3536,11 +3642,13 @@ static enum ndr_err_code ndr_pull_dfs_Add(struct ndr_pull *ndr, int flags, struc NDR_PULL_SET_MEM_CTX(ndr, r->in.share, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.share)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.share)); - if (ndr_get_array_length(ndr, &r->in.share) > ndr_get_array_size(ndr, &r->in.share)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.share), ndr_get_array_length(ndr, &r->in.share)); + size_share_1 = ndr_get_array_size(ndr, &r->in.share); + length_share_1 = ndr_get_array_length(ndr, &r->in.share); + if (length_share_1 > size_share_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_share_1, length_share_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.share), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.share, ndr_get_array_length(ndr, &r->in.share), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_share_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.share, length_share_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_share_0, 0); } NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_comment)); @@ -3554,11 +3662,13 @@ static enum ndr_err_code ndr_pull_dfs_Add(struct ndr_pull *ndr, int flags, struc NDR_PULL_SET_MEM_CTX(ndr, r->in.comment, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.comment)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.comment)); - if (ndr_get_array_length(ndr, &r->in.comment) > ndr_get_array_size(ndr, &r->in.comment)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.comment), ndr_get_array_length(ndr, &r->in.comment)); + size_comment_1 = ndr_get_array_size(ndr, &r->in.comment); + length_comment_1 = ndr_get_array_length(ndr, &r->in.comment); + if (length_comment_1 > size_comment_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_comment_1, length_comment_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.comment), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.comment, ndr_get_array_length(ndr, &r->in.comment), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_comment_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.comment, length_comment_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_comment_0, 0); } NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.flags)); @@ -3644,18 +3754,26 @@ static enum ndr_err_code ndr_push_dfs_Remove(struct ndr_push *ndr, int flags, co static enum ndr_err_code ndr_pull_dfs_Remove(struct ndr_pull *ndr, int flags, struct dfs_Remove *r) { + uint32_t size_dfs_entry_path_1 = 0; + uint32_t length_dfs_entry_path_1 = 0; uint32_t _ptr_servername; + uint32_t size_servername_1 = 0; + uint32_t length_servername_1 = 0; uint32_t _ptr_sharename; + uint32_t size_sharename_1 = 0; + uint32_t length_sharename_1 = 0; TALLOC_CTX *_mem_save_servername_0; TALLOC_CTX *_mem_save_sharename_0; if (flags & NDR_IN) { NDR_CHECK(ndr_pull_array_size(ndr, &r->in.dfs_entry_path)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.dfs_entry_path)); - if (ndr_get_array_length(ndr, &r->in.dfs_entry_path) > ndr_get_array_size(ndr, &r->in.dfs_entry_path)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.dfs_entry_path), ndr_get_array_length(ndr, &r->in.dfs_entry_path)); + size_dfs_entry_path_1 = ndr_get_array_size(ndr, &r->in.dfs_entry_path); + length_dfs_entry_path_1 = ndr_get_array_length(ndr, &r->in.dfs_entry_path); + if (length_dfs_entry_path_1 > size_dfs_entry_path_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_dfs_entry_path_1, length_dfs_entry_path_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.dfs_entry_path), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.dfs_entry_path, ndr_get_array_length(ndr, &r->in.dfs_entry_path), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_dfs_entry_path_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.dfs_entry_path, length_dfs_entry_path_1, sizeof(uint16_t), CH_UTF16)); NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_servername)); if (_ptr_servername) { NDR_PULL_ALLOC(ndr, r->in.servername); @@ -3667,11 +3785,13 @@ static enum ndr_err_code ndr_pull_dfs_Remove(struct ndr_pull *ndr, int flags, st NDR_PULL_SET_MEM_CTX(ndr, r->in.servername, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.servername)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.servername)); - if (ndr_get_array_length(ndr, &r->in.servername) > ndr_get_array_size(ndr, &r->in.servername)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.servername), ndr_get_array_length(ndr, &r->in.servername)); + size_servername_1 = ndr_get_array_size(ndr, &r->in.servername); + length_servername_1 = ndr_get_array_length(ndr, &r->in.servername); + if (length_servername_1 > size_servername_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_servername_1, length_servername_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.servername), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.servername, ndr_get_array_length(ndr, &r->in.servername), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_servername_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.servername, length_servername_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_servername_0, 0); } NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_sharename)); @@ -3685,11 +3805,13 @@ static enum ndr_err_code ndr_pull_dfs_Remove(struct ndr_pull *ndr, int flags, st NDR_PULL_SET_MEM_CTX(ndr, r->in.sharename, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.sharename)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.sharename)); - if (ndr_get_array_length(ndr, &r->in.sharename) > ndr_get_array_size(ndr, &r->in.sharename)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.sharename), ndr_get_array_length(ndr, &r->in.sharename)); + size_sharename_1 = ndr_get_array_size(ndr, &r->in.sharename); + length_sharename_1 = ndr_get_array_length(ndr, &r->in.sharename); + if (length_sharename_1 > size_sharename_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_sharename_1, length_sharename_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.sharename), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.sharename, ndr_get_array_length(ndr, &r->in.sharename), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_sharename_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.sharename, length_sharename_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_sharename_0, 0); } } @@ -3772,19 +3894,27 @@ static enum ndr_err_code ndr_push_dfs_SetInfo(struct ndr_push *ndr, int flags, c static enum ndr_err_code ndr_pull_dfs_SetInfo(struct ndr_pull *ndr, int flags, struct dfs_SetInfo *r) { + uint32_t size_dfs_entry_path_0 = 0; + uint32_t length_dfs_entry_path_0 = 0; uint32_t _ptr_servername; + uint32_t size_servername_1 = 0; + uint32_t length_servername_1 = 0; uint32_t _ptr_sharename; + uint32_t size_sharename_1 = 0; + uint32_t length_sharename_1 = 0; TALLOC_CTX *_mem_save_servername_0; TALLOC_CTX *_mem_save_sharename_0; TALLOC_CTX *_mem_save_info_0; if (flags & NDR_IN) { NDR_CHECK(ndr_pull_array_size(ndr, &r->in.dfs_entry_path)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.dfs_entry_path)); - if (ndr_get_array_length(ndr, &r->in.dfs_entry_path) > ndr_get_array_size(ndr, &r->in.dfs_entry_path)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.dfs_entry_path), ndr_get_array_length(ndr, &r->in.dfs_entry_path)); + size_dfs_entry_path_0 = ndr_get_array_size(ndr, &r->in.dfs_entry_path); + length_dfs_entry_path_0 = ndr_get_array_length(ndr, &r->in.dfs_entry_path); + if (length_dfs_entry_path_0 > size_dfs_entry_path_0) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_dfs_entry_path_0, length_dfs_entry_path_0); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.dfs_entry_path), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.dfs_entry_path, ndr_get_array_length(ndr, &r->in.dfs_entry_path), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_dfs_entry_path_0, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.dfs_entry_path, length_dfs_entry_path_0, sizeof(uint16_t), CH_UTF16)); NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_servername)); if (_ptr_servername) { NDR_PULL_ALLOC(ndr, r->in.servername); @@ -3796,11 +3926,13 @@ static enum ndr_err_code ndr_pull_dfs_SetInfo(struct ndr_pull *ndr, int flags, s NDR_PULL_SET_MEM_CTX(ndr, r->in.servername, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.servername)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.servername)); - if (ndr_get_array_length(ndr, &r->in.servername) > ndr_get_array_size(ndr, &r->in.servername)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.servername), ndr_get_array_length(ndr, &r->in.servername)); + size_servername_1 = ndr_get_array_size(ndr, &r->in.servername); + length_servername_1 = ndr_get_array_length(ndr, &r->in.servername); + if (length_servername_1 > size_servername_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_servername_1, length_servername_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.servername), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.servername, ndr_get_array_length(ndr, &r->in.servername), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_servername_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.servername, length_servername_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_servername_0, 0); } NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_sharename)); @@ -3814,11 +3946,13 @@ static enum ndr_err_code ndr_pull_dfs_SetInfo(struct ndr_pull *ndr, int flags, s NDR_PULL_SET_MEM_CTX(ndr, r->in.sharename, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.sharename)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.sharename)); - if (ndr_get_array_length(ndr, &r->in.sharename) > ndr_get_array_size(ndr, &r->in.sharename)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.sharename), ndr_get_array_length(ndr, &r->in.sharename)); + size_sharename_1 = ndr_get_array_size(ndr, &r->in.sharename); + length_sharename_1 = ndr_get_array_length(ndr, &r->in.sharename); + if (length_sharename_1 > size_sharename_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_sharename_1, length_sharename_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.sharename), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.sharename, ndr_get_array_length(ndr, &r->in.sharename), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_sharename_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.sharename, length_sharename_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_sharename_0, 0); } NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.level)); @@ -3913,8 +4047,14 @@ static enum ndr_err_code ndr_push_dfs_GetInfo(struct ndr_push *ndr, int flags, c static enum ndr_err_code ndr_pull_dfs_GetInfo(struct ndr_pull *ndr, int flags, struct dfs_GetInfo *r) { + uint32_t size_dfs_entry_path_0 = 0; + uint32_t length_dfs_entry_path_0 = 0; uint32_t _ptr_servername; + uint32_t size_servername_1 = 0; + uint32_t length_servername_1 = 0; uint32_t _ptr_sharename; + uint32_t size_sharename_1 = 0; + uint32_t length_sharename_1 = 0; TALLOC_CTX *_mem_save_servername_0; TALLOC_CTX *_mem_save_sharename_0; TALLOC_CTX *_mem_save_info_0; @@ -3923,11 +4063,13 @@ static enum ndr_err_code ndr_pull_dfs_GetInfo(struct ndr_pull *ndr, int flags, s NDR_CHECK(ndr_pull_array_size(ndr, &r->in.dfs_entry_path)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.dfs_entry_path)); - if (ndr_get_array_length(ndr, &r->in.dfs_entry_path) > ndr_get_array_size(ndr, &r->in.dfs_entry_path)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.dfs_entry_path), ndr_get_array_length(ndr, &r->in.dfs_entry_path)); + size_dfs_entry_path_0 = ndr_get_array_size(ndr, &r->in.dfs_entry_path); + length_dfs_entry_path_0 = ndr_get_array_length(ndr, &r->in.dfs_entry_path); + if (length_dfs_entry_path_0 > size_dfs_entry_path_0) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_dfs_entry_path_0, length_dfs_entry_path_0); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.dfs_entry_path), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.dfs_entry_path, ndr_get_array_length(ndr, &r->in.dfs_entry_path), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_dfs_entry_path_0, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.dfs_entry_path, length_dfs_entry_path_0, sizeof(uint16_t), CH_UTF16)); NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_servername)); if (_ptr_servername) { NDR_PULL_ALLOC(ndr, r->in.servername); @@ -3939,11 +4081,13 @@ static enum ndr_err_code ndr_pull_dfs_GetInfo(struct ndr_pull *ndr, int flags, s NDR_PULL_SET_MEM_CTX(ndr, r->in.servername, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.servername)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.servername)); - if (ndr_get_array_length(ndr, &r->in.servername) > ndr_get_array_size(ndr, &r->in.servername)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.servername), ndr_get_array_length(ndr, &r->in.servername)); + size_servername_1 = ndr_get_array_size(ndr, &r->in.servername); + length_servername_1 = ndr_get_array_length(ndr, &r->in.servername); + if (length_servername_1 > size_servername_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_servername_1, length_servername_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.servername), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.servername, ndr_get_array_length(ndr, &r->in.servername), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_servername_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.servername, length_servername_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_servername_0, 0); } NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_sharename)); @@ -3957,11 +4101,13 @@ static enum ndr_err_code ndr_pull_dfs_GetInfo(struct ndr_pull *ndr, int flags, s NDR_PULL_SET_MEM_CTX(ndr, r->in.sharename, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.sharename)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.sharename)); - if (ndr_get_array_length(ndr, &r->in.sharename) > ndr_get_array_size(ndr, &r->in.sharename)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.sharename), ndr_get_array_length(ndr, &r->in.sharename)); + size_sharename_1 = ndr_get_array_size(ndr, &r->in.sharename); + length_sharename_1 = ndr_get_array_length(ndr, &r->in.sharename); + if (length_sharename_1 > size_sharename_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_sharename_1, length_sharename_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.sharename), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.sharename, ndr_get_array_length(ndr, &r->in.sharename), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_sharename_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.sharename, length_sharename_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_sharename_0, 0); } NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.level)); @@ -4379,6 +4525,18 @@ static enum ndr_err_code ndr_push_dfs_AddFtRoot(struct ndr_push *ndr, int flags, static enum ndr_err_code ndr_pull_dfs_AddFtRoot(struct ndr_pull *ndr, int flags, struct dfs_AddFtRoot *r) { + uint32_t size_servername_0 = 0; + uint32_t length_servername_0 = 0; + uint32_t size_dns_servername_0 = 0; + uint32_t length_dns_servername_0 = 0; + uint32_t size_dfsname_0 = 0; + uint32_t length_dfsname_0 = 0; + uint32_t size_rootshare_0 = 0; + uint32_t length_rootshare_0 = 0; + uint32_t size_comment_0 = 0; + uint32_t length_comment_0 = 0; + uint32_t size_dfs_config_dn_0 = 0; + uint32_t length_dfs_config_dn_0 = 0; uint32_t _ptr_unknown2; TALLOC_CTX *_mem_save_unknown2_0; TALLOC_CTX *_mem_save_unknown2_1; @@ -4387,46 +4545,58 @@ static enum ndr_err_code ndr_pull_dfs_AddFtRoot(struct ndr_pull *ndr, int flags, NDR_CHECK(ndr_pull_array_size(ndr, &r->in.servername)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.servername)); - if (ndr_get_array_length(ndr, &r->in.servername) > ndr_get_array_size(ndr, &r->in.servername)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.servername), ndr_get_array_length(ndr, &r->in.servername)); + size_servername_0 = ndr_get_array_size(ndr, &r->in.servername); + length_servername_0 = ndr_get_array_length(ndr, &r->in.servername); + if (length_servername_0 > size_servername_0) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_servername_0, length_servername_0); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.servername), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.servername, ndr_get_array_length(ndr, &r->in.servername), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_servername_0, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.servername, length_servername_0, sizeof(uint16_t), CH_UTF16)); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.dns_servername)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.dns_servername)); - if (ndr_get_array_length(ndr, &r->in.dns_servername) > ndr_get_array_size(ndr, &r->in.dns_servername)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.dns_servername), ndr_get_array_length(ndr, &r->in.dns_servername)); + size_dns_servername_0 = ndr_get_array_size(ndr, &r->in.dns_servername); + length_dns_servername_0 = ndr_get_array_length(ndr, &r->in.dns_servername); + if (length_dns_servername_0 > size_dns_servername_0) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_dns_servername_0, length_dns_servername_0); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.dns_servername), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.dns_servername, ndr_get_array_length(ndr, &r->in.dns_servername), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_dns_servername_0, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.dns_servername, length_dns_servername_0, sizeof(uint16_t), CH_UTF16)); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.dfsname)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.dfsname)); - if (ndr_get_array_length(ndr, &r->in.dfsname) > ndr_get_array_size(ndr, &r->in.dfsname)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.dfsname), ndr_get_array_length(ndr, &r->in.dfsname)); + size_dfsname_0 = ndr_get_array_size(ndr, &r->in.dfsname); + length_dfsname_0 = ndr_get_array_length(ndr, &r->in.dfsname); + if (length_dfsname_0 > size_dfsname_0) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_dfsname_0, length_dfsname_0); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.dfsname), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.dfsname, ndr_get_array_length(ndr, &r->in.dfsname), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_dfsname_0, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.dfsname, length_dfsname_0, sizeof(uint16_t), CH_UTF16)); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.rootshare)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.rootshare)); - if (ndr_get_array_length(ndr, &r->in.rootshare) > ndr_get_array_size(ndr, &r->in.rootshare)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.rootshare), ndr_get_array_length(ndr, &r->in.rootshare)); + size_rootshare_0 = ndr_get_array_size(ndr, &r->in.rootshare); + length_rootshare_0 = ndr_get_array_length(ndr, &r->in.rootshare); + if (length_rootshare_0 > size_rootshare_0) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_rootshare_0, length_rootshare_0); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.rootshare), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.rootshare, ndr_get_array_length(ndr, &r->in.rootshare), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_rootshare_0, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.rootshare, length_rootshare_0, sizeof(uint16_t), CH_UTF16)); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.comment)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.comment)); - if (ndr_get_array_length(ndr, &r->in.comment) > ndr_get_array_size(ndr, &r->in.comment)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.comment), ndr_get_array_length(ndr, &r->in.comment)); + size_comment_0 = ndr_get_array_size(ndr, &r->in.comment); + length_comment_0 = ndr_get_array_length(ndr, &r->in.comment); + if (length_comment_0 > size_comment_0) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_comment_0, length_comment_0); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.comment), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.comment, ndr_get_array_length(ndr, &r->in.comment), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_comment_0, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.comment, length_comment_0, sizeof(uint16_t), CH_UTF16)); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.dfs_config_dn)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.dfs_config_dn)); - if (ndr_get_array_length(ndr, &r->in.dfs_config_dn) > ndr_get_array_size(ndr, &r->in.dfs_config_dn)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.dfs_config_dn), ndr_get_array_length(ndr, &r->in.dfs_config_dn)); + size_dfs_config_dn_0 = ndr_get_array_size(ndr, &r->in.dfs_config_dn); + length_dfs_config_dn_0 = ndr_get_array_length(ndr, &r->in.dfs_config_dn); + if (length_dfs_config_dn_0 > size_dfs_config_dn_0) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_dfs_config_dn_0, length_dfs_config_dn_0); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.dfs_config_dn), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.dfs_config_dn, ndr_get_array_length(ndr, &r->in.dfs_config_dn), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_dfs_config_dn_0, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.dfs_config_dn, length_dfs_config_dn_0, sizeof(uint16_t), CH_UTF16)); NDR_CHECK(ndr_pull_uint8(ndr, NDR_SCALARS, &r->in.unknown1)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.flags)); NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_unknown2)); @@ -4576,6 +4746,14 @@ static enum ndr_err_code ndr_push_dfs_RemoveFtRoot(struct ndr_push *ndr, int fla static enum ndr_err_code ndr_pull_dfs_RemoveFtRoot(struct ndr_pull *ndr, int flags, struct dfs_RemoveFtRoot *r) { + uint32_t size_servername_0 = 0; + uint32_t length_servername_0 = 0; + uint32_t size_dns_servername_0 = 0; + uint32_t length_dns_servername_0 = 0; + uint32_t size_dfsname_0 = 0; + uint32_t length_dfsname_0 = 0; + uint32_t size_rootshare_0 = 0; + uint32_t length_rootshare_0 = 0; uint32_t _ptr_unknown; TALLOC_CTX *_mem_save_unknown_0; TALLOC_CTX *_mem_save_unknown_1; @@ -4584,32 +4762,40 @@ static enum ndr_err_code ndr_pull_dfs_RemoveFtRoot(struct ndr_pull *ndr, int fla NDR_CHECK(ndr_pull_array_size(ndr, &r->in.servername)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.servername)); - if (ndr_get_array_length(ndr, &r->in.servername) > ndr_get_array_size(ndr, &r->in.servername)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.servername), ndr_get_array_length(ndr, &r->in.servername)); + size_servername_0 = ndr_get_array_size(ndr, &r->in.servername); + length_servername_0 = ndr_get_array_length(ndr, &r->in.servername); + if (length_servername_0 > size_servername_0) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_servername_0, length_servername_0); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.servername), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.servername, ndr_get_array_length(ndr, &r->in.servername), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_servername_0, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.servername, length_servername_0, sizeof(uint16_t), CH_UTF16)); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.dns_servername)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.dns_servername)); - if (ndr_get_array_length(ndr, &r->in.dns_servername) > ndr_get_array_size(ndr, &r->in.dns_servername)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.dns_servername), ndr_get_array_length(ndr, &r->in.dns_servername)); + size_dns_servername_0 = ndr_get_array_size(ndr, &r->in.dns_servername); + length_dns_servername_0 = ndr_get_array_length(ndr, &r->in.dns_servername); + if (length_dns_servername_0 > size_dns_servername_0) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_dns_servername_0, length_dns_servername_0); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.dns_servername), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.dns_servername, ndr_get_array_length(ndr, &r->in.dns_servername), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_dns_servername_0, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.dns_servername, length_dns_servername_0, sizeof(uint16_t), CH_UTF16)); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.dfsname)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.dfsname)); - if (ndr_get_array_length(ndr, &r->in.dfsname) > ndr_get_array_size(ndr, &r->in.dfsname)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.dfsname), ndr_get_array_length(ndr, &r->in.dfsname)); + size_dfsname_0 = ndr_get_array_size(ndr, &r->in.dfsname); + length_dfsname_0 = ndr_get_array_length(ndr, &r->in.dfsname); + if (length_dfsname_0 > size_dfsname_0) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_dfsname_0, length_dfsname_0); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.dfsname), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.dfsname, ndr_get_array_length(ndr, &r->in.dfsname), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_dfsname_0, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.dfsname, length_dfsname_0, sizeof(uint16_t), CH_UTF16)); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.rootshare)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.rootshare)); - if (ndr_get_array_length(ndr, &r->in.rootshare) > ndr_get_array_size(ndr, &r->in.rootshare)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.rootshare), ndr_get_array_length(ndr, &r->in.rootshare)); + size_rootshare_0 = ndr_get_array_size(ndr, &r->in.rootshare); + length_rootshare_0 = ndr_get_array_length(ndr, &r->in.rootshare); + if (length_rootshare_0 > size_rootshare_0) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_rootshare_0, length_rootshare_0); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.rootshare), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.rootshare, ndr_get_array_length(ndr, &r->in.rootshare), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_rootshare_0, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.rootshare, length_rootshare_0, sizeof(uint16_t), CH_UTF16)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.flags)); NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_unknown)); if (_ptr_unknown) { @@ -4737,28 +4923,40 @@ static enum ndr_err_code ndr_push_dfs_AddStdRoot(struct ndr_push *ndr, int flags static enum ndr_err_code ndr_pull_dfs_AddStdRoot(struct ndr_pull *ndr, int flags, struct dfs_AddStdRoot *r) { + uint32_t size_servername_0 = 0; + uint32_t length_servername_0 = 0; + uint32_t size_rootshare_0 = 0; + uint32_t length_rootshare_0 = 0; + uint32_t size_comment_0 = 0; + uint32_t length_comment_0 = 0; if (flags & NDR_IN) { NDR_CHECK(ndr_pull_array_size(ndr, &r->in.servername)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.servername)); - if (ndr_get_array_length(ndr, &r->in.servername) > ndr_get_array_size(ndr, &r->in.servername)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.servername), ndr_get_array_length(ndr, &r->in.servername)); + size_servername_0 = ndr_get_array_size(ndr, &r->in.servername); + length_servername_0 = ndr_get_array_length(ndr, &r->in.servername); + if (length_servername_0 > size_servername_0) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_servername_0, length_servername_0); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.servername), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.servername, ndr_get_array_length(ndr, &r->in.servername), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_servername_0, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.servername, length_servername_0, sizeof(uint16_t), CH_UTF16)); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.rootshare)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.rootshare)); - if (ndr_get_array_length(ndr, &r->in.rootshare) > ndr_get_array_size(ndr, &r->in.rootshare)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.rootshare), ndr_get_array_length(ndr, &r->in.rootshare)); + size_rootshare_0 = ndr_get_array_size(ndr, &r->in.rootshare); + length_rootshare_0 = ndr_get_array_length(ndr, &r->in.rootshare); + if (length_rootshare_0 > size_rootshare_0) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_rootshare_0, length_rootshare_0); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.rootshare), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.rootshare, ndr_get_array_length(ndr, &r->in.rootshare), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_rootshare_0, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.rootshare, length_rootshare_0, sizeof(uint16_t), CH_UTF16)); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.comment)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.comment)); - if (ndr_get_array_length(ndr, &r->in.comment) > ndr_get_array_size(ndr, &r->in.comment)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.comment), ndr_get_array_length(ndr, &r->in.comment)); + size_comment_0 = ndr_get_array_size(ndr, &r->in.comment); + length_comment_0 = ndr_get_array_length(ndr, &r->in.comment); + if (length_comment_0 > size_comment_0) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_comment_0, length_comment_0); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.comment), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.comment, ndr_get_array_length(ndr, &r->in.comment), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_comment_0, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.comment, length_comment_0, sizeof(uint16_t), CH_UTF16)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.flags)); } if (flags & NDR_OUT) { @@ -4813,21 +5011,29 @@ static enum ndr_err_code ndr_push_dfs_RemoveStdRoot(struct ndr_push *ndr, int fl static enum ndr_err_code ndr_pull_dfs_RemoveStdRoot(struct ndr_pull *ndr, int flags, struct dfs_RemoveStdRoot *r) { + uint32_t size_servername_0 = 0; + uint32_t length_servername_0 = 0; + uint32_t size_rootshare_0 = 0; + uint32_t length_rootshare_0 = 0; if (flags & NDR_IN) { NDR_CHECK(ndr_pull_array_size(ndr, &r->in.servername)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.servername)); - if (ndr_get_array_length(ndr, &r->in.servername) > ndr_get_array_size(ndr, &r->in.servername)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.servername), ndr_get_array_length(ndr, &r->in.servername)); + size_servername_0 = ndr_get_array_size(ndr, &r->in.servername); + length_servername_0 = ndr_get_array_length(ndr, &r->in.servername); + if (length_servername_0 > size_servername_0) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_servername_0, length_servername_0); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.servername), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.servername, ndr_get_array_length(ndr, &r->in.servername), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_servername_0, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.servername, length_servername_0, sizeof(uint16_t), CH_UTF16)); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.rootshare)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.rootshare)); - if (ndr_get_array_length(ndr, &r->in.rootshare) > ndr_get_array_size(ndr, &r->in.rootshare)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.rootshare), ndr_get_array_length(ndr, &r->in.rootshare)); + size_rootshare_0 = ndr_get_array_size(ndr, &r->in.rootshare); + length_rootshare_0 = ndr_get_array_length(ndr, &r->in.rootshare); + if (length_rootshare_0 > size_rootshare_0) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_rootshare_0, length_rootshare_0); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.rootshare), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.rootshare, ndr_get_array_length(ndr, &r->in.rootshare), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_rootshare_0, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.rootshare, length_rootshare_0, sizeof(uint16_t), CH_UTF16)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.flags)); } if (flags & NDR_OUT) { @@ -4880,14 +5086,18 @@ static enum ndr_err_code ndr_push_dfs_ManagerInitialize(struct ndr_push *ndr, in static enum ndr_err_code ndr_pull_dfs_ManagerInitialize(struct ndr_pull *ndr, int flags, struct dfs_ManagerInitialize *r) { + uint32_t size_servername_1 = 0; + uint32_t length_servername_1 = 0; if (flags & NDR_IN) { NDR_CHECK(ndr_pull_array_size(ndr, &r->in.servername)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.servername)); - if (ndr_get_array_length(ndr, &r->in.servername) > ndr_get_array_size(ndr, &r->in.servername)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.servername), ndr_get_array_length(ndr, &r->in.servername)); + size_servername_1 = ndr_get_array_size(ndr, &r->in.servername); + length_servername_1 = ndr_get_array_length(ndr, &r->in.servername); + if (length_servername_1 > size_servername_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_servername_1, length_servername_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.servername), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.servername, ndr_get_array_length(ndr, &r->in.servername), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_servername_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.servername, length_servername_1, sizeof(uint16_t), CH_UTF16)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.flags)); } if (flags & NDR_OUT) { @@ -4950,35 +5160,51 @@ static enum ndr_err_code ndr_push_dfs_AddStdRootForced(struct ndr_push *ndr, int static enum ndr_err_code ndr_pull_dfs_AddStdRootForced(struct ndr_pull *ndr, int flags, struct dfs_AddStdRootForced *r) { + uint32_t size_servername_0 = 0; + uint32_t length_servername_0 = 0; + uint32_t size_rootshare_0 = 0; + uint32_t length_rootshare_0 = 0; + uint32_t size_comment_0 = 0; + uint32_t length_comment_0 = 0; + uint32_t size_store_0 = 0; + uint32_t length_store_0 = 0; if (flags & NDR_IN) { NDR_CHECK(ndr_pull_array_size(ndr, &r->in.servername)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.servername)); - if (ndr_get_array_length(ndr, &r->in.servername) > ndr_get_array_size(ndr, &r->in.servername)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.servername), ndr_get_array_length(ndr, &r->in.servername)); + size_servername_0 = ndr_get_array_size(ndr, &r->in.servername); + length_servername_0 = ndr_get_array_length(ndr, &r->in.servername); + if (length_servername_0 > size_servername_0) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_servername_0, length_servername_0); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.servername), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.servername, ndr_get_array_length(ndr, &r->in.servername), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_servername_0, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.servername, length_servername_0, sizeof(uint16_t), CH_UTF16)); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.rootshare)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.rootshare)); - if (ndr_get_array_length(ndr, &r->in.rootshare) > ndr_get_array_size(ndr, &r->in.rootshare)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.rootshare), ndr_get_array_length(ndr, &r->in.rootshare)); + size_rootshare_0 = ndr_get_array_size(ndr, &r->in.rootshare); + length_rootshare_0 = ndr_get_array_length(ndr, &r->in.rootshare); + if (length_rootshare_0 > size_rootshare_0) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_rootshare_0, length_rootshare_0); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.rootshare), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.rootshare, ndr_get_array_length(ndr, &r->in.rootshare), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_rootshare_0, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.rootshare, length_rootshare_0, sizeof(uint16_t), CH_UTF16)); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.comment)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.comment)); - if (ndr_get_array_length(ndr, &r->in.comment) > ndr_get_array_size(ndr, &r->in.comment)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.comment), ndr_get_array_length(ndr, &r->in.comment)); + size_comment_0 = ndr_get_array_size(ndr, &r->in.comment); + length_comment_0 = ndr_get_array_length(ndr, &r->in.comment); + if (length_comment_0 > size_comment_0) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_comment_0, length_comment_0); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.comment), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.comment, ndr_get_array_length(ndr, &r->in.comment), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_comment_0, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.comment, length_comment_0, sizeof(uint16_t), CH_UTF16)); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.store)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.store)); - if (ndr_get_array_length(ndr, &r->in.store) > ndr_get_array_size(ndr, &r->in.store)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.store), ndr_get_array_length(ndr, &r->in.store)); + size_store_0 = ndr_get_array_size(ndr, &r->in.store); + length_store_0 = ndr_get_array_length(ndr, &r->in.store); + if (length_store_0 > size_store_0) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_store_0, length_store_0); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.store), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.store, ndr_get_array_length(ndr, &r->in.store), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_store_0, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.store, length_store_0, sizeof(uint16_t), CH_UTF16)); } if (flags & NDR_OUT) { NDR_CHECK(ndr_pull_WERROR(ndr, NDR_SCALARS, &r->out.result)); @@ -5063,7 +5289,11 @@ static enum ndr_err_code ndr_push_dfs_GetDcAddress(struct ndr_push *ndr, int fla static enum ndr_err_code ndr_pull_dfs_GetDcAddress(struct ndr_pull *ndr, int flags, struct dfs_GetDcAddress *r) { + uint32_t size_servername_0 = 0; + uint32_t length_servername_0 = 0; uint32_t _ptr_server_fullname; + uint32_t size_server_fullname_2 = 0; + uint32_t length_server_fullname_2 = 0; TALLOC_CTX *_mem_save_server_fullname_0; TALLOC_CTX *_mem_save_server_fullname_1; TALLOC_CTX *_mem_save_is_root_0; @@ -5073,11 +5303,13 @@ static enum ndr_err_code ndr_pull_dfs_GetDcAddress(struct ndr_pull *ndr, int fla NDR_CHECK(ndr_pull_array_size(ndr, &r->in.servername)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.servername)); - if (ndr_get_array_length(ndr, &r->in.servername) > ndr_get_array_size(ndr, &r->in.servername)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.servername), ndr_get_array_length(ndr, &r->in.servername)); + size_servername_0 = ndr_get_array_size(ndr, &r->in.servername); + length_servername_0 = ndr_get_array_length(ndr, &r->in.servername); + if (length_servername_0 > size_servername_0) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_servername_0, length_servername_0); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.servername), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.servername, ndr_get_array_length(ndr, &r->in.servername), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_servername_0, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.servername, length_servername_0, sizeof(uint16_t), CH_UTF16)); if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) { NDR_PULL_ALLOC(ndr, r->in.server_fullname); } @@ -5094,11 +5326,13 @@ static enum ndr_err_code ndr_pull_dfs_GetDcAddress(struct ndr_pull *ndr, int fla NDR_PULL_SET_MEM_CTX(ndr, *r->in.server_fullname, 0); NDR_CHECK(ndr_pull_array_size(ndr, r->in.server_fullname)); NDR_CHECK(ndr_pull_array_length(ndr, r->in.server_fullname)); - if (ndr_get_array_length(ndr, r->in.server_fullname) > ndr_get_array_size(ndr, r->in.server_fullname)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, r->in.server_fullname), ndr_get_array_length(ndr, r->in.server_fullname)); + size_server_fullname_2 = ndr_get_array_size(ndr, r->in.server_fullname); + length_server_fullname_2 = ndr_get_array_length(ndr, r->in.server_fullname); + if (length_server_fullname_2 > size_server_fullname_2) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_fullname_2, length_server_fullname_2); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, r->in.server_fullname), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, r->in.server_fullname, ndr_get_array_length(ndr, r->in.server_fullname), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_fullname_2, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, r->in.server_fullname, length_server_fullname_2, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_fullname_1, 0); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_fullname_0, LIBNDR_FLAG_REF_ALLOC); @@ -5140,11 +5374,13 @@ static enum ndr_err_code ndr_pull_dfs_GetDcAddress(struct ndr_pull *ndr, int fla NDR_PULL_SET_MEM_CTX(ndr, *r->out.server_fullname, 0); NDR_CHECK(ndr_pull_array_size(ndr, r->out.server_fullname)); NDR_CHECK(ndr_pull_array_length(ndr, r->out.server_fullname)); - if (ndr_get_array_length(ndr, r->out.server_fullname) > ndr_get_array_size(ndr, r->out.server_fullname)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, r->out.server_fullname), ndr_get_array_length(ndr, r->out.server_fullname)); + size_server_fullname_2 = ndr_get_array_size(ndr, r->out.server_fullname); + length_server_fullname_2 = ndr_get_array_length(ndr, r->out.server_fullname); + if (length_server_fullname_2 > size_server_fullname_2) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_fullname_2, length_server_fullname_2); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, r->out.server_fullname), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, r->out.server_fullname, ndr_get_array_length(ndr, r->out.server_fullname), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_fullname_2, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, r->out.server_fullname, length_server_fullname_2, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_fullname_1, 0); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_fullname_0, LIBNDR_FLAG_REF_ALLOC); @@ -5245,21 +5481,29 @@ static enum ndr_err_code ndr_push_dfs_SetDcAddress(struct ndr_push *ndr, int fla static enum ndr_err_code ndr_pull_dfs_SetDcAddress(struct ndr_pull *ndr, int flags, struct dfs_SetDcAddress *r) { + uint32_t size_servername_0 = 0; + uint32_t length_servername_0 = 0; + uint32_t size_server_fullname_0 = 0; + uint32_t length_server_fullname_0 = 0; if (flags & NDR_IN) { NDR_CHECK(ndr_pull_array_size(ndr, &r->in.servername)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.servername)); - if (ndr_get_array_length(ndr, &r->in.servername) > ndr_get_array_size(ndr, &r->in.servername)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.servername), ndr_get_array_length(ndr, &r->in.servername)); + size_servername_0 = ndr_get_array_size(ndr, &r->in.servername); + length_servername_0 = ndr_get_array_length(ndr, &r->in.servername); + if (length_servername_0 > size_servername_0) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_servername_0, length_servername_0); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.servername), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.servername, ndr_get_array_length(ndr, &r->in.servername), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_servername_0, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.servername, length_servername_0, sizeof(uint16_t), CH_UTF16)); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.server_fullname)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.server_fullname)); - if (ndr_get_array_length(ndr, &r->in.server_fullname) > ndr_get_array_size(ndr, &r->in.server_fullname)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.server_fullname), ndr_get_array_length(ndr, &r->in.server_fullname)); + size_server_fullname_0 = ndr_get_array_size(ndr, &r->in.server_fullname); + length_server_fullname_0 = ndr_get_array_length(ndr, &r->in.server_fullname); + if (length_server_fullname_0 > size_server_fullname_0) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_fullname_0, length_server_fullname_0); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.server_fullname), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_fullname, ndr_get_array_length(ndr, &r->in.server_fullname), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_fullname_0, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_fullname, length_server_fullname_0, sizeof(uint16_t), CH_UTF16)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.flags)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.ttl)); } @@ -5314,21 +5558,29 @@ static enum ndr_err_code ndr_push_dfs_FlushFtTable(struct ndr_push *ndr, int fla static enum ndr_err_code ndr_pull_dfs_FlushFtTable(struct ndr_pull *ndr, int flags, struct dfs_FlushFtTable *r) { + uint32_t size_servername_0 = 0; + uint32_t length_servername_0 = 0; + uint32_t size_rootshare_0 = 0; + uint32_t length_rootshare_0 = 0; if (flags & NDR_IN) { NDR_CHECK(ndr_pull_array_size(ndr, &r->in.servername)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.servername)); - if (ndr_get_array_length(ndr, &r->in.servername) > ndr_get_array_size(ndr, &r->in.servername)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.servername), ndr_get_array_length(ndr, &r->in.servername)); + size_servername_0 = ndr_get_array_size(ndr, &r->in.servername); + length_servername_0 = ndr_get_array_length(ndr, &r->in.servername); + if (length_servername_0 > size_servername_0) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_servername_0, length_servername_0); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.servername), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.servername, ndr_get_array_length(ndr, &r->in.servername), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_servername_0, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.servername, length_servername_0, sizeof(uint16_t), CH_UTF16)); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.rootshare)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.rootshare)); - if (ndr_get_array_length(ndr, &r->in.rootshare) > ndr_get_array_size(ndr, &r->in.rootshare)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.rootshare), ndr_get_array_length(ndr, &r->in.rootshare)); + size_rootshare_0 = ndr_get_array_size(ndr, &r->in.rootshare); + length_rootshare_0 = ndr_get_array_length(ndr, &r->in.rootshare); + if (length_rootshare_0 > size_rootshare_0) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_rootshare_0, length_rootshare_0); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.rootshare), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.rootshare, ndr_get_array_length(ndr, &r->in.rootshare), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_rootshare_0, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.rootshare, length_rootshare_0, sizeof(uint16_t), CH_UTF16)); } if (flags & NDR_OUT) { NDR_CHECK(ndr_pull_WERROR(ndr, NDR_SCALARS, &r->out.result)); @@ -5475,6 +5727,8 @@ _PUBLIC_ enum ndr_err_code ndr_push_dfs_EnumEx(struct ndr_push *ndr, int flags, _PUBLIC_ enum ndr_err_code ndr_pull_dfs_EnumEx(struct ndr_pull *ndr, int flags, struct dfs_EnumEx *r) { + uint32_t size_dfs_name_0 = 0; + uint32_t length_dfs_name_0 = 0; uint32_t _ptr_info; uint32_t _ptr_total; TALLOC_CTX *_mem_save_info_0; @@ -5484,11 +5738,13 @@ _PUBLIC_ enum ndr_err_code ndr_pull_dfs_EnumEx(struct ndr_pull *ndr, int flags, NDR_CHECK(ndr_pull_array_size(ndr, &r->in.dfs_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.dfs_name)); - if (ndr_get_array_length(ndr, &r->in.dfs_name) > ndr_get_array_size(ndr, &r->in.dfs_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.dfs_name), ndr_get_array_length(ndr, &r->in.dfs_name)); + size_dfs_name_0 = ndr_get_array_size(ndr, &r->in.dfs_name); + length_dfs_name_0 = ndr_get_array_length(ndr, &r->in.dfs_name); + if (length_dfs_name_0 > size_dfs_name_0) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_dfs_name_0, length_dfs_name_0); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.dfs_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.dfs_name, ndr_get_array_length(ndr, &r->in.dfs_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_dfs_name_0, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.dfs_name, length_dfs_name_0, sizeof(uint16_t), CH_UTF16)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.level)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.bufsize)); NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info)); diff --git a/librpc/gen_ndr/ndr_drsblobs.c b/librpc/gen_ndr/ndr_drsblobs.c index 948fdc5..a675706 100644 --- a/librpc/gen_ndr/ndr_drsblobs.c +++ b/librpc/gen_ndr/ndr_drsblobs.c @@ -73,16 +73,18 @@ static enum ndr_err_code ndr_push_replPropertyMetaDataCtr1(struct ndr_push *ndr, static enum ndr_err_code ndr_pull_replPropertyMetaDataCtr1(struct ndr_pull *ndr, int ndr_flags, struct replPropertyMetaDataCtr1 *r) { + uint32_t size_array_0 = 0; uint32_t cntr_array_0; TALLOC_CTX *_mem_save_array_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 8)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->count)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->reserved)); - NDR_PULL_ALLOC_N(ndr, r->array, r->count); + size_array_0 = r->count; + NDR_PULL_ALLOC_N(ndr, r->array, size_array_0); _mem_save_array_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); - for (cntr_array_0 = 0; cntr_array_0 < r->count; cntr_array_0++) { + for (cntr_array_0 = 0; cntr_array_0 < size_array_0; cntr_array_0++) { NDR_CHECK(ndr_pull_replPropertyMetaData1(ndr, NDR_SCALARS, &r->array[cntr_array_0])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_array_0, 0); @@ -242,16 +244,18 @@ static enum ndr_err_code ndr_push_replUpToDateVectorCtr1(struct ndr_push *ndr, i static enum ndr_err_code ndr_pull_replUpToDateVectorCtr1(struct ndr_pull *ndr, int ndr_flags, struct replUpToDateVectorCtr1 *r) { + uint32_t size_cursors_0 = 0; uint32_t cntr_cursors_0; TALLOC_CTX *_mem_save_cursors_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 8)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->count)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->reserved)); - NDR_PULL_ALLOC_N(ndr, r->cursors, r->count); + size_cursors_0 = r->count; + NDR_PULL_ALLOC_N(ndr, r->cursors, size_cursors_0); _mem_save_cursors_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->cursors, 0); - for (cntr_cursors_0 = 0; cntr_cursors_0 < r->count; cntr_cursors_0++) { + for (cntr_cursors_0 = 0; cntr_cursors_0 < size_cursors_0; cntr_cursors_0++) { NDR_CHECK(ndr_pull_drsuapi_DsReplicaCursor(ndr, NDR_SCALARS, &r->cursors[cntr_cursors_0])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_cursors_0, 0); @@ -301,16 +305,18 @@ static enum ndr_err_code ndr_push_replUpToDateVectorCtr2(struct ndr_push *ndr, i static enum ndr_err_code ndr_pull_replUpToDateVectorCtr2(struct ndr_pull *ndr, int ndr_flags, struct replUpToDateVectorCtr2 *r) { + uint32_t size_cursors_0 = 0; uint32_t cntr_cursors_0; TALLOC_CTX *_mem_save_cursors_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 8)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->count)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->reserved)); - NDR_PULL_ALLOC_N(ndr, r->cursors, r->count); + size_cursors_0 = r->count; + NDR_PULL_ALLOC_N(ndr, r->cursors, size_cursors_0); _mem_save_cursors_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->cursors, 0); - for (cntr_cursors_0 = 0; cntr_cursors_0 < r->count; cntr_cursors_0++) { + for (cntr_cursors_0 = 0; cntr_cursors_0 < size_cursors_0; cntr_cursors_0++) { NDR_CHECK(ndr_pull_drsuapi_DsReplicaCursor2(ndr, NDR_SCALARS, &r->cursors[cntr_cursors_0])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_cursors_0, 0); @@ -484,10 +490,12 @@ _PUBLIC_ enum ndr_err_code ndr_push_repsFromTo1OtherInfo(struct ndr_push *ndr, i _PUBLIC_ enum ndr_err_code ndr_pull_repsFromTo1OtherInfo(struct ndr_pull *ndr, int ndr_flags, struct repsFromTo1OtherInfo *r) { + uint32_t size_dns_name_0 = 0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->__dns_name_size)); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->dns_name, r->__dns_name_size, sizeof(uint8_t), CH_DOS)); + size_dns_name_0 = r->__dns_name_size; + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->dns_name, size_dns_name_0, sizeof(uint8_t), CH_DOS)); NDR_CHECK(ndr_pull_trailer_align(ndr, 4)); } if (ndr_flags & NDR_BUFFERS) { @@ -548,6 +556,7 @@ _PUBLIC_ enum ndr_err_code ndr_pull_repsFromTo1(struct ndr_pull *ndr, int ndr_fl { uint32_t _ptr_other_info; TALLOC_CTX *_mem_save_other_info_0; + uint32_t size_schedule_0 = 0; { uint32_t _flags_save_STRUCT = ndr->flags; ndr_set_flags(&ndr->flags, LIBNDR_PRINT_ARRAY_HEX); @@ -567,7 +576,8 @@ _PUBLIC_ enum ndr_err_code ndr_pull_repsFromTo1(struct ndr_pull *ndr, int ndr_fl } NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->other_info_length)); NDR_CHECK(ndr_pull_drsuapi_DsReplicaNeighbourFlags(ndr, NDR_SCALARS, &r->replica_flags)); - NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->schedule, 84)); + size_schedule_0 = 84; + NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->schedule, size_schedule_0)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->reserved)); NDR_CHECK(ndr_pull_drsuapi_DsReplicaHighWaterMark(ndr, NDR_SCALARS, &r->highwatermark)); NDR_CHECK(ndr_pull_GUID(ndr, NDR_SCALARS, &r->source_dsa_obj_guid)); @@ -822,6 +832,7 @@ _PUBLIC_ enum ndr_err_code ndr_pull_repsFromTo2(struct ndr_pull *ndr, int ndr_fl { uint32_t _ptr_other_info; TALLOC_CTX *_mem_save_other_info_0; + uint32_t size_schedule_0 = 0; { uint32_t _flags_save_STRUCT = ndr->flags; ndr_set_flags(&ndr->flags, LIBNDR_PRINT_ARRAY_HEX); @@ -841,7 +852,8 @@ _PUBLIC_ enum ndr_err_code ndr_pull_repsFromTo2(struct ndr_pull *ndr, int ndr_fl } NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->other_info_length)); NDR_CHECK(ndr_pull_drsuapi_DsReplicaNeighbourFlags(ndr, NDR_SCALARS, &r->replica_flags)); - NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->schedule, 84)); + size_schedule_0 = 84; + NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->schedule, size_schedule_0)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->reserved)); NDR_CHECK(ndr_pull_drsuapi_DsReplicaHighWaterMark(ndr, NDR_SCALARS, &r->highwatermark)); NDR_CHECK(ndr_pull_GUID(ndr, NDR_SCALARS, &r->source_dsa_obj_guid)); @@ -1057,15 +1069,17 @@ static enum ndr_err_code ndr_push_partialAttributeSetCtr1(struct ndr_push *ndr, static enum ndr_err_code ndr_pull_partialAttributeSetCtr1(struct ndr_pull *ndr, int ndr_flags, struct partialAttributeSetCtr1 *r) { + uint32_t size_array_0 = 0; uint32_t cntr_array_0; TALLOC_CTX *_mem_save_array_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->count)); - NDR_PULL_ALLOC_N(ndr, r->array, r->count); + size_array_0 = r->count; + NDR_PULL_ALLOC_N(ndr, r->array, size_array_0); _mem_save_array_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); - for (cntr_array_0 = 0; cntr_array_0 < r->count; cntr_array_0++) { + for (cntr_array_0 = 0; cntr_array_0 < size_array_0; cntr_array_0++) { NDR_CHECK(ndr_pull_drsuapi_DsAttributeId(ndr, NDR_SCALARS, &r->array[cntr_array_0])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_array_0, 0); @@ -1505,10 +1519,12 @@ _PUBLIC_ enum ndr_err_code ndr_push_ldapControlDirSyncCookie(struct ndr_push *nd _PUBLIC_ enum ndr_err_code ndr_pull_ldapControlDirSyncCookie(struct ndr_pull *ndr, int ndr_flags, struct ldapControlDirSyncCookie *r) { uint32_t _save_relative_base_offset = ndr_pull_get_relative_base_offset(ndr); + uint32_t size_msds_0 = 0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 8)); NDR_CHECK(ndr_pull_setup_relative_base_offset1(ndr, r, ndr->offset)); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->msds, 4, sizeof(uint8_t), CH_DOS)); + size_msds_0 = 4; + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->msds, size_msds_0, sizeof(uint8_t), CH_DOS)); { struct ndr_pull *_ndr_blob; NDR_CHECK(ndr_pull_subcontext_start(ndr, &_ndr_blob, 0, -1)); @@ -1551,13 +1567,17 @@ static enum ndr_err_code ndr_push_supplementalCredentialsPackage(struct ndr_push static enum ndr_err_code ndr_pull_supplementalCredentialsPackage(struct ndr_pull *ndr, int ndr_flags, struct supplementalCredentialsPackage *r) { + uint32_t size_name_0 = 0; + uint32_t size_data_0 = 0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 2)); NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, &r->name_len)); NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, &r->data_len)); NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, &r->reserved)); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->name, r->name_len, sizeof(uint8_t), CH_UTF16)); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->data, r->data_len, sizeof(uint8_t), CH_DOS)); + size_name_0 = r->name_len; + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->name, size_name_0, sizeof(uint8_t), CH_UTF16)); + size_data_0 = r->data_len; + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->data, size_data_0, sizeof(uint8_t), CH_DOS)); NDR_CHECK(ndr_pull_trailer_align(ndr, 2)); } if (ndr_flags & NDR_BUFFERS) { @@ -1636,17 +1656,21 @@ static enum ndr_err_code ndr_push_supplementalCredentialsSubBlob(struct ndr_push static enum ndr_err_code ndr_pull_supplementalCredentialsSubBlob(struct ndr_pull *ndr, int ndr_flags, struct supplementalCredentialsSubBlob *r) { + uint32_t size_prefix_0 = 0; + uint32_t size_packages_0 = 0; uint32_t cntr_packages_0; TALLOC_CTX *_mem_save_packages_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 3)); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->prefix, 0x30, sizeof(uint16_t), CH_UTF16)); + size_prefix_0 = 0x30; + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->prefix, size_prefix_0, sizeof(uint16_t), CH_UTF16)); NDR_CHECK(ndr_pull_supplementalCredentialsSignature(ndr, NDR_SCALARS, &r->signature)); NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, &r->num_packages)); - NDR_PULL_ALLOC_N(ndr, r->packages, r->num_packages); + size_packages_0 = r->num_packages; + NDR_PULL_ALLOC_N(ndr, r->packages, size_packages_0); _mem_save_packages_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->packages, 0); - for (cntr_packages_0 = 0; cntr_packages_0 < r->num_packages; cntr_packages_0++) { + for (cntr_packages_0 = 0; cntr_packages_0 < size_packages_0; cntr_packages_0++) { NDR_CHECK(ndr_pull_supplementalCredentialsPackage(ndr, NDR_SCALARS, &r->packages[cntr_packages_0])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_packages_0, 0); @@ -2016,8 +2040,10 @@ static enum ndr_err_code ndr_push_package_PrimaryKerberosCtr3(struct ndr_push *n static enum ndr_err_code ndr_pull_package_PrimaryKerberosCtr3(struct ndr_pull *ndr, int ndr_flags, struct package_PrimaryKerberosCtr3 *r) { + uint32_t size_keys_0 = 0; uint32_t cntr_keys_0; TALLOC_CTX *_mem_save_keys_0; + uint32_t size_old_keys_0 = 0; uint32_t cntr_old_keys_0; TALLOC_CTX *_mem_save_old_keys_0; if (ndr_flags & NDR_SCALARS) { @@ -2025,17 +2051,19 @@ static enum ndr_err_code ndr_pull_package_PrimaryKerberosCtr3(struct ndr_pull *n NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, &r->num_keys)); NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, &r->num_old_keys)); NDR_CHECK(ndr_pull_package_PrimaryKerberosString(ndr, NDR_SCALARS, &r->salt)); - NDR_PULL_ALLOC_N(ndr, r->keys, r->num_keys); + size_keys_0 = r->num_keys; + NDR_PULL_ALLOC_N(ndr, r->keys, size_keys_0); _mem_save_keys_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->keys, 0); - for (cntr_keys_0 = 0; cntr_keys_0 < r->num_keys; cntr_keys_0++) { + for (cntr_keys_0 = 0; cntr_keys_0 < size_keys_0; cntr_keys_0++) { NDR_CHECK(ndr_pull_package_PrimaryKerberosKey3(ndr, NDR_SCALARS, &r->keys[cntr_keys_0])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_keys_0, 0); - NDR_PULL_ALLOC_N(ndr, r->old_keys, r->num_old_keys); + size_old_keys_0 = r->num_old_keys; + NDR_PULL_ALLOC_N(ndr, r->old_keys, size_old_keys_0); _mem_save_old_keys_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->old_keys, 0); - for (cntr_old_keys_0 = 0; cntr_old_keys_0 < r->num_old_keys; cntr_old_keys_0++) { + for (cntr_old_keys_0 = 0; cntr_old_keys_0 < size_old_keys_0; cntr_old_keys_0++) { NDR_CHECK(ndr_pull_package_PrimaryKerberosKey3(ndr, NDR_SCALARS, &r->old_keys[cntr_old_keys_0])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_old_keys_0, 0); @@ -2048,15 +2076,17 @@ static enum ndr_err_code ndr_pull_package_PrimaryKerberosCtr3(struct ndr_pull *n } if (ndr_flags & NDR_BUFFERS) { NDR_CHECK(ndr_pull_package_PrimaryKerberosString(ndr, NDR_BUFFERS, &r->salt)); + size_keys_0 = r->num_keys; _mem_save_keys_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->keys, 0); - for (cntr_keys_0 = 0; cntr_keys_0 < r->num_keys; cntr_keys_0++) { + for (cntr_keys_0 = 0; cntr_keys_0 < size_keys_0; cntr_keys_0++) { NDR_CHECK(ndr_pull_package_PrimaryKerberosKey3(ndr, NDR_BUFFERS, &r->keys[cntr_keys_0])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_keys_0, 0); + size_old_keys_0 = r->num_old_keys; _mem_save_old_keys_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->old_keys, 0); - for (cntr_old_keys_0 = 0; cntr_old_keys_0 < r->num_old_keys; cntr_old_keys_0++) { + for (cntr_old_keys_0 = 0; cntr_old_keys_0 < size_old_keys_0; cntr_old_keys_0++) { NDR_CHECK(ndr_pull_package_PrimaryKerberosKey3(ndr, NDR_BUFFERS, &r->old_keys[cntr_old_keys_0])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_old_keys_0, 0); @@ -2250,12 +2280,16 @@ static enum ndr_err_code ndr_push_package_PrimaryKerberosCtr4(struct ndr_push *n static enum ndr_err_code ndr_pull_package_PrimaryKerberosCtr4(struct ndr_pull *ndr, int ndr_flags, struct package_PrimaryKerberosCtr4 *r) { + uint32_t size_keys_0 = 0; uint32_t cntr_keys_0; TALLOC_CTX *_mem_save_keys_0; + uint32_t size_service_keys_0 = 0; uint32_t cntr_service_keys_0; TALLOC_CTX *_mem_save_service_keys_0; + uint32_t size_old_keys_0 = 0; uint32_t cntr_old_keys_0; TALLOC_CTX *_mem_save_old_keys_0; + uint32_t size_older_keys_0 = 0; uint32_t cntr_older_keys_0; TALLOC_CTX *_mem_save_older_keys_0; if (ndr_flags & NDR_SCALARS) { @@ -2266,31 +2300,35 @@ static enum ndr_err_code ndr_pull_package_PrimaryKerberosCtr4(struct ndr_pull *n NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, &r->num_older_keys)); NDR_CHECK(ndr_pull_package_PrimaryKerberosString(ndr, NDR_SCALARS, &r->salt)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->default_iteration_count)); - NDR_PULL_ALLOC_N(ndr, r->keys, r->num_keys); + size_keys_0 = r->num_keys; + NDR_PULL_ALLOC_N(ndr, r->keys, size_keys_0); _mem_save_keys_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->keys, 0); - for (cntr_keys_0 = 0; cntr_keys_0 < r->num_keys; cntr_keys_0++) { + for (cntr_keys_0 = 0; cntr_keys_0 < size_keys_0; cntr_keys_0++) { NDR_CHECK(ndr_pull_package_PrimaryKerberosKey4(ndr, NDR_SCALARS, &r->keys[cntr_keys_0])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_keys_0, 0); - NDR_PULL_ALLOC_N(ndr, r->service_keys, r->num_service_keys); + size_service_keys_0 = r->num_service_keys; + NDR_PULL_ALLOC_N(ndr, r->service_keys, size_service_keys_0); _mem_save_service_keys_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->service_keys, 0); - for (cntr_service_keys_0 = 0; cntr_service_keys_0 < r->num_service_keys; cntr_service_keys_0++) { + for (cntr_service_keys_0 = 0; cntr_service_keys_0 < size_service_keys_0; cntr_service_keys_0++) { NDR_CHECK(ndr_pull_package_PrimaryKerberosKey4(ndr, NDR_SCALARS, &r->service_keys[cntr_service_keys_0])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_service_keys_0, 0); - NDR_PULL_ALLOC_N(ndr, r->old_keys, r->num_old_keys); + size_old_keys_0 = r->num_old_keys; + NDR_PULL_ALLOC_N(ndr, r->old_keys, size_old_keys_0); _mem_save_old_keys_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->old_keys, 0); - for (cntr_old_keys_0 = 0; cntr_old_keys_0 < r->num_old_keys; cntr_old_keys_0++) { + for (cntr_old_keys_0 = 0; cntr_old_keys_0 < size_old_keys_0; cntr_old_keys_0++) { NDR_CHECK(ndr_pull_package_PrimaryKerberosKey4(ndr, NDR_SCALARS, &r->old_keys[cntr_old_keys_0])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_old_keys_0, 0); - NDR_PULL_ALLOC_N(ndr, r->older_keys, r->num_older_keys); + size_older_keys_0 = r->num_older_keys; + NDR_PULL_ALLOC_N(ndr, r->older_keys, size_older_keys_0); _mem_save_older_keys_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->older_keys, 0); - for (cntr_older_keys_0 = 0; cntr_older_keys_0 < r->num_older_keys; cntr_older_keys_0++) { + for (cntr_older_keys_0 = 0; cntr_older_keys_0 < size_older_keys_0; cntr_older_keys_0++) { NDR_CHECK(ndr_pull_package_PrimaryKerberosKey4(ndr, NDR_SCALARS, &r->older_keys[cntr_older_keys_0])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_older_keys_0, 0); @@ -2298,27 +2336,31 @@ static enum ndr_err_code ndr_pull_package_PrimaryKerberosCtr4(struct ndr_pull *n } if (ndr_flags & NDR_BUFFERS) { NDR_CHECK(ndr_pull_package_PrimaryKerberosString(ndr, NDR_BUFFERS, &r->salt)); + size_keys_0 = r->num_keys; _mem_save_keys_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->keys, 0); - for (cntr_keys_0 = 0; cntr_keys_0 < r->num_keys; cntr_keys_0++) { + for (cntr_keys_0 = 0; cntr_keys_0 < size_keys_0; cntr_keys_0++) { NDR_CHECK(ndr_pull_package_PrimaryKerberosKey4(ndr, NDR_BUFFERS, &r->keys[cntr_keys_0])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_keys_0, 0); + size_service_keys_0 = r->num_service_keys; _mem_save_service_keys_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->service_keys, 0); - for (cntr_service_keys_0 = 0; cntr_service_keys_0 < r->num_service_keys; cntr_service_keys_0++) { + for (cntr_service_keys_0 = 0; cntr_service_keys_0 < size_service_keys_0; cntr_service_keys_0++) { NDR_CHECK(ndr_pull_package_PrimaryKerberosKey4(ndr, NDR_BUFFERS, &r->service_keys[cntr_service_keys_0])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_service_keys_0, 0); + size_old_keys_0 = r->num_old_keys; _mem_save_old_keys_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->old_keys, 0); - for (cntr_old_keys_0 = 0; cntr_old_keys_0 < r->num_old_keys; cntr_old_keys_0++) { + for (cntr_old_keys_0 = 0; cntr_old_keys_0 < size_old_keys_0; cntr_old_keys_0++) { NDR_CHECK(ndr_pull_package_PrimaryKerberosKey4(ndr, NDR_BUFFERS, &r->old_keys[cntr_old_keys_0])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_old_keys_0, 0); + size_older_keys_0 = r->num_older_keys; _mem_save_older_keys_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->older_keys, 0); - for (cntr_older_keys_0 = 0; cntr_older_keys_0 < r->num_older_keys; cntr_older_keys_0++) { + for (cntr_older_keys_0 = 0; cntr_older_keys_0 < size_older_keys_0; cntr_older_keys_0++) { NDR_CHECK(ndr_pull_package_PrimaryKerberosKey4(ndr, NDR_BUFFERS, &r->older_keys[cntr_older_keys_0])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_older_keys_0, 0); @@ -2578,12 +2620,14 @@ static enum ndr_err_code ndr_push_package_PrimaryWDigestHash(struct ndr_push *nd static enum ndr_err_code ndr_pull_package_PrimaryWDigestHash(struct ndr_pull *ndr, int ndr_flags, struct package_PrimaryWDigestHash *r) { + uint32_t size_hash_0 = 0; { uint32_t _flags_save_STRUCT = ndr->flags; ndr_set_flags(&ndr->flags, LIBNDR_PRINT_ARRAY_HEX); if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 1)); - NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->hash, 16)); + size_hash_0 = 16; + NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->hash, size_hash_0)); NDR_CHECK(ndr_pull_trailer_align(ndr, 1)); } if (ndr_flags & NDR_BUFFERS) { @@ -2628,6 +2672,7 @@ _PUBLIC_ enum ndr_err_code ndr_push_package_PrimaryWDigestBlob(struct ndr_push * _PUBLIC_ enum ndr_err_code ndr_pull_package_PrimaryWDigestBlob(struct ndr_pull *ndr, int ndr_flags, struct package_PrimaryWDigestBlob *r) { + uint32_t size_hashes_0 = 0; uint32_t cntr_hashes_0; TALLOC_CTX *_mem_save_hashes_0; if (ndr_flags & NDR_SCALARS) { @@ -2637,10 +2682,11 @@ _PUBLIC_ enum ndr_err_code ndr_pull_package_PrimaryWDigestBlob(struct ndr_pull * NDR_CHECK(ndr_pull_uint8(ndr, NDR_SCALARS, &r->num_hashes)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->unknown3)); NDR_CHECK(ndr_pull_udlong(ndr, NDR_SCALARS, &r->uuknown4)); - NDR_PULL_ALLOC_N(ndr, r->hashes, r->num_hashes); + size_hashes_0 = r->num_hashes; + NDR_PULL_ALLOC_N(ndr, r->hashes, size_hashes_0); _mem_save_hashes_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->hashes, 0); - for (cntr_hashes_0 = 0; cntr_hashes_0 < r->num_hashes; cntr_hashes_0++) { + for (cntr_hashes_0 = 0; cntr_hashes_0 < size_hashes_0; cntr_hashes_0++) { NDR_CHECK(ndr_pull_package_PrimaryWDigestHash(ndr, NDR_SCALARS, &r->hashes[cntr_hashes_0])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_hashes_0, 0); @@ -2756,11 +2802,13 @@ static enum ndr_err_code ndr_push_AuthInfoClear(struct ndr_push *ndr, int ndr_fl static enum ndr_err_code ndr_pull_AuthInfoClear(struct ndr_pull *ndr, int ndr_flags, struct AuthInfoClear *r) { + uint32_t size_password_0 = 0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->size)); - NDR_PULL_ALLOC_N(ndr, r->password, r->size); - NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->password, r->size)); + size_password_0 = r->size; + NDR_PULL_ALLOC_N(ndr, r->password, size_password_0); + NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->password, size_password_0)); NDR_CHECK(ndr_pull_trailer_align(ndr, 4)); } if (ndr_flags & NDR_BUFFERS) { @@ -3020,16 +3068,18 @@ _PUBLIC_ enum ndr_err_code ndr_push_trustCurrentPasswords(struct ndr_push *ndr, _PUBLIC_ enum ndr_err_code ndr_pull_trustCurrentPasswords(struct ndr_pull *ndr, int ndr_flags, struct trustCurrentPasswords *r) { uint32_t _ptr_current; + uint32_t size_current_0 = 0; uint32_t cntr_current_0; TALLOC_CTX *_mem_save_current_0; TALLOC_CTX *_mem_save_current_1; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 5)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->count)); - NDR_PULL_ALLOC_N(ndr, r->current, r->count); + size_current_0 = r->count; + NDR_PULL_ALLOC_N(ndr, r->current, size_current_0); _mem_save_current_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->current, 0); - for (cntr_current_0 = 0; cntr_current_0 < r->count; cntr_current_0++) { + for (cntr_current_0 = 0; cntr_current_0 < size_current_0; cntr_current_0++) { NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_current)); if (_ptr_current) { NDR_PULL_ALLOC(ndr, r->current[cntr_current_0]); @@ -3042,9 +3092,10 @@ _PUBLIC_ enum ndr_err_code ndr_pull_trustCurrentPasswords(struct ndr_pull *ndr, NDR_CHECK(ndr_pull_trailer_align(ndr, 5)); } if (ndr_flags & NDR_BUFFERS) { + size_current_0 = r->count; _mem_save_current_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->current, 0); - for (cntr_current_0 = 0; cntr_current_0 < r->count; cntr_current_0++) { + for (cntr_current_0 = 0; cntr_current_0 < size_current_0; cntr_current_0++) { if (r->current[cntr_current_0]) { uint32_t _relative_save_offset; _relative_save_offset = ndr->offset; @@ -3183,6 +3234,7 @@ static enum ndr_err_code ndr_push_ExtendedErrorAString(struct ndr_push *ndr, int static enum ndr_err_code ndr_pull_ExtendedErrorAString(struct ndr_pull *ndr, int ndr_flags, struct ExtendedErrorAString *r) { uint32_t _ptr_string; + uint32_t size_string_1 = 0; TALLOC_CTX *_mem_save_string_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 5)); @@ -3200,7 +3252,8 @@ static enum ndr_err_code ndr_pull_ExtendedErrorAString(struct ndr_pull *ndr, int _mem_save_string_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->string, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->string)); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->string, ndr_get_array_size(ndr, &r->string), sizeof(uint8_t), CH_DOS)); + size_string_1 = ndr_get_array_size(ndr, &r->string); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->string, size_string_1, sizeof(uint8_t), CH_DOS)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_string_0, 0); } if (r->string) { @@ -3244,6 +3297,7 @@ static enum ndr_err_code ndr_push_ExtendedErrorUString(struct ndr_push *ndr, int static enum ndr_err_code ndr_pull_ExtendedErrorUString(struct ndr_pull *ndr, int ndr_flags, struct ExtendedErrorUString *r) { uint32_t _ptr_string; + uint32_t size_string_1 = 0; TALLOC_CTX *_mem_save_string_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 5)); @@ -3261,7 +3315,8 @@ static enum ndr_err_code ndr_pull_ExtendedErrorUString(struct ndr_pull *ndr, int _mem_save_string_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->string, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->string)); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->string, ndr_get_array_size(ndr, &r->string), sizeof(uint16_t), CH_UTF16)); + size_string_1 = ndr_get_array_size(ndr, &r->string); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->string, size_string_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_string_0, 0); } if (r->string) { @@ -3305,6 +3360,7 @@ static enum ndr_err_code ndr_push_ExtendedErrorBlob(struct ndr_push *ndr, int nd static enum ndr_err_code ndr_pull_ExtendedErrorBlob(struct ndr_pull *ndr, int ndr_flags, struct ExtendedErrorBlob *r) { uint32_t _ptr_data; + uint32_t size_data_1 = 0; TALLOC_CTX *_mem_save_data_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 5)); @@ -3322,8 +3378,9 @@ static enum ndr_err_code ndr_pull_ExtendedErrorBlob(struct ndr_pull *ndr, int nd _mem_save_data_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->data, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->data)); - NDR_PULL_ALLOC_N(ndr, r->data, ndr_get_array_size(ndr, &r->data)); - NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->data, ndr_get_array_size(ndr, &r->data))); + size_data_1 = ndr_get_array_size(ndr, &r->data); + NDR_PULL_ALLOC_N(ndr, r->data, size_data_1); + NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->data, size_data_1)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_data_0, 0); } if (r->data) { @@ -3796,6 +3853,7 @@ _PUBLIC_ enum ndr_err_code ndr_pull_ExtendedErrorInfo(struct ndr_pull *ndr, int { uint32_t _ptr_next; TALLOC_CTX *_mem_save_next_0; + uint32_t size_params_0 = 0; uint32_t cntr_params_0; TALLOC_CTX *_mem_save_params_0; if (ndr_flags & NDR_SCALARS) { @@ -3815,10 +3873,11 @@ _PUBLIC_ enum ndr_err_code ndr_pull_ExtendedErrorInfo(struct ndr_pull *ndr, int NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, &r->detection_location)); NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, &r->flags)); NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, &r->num_params)); - NDR_PULL_ALLOC_N(ndr, r->params, ndr_get_array_size(ndr, &r->params)); + size_params_0 = ndr_get_array_size(ndr, &r->params); + NDR_PULL_ALLOC_N(ndr, r->params, size_params_0); _mem_save_params_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->params, 0); - for (cntr_params_0 = 0; cntr_params_0 < r->num_params; cntr_params_0++) { + for (cntr_params_0 = 0; cntr_params_0 < size_params_0; cntr_params_0++) { NDR_CHECK(ndr_pull_ExtendedErrorParam(ndr, NDR_SCALARS, &r->params[cntr_params_0])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_params_0, 0); @@ -3835,9 +3894,10 @@ _PUBLIC_ enum ndr_err_code ndr_pull_ExtendedErrorInfo(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, _mem_save_next_0, 0); } NDR_CHECK(ndr_pull_ExtendedErrorComputerName(ndr, NDR_BUFFERS, &r->computer_name)); + size_params_0 = ndr_get_array_size(ndr, &r->params); _mem_save_params_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->params, 0); - for (cntr_params_0 = 0; cntr_params_0 < r->num_params; cntr_params_0++) { + for (cntr_params_0 = 0; cntr_params_0 < size_params_0; cntr_params_0++) { NDR_CHECK(ndr_pull_ExtendedErrorParam(ndr, NDR_BUFFERS, &r->params[cntr_params_0])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_params_0, 0); diff --git a/librpc/gen_ndr/ndr_drsuapi.c b/librpc/gen_ndr/ndr_drsuapi.c index 6777acc..ea0abbd 100644 --- a/librpc/gen_ndr/ndr_drsuapi.c +++ b/librpc/gen_ndr/ndr_drsuapi.c @@ -468,6 +468,7 @@ _PUBLIC_ enum ndr_err_code ndr_push_drsuapi_DsReplicaObjectIdentifier(struct ndr _PUBLIC_ enum ndr_err_code ndr_pull_drsuapi_DsReplicaObjectIdentifier(struct ndr_pull *ndr, int ndr_flags, struct drsuapi_DsReplicaObjectIdentifier *r) { + uint32_t size_dn_0 = 0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_array_size(ndr, &r->dn)); NDR_CHECK(ndr_pull_align(ndr, 4)); @@ -476,7 +477,8 @@ _PUBLIC_ enum ndr_err_code ndr_pull_drsuapi_DsReplicaObjectIdentifier(struct ndr NDR_CHECK(ndr_pull_GUID(ndr, NDR_SCALARS, &r->guid)); NDR_CHECK(ndr_pull_dom_sid28(ndr, NDR_SCALARS, &r->sid)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->__ndr_size_dn)); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->dn, ndr_get_array_size(ndr, &r->dn), sizeof(uint16_t), CH_UTF16)); + size_dn_0 = ndr_get_array_size(ndr, &r->dn); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->dn, size_dn_0, sizeof(uint16_t), CH_UTF16)); if (r->dn) { NDR_CHECK(ndr_check_array_size(ndr, (void*)&r->dn, r->__ndr_size_dn + 1)); } @@ -826,6 +828,7 @@ static enum ndr_err_code ndr_push_drsuapi_DsReplicaCursorCtrEx(struct ndr_push * static enum ndr_err_code ndr_pull_drsuapi_DsReplicaCursorCtrEx(struct ndr_pull *ndr, int ndr_flags, struct drsuapi_DsReplicaCursorCtrEx *r) { + uint32_t size_cursors_0 = 0; uint32_t cntr_cursors_0; TALLOC_CTX *_mem_save_cursors_0; if (ndr_flags & NDR_SCALARS) { @@ -838,10 +841,11 @@ static enum ndr_err_code ndr_pull_drsuapi_DsReplicaCursorCtrEx(struct ndr_pull * return ndr_pull_error(ndr, NDR_ERR_RANGE, "value out of range"); } NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->reserved2)); - NDR_PULL_ALLOC_N(ndr, r->cursors, ndr_get_array_size(ndr, &r->cursors)); + size_cursors_0 = ndr_get_array_size(ndr, &r->cursors); + NDR_PULL_ALLOC_N(ndr, r->cursors, size_cursors_0); _mem_save_cursors_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->cursors, 0); - for (cntr_cursors_0 = 0; cntr_cursors_0 < r->count; cntr_cursors_0++) { + for (cntr_cursors_0 = 0; cntr_cursors_0 < size_cursors_0; cntr_cursors_0++) { NDR_CHECK(ndr_pull_drsuapi_DsReplicaCursor(ndr, NDR_SCALARS, &r->cursors[cntr_cursors_0])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_cursors_0, 0); @@ -1193,6 +1197,7 @@ _PUBLIC_ enum ndr_err_code ndr_push_drsuapi_DsReplicaOIDMapping_Ctr(struct ndr_p _PUBLIC_ enum ndr_err_code ndr_pull_drsuapi_DsReplicaOIDMapping_Ctr(struct ndr_pull *ndr, int ndr_flags, struct drsuapi_DsReplicaOIDMapping_Ctr *r) { uint32_t _ptr_mappings; + uint32_t size_mappings_1 = 0; uint32_t cntr_mappings_1; TALLOC_CTX *_mem_save_mappings_0; TALLOC_CTX *_mem_save_mappings_1; @@ -1215,13 +1220,14 @@ _PUBLIC_ enum ndr_err_code ndr_pull_drsuapi_DsReplicaOIDMapping_Ctr(struct ndr_p _mem_save_mappings_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->mappings, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->mappings)); - NDR_PULL_ALLOC_N(ndr, r->mappings, ndr_get_array_size(ndr, &r->mappings)); + size_mappings_1 = ndr_get_array_size(ndr, &r->mappings); + NDR_PULL_ALLOC_N(ndr, r->mappings, size_mappings_1); _mem_save_mappings_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->mappings, 0); - for (cntr_mappings_1 = 0; cntr_mappings_1 < r->num_mappings; cntr_mappings_1++) { + for (cntr_mappings_1 = 0; cntr_mappings_1 < size_mappings_1; cntr_mappings_1++) { NDR_CHECK(ndr_pull_drsuapi_DsReplicaOIDMapping(ndr, NDR_SCALARS, &r->mappings[cntr_mappings_1])); } - for (cntr_mappings_1 = 0; cntr_mappings_1 < r->num_mappings; cntr_mappings_1++) { + for (cntr_mappings_1 = 0; cntr_mappings_1 < size_mappings_1; cntr_mappings_1++) { NDR_CHECK(ndr_pull_drsuapi_DsReplicaOIDMapping(ndr, NDR_BUFFERS, &r->mappings[cntr_mappings_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_mappings_1, 0); @@ -1386,6 +1392,7 @@ static enum ndr_err_code ndr_push_drsuapi_DsPartialAttributeSet(struct ndr_push static enum ndr_err_code ndr_pull_drsuapi_DsPartialAttributeSet(struct ndr_pull *ndr, int ndr_flags, struct drsuapi_DsPartialAttributeSet *r) { + uint32_t size_attids_0 = 0; uint32_t cntr_attids_0; TALLOC_CTX *_mem_save_attids_0; if (ndr_flags & NDR_SCALARS) { @@ -1397,10 +1404,11 @@ static enum ndr_err_code ndr_pull_drsuapi_DsPartialAttributeSet(struct ndr_pull if (r->num_attids < 1 || r->num_attids > 0x100000) { return ndr_pull_error(ndr, NDR_ERR_RANGE, "value out of range"); } - NDR_PULL_ALLOC_N(ndr, r->attids, ndr_get_array_size(ndr, &r->attids)); + size_attids_0 = ndr_get_array_size(ndr, &r->attids); + NDR_PULL_ALLOC_N(ndr, r->attids, size_attids_0); _mem_save_attids_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->attids, 0); - for (cntr_attids_0 = 0; cntr_attids_0 < r->num_attids; cntr_attids_0++) { + for (cntr_attids_0 = 0; cntr_attids_0 < size_attids_0; cntr_attids_0++) { NDR_CHECK(ndr_pull_drsuapi_DsAttributeId(ndr, NDR_SCALARS, &r->attids[cntr_attids_0])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_attids_0, 0); @@ -1917,6 +1925,7 @@ static enum ndr_err_code ndr_push_drsuapi_DsReplicaCursor2CtrEx(struct ndr_push static enum ndr_err_code ndr_pull_drsuapi_DsReplicaCursor2CtrEx(struct ndr_pull *ndr, int ndr_flags, struct drsuapi_DsReplicaCursor2CtrEx *r) { + uint32_t size_cursors_0 = 0; uint32_t cntr_cursors_0; TALLOC_CTX *_mem_save_cursors_0; if (ndr_flags & NDR_SCALARS) { @@ -1929,10 +1938,11 @@ static enum ndr_err_code ndr_pull_drsuapi_DsReplicaCursor2CtrEx(struct ndr_pull return ndr_pull_error(ndr, NDR_ERR_RANGE, "value out of range"); } NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->reserved2)); - NDR_PULL_ALLOC_N(ndr, r->cursors, ndr_get_array_size(ndr, &r->cursors)); + size_cursors_0 = ndr_get_array_size(ndr, &r->cursors); + NDR_PULL_ALLOC_N(ndr, r->cursors, size_cursors_0); _mem_save_cursors_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->cursors, 0); - for (cntr_cursors_0 = 0; cntr_cursors_0 < r->count; cntr_cursors_0++) { + for (cntr_cursors_0 = 0; cntr_cursors_0 < size_cursors_0; cntr_cursors_0++) { NDR_CHECK(ndr_pull_drsuapi_DsReplicaCursor2(ndr, NDR_SCALARS, &r->cursors[cntr_cursors_0])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_cursors_0, 0); @@ -2053,6 +2063,7 @@ static enum ndr_err_code ndr_push_drsuapi_DsAttributeValueCtr(struct ndr_push *n static enum ndr_err_code ndr_pull_drsuapi_DsAttributeValueCtr(struct ndr_pull *ndr, int ndr_flags, struct drsuapi_DsAttributeValueCtr *r) { uint32_t _ptr_values; + uint32_t size_values_1 = 0; uint32_t cntr_values_1; TALLOC_CTX *_mem_save_values_0; TALLOC_CTX *_mem_save_values_1; @@ -2075,13 +2086,14 @@ static enum ndr_err_code ndr_pull_drsuapi_DsAttributeValueCtr(struct ndr_pull *n _mem_save_values_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->values, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->values)); - NDR_PULL_ALLOC_N(ndr, r->values, ndr_get_array_size(ndr, &r->values)); + size_values_1 = ndr_get_array_size(ndr, &r->values); + NDR_PULL_ALLOC_N(ndr, r->values, size_values_1); _mem_save_values_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->values, 0); - for (cntr_values_1 = 0; cntr_values_1 < r->num_values; cntr_values_1++) { + for (cntr_values_1 = 0; cntr_values_1 < size_values_1; cntr_values_1++) { NDR_CHECK(ndr_pull_drsuapi_DsAttributeValue(ndr, NDR_SCALARS, &r->values[cntr_values_1])); } - for (cntr_values_1 = 0; cntr_values_1 < r->num_values; cntr_values_1++) { + for (cntr_values_1 = 0; cntr_values_1 < size_values_1; cntr_values_1++) { NDR_CHECK(ndr_pull_drsuapi_DsAttributeValue(ndr, NDR_BUFFERS, &r->values[cntr_values_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_values_1, 0); @@ -2138,6 +2150,7 @@ _PUBLIC_ enum ndr_err_code ndr_push_drsuapi_DsReplicaObjectIdentifier3(struct nd _PUBLIC_ enum ndr_err_code ndr_pull_drsuapi_DsReplicaObjectIdentifier3(struct ndr_pull *ndr, int ndr_flags, struct drsuapi_DsReplicaObjectIdentifier3 *r) { + uint32_t size_dn_0 = 0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->__ndr_size)); @@ -2145,7 +2158,8 @@ _PUBLIC_ enum ndr_err_code ndr_pull_drsuapi_DsReplicaObjectIdentifier3(struct nd NDR_CHECK(ndr_pull_GUID(ndr, NDR_SCALARS, &r->guid)); NDR_CHECK(ndr_pull_dom_sid28(ndr, NDR_SCALARS, &r->sid)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->__ndr_size_dn)); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->dn, r->__ndr_size_dn + 1, sizeof(uint16_t), CH_UTF16)); + size_dn_0 = r->__ndr_size_dn + 1; + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->dn, size_dn_0, sizeof(uint16_t), CH_UTF16)); NDR_CHECK(ndr_pull_trailer_align(ndr, 4)); } if (ndr_flags & NDR_BUFFERS) { @@ -2199,6 +2213,7 @@ _PUBLIC_ enum ndr_err_code ndr_push_drsuapi_DsReplicaObjectIdentifier3Binary(str _PUBLIC_ enum ndr_err_code ndr_pull_drsuapi_DsReplicaObjectIdentifier3Binary(struct ndr_pull *ndr, int ndr_flags, struct drsuapi_DsReplicaObjectIdentifier3Binary *r) { + uint32_t size_dn_0 = 0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->__ndr_size)); @@ -2206,7 +2221,8 @@ _PUBLIC_ enum ndr_err_code ndr_pull_drsuapi_DsReplicaObjectIdentifier3Binary(str NDR_CHECK(ndr_pull_GUID(ndr, NDR_SCALARS, &r->guid)); NDR_CHECK(ndr_pull_dom_sid28(ndr, NDR_SCALARS, &r->sid)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->__ndr_size_dn)); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->dn, r->__ndr_size_dn + 1, sizeof(uint16_t), CH_UTF16)); + size_dn_0 = r->__ndr_size_dn + 1; + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->dn, size_dn_0, sizeof(uint16_t), CH_UTF16)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->__ndr_size_binary)); { uint32_t _flags_save_DATA_BLOB = ndr->flags; @@ -2300,6 +2316,7 @@ static enum ndr_err_code ndr_push_drsuapi_DsReplicaAttributeCtr(struct ndr_push static enum ndr_err_code ndr_pull_drsuapi_DsReplicaAttributeCtr(struct ndr_pull *ndr, int ndr_flags, struct drsuapi_DsReplicaAttributeCtr *r) { uint32_t _ptr_attributes; + uint32_t size_attributes_1 = 0; uint32_t cntr_attributes_1; TALLOC_CTX *_mem_save_attributes_0; TALLOC_CTX *_mem_save_attributes_1; @@ -2322,13 +2339,14 @@ static enum ndr_err_code ndr_pull_drsuapi_DsReplicaAttributeCtr(struct ndr_pull _mem_save_attributes_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->attributes, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->attributes)); - NDR_PULL_ALLOC_N(ndr, r->attributes, ndr_get_array_size(ndr, &r->attributes)); + size_attributes_1 = ndr_get_array_size(ndr, &r->attributes); + NDR_PULL_ALLOC_N(ndr, r->attributes, size_attributes_1); _mem_save_attributes_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->attributes, 0); - for (cntr_attributes_1 = 0; cntr_attributes_1 < r->num_attributes; cntr_attributes_1++) { + for (cntr_attributes_1 = 0; cntr_attributes_1 < size_attributes_1; cntr_attributes_1++) { NDR_CHECK(ndr_pull_drsuapi_DsReplicaAttribute(ndr, NDR_SCALARS, &r->attributes[cntr_attributes_1])); } - for (cntr_attributes_1 = 0; cntr_attributes_1 < r->num_attributes; cntr_attributes_1++) { + for (cntr_attributes_1 = 0; cntr_attributes_1 < size_attributes_1; cntr_attributes_1++) { NDR_CHECK(ndr_pull_drsuapi_DsReplicaAttribute(ndr, NDR_BUFFERS, &r->attributes[cntr_attributes_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_attributes_1, 0); @@ -2510,6 +2528,7 @@ _PUBLIC_ enum ndr_err_code ndr_push_drsuapi_DsReplicaMetaDataCtr(struct ndr_push _PUBLIC_ enum ndr_err_code ndr_pull_drsuapi_DsReplicaMetaDataCtr(struct ndr_pull *ndr, int ndr_flags, struct drsuapi_DsReplicaMetaDataCtr *r) { + uint32_t size_meta_data_0 = 0; uint32_t cntr_meta_data_0; TALLOC_CTX *_mem_save_meta_data_0; if (ndr_flags & NDR_SCALARS) { @@ -2519,10 +2538,11 @@ _PUBLIC_ enum ndr_err_code ndr_pull_drsuapi_DsReplicaMetaDataCtr(struct ndr_pull if (r->count > 1048576) { return ndr_pull_error(ndr, NDR_ERR_RANGE, "value out of range"); } - NDR_PULL_ALLOC_N(ndr, r->meta_data, ndr_get_array_size(ndr, &r->meta_data)); + size_meta_data_0 = ndr_get_array_size(ndr, &r->meta_data); + NDR_PULL_ALLOC_N(ndr, r->meta_data, size_meta_data_0); _mem_save_meta_data_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->meta_data, 0); - for (cntr_meta_data_0 = 0; cntr_meta_data_0 < r->count; cntr_meta_data_0++) { + for (cntr_meta_data_0 = 0; cntr_meta_data_0 < size_meta_data_0; cntr_meta_data_0++) { NDR_CHECK(ndr_pull_drsuapi_DsReplicaMetaData(ndr, NDR_SCALARS, &r->meta_data[cntr_meta_data_0])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_meta_data_0, 0); @@ -2921,6 +2941,7 @@ _PUBLIC_ enum ndr_err_code ndr_pull_drsuapi_DsGetNCChangesCtr6(struct ndr_pull * uint32_t _ptr_first_object; TALLOC_CTX *_mem_save_first_object_0; uint32_t _ptr_linked_attributes; + uint32_t size_linked_attributes_1 = 0; uint32_t cntr_linked_attributes_1; TALLOC_CTX *_mem_save_linked_attributes_0; TALLOC_CTX *_mem_save_linked_attributes_1; @@ -2992,13 +3013,14 @@ _PUBLIC_ enum ndr_err_code ndr_pull_drsuapi_DsGetNCChangesCtr6(struct ndr_pull * _mem_save_linked_attributes_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->linked_attributes, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->linked_attributes)); - NDR_PULL_ALLOC_N(ndr, r->linked_attributes, ndr_get_array_size(ndr, &r->linked_attributes)); + size_linked_attributes_1 = ndr_get_array_size(ndr, &r->linked_attributes); + NDR_PULL_ALLOC_N(ndr, r->linked_attributes, size_linked_attributes_1); _mem_save_linked_attributes_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->linked_attributes, 0); - for (cntr_linked_attributes_1 = 0; cntr_linked_attributes_1 < r->linked_attributes_count; cntr_linked_attributes_1++) { + for (cntr_linked_attributes_1 = 0; cntr_linked_attributes_1 < size_linked_attributes_1; cntr_linked_attributes_1++) { NDR_CHECK(ndr_pull_drsuapi_DsReplicaLinkedAttribute(ndr, NDR_SCALARS, &r->linked_attributes[cntr_linked_attributes_1])); } - for (cntr_linked_attributes_1 = 0; cntr_linked_attributes_1 < r->linked_attributes_count; cntr_linked_attributes_1++) { + for (cntr_linked_attributes_1 = 0; cntr_linked_attributes_1 < size_linked_attributes_1; cntr_linked_attributes_1++) { NDR_CHECK(ndr_pull_drsuapi_DsReplicaLinkedAttribute(ndr, NDR_BUFFERS, &r->linked_attributes[cntr_linked_attributes_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_linked_attributes_1, 0); @@ -3810,6 +3832,8 @@ static enum ndr_err_code ndr_pull_drsuapi_DsReplicaUpdateRefsRequest1(struct ndr uint32_t _ptr_naming_context; TALLOC_CTX *_mem_save_naming_context_0; uint32_t _ptr_dest_dsa_dns_name; + uint32_t size_dest_dsa_dns_name_1 = 0; + uint32_t length_dest_dsa_dns_name_1 = 0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 5)); NDR_CHECK(ndr_pull_ref_ptr(ndr, &_ptr_naming_context)); @@ -3835,11 +3859,13 @@ static enum ndr_err_code ndr_pull_drsuapi_DsReplicaUpdateRefsRequest1(struct ndr NDR_PULL_SET_MEM_CTX(ndr, _mem_save_naming_context_0, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->dest_dsa_dns_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->dest_dsa_dns_name)); - if (ndr_get_array_length(ndr, &r->dest_dsa_dns_name) > ndr_get_array_size(ndr, &r->dest_dsa_dns_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->dest_dsa_dns_name), ndr_get_array_length(ndr, &r->dest_dsa_dns_name)); + size_dest_dsa_dns_name_1 = ndr_get_array_size(ndr, &r->dest_dsa_dns_name); + length_dest_dsa_dns_name_1 = ndr_get_array_length(ndr, &r->dest_dsa_dns_name); + if (length_dest_dsa_dns_name_1 > size_dest_dsa_dns_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_dest_dsa_dns_name_1, length_dest_dsa_dns_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->dest_dsa_dns_name), sizeof(uint8_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->dest_dsa_dns_name, ndr_get_array_length(ndr, &r->dest_dsa_dns_name), sizeof(uint8_t), CH_DOS)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_dest_dsa_dns_name_1, sizeof(uint8_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->dest_dsa_dns_name, length_dest_dsa_dns_name_1, sizeof(uint8_t), CH_DOS)); } return NDR_ERR_SUCCESS; } @@ -3991,7 +4017,10 @@ static enum ndr_err_code ndr_pull_drsuapi_DsReplicaAddRequest1(struct ndr_pull * uint32_t _ptr_naming_context; TALLOC_CTX *_mem_save_naming_context_0; uint32_t _ptr_source_dsa_address; + uint32_t size_source_dsa_address_1 = 0; + uint32_t length_source_dsa_address_1 = 0; TALLOC_CTX *_mem_save_source_dsa_address_0; + uint32_t size_schedule_0 = 0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 5)); NDR_CHECK(ndr_pull_ref_ptr(ndr, &_ptr_naming_context)); @@ -4006,7 +4035,8 @@ static enum ndr_err_code ndr_pull_drsuapi_DsReplicaAddRequest1(struct ndr_pull * } else { r->source_dsa_address = NULL; } - NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->schedule, 84)); + size_schedule_0 = 84; + NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->schedule, size_schedule_0)); NDR_CHECK(ndr_pull_drsuapi_DsReplicaAddOptions(ndr, NDR_SCALARS, &r->options)); NDR_CHECK(ndr_pull_trailer_align(ndr, 5)); } @@ -4020,11 +4050,13 @@ static enum ndr_err_code ndr_pull_drsuapi_DsReplicaAddRequest1(struct ndr_pull * NDR_PULL_SET_MEM_CTX(ndr, r->source_dsa_address, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->source_dsa_address)); NDR_CHECK(ndr_pull_array_length(ndr, &r->source_dsa_address)); - if (ndr_get_array_length(ndr, &r->source_dsa_address) > ndr_get_array_size(ndr, &r->source_dsa_address)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->source_dsa_address), ndr_get_array_length(ndr, &r->source_dsa_address)); + size_source_dsa_address_1 = ndr_get_array_size(ndr, &r->source_dsa_address); + length_source_dsa_address_1 = ndr_get_array_length(ndr, &r->source_dsa_address); + if (length_source_dsa_address_1 > size_source_dsa_address_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_source_dsa_address_1, length_source_dsa_address_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->source_dsa_address), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->source_dsa_address, ndr_get_array_length(ndr, &r->source_dsa_address), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_source_dsa_address_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->source_dsa_address, length_source_dsa_address_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_source_dsa_address_0, 0); } } @@ -4092,7 +4124,10 @@ static enum ndr_err_code ndr_pull_drsuapi_DsReplicaAddRequest2(struct ndr_pull * uint32_t _ptr_transport_dn; TALLOC_CTX *_mem_save_transport_dn_0; uint32_t _ptr_source_dsa_address; + uint32_t size_source_dsa_address_1 = 0; + uint32_t length_source_dsa_address_1 = 0; TALLOC_CTX *_mem_save_source_dsa_address_0; + uint32_t size_schedule_0 = 0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 5)); NDR_CHECK(ndr_pull_ref_ptr(ndr, &_ptr_naming_context)); @@ -4119,7 +4154,8 @@ static enum ndr_err_code ndr_pull_drsuapi_DsReplicaAddRequest2(struct ndr_pull * } else { r->source_dsa_address = NULL; } - NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->schedule, 84)); + size_schedule_0 = 84; + NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->schedule, size_schedule_0)); NDR_CHECK(ndr_pull_drsuapi_DsReplicaAddOptions(ndr, NDR_SCALARS, &r->options)); NDR_CHECK(ndr_pull_trailer_align(ndr, 5)); } @@ -4145,11 +4181,13 @@ static enum ndr_err_code ndr_pull_drsuapi_DsReplicaAddRequest2(struct ndr_pull * NDR_PULL_SET_MEM_CTX(ndr, r->source_dsa_address, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->source_dsa_address)); NDR_CHECK(ndr_pull_array_length(ndr, &r->source_dsa_address)); - if (ndr_get_array_length(ndr, &r->source_dsa_address) > ndr_get_array_size(ndr, &r->source_dsa_address)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->source_dsa_address), ndr_get_array_length(ndr, &r->source_dsa_address)); + size_source_dsa_address_1 = ndr_get_array_size(ndr, &r->source_dsa_address); + length_source_dsa_address_1 = ndr_get_array_length(ndr, &r->source_dsa_address); + if (length_source_dsa_address_1 > size_source_dsa_address_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_source_dsa_address_1, length_source_dsa_address_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->source_dsa_address), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->source_dsa_address, ndr_get_array_length(ndr, &r->source_dsa_address), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_source_dsa_address_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->source_dsa_address, length_source_dsa_address_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_source_dsa_address_0, 0); } } @@ -4336,6 +4374,8 @@ static enum ndr_err_code ndr_pull_drsuapi_DsReplicaDelRequest1(struct ndr_pull * uint32_t _ptr_naming_context; TALLOC_CTX *_mem_save_naming_context_0; uint32_t _ptr_source_dsa_address; + uint32_t size_source_dsa_address_1 = 0; + uint32_t length_source_dsa_address_1 = 0; TALLOC_CTX *_mem_save_source_dsa_address_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 5)); @@ -4364,11 +4404,13 @@ static enum ndr_err_code ndr_pull_drsuapi_DsReplicaDelRequest1(struct ndr_pull * NDR_PULL_SET_MEM_CTX(ndr, r->source_dsa_address, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->source_dsa_address)); NDR_CHECK(ndr_pull_array_length(ndr, &r->source_dsa_address)); - if (ndr_get_array_length(ndr, &r->source_dsa_address) > ndr_get_array_size(ndr, &r->source_dsa_address)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->source_dsa_address), ndr_get_array_length(ndr, &r->source_dsa_address)); + size_source_dsa_address_1 = ndr_get_array_size(ndr, &r->source_dsa_address); + length_source_dsa_address_1 = ndr_get_array_length(ndr, &r->source_dsa_address); + if (length_source_dsa_address_1 > size_source_dsa_address_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_source_dsa_address_1, length_source_dsa_address_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->source_dsa_address), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->source_dsa_address, ndr_get_array_length(ndr, &r->source_dsa_address), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_source_dsa_address_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->source_dsa_address, length_source_dsa_address_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_source_dsa_address_0, 0); } } @@ -4526,7 +4568,10 @@ static enum ndr_err_code ndr_pull_drsuapi_DsReplicaModRequest1(struct ndr_pull * uint32_t _ptr_naming_context; TALLOC_CTX *_mem_save_naming_context_0; uint32_t _ptr_source_dra_address; + uint32_t size_source_dra_address_1 = 0; + uint32_t length_source_dra_address_1 = 0; TALLOC_CTX *_mem_save_source_dra_address_0; + uint32_t size_schedule_0 = 0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 5)); NDR_CHECK(ndr_pull_ref_ptr(ndr, &_ptr_naming_context)); @@ -4542,7 +4587,8 @@ static enum ndr_err_code ndr_pull_drsuapi_DsReplicaModRequest1(struct ndr_pull * } else { r->source_dra_address = NULL; } - NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->schedule, 84)); + size_schedule_0 = 84; + NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->schedule, size_schedule_0)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->replica_flags)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->modify_fields)); NDR_CHECK(ndr_pull_drsuapi_DsReplicaModifyOptions(ndr, NDR_SCALARS, &r->options)); @@ -4558,11 +4604,13 @@ static enum ndr_err_code ndr_pull_drsuapi_DsReplicaModRequest1(struct ndr_pull * NDR_PULL_SET_MEM_CTX(ndr, r->source_dra_address, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->source_dra_address)); NDR_CHECK(ndr_pull_array_length(ndr, &r->source_dra_address)); - if (ndr_get_array_length(ndr, &r->source_dra_address) > ndr_get_array_size(ndr, &r->source_dra_address)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->source_dra_address), ndr_get_array_length(ndr, &r->source_dra_address)); + size_source_dra_address_1 = ndr_get_array_size(ndr, &r->source_dra_address); + length_source_dra_address_1 = ndr_get_array_length(ndr, &r->source_dra_address); + if (length_source_dra_address_1 > size_source_dra_address_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_source_dra_address_1, length_source_dra_address_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->source_dra_address), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->source_dra_address, ndr_get_array_length(ndr, &r->source_dra_address), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_source_dra_address_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->source_dra_address, length_source_dra_address_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_source_dra_address_0, 0); } } @@ -4749,15 +4797,18 @@ static enum ndr_err_code ndr_push_drsuapi_DsGetMembershipsCtr1(struct ndr_push * static enum ndr_err_code ndr_pull_drsuapi_DsGetMembershipsCtr1(struct ndr_pull *ndr, int ndr_flags, struct drsuapi_DsGetMembershipsCtr1 *r) { uint32_t _ptr_info_array; + uint32_t size_info_array_1 = 0; uint32_t cntr_info_array_1; TALLOC_CTX *_mem_save_info_array_0; TALLOC_CTX *_mem_save_info_array_1; TALLOC_CTX *_mem_save_info_array_2; uint32_t _ptr_group_attrs; + uint32_t size_group_attrs_1 = 0; uint32_t cntr_group_attrs_1; TALLOC_CTX *_mem_save_group_attrs_0; TALLOC_CTX *_mem_save_group_attrs_1; uint32_t _ptr_sids; + uint32_t size_sids_1 = 0; uint32_t cntr_sids_1; TALLOC_CTX *_mem_save_sids_0; TALLOC_CTX *_mem_save_sids_1; @@ -4798,10 +4849,11 @@ static enum ndr_err_code ndr_pull_drsuapi_DsGetMembershipsCtr1(struct ndr_pull * _mem_save_info_array_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->info_array, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->info_array)); - NDR_PULL_ALLOC_N(ndr, r->info_array, ndr_get_array_size(ndr, &r->info_array)); + size_info_array_1 = ndr_get_array_size(ndr, &r->info_array); + NDR_PULL_ALLOC_N(ndr, r->info_array, size_info_array_1); _mem_save_info_array_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->info_array, 0); - for (cntr_info_array_1 = 0; cntr_info_array_1 < r->num_memberships; cntr_info_array_1++) { + for (cntr_info_array_1 = 0; cntr_info_array_1 < size_info_array_1; cntr_info_array_1++) { NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info_array)); if (_ptr_info_array) { NDR_PULL_ALLOC(ndr, r->info_array[cntr_info_array_1]); @@ -4809,7 +4861,7 @@ static enum ndr_err_code ndr_pull_drsuapi_DsGetMembershipsCtr1(struct ndr_pull * r->info_array[cntr_info_array_1] = NULL; } } - for (cntr_info_array_1 = 0; cntr_info_array_1 < r->num_memberships; cntr_info_array_1++) { + for (cntr_info_array_1 = 0; cntr_info_array_1 < size_info_array_1; cntr_info_array_1++) { if (r->info_array[cntr_info_array_1]) { _mem_save_info_array_2 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->info_array[cntr_info_array_1], 0); @@ -4824,10 +4876,11 @@ static enum ndr_err_code ndr_pull_drsuapi_DsGetMembershipsCtr1(struct ndr_pull * _mem_save_group_attrs_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->group_attrs, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->group_attrs)); - NDR_PULL_ALLOC_N(ndr, r->group_attrs, ndr_get_array_size(ndr, &r->group_attrs)); + size_group_attrs_1 = ndr_get_array_size(ndr, &r->group_attrs); + NDR_PULL_ALLOC_N(ndr, r->group_attrs, size_group_attrs_1); _mem_save_group_attrs_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->group_attrs, 0); - for (cntr_group_attrs_1 = 0; cntr_group_attrs_1 < r->num_memberships; cntr_group_attrs_1++) { + for (cntr_group_attrs_1 = 0; cntr_group_attrs_1 < size_group_attrs_1; cntr_group_attrs_1++) { NDR_CHECK(ndr_pull_samr_GroupAttrs(ndr, NDR_SCALARS, &r->group_attrs[cntr_group_attrs_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_group_attrs_1, 0); @@ -4837,10 +4890,11 @@ static enum ndr_err_code ndr_pull_drsuapi_DsGetMembershipsCtr1(struct ndr_pull * _mem_save_sids_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->sids, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->sids)); - NDR_PULL_ALLOC_N(ndr, r->sids, ndr_get_array_size(ndr, &r->sids)); + size_sids_1 = ndr_get_array_size(ndr, &r->sids); + NDR_PULL_ALLOC_N(ndr, r->sids, size_sids_1); _mem_save_sids_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->sids, 0); - for (cntr_sids_1 = 0; cntr_sids_1 < r->num_sids; cntr_sids_1++) { + for (cntr_sids_1 = 0; cntr_sids_1 < size_sids_1; cntr_sids_1++) { NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_sids)); if (_ptr_sids) { NDR_PULL_ALLOC(ndr, r->sids[cntr_sids_1]); @@ -4848,7 +4902,7 @@ static enum ndr_err_code ndr_pull_drsuapi_DsGetMembershipsCtr1(struct ndr_pull * r->sids[cntr_sids_1] = NULL; } } - for (cntr_sids_1 = 0; cntr_sids_1 < r->num_sids; cntr_sids_1++) { + for (cntr_sids_1 = 0; cntr_sids_1 < size_sids_1; cntr_sids_1++) { if (r->sids[cntr_sids_1]) { _mem_save_sids_2 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->sids[cntr_sids_1], 0); @@ -5051,6 +5105,7 @@ static enum ndr_err_code ndr_push_drsuapi_DsGetMembershipsRequest1(struct ndr_pu static enum ndr_err_code ndr_pull_drsuapi_DsGetMembershipsRequest1(struct ndr_pull *ndr, int ndr_flags, struct drsuapi_DsGetMembershipsRequest1 *r) { uint32_t _ptr_info_array; + uint32_t size_info_array_1 = 0; uint32_t cntr_info_array_1; TALLOC_CTX *_mem_save_info_array_0; TALLOC_CTX *_mem_save_info_array_1; @@ -5084,10 +5139,11 @@ static enum ndr_err_code ndr_pull_drsuapi_DsGetMembershipsRequest1(struct ndr_pu _mem_save_info_array_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->info_array, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->info_array)); - NDR_PULL_ALLOC_N(ndr, r->info_array, ndr_get_array_size(ndr, &r->info_array)); + size_info_array_1 = ndr_get_array_size(ndr, &r->info_array); + NDR_PULL_ALLOC_N(ndr, r->info_array, size_info_array_1); _mem_save_info_array_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->info_array, 0); - for (cntr_info_array_1 = 0; cntr_info_array_1 < r->count; cntr_info_array_1++) { + for (cntr_info_array_1 = 0; cntr_info_array_1 < size_info_array_1; cntr_info_array_1++) { NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info_array)); if (_ptr_info_array) { NDR_PULL_ALLOC(ndr, r->info_array[cntr_info_array_1]); @@ -5095,7 +5151,7 @@ static enum ndr_err_code ndr_pull_drsuapi_DsGetMembershipsRequest1(struct ndr_pu r->info_array[cntr_info_array_1] = NULL; } } - for (cntr_info_array_1 = 0; cntr_info_array_1 < r->count; cntr_info_array_1++) { + for (cntr_info_array_1 = 0; cntr_info_array_1 < size_info_array_1; cntr_info_array_1++) { if (r->info_array[cntr_info_array_1]) { _mem_save_info_array_2 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->info_array[cntr_info_array_1], 0); @@ -5255,6 +5311,7 @@ static enum ndr_err_code ndr_push_drsuapi_DsGetNT4ChangeLogRequest1(struct ndr_p static enum ndr_err_code ndr_pull_drsuapi_DsGetNT4ChangeLogRequest1(struct ndr_pull *ndr, int ndr_flags, struct drsuapi_DsGetNT4ChangeLogRequest1 *r) { uint32_t _ptr_data; + uint32_t size_data_1 = 0; TALLOC_CTX *_mem_save_data_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 5)); @@ -5277,8 +5334,9 @@ static enum ndr_err_code ndr_pull_drsuapi_DsGetNT4ChangeLogRequest1(struct ndr_p _mem_save_data_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->data, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->data)); - NDR_PULL_ALLOC_N(ndr, r->data, ndr_get_array_size(ndr, &r->data)); - NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->data, ndr_get_array_size(ndr, &r->data))); + size_data_1 = ndr_get_array_size(ndr, &r->data); + NDR_PULL_ALLOC_N(ndr, r->data, size_data_1); + NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->data, size_data_1)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_data_0, 0); } if (r->data) { @@ -5414,8 +5472,10 @@ static enum ndr_err_code ndr_push_drsuapi_DsGetNT4ChangeLogInfo1(struct ndr_push static enum ndr_err_code ndr_pull_drsuapi_DsGetNT4ChangeLogInfo1(struct ndr_pull *ndr, int ndr_flags, struct drsuapi_DsGetNT4ChangeLogInfo1 *r) { uint32_t _ptr_data1; + uint32_t size_data1_1 = 0; TALLOC_CTX *_mem_save_data1_0; uint32_t _ptr_data2; + uint32_t size_data2_1 = 0; TALLOC_CTX *_mem_save_data2_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 8)); @@ -5453,16 +5513,18 @@ static enum ndr_err_code ndr_pull_drsuapi_DsGetNT4ChangeLogInfo1(struct ndr_pull _mem_save_data1_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->data1, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->data1)); - NDR_PULL_ALLOC_N(ndr, r->data1, ndr_get_array_size(ndr, &r->data1)); - NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->data1, ndr_get_array_size(ndr, &r->data1))); + size_data1_1 = ndr_get_array_size(ndr, &r->data1); + NDR_PULL_ALLOC_N(ndr, r->data1, size_data1_1); + NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->data1, size_data1_1)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_data1_0, 0); } if (r->data2) { _mem_save_data2_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->data2, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->data2)); - NDR_PULL_ALLOC_N(ndr, r->data2, ndr_get_array_size(ndr, &r->data2)); - NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->data2, ndr_get_array_size(ndr, &r->data2))); + size_data2_1 = ndr_get_array_size(ndr, &r->data2); + NDR_PULL_ALLOC_N(ndr, r->data2, size_data2_1); + NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->data2, size_data2_1)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_data2_0, 0); } if (r->data1) { @@ -5694,6 +5756,8 @@ static enum ndr_err_code ndr_push_drsuapi_DsNameString(struct ndr_push *ndr, int static enum ndr_err_code ndr_pull_drsuapi_DsNameString(struct ndr_pull *ndr, int ndr_flags, struct drsuapi_DsNameString *r) { uint32_t _ptr_str; + uint32_t size_str_1 = 0; + uint32_t length_str_1 = 0; TALLOC_CTX *_mem_save_str_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 5)); @@ -5711,11 +5775,13 @@ static enum ndr_err_code ndr_pull_drsuapi_DsNameString(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->str, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->str)); NDR_CHECK(ndr_pull_array_length(ndr, &r->str)); - if (ndr_get_array_length(ndr, &r->str) > ndr_get_array_size(ndr, &r->str)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->str), ndr_get_array_length(ndr, &r->str)); + size_str_1 = ndr_get_array_size(ndr, &r->str); + length_str_1 = ndr_get_array_length(ndr, &r->str); + if (length_str_1 > size_str_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_str_1, length_str_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->str), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->str, ndr_get_array_length(ndr, &r->str), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_str_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->str, length_str_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_str_0, 0); } } @@ -5766,6 +5832,7 @@ static enum ndr_err_code ndr_push_drsuapi_DsNameRequest1(struct ndr_push *ndr, i static enum ndr_err_code ndr_pull_drsuapi_DsNameRequest1(struct ndr_pull *ndr, int ndr_flags, struct drsuapi_DsNameRequest1 *r) { uint32_t _ptr_names; + uint32_t size_names_1 = 0; uint32_t cntr_names_1; TALLOC_CTX *_mem_save_names_0; TALLOC_CTX *_mem_save_names_1; @@ -5793,13 +5860,14 @@ static enum ndr_err_code ndr_pull_drsuapi_DsNameRequest1(struct ndr_pull *ndr, i _mem_save_names_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->names, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->names)); - NDR_PULL_ALLOC_N(ndr, r->names, ndr_get_array_size(ndr, &r->names)); + size_names_1 = ndr_get_array_size(ndr, &r->names); + NDR_PULL_ALLOC_N(ndr, r->names, size_names_1); _mem_save_names_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->names, 0); - for (cntr_names_1 = 0; cntr_names_1 < r->count; cntr_names_1++) { + for (cntr_names_1 = 0; cntr_names_1 < size_names_1; cntr_names_1++) { NDR_CHECK(ndr_pull_drsuapi_DsNameString(ndr, NDR_SCALARS, &r->names[cntr_names_1])); } - for (cntr_names_1 = 0; cntr_names_1 < r->count; cntr_names_1++) { + for (cntr_names_1 = 0; cntr_names_1 < size_names_1; cntr_names_1++) { NDR_CHECK(ndr_pull_drsuapi_DsNameString(ndr, NDR_BUFFERS, &r->names[cntr_names_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_names_1, 0); @@ -5947,8 +6015,12 @@ static enum ndr_err_code ndr_push_drsuapi_DsNameInfo1(struct ndr_push *ndr, int static enum ndr_err_code ndr_pull_drsuapi_DsNameInfo1(struct ndr_pull *ndr, int ndr_flags, struct drsuapi_DsNameInfo1 *r) { uint32_t _ptr_dns_domain_name; + uint32_t size_dns_domain_name_1 = 0; + uint32_t length_dns_domain_name_1 = 0; TALLOC_CTX *_mem_save_dns_domain_name_0; uint32_t _ptr_result_name; + uint32_t size_result_name_1 = 0; + uint32_t length_result_name_1 = 0; TALLOC_CTX *_mem_save_result_name_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 5)); @@ -5973,11 +6045,13 @@ static enum ndr_err_code ndr_pull_drsuapi_DsNameInfo1(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->dns_domain_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->dns_domain_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->dns_domain_name)); - if (ndr_get_array_length(ndr, &r->dns_domain_name) > ndr_get_array_size(ndr, &r->dns_domain_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->dns_domain_name), ndr_get_array_length(ndr, &r->dns_domain_name)); + size_dns_domain_name_1 = ndr_get_array_size(ndr, &r->dns_domain_name); + length_dns_domain_name_1 = ndr_get_array_length(ndr, &r->dns_domain_name); + if (length_dns_domain_name_1 > size_dns_domain_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_dns_domain_name_1, length_dns_domain_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->dns_domain_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->dns_domain_name, ndr_get_array_length(ndr, &r->dns_domain_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_dns_domain_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->dns_domain_name, length_dns_domain_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_dns_domain_name_0, 0); } if (r->result_name) { @@ -5985,11 +6059,13 @@ static enum ndr_err_code ndr_pull_drsuapi_DsNameInfo1(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->result_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->result_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->result_name)); - if (ndr_get_array_length(ndr, &r->result_name) > ndr_get_array_size(ndr, &r->result_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->result_name), ndr_get_array_length(ndr, &r->result_name)); + size_result_name_1 = ndr_get_array_size(ndr, &r->result_name); + length_result_name_1 = ndr_get_array_length(ndr, &r->result_name); + if (length_result_name_1 > size_result_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_result_name_1, length_result_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->result_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->result_name, ndr_get_array_length(ndr, &r->result_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_result_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->result_name, length_result_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_result_name_0, 0); } } @@ -6042,6 +6118,7 @@ static enum ndr_err_code ndr_push_drsuapi_DsNameCtr1(struct ndr_push *ndr, int n static enum ndr_err_code ndr_pull_drsuapi_DsNameCtr1(struct ndr_pull *ndr, int ndr_flags, struct drsuapi_DsNameCtr1 *r) { uint32_t _ptr_array; + uint32_t size_array_1 = 0; uint32_t cntr_array_1; TALLOC_CTX *_mem_save_array_0; TALLOC_CTX *_mem_save_array_1; @@ -6061,13 +6138,14 @@ static enum ndr_err_code ndr_pull_drsuapi_DsNameCtr1(struct ndr_pull *ndr, int n _mem_save_array_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->array)); - NDR_PULL_ALLOC_N(ndr, r->array, ndr_get_array_size(ndr, &r->array)); + size_array_1 = ndr_get_array_size(ndr, &r->array); + NDR_PULL_ALLOC_N(ndr, r->array, size_array_1); _mem_save_array_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); - for (cntr_array_1 = 0; cntr_array_1 < r->count; cntr_array_1++) { + for (cntr_array_1 = 0; cntr_array_1 < size_array_1; cntr_array_1++) { NDR_CHECK(ndr_pull_drsuapi_DsNameInfo1(ndr, NDR_SCALARS, &r->array[cntr_array_1])); } - for (cntr_array_1 = 0; cntr_array_1 < r->count; cntr_array_1++) { + for (cntr_array_1 = 0; cntr_array_1 < size_array_1; cntr_array_1++) { NDR_CHECK(ndr_pull_drsuapi_DsNameInfo1(ndr, NDR_BUFFERS, &r->array[cntr_array_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_array_1, 0); @@ -6140,6 +6218,7 @@ static enum ndr_err_code ndr_pull_drsuapi_DsNameCtr(struct ndr_pull *ndr, int nd int level; int32_t _level; TALLOC_CTX *_mem_save_ctr1_0; + uint32_t _ptr_ctr1; level = ndr_pull_get_switch_value(ndr, r); if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_int32(ndr, NDR_SCALARS, &_level)); @@ -6149,7 +6228,6 @@ static enum ndr_err_code ndr_pull_drsuapi_DsNameCtr(struct ndr_pull *ndr, int nd NDR_CHECK(ndr_pull_union_align(ndr, 5)); switch (level) { case 1: { - uint32_t _ptr_ctr1; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_ctr1)); if (_ptr_ctr1) { NDR_PULL_ALLOC(ndr, r->ctr1); @@ -6261,8 +6339,11 @@ static enum ndr_err_code ndr_push_drsuapi_DsWriteAccountSpnRequest1(struct ndr_p static enum ndr_err_code ndr_pull_drsuapi_DsWriteAccountSpnRequest1(struct ndr_pull *ndr, int ndr_flags, struct drsuapi_DsWriteAccountSpnRequest1 *r) { uint32_t _ptr_object_dn; + uint32_t size_object_dn_1 = 0; + uint32_t length_object_dn_1 = 0; TALLOC_CTX *_mem_save_object_dn_0; uint32_t _ptr_spn_names; + uint32_t size_spn_names_1 = 0; uint32_t cntr_spn_names_1; TALLOC_CTX *_mem_save_spn_names_0; TALLOC_CTX *_mem_save_spn_names_1; @@ -6294,24 +6375,27 @@ static enum ndr_err_code ndr_pull_drsuapi_DsWriteAccountSpnRequest1(struct ndr_p NDR_PULL_SET_MEM_CTX(ndr, r->object_dn, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->object_dn)); NDR_CHECK(ndr_pull_array_length(ndr, &r->object_dn)); - if (ndr_get_array_length(ndr, &r->object_dn) > ndr_get_array_size(ndr, &r->object_dn)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->object_dn), ndr_get_array_length(ndr, &r->object_dn)); + size_object_dn_1 = ndr_get_array_size(ndr, &r->object_dn); + length_object_dn_1 = ndr_get_array_length(ndr, &r->object_dn); + if (length_object_dn_1 > size_object_dn_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_object_dn_1, length_object_dn_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->object_dn), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->object_dn, ndr_get_array_length(ndr, &r->object_dn), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_object_dn_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->object_dn, length_object_dn_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_object_dn_0, 0); } if (r->spn_names) { _mem_save_spn_names_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->spn_names, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->spn_names)); - NDR_PULL_ALLOC_N(ndr, r->spn_names, ndr_get_array_size(ndr, &r->spn_names)); + size_spn_names_1 = ndr_get_array_size(ndr, &r->spn_names); + NDR_PULL_ALLOC_N(ndr, r->spn_names, size_spn_names_1); _mem_save_spn_names_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->spn_names, 0); - for (cntr_spn_names_1 = 0; cntr_spn_names_1 < r->count; cntr_spn_names_1++) { + for (cntr_spn_names_1 = 0; cntr_spn_names_1 < size_spn_names_1; cntr_spn_names_1++) { NDR_CHECK(ndr_pull_drsuapi_DsNameString(ndr, NDR_SCALARS, &r->spn_names[cntr_spn_names_1])); } - for (cntr_spn_names_1 = 0; cntr_spn_names_1 < r->count; cntr_spn_names_1++) { + for (cntr_spn_names_1 = 0; cntr_spn_names_1 < size_spn_names_1; cntr_spn_names_1++) { NDR_CHECK(ndr_pull_drsuapi_DsNameString(ndr, NDR_BUFFERS, &r->spn_names[cntr_spn_names_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_spn_names_1, 0); @@ -6569,8 +6653,12 @@ static enum ndr_err_code ndr_push_drsuapi_DsRemoveDSServerRequest1(struct ndr_pu static enum ndr_err_code ndr_pull_drsuapi_DsRemoveDSServerRequest1(struct ndr_pull *ndr, int ndr_flags, struct drsuapi_DsRemoveDSServerRequest1 *r) { uint32_t _ptr_server_dn; + uint32_t size_server_dn_1 = 0; + uint32_t length_server_dn_1 = 0; TALLOC_CTX *_mem_save_server_dn_0; uint32_t _ptr_domain_dn; + uint32_t size_domain_dn_1 = 0; + uint32_t length_domain_dn_1 = 0; TALLOC_CTX *_mem_save_domain_dn_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 5)); @@ -6595,11 +6683,13 @@ static enum ndr_err_code ndr_pull_drsuapi_DsRemoveDSServerRequest1(struct ndr_pu NDR_PULL_SET_MEM_CTX(ndr, r->server_dn, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->server_dn)); NDR_CHECK(ndr_pull_array_length(ndr, &r->server_dn)); - if (ndr_get_array_length(ndr, &r->server_dn) > ndr_get_array_size(ndr, &r->server_dn)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->server_dn), ndr_get_array_length(ndr, &r->server_dn)); + size_server_dn_1 = ndr_get_array_size(ndr, &r->server_dn); + length_server_dn_1 = ndr_get_array_length(ndr, &r->server_dn); + if (length_server_dn_1 > size_server_dn_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_dn_1, length_server_dn_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->server_dn), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->server_dn, ndr_get_array_length(ndr, &r->server_dn), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_dn_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->server_dn, length_server_dn_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_dn_0, 0); } if (r->domain_dn) { @@ -6607,11 +6697,13 @@ static enum ndr_err_code ndr_pull_drsuapi_DsRemoveDSServerRequest1(struct ndr_pu NDR_PULL_SET_MEM_CTX(ndr, r->domain_dn, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->domain_dn)); NDR_CHECK(ndr_pull_array_length(ndr, &r->domain_dn)); - if (ndr_get_array_length(ndr, &r->domain_dn) > ndr_get_array_size(ndr, &r->domain_dn)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->domain_dn), ndr_get_array_length(ndr, &r->domain_dn)); + size_domain_dn_1 = ndr_get_array_size(ndr, &r->domain_dn); + length_domain_dn_1 = ndr_get_array_length(ndr, &r->domain_dn); + if (length_domain_dn_1 > size_domain_dn_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_domain_dn_1, length_domain_dn_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->domain_dn), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->domain_dn, ndr_get_array_length(ndr, &r->domain_dn), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_domain_dn_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->domain_dn, length_domain_dn_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_domain_dn_0, 0); } } @@ -6844,6 +6936,8 @@ static enum ndr_err_code ndr_push_drsuapi_DsGetDCInfoRequest1(struct ndr_push *n static enum ndr_err_code ndr_pull_drsuapi_DsGetDCInfoRequest1(struct ndr_pull *ndr, int ndr_flags, struct drsuapi_DsGetDCInfoRequest1 *r) { uint32_t _ptr_domain_name; + uint32_t size_domain_name_1 = 0; + uint32_t length_domain_name_1 = 0; TALLOC_CTX *_mem_save_domain_name_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 5)); @@ -6862,11 +6956,13 @@ static enum ndr_err_code ndr_pull_drsuapi_DsGetDCInfoRequest1(struct ndr_pull *n NDR_PULL_SET_MEM_CTX(ndr, r->domain_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->domain_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->domain_name)); - if (ndr_get_array_length(ndr, &r->domain_name) > ndr_get_array_size(ndr, &r->domain_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->domain_name), ndr_get_array_length(ndr, &r->domain_name)); + size_domain_name_1 = ndr_get_array_size(ndr, &r->domain_name); + length_domain_name_1 = ndr_get_array_length(ndr, &r->domain_name); + if (length_domain_name_1 > size_domain_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_domain_name_1, length_domain_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->domain_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->domain_name, ndr_get_array_length(ndr, &r->domain_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_domain_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->domain_name, length_domain_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_domain_name_0, 0); } } @@ -7015,14 +7111,24 @@ static enum ndr_err_code ndr_push_drsuapi_DsGetDCInfo1(struct ndr_push *ndr, int static enum ndr_err_code ndr_pull_drsuapi_DsGetDCInfo1(struct ndr_pull *ndr, int ndr_flags, struct drsuapi_DsGetDCInfo1 *r) { uint32_t _ptr_netbios_name; + uint32_t size_netbios_name_1 = 0; + uint32_t length_netbios_name_1 = 0; TALLOC_CTX *_mem_save_netbios_name_0; uint32_t _ptr_dns_name; + uint32_t size_dns_name_1 = 0; + uint32_t length_dns_name_1 = 0; TALLOC_CTX *_mem_save_dns_name_0; uint32_t _ptr_site_name; + uint32_t size_site_name_1 = 0; + uint32_t length_site_name_1 = 0; TALLOC_CTX *_mem_save_site_name_0; uint32_t _ptr_computer_dn; + uint32_t size_computer_dn_1 = 0; + uint32_t length_computer_dn_1 = 0; TALLOC_CTX *_mem_save_computer_dn_0; uint32_t _ptr_server_dn; + uint32_t size_server_dn_1 = 0; + uint32_t length_server_dn_1 = 0; TALLOC_CTX *_mem_save_server_dn_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 5)); @@ -7066,11 +7172,13 @@ static enum ndr_err_code ndr_pull_drsuapi_DsGetDCInfo1(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->netbios_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->netbios_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->netbios_name)); - if (ndr_get_array_length(ndr, &r->netbios_name) > ndr_get_array_size(ndr, &r->netbios_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->netbios_name), ndr_get_array_length(ndr, &r->netbios_name)); + size_netbios_name_1 = ndr_get_array_size(ndr, &r->netbios_name); + length_netbios_name_1 = ndr_get_array_length(ndr, &r->netbios_name); + if (length_netbios_name_1 > size_netbios_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_netbios_name_1, length_netbios_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->netbios_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->netbios_name, ndr_get_array_length(ndr, &r->netbios_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_netbios_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->netbios_name, length_netbios_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_netbios_name_0, 0); } if (r->dns_name) { @@ -7078,11 +7186,13 @@ static enum ndr_err_code ndr_pull_drsuapi_DsGetDCInfo1(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->dns_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->dns_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->dns_name)); - if (ndr_get_array_length(ndr, &r->dns_name) > ndr_get_array_size(ndr, &r->dns_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->dns_name), ndr_get_array_length(ndr, &r->dns_name)); + size_dns_name_1 = ndr_get_array_size(ndr, &r->dns_name); + length_dns_name_1 = ndr_get_array_length(ndr, &r->dns_name); + if (length_dns_name_1 > size_dns_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_dns_name_1, length_dns_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->dns_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->dns_name, ndr_get_array_length(ndr, &r->dns_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_dns_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->dns_name, length_dns_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_dns_name_0, 0); } if (r->site_name) { @@ -7090,11 +7200,13 @@ static enum ndr_err_code ndr_pull_drsuapi_DsGetDCInfo1(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->site_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->site_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->site_name)); - if (ndr_get_array_length(ndr, &r->site_name) > ndr_get_array_size(ndr, &r->site_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->site_name), ndr_get_array_length(ndr, &r->site_name)); + size_site_name_1 = ndr_get_array_size(ndr, &r->site_name); + length_site_name_1 = ndr_get_array_length(ndr, &r->site_name); + if (length_site_name_1 > size_site_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_site_name_1, length_site_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->site_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->site_name, ndr_get_array_length(ndr, &r->site_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_site_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->site_name, length_site_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_site_name_0, 0); } if (r->computer_dn) { @@ -7102,11 +7214,13 @@ static enum ndr_err_code ndr_pull_drsuapi_DsGetDCInfo1(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->computer_dn, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->computer_dn)); NDR_CHECK(ndr_pull_array_length(ndr, &r->computer_dn)); - if (ndr_get_array_length(ndr, &r->computer_dn) > ndr_get_array_size(ndr, &r->computer_dn)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->computer_dn), ndr_get_array_length(ndr, &r->computer_dn)); + size_computer_dn_1 = ndr_get_array_size(ndr, &r->computer_dn); + length_computer_dn_1 = ndr_get_array_length(ndr, &r->computer_dn); + if (length_computer_dn_1 > size_computer_dn_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_computer_dn_1, length_computer_dn_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->computer_dn), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->computer_dn, ndr_get_array_length(ndr, &r->computer_dn), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_computer_dn_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->computer_dn, length_computer_dn_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_computer_dn_0, 0); } if (r->server_dn) { @@ -7114,11 +7228,13 @@ static enum ndr_err_code ndr_pull_drsuapi_DsGetDCInfo1(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->server_dn, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->server_dn)); NDR_CHECK(ndr_pull_array_length(ndr, &r->server_dn)); - if (ndr_get_array_length(ndr, &r->server_dn) > ndr_get_array_size(ndr, &r->server_dn)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->server_dn), ndr_get_array_length(ndr, &r->server_dn)); + size_server_dn_1 = ndr_get_array_size(ndr, &r->server_dn); + length_server_dn_1 = ndr_get_array_length(ndr, &r->server_dn); + if (length_server_dn_1 > size_server_dn_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_dn_1, length_server_dn_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->server_dn), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->server_dn, ndr_get_array_length(ndr, &r->server_dn), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_dn_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->server_dn, length_server_dn_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_dn_0, 0); } } @@ -7190,6 +7306,7 @@ static enum ndr_err_code ndr_push_drsuapi_DsGetDCInfoCtr1(struct ndr_push *ndr, static enum ndr_err_code ndr_pull_drsuapi_DsGetDCInfoCtr1(struct ndr_pull *ndr, int ndr_flags, struct drsuapi_DsGetDCInfoCtr1 *r) { uint32_t _ptr_array; + uint32_t size_array_1 = 0; uint32_t cntr_array_1; TALLOC_CTX *_mem_save_array_0; TALLOC_CTX *_mem_save_array_1; @@ -7212,13 +7329,14 @@ static enum ndr_err_code ndr_pull_drsuapi_DsGetDCInfoCtr1(struct ndr_pull *ndr, _mem_save_array_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->array)); - NDR_PULL_ALLOC_N(ndr, r->array, ndr_get_array_size(ndr, &r->array)); + size_array_1 = ndr_get_array_size(ndr, &r->array); + NDR_PULL_ALLOC_N(ndr, r->array, size_array_1); _mem_save_array_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); - for (cntr_array_1 = 0; cntr_array_1 < r->count; cntr_array_1++) { + for (cntr_array_1 = 0; cntr_array_1 < size_array_1; cntr_array_1++) { NDR_CHECK(ndr_pull_drsuapi_DsGetDCInfo1(ndr, NDR_SCALARS, &r->array[cntr_array_1])); } - for (cntr_array_1 = 0; cntr_array_1 < r->count; cntr_array_1++) { + for (cntr_array_1 = 0; cntr_array_1 < size_array_1; cntr_array_1++) { NDR_CHECK(ndr_pull_drsuapi_DsGetDCInfo1(ndr, NDR_BUFFERS, &r->array[cntr_array_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_array_1, 0); @@ -7325,18 +7443,32 @@ static enum ndr_err_code ndr_push_drsuapi_DsGetDCInfo2(struct ndr_push *ndr, int static enum ndr_err_code ndr_pull_drsuapi_DsGetDCInfo2(struct ndr_pull *ndr, int ndr_flags, struct drsuapi_DsGetDCInfo2 *r) { uint32_t _ptr_netbios_name; + uint32_t size_netbios_name_1 = 0; + uint32_t length_netbios_name_1 = 0; TALLOC_CTX *_mem_save_netbios_name_0; uint32_t _ptr_dns_name; + uint32_t size_dns_name_1 = 0; + uint32_t length_dns_name_1 = 0; TALLOC_CTX *_mem_save_dns_name_0; uint32_t _ptr_site_name; + uint32_t size_site_name_1 = 0; + uint32_t length_site_name_1 = 0; TALLOC_CTX *_mem_save_site_name_0; uint32_t _ptr_site_dn; + uint32_t size_site_dn_1 = 0; + uint32_t length_site_dn_1 = 0; TALLOC_CTX *_mem_save_site_dn_0; uint32_t _ptr_computer_dn; + uint32_t size_computer_dn_1 = 0; + uint32_t length_computer_dn_1 = 0; TALLOC_CTX *_mem_save_computer_dn_0; uint32_t _ptr_server_dn; + uint32_t size_server_dn_1 = 0; + uint32_t length_server_dn_1 = 0; TALLOC_CTX *_mem_save_server_dn_0; uint32_t _ptr_ntds_dn; + uint32_t size_ntds_dn_1 = 0; + uint32_t length_ntds_dn_1 = 0; TALLOC_CTX *_mem_save_ntds_dn_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 5)); @@ -7397,11 +7529,13 @@ static enum ndr_err_code ndr_pull_drsuapi_DsGetDCInfo2(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->netbios_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->netbios_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->netbios_name)); - if (ndr_get_array_length(ndr, &r->netbios_name) > ndr_get_array_size(ndr, &r->netbios_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->netbios_name), ndr_get_array_length(ndr, &r->netbios_name)); + size_netbios_name_1 = ndr_get_array_size(ndr, &r->netbios_name); + length_netbios_name_1 = ndr_get_array_length(ndr, &r->netbios_name); + if (length_netbios_name_1 > size_netbios_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_netbios_name_1, length_netbios_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->netbios_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->netbios_name, ndr_get_array_length(ndr, &r->netbios_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_netbios_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->netbios_name, length_netbios_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_netbios_name_0, 0); } if (r->dns_name) { @@ -7409,11 +7543,13 @@ static enum ndr_err_code ndr_pull_drsuapi_DsGetDCInfo2(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->dns_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->dns_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->dns_name)); - if (ndr_get_array_length(ndr, &r->dns_name) > ndr_get_array_size(ndr, &r->dns_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->dns_name), ndr_get_array_length(ndr, &r->dns_name)); + size_dns_name_1 = ndr_get_array_size(ndr, &r->dns_name); + length_dns_name_1 = ndr_get_array_length(ndr, &r->dns_name); + if (length_dns_name_1 > size_dns_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_dns_name_1, length_dns_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->dns_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->dns_name, ndr_get_array_length(ndr, &r->dns_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_dns_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->dns_name, length_dns_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_dns_name_0, 0); } if (r->site_name) { @@ -7421,11 +7557,13 @@ static enum ndr_err_code ndr_pull_drsuapi_DsGetDCInfo2(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->site_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->site_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->site_name)); - if (ndr_get_array_length(ndr, &r->site_name) > ndr_get_array_size(ndr, &r->site_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->site_name), ndr_get_array_length(ndr, &r->site_name)); + size_site_name_1 = ndr_get_array_size(ndr, &r->site_name); + length_site_name_1 = ndr_get_array_length(ndr, &r->site_name); + if (length_site_name_1 > size_site_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_site_name_1, length_site_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->site_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->site_name, ndr_get_array_length(ndr, &r->site_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_site_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->site_name, length_site_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_site_name_0, 0); } if (r->site_dn) { @@ -7433,11 +7571,13 @@ static enum ndr_err_code ndr_pull_drsuapi_DsGetDCInfo2(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->site_dn, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->site_dn)); NDR_CHECK(ndr_pull_array_length(ndr, &r->site_dn)); - if (ndr_get_array_length(ndr, &r->site_dn) > ndr_get_array_size(ndr, &r->site_dn)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->site_dn), ndr_get_array_length(ndr, &r->site_dn)); + size_site_dn_1 = ndr_get_array_size(ndr, &r->site_dn); + length_site_dn_1 = ndr_get_array_length(ndr, &r->site_dn); + if (length_site_dn_1 > size_site_dn_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_site_dn_1, length_site_dn_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->site_dn), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->site_dn, ndr_get_array_length(ndr, &r->site_dn), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_site_dn_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->site_dn, length_site_dn_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_site_dn_0, 0); } if (r->computer_dn) { @@ -7445,11 +7585,13 @@ static enum ndr_err_code ndr_pull_drsuapi_DsGetDCInfo2(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->computer_dn, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->computer_dn)); NDR_CHECK(ndr_pull_array_length(ndr, &r->computer_dn)); - if (ndr_get_array_length(ndr, &r->computer_dn) > ndr_get_array_size(ndr, &r->computer_dn)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->computer_dn), ndr_get_array_length(ndr, &r->computer_dn)); + size_computer_dn_1 = ndr_get_array_size(ndr, &r->computer_dn); + length_computer_dn_1 = ndr_get_array_length(ndr, &r->computer_dn); + if (length_computer_dn_1 > size_computer_dn_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_computer_dn_1, length_computer_dn_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->computer_dn), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->computer_dn, ndr_get_array_length(ndr, &r->computer_dn), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_computer_dn_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->computer_dn, length_computer_dn_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_computer_dn_0, 0); } if (r->server_dn) { @@ -7457,11 +7599,13 @@ static enum ndr_err_code ndr_pull_drsuapi_DsGetDCInfo2(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->server_dn, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->server_dn)); NDR_CHECK(ndr_pull_array_length(ndr, &r->server_dn)); - if (ndr_get_array_length(ndr, &r->server_dn) > ndr_get_array_size(ndr, &r->server_dn)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->server_dn), ndr_get_array_length(ndr, &r->server_dn)); + size_server_dn_1 = ndr_get_array_size(ndr, &r->server_dn); + length_server_dn_1 = ndr_get_array_length(ndr, &r->server_dn); + if (length_server_dn_1 > size_server_dn_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_dn_1, length_server_dn_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->server_dn), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->server_dn, ndr_get_array_length(ndr, &r->server_dn), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_dn_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->server_dn, length_server_dn_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_dn_0, 0); } if (r->ntds_dn) { @@ -7469,11 +7613,13 @@ static enum ndr_err_code ndr_pull_drsuapi_DsGetDCInfo2(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->ntds_dn, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->ntds_dn)); NDR_CHECK(ndr_pull_array_length(ndr, &r->ntds_dn)); - if (ndr_get_array_length(ndr, &r->ntds_dn) > ndr_get_array_size(ndr, &r->ntds_dn)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->ntds_dn), ndr_get_array_length(ndr, &r->ntds_dn)); + size_ntds_dn_1 = ndr_get_array_size(ndr, &r->ntds_dn); + length_ntds_dn_1 = ndr_get_array_length(ndr, &r->ntds_dn); + if (length_ntds_dn_1 > size_ntds_dn_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_ntds_dn_1, length_ntds_dn_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->ntds_dn), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->ntds_dn, ndr_get_array_length(ndr, &r->ntds_dn), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_ntds_dn_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->ntds_dn, length_ntds_dn_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_ntds_dn_0, 0); } } @@ -7562,6 +7708,7 @@ static enum ndr_err_code ndr_push_drsuapi_DsGetDCInfoCtr2(struct ndr_push *ndr, static enum ndr_err_code ndr_pull_drsuapi_DsGetDCInfoCtr2(struct ndr_pull *ndr, int ndr_flags, struct drsuapi_DsGetDCInfoCtr2 *r) { uint32_t _ptr_array; + uint32_t size_array_1 = 0; uint32_t cntr_array_1; TALLOC_CTX *_mem_save_array_0; TALLOC_CTX *_mem_save_array_1; @@ -7584,13 +7731,14 @@ static enum ndr_err_code ndr_pull_drsuapi_DsGetDCInfoCtr2(struct ndr_pull *ndr, _mem_save_array_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->array)); - NDR_PULL_ALLOC_N(ndr, r->array, ndr_get_array_size(ndr, &r->array)); + size_array_1 = ndr_get_array_size(ndr, &r->array); + NDR_PULL_ALLOC_N(ndr, r->array, size_array_1); _mem_save_array_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); - for (cntr_array_1 = 0; cntr_array_1 < r->count; cntr_array_1++) { + for (cntr_array_1 = 0; cntr_array_1 < size_array_1; cntr_array_1++) { NDR_CHECK(ndr_pull_drsuapi_DsGetDCInfo2(ndr, NDR_SCALARS, &r->array[cntr_array_1])); } - for (cntr_array_1 = 0; cntr_array_1 < r->count; cntr_array_1++) { + for (cntr_array_1 = 0; cntr_array_1 < size_array_1; cntr_array_1++) { NDR_CHECK(ndr_pull_drsuapi_DsGetDCInfo2(ndr, NDR_BUFFERS, &r->array[cntr_array_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_array_1, 0); @@ -7698,18 +7846,32 @@ static enum ndr_err_code ndr_push_drsuapi_DsGetDCInfo3(struct ndr_push *ndr, int static enum ndr_err_code ndr_pull_drsuapi_DsGetDCInfo3(struct ndr_pull *ndr, int ndr_flags, struct drsuapi_DsGetDCInfo3 *r) { uint32_t _ptr_netbios_name; + uint32_t size_netbios_name_1 = 0; + uint32_t length_netbios_name_1 = 0; TALLOC_CTX *_mem_save_netbios_name_0; uint32_t _ptr_dns_name; + uint32_t size_dns_name_1 = 0; + uint32_t length_dns_name_1 = 0; TALLOC_CTX *_mem_save_dns_name_0; uint32_t _ptr_site_name; + uint32_t size_site_name_1 = 0; + uint32_t length_site_name_1 = 0; TALLOC_CTX *_mem_save_site_name_0; uint32_t _ptr_site_dn; + uint32_t size_site_dn_1 = 0; + uint32_t length_site_dn_1 = 0; TALLOC_CTX *_mem_save_site_dn_0; uint32_t _ptr_computer_dn; + uint32_t size_computer_dn_1 = 0; + uint32_t length_computer_dn_1 = 0; TALLOC_CTX *_mem_save_computer_dn_0; uint32_t _ptr_server_dn; + uint32_t size_server_dn_1 = 0; + uint32_t length_server_dn_1 = 0; TALLOC_CTX *_mem_save_server_dn_0; uint32_t _ptr_ntds_dn; + uint32_t size_ntds_dn_1 = 0; + uint32_t length_ntds_dn_1 = 0; TALLOC_CTX *_mem_save_ntds_dn_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 5)); @@ -7771,11 +7933,13 @@ static enum ndr_err_code ndr_pull_drsuapi_DsGetDCInfo3(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->netbios_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->netbios_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->netbios_name)); - if (ndr_get_array_length(ndr, &r->netbios_name) > ndr_get_array_size(ndr, &r->netbios_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->netbios_name), ndr_get_array_length(ndr, &r->netbios_name)); + size_netbios_name_1 = ndr_get_array_size(ndr, &r->netbios_name); + length_netbios_name_1 = ndr_get_array_length(ndr, &r->netbios_name); + if (length_netbios_name_1 > size_netbios_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_netbios_name_1, length_netbios_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->netbios_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->netbios_name, ndr_get_array_length(ndr, &r->netbios_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_netbios_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->netbios_name, length_netbios_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_netbios_name_0, 0); } if (r->dns_name) { @@ -7783,11 +7947,13 @@ static enum ndr_err_code ndr_pull_drsuapi_DsGetDCInfo3(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->dns_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->dns_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->dns_name)); - if (ndr_get_array_length(ndr, &r->dns_name) > ndr_get_array_size(ndr, &r->dns_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->dns_name), ndr_get_array_length(ndr, &r->dns_name)); + size_dns_name_1 = ndr_get_array_size(ndr, &r->dns_name); + length_dns_name_1 = ndr_get_array_length(ndr, &r->dns_name); + if (length_dns_name_1 > size_dns_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_dns_name_1, length_dns_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->dns_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->dns_name, ndr_get_array_length(ndr, &r->dns_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_dns_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->dns_name, length_dns_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_dns_name_0, 0); } if (r->site_name) { @@ -7795,11 +7961,13 @@ static enum ndr_err_code ndr_pull_drsuapi_DsGetDCInfo3(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->site_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->site_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->site_name)); - if (ndr_get_array_length(ndr, &r->site_name) > ndr_get_array_size(ndr, &r->site_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->site_name), ndr_get_array_length(ndr, &r->site_name)); + size_site_name_1 = ndr_get_array_size(ndr, &r->site_name); + length_site_name_1 = ndr_get_array_length(ndr, &r->site_name); + if (length_site_name_1 > size_site_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_site_name_1, length_site_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->site_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->site_name, ndr_get_array_length(ndr, &r->site_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_site_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->site_name, length_site_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_site_name_0, 0); } if (r->site_dn) { @@ -7807,11 +7975,13 @@ static enum ndr_err_code ndr_pull_drsuapi_DsGetDCInfo3(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->site_dn, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->site_dn)); NDR_CHECK(ndr_pull_array_length(ndr, &r->site_dn)); - if (ndr_get_array_length(ndr, &r->site_dn) > ndr_get_array_size(ndr, &r->site_dn)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->site_dn), ndr_get_array_length(ndr, &r->site_dn)); + size_site_dn_1 = ndr_get_array_size(ndr, &r->site_dn); + length_site_dn_1 = ndr_get_array_length(ndr, &r->site_dn); + if (length_site_dn_1 > size_site_dn_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_site_dn_1, length_site_dn_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->site_dn), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->site_dn, ndr_get_array_length(ndr, &r->site_dn), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_site_dn_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->site_dn, length_site_dn_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_site_dn_0, 0); } if (r->computer_dn) { @@ -7819,11 +7989,13 @@ static enum ndr_err_code ndr_pull_drsuapi_DsGetDCInfo3(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->computer_dn, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->computer_dn)); NDR_CHECK(ndr_pull_array_length(ndr, &r->computer_dn)); - if (ndr_get_array_length(ndr, &r->computer_dn) > ndr_get_array_size(ndr, &r->computer_dn)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->computer_dn), ndr_get_array_length(ndr, &r->computer_dn)); + size_computer_dn_1 = ndr_get_array_size(ndr, &r->computer_dn); + length_computer_dn_1 = ndr_get_array_length(ndr, &r->computer_dn); + if (length_computer_dn_1 > size_computer_dn_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_computer_dn_1, length_computer_dn_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->computer_dn), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->computer_dn, ndr_get_array_length(ndr, &r->computer_dn), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_computer_dn_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->computer_dn, length_computer_dn_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_computer_dn_0, 0); } if (r->server_dn) { @@ -7831,11 +8003,13 @@ static enum ndr_err_code ndr_pull_drsuapi_DsGetDCInfo3(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->server_dn, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->server_dn)); NDR_CHECK(ndr_pull_array_length(ndr, &r->server_dn)); - if (ndr_get_array_length(ndr, &r->server_dn) > ndr_get_array_size(ndr, &r->server_dn)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->server_dn), ndr_get_array_length(ndr, &r->server_dn)); + size_server_dn_1 = ndr_get_array_size(ndr, &r->server_dn); + length_server_dn_1 = ndr_get_array_length(ndr, &r->server_dn); + if (length_server_dn_1 > size_server_dn_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_dn_1, length_server_dn_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->server_dn), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->server_dn, ndr_get_array_length(ndr, &r->server_dn), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_dn_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->server_dn, length_server_dn_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_dn_0, 0); } if (r->ntds_dn) { @@ -7843,11 +8017,13 @@ static enum ndr_err_code ndr_pull_drsuapi_DsGetDCInfo3(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->ntds_dn, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->ntds_dn)); NDR_CHECK(ndr_pull_array_length(ndr, &r->ntds_dn)); - if (ndr_get_array_length(ndr, &r->ntds_dn) > ndr_get_array_size(ndr, &r->ntds_dn)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->ntds_dn), ndr_get_array_length(ndr, &r->ntds_dn)); + size_ntds_dn_1 = ndr_get_array_size(ndr, &r->ntds_dn); + length_ntds_dn_1 = ndr_get_array_length(ndr, &r->ntds_dn); + if (length_ntds_dn_1 > size_ntds_dn_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_ntds_dn_1, length_ntds_dn_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->ntds_dn), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->ntds_dn, ndr_get_array_length(ndr, &r->ntds_dn), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_ntds_dn_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->ntds_dn, length_ntds_dn_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_ntds_dn_0, 0); } } @@ -7937,6 +8113,7 @@ static enum ndr_err_code ndr_push_drsuapi_DsGetDCInfoCtr3(struct ndr_push *ndr, static enum ndr_err_code ndr_pull_drsuapi_DsGetDCInfoCtr3(struct ndr_pull *ndr, int ndr_flags, struct drsuapi_DsGetDCInfoCtr3 *r) { uint32_t _ptr_array; + uint32_t size_array_1 = 0; uint32_t cntr_array_1; TALLOC_CTX *_mem_save_array_0; TALLOC_CTX *_mem_save_array_1; @@ -7959,13 +8136,14 @@ static enum ndr_err_code ndr_pull_drsuapi_DsGetDCInfoCtr3(struct ndr_pull *ndr, _mem_save_array_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->array)); - NDR_PULL_ALLOC_N(ndr, r->array, ndr_get_array_size(ndr, &r->array)); + size_array_1 = ndr_get_array_size(ndr, &r->array); + NDR_PULL_ALLOC_N(ndr, r->array, size_array_1); _mem_save_array_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); - for (cntr_array_1 = 0; cntr_array_1 < r->count; cntr_array_1++) { + for (cntr_array_1 = 0; cntr_array_1 < size_array_1; cntr_array_1++) { NDR_CHECK(ndr_pull_drsuapi_DsGetDCInfo3(ndr, NDR_SCALARS, &r->array[cntr_array_1])); } - for (cntr_array_1 = 0; cntr_array_1 < r->count; cntr_array_1++) { + for (cntr_array_1 = 0; cntr_array_1 < size_array_1; cntr_array_1++) { NDR_CHECK(ndr_pull_drsuapi_DsGetDCInfo3(ndr, NDR_BUFFERS, &r->array[cntr_array_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_array_1, 0); @@ -8034,6 +8212,8 @@ static enum ndr_err_code ndr_push_drsuapi_DsGetDCConnection01(struct ndr_push *n static enum ndr_err_code ndr_pull_drsuapi_DsGetDCConnection01(struct ndr_pull *ndr, int ndr_flags, struct drsuapi_DsGetDCConnection01 *r) { uint32_t _ptr_client_account; + uint32_t size_client_account_1 = 0; + uint32_t length_client_account_1 = 0; TALLOC_CTX *_mem_save_client_account_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 5)); @@ -8062,11 +8242,13 @@ static enum ndr_err_code ndr_pull_drsuapi_DsGetDCConnection01(struct ndr_pull *n NDR_PULL_SET_MEM_CTX(ndr, r->client_account, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->client_account)); NDR_CHECK(ndr_pull_array_length(ndr, &r->client_account)); - if (ndr_get_array_length(ndr, &r->client_account) > ndr_get_array_size(ndr, &r->client_account)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->client_account), ndr_get_array_length(ndr, &r->client_account)); + size_client_account_1 = ndr_get_array_size(ndr, &r->client_account); + length_client_account_1 = ndr_get_array_length(ndr, &r->client_account); + if (length_client_account_1 > size_client_account_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_client_account_1, length_client_account_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->client_account), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->client_account, ndr_get_array_length(ndr, &r->client_account), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_client_account_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->client_account, length_client_account_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_client_account_0, 0); } } @@ -8118,6 +8300,7 @@ static enum ndr_err_code ndr_push_drsuapi_DsGetDCConnectionCtr01(struct ndr_push static enum ndr_err_code ndr_pull_drsuapi_DsGetDCConnectionCtr01(struct ndr_pull *ndr, int ndr_flags, struct drsuapi_DsGetDCConnectionCtr01 *r) { uint32_t _ptr_array; + uint32_t size_array_1 = 0; uint32_t cntr_array_1; TALLOC_CTX *_mem_save_array_0; TALLOC_CTX *_mem_save_array_1; @@ -8140,13 +8323,14 @@ static enum ndr_err_code ndr_pull_drsuapi_DsGetDCConnectionCtr01(struct ndr_pull _mem_save_array_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->array)); - NDR_PULL_ALLOC_N(ndr, r->array, ndr_get_array_size(ndr, &r->array)); + size_array_1 = ndr_get_array_size(ndr, &r->array); + NDR_PULL_ALLOC_N(ndr, r->array, size_array_1); _mem_save_array_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); - for (cntr_array_1 = 0; cntr_array_1 < r->count; cntr_array_1++) { + for (cntr_array_1 = 0; cntr_array_1 < size_array_1; cntr_array_1++) { NDR_CHECK(ndr_pull_drsuapi_DsGetDCConnection01(ndr, NDR_SCALARS, &r->array[cntr_array_1])); } - for (cntr_array_1 = 0; cntr_array_1 < r->count; cntr_array_1++) { + for (cntr_array_1 = 0; cntr_array_1 < size_array_1; cntr_array_1++) { NDR_CHECK(ndr_pull_drsuapi_DsGetDCConnection01(ndr, NDR_BUFFERS, &r->array[cntr_array_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_array_1, 0); @@ -8536,6 +8720,7 @@ static enum ndr_err_code ndr_push_drsuapi_DsAddEntryExtraErrorBuffer(struct ndr_ static enum ndr_err_code ndr_pull_drsuapi_DsAddEntryExtraErrorBuffer(struct ndr_pull *ndr, int ndr_flags, struct drsuapi_DsAddEntryExtraErrorBuffer *r) { uint32_t _ptr_data; + uint32_t size_data_1 = 0; TALLOC_CTX *_mem_save_data_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 5)); @@ -8556,8 +8741,9 @@ static enum ndr_err_code ndr_pull_drsuapi_DsAddEntryExtraErrorBuffer(struct ndr_ _mem_save_data_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->data, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->data)); - NDR_PULL_ALLOC_N(ndr, r->data, ndr_get_array_size(ndr, &r->data)); - NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->data, ndr_get_array_size(ndr, &r->data))); + size_data_1 = ndr_get_array_size(ndr, &r->data); + NDR_PULL_ALLOC_N(ndr, r->data, size_data_1); + NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->data, size_data_1)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_data_0, 0); } if (r->data) { @@ -9102,6 +9288,7 @@ static enum ndr_err_code ndr_pull_drsuapi_DsAddEntryCtr2(struct ndr_pull *ndr, i uint32_t _ptr_id; TALLOC_CTX *_mem_save_id_0; uint32_t _ptr_objects; + uint32_t size_objects_1 = 0; uint32_t cntr_objects_1; TALLOC_CTX *_mem_save_objects_0; TALLOC_CTX *_mem_save_objects_1; @@ -9138,13 +9325,14 @@ static enum ndr_err_code ndr_pull_drsuapi_DsAddEntryCtr2(struct ndr_pull *ndr, i _mem_save_objects_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->objects, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->objects)); - NDR_PULL_ALLOC_N(ndr, r->objects, ndr_get_array_size(ndr, &r->objects)); + size_objects_1 = ndr_get_array_size(ndr, &r->objects); + NDR_PULL_ALLOC_N(ndr, r->objects, size_objects_1); _mem_save_objects_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->objects, 0); - for (cntr_objects_1 = 0; cntr_objects_1 < r->count; cntr_objects_1++) { + for (cntr_objects_1 = 0; cntr_objects_1 < size_objects_1; cntr_objects_1++) { NDR_CHECK(ndr_pull_drsuapi_DsReplicaObjectIdentifier2(ndr, NDR_SCALARS, &r->objects[cntr_objects_1])); } - for (cntr_objects_1 = 0; cntr_objects_1 < r->count; cntr_objects_1++) { + for (cntr_objects_1 = 0; cntr_objects_1 < size_objects_1; cntr_objects_1++) { NDR_CHECK(ndr_pull_drsuapi_DsReplicaObjectIdentifier2(ndr, NDR_BUFFERS, &r->objects[cntr_objects_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_objects_1, 0); @@ -9229,6 +9417,7 @@ static enum ndr_err_code ndr_pull_drsuapi_DsAddEntryCtr3(struct ndr_pull *ndr, i uint32_t _ptr_error; TALLOC_CTX *_mem_save_error_0; uint32_t _ptr_objects; + uint32_t size_objects_1 = 0; uint32_t cntr_objects_1; TALLOC_CTX *_mem_save_objects_0; TALLOC_CTX *_mem_save_objects_1; @@ -9277,13 +9466,14 @@ static enum ndr_err_code ndr_pull_drsuapi_DsAddEntryCtr3(struct ndr_pull *ndr, i _mem_save_objects_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->objects, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->objects)); - NDR_PULL_ALLOC_N(ndr, r->objects, ndr_get_array_size(ndr, &r->objects)); + size_objects_1 = ndr_get_array_size(ndr, &r->objects); + NDR_PULL_ALLOC_N(ndr, r->objects, size_objects_1); _mem_save_objects_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->objects, 0); - for (cntr_objects_1 = 0; cntr_objects_1 < r->count; cntr_objects_1++) { + for (cntr_objects_1 = 0; cntr_objects_1 < size_objects_1; cntr_objects_1++) { NDR_CHECK(ndr_pull_drsuapi_DsReplicaObjectIdentifier2(ndr, NDR_SCALARS, &r->objects[cntr_objects_1])); } - for (cntr_objects_1 = 0; cntr_objects_1 < r->count; cntr_objects_1++) { + for (cntr_objects_1 = 0; cntr_objects_1 < size_objects_1; cntr_objects_1++) { NDR_CHECK(ndr_pull_drsuapi_DsReplicaObjectIdentifier2(ndr, NDR_BUFFERS, &r->objects[cntr_objects_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_objects_1, 0); @@ -9650,6 +9840,8 @@ static enum ndr_err_code ndr_push_drsuapi_DsReplicaGetInfoRequest1(struct ndr_pu static enum ndr_err_code ndr_pull_drsuapi_DsReplicaGetInfoRequest1(struct ndr_pull *ndr, int ndr_flags, struct drsuapi_DsReplicaGetInfoRequest1 *r) { uint32_t _ptr_object_dn; + uint32_t size_object_dn_1 = 0; + uint32_t length_object_dn_1 = 0; TALLOC_CTX *_mem_save_object_dn_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 5)); @@ -9669,11 +9861,13 @@ static enum ndr_err_code ndr_pull_drsuapi_DsReplicaGetInfoRequest1(struct ndr_pu NDR_PULL_SET_MEM_CTX(ndr, r->object_dn, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->object_dn)); NDR_CHECK(ndr_pull_array_length(ndr, &r->object_dn)); - if (ndr_get_array_length(ndr, &r->object_dn) > ndr_get_array_size(ndr, &r->object_dn)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->object_dn), ndr_get_array_length(ndr, &r->object_dn)); + size_object_dn_1 = ndr_get_array_size(ndr, &r->object_dn); + length_object_dn_1 = ndr_get_array_length(ndr, &r->object_dn); + if (length_object_dn_1 > size_object_dn_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_object_dn_1, length_object_dn_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->object_dn), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->object_dn, ndr_get_array_length(ndr, &r->object_dn), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_object_dn_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->object_dn, length_object_dn_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_object_dn_0, 0); } } @@ -9734,10 +9928,16 @@ static enum ndr_err_code ndr_push_drsuapi_DsReplicaGetInfoRequest2(struct ndr_pu static enum ndr_err_code ndr_pull_drsuapi_DsReplicaGetInfoRequest2(struct ndr_pull *ndr, int ndr_flags, struct drsuapi_DsReplicaGetInfoRequest2 *r) { uint32_t _ptr_object_dn; + uint32_t size_object_dn_1 = 0; + uint32_t length_object_dn_1 = 0; TALLOC_CTX *_mem_save_object_dn_0; uint32_t _ptr_string1; + uint32_t size_string1_1 = 0; + uint32_t length_string1_1 = 0; TALLOC_CTX *_mem_save_string1_0; uint32_t _ptr_string2; + uint32_t size_string2_1 = 0; + uint32_t length_string2_1 = 0; TALLOC_CTX *_mem_save_string2_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 5)); @@ -9771,11 +9971,13 @@ static enum ndr_err_code ndr_pull_drsuapi_DsReplicaGetInfoRequest2(struct ndr_pu NDR_PULL_SET_MEM_CTX(ndr, r->object_dn, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->object_dn)); NDR_CHECK(ndr_pull_array_length(ndr, &r->object_dn)); - if (ndr_get_array_length(ndr, &r->object_dn) > ndr_get_array_size(ndr, &r->object_dn)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->object_dn), ndr_get_array_length(ndr, &r->object_dn)); + size_object_dn_1 = ndr_get_array_size(ndr, &r->object_dn); + length_object_dn_1 = ndr_get_array_length(ndr, &r->object_dn); + if (length_object_dn_1 > size_object_dn_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_object_dn_1, length_object_dn_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->object_dn), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->object_dn, ndr_get_array_length(ndr, &r->object_dn), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_object_dn_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->object_dn, length_object_dn_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_object_dn_0, 0); } if (r->string1) { @@ -9783,11 +9985,13 @@ static enum ndr_err_code ndr_pull_drsuapi_DsReplicaGetInfoRequest2(struct ndr_pu NDR_PULL_SET_MEM_CTX(ndr, r->string1, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->string1)); NDR_CHECK(ndr_pull_array_length(ndr, &r->string1)); - if (ndr_get_array_length(ndr, &r->string1) > ndr_get_array_size(ndr, &r->string1)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->string1), ndr_get_array_length(ndr, &r->string1)); + size_string1_1 = ndr_get_array_size(ndr, &r->string1); + length_string1_1 = ndr_get_array_length(ndr, &r->string1); + if (length_string1_1 > size_string1_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_string1_1, length_string1_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->string1), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->string1, ndr_get_array_length(ndr, &r->string1), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_string1_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->string1, length_string1_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_string1_0, 0); } if (r->string2) { @@ -9795,11 +9999,13 @@ static enum ndr_err_code ndr_pull_drsuapi_DsReplicaGetInfoRequest2(struct ndr_pu NDR_PULL_SET_MEM_CTX(ndr, r->string2, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->string2)); NDR_CHECK(ndr_pull_array_length(ndr, &r->string2)); - if (ndr_get_array_length(ndr, &r->string2) > ndr_get_array_size(ndr, &r->string2)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->string2), ndr_get_array_length(ndr, &r->string2)); + size_string2_1 = ndr_get_array_size(ndr, &r->string2); + length_string2_1 = ndr_get_array_length(ndr, &r->string2); + if (length_string2_1 > size_string2_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_string2_1, length_string2_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->string2), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->string2, ndr_get_array_length(ndr, &r->string2), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_string2_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->string2, length_string2_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_string2_0, 0); } } @@ -9986,12 +10192,20 @@ static enum ndr_err_code ndr_push_drsuapi_DsReplicaNeighbour(struct ndr_push *nd static enum ndr_err_code ndr_pull_drsuapi_DsReplicaNeighbour(struct ndr_pull *ndr, int ndr_flags, struct drsuapi_DsReplicaNeighbour *r) { uint32_t _ptr_naming_context_dn; + uint32_t size_naming_context_dn_1 = 0; + uint32_t length_naming_context_dn_1 = 0; TALLOC_CTX *_mem_save_naming_context_dn_0; uint32_t _ptr_source_dsa_obj_dn; + uint32_t size_source_dsa_obj_dn_1 = 0; + uint32_t length_source_dsa_obj_dn_1 = 0; TALLOC_CTX *_mem_save_source_dsa_obj_dn_0; uint32_t _ptr_source_dsa_address; + uint32_t size_source_dsa_address_1 = 0; + uint32_t length_source_dsa_address_1 = 0; TALLOC_CTX *_mem_save_source_dsa_address_0; uint32_t _ptr_transport_obj_dn; + uint32_t size_transport_obj_dn_1 = 0; + uint32_t length_transport_obj_dn_1 = 0; TALLOC_CTX *_mem_save_transport_obj_dn_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 8)); @@ -10039,11 +10253,13 @@ static enum ndr_err_code ndr_pull_drsuapi_DsReplicaNeighbour(struct ndr_pull *nd NDR_PULL_SET_MEM_CTX(ndr, r->naming_context_dn, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->naming_context_dn)); NDR_CHECK(ndr_pull_array_length(ndr, &r->naming_context_dn)); - if (ndr_get_array_length(ndr, &r->naming_context_dn) > ndr_get_array_size(ndr, &r->naming_context_dn)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->naming_context_dn), ndr_get_array_length(ndr, &r->naming_context_dn)); + size_naming_context_dn_1 = ndr_get_array_size(ndr, &r->naming_context_dn); + length_naming_context_dn_1 = ndr_get_array_length(ndr, &r->naming_context_dn); + if (length_naming_context_dn_1 > size_naming_context_dn_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_naming_context_dn_1, length_naming_context_dn_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->naming_context_dn), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->naming_context_dn, ndr_get_array_length(ndr, &r->naming_context_dn), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_naming_context_dn_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->naming_context_dn, length_naming_context_dn_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_naming_context_dn_0, 0); } if (r->source_dsa_obj_dn) { @@ -10051,11 +10267,13 @@ static enum ndr_err_code ndr_pull_drsuapi_DsReplicaNeighbour(struct ndr_pull *nd NDR_PULL_SET_MEM_CTX(ndr, r->source_dsa_obj_dn, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->source_dsa_obj_dn)); NDR_CHECK(ndr_pull_array_length(ndr, &r->source_dsa_obj_dn)); - if (ndr_get_array_length(ndr, &r->source_dsa_obj_dn) > ndr_get_array_size(ndr, &r->source_dsa_obj_dn)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->source_dsa_obj_dn), ndr_get_array_length(ndr, &r->source_dsa_obj_dn)); + size_source_dsa_obj_dn_1 = ndr_get_array_size(ndr, &r->source_dsa_obj_dn); + length_source_dsa_obj_dn_1 = ndr_get_array_length(ndr, &r->source_dsa_obj_dn); + if (length_source_dsa_obj_dn_1 > size_source_dsa_obj_dn_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_source_dsa_obj_dn_1, length_source_dsa_obj_dn_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->source_dsa_obj_dn), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->source_dsa_obj_dn, ndr_get_array_length(ndr, &r->source_dsa_obj_dn), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_source_dsa_obj_dn_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->source_dsa_obj_dn, length_source_dsa_obj_dn_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_source_dsa_obj_dn_0, 0); } if (r->source_dsa_address) { @@ -10063,11 +10281,13 @@ static enum ndr_err_code ndr_pull_drsuapi_DsReplicaNeighbour(struct ndr_pull *nd NDR_PULL_SET_MEM_CTX(ndr, r->source_dsa_address, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->source_dsa_address)); NDR_CHECK(ndr_pull_array_length(ndr, &r->source_dsa_address)); - if (ndr_get_array_length(ndr, &r->source_dsa_address) > ndr_get_array_size(ndr, &r->source_dsa_address)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->source_dsa_address), ndr_get_array_length(ndr, &r->source_dsa_address)); + size_source_dsa_address_1 = ndr_get_array_size(ndr, &r->source_dsa_address); + length_source_dsa_address_1 = ndr_get_array_length(ndr, &r->source_dsa_address); + if (length_source_dsa_address_1 > size_source_dsa_address_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_source_dsa_address_1, length_source_dsa_address_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->source_dsa_address), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->source_dsa_address, ndr_get_array_length(ndr, &r->source_dsa_address), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_source_dsa_address_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->source_dsa_address, length_source_dsa_address_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_source_dsa_address_0, 0); } if (r->transport_obj_dn) { @@ -10075,11 +10295,13 @@ static enum ndr_err_code ndr_pull_drsuapi_DsReplicaNeighbour(struct ndr_pull *nd NDR_PULL_SET_MEM_CTX(ndr, r->transport_obj_dn, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->transport_obj_dn)); NDR_CHECK(ndr_pull_array_length(ndr, &r->transport_obj_dn)); - if (ndr_get_array_length(ndr, &r->transport_obj_dn) > ndr_get_array_size(ndr, &r->transport_obj_dn)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->transport_obj_dn), ndr_get_array_length(ndr, &r->transport_obj_dn)); + size_transport_obj_dn_1 = ndr_get_array_size(ndr, &r->transport_obj_dn); + length_transport_obj_dn_1 = ndr_get_array_length(ndr, &r->transport_obj_dn); + if (length_transport_obj_dn_1 > size_transport_obj_dn_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_transport_obj_dn_1, length_transport_obj_dn_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->transport_obj_dn), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->transport_obj_dn, ndr_get_array_length(ndr, &r->transport_obj_dn), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_transport_obj_dn_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->transport_obj_dn, length_transport_obj_dn_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_transport_obj_dn_0, 0); } } @@ -10152,6 +10374,7 @@ static enum ndr_err_code ndr_push_drsuapi_DsReplicaNeighbourCtr(struct ndr_push static enum ndr_err_code ndr_pull_drsuapi_DsReplicaNeighbourCtr(struct ndr_pull *ndr, int ndr_flags, struct drsuapi_DsReplicaNeighbourCtr *r) { + uint32_t size_array_0 = 0; uint32_t cntr_array_0; TALLOC_CTX *_mem_save_array_0; if (ndr_flags & NDR_SCALARS) { @@ -10159,10 +10382,11 @@ static enum ndr_err_code ndr_pull_drsuapi_DsReplicaNeighbourCtr(struct ndr_pull NDR_CHECK(ndr_pull_align(ndr, 8)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->count)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->reserved)); - NDR_PULL_ALLOC_N(ndr, r->array, ndr_get_array_size(ndr, &r->array)); + size_array_0 = ndr_get_array_size(ndr, &r->array); + NDR_PULL_ALLOC_N(ndr, r->array, size_array_0); _mem_save_array_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); - for (cntr_array_0 = 0; cntr_array_0 < r->count; cntr_array_0++) { + for (cntr_array_0 = 0; cntr_array_0 < size_array_0; cntr_array_0++) { NDR_CHECK(ndr_pull_drsuapi_DsReplicaNeighbour(ndr, NDR_SCALARS, &r->array[cntr_array_0])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_array_0, 0); @@ -10172,9 +10396,10 @@ static enum ndr_err_code ndr_pull_drsuapi_DsReplicaNeighbourCtr(struct ndr_pull NDR_CHECK(ndr_pull_trailer_align(ndr, 8)); } if (ndr_flags & NDR_BUFFERS) { + size_array_0 = ndr_get_array_size(ndr, &r->array); _mem_save_array_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); - for (cntr_array_0 = 0; cntr_array_0 < r->count; cntr_array_0++) { + for (cntr_array_0 = 0; cntr_array_0 < size_array_0; cntr_array_0++) { NDR_CHECK(ndr_pull_drsuapi_DsReplicaNeighbour(ndr, NDR_BUFFERS, &r->array[cntr_array_0])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_array_0, 0); @@ -10222,6 +10447,7 @@ static enum ndr_err_code ndr_push_drsuapi_DsReplicaCursorCtr(struct ndr_push *nd static enum ndr_err_code ndr_pull_drsuapi_DsReplicaCursorCtr(struct ndr_pull *ndr, int ndr_flags, struct drsuapi_DsReplicaCursorCtr *r) { + uint32_t size_array_0 = 0; uint32_t cntr_array_0; TALLOC_CTX *_mem_save_array_0; if (ndr_flags & NDR_SCALARS) { @@ -10229,10 +10455,11 @@ static enum ndr_err_code ndr_pull_drsuapi_DsReplicaCursorCtr(struct ndr_pull *nd NDR_CHECK(ndr_pull_align(ndr, 8)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->count)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->reserved)); - NDR_PULL_ALLOC_N(ndr, r->array, ndr_get_array_size(ndr, &r->array)); + size_array_0 = ndr_get_array_size(ndr, &r->array); + NDR_PULL_ALLOC_N(ndr, r->array, size_array_0); _mem_save_array_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); - for (cntr_array_0 = 0; cntr_array_0 < r->count; cntr_array_0++) { + for (cntr_array_0 = 0; cntr_array_0 < size_array_0; cntr_array_0++) { NDR_CHECK(ndr_pull_drsuapi_DsReplicaCursor(ndr, NDR_SCALARS, &r->array[cntr_array_0])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_array_0, 0); @@ -10292,6 +10519,8 @@ static enum ndr_err_code ndr_push_drsuapi_DsReplicaObjMetaData(struct ndr_push * static enum ndr_err_code ndr_pull_drsuapi_DsReplicaObjMetaData(struct ndr_pull *ndr, int ndr_flags, struct drsuapi_DsReplicaObjMetaData *r) { uint32_t _ptr_attribute_name; + uint32_t size_attribute_name_1 = 0; + uint32_t length_attribute_name_1 = 0; TALLOC_CTX *_mem_save_attribute_name_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 8)); @@ -10314,11 +10543,13 @@ static enum ndr_err_code ndr_pull_drsuapi_DsReplicaObjMetaData(struct ndr_pull * NDR_PULL_SET_MEM_CTX(ndr, r->attribute_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->attribute_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->attribute_name)); - if (ndr_get_array_length(ndr, &r->attribute_name) > ndr_get_array_size(ndr, &r->attribute_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->attribute_name), ndr_get_array_length(ndr, &r->attribute_name)); + size_attribute_name_1 = ndr_get_array_size(ndr, &r->attribute_name); + length_attribute_name_1 = ndr_get_array_length(ndr, &r->attribute_name); + if (length_attribute_name_1 > size_attribute_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_attribute_name_1, length_attribute_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->attribute_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->attribute_name, ndr_get_array_length(ndr, &r->attribute_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_attribute_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->attribute_name, length_attribute_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_attribute_name_0, 0); } } @@ -10366,6 +10597,7 @@ static enum ndr_err_code ndr_push_drsuapi_DsReplicaObjMetaDataCtr(struct ndr_pus static enum ndr_err_code ndr_pull_drsuapi_DsReplicaObjMetaDataCtr(struct ndr_pull *ndr, int ndr_flags, struct drsuapi_DsReplicaObjMetaDataCtr *r) { + uint32_t size_array_0 = 0; uint32_t cntr_array_0; TALLOC_CTX *_mem_save_array_0; if (ndr_flags & NDR_SCALARS) { @@ -10373,10 +10605,11 @@ static enum ndr_err_code ndr_pull_drsuapi_DsReplicaObjMetaDataCtr(struct ndr_pul NDR_CHECK(ndr_pull_align(ndr, 8)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->count)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->reserved)); - NDR_PULL_ALLOC_N(ndr, r->array, ndr_get_array_size(ndr, &r->array)); + size_array_0 = ndr_get_array_size(ndr, &r->array); + NDR_PULL_ALLOC_N(ndr, r->array, size_array_0); _mem_save_array_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); - for (cntr_array_0 = 0; cntr_array_0 < r->count; cntr_array_0++) { + for (cntr_array_0 = 0; cntr_array_0 < size_array_0; cntr_array_0++) { NDR_CHECK(ndr_pull_drsuapi_DsReplicaObjMetaData(ndr, NDR_SCALARS, &r->array[cntr_array_0])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_array_0, 0); @@ -10386,9 +10619,10 @@ static enum ndr_err_code ndr_pull_drsuapi_DsReplicaObjMetaDataCtr(struct ndr_pul NDR_CHECK(ndr_pull_trailer_align(ndr, 8)); } if (ndr_flags & NDR_BUFFERS) { + size_array_0 = ndr_get_array_size(ndr, &r->array); _mem_save_array_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); - for (cntr_array_0 = 0; cntr_array_0 < r->count; cntr_array_0++) { + for (cntr_array_0 = 0; cntr_array_0 < size_array_0; cntr_array_0++) { NDR_CHECK(ndr_pull_drsuapi_DsReplicaObjMetaData(ndr, NDR_BUFFERS, &r->array[cntr_array_0])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_array_0, 0); @@ -10441,6 +10675,8 @@ static enum ndr_err_code ndr_push_drsuapi_DsReplicaKccDsaFailure(struct ndr_push static enum ndr_err_code ndr_pull_drsuapi_DsReplicaKccDsaFailure(struct ndr_pull *ndr, int ndr_flags, struct drsuapi_DsReplicaKccDsaFailure *r) { uint32_t _ptr_dsa_obj_dn; + uint32_t size_dsa_obj_dn_1 = 0; + uint32_t length_dsa_obj_dn_1 = 0; TALLOC_CTX *_mem_save_dsa_obj_dn_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 5)); @@ -10462,11 +10698,13 @@ static enum ndr_err_code ndr_pull_drsuapi_DsReplicaKccDsaFailure(struct ndr_pull NDR_PULL_SET_MEM_CTX(ndr, r->dsa_obj_dn, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->dsa_obj_dn)); NDR_CHECK(ndr_pull_array_length(ndr, &r->dsa_obj_dn)); - if (ndr_get_array_length(ndr, &r->dsa_obj_dn) > ndr_get_array_size(ndr, &r->dsa_obj_dn)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->dsa_obj_dn), ndr_get_array_length(ndr, &r->dsa_obj_dn)); + size_dsa_obj_dn_1 = ndr_get_array_size(ndr, &r->dsa_obj_dn); + length_dsa_obj_dn_1 = ndr_get_array_length(ndr, &r->dsa_obj_dn); + if (length_dsa_obj_dn_1 > size_dsa_obj_dn_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_dsa_obj_dn_1, length_dsa_obj_dn_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->dsa_obj_dn), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->dsa_obj_dn, ndr_get_array_length(ndr, &r->dsa_obj_dn), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_dsa_obj_dn_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->dsa_obj_dn, length_dsa_obj_dn_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_dsa_obj_dn_0, 0); } } @@ -10513,6 +10751,7 @@ static enum ndr_err_code ndr_push_drsuapi_DsReplicaKccDsaFailuresCtr(struct ndr_ static enum ndr_err_code ndr_pull_drsuapi_DsReplicaKccDsaFailuresCtr(struct ndr_pull *ndr, int ndr_flags, struct drsuapi_DsReplicaKccDsaFailuresCtr *r) { + uint32_t size_array_0 = 0; uint32_t cntr_array_0; TALLOC_CTX *_mem_save_array_0; if (ndr_flags & NDR_SCALARS) { @@ -10520,10 +10759,11 @@ static enum ndr_err_code ndr_pull_drsuapi_DsReplicaKccDsaFailuresCtr(struct ndr_ NDR_CHECK(ndr_pull_align(ndr, 5)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->count)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->reserved)); - NDR_PULL_ALLOC_N(ndr, r->array, ndr_get_array_size(ndr, &r->array)); + size_array_0 = ndr_get_array_size(ndr, &r->array); + NDR_PULL_ALLOC_N(ndr, r->array, size_array_0); _mem_save_array_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); - for (cntr_array_0 = 0; cntr_array_0 < r->count; cntr_array_0++) { + for (cntr_array_0 = 0; cntr_array_0 < size_array_0; cntr_array_0++) { NDR_CHECK(ndr_pull_drsuapi_DsReplicaKccDsaFailure(ndr, NDR_SCALARS, &r->array[cntr_array_0])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_array_0, 0); @@ -10533,9 +10773,10 @@ static enum ndr_err_code ndr_pull_drsuapi_DsReplicaKccDsaFailuresCtr(struct ndr_ NDR_CHECK(ndr_pull_trailer_align(ndr, 5)); } if (ndr_flags & NDR_BUFFERS) { + size_array_0 = ndr_get_array_size(ndr, &r->array); _mem_save_array_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); - for (cntr_array_0 = 0; cntr_array_0 < r->count; cntr_array_0++) { + for (cntr_array_0 = 0; cntr_array_0 < size_array_0; cntr_array_0++) { NDR_CHECK(ndr_pull_drsuapi_DsReplicaKccDsaFailure(ndr, NDR_BUFFERS, &r->array[cntr_array_0])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_array_0, 0); @@ -10789,10 +11030,16 @@ static enum ndr_err_code ndr_push_drsuapi_DsReplicaOp(struct ndr_push *ndr, int static enum ndr_err_code ndr_pull_drsuapi_DsReplicaOp(struct ndr_pull *ndr, int ndr_flags, struct drsuapi_DsReplicaOp *r) { uint32_t _ptr_nc_dn; + uint32_t size_nc_dn_1 = 0; + uint32_t length_nc_dn_1 = 0; TALLOC_CTX *_mem_save_nc_dn_0; uint32_t _ptr_remote_dsa_obj_dn; + uint32_t size_remote_dsa_obj_dn_1 = 0; + uint32_t length_remote_dsa_obj_dn_1 = 0; TALLOC_CTX *_mem_save_remote_dsa_obj_dn_0; uint32_t _ptr_remote_dsa_address; + uint32_t size_remote_dsa_address_1 = 0; + uint32_t length_remote_dsa_address_1 = 0; TALLOC_CTX *_mem_save_remote_dsa_address_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 5)); @@ -10830,11 +11077,13 @@ static enum ndr_err_code ndr_pull_drsuapi_DsReplicaOp(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->nc_dn, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->nc_dn)); NDR_CHECK(ndr_pull_array_length(ndr, &r->nc_dn)); - if (ndr_get_array_length(ndr, &r->nc_dn) > ndr_get_array_size(ndr, &r->nc_dn)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->nc_dn), ndr_get_array_length(ndr, &r->nc_dn)); + size_nc_dn_1 = ndr_get_array_size(ndr, &r->nc_dn); + length_nc_dn_1 = ndr_get_array_length(ndr, &r->nc_dn); + if (length_nc_dn_1 > size_nc_dn_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_nc_dn_1, length_nc_dn_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->nc_dn), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->nc_dn, ndr_get_array_length(ndr, &r->nc_dn), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_nc_dn_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->nc_dn, length_nc_dn_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_nc_dn_0, 0); } if (r->remote_dsa_obj_dn) { @@ -10842,11 +11091,13 @@ static enum ndr_err_code ndr_pull_drsuapi_DsReplicaOp(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->remote_dsa_obj_dn, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->remote_dsa_obj_dn)); NDR_CHECK(ndr_pull_array_length(ndr, &r->remote_dsa_obj_dn)); - if (ndr_get_array_length(ndr, &r->remote_dsa_obj_dn) > ndr_get_array_size(ndr, &r->remote_dsa_obj_dn)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->remote_dsa_obj_dn), ndr_get_array_length(ndr, &r->remote_dsa_obj_dn)); + size_remote_dsa_obj_dn_1 = ndr_get_array_size(ndr, &r->remote_dsa_obj_dn); + length_remote_dsa_obj_dn_1 = ndr_get_array_length(ndr, &r->remote_dsa_obj_dn); + if (length_remote_dsa_obj_dn_1 > size_remote_dsa_obj_dn_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_remote_dsa_obj_dn_1, length_remote_dsa_obj_dn_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->remote_dsa_obj_dn), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->remote_dsa_obj_dn, ndr_get_array_length(ndr, &r->remote_dsa_obj_dn), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_remote_dsa_obj_dn_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->remote_dsa_obj_dn, length_remote_dsa_obj_dn_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_remote_dsa_obj_dn_0, 0); } if (r->remote_dsa_address) { @@ -10854,11 +11105,13 @@ static enum ndr_err_code ndr_pull_drsuapi_DsReplicaOp(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->remote_dsa_address, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->remote_dsa_address)); NDR_CHECK(ndr_pull_array_length(ndr, &r->remote_dsa_address)); - if (ndr_get_array_length(ndr, &r->remote_dsa_address) > ndr_get_array_size(ndr, &r->remote_dsa_address)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->remote_dsa_address), ndr_get_array_length(ndr, &r->remote_dsa_address)); + size_remote_dsa_address_1 = ndr_get_array_size(ndr, &r->remote_dsa_address); + length_remote_dsa_address_1 = ndr_get_array_length(ndr, &r->remote_dsa_address); + if (length_remote_dsa_address_1 > size_remote_dsa_address_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_remote_dsa_address_1, length_remote_dsa_address_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->remote_dsa_address), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->remote_dsa_address, ndr_get_array_length(ndr, &r->remote_dsa_address), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_remote_dsa_address_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->remote_dsa_address, length_remote_dsa_address_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_remote_dsa_address_0, 0); } } @@ -10921,6 +11174,7 @@ static enum ndr_err_code ndr_push_drsuapi_DsReplicaOpCtr(struct ndr_push *ndr, i static enum ndr_err_code ndr_pull_drsuapi_DsReplicaOpCtr(struct ndr_pull *ndr, int ndr_flags, struct drsuapi_DsReplicaOpCtr *r) { + uint32_t size_array_0 = 0; uint32_t cntr_array_0; TALLOC_CTX *_mem_save_array_0; if (ndr_flags & NDR_SCALARS) { @@ -10928,10 +11182,11 @@ static enum ndr_err_code ndr_pull_drsuapi_DsReplicaOpCtr(struct ndr_pull *ndr, i NDR_CHECK(ndr_pull_align(ndr, 5)); NDR_CHECK(ndr_pull_NTTIME(ndr, NDR_SCALARS, &r->time)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->count)); - NDR_PULL_ALLOC_N(ndr, r->array, ndr_get_array_size(ndr, &r->array)); + size_array_0 = ndr_get_array_size(ndr, &r->array); + NDR_PULL_ALLOC_N(ndr, r->array, size_array_0); _mem_save_array_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); - for (cntr_array_0 = 0; cntr_array_0 < r->count; cntr_array_0++) { + for (cntr_array_0 = 0; cntr_array_0 < size_array_0; cntr_array_0++) { NDR_CHECK(ndr_pull_drsuapi_DsReplicaOp(ndr, NDR_SCALARS, &r->array[cntr_array_0])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_array_0, 0); @@ -10941,9 +11196,10 @@ static enum ndr_err_code ndr_pull_drsuapi_DsReplicaOpCtr(struct ndr_pull *ndr, i NDR_CHECK(ndr_pull_trailer_align(ndr, 5)); } if (ndr_flags & NDR_BUFFERS) { + size_array_0 = ndr_get_array_size(ndr, &r->array); _mem_save_array_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); - for (cntr_array_0 = 0; cntr_array_0 < r->count; cntr_array_0++) { + for (cntr_array_0 = 0; cntr_array_0 < size_array_0; cntr_array_0++) { NDR_CHECK(ndr_pull_drsuapi_DsReplicaOp(ndr, NDR_BUFFERS, &r->array[cntr_array_0])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_array_0, 0); @@ -11011,8 +11267,12 @@ static enum ndr_err_code ndr_push_drsuapi_DsReplicaAttrValMetaData(struct ndr_pu static enum ndr_err_code ndr_pull_drsuapi_DsReplicaAttrValMetaData(struct ndr_pull *ndr, int ndr_flags, struct drsuapi_DsReplicaAttrValMetaData *r) { uint32_t _ptr_attribute_name; + uint32_t size_attribute_name_1 = 0; + uint32_t length_attribute_name_1 = 0; TALLOC_CTX *_mem_save_attribute_name_0; uint32_t _ptr_object_dn; + uint32_t size_object_dn_1 = 0; + uint32_t length_object_dn_1 = 0; TALLOC_CTX *_mem_save_object_dn_0; uint32_t _ptr_binary; TALLOC_CTX *_mem_save_binary_0; @@ -11052,11 +11312,13 @@ static enum ndr_err_code ndr_pull_drsuapi_DsReplicaAttrValMetaData(struct ndr_pu NDR_PULL_SET_MEM_CTX(ndr, r->attribute_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->attribute_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->attribute_name)); - if (ndr_get_array_length(ndr, &r->attribute_name) > ndr_get_array_size(ndr, &r->attribute_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->attribute_name), ndr_get_array_length(ndr, &r->attribute_name)); + size_attribute_name_1 = ndr_get_array_size(ndr, &r->attribute_name); + length_attribute_name_1 = ndr_get_array_length(ndr, &r->attribute_name); + if (length_attribute_name_1 > size_attribute_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_attribute_name_1, length_attribute_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->attribute_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->attribute_name, ndr_get_array_length(ndr, &r->attribute_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_attribute_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->attribute_name, length_attribute_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_attribute_name_0, 0); } if (r->object_dn) { @@ -11064,11 +11326,13 @@ static enum ndr_err_code ndr_pull_drsuapi_DsReplicaAttrValMetaData(struct ndr_pu NDR_PULL_SET_MEM_CTX(ndr, r->object_dn, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->object_dn)); NDR_CHECK(ndr_pull_array_length(ndr, &r->object_dn)); - if (ndr_get_array_length(ndr, &r->object_dn) > ndr_get_array_size(ndr, &r->object_dn)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->object_dn), ndr_get_array_length(ndr, &r->object_dn)); + size_object_dn_1 = ndr_get_array_size(ndr, &r->object_dn); + length_object_dn_1 = ndr_get_array_length(ndr, &r->object_dn); + if (length_object_dn_1 > size_object_dn_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_object_dn_1, length_object_dn_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->object_dn), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->object_dn, ndr_get_array_length(ndr, &r->object_dn), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_object_dn_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->object_dn, length_object_dn_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_object_dn_0, 0); } if (r->binary) { @@ -11137,6 +11401,7 @@ static enum ndr_err_code ndr_push_drsuapi_DsReplicaAttrValMetaDataCtr(struct ndr static enum ndr_err_code ndr_pull_drsuapi_DsReplicaAttrValMetaDataCtr(struct ndr_pull *ndr, int ndr_flags, struct drsuapi_DsReplicaAttrValMetaDataCtr *r) { + uint32_t size_array_0 = 0; uint32_t cntr_array_0; TALLOC_CTX *_mem_save_array_0; if (ndr_flags & NDR_SCALARS) { @@ -11144,10 +11409,11 @@ static enum ndr_err_code ndr_pull_drsuapi_DsReplicaAttrValMetaDataCtr(struct ndr NDR_CHECK(ndr_pull_align(ndr, 8)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->count)); NDR_CHECK(ndr_pull_int32(ndr, NDR_SCALARS, &r->enumeration_context)); - NDR_PULL_ALLOC_N(ndr, r->array, ndr_get_array_size(ndr, &r->array)); + size_array_0 = ndr_get_array_size(ndr, &r->array); + NDR_PULL_ALLOC_N(ndr, r->array, size_array_0); _mem_save_array_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); - for (cntr_array_0 = 0; cntr_array_0 < r->count; cntr_array_0++) { + for (cntr_array_0 = 0; cntr_array_0 < size_array_0; cntr_array_0++) { NDR_CHECK(ndr_pull_drsuapi_DsReplicaAttrValMetaData(ndr, NDR_SCALARS, &r->array[cntr_array_0])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_array_0, 0); @@ -11157,9 +11423,10 @@ static enum ndr_err_code ndr_pull_drsuapi_DsReplicaAttrValMetaDataCtr(struct ndr NDR_CHECK(ndr_pull_trailer_align(ndr, 8)); } if (ndr_flags & NDR_BUFFERS) { + size_array_0 = ndr_get_array_size(ndr, &r->array); _mem_save_array_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); - for (cntr_array_0 = 0; cntr_array_0 < r->count; cntr_array_0++) { + for (cntr_array_0 = 0; cntr_array_0 < size_array_0; cntr_array_0++) { NDR_CHECK(ndr_pull_drsuapi_DsReplicaAttrValMetaData(ndr, NDR_BUFFERS, &r->array[cntr_array_0])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_array_0, 0); @@ -11207,6 +11474,7 @@ static enum ndr_err_code ndr_push_drsuapi_DsReplicaCursor2Ctr(struct ndr_push *n static enum ndr_err_code ndr_pull_drsuapi_DsReplicaCursor2Ctr(struct ndr_pull *ndr, int ndr_flags, struct drsuapi_DsReplicaCursor2Ctr *r) { + uint32_t size_array_0 = 0; uint32_t cntr_array_0; TALLOC_CTX *_mem_save_array_0; if (ndr_flags & NDR_SCALARS) { @@ -11214,10 +11482,11 @@ static enum ndr_err_code ndr_pull_drsuapi_DsReplicaCursor2Ctr(struct ndr_pull *n NDR_CHECK(ndr_pull_align(ndr, 8)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->count)); NDR_CHECK(ndr_pull_int32(ndr, NDR_SCALARS, &r->enumeration_context)); - NDR_PULL_ALLOC_N(ndr, r->array, ndr_get_array_size(ndr, &r->array)); + size_array_0 = ndr_get_array_size(ndr, &r->array); + NDR_PULL_ALLOC_N(ndr, r->array, size_array_0); _mem_save_array_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); - for (cntr_array_0 = 0; cntr_array_0 < r->count; cntr_array_0++) { + for (cntr_array_0 = 0; cntr_array_0 < size_array_0; cntr_array_0++) { NDR_CHECK(ndr_pull_drsuapi_DsReplicaCursor2(ndr, NDR_SCALARS, &r->array[cntr_array_0])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_array_0, 0); @@ -11275,6 +11544,8 @@ static enum ndr_err_code ndr_push_drsuapi_DsReplicaCursor3(struct ndr_push *ndr, static enum ndr_err_code ndr_pull_drsuapi_DsReplicaCursor3(struct ndr_pull *ndr, int ndr_flags, struct drsuapi_DsReplicaCursor3 *r) { uint32_t _ptr_source_dsa_obj_dn; + uint32_t size_source_dsa_obj_dn_1 = 0; + uint32_t length_source_dsa_obj_dn_1 = 0; TALLOC_CTX *_mem_save_source_dsa_obj_dn_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 8)); @@ -11295,11 +11566,13 @@ static enum ndr_err_code ndr_pull_drsuapi_DsReplicaCursor3(struct ndr_pull *ndr, NDR_PULL_SET_MEM_CTX(ndr, r->source_dsa_obj_dn, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->source_dsa_obj_dn)); NDR_CHECK(ndr_pull_array_length(ndr, &r->source_dsa_obj_dn)); - if (ndr_get_array_length(ndr, &r->source_dsa_obj_dn) > ndr_get_array_size(ndr, &r->source_dsa_obj_dn)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->source_dsa_obj_dn), ndr_get_array_length(ndr, &r->source_dsa_obj_dn)); + size_source_dsa_obj_dn_1 = ndr_get_array_size(ndr, &r->source_dsa_obj_dn); + length_source_dsa_obj_dn_1 = ndr_get_array_length(ndr, &r->source_dsa_obj_dn); + if (length_source_dsa_obj_dn_1 > size_source_dsa_obj_dn_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_source_dsa_obj_dn_1, length_source_dsa_obj_dn_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->source_dsa_obj_dn), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->source_dsa_obj_dn, ndr_get_array_length(ndr, &r->source_dsa_obj_dn), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_source_dsa_obj_dn_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->source_dsa_obj_dn, length_source_dsa_obj_dn_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_source_dsa_obj_dn_0, 0); } } @@ -11345,6 +11618,7 @@ static enum ndr_err_code ndr_push_drsuapi_DsReplicaCursor3Ctr(struct ndr_push *n static enum ndr_err_code ndr_pull_drsuapi_DsReplicaCursor3Ctr(struct ndr_pull *ndr, int ndr_flags, struct drsuapi_DsReplicaCursor3Ctr *r) { + uint32_t size_array_0 = 0; uint32_t cntr_array_0; TALLOC_CTX *_mem_save_array_0; if (ndr_flags & NDR_SCALARS) { @@ -11352,10 +11626,11 @@ static enum ndr_err_code ndr_pull_drsuapi_DsReplicaCursor3Ctr(struct ndr_pull *n NDR_CHECK(ndr_pull_align(ndr, 8)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->count)); NDR_CHECK(ndr_pull_int32(ndr, NDR_SCALARS, &r->enumeration_context)); - NDR_PULL_ALLOC_N(ndr, r->array, ndr_get_array_size(ndr, &r->array)); + size_array_0 = ndr_get_array_size(ndr, &r->array); + NDR_PULL_ALLOC_N(ndr, r->array, size_array_0); _mem_save_array_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); - for (cntr_array_0 = 0; cntr_array_0 < r->count; cntr_array_0++) { + for (cntr_array_0 = 0; cntr_array_0 < size_array_0; cntr_array_0++) { NDR_CHECK(ndr_pull_drsuapi_DsReplicaCursor3(ndr, NDR_SCALARS, &r->array[cntr_array_0])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_array_0, 0); @@ -11365,9 +11640,10 @@ static enum ndr_err_code ndr_pull_drsuapi_DsReplicaCursor3Ctr(struct ndr_pull *n NDR_CHECK(ndr_pull_trailer_align(ndr, 8)); } if (ndr_flags & NDR_BUFFERS) { + size_array_0 = ndr_get_array_size(ndr, &r->array); _mem_save_array_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); - for (cntr_array_0 = 0; cntr_array_0 < r->count; cntr_array_0++) { + for (cntr_array_0 = 0; cntr_array_0 < size_array_0; cntr_array_0++) { NDR_CHECK(ndr_pull_drsuapi_DsReplicaCursor3(ndr, NDR_BUFFERS, &r->array[cntr_array_0])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_array_0, 0); @@ -11428,8 +11704,12 @@ static enum ndr_err_code ndr_push_drsuapi_DsReplicaObjMetaData2(struct ndr_push static enum ndr_err_code ndr_pull_drsuapi_DsReplicaObjMetaData2(struct ndr_pull *ndr, int ndr_flags, struct drsuapi_DsReplicaObjMetaData2 *r) { uint32_t _ptr_attribute_name; + uint32_t size_attribute_name_1 = 0; + uint32_t length_attribute_name_1 = 0; TALLOC_CTX *_mem_save_attribute_name_0; uint32_t _ptr_originating_dsa_dn; + uint32_t size_originating_dsa_dn_1 = 0; + uint32_t length_originating_dsa_dn_1 = 0; TALLOC_CTX *_mem_save_originating_dsa_dn_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 8)); @@ -11458,11 +11738,13 @@ static enum ndr_err_code ndr_pull_drsuapi_DsReplicaObjMetaData2(struct ndr_pull NDR_PULL_SET_MEM_CTX(ndr, r->attribute_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->attribute_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->attribute_name)); - if (ndr_get_array_length(ndr, &r->attribute_name) > ndr_get_array_size(ndr, &r->attribute_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->attribute_name), ndr_get_array_length(ndr, &r->attribute_name)); + size_attribute_name_1 = ndr_get_array_size(ndr, &r->attribute_name); + length_attribute_name_1 = ndr_get_array_length(ndr, &r->attribute_name); + if (length_attribute_name_1 > size_attribute_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_attribute_name_1, length_attribute_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->attribute_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->attribute_name, ndr_get_array_length(ndr, &r->attribute_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_attribute_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->attribute_name, length_attribute_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_attribute_name_0, 0); } if (r->originating_dsa_dn) { @@ -11470,11 +11752,13 @@ static enum ndr_err_code ndr_pull_drsuapi_DsReplicaObjMetaData2(struct ndr_pull NDR_PULL_SET_MEM_CTX(ndr, r->originating_dsa_dn, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->originating_dsa_dn)); NDR_CHECK(ndr_pull_array_length(ndr, &r->originating_dsa_dn)); - if (ndr_get_array_length(ndr, &r->originating_dsa_dn) > ndr_get_array_size(ndr, &r->originating_dsa_dn)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->originating_dsa_dn), ndr_get_array_length(ndr, &r->originating_dsa_dn)); + size_originating_dsa_dn_1 = ndr_get_array_size(ndr, &r->originating_dsa_dn); + length_originating_dsa_dn_1 = ndr_get_array_length(ndr, &r->originating_dsa_dn); + if (length_originating_dsa_dn_1 > size_originating_dsa_dn_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_originating_dsa_dn_1, length_originating_dsa_dn_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->originating_dsa_dn), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->originating_dsa_dn, ndr_get_array_length(ndr, &r->originating_dsa_dn), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_originating_dsa_dn_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->originating_dsa_dn, length_originating_dsa_dn_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_originating_dsa_dn_0, 0); } } @@ -11528,6 +11812,7 @@ static enum ndr_err_code ndr_push_drsuapi_DsReplicaObjMetaData2Ctr(struct ndr_pu static enum ndr_err_code ndr_pull_drsuapi_DsReplicaObjMetaData2Ctr(struct ndr_pull *ndr, int ndr_flags, struct drsuapi_DsReplicaObjMetaData2Ctr *r) { + uint32_t size_array_0 = 0; uint32_t cntr_array_0; TALLOC_CTX *_mem_save_array_0; if (ndr_flags & NDR_SCALARS) { @@ -11535,10 +11820,11 @@ static enum ndr_err_code ndr_pull_drsuapi_DsReplicaObjMetaData2Ctr(struct ndr_pu NDR_CHECK(ndr_pull_align(ndr, 8)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->count)); NDR_CHECK(ndr_pull_int32(ndr, NDR_SCALARS, &r->enumeration_context)); - NDR_PULL_ALLOC_N(ndr, r->array, ndr_get_array_size(ndr, &r->array)); + size_array_0 = ndr_get_array_size(ndr, &r->array); + NDR_PULL_ALLOC_N(ndr, r->array, size_array_0); _mem_save_array_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); - for (cntr_array_0 = 0; cntr_array_0 < r->count; cntr_array_0++) { + for (cntr_array_0 = 0; cntr_array_0 < size_array_0; cntr_array_0++) { NDR_CHECK(ndr_pull_drsuapi_DsReplicaObjMetaData2(ndr, NDR_SCALARS, &r->array[cntr_array_0])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_array_0, 0); @@ -11548,9 +11834,10 @@ static enum ndr_err_code ndr_pull_drsuapi_DsReplicaObjMetaData2Ctr(struct ndr_pu NDR_CHECK(ndr_pull_trailer_align(ndr, 8)); } if (ndr_flags & NDR_BUFFERS) { + size_array_0 = ndr_get_array_size(ndr, &r->array); _mem_save_array_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); - for (cntr_array_0 = 0; cntr_array_0 < r->count; cntr_array_0++) { + for (cntr_array_0 = 0; cntr_array_0 < size_array_0; cntr_array_0++) { NDR_CHECK(ndr_pull_drsuapi_DsReplicaObjMetaData2(ndr, NDR_BUFFERS, &r->array[cntr_array_0])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_array_0, 0); @@ -11625,12 +11912,18 @@ static enum ndr_err_code ndr_push_drsuapi_DsReplicaAttrValMetaData2(struct ndr_p static enum ndr_err_code ndr_pull_drsuapi_DsReplicaAttrValMetaData2(struct ndr_pull *ndr, int ndr_flags, struct drsuapi_DsReplicaAttrValMetaData2 *r) { uint32_t _ptr_attribute_name; + uint32_t size_attribute_name_1 = 0; + uint32_t length_attribute_name_1 = 0; TALLOC_CTX *_mem_save_attribute_name_0; uint32_t _ptr_object_dn; + uint32_t size_object_dn_1 = 0; + uint32_t length_object_dn_1 = 0; TALLOC_CTX *_mem_save_object_dn_0; uint32_t _ptr_binary; TALLOC_CTX *_mem_save_binary_0; uint32_t _ptr_originating_dsa_dn; + uint32_t size_originating_dsa_dn_1 = 0; + uint32_t length_originating_dsa_dn_1 = 0; TALLOC_CTX *_mem_save_originating_dsa_dn_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 8)); @@ -11674,11 +11967,13 @@ static enum ndr_err_code ndr_pull_drsuapi_DsReplicaAttrValMetaData2(struct ndr_p NDR_PULL_SET_MEM_CTX(ndr, r->attribute_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->attribute_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->attribute_name)); - if (ndr_get_array_length(ndr, &r->attribute_name) > ndr_get_array_size(ndr, &r->attribute_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->attribute_name), ndr_get_array_length(ndr, &r->attribute_name)); + size_attribute_name_1 = ndr_get_array_size(ndr, &r->attribute_name); + length_attribute_name_1 = ndr_get_array_length(ndr, &r->attribute_name); + if (length_attribute_name_1 > size_attribute_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_attribute_name_1, length_attribute_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->attribute_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->attribute_name, ndr_get_array_length(ndr, &r->attribute_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_attribute_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->attribute_name, length_attribute_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_attribute_name_0, 0); } if (r->object_dn) { @@ -11686,11 +11981,13 @@ static enum ndr_err_code ndr_pull_drsuapi_DsReplicaAttrValMetaData2(struct ndr_p NDR_PULL_SET_MEM_CTX(ndr, r->object_dn, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->object_dn)); NDR_CHECK(ndr_pull_array_length(ndr, &r->object_dn)); - if (ndr_get_array_length(ndr, &r->object_dn) > ndr_get_array_size(ndr, &r->object_dn)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->object_dn), ndr_get_array_length(ndr, &r->object_dn)); + size_object_dn_1 = ndr_get_array_size(ndr, &r->object_dn); + length_object_dn_1 = ndr_get_array_length(ndr, &r->object_dn); + if (length_object_dn_1 > size_object_dn_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_object_dn_1, length_object_dn_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->object_dn), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->object_dn, ndr_get_array_length(ndr, &r->object_dn), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_object_dn_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->object_dn, length_object_dn_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_object_dn_0, 0); } if (r->binary) { @@ -11704,11 +12001,13 @@ static enum ndr_err_code ndr_pull_drsuapi_DsReplicaAttrValMetaData2(struct ndr_p NDR_PULL_SET_MEM_CTX(ndr, r->originating_dsa_dn, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->originating_dsa_dn)); NDR_CHECK(ndr_pull_array_length(ndr, &r->originating_dsa_dn)); - if (ndr_get_array_length(ndr, &r->originating_dsa_dn) > ndr_get_array_size(ndr, &r->originating_dsa_dn)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->originating_dsa_dn), ndr_get_array_length(ndr, &r->originating_dsa_dn)); + size_originating_dsa_dn_1 = ndr_get_array_size(ndr, &r->originating_dsa_dn); + length_originating_dsa_dn_1 = ndr_get_array_length(ndr, &r->originating_dsa_dn); + if (length_originating_dsa_dn_1 > size_originating_dsa_dn_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_originating_dsa_dn_1, length_originating_dsa_dn_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->originating_dsa_dn), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->originating_dsa_dn, ndr_get_array_length(ndr, &r->originating_dsa_dn), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_originating_dsa_dn_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->originating_dsa_dn, length_originating_dsa_dn_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_originating_dsa_dn_0, 0); } } @@ -11777,6 +12076,7 @@ static enum ndr_err_code ndr_push_drsuapi_DsReplicaAttrValMetaData2Ctr(struct nd static enum ndr_err_code ndr_pull_drsuapi_DsReplicaAttrValMetaData2Ctr(struct ndr_pull *ndr, int ndr_flags, struct drsuapi_DsReplicaAttrValMetaData2Ctr *r) { + uint32_t size_array_0 = 0; uint32_t cntr_array_0; TALLOC_CTX *_mem_save_array_0; if (ndr_flags & NDR_SCALARS) { @@ -11784,10 +12084,11 @@ static enum ndr_err_code ndr_pull_drsuapi_DsReplicaAttrValMetaData2Ctr(struct nd NDR_CHECK(ndr_pull_align(ndr, 8)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->count)); NDR_CHECK(ndr_pull_int32(ndr, NDR_SCALARS, &r->enumeration_context)); - NDR_PULL_ALLOC_N(ndr, r->array, ndr_get_array_size(ndr, &r->array)); + size_array_0 = ndr_get_array_size(ndr, &r->array); + NDR_PULL_ALLOC_N(ndr, r->array, size_array_0); _mem_save_array_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); - for (cntr_array_0 = 0; cntr_array_0 < r->count; cntr_array_0++) { + for (cntr_array_0 = 0; cntr_array_0 < size_array_0; cntr_array_0++) { NDR_CHECK(ndr_pull_drsuapi_DsReplicaAttrValMetaData2(ndr, NDR_SCALARS, &r->array[cntr_array_0])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_array_0, 0); @@ -11797,9 +12098,10 @@ static enum ndr_err_code ndr_pull_drsuapi_DsReplicaAttrValMetaData2Ctr(struct nd NDR_CHECK(ndr_pull_trailer_align(ndr, 8)); } if (ndr_flags & NDR_BUFFERS) { + size_array_0 = ndr_get_array_size(ndr, &r->array); _mem_save_array_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); - for (cntr_array_0 = 0; cntr_array_0 < r->count; cntr_array_0++) { + for (cntr_array_0 = 0; cntr_array_0 < size_array_0; cntr_array_0++) { NDR_CHECK(ndr_pull_drsuapi_DsReplicaAttrValMetaData2(ndr, NDR_BUFFERS, &r->array[cntr_array_0])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_array_0, 0); @@ -11907,6 +12209,7 @@ static enum ndr_err_code ndr_push_drsuapi_DsReplicaConnection04Ctr(struct ndr_pu static enum ndr_err_code ndr_pull_drsuapi_DsReplicaConnection04Ctr(struct ndr_pull *ndr, int ndr_flags, struct drsuapi_DsReplicaConnection04Ctr *r) { + uint32_t size_array_0 = 0; uint32_t cntr_array_0; TALLOC_CTX *_mem_save_array_0; if (ndr_flags & NDR_SCALARS) { @@ -11917,10 +12220,11 @@ static enum ndr_err_code ndr_pull_drsuapi_DsReplicaConnection04Ctr(struct ndr_pu return ndr_pull_error(ndr, NDR_ERR_RANGE, "value out of range"); } NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->reserved)); - NDR_PULL_ALLOC_N(ndr, r->array, ndr_get_array_size(ndr, &r->array)); + size_array_0 = ndr_get_array_size(ndr, &r->array); + NDR_PULL_ALLOC_N(ndr, r->array, size_array_0); _mem_save_array_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); - for (cntr_array_0 = 0; cntr_array_0 < r->count; cntr_array_0++) { + for (cntr_array_0 = 0; cntr_array_0 < size_array_0; cntr_array_0++) { NDR_CHECK(ndr_pull_drsuapi_DsReplicaConnection04(ndr, NDR_SCALARS, &r->array[cntr_array_0])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_array_0, 0); @@ -11982,6 +12286,8 @@ static enum ndr_err_code ndr_push_drsuapi_DsReplica06(struct ndr_push *ndr, int static enum ndr_err_code ndr_pull_drsuapi_DsReplica06(struct ndr_pull *ndr, int ndr_flags, struct drsuapi_DsReplica06 *r) { uint32_t _ptr_str1; + uint32_t size_str1_1 = 0; + uint32_t length_str1_1 = 0; TALLOC_CTX *_mem_save_str1_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 8)); @@ -12006,11 +12312,13 @@ static enum ndr_err_code ndr_pull_drsuapi_DsReplica06(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->str1, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->str1)); NDR_CHECK(ndr_pull_array_length(ndr, &r->str1)); - if (ndr_get_array_length(ndr, &r->str1) > ndr_get_array_size(ndr, &r->str1)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->str1), ndr_get_array_length(ndr, &r->str1)); + size_str1_1 = ndr_get_array_size(ndr, &r->str1); + length_str1_1 = ndr_get_array_length(ndr, &r->str1); + if (length_str1_1 > size_str1_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_str1_1, length_str1_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->str1), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->str1, ndr_get_array_length(ndr, &r->str1), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_str1_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->str1, length_str1_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_str1_0, 0); } } @@ -12060,6 +12368,7 @@ static enum ndr_err_code ndr_push_drsuapi_DsReplica06Ctr(struct ndr_push *ndr, i static enum ndr_err_code ndr_pull_drsuapi_DsReplica06Ctr(struct ndr_pull *ndr, int ndr_flags, struct drsuapi_DsReplica06Ctr *r) { + uint32_t size_array_0 = 0; uint32_t cntr_array_0; TALLOC_CTX *_mem_save_array_0; if (ndr_flags & NDR_SCALARS) { @@ -12070,10 +12379,11 @@ static enum ndr_err_code ndr_pull_drsuapi_DsReplica06Ctr(struct ndr_pull *ndr, i return ndr_pull_error(ndr, NDR_ERR_RANGE, "value out of range"); } NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->reserved)); - NDR_PULL_ALLOC_N(ndr, r->array, ndr_get_array_size(ndr, &r->array)); + size_array_0 = ndr_get_array_size(ndr, &r->array); + NDR_PULL_ALLOC_N(ndr, r->array, size_array_0); _mem_save_array_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); - for (cntr_array_0 = 0; cntr_array_0 < r->count; cntr_array_0++) { + for (cntr_array_0 = 0; cntr_array_0 < size_array_0; cntr_array_0++) { NDR_CHECK(ndr_pull_drsuapi_DsReplica06(ndr, NDR_SCALARS, &r->array[cntr_array_0])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_array_0, 0); @@ -12083,9 +12393,10 @@ static enum ndr_err_code ndr_pull_drsuapi_DsReplica06Ctr(struct ndr_pull *ndr, i NDR_CHECK(ndr_pull_trailer_align(ndr, 8)); } if (ndr_flags & NDR_BUFFERS) { + size_array_0 = ndr_get_array_size(ndr, &r->array); _mem_save_array_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); - for (cntr_array_0 = 0; cntr_array_0 < r->count; cntr_array_0++) { + for (cntr_array_0 = 0; cntr_array_0 < size_array_0; cntr_array_0++) { NDR_CHECK(ndr_pull_drsuapi_DsReplica06(ndr, NDR_BUFFERS, &r->array[cntr_array_0])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_array_0, 0); @@ -12289,20 +12600,35 @@ static enum ndr_err_code ndr_pull_drsuapi_DsReplicaInfo(struct ndr_pull *ndr, in int level; uint32_t _level; TALLOC_CTX *_mem_save_neighbours_0; + uint32_t _ptr_neighbours; TALLOC_CTX *_mem_save_cursors_0; + uint32_t _ptr_cursors; TALLOC_CTX *_mem_save_objmetadata_0; + uint32_t _ptr_objmetadata; TALLOC_CTX *_mem_save_connectfailures_0; + uint32_t _ptr_connectfailures; TALLOC_CTX *_mem_save_linkfailures_0; + uint32_t _ptr_linkfailures; TALLOC_CTX *_mem_save_pendingops_0; + uint32_t _ptr_pendingops; TALLOC_CTX *_mem_save_attrvalmetadata_0; + uint32_t _ptr_attrvalmetadata; TALLOC_CTX *_mem_save_cursors2_0; + uint32_t _ptr_cursors2; TALLOC_CTX *_mem_save_cursors3_0; + uint32_t _ptr_cursors3; TALLOC_CTX *_mem_save_objmetadata2_0; + uint32_t _ptr_objmetadata2; TALLOC_CTX *_mem_save_attrvalmetadata2_0; + uint32_t _ptr_attrvalmetadata2; TALLOC_CTX *_mem_save_neighbours02_0; + uint32_t _ptr_neighbours02; TALLOC_CTX *_mem_save_connections04_0; + uint32_t _ptr_connections04; TALLOC_CTX *_mem_save_cursors05_0; + uint32_t _ptr_cursors05; TALLOC_CTX *_mem_save_i06_0; + uint32_t _ptr_i06; level = ndr_pull_get_switch_value(ndr, r); if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &_level)); @@ -12312,7 +12638,6 @@ static enum ndr_err_code ndr_pull_drsuapi_DsReplicaInfo(struct ndr_pull *ndr, in NDR_CHECK(ndr_pull_union_align(ndr, 5)); switch (level) { case DRSUAPI_DS_REPLICA_INFO_NEIGHBORS: { - uint32_t _ptr_neighbours; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_neighbours)); if (_ptr_neighbours) { NDR_PULL_ALLOC(ndr, r->neighbours); @@ -12322,7 +12647,6 @@ static enum ndr_err_code ndr_pull_drsuapi_DsReplicaInfo(struct ndr_pull *ndr, in break; } case DRSUAPI_DS_REPLICA_INFO_CURSORS: { - uint32_t _ptr_cursors; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_cursors)); if (_ptr_cursors) { NDR_PULL_ALLOC(ndr, r->cursors); @@ -12332,7 +12656,6 @@ static enum ndr_err_code ndr_pull_drsuapi_DsReplicaInfo(struct ndr_pull *ndr, in break; } case DRSUAPI_DS_REPLICA_INFO_OBJ_METADATA: { - uint32_t _ptr_objmetadata; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_objmetadata)); if (_ptr_objmetadata) { NDR_PULL_ALLOC(ndr, r->objmetadata); @@ -12342,7 +12665,6 @@ static enum ndr_err_code ndr_pull_drsuapi_DsReplicaInfo(struct ndr_pull *ndr, in break; } case DRSUAPI_DS_REPLICA_INFO_KCC_DSA_CONNECT_FAILURES: { - uint32_t _ptr_connectfailures; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_connectfailures)); if (_ptr_connectfailures) { NDR_PULL_ALLOC(ndr, r->connectfailures); @@ -12352,7 +12674,6 @@ static enum ndr_err_code ndr_pull_drsuapi_DsReplicaInfo(struct ndr_pull *ndr, in break; } case DRSUAPI_DS_REPLICA_INFO_KCC_DSA_LINK_FAILURES: { - uint32_t _ptr_linkfailures; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_linkfailures)); if (_ptr_linkfailures) { NDR_PULL_ALLOC(ndr, r->linkfailures); @@ -12362,7 +12683,6 @@ static enum ndr_err_code ndr_pull_drsuapi_DsReplicaInfo(struct ndr_pull *ndr, in break; } case DRSUAPI_DS_REPLICA_INFO_PENDING_OPS: { - uint32_t _ptr_pendingops; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_pendingops)); if (_ptr_pendingops) { NDR_PULL_ALLOC(ndr, r->pendingops); @@ -12372,7 +12692,6 @@ static enum ndr_err_code ndr_pull_drsuapi_DsReplicaInfo(struct ndr_pull *ndr, in break; } case DRSUAPI_DS_REPLICA_INFO_ATTRIBUTE_VALUE_METADATA: { - uint32_t _ptr_attrvalmetadata; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_attrvalmetadata)); if (_ptr_attrvalmetadata) { NDR_PULL_ALLOC(ndr, r->attrvalmetadata); @@ -12382,7 +12701,6 @@ static enum ndr_err_code ndr_pull_drsuapi_DsReplicaInfo(struct ndr_pull *ndr, in break; } case DRSUAPI_DS_REPLICA_INFO_CURSORS2: { - uint32_t _ptr_cursors2; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_cursors2)); if (_ptr_cursors2) { NDR_PULL_ALLOC(ndr, r->cursors2); @@ -12392,7 +12710,6 @@ static enum ndr_err_code ndr_pull_drsuapi_DsReplicaInfo(struct ndr_pull *ndr, in break; } case DRSUAPI_DS_REPLICA_INFO_CURSORS3: { - uint32_t _ptr_cursors3; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_cursors3)); if (_ptr_cursors3) { NDR_PULL_ALLOC(ndr, r->cursors3); @@ -12402,7 +12719,6 @@ static enum ndr_err_code ndr_pull_drsuapi_DsReplicaInfo(struct ndr_pull *ndr, in break; } case DRSUAPI_DS_REPLICA_INFO_OBJ_METADATA2: { - uint32_t _ptr_objmetadata2; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_objmetadata2)); if (_ptr_objmetadata2) { NDR_PULL_ALLOC(ndr, r->objmetadata2); @@ -12412,7 +12728,6 @@ static enum ndr_err_code ndr_pull_drsuapi_DsReplicaInfo(struct ndr_pull *ndr, in break; } case DRSUAPI_DS_REPLICA_INFO_ATTRIBUTE_VALUE_METADATA2: { - uint32_t _ptr_attrvalmetadata2; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_attrvalmetadata2)); if (_ptr_attrvalmetadata2) { NDR_PULL_ALLOC(ndr, r->attrvalmetadata2); @@ -12422,7 +12737,6 @@ static enum ndr_err_code ndr_pull_drsuapi_DsReplicaInfo(struct ndr_pull *ndr, in break; } case DRSUAPI_DS_REPLICA_INFO_NEIGHBORS02: { - uint32_t _ptr_neighbours02; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_neighbours02)); if (_ptr_neighbours02) { NDR_PULL_ALLOC(ndr, r->neighbours02); @@ -12432,7 +12746,6 @@ static enum ndr_err_code ndr_pull_drsuapi_DsReplicaInfo(struct ndr_pull *ndr, in break; } case DRSUAPI_DS_REPLICA_INFO_CONNECTIONS04: { - uint32_t _ptr_connections04; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_connections04)); if (_ptr_connections04) { NDR_PULL_ALLOC(ndr, r->connections04); @@ -12442,7 +12755,6 @@ static enum ndr_err_code ndr_pull_drsuapi_DsReplicaInfo(struct ndr_pull *ndr, in break; } case DRSUAPI_DS_REPLICA_INFO_CURSORS05: { - uint32_t _ptr_cursors05; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_cursors05)); if (_ptr_cursors05) { NDR_PULL_ALLOC(ndr, r->cursors05); @@ -12452,7 +12764,6 @@ static enum ndr_err_code ndr_pull_drsuapi_DsReplicaInfo(struct ndr_pull *ndr, in break; } case DRSUAPI_DS_REPLICA_INFO_06: { - uint32_t _ptr_i06; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_i06)); if (_ptr_i06) { NDR_PULL_ALLOC(ndr, r->i06); @@ -12860,6 +13171,7 @@ static enum ndr_err_code ndr_push_drsuapi_DsGetMemberships2Request1(struct ndr_p static enum ndr_err_code ndr_pull_drsuapi_DsGetMemberships2Request1(struct ndr_pull *ndr, int ndr_flags, struct drsuapi_DsGetMemberships2Request1 *r) { uint32_t _ptr_req_array; + uint32_t size_req_array_1 = 0; uint32_t cntr_req_array_1; TALLOC_CTX *_mem_save_req_array_0; TALLOC_CTX *_mem_save_req_array_1; @@ -12883,10 +13195,11 @@ static enum ndr_err_code ndr_pull_drsuapi_DsGetMemberships2Request1(struct ndr_p _mem_save_req_array_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->req_array, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->req_array)); - NDR_PULL_ALLOC_N(ndr, r->req_array, ndr_get_array_size(ndr, &r->req_array)); + size_req_array_1 = ndr_get_array_size(ndr, &r->req_array); + NDR_PULL_ALLOC_N(ndr, r->req_array, size_req_array_1); _mem_save_req_array_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->req_array, 0); - for (cntr_req_array_1 = 0; cntr_req_array_1 < r->num_req; cntr_req_array_1++) { + for (cntr_req_array_1 = 0; cntr_req_array_1 < size_req_array_1; cntr_req_array_1++) { NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_req_array)); if (_ptr_req_array) { NDR_PULL_ALLOC(ndr, r->req_array[cntr_req_array_1]); @@ -12894,7 +13207,7 @@ static enum ndr_err_code ndr_pull_drsuapi_DsGetMemberships2Request1(struct ndr_p r->req_array[cntr_req_array_1] = NULL; } } - for (cntr_req_array_1 = 0; cntr_req_array_1 < r->num_req; cntr_req_array_1++) { + for (cntr_req_array_1 = 0; cntr_req_array_1 < size_req_array_1; cntr_req_array_1++) { if (r->req_array[cntr_req_array_1]) { _mem_save_req_array_2 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->req_array[cntr_req_array_1], 0); @@ -13077,6 +13390,7 @@ static enum ndr_err_code ndr_push_drsuapi_QuerySitesByCostCtr1(struct ndr_push * static enum ndr_err_code ndr_pull_drsuapi_QuerySitesByCostCtr1(struct ndr_pull *ndr, int ndr_flags, struct drsuapi_QuerySitesByCostCtr1 *r) { uint32_t _ptr_info; + uint32_t size_info_1 = 0; uint32_t cntr_info_1; TALLOC_CTX *_mem_save_info_0; TALLOC_CTX *_mem_save_info_1; @@ -13100,10 +13414,11 @@ static enum ndr_err_code ndr_pull_drsuapi_QuerySitesByCostCtr1(struct ndr_pull * _mem_save_info_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->info, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->info)); - NDR_PULL_ALLOC_N(ndr, r->info, ndr_get_array_size(ndr, &r->info)); + size_info_1 = ndr_get_array_size(ndr, &r->info); + NDR_PULL_ALLOC_N(ndr, r->info, size_info_1); _mem_save_info_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->info, 0); - for (cntr_info_1 = 0; cntr_info_1 < r->num_info; cntr_info_1++) { + for (cntr_info_1 = 0; cntr_info_1 < size_info_1; cntr_info_1++) { NDR_CHECK(ndr_pull_drsuapi_DsSiteCostInfo(ndr, NDR_SCALARS, &r->info[cntr_info_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_info_1, 0); @@ -13257,9 +13572,14 @@ static enum ndr_err_code ndr_push_drsuapi_QuerySitesByCostRequest1(struct ndr_pu static enum ndr_err_code ndr_pull_drsuapi_QuerySitesByCostRequest1(struct ndr_pull *ndr, int ndr_flags, struct drsuapi_QuerySitesByCostRequest1 *r) { uint32_t _ptr_site_from; + uint32_t size_site_from_1 = 0; + uint32_t length_site_from_1 = 0; TALLOC_CTX *_mem_save_site_from_0; uint32_t _ptr_site_to; + uint32_t size_site_to_1 = 0; uint32_t cntr_site_to_1; + uint32_t size_site_to_3 = 0; + uint32_t length_site_to_3 = 0; TALLOC_CTX *_mem_save_site_to_0; TALLOC_CTX *_mem_save_site_to_1; TALLOC_CTX *_mem_save_site_to_2; @@ -13290,21 +13610,24 @@ static enum ndr_err_code ndr_pull_drsuapi_QuerySitesByCostRequest1(struct ndr_pu NDR_PULL_SET_MEM_CTX(ndr, r->site_from, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->site_from)); NDR_CHECK(ndr_pull_array_length(ndr, &r->site_from)); - if (ndr_get_array_length(ndr, &r->site_from) > ndr_get_array_size(ndr, &r->site_from)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->site_from), ndr_get_array_length(ndr, &r->site_from)); + size_site_from_1 = ndr_get_array_size(ndr, &r->site_from); + length_site_from_1 = ndr_get_array_length(ndr, &r->site_from); + if (length_site_from_1 > size_site_from_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_site_from_1, length_site_from_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->site_from), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->site_from, ndr_get_array_length(ndr, &r->site_from), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_site_from_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->site_from, length_site_from_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_site_from_0, 0); } if (r->site_to) { _mem_save_site_to_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->site_to, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->site_to)); - NDR_PULL_ALLOC_N(ndr, r->site_to, ndr_get_array_size(ndr, &r->site_to)); + size_site_to_1 = ndr_get_array_size(ndr, &r->site_to); + NDR_PULL_ALLOC_N(ndr, r->site_to, size_site_to_1); _mem_save_site_to_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->site_to, 0); - for (cntr_site_to_1 = 0; cntr_site_to_1 < r->num_req; cntr_site_to_1++) { + for (cntr_site_to_1 = 0; cntr_site_to_1 < size_site_to_1; cntr_site_to_1++) { NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_site_to)); if (_ptr_site_to) { NDR_PULL_ALLOC(ndr, r->site_to[cntr_site_to_1]); @@ -13312,17 +13635,19 @@ static enum ndr_err_code ndr_pull_drsuapi_QuerySitesByCostRequest1(struct ndr_pu r->site_to[cntr_site_to_1] = NULL; } } - for (cntr_site_to_1 = 0; cntr_site_to_1 < r->num_req; cntr_site_to_1++) { + for (cntr_site_to_1 = 0; cntr_site_to_1 < size_site_to_1; cntr_site_to_1++) { if (r->site_to[cntr_site_to_1]) { _mem_save_site_to_2 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->site_to[cntr_site_to_1], 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->site_to[cntr_site_to_1])); NDR_CHECK(ndr_pull_array_length(ndr, &r->site_to[cntr_site_to_1])); - if (ndr_get_array_length(ndr, &r->site_to[cntr_site_to_1]) > ndr_get_array_size(ndr, &r->site_to[cntr_site_to_1])) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->site_to[cntr_site_to_1]), ndr_get_array_length(ndr, &r->site_to[cntr_site_to_1])); + size_site_to_3 = ndr_get_array_size(ndr, &r->site_to[cntr_site_to_1]); + length_site_to_3 = ndr_get_array_length(ndr, &r->site_to[cntr_site_to_1]); + if (length_site_to_3 > size_site_to_3) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_site_to_3, length_site_to_3); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->site_to[cntr_site_to_1]), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->site_to[cntr_site_to_1], ndr_get_array_length(ndr, &r->site_to[cntr_site_to_1]), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_site_to_3, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->site_to[cntr_site_to_1], length_site_to_3, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_site_to_2, 0); } } diff --git a/librpc/gen_ndr/ndr_dssetup.c b/librpc/gen_ndr/ndr_dssetup.c index 27b839b..2d6b130 100644 --- a/librpc/gen_ndr/ndr_dssetup.c +++ b/librpc/gen_ndr/ndr_dssetup.c @@ -96,10 +96,16 @@ static enum ndr_err_code ndr_push_dssetup_DsRolePrimaryDomInfoBasic(struct ndr_p static enum ndr_err_code ndr_pull_dssetup_DsRolePrimaryDomInfoBasic(struct ndr_pull *ndr, int ndr_flags, struct dssetup_DsRolePrimaryDomInfoBasic *r) { uint32_t _ptr_domain; + uint32_t size_domain_1 = 0; + uint32_t length_domain_1 = 0; TALLOC_CTX *_mem_save_domain_0; uint32_t _ptr_dns_domain; + uint32_t size_dns_domain_1 = 0; + uint32_t length_dns_domain_1 = 0; TALLOC_CTX *_mem_save_dns_domain_0; uint32_t _ptr_forest; + uint32_t size_forest_1 = 0; + uint32_t length_forest_1 = 0; TALLOC_CTX *_mem_save_forest_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 5)); @@ -132,11 +138,13 @@ static enum ndr_err_code ndr_pull_dssetup_DsRolePrimaryDomInfoBasic(struct ndr_p NDR_PULL_SET_MEM_CTX(ndr, r->domain, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->domain)); NDR_CHECK(ndr_pull_array_length(ndr, &r->domain)); - if (ndr_get_array_length(ndr, &r->domain) > ndr_get_array_size(ndr, &r->domain)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->domain), ndr_get_array_length(ndr, &r->domain)); + size_domain_1 = ndr_get_array_size(ndr, &r->domain); + length_domain_1 = ndr_get_array_length(ndr, &r->domain); + if (length_domain_1 > size_domain_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_domain_1, length_domain_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->domain), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->domain, ndr_get_array_length(ndr, &r->domain), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_domain_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->domain, length_domain_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_domain_0, 0); } if (r->dns_domain) { @@ -144,11 +152,13 @@ static enum ndr_err_code ndr_pull_dssetup_DsRolePrimaryDomInfoBasic(struct ndr_p NDR_PULL_SET_MEM_CTX(ndr, r->dns_domain, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->dns_domain)); NDR_CHECK(ndr_pull_array_length(ndr, &r->dns_domain)); - if (ndr_get_array_length(ndr, &r->dns_domain) > ndr_get_array_size(ndr, &r->dns_domain)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->dns_domain), ndr_get_array_length(ndr, &r->dns_domain)); + size_dns_domain_1 = ndr_get_array_size(ndr, &r->dns_domain); + length_dns_domain_1 = ndr_get_array_length(ndr, &r->dns_domain); + if (length_dns_domain_1 > size_dns_domain_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_dns_domain_1, length_dns_domain_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->dns_domain), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->dns_domain, ndr_get_array_length(ndr, &r->dns_domain), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_dns_domain_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->dns_domain, length_dns_domain_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_dns_domain_0, 0); } if (r->forest) { @@ -156,11 +166,13 @@ static enum ndr_err_code ndr_pull_dssetup_DsRolePrimaryDomInfoBasic(struct ndr_p NDR_PULL_SET_MEM_CTX(ndr, r->forest, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->forest)); NDR_CHECK(ndr_pull_array_length(ndr, &r->forest)); - if (ndr_get_array_length(ndr, &r->forest) > ndr_get_array_size(ndr, &r->forest)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->forest), ndr_get_array_length(ndr, &r->forest)); + size_forest_1 = ndr_get_array_size(ndr, &r->forest); + length_forest_1 = ndr_get_array_length(ndr, &r->forest); + if (length_forest_1 > size_forest_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_forest_1, length_forest_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->forest), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->forest, ndr_get_array_length(ndr, &r->forest), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_forest_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->forest, length_forest_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_forest_0, 0); } } diff --git a/librpc/gen_ndr/ndr_echo.c b/librpc/gen_ndr/ndr_echo.c index 4c54ff4..3536291 100644 --- a/librpc/gen_ndr/ndr_echo.c +++ b/librpc/gen_ndr/ndr_echo.c @@ -616,16 +616,18 @@ static enum ndr_err_code ndr_push_echo_Surrounding(struct ndr_push *ndr, int ndr static enum ndr_err_code ndr_pull_echo_Surrounding(struct ndr_pull *ndr, int ndr_flags, struct echo_Surrounding *r) { + uint32_t size_surrounding_0 = 0; uint32_t cntr_surrounding_0; TALLOC_CTX *_mem_save_surrounding_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_array_size(ndr, &r->surrounding)); NDR_CHECK(ndr_pull_align(ndr, 4)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->x)); - NDR_PULL_ALLOC_N(ndr, r->surrounding, ndr_get_array_size(ndr, &r->surrounding)); + size_surrounding_0 = ndr_get_array_size(ndr, &r->surrounding); + NDR_PULL_ALLOC_N(ndr, r->surrounding, size_surrounding_0); _mem_save_surrounding_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->surrounding, 0); - for (cntr_surrounding_0 = 0; cntr_surrounding_0 < r->x; cntr_surrounding_0++) { + for (cntr_surrounding_0 = 0; cntr_surrounding_0 < size_surrounding_0; cntr_surrounding_0++) { NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, &r->surrounding[cntr_surrounding_0])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_surrounding_0, 0); @@ -735,21 +737,25 @@ static enum ndr_err_code ndr_push_echo_EchoData(struct ndr_push *ndr, int flags, static enum ndr_err_code ndr_pull_echo_EchoData(struct ndr_pull *ndr, int flags, struct echo_EchoData *r) { + uint32_t size_in_data_0 = 0; + uint32_t size_out_data_0 = 0; if (flags & NDR_IN) { ZERO_STRUCT(r->out); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.len)); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.in_data)); - NDR_PULL_ALLOC_N(ndr, r->in.in_data, ndr_get_array_size(ndr, &r->in.in_data)); - NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->in.in_data, ndr_get_array_size(ndr, &r->in.in_data))); + size_in_data_0 = ndr_get_array_size(ndr, &r->in.in_data); + NDR_PULL_ALLOC_N(ndr, r->in.in_data, size_in_data_0); + NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->in.in_data, size_in_data_0)); if (r->in.in_data) { NDR_CHECK(ndr_check_array_size(ndr, (void*)&r->in.in_data, r->in.len)); } } if (flags & NDR_OUT) { NDR_CHECK(ndr_pull_array_size(ndr, &r->out.out_data)); - NDR_PULL_ALLOC_N(ndr, r->out.out_data, ndr_get_array_size(ndr, &r->out.out_data)); - NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->out.out_data, ndr_get_array_size(ndr, &r->out.out_data))); + size_out_data_0 = ndr_get_array_size(ndr, &r->out.out_data); + NDR_PULL_ALLOC_N(ndr, r->out.out_data, size_out_data_0); + NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->out.out_data, size_out_data_0)); if (r->out.out_data) { NDR_CHECK(ndr_check_array_size(ndr, (void*)&r->out.out_data, r->in.len)); } @@ -794,11 +800,13 @@ static enum ndr_err_code ndr_push_echo_SinkData(struct ndr_push *ndr, int flags, static enum ndr_err_code ndr_pull_echo_SinkData(struct ndr_pull *ndr, int flags, struct echo_SinkData *r) { + uint32_t size_data_0 = 0; if (flags & NDR_IN) { NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.len)); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.data)); - NDR_PULL_ALLOC_N(ndr, r->in.data, ndr_get_array_size(ndr, &r->in.data)); - NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->in.data, ndr_get_array_size(ndr, &r->in.data))); + size_data_0 = ndr_get_array_size(ndr, &r->in.data); + NDR_PULL_ALLOC_N(ndr, r->in.data, size_data_0); + NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->in.data, size_data_0)); if (r->in.data) { NDR_CHECK(ndr_check_array_size(ndr, (void*)&r->in.data, r->in.len)); } @@ -844,6 +852,7 @@ static enum ndr_err_code ndr_push_echo_SourceData(struct ndr_push *ndr, int flag static enum ndr_err_code ndr_pull_echo_SourceData(struct ndr_pull *ndr, int flags, struct echo_SourceData *r) { + uint32_t size_data_0 = 0; if (flags & NDR_IN) { ZERO_STRUCT(r->out); @@ -851,8 +860,9 @@ static enum ndr_err_code ndr_pull_echo_SourceData(struct ndr_pull *ndr, int flag } if (flags & NDR_OUT) { NDR_CHECK(ndr_pull_array_size(ndr, &r->out.data)); - NDR_PULL_ALLOC_N(ndr, r->out.data, ndr_get_array_size(ndr, &r->out.data)); - NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->out.data, ndr_get_array_size(ndr, &r->out.data))); + size_data_0 = ndr_get_array_size(ndr, &r->out.data); + NDR_PULL_ALLOC_N(ndr, r->out.data, size_data_0); + NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->out.data, size_data_0)); if (r->out.data) { NDR_CHECK(ndr_check_array_size(ndr, (void*)&r->out.data, r->in.len)); } @@ -910,7 +920,11 @@ static enum ndr_err_code ndr_push_echo_TestCall(struct ndr_push *ndr, int flags, static enum ndr_err_code ndr_pull_echo_TestCall(struct ndr_pull *ndr, int flags, struct echo_TestCall *r) { + uint32_t size_s1_1 = 0; + uint32_t length_s1_1 = 0; uint32_t _ptr_s2; + uint32_t size_s2_2 = 0; + uint32_t length_s2_2 = 0; TALLOC_CTX *_mem_save_s2_0; TALLOC_CTX *_mem_save_s2_1; if (flags & NDR_IN) { @@ -918,11 +932,13 @@ static enum ndr_err_code ndr_pull_echo_TestCall(struct ndr_pull *ndr, int flags, NDR_CHECK(ndr_pull_array_size(ndr, &r->in.s1)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.s1)); - if (ndr_get_array_length(ndr, &r->in.s1) > ndr_get_array_size(ndr, &r->in.s1)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.s1), ndr_get_array_length(ndr, &r->in.s1)); + size_s1_1 = ndr_get_array_size(ndr, &r->in.s1); + length_s1_1 = ndr_get_array_length(ndr, &r->in.s1); + if (length_s1_1 > size_s1_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_s1_1, length_s1_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.s1), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.s1, ndr_get_array_length(ndr, &r->in.s1), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_s1_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.s1, length_s1_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_ALLOC(ndr, r->out.s2); ZERO_STRUCTP(r->out.s2); } @@ -943,11 +959,13 @@ static enum ndr_err_code ndr_pull_echo_TestCall(struct ndr_pull *ndr, int flags, NDR_PULL_SET_MEM_CTX(ndr, *r->out.s2, 0); NDR_CHECK(ndr_pull_array_size(ndr, r->out.s2)); NDR_CHECK(ndr_pull_array_length(ndr, r->out.s2)); - if (ndr_get_array_length(ndr, r->out.s2) > ndr_get_array_size(ndr, r->out.s2)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, r->out.s2), ndr_get_array_length(ndr, r->out.s2)); + size_s2_2 = ndr_get_array_size(ndr, r->out.s2); + length_s2_2 = ndr_get_array_length(ndr, r->out.s2); + if (length_s2_2 > size_s2_2) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_s2_2, length_s2_2); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, r->out.s2), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, r->out.s2, ndr_get_array_length(ndr, r->out.s2), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_s2_2, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, r->out.s2, length_s2_2, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_s2_1, 0); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_s2_0, LIBNDR_FLAG_REF_ALLOC); diff --git a/librpc/gen_ndr/ndr_epmapper.c b/librpc/gen_ndr/ndr_epmapper.c index 5c3abe7..3898700 100644 --- a/librpc/gen_ndr/ndr_epmapper.c +++ b/librpc/gen_ndr/ndr_epmapper.c @@ -1590,6 +1590,7 @@ static enum ndr_err_code ndr_push_epm_tower(struct ndr_push *ndr, int ndr_flags, static enum ndr_err_code ndr_pull_epm_tower(struct ndr_pull *ndr, int ndr_flags, struct epm_tower *r) { + uint32_t size_floors_0 = 0; uint32_t cntr_floors_0; TALLOC_CTX *_mem_save_floors_0; { @@ -1598,10 +1599,11 @@ static enum ndr_err_code ndr_pull_epm_tower(struct ndr_pull *ndr, int ndr_flags, if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 2)); NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, &r->num_floors)); - NDR_PULL_ALLOC_N(ndr, r->floors, r->num_floors); + size_floors_0 = r->num_floors; + NDR_PULL_ALLOC_N(ndr, r->floors, size_floors_0); _mem_save_floors_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->floors, 0); - for (cntr_floors_0 = 0; cntr_floors_0 < r->num_floors; cntr_floors_0++) { + for (cntr_floors_0 = 0; cntr_floors_0 < size_floors_0; cntr_floors_0++) { NDR_CHECK(ndr_pull_epm_floor(ndr, NDR_SCALARS, &r->floors[cntr_floors_0])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_floors_0, 0); @@ -1712,6 +1714,7 @@ static enum ndr_err_code ndr_pull_epm_entry_t(struct ndr_pull *ndr, int ndr_flag { uint32_t _ptr_tower; TALLOC_CTX *_mem_save_tower_0; + uint32_t size_annotation_0 = 0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 5)); NDR_CHECK(ndr_pull_GUID(ndr, NDR_SCALARS, &r->object)); @@ -1723,7 +1726,8 @@ static enum ndr_err_code ndr_pull_epm_entry_t(struct ndr_pull *ndr, int ndr_flag } NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->__annotation_offset)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->__annotation_length)); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->annotation, r->__annotation_length, sizeof(uint8_t), CH_DOS)); + size_annotation_0 = r->__annotation_length; + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->annotation, size_annotation_0, sizeof(uint8_t), CH_DOS)); NDR_CHECK(ndr_pull_trailer_align(ndr, 5)); } if (ndr_flags & NDR_BUFFERS) { @@ -1867,18 +1871,20 @@ static enum ndr_err_code ndr_push_epm_Insert(struct ndr_push *ndr, int flags, co static enum ndr_err_code ndr_pull_epm_Insert(struct ndr_pull *ndr, int flags, struct epm_Insert *r) { + uint32_t size_entries_0 = 0; uint32_t cntr_entries_0; TALLOC_CTX *_mem_save_entries_0; if (flags & NDR_IN) { NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.num_ents)); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.entries)); - NDR_PULL_ALLOC_N(ndr, r->in.entries, ndr_get_array_size(ndr, &r->in.entries)); + size_entries_0 = ndr_get_array_size(ndr, &r->in.entries); + NDR_PULL_ALLOC_N(ndr, r->in.entries, size_entries_0); _mem_save_entries_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->in.entries, 0); - for (cntr_entries_0 = 0; cntr_entries_0 < r->in.num_ents; cntr_entries_0++) { + for (cntr_entries_0 = 0; cntr_entries_0 < size_entries_0; cntr_entries_0++) { NDR_CHECK(ndr_pull_epm_entry_t(ndr, NDR_SCALARS, &r->in.entries[cntr_entries_0])); } - for (cntr_entries_0 = 0; cntr_entries_0 < r->in.num_ents; cntr_entries_0++) { + for (cntr_entries_0 = 0; cntr_entries_0 < size_entries_0; cntr_entries_0++) { NDR_CHECK(ndr_pull_epm_entry_t(ndr, NDR_BUFFERS, &r->in.entries[cntr_entries_0])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_entries_0, 0); @@ -1948,18 +1954,20 @@ static enum ndr_err_code ndr_push_epm_Delete(struct ndr_push *ndr, int flags, co static enum ndr_err_code ndr_pull_epm_Delete(struct ndr_pull *ndr, int flags, struct epm_Delete *r) { + uint32_t size_entries_0 = 0; uint32_t cntr_entries_0; TALLOC_CTX *_mem_save_entries_0; if (flags & NDR_IN) { NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.num_ents)); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.entries)); - NDR_PULL_ALLOC_N(ndr, r->in.entries, ndr_get_array_size(ndr, &r->in.entries)); + size_entries_0 = ndr_get_array_size(ndr, &r->in.entries); + NDR_PULL_ALLOC_N(ndr, r->in.entries, size_entries_0); _mem_save_entries_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->in.entries, 0); - for (cntr_entries_0 = 0; cntr_entries_0 < r->in.num_ents; cntr_entries_0++) { + for (cntr_entries_0 = 0; cntr_entries_0 < size_entries_0; cntr_entries_0++) { NDR_CHECK(ndr_pull_epm_entry_t(ndr, NDR_SCALARS, &r->in.entries[cntr_entries_0])); } - for (cntr_entries_0 = 0; cntr_entries_0 < r->in.num_ents; cntr_entries_0++) { + for (cntr_entries_0 = 0; cntr_entries_0 < size_entries_0; cntr_entries_0++) { NDR_CHECK(ndr_pull_epm_entry_t(ndr, NDR_BUFFERS, &r->in.entries[cntr_entries_0])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_entries_0, 0); @@ -2053,6 +2061,8 @@ static enum ndr_err_code ndr_pull_epm_Lookup(struct ndr_pull *ndr, int flags, st { uint32_t _ptr_object; uint32_t _ptr_interface_id; + uint32_t size_entries_0 = 0; + uint32_t length_entries_0 = 0; uint32_t cntr_entries_0; TALLOC_CTX *_mem_save_object_0; TALLOC_CTX *_mem_save_interface_id_0; @@ -2118,16 +2128,18 @@ static enum ndr_err_code ndr_pull_epm_Lookup(struct ndr_pull *ndr, int flags, st NDR_PULL_SET_MEM_CTX(ndr, _mem_save_num_ents_0, LIBNDR_FLAG_REF_ALLOC); NDR_CHECK(ndr_pull_array_size(ndr, &r->out.entries)); NDR_CHECK(ndr_pull_array_length(ndr, &r->out.entries)); - if (ndr_get_array_length(ndr, &r->out.entries) > ndr_get_array_size(ndr, &r->out.entries)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->out.entries), ndr_get_array_length(ndr, &r->out.entries)); + size_entries_0 = ndr_get_array_size(ndr, &r->out.entries); + length_entries_0 = ndr_get_array_length(ndr, &r->out.entries); + if (length_entries_0 > size_entries_0) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_entries_0, length_entries_0); } - NDR_PULL_ALLOC_N(ndr, r->out.entries, ndr_get_array_size(ndr, &r->out.entries)); + NDR_PULL_ALLOC_N(ndr, r->out.entries, size_entries_0); _mem_save_entries_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->out.entries, 0); - for (cntr_entries_0 = 0; cntr_entries_0 < ndr_get_array_length(ndr, &r->out.entries); cntr_entries_0++) { + for (cntr_entries_0 = 0; cntr_entries_0 < length_entries_0; cntr_entries_0++) { NDR_CHECK(ndr_pull_epm_entry_t(ndr, NDR_SCALARS, &r->out.entries[cntr_entries_0])); } - for (cntr_entries_0 = 0; cntr_entries_0 < ndr_get_array_length(ndr, &r->out.entries); cntr_entries_0++) { + for (cntr_entries_0 = 0; cntr_entries_0 < length_entries_0; cntr_entries_0++) { NDR_CHECK(ndr_pull_epm_entry_t(ndr, NDR_BUFFERS, &r->out.entries[cntr_entries_0])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_entries_0, 0); @@ -2246,6 +2258,8 @@ _PUBLIC_ enum ndr_err_code ndr_pull_epm_Map(struct ndr_pull *ndr, int flags, str { uint32_t _ptr_object; uint32_t _ptr_map_tower; + uint32_t size_towers_0 = 0; + uint32_t length_towers_0 = 0; uint32_t cntr_towers_0; TALLOC_CTX *_mem_save_object_0; TALLOC_CTX *_mem_save_map_tower_0; @@ -2309,16 +2323,18 @@ _PUBLIC_ enum ndr_err_code ndr_pull_epm_Map(struct ndr_pull *ndr, int flags, str NDR_PULL_SET_MEM_CTX(ndr, _mem_save_num_towers_0, LIBNDR_FLAG_REF_ALLOC); NDR_CHECK(ndr_pull_array_size(ndr, &r->out.towers)); NDR_CHECK(ndr_pull_array_length(ndr, &r->out.towers)); - if (ndr_get_array_length(ndr, &r->out.towers) > ndr_get_array_size(ndr, &r->out.towers)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->out.towers), ndr_get_array_length(ndr, &r->out.towers)); + size_towers_0 = ndr_get_array_size(ndr, &r->out.towers); + length_towers_0 = ndr_get_array_length(ndr, &r->out.towers); + if (length_towers_0 > size_towers_0) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_towers_0, length_towers_0); } - NDR_PULL_ALLOC_N(ndr, r->out.towers, ndr_get_array_size(ndr, &r->out.towers)); + NDR_PULL_ALLOC_N(ndr, r->out.towers, size_towers_0); _mem_save_towers_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->out.towers, 0); - for (cntr_towers_0 = 0; cntr_towers_0 < ndr_get_array_length(ndr, &r->out.towers); cntr_towers_0++) { + for (cntr_towers_0 = 0; cntr_towers_0 < length_towers_0; cntr_towers_0++) { NDR_CHECK(ndr_pull_epm_twr_p_t(ndr, NDR_SCALARS, &r->out.towers[cntr_towers_0])); } - for (cntr_towers_0 = 0; cntr_towers_0 < ndr_get_array_length(ndr, &r->out.towers); cntr_towers_0++) { + for (cntr_towers_0 = 0; cntr_towers_0 < length_towers_0; cntr_towers_0++) { NDR_CHECK(ndr_pull_epm_twr_p_t(ndr, NDR_BUFFERS, &r->out.towers[cntr_towers_0])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_towers_0, 0); diff --git a/librpc/gen_ndr/ndr_eventlog.c b/librpc/gen_ndr/ndr_eventlog.c index e0ac6d2..f56389b 100644 --- a/librpc/gen_ndr/ndr_eventlog.c +++ b/librpc/gen_ndr/ndr_eventlog.c @@ -156,6 +156,8 @@ _PUBLIC_ enum ndr_err_code ndr_push_eventlog_Record_tdb(struct ndr_push *ndr, in _PUBLIC_ enum ndr_err_code ndr_pull_eventlog_Record_tdb(struct ndr_pull *ndr, int ndr_flags, struct eventlog_Record_tdb *r) { + uint32_t size_reserved_0 = 0; + uint32_t size_strings_0 = 0; uint32_t cntr_strings_0; TALLOC_CTX *_mem_save_strings_0; { @@ -164,7 +166,8 @@ _PUBLIC_ enum ndr_err_code ndr_pull_eventlog_Record_tdb(struct ndr_pull *ndr, in if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->size)); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->reserved, 4, sizeof(uint8_t), CH_DOS)); + size_reserved_0 = 4; + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->reserved, size_reserved_0, sizeof(uint8_t), CH_DOS)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->record_number)); NDR_CHECK(ndr_pull_time_t(ndr, NDR_SCALARS, &r->time_generated)); NDR_CHECK(ndr_pull_time_t(ndr, NDR_SCALARS, &r->time_written)); @@ -202,10 +205,11 @@ _PUBLIC_ enum ndr_err_code ndr_pull_eventlog_Record_tdb(struct ndr_pull *ndr, in { uint32_t _flags_save_string = ndr->flags; ndr_set_flags(&ndr->flags, LIBNDR_FLAG_STR_NULLTERM|LIBNDR_FLAG_ALIGN2); - NDR_PULL_ALLOC_N(ndr, r->strings, r->num_of_strings); + size_strings_0 = r->num_of_strings; + NDR_PULL_ALLOC_N(ndr, r->strings, size_strings_0); _mem_save_strings_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->strings, 0); - for (cntr_strings_0 = 0; cntr_strings_0 < r->num_of_strings; cntr_strings_0++) { + for (cntr_strings_0 = 0; cntr_strings_0 < size_strings_0; cntr_strings_0++) { NDR_CHECK(ndr_pull_string(ndr, NDR_SCALARS, &r->strings[cntr_strings_0])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_strings_0, 0); @@ -322,10 +326,12 @@ _PUBLIC_ enum ndr_err_code ndr_push_EVENTLOGHEADER(struct ndr_push *ndr, int ndr _PUBLIC_ enum ndr_err_code ndr_pull_EVENTLOGHEADER(struct ndr_pull *ndr, int ndr_flags, struct EVENTLOGHEADER *r) { + uint32_t size_Signature_0 = 0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->HeaderSize)); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->Signature, 4, sizeof(uint8_t), CH_DOS)); + size_Signature_0 = 4; + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->Signature, size_Signature_0, sizeof(uint8_t), CH_DOS)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->MajorVersion)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->MinorVersion)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->StartOffset)); @@ -441,12 +447,16 @@ _PUBLIC_ enum ndr_err_code ndr_push_EVENTLOGRECORD(struct ndr_push *ndr, int ndr _PUBLIC_ enum ndr_err_code ndr_pull_EVENTLOGRECORD(struct ndr_pull *ndr, int ndr_flags, struct EVENTLOGRECORD *r) { + uint32_t size_Reserved_0 = 0; + uint32_t size_Strings_0 = 0; uint32_t cntr_Strings_0; TALLOC_CTX *_mem_save_Strings_0; + uint32_t size_Data_0 = 0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->Length)); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->Reserved, 4, sizeof(uint8_t), CH_DOS)); + size_Reserved_0 = 4; + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->Reserved, size_Reserved_0, sizeof(uint8_t), CH_DOS)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->RecordNumber)); NDR_CHECK(ndr_pull_time_t(ndr, NDR_SCALARS, &r->TimeGenerated)); NDR_CHECK(ndr_pull_time_t(ndr, NDR_SCALARS, &r->TimeWritten)); @@ -487,10 +497,11 @@ _PUBLIC_ enum ndr_err_code ndr_pull_EVENTLOGRECORD(struct ndr_pull *ndr, int ndr { uint32_t _flags_save_string = ndr->flags; ndr_set_flags(&ndr->flags, LIBNDR_FLAG_STR_NULLTERM|LIBNDR_FLAG_ALIGN2); - NDR_PULL_ALLOC_N(ndr, r->Strings, r->NumStrings); + size_Strings_0 = r->NumStrings; + NDR_PULL_ALLOC_N(ndr, r->Strings, size_Strings_0); _mem_save_Strings_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->Strings, 0); - for (cntr_Strings_0 = 0; cntr_Strings_0 < r->NumStrings; cntr_Strings_0++) { + for (cntr_Strings_0 = 0; cntr_Strings_0 < size_Strings_0; cntr_Strings_0++) { NDR_CHECK(ndr_pull_string(ndr, NDR_SCALARS, &r->Strings[cntr_Strings_0])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_Strings_0, 0); @@ -499,8 +510,9 @@ _PUBLIC_ enum ndr_err_code ndr_pull_EVENTLOGRECORD(struct ndr_pull *ndr, int ndr { uint32_t _flags_save_uint8 = ndr->flags; ndr_set_flags(&ndr->flags, LIBNDR_PRINT_ARRAY_HEX); - NDR_PULL_ALLOC_N(ndr, r->Data, r->DataLength); - NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->Data, r->DataLength)); + size_Data_0 = r->DataLength; + NDR_PULL_ALLOC_N(ndr, r->Data, size_Data_0); + NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->Data, size_Data_0)); ndr->flags = _flags_save_uint8; } { @@ -648,15 +660,17 @@ _PUBLIC_ enum ndr_err_code ndr_push_EVENTLOG_EVT_FILE(struct ndr_push *ndr, int _PUBLIC_ enum ndr_err_code ndr_pull_EVENTLOG_EVT_FILE(struct ndr_pull *ndr, int ndr_flags, struct EVENTLOG_EVT_FILE *r) { + uint32_t size_records_0 = 0; uint32_t cntr_records_0; TALLOC_CTX *_mem_save_records_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); NDR_CHECK(ndr_pull_EVENTLOGHEADER(ndr, NDR_SCALARS, &r->hdr)); - NDR_PULL_ALLOC_N(ndr, r->records, r->hdr.CurrentRecordNumber - r->hdr.OldestRecordNumber); + size_records_0 = r->hdr.CurrentRecordNumber - r->hdr.OldestRecordNumber; + NDR_PULL_ALLOC_N(ndr, r->records, size_records_0); _mem_save_records_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->records, 0); - for (cntr_records_0 = 0; cntr_records_0 < r->hdr.CurrentRecordNumber - r->hdr.OldestRecordNumber; cntr_records_0++) { + for (cntr_records_0 = 0; cntr_records_0 < size_records_0; cntr_records_0++) { NDR_CHECK(ndr_pull_EVENTLOGRECORD(ndr, NDR_SCALARS, &r->records[cntr_records_0])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_records_0, 0); @@ -664,9 +678,10 @@ _PUBLIC_ enum ndr_err_code ndr_pull_EVENTLOG_EVT_FILE(struct ndr_pull *ndr, int NDR_CHECK(ndr_pull_trailer_align(ndr, 4)); } if (ndr_flags & NDR_BUFFERS) { + size_records_0 = r->hdr.CurrentRecordNumber - r->hdr.OldestRecordNumber; _mem_save_records_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->records, 0); - for (cntr_records_0 = 0; cntr_records_0 < r->hdr.CurrentRecordNumber - r->hdr.OldestRecordNumber; cntr_records_0++) { + for (cntr_records_0 = 0; cntr_records_0 < size_records_0; cntr_records_0++) { NDR_CHECK(ndr_pull_EVENTLOGRECORD(ndr, NDR_BUFFERS, &r->records[cntr_records_0])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_records_0, 0); @@ -1612,6 +1627,7 @@ static enum ndr_err_code ndr_push_eventlog_ReadEventLogW(struct ndr_push *ndr, i static enum ndr_err_code ndr_pull_eventlog_ReadEventLogW(struct ndr_pull *ndr, int flags, struct eventlog_ReadEventLogW *r) { + uint32_t size_data_1 = 0; TALLOC_CTX *_mem_save_handle_0; TALLOC_CTX *_mem_save_sent_size_0; TALLOC_CTX *_mem_save_real_size_0; @@ -1640,10 +1656,11 @@ static enum ndr_err_code ndr_pull_eventlog_ReadEventLogW(struct ndr_pull *ndr, i } if (flags & NDR_OUT) { NDR_CHECK(ndr_pull_array_size(ndr, &r->out.data)); + size_data_1 = ndr_get_array_size(ndr, &r->out.data); if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) { - NDR_PULL_ALLOC_N(ndr, r->out.data, ndr_get_array_size(ndr, &r->out.data)); + NDR_PULL_ALLOC_N(ndr, r->out.data, size_data_1); } - NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->out.data, ndr_get_array_size(ndr, &r->out.data))); + NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->out.data, size_data_1)); if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) { NDR_PULL_ALLOC(ndr, r->out.sent_size); } @@ -1773,8 +1790,10 @@ static enum ndr_err_code ndr_pull_eventlog_ReportEventW(struct ndr_pull *ndr, in { uint32_t _ptr_user_sid; uint32_t _ptr_strings; + uint32_t size_strings_1 = 0; uint32_t cntr_strings_1; uint32_t _ptr_data; + uint32_t size_data_1 = 0; uint32_t _ptr_record_number; uint32_t _ptr_time_written; TALLOC_CTX *_mem_save_handle_0; @@ -1837,12 +1856,13 @@ static enum ndr_err_code ndr_pull_eventlog_ReportEventW(struct ndr_pull *ndr, in _mem_save_strings_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->in.strings, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.strings)); - NDR_PULL_ALLOC_N(ndr, r->in.strings, ndr_get_array_size(ndr, &r->in.strings)); + size_strings_1 = ndr_get_array_size(ndr, &r->in.strings); + NDR_PULL_ALLOC_N(ndr, r->in.strings, size_strings_1); _mem_save_strings_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->in.strings, 0); - for (cntr_strings_1 = 0; cntr_strings_1 < r->in.num_of_strings; cntr_strings_1++) { + for (cntr_strings_1 = 0; cntr_strings_1 < size_strings_1; cntr_strings_1++) { } - for (cntr_strings_1 = 0; cntr_strings_1 < r->in.num_of_strings; cntr_strings_1++) { + for (cntr_strings_1 = 0; cntr_strings_1 < size_strings_1; cntr_strings_1++) { NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_strings)); if (_ptr_strings) { NDR_PULL_ALLOC(ndr, r->in.strings[cntr_strings_1]); @@ -1869,8 +1889,9 @@ static enum ndr_err_code ndr_pull_eventlog_ReportEventW(struct ndr_pull *ndr, in _mem_save_data_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->in.data, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.data)); - NDR_PULL_ALLOC_N(ndr, r->in.data, ndr_get_array_size(ndr, &r->in.data)); - NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->in.data, ndr_get_array_size(ndr, &r->in.data))); + size_data_1 = ndr_get_array_size(ndr, &r->in.data); + NDR_PULL_ALLOC_N(ndr, r->in.data, size_data_1); + NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->in.data, size_data_1)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_data_0, 0); } NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, &r->in.flags)); @@ -2465,6 +2486,7 @@ static enum ndr_err_code ndr_push_eventlog_GetLogInformation(struct ndr_push *nd static enum ndr_err_code ndr_pull_eventlog_GetLogInformation(struct ndr_pull *ndr, int flags, struct eventlog_GetLogInformation *r) { + uint32_t size_buffer_1 = 0; TALLOC_CTX *_mem_save_handle_0; TALLOC_CTX *_mem_save_bytes_needed_0; if (flags & NDR_IN) { @@ -2489,10 +2511,11 @@ static enum ndr_err_code ndr_pull_eventlog_GetLogInformation(struct ndr_pull *nd } if (flags & NDR_OUT) { NDR_CHECK(ndr_pull_array_size(ndr, &r->out.buffer)); + size_buffer_1 = ndr_get_array_size(ndr, &r->out.buffer); if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) { - NDR_PULL_ALLOC_N(ndr, r->out.buffer, ndr_get_array_size(ndr, &r->out.buffer)); + NDR_PULL_ALLOC_N(ndr, r->out.buffer, size_buffer_1); } - NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->out.buffer, ndr_get_array_size(ndr, &r->out.buffer))); + NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->out.buffer, size_buffer_1)); if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) { NDR_PULL_ALLOC(ndr, r->out.bytes_needed); } @@ -2671,8 +2694,10 @@ static enum ndr_err_code ndr_pull_eventlog_ReportEventAndSourceW(struct ndr_pull { uint32_t _ptr_user_sid; uint32_t _ptr_strings; + uint32_t size_strings_1 = 0; uint32_t cntr_strings_1; uint32_t _ptr_data; + uint32_t size_data_1 = 0; uint32_t _ptr_record_number; uint32_t _ptr_time_written; TALLOC_CTX *_mem_save_handle_0; @@ -2743,12 +2768,13 @@ static enum ndr_err_code ndr_pull_eventlog_ReportEventAndSourceW(struct ndr_pull _mem_save_strings_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->in.strings, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.strings)); - NDR_PULL_ALLOC_N(ndr, r->in.strings, ndr_get_array_size(ndr, &r->in.strings)); + size_strings_1 = ndr_get_array_size(ndr, &r->in.strings); + NDR_PULL_ALLOC_N(ndr, r->in.strings, size_strings_1); _mem_save_strings_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->in.strings, 0); - for (cntr_strings_1 = 0; cntr_strings_1 < r->in.num_of_strings; cntr_strings_1++) { + for (cntr_strings_1 = 0; cntr_strings_1 < size_strings_1; cntr_strings_1++) { } - for (cntr_strings_1 = 0; cntr_strings_1 < r->in.num_of_strings; cntr_strings_1++) { + for (cntr_strings_1 = 0; cntr_strings_1 < size_strings_1; cntr_strings_1++) { NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_strings)); if (_ptr_strings) { NDR_PULL_ALLOC(ndr, r->in.strings[cntr_strings_1]); @@ -2775,8 +2801,9 @@ static enum ndr_err_code ndr_pull_eventlog_ReportEventAndSourceW(struct ndr_pull _mem_save_data_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->in.data, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.data)); - NDR_PULL_ALLOC_N(ndr, r->in.data, ndr_get_array_size(ndr, &r->in.data)); - NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->in.data, ndr_get_array_size(ndr, &r->in.data))); + size_data_1 = ndr_get_array_size(ndr, &r->in.data); + NDR_PULL_ALLOC_N(ndr, r->in.data, size_data_1); + NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->in.data, size_data_1)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_data_0, 0); } NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, &r->in.flags)); diff --git a/librpc/gen_ndr/ndr_krb5pac.c b/librpc/gen_ndr/ndr_krb5pac.c index 1f5ed95..31e9f04 100644 --- a/librpc/gen_ndr/ndr_krb5pac.c +++ b/librpc/gen_ndr/ndr_krb5pac.c @@ -22,11 +22,13 @@ static enum ndr_err_code ndr_push_PAC_LOGON_NAME(struct ndr_push *ndr, int ndr_f static enum ndr_err_code ndr_pull_PAC_LOGON_NAME(struct ndr_pull *ndr, int ndr_flags, struct PAC_LOGON_NAME *r) { + uint32_t size_account_name_0 = 0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); NDR_CHECK(ndr_pull_NTTIME(ndr, NDR_SCALARS, &r->logon_time)); NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, &r->size)); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->account_name, r->size, sizeof(uint8_t), CH_UTF16)); + size_account_name_0 = r->size; + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->account_name, size_account_name_0, sizeof(uint8_t), CH_UTF16)); NDR_CHECK(ndr_pull_trailer_align(ndr, 4)); } if (ndr_flags & NDR_BUFFERS) { @@ -469,25 +471,28 @@ _PUBLIC_ enum ndr_err_code ndr_push_PAC_DATA(struct ndr_push *ndr, int ndr_flags _PUBLIC_ enum ndr_err_code ndr_pull_PAC_DATA(struct ndr_pull *ndr, int ndr_flags, struct PAC_DATA *r) { + uint32_t size_buffers_0 = 0; uint32_t cntr_buffers_0; TALLOC_CTX *_mem_save_buffers_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 5)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->num_buffers)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->version)); - NDR_PULL_ALLOC_N(ndr, r->buffers, r->num_buffers); + size_buffers_0 = r->num_buffers; + NDR_PULL_ALLOC_N(ndr, r->buffers, size_buffers_0); _mem_save_buffers_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->buffers, 0); - for (cntr_buffers_0 = 0; cntr_buffers_0 < r->num_buffers; cntr_buffers_0++) { + for (cntr_buffers_0 = 0; cntr_buffers_0 < size_buffers_0; cntr_buffers_0++) { NDR_CHECK(ndr_pull_PAC_BUFFER(ndr, NDR_SCALARS, &r->buffers[cntr_buffers_0])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_buffers_0, 0); NDR_CHECK(ndr_pull_trailer_align(ndr, 5)); } if (ndr_flags & NDR_BUFFERS) { + size_buffers_0 = r->num_buffers; _mem_save_buffers_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->buffers, 0); - for (cntr_buffers_0 = 0; cntr_buffers_0 < r->num_buffers; cntr_buffers_0++) { + for (cntr_buffers_0 = 0; cntr_buffers_0 < size_buffers_0; cntr_buffers_0++) { NDR_CHECK(ndr_pull_PAC_BUFFER(ndr, NDR_BUFFERS, &r->buffers[cntr_buffers_0])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_buffers_0, 0); @@ -636,25 +641,28 @@ _PUBLIC_ enum ndr_err_code ndr_push_PAC_DATA_RAW(struct ndr_push *ndr, int ndr_f _PUBLIC_ enum ndr_err_code ndr_pull_PAC_DATA_RAW(struct ndr_pull *ndr, int ndr_flags, struct PAC_DATA_RAW *r) { + uint32_t size_buffers_0 = 0; uint32_t cntr_buffers_0; TALLOC_CTX *_mem_save_buffers_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 5)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->num_buffers)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->version)); - NDR_PULL_ALLOC_N(ndr, r->buffers, r->num_buffers); + size_buffers_0 = r->num_buffers; + NDR_PULL_ALLOC_N(ndr, r->buffers, size_buffers_0); _mem_save_buffers_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->buffers, 0); - for (cntr_buffers_0 = 0; cntr_buffers_0 < r->num_buffers; cntr_buffers_0++) { + for (cntr_buffers_0 = 0; cntr_buffers_0 < size_buffers_0; cntr_buffers_0++) { NDR_CHECK(ndr_pull_PAC_BUFFER_RAW(ndr, NDR_SCALARS, &r->buffers[cntr_buffers_0])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_buffers_0, 0); NDR_CHECK(ndr_pull_trailer_align(ndr, 5)); } if (ndr_flags & NDR_BUFFERS) { + size_buffers_0 = r->num_buffers; _mem_save_buffers_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->buffers, 0); - for (cntr_buffers_0 = 0; cntr_buffers_0 < r->num_buffers; cntr_buffers_0++) { + for (cntr_buffers_0 = 0; cntr_buffers_0 < size_buffers_0; cntr_buffers_0++) { NDR_CHECK(ndr_pull_PAC_BUFFER_RAW(ndr, NDR_BUFFERS, &r->buffers[cntr_buffers_0])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_buffers_0, 0); diff --git a/librpc/gen_ndr/ndr_lsa.c b/librpc/gen_ndr/ndr_lsa.c index f1b87ec..f1fc10e 100644 --- a/librpc/gen_ndr/ndr_lsa.c +++ b/librpc/gen_ndr/ndr_lsa.c @@ -28,6 +28,8 @@ _PUBLIC_ enum ndr_err_code ndr_push_lsa_String(struct ndr_push *ndr, int ndr_fla _PUBLIC_ enum ndr_err_code ndr_pull_lsa_String(struct ndr_pull *ndr, int ndr_flags, struct lsa_String *r) { uint32_t _ptr_string; + uint32_t size_string_1 = 0; + uint32_t length_string_1 = 0; TALLOC_CTX *_mem_save_string_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 5)); @@ -47,10 +49,12 @@ _PUBLIC_ enum ndr_err_code ndr_pull_lsa_String(struct ndr_pull *ndr, int ndr_fla NDR_PULL_SET_MEM_CTX(ndr, r->string, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->string)); NDR_CHECK(ndr_pull_array_length(ndr, &r->string)); - if (ndr_get_array_length(ndr, &r->string) > ndr_get_array_size(ndr, &r->string)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->string), ndr_get_array_length(ndr, &r->string)); + size_string_1 = ndr_get_array_size(ndr, &r->string); + length_string_1 = ndr_get_array_length(ndr, &r->string); + if (length_string_1 > size_string_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_string_1, length_string_1); } - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->string, ndr_get_array_length(ndr, &r->string), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->string, length_string_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_string_0, 0); } if (r->string) { @@ -101,6 +105,8 @@ _PUBLIC_ enum ndr_err_code ndr_push_lsa_StringLarge(struct ndr_push *ndr, int nd _PUBLIC_ enum ndr_err_code ndr_pull_lsa_StringLarge(struct ndr_pull *ndr, int ndr_flags, struct lsa_StringLarge *r) { uint32_t _ptr_string; + uint32_t size_string_1 = 0; + uint32_t length_string_1 = 0; TALLOC_CTX *_mem_save_string_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 5)); @@ -120,10 +126,12 @@ _PUBLIC_ enum ndr_err_code ndr_pull_lsa_StringLarge(struct ndr_pull *ndr, int nd NDR_PULL_SET_MEM_CTX(ndr, r->string, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->string)); NDR_CHECK(ndr_pull_array_length(ndr, &r->string)); - if (ndr_get_array_length(ndr, &r->string) > ndr_get_array_size(ndr, &r->string)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->string), ndr_get_array_length(ndr, &r->string)); + size_string_1 = ndr_get_array_size(ndr, &r->string); + length_string_1 = ndr_get_array_length(ndr, &r->string); + if (length_string_1 > size_string_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_string_1, length_string_1); } - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->string, ndr_get_array_length(ndr, &r->string), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->string, length_string_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_string_0, 0); } if (r->string) { @@ -177,6 +185,7 @@ _PUBLIC_ enum ndr_err_code ndr_push_lsa_Strings(struct ndr_push *ndr, int ndr_fl _PUBLIC_ enum ndr_err_code ndr_pull_lsa_Strings(struct ndr_pull *ndr, int ndr_flags, struct lsa_Strings *r) { uint32_t _ptr_names; + uint32_t size_names_1 = 0; uint32_t cntr_names_1; TALLOC_CTX *_mem_save_names_0; TALLOC_CTX *_mem_save_names_1; @@ -196,13 +205,14 @@ _PUBLIC_ enum ndr_err_code ndr_pull_lsa_Strings(struct ndr_pull *ndr, int ndr_fl _mem_save_names_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->names, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->names)); - NDR_PULL_ALLOC_N(ndr, r->names, ndr_get_array_size(ndr, &r->names)); + size_names_1 = ndr_get_array_size(ndr, &r->names); + NDR_PULL_ALLOC_N(ndr, r->names, size_names_1); _mem_save_names_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->names, 0); - for (cntr_names_1 = 0; cntr_names_1 < r->count; cntr_names_1++) { + for (cntr_names_1 = 0; cntr_names_1 < size_names_1; cntr_names_1++) { NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_SCALARS, &r->names[cntr_names_1])); } - for (cntr_names_1 = 0; cntr_names_1 < r->count; cntr_names_1++) { + for (cntr_names_1 = 0; cntr_names_1 < size_names_1; cntr_names_1++) { NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_BUFFERS, &r->names[cntr_names_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_names_1, 0); @@ -262,6 +272,8 @@ _PUBLIC_ enum ndr_err_code ndr_push_lsa_AsciiString(struct ndr_push *ndr, int nd _PUBLIC_ enum ndr_err_code ndr_pull_lsa_AsciiString(struct ndr_pull *ndr, int ndr_flags, struct lsa_AsciiString *r) { uint32_t _ptr_string; + uint32_t size_string_1 = 0; + uint32_t length_string_1 = 0; TALLOC_CTX *_mem_save_string_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 5)); @@ -281,10 +293,12 @@ _PUBLIC_ enum ndr_err_code ndr_pull_lsa_AsciiString(struct ndr_pull *ndr, int nd NDR_PULL_SET_MEM_CTX(ndr, r->string, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->string)); NDR_CHECK(ndr_pull_array_length(ndr, &r->string)); - if (ndr_get_array_length(ndr, &r->string) > ndr_get_array_size(ndr, &r->string)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->string), ndr_get_array_length(ndr, &r->string)); + size_string_1 = ndr_get_array_size(ndr, &r->string); + length_string_1 = ndr_get_array_length(ndr, &r->string); + if (length_string_1 > size_string_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_string_1, length_string_1); } - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->string, ndr_get_array_length(ndr, &r->string), sizeof(uint8_t), CH_DOS)); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->string, length_string_1, sizeof(uint8_t), CH_DOS)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_string_0, 0); } if (r->string) { @@ -335,6 +349,8 @@ _PUBLIC_ enum ndr_err_code ndr_push_lsa_AsciiStringLarge(struct ndr_push *ndr, i _PUBLIC_ enum ndr_err_code ndr_pull_lsa_AsciiStringLarge(struct ndr_pull *ndr, int ndr_flags, struct lsa_AsciiStringLarge *r) { uint32_t _ptr_string; + uint32_t size_string_1 = 0; + uint32_t length_string_1 = 0; TALLOC_CTX *_mem_save_string_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 5)); @@ -354,10 +370,12 @@ _PUBLIC_ enum ndr_err_code ndr_pull_lsa_AsciiStringLarge(struct ndr_pull *ndr, i NDR_PULL_SET_MEM_CTX(ndr, r->string, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->string)); NDR_CHECK(ndr_pull_array_length(ndr, &r->string)); - if (ndr_get_array_length(ndr, &r->string) > ndr_get_array_size(ndr, &r->string)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->string), ndr_get_array_length(ndr, &r->string)); + size_string_1 = ndr_get_array_size(ndr, &r->string); + length_string_1 = ndr_get_array_length(ndr, &r->string); + if (length_string_1 > size_string_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_string_1, length_string_1); } - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->string, ndr_get_array_length(ndr, &r->string), sizeof(uint8_t), CH_DOS)); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->string, length_string_1, sizeof(uint8_t), CH_DOS)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_string_0, 0); } if (r->string) { @@ -411,6 +429,8 @@ _PUBLIC_ enum ndr_err_code ndr_push_lsa_BinaryString(struct ndr_push *ndr, int n _PUBLIC_ enum ndr_err_code ndr_pull_lsa_BinaryString(struct ndr_pull *ndr, int ndr_flags, struct lsa_BinaryString *r) { uint32_t _ptr_array; + uint32_t size_array_1 = 0; + uint32_t length_array_1 = 0; uint32_t cntr_array_1; TALLOC_CTX *_mem_save_array_0; TALLOC_CTX *_mem_save_array_1; @@ -432,13 +452,15 @@ _PUBLIC_ enum ndr_err_code ndr_pull_lsa_BinaryString(struct ndr_pull *ndr, int n NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->array)); NDR_CHECK(ndr_pull_array_length(ndr, &r->array)); - if (ndr_get_array_length(ndr, &r->array) > ndr_get_array_size(ndr, &r->array)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->array), ndr_get_array_length(ndr, &r->array)); + size_array_1 = ndr_get_array_size(ndr, &r->array); + length_array_1 = ndr_get_array_length(ndr, &r->array); + if (length_array_1 > size_array_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_array_1, length_array_1); } - NDR_PULL_ALLOC_N(ndr, r->array, ndr_get_array_size(ndr, &r->array)); + NDR_PULL_ALLOC_N(ndr, r->array, size_array_1); _mem_save_array_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); - for (cntr_array_1 = 0; cntr_array_1 < ndr_get_array_length(ndr, &r->array); cntr_array_1++) { + for (cntr_array_1 = 0; cntr_array_1 < length_array_1; cntr_array_1++) { NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, &r->array[cntr_array_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_array_1, 0); @@ -577,6 +599,7 @@ static enum ndr_err_code ndr_push_lsa_PrivArray(struct ndr_push *ndr, int ndr_fl static enum ndr_err_code ndr_pull_lsa_PrivArray(struct ndr_pull *ndr, int ndr_flags, struct lsa_PrivArray *r) { uint32_t _ptr_privs; + uint32_t size_privs_1 = 0; uint32_t cntr_privs_1; TALLOC_CTX *_mem_save_privs_0; TALLOC_CTX *_mem_save_privs_1; @@ -596,13 +619,14 @@ static enum ndr_err_code ndr_pull_lsa_PrivArray(struct ndr_pull *ndr, int ndr_fl _mem_save_privs_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->privs, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->privs)); - NDR_PULL_ALLOC_N(ndr, r->privs, ndr_get_array_size(ndr, &r->privs)); + size_privs_1 = ndr_get_array_size(ndr, &r->privs); + NDR_PULL_ALLOC_N(ndr, r->privs, size_privs_1); _mem_save_privs_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->privs, 0); - for (cntr_privs_1 = 0; cntr_privs_1 < r->count; cntr_privs_1++) { + for (cntr_privs_1 = 0; cntr_privs_1 < size_privs_1; cntr_privs_1++) { NDR_CHECK(ndr_pull_lsa_PrivEntry(ndr, NDR_SCALARS, &r->privs[cntr_privs_1])); } - for (cntr_privs_1 = 0; cntr_privs_1 < r->count; cntr_privs_1++) { + for (cntr_privs_1 = 0; cntr_privs_1 < size_privs_1; cntr_privs_1++) { NDR_CHECK(ndr_pull_lsa_PrivEntry(ndr, NDR_BUFFERS, &r->privs[cntr_privs_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_privs_1, 0); @@ -717,6 +741,8 @@ static enum ndr_err_code ndr_pull_lsa_ObjectAttribute(struct ndr_pull *ndr, int uint32_t _ptr_root_dir; TALLOC_CTX *_mem_save_root_dir_0; uint32_t _ptr_object_name; + uint32_t size_object_name_1 = 0; + uint32_t length_object_name_1 = 0; TALLOC_CTX *_mem_save_object_name_0; uint32_t _ptr_sec_desc; TALLOC_CTX *_mem_save_sec_desc_0; @@ -764,11 +790,13 @@ static enum ndr_err_code ndr_pull_lsa_ObjectAttribute(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->object_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->object_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->object_name)); - if (ndr_get_array_length(ndr, &r->object_name) > ndr_get_array_size(ndr, &r->object_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->object_name), ndr_get_array_length(ndr, &r->object_name)); + size_object_name_1 = ndr_get_array_size(ndr, &r->object_name); + length_object_name_1 = ndr_get_array_length(ndr, &r->object_name); + if (length_object_name_1 > size_object_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_object_name_1, length_object_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->object_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->object_name, ndr_get_array_length(ndr, &r->object_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_object_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->object_name, length_object_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_object_name_0, 0); } if (r->sec_desc) { @@ -1029,6 +1057,7 @@ static enum ndr_err_code ndr_push_lsa_AuditEventsInfo(struct ndr_push *ndr, int static enum ndr_err_code ndr_pull_lsa_AuditEventsInfo(struct ndr_pull *ndr, int ndr_flags, struct lsa_AuditEventsInfo *r) { uint32_t _ptr_settings; + uint32_t size_settings_1 = 0; uint32_t cntr_settings_1; TALLOC_CTX *_mem_save_settings_0; TALLOC_CTX *_mem_save_settings_1; @@ -1049,10 +1078,11 @@ static enum ndr_err_code ndr_pull_lsa_AuditEventsInfo(struct ndr_pull *ndr, int _mem_save_settings_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->settings, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->settings)); - NDR_PULL_ALLOC_N(ndr, r->settings, ndr_get_array_size(ndr, &r->settings)); + size_settings_1 = ndr_get_array_size(ndr, &r->settings); + NDR_PULL_ALLOC_N(ndr, r->settings, size_settings_1); _mem_save_settings_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->settings, 0); - for (cntr_settings_1 = 0; cntr_settings_1 < r->count; cntr_settings_1++) { + for (cntr_settings_1 = 0; cntr_settings_1 < size_settings_1; cntr_settings_1++) { NDR_CHECK(ndr_pull_lsa_PolicyAuditPolicy(ndr, NDR_SCALARS, &r->settings[cntr_settings_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_settings_1, 0); @@ -1939,6 +1969,7 @@ _PUBLIC_ enum ndr_err_code ndr_push_lsa_SidArray(struct ndr_push *ndr, int ndr_f _PUBLIC_ enum ndr_err_code ndr_pull_lsa_SidArray(struct ndr_pull *ndr, int ndr_flags, struct lsa_SidArray *r) { uint32_t _ptr_sids; + uint32_t size_sids_1 = 0; uint32_t cntr_sids_1; TALLOC_CTX *_mem_save_sids_0; TALLOC_CTX *_mem_save_sids_1; @@ -1961,13 +1992,14 @@ _PUBLIC_ enum ndr_err_code ndr_pull_lsa_SidArray(struct ndr_pull *ndr, int ndr_f _mem_save_sids_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->sids, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->sids)); - NDR_PULL_ALLOC_N(ndr, r->sids, ndr_get_array_size(ndr, &r->sids)); + size_sids_1 = ndr_get_array_size(ndr, &r->sids); + NDR_PULL_ALLOC_N(ndr, r->sids, size_sids_1); _mem_save_sids_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->sids, 0); - for (cntr_sids_1 = 0; cntr_sids_1 < r->num_sids; cntr_sids_1++) { + for (cntr_sids_1 = 0; cntr_sids_1 < size_sids_1; cntr_sids_1++) { NDR_CHECK(ndr_pull_lsa_SidPtr(ndr, NDR_SCALARS, &r->sids[cntr_sids_1])); } - for (cntr_sids_1 = 0; cntr_sids_1 < r->num_sids; cntr_sids_1++) { + for (cntr_sids_1 = 0; cntr_sids_1 < size_sids_1; cntr_sids_1++) { NDR_CHECK(ndr_pull_lsa_SidPtr(ndr, NDR_BUFFERS, &r->sids[cntr_sids_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_sids_1, 0); @@ -2030,6 +2062,7 @@ static enum ndr_err_code ndr_push_lsa_DomainList(struct ndr_push *ndr, int ndr_f static enum ndr_err_code ndr_pull_lsa_DomainList(struct ndr_pull *ndr, int ndr_flags, struct lsa_DomainList *r) { uint32_t _ptr_domains; + uint32_t size_domains_1 = 0; uint32_t cntr_domains_1; TALLOC_CTX *_mem_save_domains_0; TALLOC_CTX *_mem_save_domains_1; @@ -2049,13 +2082,14 @@ static enum ndr_err_code ndr_pull_lsa_DomainList(struct ndr_pull *ndr, int ndr_f _mem_save_domains_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->domains, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->domains)); - NDR_PULL_ALLOC_N(ndr, r->domains, ndr_get_array_size(ndr, &r->domains)); + size_domains_1 = ndr_get_array_size(ndr, &r->domains); + NDR_PULL_ALLOC_N(ndr, r->domains, size_domains_1); _mem_save_domains_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->domains, 0); - for (cntr_domains_1 = 0; cntr_domains_1 < r->count; cntr_domains_1++) { + for (cntr_domains_1 = 0; cntr_domains_1 < size_domains_1; cntr_domains_1++) { NDR_CHECK(ndr_pull_lsa_DomainInfo(ndr, NDR_SCALARS, &r->domains[cntr_domains_1])); } - for (cntr_domains_1 = 0; cntr_domains_1 < r->count; cntr_domains_1++) { + for (cntr_domains_1 = 0; cntr_domains_1 < size_domains_1; cntr_domains_1++) { NDR_CHECK(ndr_pull_lsa_DomainInfo(ndr, NDR_BUFFERS, &r->domains[cntr_domains_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_domains_1, 0); @@ -2186,6 +2220,7 @@ static enum ndr_err_code ndr_push_lsa_TransSidArray(struct ndr_push *ndr, int nd static enum ndr_err_code ndr_pull_lsa_TransSidArray(struct ndr_pull *ndr, int ndr_flags, struct lsa_TransSidArray *r) { uint32_t _ptr_sids; + uint32_t size_sids_1 = 0; uint32_t cntr_sids_1; TALLOC_CTX *_mem_save_sids_0; TALLOC_CTX *_mem_save_sids_1; @@ -2208,10 +2243,11 @@ static enum ndr_err_code ndr_pull_lsa_TransSidArray(struct ndr_pull *ndr, int nd _mem_save_sids_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->sids, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->sids)); - NDR_PULL_ALLOC_N(ndr, r->sids, ndr_get_array_size(ndr, &r->sids)); + size_sids_1 = ndr_get_array_size(ndr, &r->sids); + NDR_PULL_ALLOC_N(ndr, r->sids, size_sids_1); _mem_save_sids_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->sids, 0); - for (cntr_sids_1 = 0; cntr_sids_1 < r->count; cntr_sids_1++) { + for (cntr_sids_1 = 0; cntr_sids_1 < size_sids_1; cntr_sids_1++) { NDR_CHECK(ndr_pull_lsa_TranslatedSid(ndr, NDR_SCALARS, &r->sids[cntr_sids_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_sids_1, 0); @@ -2275,6 +2311,7 @@ static enum ndr_err_code ndr_push_lsa_RefDomainList(struct ndr_push *ndr, int nd static enum ndr_err_code ndr_pull_lsa_RefDomainList(struct ndr_pull *ndr, int ndr_flags, struct lsa_RefDomainList *r) { uint32_t _ptr_domains; + uint32_t size_domains_1 = 0; uint32_t cntr_domains_1; TALLOC_CTX *_mem_save_domains_0; TALLOC_CTX *_mem_save_domains_1; @@ -2298,13 +2335,14 @@ static enum ndr_err_code ndr_pull_lsa_RefDomainList(struct ndr_pull *ndr, int nd _mem_save_domains_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->domains, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->domains)); - NDR_PULL_ALLOC_N(ndr, r->domains, ndr_get_array_size(ndr, &r->domains)); + size_domains_1 = ndr_get_array_size(ndr, &r->domains); + NDR_PULL_ALLOC_N(ndr, r->domains, size_domains_1); _mem_save_domains_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->domains, 0); - for (cntr_domains_1 = 0; cntr_domains_1 < r->count; cntr_domains_1++) { + for (cntr_domains_1 = 0; cntr_domains_1 < size_domains_1; cntr_domains_1++) { NDR_CHECK(ndr_pull_lsa_DomainInfo(ndr, NDR_SCALARS, &r->domains[cntr_domains_1])); } - for (cntr_domains_1 = 0; cntr_domains_1 < r->count; cntr_domains_1++) { + for (cntr_domains_1 = 0; cntr_domains_1 < size_domains_1; cntr_domains_1++) { NDR_CHECK(ndr_pull_lsa_DomainInfo(ndr, NDR_BUFFERS, &r->domains[cntr_domains_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_domains_1, 0); @@ -2438,6 +2476,7 @@ static enum ndr_err_code ndr_push_lsa_TransNameArray(struct ndr_push *ndr, int n static enum ndr_err_code ndr_pull_lsa_TransNameArray(struct ndr_pull *ndr, int ndr_flags, struct lsa_TransNameArray *r) { uint32_t _ptr_names; + uint32_t size_names_1 = 0; uint32_t cntr_names_1; TALLOC_CTX *_mem_save_names_0; TALLOC_CTX *_mem_save_names_1; @@ -2460,13 +2499,14 @@ static enum ndr_err_code ndr_pull_lsa_TransNameArray(struct ndr_pull *ndr, int n _mem_save_names_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->names, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->names)); - NDR_PULL_ALLOC_N(ndr, r->names, ndr_get_array_size(ndr, &r->names)); + size_names_1 = ndr_get_array_size(ndr, &r->names); + NDR_PULL_ALLOC_N(ndr, r->names, size_names_1); _mem_save_names_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->names, 0); - for (cntr_names_1 = 0; cntr_names_1 < r->count; cntr_names_1++) { + for (cntr_names_1 = 0; cntr_names_1 < size_names_1; cntr_names_1++) { NDR_CHECK(ndr_pull_lsa_TranslatedName(ndr, NDR_SCALARS, &r->names[cntr_names_1])); } - for (cntr_names_1 = 0; cntr_names_1 < r->count; cntr_names_1++) { + for (cntr_names_1 = 0; cntr_names_1 < size_names_1; cntr_names_1++) { NDR_CHECK(ndr_pull_lsa_TranslatedName(ndr, NDR_BUFFERS, &r->names[cntr_names_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_names_1, 0); @@ -2558,6 +2598,7 @@ static enum ndr_err_code ndr_push_lsa_PrivilegeSet(struct ndr_push *ndr, int ndr static enum ndr_err_code ndr_pull_lsa_PrivilegeSet(struct ndr_pull *ndr, int ndr_flags, struct lsa_PrivilegeSet *r) { + uint32_t size_set_0 = 0; uint32_t cntr_set_0; TALLOC_CTX *_mem_save_set_0; if (ndr_flags & NDR_SCALARS) { @@ -2568,10 +2609,11 @@ static enum ndr_err_code ndr_pull_lsa_PrivilegeSet(struct ndr_pull *ndr, int ndr return ndr_pull_error(ndr, NDR_ERR_RANGE, "value out of range"); } NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->unknown)); - NDR_PULL_ALLOC_N(ndr, r->set, ndr_get_array_size(ndr, &r->set)); + size_set_0 = ndr_get_array_size(ndr, &r->set); + NDR_PULL_ALLOC_N(ndr, r->set, size_set_0); _mem_save_set_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->set, 0); - for (cntr_set_0 = 0; cntr_set_0 < r->count; cntr_set_0++) { + for (cntr_set_0 = 0; cntr_set_0 < size_set_0; cntr_set_0++) { NDR_CHECK(ndr_pull_lsa_LUIDAttribute(ndr, NDR_SCALARS, &r->set[cntr_set_0])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_set_0, 0); @@ -2633,6 +2675,8 @@ static enum ndr_err_code ndr_push_lsa_DATA_BUF(struct ndr_push *ndr, int ndr_fla static enum ndr_err_code ndr_pull_lsa_DATA_BUF(struct ndr_pull *ndr, int ndr_flags, struct lsa_DATA_BUF *r) { uint32_t _ptr_data; + uint32_t size_data_1 = 0; + uint32_t length_data_1 = 0; TALLOC_CTX *_mem_save_data_0; { uint32_t _flags_save_STRUCT = ndr->flags; @@ -2655,11 +2699,13 @@ static enum ndr_err_code ndr_pull_lsa_DATA_BUF(struct ndr_pull *ndr, int ndr_fla NDR_PULL_SET_MEM_CTX(ndr, r->data, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->data)); NDR_CHECK(ndr_pull_array_length(ndr, &r->data)); - if (ndr_get_array_length(ndr, &r->data) > ndr_get_array_size(ndr, &r->data)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->data), ndr_get_array_length(ndr, &r->data)); + size_data_1 = ndr_get_array_size(ndr, &r->data); + length_data_1 = ndr_get_array_length(ndr, &r->data); + if (length_data_1 > size_data_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_data_1, length_data_1); } - NDR_PULL_ALLOC_N(ndr, r->data, ndr_get_array_size(ndr, &r->data)); - NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->data, ndr_get_array_length(ndr, &r->data))); + NDR_PULL_ALLOC_N(ndr, r->data, size_data_1); + NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->data, length_data_1)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_data_0, 0); } if (r->data) { @@ -2719,6 +2765,7 @@ static enum ndr_err_code ndr_push_lsa_DATA_BUF2(struct ndr_push *ndr, int ndr_fl static enum ndr_err_code ndr_pull_lsa_DATA_BUF2(struct ndr_pull *ndr, int ndr_flags, struct lsa_DATA_BUF2 *r) { uint32_t _ptr_data; + uint32_t size_data_1 = 0; TALLOC_CTX *_mem_save_data_0; { uint32_t _flags_save_STRUCT = ndr->flags; @@ -2742,8 +2789,9 @@ static enum ndr_err_code ndr_pull_lsa_DATA_BUF2(struct ndr_pull *ndr, int ndr_fl _mem_save_data_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->data, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->data)); - NDR_PULL_ALLOC_N(ndr, r->data, ndr_get_array_size(ndr, &r->data)); - NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->data, ndr_get_array_size(ndr, &r->data))); + size_data_1 = ndr_get_array_size(ndr, &r->data); + NDR_PULL_ALLOC_N(ndr, r->data, size_data_1); + NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->data, size_data_1)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_data_0, 0); } if (r->data) { @@ -2948,6 +2996,7 @@ static enum ndr_err_code ndr_push_lsa_TrustDomainInfoControllers(struct ndr_push static enum ndr_err_code ndr_pull_lsa_TrustDomainInfoControllers(struct ndr_pull *ndr, int ndr_flags, struct lsa_TrustDomainInfoControllers *r) { uint32_t _ptr_netbios_names; + uint32_t size_netbios_names_1 = 0; uint32_t cntr_netbios_names_1; TALLOC_CTX *_mem_save_netbios_names_0; TALLOC_CTX *_mem_save_netbios_names_1; @@ -2967,13 +3016,14 @@ static enum ndr_err_code ndr_pull_lsa_TrustDomainInfoControllers(struct ndr_pull _mem_save_netbios_names_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->netbios_names, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->netbios_names)); - NDR_PULL_ALLOC_N(ndr, r->netbios_names, ndr_get_array_size(ndr, &r->netbios_names)); + size_netbios_names_1 = ndr_get_array_size(ndr, &r->netbios_names); + NDR_PULL_ALLOC_N(ndr, r->netbios_names, size_netbios_names_1); _mem_save_netbios_names_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->netbios_names, 0); - for (cntr_netbios_names_1 = 0; cntr_netbios_names_1 < r->entries; cntr_netbios_names_1++) { + for (cntr_netbios_names_1 = 0; cntr_netbios_names_1 < size_netbios_names_1; cntr_netbios_names_1++) { NDR_CHECK(ndr_pull_lsa_StringLarge(ndr, NDR_SCALARS, &r->netbios_names[cntr_netbios_names_1])); } - for (cntr_netbios_names_1 = 0; cntr_netbios_names_1 < r->entries; cntr_netbios_names_1++) { + for (cntr_netbios_names_1 = 0; cntr_netbios_names_1 < size_netbios_names_1; cntr_netbios_names_1++) { NDR_CHECK(ndr_pull_lsa_StringLarge(ndr, NDR_BUFFERS, &r->netbios_names[cntr_netbios_names_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_netbios_names_1, 0); @@ -3587,6 +3637,7 @@ static enum ndr_err_code ndr_push_lsa_TrustDomainInfoInfoEx2Internal(struct ndr_ static enum ndr_err_code ndr_pull_lsa_TrustDomainInfoInfoEx2Internal(struct ndr_pull *ndr, int ndr_flags, struct lsa_TrustDomainInfoInfoEx2Internal *r) { uint32_t _ptr_forest_trust_data; + uint32_t size_forest_trust_data_1 = 0; TALLOC_CTX *_mem_save_forest_trust_data_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 5)); @@ -3606,8 +3657,9 @@ static enum ndr_err_code ndr_pull_lsa_TrustDomainInfoInfoEx2Internal(struct ndr_ _mem_save_forest_trust_data_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->forest_trust_data, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->forest_trust_data)); - NDR_PULL_ALLOC_N(ndr, r->forest_trust_data, ndr_get_array_size(ndr, &r->forest_trust_data)); - NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->forest_trust_data, ndr_get_array_size(ndr, &r->forest_trust_data))); + size_forest_trust_data_1 = ndr_get_array_size(ndr, &r->forest_trust_data); + NDR_PULL_ALLOC_N(ndr, r->forest_trust_data, size_forest_trust_data_1); + NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->forest_trust_data, size_forest_trust_data_1)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_forest_trust_data_0, 0); } if (r->forest_trust_data) { @@ -4098,6 +4150,7 @@ static enum ndr_err_code ndr_push_lsa_RightSet(struct ndr_push *ndr, int ndr_fla static enum ndr_err_code ndr_pull_lsa_RightSet(struct ndr_pull *ndr, int ndr_flags, struct lsa_RightSet *r) { uint32_t _ptr_names; + uint32_t size_names_1 = 0; uint32_t cntr_names_1; TALLOC_CTX *_mem_save_names_0; TALLOC_CTX *_mem_save_names_1; @@ -4120,13 +4173,14 @@ static enum ndr_err_code ndr_pull_lsa_RightSet(struct ndr_pull *ndr, int ndr_fla _mem_save_names_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->names, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->names)); - NDR_PULL_ALLOC_N(ndr, r->names, ndr_get_array_size(ndr, &r->names)); + size_names_1 = ndr_get_array_size(ndr, &r->names); + NDR_PULL_ALLOC_N(ndr, r->names, size_names_1); _mem_save_names_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->names, 0); - for (cntr_names_1 = 0; cntr_names_1 < r->count; cntr_names_1++) { + for (cntr_names_1 = 0; cntr_names_1 < size_names_1; cntr_names_1++) { NDR_CHECK(ndr_pull_lsa_StringLarge(ndr, NDR_SCALARS, &r->names[cntr_names_1])); } - for (cntr_names_1 = 0; cntr_names_1 < r->count; cntr_names_1++) { + for (cntr_names_1 = 0; cntr_names_1 < size_names_1; cntr_names_1++) { NDR_CHECK(ndr_pull_lsa_StringLarge(ndr, NDR_BUFFERS, &r->names[cntr_names_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_names_1, 0); @@ -4189,6 +4243,7 @@ static enum ndr_err_code ndr_push_lsa_DomainListEx(struct ndr_push *ndr, int ndr static enum ndr_err_code ndr_pull_lsa_DomainListEx(struct ndr_pull *ndr, int ndr_flags, struct lsa_DomainListEx *r) { uint32_t _ptr_domains; + uint32_t size_domains_1 = 0; uint32_t cntr_domains_1; TALLOC_CTX *_mem_save_domains_0; TALLOC_CTX *_mem_save_domains_1; @@ -4208,13 +4263,14 @@ static enum ndr_err_code ndr_pull_lsa_DomainListEx(struct ndr_pull *ndr, int ndr _mem_save_domains_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->domains, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->domains)); - NDR_PULL_ALLOC_N(ndr, r->domains, ndr_get_array_size(ndr, &r->domains)); + size_domains_1 = ndr_get_array_size(ndr, &r->domains); + NDR_PULL_ALLOC_N(ndr, r->domains, size_domains_1); _mem_save_domains_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->domains, 0); - for (cntr_domains_1 = 0; cntr_domains_1 < r->count; cntr_domains_1++) { + for (cntr_domains_1 = 0; cntr_domains_1 < size_domains_1; cntr_domains_1++) { NDR_CHECK(ndr_pull_lsa_TrustDomainInfoInfoEx(ndr, NDR_SCALARS, &r->domains[cntr_domains_1])); } - for (cntr_domains_1 = 0; cntr_domains_1 < r->count; cntr_domains_1++) { + for (cntr_domains_1 = 0; cntr_domains_1 < size_domains_1; cntr_domains_1++) { NDR_CHECK(ndr_pull_lsa_TrustDomainInfoInfoEx(ndr, NDR_BUFFERS, &r->domains[cntr_domains_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_domains_1, 0); @@ -4318,6 +4374,7 @@ static enum ndr_err_code ndr_push_lsa_DomainInfoEfs(struct ndr_push *ndr, int nd static enum ndr_err_code ndr_pull_lsa_DomainInfoEfs(struct ndr_pull *ndr, int ndr_flags, struct lsa_DomainInfoEfs *r) { uint32_t _ptr_efs_blob; + uint32_t size_efs_blob_1 = 0; TALLOC_CTX *_mem_save_efs_blob_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 5)); @@ -4335,8 +4392,9 @@ static enum ndr_err_code ndr_pull_lsa_DomainInfoEfs(struct ndr_pull *ndr, int nd _mem_save_efs_blob_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->efs_blob, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->efs_blob)); - NDR_PULL_ALLOC_N(ndr, r->efs_blob, ndr_get_array_size(ndr, &r->efs_blob)); - NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->efs_blob, ndr_get_array_size(ndr, &r->efs_blob))); + size_efs_blob_1 = ndr_get_array_size(ndr, &r->efs_blob); + NDR_PULL_ALLOC_N(ndr, r->efs_blob, size_efs_blob_1); + NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->efs_blob, size_efs_blob_1)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_efs_blob_0, 0); } if (r->efs_blob) { @@ -4524,6 +4582,7 @@ static enum ndr_err_code ndr_push_lsa_TransNameArray2(struct ndr_push *ndr, int static enum ndr_err_code ndr_pull_lsa_TransNameArray2(struct ndr_pull *ndr, int ndr_flags, struct lsa_TransNameArray2 *r) { uint32_t _ptr_names; + uint32_t size_names_1 = 0; uint32_t cntr_names_1; TALLOC_CTX *_mem_save_names_0; TALLOC_CTX *_mem_save_names_1; @@ -4546,13 +4605,14 @@ static enum ndr_err_code ndr_pull_lsa_TransNameArray2(struct ndr_pull *ndr, int _mem_save_names_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->names, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->names)); - NDR_PULL_ALLOC_N(ndr, r->names, ndr_get_array_size(ndr, &r->names)); + size_names_1 = ndr_get_array_size(ndr, &r->names); + NDR_PULL_ALLOC_N(ndr, r->names, size_names_1); _mem_save_names_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->names, 0); - for (cntr_names_1 = 0; cntr_names_1 < r->count; cntr_names_1++) { + for (cntr_names_1 = 0; cntr_names_1 < size_names_1; cntr_names_1++) { NDR_CHECK(ndr_pull_lsa_TranslatedName2(ndr, NDR_SCALARS, &r->names[cntr_names_1])); } - for (cntr_names_1 = 0; cntr_names_1 < r->count; cntr_names_1++) { + for (cntr_names_1 = 0; cntr_names_1 < size_names_1; cntr_names_1++) { NDR_CHECK(ndr_pull_lsa_TranslatedName2(ndr, NDR_BUFFERS, &r->names[cntr_names_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_names_1, 0); @@ -4703,6 +4763,7 @@ static enum ndr_err_code ndr_push_lsa_TransSidArray2(struct ndr_push *ndr, int n static enum ndr_err_code ndr_pull_lsa_TransSidArray2(struct ndr_pull *ndr, int ndr_flags, struct lsa_TransSidArray2 *r) { uint32_t _ptr_sids; + uint32_t size_sids_1 = 0; uint32_t cntr_sids_1; TALLOC_CTX *_mem_save_sids_0; TALLOC_CTX *_mem_save_sids_1; @@ -4725,10 +4786,11 @@ static enum ndr_err_code ndr_pull_lsa_TransSidArray2(struct ndr_pull *ndr, int n _mem_save_sids_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->sids, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->sids)); - NDR_PULL_ALLOC_N(ndr, r->sids, ndr_get_array_size(ndr, &r->sids)); + size_sids_1 = ndr_get_array_size(ndr, &r->sids); + NDR_PULL_ALLOC_N(ndr, r->sids, size_sids_1); _mem_save_sids_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->sids, 0); - for (cntr_sids_1 = 0; cntr_sids_1 < r->count; cntr_sids_1++) { + for (cntr_sids_1 = 0; cntr_sids_1 < size_sids_1; cntr_sids_1++) { NDR_CHECK(ndr_pull_lsa_TranslatedSid2(ndr, NDR_SCALARS, &r->sids[cntr_sids_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_sids_1, 0); @@ -4853,6 +4915,7 @@ static enum ndr_err_code ndr_push_lsa_TransSidArray3(struct ndr_push *ndr, int n static enum ndr_err_code ndr_pull_lsa_TransSidArray3(struct ndr_pull *ndr, int ndr_flags, struct lsa_TransSidArray3 *r) { uint32_t _ptr_sids; + uint32_t size_sids_1 = 0; uint32_t cntr_sids_1; TALLOC_CTX *_mem_save_sids_0; TALLOC_CTX *_mem_save_sids_1; @@ -4875,13 +4938,14 @@ static enum ndr_err_code ndr_pull_lsa_TransSidArray3(struct ndr_pull *ndr, int n _mem_save_sids_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->sids, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->sids)); - NDR_PULL_ALLOC_N(ndr, r->sids, ndr_get_array_size(ndr, &r->sids)); + size_sids_1 = ndr_get_array_size(ndr, &r->sids); + NDR_PULL_ALLOC_N(ndr, r->sids, size_sids_1); _mem_save_sids_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->sids, 0); - for (cntr_sids_1 = 0; cntr_sids_1 < r->count; cntr_sids_1++) { + for (cntr_sids_1 = 0; cntr_sids_1 < size_sids_1; cntr_sids_1++) { NDR_CHECK(ndr_pull_lsa_TranslatedSid3(ndr, NDR_SCALARS, &r->sids[cntr_sids_1])); } - for (cntr_sids_1 = 0; cntr_sids_1 < r->count; cntr_sids_1++) { + for (cntr_sids_1 = 0; cntr_sids_1 < size_sids_1; cntr_sids_1++) { NDR_CHECK(ndr_pull_lsa_TranslatedSid3(ndr, NDR_BUFFERS, &r->sids[cntr_sids_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_sids_1, 0); @@ -4938,6 +5002,7 @@ static enum ndr_err_code ndr_push_lsa_ForestTrustBinaryData(struct ndr_push *ndr static enum ndr_err_code ndr_pull_lsa_ForestTrustBinaryData(struct ndr_pull *ndr, int ndr_flags, struct lsa_ForestTrustBinaryData *r) { uint32_t _ptr_data; + uint32_t size_data_1 = 0; TALLOC_CTX *_mem_save_data_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 5)); @@ -4958,8 +5023,9 @@ static enum ndr_err_code ndr_pull_lsa_ForestTrustBinaryData(struct ndr_pull *ndr _mem_save_data_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->data, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->data)); - NDR_PULL_ALLOC_N(ndr, r->data, ndr_get_array_size(ndr, &r->data)); - NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->data, ndr_get_array_size(ndr, &r->data))); + size_data_1 = ndr_get_array_size(ndr, &r->data); + NDR_PULL_ALLOC_N(ndr, r->data, size_data_1); + NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->data, size_data_1)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_data_0, 0); } if (r->data) { @@ -5274,6 +5340,7 @@ _PUBLIC_ enum ndr_err_code ndr_push_lsa_ForestTrustInformation(struct ndr_push * _PUBLIC_ enum ndr_err_code ndr_pull_lsa_ForestTrustInformation(struct ndr_pull *ndr, int ndr_flags, struct lsa_ForestTrustInformation *r) { uint32_t _ptr_entries; + uint32_t size_entries_1 = 0; uint32_t cntr_entries_1; TALLOC_CTX *_mem_save_entries_0; TALLOC_CTX *_mem_save_entries_1; @@ -5297,10 +5364,11 @@ _PUBLIC_ enum ndr_err_code ndr_pull_lsa_ForestTrustInformation(struct ndr_pull * _mem_save_entries_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->entries, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->entries)); - NDR_PULL_ALLOC_N(ndr, r->entries, ndr_get_array_size(ndr, &r->entries)); + size_entries_1 = ndr_get_array_size(ndr, &r->entries); + NDR_PULL_ALLOC_N(ndr, r->entries, size_entries_1); _mem_save_entries_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->entries, 0); - for (cntr_entries_1 = 0; cntr_entries_1 < r->count; cntr_entries_1++) { + for (cntr_entries_1 = 0; cntr_entries_1 < size_entries_1; cntr_entries_1++) { NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_entries)); if (_ptr_entries) { NDR_PULL_ALLOC(ndr, r->entries[cntr_entries_1]); @@ -5308,7 +5376,7 @@ _PUBLIC_ enum ndr_err_code ndr_pull_lsa_ForestTrustInformation(struct ndr_pull * r->entries[cntr_entries_1] = NULL; } } - for (cntr_entries_1 = 0; cntr_entries_1 < r->count; cntr_entries_1++) { + for (cntr_entries_1 = 0; cntr_entries_1 < size_entries_1; cntr_entries_1++) { if (r->entries[cntr_entries_1]) { _mem_save_entries_2 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->entries[cntr_entries_1], 0); @@ -6617,6 +6685,7 @@ _PUBLIC_ enum ndr_err_code ndr_push_lsa_LookupNames(struct ndr_push *ndr, int fl _PUBLIC_ enum ndr_err_code ndr_pull_lsa_LookupNames(struct ndr_pull *ndr, int flags, struct lsa_LookupNames *r) { + uint32_t size_names_0 = 0; uint32_t cntr_names_0; uint32_t _ptr_domains; TALLOC_CTX *_mem_save_handle_0; @@ -6640,13 +6709,14 @@ _PUBLIC_ enum ndr_err_code ndr_pull_lsa_LookupNames(struct ndr_pull *ndr, int fl return ndr_pull_error(ndr, NDR_ERR_RANGE, "value out of range"); } NDR_CHECK(ndr_pull_array_size(ndr, &r->in.names)); - NDR_PULL_ALLOC_N(ndr, r->in.names, ndr_get_array_size(ndr, &r->in.names)); + size_names_0 = ndr_get_array_size(ndr, &r->in.names); + NDR_PULL_ALLOC_N(ndr, r->in.names, size_names_0); _mem_save_names_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->in.names, 0); - for (cntr_names_0 = 0; cntr_names_0 < r->in.num_names; cntr_names_0++) { + for (cntr_names_0 = 0; cntr_names_0 < size_names_0; cntr_names_0++) { NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_SCALARS, &r->in.names[cntr_names_0])); } - for (cntr_names_0 = 0; cntr_names_0 < r->in.num_names; cntr_names_0++) { + for (cntr_names_0 = 0; cntr_names_0 < size_names_0; cntr_names_0++) { NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_BUFFERS, &r->in.names[cntr_names_0])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_names_0, 0); @@ -9680,6 +9750,8 @@ _PUBLIC_ enum ndr_err_code ndr_push_lsa_OpenPolicy2(struct ndr_push *ndr, int fl _PUBLIC_ enum ndr_err_code ndr_pull_lsa_OpenPolicy2(struct ndr_pull *ndr, int flags, struct lsa_OpenPolicy2 *r) { uint32_t _ptr_system_name; + uint32_t size_system_name_1 = 0; + uint32_t length_system_name_1 = 0; TALLOC_CTX *_mem_save_system_name_0; TALLOC_CTX *_mem_save_attr_0; TALLOC_CTX *_mem_save_handle_0; @@ -9697,11 +9769,13 @@ _PUBLIC_ enum ndr_err_code ndr_pull_lsa_OpenPolicy2(struct ndr_pull *ndr, int fl NDR_PULL_SET_MEM_CTX(ndr, r->in.system_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.system_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.system_name)); - if (ndr_get_array_length(ndr, &r->in.system_name) > ndr_get_array_size(ndr, &r->in.system_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.system_name), ndr_get_array_length(ndr, &r->in.system_name)); + size_system_name_1 = ndr_get_array_size(ndr, &r->in.system_name); + length_system_name_1 = ndr_get_array_length(ndr, &r->in.system_name); + if (length_system_name_1 > size_system_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_system_name_1, length_system_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.system_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.system_name, ndr_get_array_length(ndr, &r->in.system_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_system_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.system_name, length_system_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_system_name_0, 0); } if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) { @@ -9812,6 +9886,8 @@ static enum ndr_err_code ndr_push_lsa_GetUserName(struct ndr_push *ndr, int flag static enum ndr_err_code ndr_pull_lsa_GetUserName(struct ndr_pull *ndr, int flags, struct lsa_GetUserName *r) { uint32_t _ptr_system_name; + uint32_t size_system_name_1 = 0; + uint32_t length_system_name_1 = 0; uint32_t _ptr_account_name; uint32_t _ptr_authority_name; TALLOC_CTX *_mem_save_system_name_0; @@ -9833,11 +9909,13 @@ static enum ndr_err_code ndr_pull_lsa_GetUserName(struct ndr_pull *ndr, int flag NDR_PULL_SET_MEM_CTX(ndr, r->in.system_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.system_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.system_name)); - if (ndr_get_array_length(ndr, &r->in.system_name) > ndr_get_array_size(ndr, &r->in.system_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.system_name), ndr_get_array_length(ndr, &r->in.system_name)); + size_system_name_1 = ndr_get_array_size(ndr, &r->in.system_name); + length_system_name_1 = ndr_get_array_length(ndr, &r->in.system_name); + if (length_system_name_1 > size_system_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_system_name_1, length_system_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.system_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.system_name, ndr_get_array_length(ndr, &r->in.system_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_system_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.system_name, length_system_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_system_name_0, 0); } if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) { @@ -11247,6 +11325,7 @@ _PUBLIC_ enum ndr_err_code ndr_push_lsa_LookupNames2(struct ndr_push *ndr, int f _PUBLIC_ enum ndr_err_code ndr_pull_lsa_LookupNames2(struct ndr_pull *ndr, int flags, struct lsa_LookupNames2 *r) { + uint32_t size_names_0 = 0; uint32_t cntr_names_0; uint32_t _ptr_domains; TALLOC_CTX *_mem_save_handle_0; @@ -11270,13 +11349,14 @@ _PUBLIC_ enum ndr_err_code ndr_pull_lsa_LookupNames2(struct ndr_pull *ndr, int f return ndr_pull_error(ndr, NDR_ERR_RANGE, "value out of range"); } NDR_CHECK(ndr_pull_array_size(ndr, &r->in.names)); - NDR_PULL_ALLOC_N(ndr, r->in.names, ndr_get_array_size(ndr, &r->in.names)); + size_names_0 = ndr_get_array_size(ndr, &r->in.names); + NDR_PULL_ALLOC_N(ndr, r->in.names, size_names_0); _mem_save_names_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->in.names, 0); - for (cntr_names_0 = 0; cntr_names_0 < r->in.num_names; cntr_names_0++) { + for (cntr_names_0 = 0; cntr_names_0 < size_names_0; cntr_names_0++) { NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_SCALARS, &r->in.names[cntr_names_0])); } - for (cntr_names_0 = 0; cntr_names_0 < r->in.num_names; cntr_names_0++) { + for (cntr_names_0 = 0; cntr_names_0 < size_names_0; cntr_names_0++) { NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_BUFFERS, &r->in.names[cntr_names_0])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_names_0, 0); @@ -11901,6 +11981,7 @@ _PUBLIC_ enum ndr_err_code ndr_push_lsa_LookupNames3(struct ndr_push *ndr, int f _PUBLIC_ enum ndr_err_code ndr_pull_lsa_LookupNames3(struct ndr_pull *ndr, int flags, struct lsa_LookupNames3 *r) { + uint32_t size_names_0 = 0; uint32_t cntr_names_0; uint32_t _ptr_domains; TALLOC_CTX *_mem_save_handle_0; @@ -11924,13 +12005,14 @@ _PUBLIC_ enum ndr_err_code ndr_pull_lsa_LookupNames3(struct ndr_pull *ndr, int f return ndr_pull_error(ndr, NDR_ERR_RANGE, "value out of range"); } NDR_CHECK(ndr_pull_array_size(ndr, &r->in.names)); - NDR_PULL_ALLOC_N(ndr, r->in.names, ndr_get_array_size(ndr, &r->in.names)); + size_names_0 = ndr_get_array_size(ndr, &r->in.names); + NDR_PULL_ALLOC_N(ndr, r->in.names, size_names_0); _mem_save_names_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->in.names, 0); - for (cntr_names_0 = 0; cntr_names_0 < r->in.num_names; cntr_names_0++) { + for (cntr_names_0 = 0; cntr_names_0 < size_names_0; cntr_names_0++) { NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_SCALARS, &r->in.names[cntr_names_0])); } - for (cntr_names_0 = 0; cntr_names_0 < r->in.num_names; cntr_names_0++) { + for (cntr_names_0 = 0; cntr_names_0 < size_names_0; cntr_names_0++) { NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_BUFFERS, &r->in.names[cntr_names_0])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_names_0, 0); @@ -12647,6 +12729,7 @@ static enum ndr_err_code ndr_push_lsa_LookupNames4(struct ndr_push *ndr, int fla static enum ndr_err_code ndr_pull_lsa_LookupNames4(struct ndr_pull *ndr, int flags, struct lsa_LookupNames4 *r) { + uint32_t size_names_0 = 0; uint32_t cntr_names_0; uint32_t _ptr_domains; TALLOC_CTX *_mem_save_names_0; @@ -12662,13 +12745,14 @@ static enum ndr_err_code ndr_pull_lsa_LookupNames4(struct ndr_pull *ndr, int fla return ndr_pull_error(ndr, NDR_ERR_RANGE, "value out of range"); } NDR_CHECK(ndr_pull_array_size(ndr, &r->in.names)); - NDR_PULL_ALLOC_N(ndr, r->in.names, ndr_get_array_size(ndr, &r->in.names)); + size_names_0 = ndr_get_array_size(ndr, &r->in.names); + NDR_PULL_ALLOC_N(ndr, r->in.names, size_names_0); _mem_save_names_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->in.names, 0); - for (cntr_names_0 = 0; cntr_names_0 < r->in.num_names; cntr_names_0++) { + for (cntr_names_0 = 0; cntr_names_0 < size_names_0; cntr_names_0++) { NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_SCALARS, &r->in.names[cntr_names_0])); } - for (cntr_names_0 = 0; cntr_names_0 < r->in.num_names; cntr_names_0++) { + for (cntr_names_0 = 0; cntr_names_0 < size_names_0; cntr_names_0++) { NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_BUFFERS, &r->in.names[cntr_names_0])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_names_0, 0); diff --git a/librpc/gen_ndr/ndr_misc.c b/librpc/gen_ndr/ndr_misc.c index 99cb045..2b067df 100644 --- a/librpc/gen_ndr/ndr_misc.c +++ b/librpc/gen_ndr/ndr_misc.c @@ -21,13 +21,17 @@ _PUBLIC_ enum ndr_err_code ndr_push_GUID(struct ndr_push *ndr, int ndr_flags, co _PUBLIC_ enum ndr_err_code ndr_pull_GUID(struct ndr_pull *ndr, int ndr_flags, struct GUID *r) { + uint32_t size_clock_seq_0 = 0; + uint32_t size_node_0 = 0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->time_low)); NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, &r->time_mid)); NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, &r->time_hi_and_version)); - NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->clock_seq, 2)); - NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->node, 6)); + size_clock_seq_0 = 2; + NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->clock_seq, size_clock_seq_0)); + size_node_0 = 6; + NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->node, size_node_0)); NDR_CHECK(ndr_pull_trailer_align(ndr, 4)); } if (ndr_flags & NDR_BUFFERS) { diff --git a/librpc/gen_ndr/ndr_named_pipe_auth.c b/librpc/gen_ndr/ndr_named_pipe_auth.c index 18eadf9..b64a987 100644 --- a/librpc/gen_ndr/ndr_named_pipe_auth.c +++ b/librpc/gen_ndr/ndr_named_pipe_auth.c @@ -58,16 +58,25 @@ static enum ndr_err_code ndr_push_named_pipe_auth_req_info2(struct ndr_push *ndr static enum ndr_err_code ndr_pull_named_pipe_auth_req_info2(struct ndr_pull *ndr, int ndr_flags, struct named_pipe_auth_req_info2 *r) { uint32_t _ptr_client_name; + uint32_t size_client_name_1 = 0; + uint32_t length_client_name_1 = 0; TALLOC_CTX *_mem_save_client_name_0; uint32_t _ptr_client_addr; + uint32_t size_client_addr_1 = 0; + uint32_t length_client_addr_1 = 0; TALLOC_CTX *_mem_save_client_addr_0; uint32_t _ptr_server_name; + uint32_t size_server_name_1 = 0; + uint32_t length_server_name_1 = 0; TALLOC_CTX *_mem_save_server_name_0; uint32_t _ptr_server_addr; + uint32_t size_server_addr_1 = 0; + uint32_t length_server_addr_1 = 0; TALLOC_CTX *_mem_save_server_addr_0; uint32_t _ptr_sam_info3; TALLOC_CTX *_mem_save_sam_info3_0; uint32_t _ptr_session_key; + uint32_t size_session_key_1 = 0; TALLOC_CTX *_mem_save_session_key_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 5)); @@ -118,11 +127,13 @@ static enum ndr_err_code ndr_pull_named_pipe_auth_req_info2(struct ndr_pull *ndr NDR_PULL_SET_MEM_CTX(ndr, r->client_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->client_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->client_name)); - if (ndr_get_array_length(ndr, &r->client_name) > ndr_get_array_size(ndr, &r->client_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->client_name), ndr_get_array_length(ndr, &r->client_name)); + size_client_name_1 = ndr_get_array_size(ndr, &r->client_name); + length_client_name_1 = ndr_get_array_length(ndr, &r->client_name); + if (length_client_name_1 > size_client_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_client_name_1, length_client_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->client_name), sizeof(uint8_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->client_name, ndr_get_array_length(ndr, &r->client_name), sizeof(uint8_t), CH_UTF8)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_client_name_1, sizeof(uint8_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->client_name, length_client_name_1, sizeof(uint8_t), CH_UTF8)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_client_name_0, 0); } if (r->client_addr) { @@ -130,11 +141,13 @@ static enum ndr_err_code ndr_pull_named_pipe_auth_req_info2(struct ndr_pull *ndr NDR_PULL_SET_MEM_CTX(ndr, r->client_addr, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->client_addr)); NDR_CHECK(ndr_pull_array_length(ndr, &r->client_addr)); - if (ndr_get_array_length(ndr, &r->client_addr) > ndr_get_array_size(ndr, &r->client_addr)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->client_addr), ndr_get_array_length(ndr, &r->client_addr)); + size_client_addr_1 = ndr_get_array_size(ndr, &r->client_addr); + length_client_addr_1 = ndr_get_array_length(ndr, &r->client_addr); + if (length_client_addr_1 > size_client_addr_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_client_addr_1, length_client_addr_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->client_addr), sizeof(uint8_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->client_addr, ndr_get_array_length(ndr, &r->client_addr), sizeof(uint8_t), CH_DOS)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_client_addr_1, sizeof(uint8_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->client_addr, length_client_addr_1, sizeof(uint8_t), CH_DOS)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_client_addr_0, 0); } if (r->server_name) { @@ -142,11 +155,13 @@ static enum ndr_err_code ndr_pull_named_pipe_auth_req_info2(struct ndr_pull *ndr NDR_PULL_SET_MEM_CTX(ndr, r->server_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->server_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->server_name)); - if (ndr_get_array_length(ndr, &r->server_name) > ndr_get_array_size(ndr, &r->server_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->server_name), ndr_get_array_length(ndr, &r->server_name)); + size_server_name_1 = ndr_get_array_size(ndr, &r->server_name); + length_server_name_1 = ndr_get_array_length(ndr, &r->server_name); + if (length_server_name_1 > size_server_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_name_1, length_server_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->server_name), sizeof(uint8_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->server_name, ndr_get_array_length(ndr, &r->server_name), sizeof(uint8_t), CH_UTF8)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_name_1, sizeof(uint8_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->server_name, length_server_name_1, sizeof(uint8_t), CH_UTF8)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_name_0, 0); } if (r->server_addr) { @@ -154,11 +169,13 @@ static enum ndr_err_code ndr_pull_named_pipe_auth_req_info2(struct ndr_pull *ndr NDR_PULL_SET_MEM_CTX(ndr, r->server_addr, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->server_addr)); NDR_CHECK(ndr_pull_array_length(ndr, &r->server_addr)); - if (ndr_get_array_length(ndr, &r->server_addr) > ndr_get_array_size(ndr, &r->server_addr)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->server_addr), ndr_get_array_length(ndr, &r->server_addr)); + size_server_addr_1 = ndr_get_array_size(ndr, &r->server_addr); + length_server_addr_1 = ndr_get_array_length(ndr, &r->server_addr); + if (length_server_addr_1 > size_server_addr_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_addr_1, length_server_addr_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->server_addr), sizeof(uint8_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->server_addr, ndr_get_array_length(ndr, &r->server_addr), sizeof(uint8_t), CH_DOS)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_addr_1, sizeof(uint8_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->server_addr, length_server_addr_1, sizeof(uint8_t), CH_DOS)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_addr_0, 0); } if (r->sam_info3) { @@ -171,8 +188,9 @@ static enum ndr_err_code ndr_pull_named_pipe_auth_req_info2(struct ndr_pull *ndr _mem_save_session_key_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->session_key, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->session_key)); - NDR_PULL_ALLOC_N(ndr, r->session_key, ndr_get_array_size(ndr, &r->session_key)); - NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->session_key, ndr_get_array_size(ndr, &r->session_key))); + size_session_key_1 = ndr_get_array_size(ndr, &r->session_key); + NDR_PULL_ALLOC_N(ndr, r->session_key, size_session_key_1); + NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->session_key, size_session_key_1)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_session_key_0, 0); } if (r->session_key) { @@ -288,18 +306,28 @@ static enum ndr_err_code ndr_push_named_pipe_auth_req_info3(struct ndr_push *ndr static enum ndr_err_code ndr_pull_named_pipe_auth_req_info3(struct ndr_pull *ndr, int ndr_flags, struct named_pipe_auth_req_info3 *r) { uint32_t _ptr_client_name; + uint32_t size_client_name_1 = 0; + uint32_t length_client_name_1 = 0; TALLOC_CTX *_mem_save_client_name_0; uint32_t _ptr_client_addr; + uint32_t size_client_addr_1 = 0; + uint32_t length_client_addr_1 = 0; TALLOC_CTX *_mem_save_client_addr_0; uint32_t _ptr_server_name; + uint32_t size_server_name_1 = 0; + uint32_t length_server_name_1 = 0; TALLOC_CTX *_mem_save_server_name_0; uint32_t _ptr_server_addr; + uint32_t size_server_addr_1 = 0; + uint32_t length_server_addr_1 = 0; TALLOC_CTX *_mem_save_server_addr_0; uint32_t _ptr_sam_info3; TALLOC_CTX *_mem_save_sam_info3_0; uint32_t _ptr_session_key; + uint32_t size_session_key_1 = 0; TALLOC_CTX *_mem_save_session_key_0; uint32_t _ptr_gssapi_delegated_creds; + uint32_t size_gssapi_delegated_creds_1 = 0; TALLOC_CTX *_mem_save_gssapi_delegated_creds_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 5)); @@ -357,11 +385,13 @@ static enum ndr_err_code ndr_pull_named_pipe_auth_req_info3(struct ndr_pull *ndr NDR_PULL_SET_MEM_CTX(ndr, r->client_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->client_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->client_name)); - if (ndr_get_array_length(ndr, &r->client_name) > ndr_get_array_size(ndr, &r->client_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->client_name), ndr_get_array_length(ndr, &r->client_name)); + size_client_name_1 = ndr_get_array_size(ndr, &r->client_name); + length_client_name_1 = ndr_get_array_length(ndr, &r->client_name); + if (length_client_name_1 > size_client_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_client_name_1, length_client_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->client_name), sizeof(uint8_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->client_name, ndr_get_array_length(ndr, &r->client_name), sizeof(uint8_t), CH_UTF8)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_client_name_1, sizeof(uint8_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->client_name, length_client_name_1, sizeof(uint8_t), CH_UTF8)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_client_name_0, 0); } if (r->client_addr) { @@ -369,11 +399,13 @@ static enum ndr_err_code ndr_pull_named_pipe_auth_req_info3(struct ndr_pull *ndr NDR_PULL_SET_MEM_CTX(ndr, r->client_addr, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->client_addr)); NDR_CHECK(ndr_pull_array_length(ndr, &r->client_addr)); - if (ndr_get_array_length(ndr, &r->client_addr) > ndr_get_array_size(ndr, &r->client_addr)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->client_addr), ndr_get_array_length(ndr, &r->client_addr)); + size_client_addr_1 = ndr_get_array_size(ndr, &r->client_addr); + length_client_addr_1 = ndr_get_array_length(ndr, &r->client_addr); + if (length_client_addr_1 > size_client_addr_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_client_addr_1, length_client_addr_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->client_addr), sizeof(uint8_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->client_addr, ndr_get_array_length(ndr, &r->client_addr), sizeof(uint8_t), CH_DOS)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_client_addr_1, sizeof(uint8_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->client_addr, length_client_addr_1, sizeof(uint8_t), CH_DOS)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_client_addr_0, 0); } if (r->server_name) { @@ -381,11 +413,13 @@ static enum ndr_err_code ndr_pull_named_pipe_auth_req_info3(struct ndr_pull *ndr NDR_PULL_SET_MEM_CTX(ndr, r->server_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->server_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->server_name)); - if (ndr_get_array_length(ndr, &r->server_name) > ndr_get_array_size(ndr, &r->server_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->server_name), ndr_get_array_length(ndr, &r->server_name)); + size_server_name_1 = ndr_get_array_size(ndr, &r->server_name); + length_server_name_1 = ndr_get_array_length(ndr, &r->server_name); + if (length_server_name_1 > size_server_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_name_1, length_server_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->server_name), sizeof(uint8_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->server_name, ndr_get_array_length(ndr, &r->server_name), sizeof(uint8_t), CH_UTF8)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_name_1, sizeof(uint8_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->server_name, length_server_name_1, sizeof(uint8_t), CH_UTF8)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_name_0, 0); } if (r->server_addr) { @@ -393,11 +427,13 @@ static enum ndr_err_code ndr_pull_named_pipe_auth_req_info3(struct ndr_pull *ndr NDR_PULL_SET_MEM_CTX(ndr, r->server_addr, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->server_addr)); NDR_CHECK(ndr_pull_array_length(ndr, &r->server_addr)); - if (ndr_get_array_length(ndr, &r->server_addr) > ndr_get_array_size(ndr, &r->server_addr)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->server_addr), ndr_get_array_length(ndr, &r->server_addr)); + size_server_addr_1 = ndr_get_array_size(ndr, &r->server_addr); + length_server_addr_1 = ndr_get_array_length(ndr, &r->server_addr); + if (length_server_addr_1 > size_server_addr_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_addr_1, length_server_addr_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->server_addr), sizeof(uint8_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->server_addr, ndr_get_array_length(ndr, &r->server_addr), sizeof(uint8_t), CH_DOS)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_addr_1, sizeof(uint8_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->server_addr, length_server_addr_1, sizeof(uint8_t), CH_DOS)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_addr_0, 0); } if (r->sam_info3) { @@ -410,16 +446,18 @@ static enum ndr_err_code ndr_pull_named_pipe_auth_req_info3(struct ndr_pull *ndr _mem_save_session_key_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->session_key, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->session_key)); - NDR_PULL_ALLOC_N(ndr, r->session_key, ndr_get_array_size(ndr, &r->session_key)); - NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->session_key, ndr_get_array_size(ndr, &r->session_key))); + size_session_key_1 = ndr_get_array_size(ndr, &r->session_key); + NDR_PULL_ALLOC_N(ndr, r->session_key, size_session_key_1); + NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->session_key, size_session_key_1)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_session_key_0, 0); } if (r->gssapi_delegated_creds) { _mem_save_gssapi_delegated_creds_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->gssapi_delegated_creds, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->gssapi_delegated_creds)); - NDR_PULL_ALLOC_N(ndr, r->gssapi_delegated_creds, ndr_get_array_size(ndr, &r->gssapi_delegated_creds)); - NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->gssapi_delegated_creds, ndr_get_array_size(ndr, &r->gssapi_delegated_creds))); + size_gssapi_delegated_creds_1 = ndr_get_array_size(ndr, &r->gssapi_delegated_creds); + NDR_PULL_ALLOC_N(ndr, r->gssapi_delegated_creds, size_gssapi_delegated_creds_1); + NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->gssapi_delegated_creds, size_gssapi_delegated_creds_1)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_gssapi_delegated_creds_0, 0); } if (r->session_key) { @@ -641,6 +679,7 @@ _PUBLIC_ enum ndr_err_code ndr_push_named_pipe_auth_req(struct ndr_push *ndr, in _PUBLIC_ enum ndr_err_code ndr_pull_named_pipe_auth_req(struct ndr_pull *ndr, int ndr_flags, struct named_pipe_auth_req *r) { + uint32_t size_magic_0 = 0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 5)); { @@ -649,7 +688,8 @@ _PUBLIC_ enum ndr_err_code ndr_pull_named_pipe_auth_req(struct ndr_pull *ndr, in NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->length)); ndr->flags = _flags_save_uint32; } - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->magic, 4, sizeof(uint8_t), CH_DOS)); + size_magic_0 = 4; + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->magic, size_magic_0, sizeof(uint8_t), CH_DOS)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->level)); NDR_CHECK(ndr_pull_set_switch_value(ndr, &r->info, r->level)); NDR_CHECK(ndr_pull_named_pipe_auth_req_info(ndr, NDR_SCALARS, &r->info)); @@ -902,6 +942,7 @@ _PUBLIC_ enum ndr_err_code ndr_push_named_pipe_auth_rep(struct ndr_push *ndr, in _PUBLIC_ enum ndr_err_code ndr_pull_named_pipe_auth_rep(struct ndr_pull *ndr, int ndr_flags, struct named_pipe_auth_rep *r) { + uint32_t size_magic_0 = 0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 8)); { @@ -910,7 +951,8 @@ _PUBLIC_ enum ndr_err_code ndr_pull_named_pipe_auth_rep(struct ndr_pull *ndr, in NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->length)); ndr->flags = _flags_save_uint32; } - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->magic, 4, sizeof(uint8_t), CH_DOS)); + size_magic_0 = 4; + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->magic, size_magic_0, sizeof(uint8_t), CH_DOS)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->level)); NDR_CHECK(ndr_pull_set_switch_value(ndr, &r->info, r->level)); NDR_CHECK(ndr_pull_named_pipe_auth_rep_info(ndr, NDR_SCALARS, &r->info)); diff --git a/librpc/gen_ndr/ndr_nbt.c b/librpc/gen_ndr/ndr_nbt.c index bffb25a..3080ab2 100644 --- a/librpc/gen_ndr/ndr_nbt.c +++ b/librpc/gen_ndr/ndr_nbt.c @@ -247,15 +247,17 @@ static enum ndr_err_code ndr_push_nbt_rdata_netbios(struct ndr_push *ndr, int nd static enum ndr_err_code ndr_pull_nbt_rdata_netbios(struct ndr_pull *ndr, int ndr_flags, struct nbt_rdata_netbios *r) { + uint32_t size_addresses_0 = 0; uint32_t cntr_addresses_0; TALLOC_CTX *_mem_save_addresses_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, &r->length)); - NDR_PULL_ALLOC_N(ndr, r->addresses, r->length / 6); + size_addresses_0 = r->length / 6; + NDR_PULL_ALLOC_N(ndr, r->addresses, size_addresses_0); _mem_save_addresses_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->addresses, 0); - for (cntr_addresses_0 = 0; cntr_addresses_0 < r->length / 6; cntr_addresses_0++) { + for (cntr_addresses_0 = 0; cntr_addresses_0 < size_addresses_0; cntr_addresses_0++) { NDR_CHECK(ndr_pull_nbt_rdata_address(ndr, NDR_SCALARS, &r->addresses[cntr_addresses_0])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_addresses_0, 0); @@ -318,9 +320,11 @@ static enum ndr_err_code ndr_push_nbt_statistics(struct ndr_push *ndr, int ndr_f static enum ndr_err_code ndr_pull_nbt_statistics(struct ndr_pull *ndr, int ndr_flags, struct nbt_statistics *r) { + uint32_t size_unit_id_0 = 0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); - NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->unit_id, 6)); + size_unit_id_0 = 6; + NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->unit_id, size_unit_id_0)); NDR_CHECK(ndr_pull_uint8(ndr, NDR_SCALARS, &r->jumpers)); NDR_CHECK(ndr_pull_uint8(ndr, NDR_SCALARS, &r->test_result)); NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, &r->version_number)); @@ -390,9 +394,11 @@ static enum ndr_err_code ndr_push_nbt_status_name(struct ndr_push *ndr, int ndr_ static enum ndr_err_code ndr_pull_nbt_status_name(struct ndr_pull *ndr, int ndr_flags, struct nbt_status_name *r) { + uint32_t size_name_0 = 0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 2)); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->name, 15, sizeof(uint8_t), CH_DOS)); + size_name_0 = 15; + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->name, size_name_0, sizeof(uint8_t), CH_DOS)); NDR_CHECK(ndr_pull_nbt_name_type(ndr, NDR_SCALARS, &r->type)); NDR_CHECK(ndr_pull_nb_flags(ndr, NDR_SCALARS, &r->nb_flags)); NDR_CHECK(ndr_pull_trailer_align(ndr, 2)); @@ -432,16 +438,18 @@ static enum ndr_err_code ndr_push_nbt_rdata_status(struct ndr_push *ndr, int ndr static enum ndr_err_code ndr_pull_nbt_rdata_status(struct ndr_pull *ndr, int ndr_flags, struct nbt_rdata_status *r) { + uint32_t size_names_0 = 0; uint32_t cntr_names_0; TALLOC_CTX *_mem_save_names_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, &r->length)); NDR_CHECK(ndr_pull_uint8(ndr, NDR_SCALARS, &r->num_names)); - NDR_PULL_ALLOC_N(ndr, r->names, r->num_names); + size_names_0 = r->num_names; + NDR_PULL_ALLOC_N(ndr, r->names, size_names_0); _mem_save_names_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->names, 0); - for (cntr_names_0 = 0; cntr_names_0 < r->num_names; cntr_names_0++) { + for (cntr_names_0 = 0; cntr_names_0 < size_names_0; cntr_names_0++) { NDR_CHECK(ndr_pull_nbt_status_name(ndr, NDR_SCALARS, &r->names[cntr_names_0])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_names_0, 0); @@ -489,11 +497,13 @@ static enum ndr_err_code ndr_push_nbt_rdata_data(struct ndr_push *ndr, int ndr_f static enum ndr_err_code ndr_pull_nbt_rdata_data(struct ndr_pull *ndr, int ndr_flags, struct nbt_rdata_data *r) { + uint32_t size_data_0 = 0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 2)); NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, &r->length)); - NDR_PULL_ALLOC_N(ndr, r->data, r->length); - NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->data, r->length)); + size_data_0 = r->length; + NDR_PULL_ALLOC_N(ndr, r->data, size_data_0); + NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->data, size_data_0)); NDR_CHECK(ndr_pull_trailer_align(ndr, 2)); } if (ndr_flags & NDR_BUFFERS) { @@ -691,12 +701,16 @@ _PUBLIC_ enum ndr_err_code ndr_push_nbt_name_packet(struct ndr_push *ndr, int nd _PUBLIC_ enum ndr_err_code ndr_pull_nbt_name_packet(struct ndr_pull *ndr, int ndr_flags, struct nbt_name_packet *r) { + uint32_t size_questions_0 = 0; uint32_t cntr_questions_0; TALLOC_CTX *_mem_save_questions_0; + uint32_t size_answers_0 = 0; uint32_t cntr_answers_0; TALLOC_CTX *_mem_save_answers_0; + uint32_t size_nsrecs_0 = 0; uint32_t cntr_nsrecs_0; TALLOC_CTX *_mem_save_nsrecs_0; + uint32_t size_additional_0 = 0; uint32_t cntr_additional_0; TALLOC_CTX *_mem_save_additional_0; { @@ -710,31 +724,35 @@ _PUBLIC_ enum ndr_err_code ndr_pull_nbt_name_packet(struct ndr_pull *ndr, int nd NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, &r->ancount)); NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, &r->nscount)); NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, &r->arcount)); - NDR_PULL_ALLOC_N(ndr, r->questions, r->qdcount); + size_questions_0 = r->qdcount; + NDR_PULL_ALLOC_N(ndr, r->questions, size_questions_0); _mem_save_questions_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->questions, 0); - for (cntr_questions_0 = 0; cntr_questions_0 < r->qdcount; cntr_questions_0++) { + for (cntr_questions_0 = 0; cntr_questions_0 < size_questions_0; cntr_questions_0++) { NDR_CHECK(ndr_pull_nbt_name_question(ndr, NDR_SCALARS, &r->questions[cntr_questions_0])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_questions_0, 0); - NDR_PULL_ALLOC_N(ndr, r->answers, r->ancount); + size_answers_0 = r->ancount; + NDR_PULL_ALLOC_N(ndr, r->answers, size_answers_0); _mem_save_answers_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->answers, 0); - for (cntr_answers_0 = 0; cntr_answers_0 < r->ancount; cntr_answers_0++) { + for (cntr_answers_0 = 0; cntr_answers_0 < size_answers_0; cntr_answers_0++) { NDR_CHECK(ndr_pull_nbt_res_rec(ndr, NDR_SCALARS, &r->answers[cntr_answers_0])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_answers_0, 0); - NDR_PULL_ALLOC_N(ndr, r->nsrecs, r->nscount); + size_nsrecs_0 = r->nscount; + NDR_PULL_ALLOC_N(ndr, r->nsrecs, size_nsrecs_0); _mem_save_nsrecs_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->nsrecs, 0); - for (cntr_nsrecs_0 = 0; cntr_nsrecs_0 < r->nscount; cntr_nsrecs_0++) { + for (cntr_nsrecs_0 = 0; cntr_nsrecs_0 < size_nsrecs_0; cntr_nsrecs_0++) { NDR_CHECK(ndr_pull_nbt_res_rec(ndr, NDR_SCALARS, &r->nsrecs[cntr_nsrecs_0])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_nsrecs_0, 0); - NDR_PULL_ALLOC_N(ndr, r->additional, r->arcount); + size_additional_0 = r->arcount; + NDR_PULL_ALLOC_N(ndr, r->additional, size_additional_0); _mem_save_additional_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->additional, 0); - for (cntr_additional_0 = 0; cntr_additional_0 < r->arcount; cntr_additional_0++) { + for (cntr_additional_0 = 0; cntr_additional_0 < size_additional_0; cntr_additional_0++) { NDR_CHECK(ndr_pull_nbt_res_rec(ndr, NDR_SCALARS, &r->additional[cntr_additional_0])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_additional_0, 0); @@ -1117,6 +1135,7 @@ _PUBLIC_ enum ndr_err_code ndr_push_dgram_smb_packet(struct ndr_push *ndr, int n _PUBLIC_ enum ndr_err_code ndr_pull_dgram_smb_packet(struct ndr_pull *ndr, int ndr_flags, struct dgram_smb_packet *r) { + uint32_t size_signature_0 = 0; { uint32_t _flags_save_STRUCT = ndr->flags; ndr_set_flags(&ndr->flags, LIBNDR_FLAG_NOALIGN|LIBNDR_FLAG_LITTLE_ENDIAN|LIBNDR_PRINT_ARRAY_HEX); @@ -1129,7 +1148,8 @@ _PUBLIC_ enum ndr_err_code ndr_pull_dgram_smb_packet(struct ndr_pull *ndr, int n NDR_CHECK(ndr_pull_uint8(ndr, NDR_SCALARS, &r->flags)); NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, &r->flags2)); NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, &r->pid_high)); - NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->signature, 8)); + size_signature_0 = 8; + NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->signature, size_signature_0)); NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, &r->reserved)); NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, &r->tid)); NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, &r->pid)); @@ -2355,6 +2375,7 @@ static enum ndr_err_code ndr_push_NETLOGON_DB_CHANGE(struct ndr_push *ndr, int n static enum ndr_err_code ndr_pull_NETLOGON_DB_CHANGE(struct ndr_pull *ndr, int ndr_flags, struct NETLOGON_DB_CHANGE *r) { + uint32_t size_dbchange_0 = 0; uint32_t cntr_dbchange_0; TALLOC_CTX *_mem_save_dbchange_0; if (ndr_flags & NDR_SCALARS) { @@ -2394,10 +2415,11 @@ static enum ndr_err_code ndr_pull_NETLOGON_DB_CHANGE(struct ndr_pull *ndr, int n ndr->flags = _flags_save_string; } NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->db_count)); - NDR_PULL_ALLOC_N(ndr, r->dbchange, r->db_count); + size_dbchange_0 = r->db_count; + NDR_PULL_ALLOC_N(ndr, r->dbchange, size_dbchange_0); _mem_save_dbchange_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->dbchange, 0); - for (cntr_dbchange_0 = 0; cntr_dbchange_0 < r->db_count; cntr_dbchange_0++) { + for (cntr_dbchange_0 = 0; cntr_dbchange_0 < size_dbchange_0; cntr_dbchange_0++) { NDR_CHECK(ndr_pull_nbt_db_change_info(ndr, NDR_SCALARS, &r->dbchange[cntr_dbchange_0])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_dbchange_0, 0); @@ -2674,11 +2696,13 @@ static enum ndr_err_code ndr_push_nbt_browse_host_announcement(struct ndr_push * static enum ndr_err_code ndr_pull_nbt_browse_host_announcement(struct ndr_pull *ndr, int ndr_flags, struct nbt_browse_host_announcement *r) { + uint32_t size_ServerName_0 = 0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); NDR_CHECK(ndr_pull_uint8(ndr, NDR_SCALARS, &r->UpdateCount)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->Periodicity)); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->ServerName, 16, sizeof(uint8_t), CH_DOS)); + size_ServerName_0 = 16; + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->ServerName, size_ServerName_0, sizeof(uint8_t), CH_DOS)); NDR_CHECK(ndr_pull_uint8(ndr, NDR_SCALARS, &r->OSMajor)); NDR_CHECK(ndr_pull_uint8(ndr, NDR_SCALARS, &r->OSMinor)); NDR_CHECK(ndr_pull_svcctl_ServerType(ndr, NDR_SCALARS, &r->ServerType)); @@ -2868,16 +2892,18 @@ static enum ndr_err_code ndr_push_nbt_browse_backup_list_response(struct ndr_pus static enum ndr_err_code ndr_pull_nbt_browse_backup_list_response(struct ndr_pull *ndr, int ndr_flags, struct nbt_browse_backup_list_response *r) { + uint32_t size_BackupServerList_0 = 0; uint32_t cntr_BackupServerList_0; TALLOC_CTX *_mem_save_BackupServerList_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); NDR_CHECK(ndr_pull_uint8(ndr, NDR_SCALARS, &r->BackupCount)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->Token)); - NDR_PULL_ALLOC_N(ndr, r->BackupServerList, r->BackupCount); + size_BackupServerList_0 = r->BackupCount; + NDR_PULL_ALLOC_N(ndr, r->BackupServerList, size_BackupServerList_0); _mem_save_BackupServerList_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->BackupServerList, 0); - for (cntr_BackupServerList_0 = 0; cntr_BackupServerList_0 < r->BackupCount; cntr_BackupServerList_0++) { + for (cntr_BackupServerList_0 = 0; cntr_BackupServerList_0 < size_BackupServerList_0; cntr_BackupServerList_0++) { NDR_CHECK(ndr_pull_nbt_name(ndr, NDR_SCALARS, &r->BackupServerList[cntr_BackupServerList_0])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_BackupServerList_0, 0); @@ -2976,11 +3002,13 @@ static enum ndr_err_code ndr_push_nbt_browse_domain_announcement(struct ndr_push static enum ndr_err_code ndr_pull_nbt_browse_domain_announcement(struct ndr_pull *ndr, int ndr_flags, struct nbt_browse_domain_announcement *r) { + uint32_t size_ServerName_0 = 0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); NDR_CHECK(ndr_pull_uint8(ndr, NDR_SCALARS, &r->UpdateCount)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->Periodicity)); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->ServerName, 16, sizeof(uint8_t), CH_DOS)); + size_ServerName_0 = 16; + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->ServerName, size_ServerName_0, sizeof(uint8_t), CH_DOS)); NDR_CHECK(ndr_pull_uint8(ndr, NDR_SCALARS, &r->OSMajor)); NDR_CHECK(ndr_pull_uint8(ndr, NDR_SCALARS, &r->OSMinor)); NDR_CHECK(ndr_pull_svcctl_ServerType(ndr, NDR_SCALARS, &r->ServerType)); @@ -3115,11 +3143,13 @@ static enum ndr_err_code ndr_push_nbt_browse_local_master_announcement(struct nd static enum ndr_err_code ndr_pull_nbt_browse_local_master_announcement(struct ndr_pull *ndr, int ndr_flags, struct nbt_browse_local_master_announcement *r) { + uint32_t size_ServerName_0 = 0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); NDR_CHECK(ndr_pull_uint8(ndr, NDR_SCALARS, &r->UpdateCount)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->Periodicity)); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->ServerName, 16, sizeof(uint8_t), CH_DOS)); + size_ServerName_0 = 16; + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->ServerName, size_ServerName_0, sizeof(uint8_t), CH_DOS)); NDR_CHECK(ndr_pull_uint8(ndr, NDR_SCALARS, &r->OSMajor)); NDR_CHECK(ndr_pull_uint8(ndr, NDR_SCALARS, &r->OSMinor)); NDR_CHECK(ndr_pull_svcctl_ServerType(ndr, NDR_SCALARS, &r->ServerType)); diff --git a/librpc/gen_ndr/ndr_netlogon.c b/librpc/gen_ndr/ndr_netlogon.c index 0ea551d..d29bf15 100644 --- a/librpc/gen_ndr/ndr_netlogon.c +++ b/librpc/gen_ndr/ndr_netlogon.c @@ -62,12 +62,20 @@ static enum ndr_err_code ndr_push_netr_UasInfo(struct ndr_push *ndr, int ndr_fla static enum ndr_err_code ndr_pull_netr_UasInfo(struct ndr_pull *ndr, int ndr_flags, struct netr_UasInfo *r) { uint32_t _ptr_account_name; + uint32_t size_account_name_1 = 0; + uint32_t length_account_name_1 = 0; TALLOC_CTX *_mem_save_account_name_0; uint32_t _ptr_computer; + uint32_t size_computer_1 = 0; + uint32_t length_computer_1 = 0; TALLOC_CTX *_mem_save_computer_0; uint32_t _ptr_domain; + uint32_t size_domain_1 = 0; + uint32_t length_domain_1 = 0; TALLOC_CTX *_mem_save_domain_0; uint32_t _ptr_script_path; + uint32_t size_script_path_1 = 0; + uint32_t length_script_path_1 = 0; TALLOC_CTX *_mem_save_script_path_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 5)); @@ -115,11 +123,13 @@ static enum ndr_err_code ndr_pull_netr_UasInfo(struct ndr_pull *ndr, int ndr_fla NDR_PULL_SET_MEM_CTX(ndr, r->account_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->account_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->account_name)); - if (ndr_get_array_length(ndr, &r->account_name) > ndr_get_array_size(ndr, &r->account_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->account_name), ndr_get_array_length(ndr, &r->account_name)); + size_account_name_1 = ndr_get_array_size(ndr, &r->account_name); + length_account_name_1 = ndr_get_array_length(ndr, &r->account_name); + if (length_account_name_1 > size_account_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_account_name_1, length_account_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->account_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->account_name, ndr_get_array_length(ndr, &r->account_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_account_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->account_name, length_account_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_account_name_0, 0); } if (r->computer) { @@ -127,11 +137,13 @@ static enum ndr_err_code ndr_pull_netr_UasInfo(struct ndr_pull *ndr, int ndr_fla NDR_PULL_SET_MEM_CTX(ndr, r->computer, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->computer)); NDR_CHECK(ndr_pull_array_length(ndr, &r->computer)); - if (ndr_get_array_length(ndr, &r->computer) > ndr_get_array_size(ndr, &r->computer)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->computer), ndr_get_array_length(ndr, &r->computer)); + size_computer_1 = ndr_get_array_size(ndr, &r->computer); + length_computer_1 = ndr_get_array_length(ndr, &r->computer); + if (length_computer_1 > size_computer_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_computer_1, length_computer_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->computer), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->computer, ndr_get_array_length(ndr, &r->computer), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_computer_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->computer, length_computer_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_computer_0, 0); } if (r->domain) { @@ -139,11 +151,13 @@ static enum ndr_err_code ndr_pull_netr_UasInfo(struct ndr_pull *ndr, int ndr_fla NDR_PULL_SET_MEM_CTX(ndr, r->domain, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->domain)); NDR_CHECK(ndr_pull_array_length(ndr, &r->domain)); - if (ndr_get_array_length(ndr, &r->domain) > ndr_get_array_size(ndr, &r->domain)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->domain), ndr_get_array_length(ndr, &r->domain)); + size_domain_1 = ndr_get_array_size(ndr, &r->domain); + length_domain_1 = ndr_get_array_length(ndr, &r->domain); + if (length_domain_1 > size_domain_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_domain_1, length_domain_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->domain), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->domain, ndr_get_array_length(ndr, &r->domain), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_domain_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->domain, length_domain_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_domain_0, 0); } if (r->script_path) { @@ -151,11 +165,13 @@ static enum ndr_err_code ndr_pull_netr_UasInfo(struct ndr_pull *ndr, int ndr_fla NDR_PULL_SET_MEM_CTX(ndr, r->script_path, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->script_path)); NDR_CHECK(ndr_pull_array_length(ndr, &r->script_path)); - if (ndr_get_array_length(ndr, &r->script_path) > ndr_get_array_size(ndr, &r->script_path)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->script_path), ndr_get_array_length(ndr, &r->script_path)); + size_script_path_1 = ndr_get_array_size(ndr, &r->script_path); + length_script_path_1 = ndr_get_array_length(ndr, &r->script_path); + if (length_script_path_1 > size_script_path_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_script_path_1, length_script_path_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->script_path), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->script_path, ndr_get_array_length(ndr, &r->script_path), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_script_path_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->script_path, length_script_path_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_script_path_0, 0); } } @@ -442,6 +458,8 @@ static enum ndr_err_code ndr_push_netr_ChallengeResponse(struct ndr_push *ndr, i static enum ndr_err_code ndr_pull_netr_ChallengeResponse(struct ndr_pull *ndr, int ndr_flags, struct netr_ChallengeResponse *r) { uint32_t _ptr_data; + uint32_t size_data_1 = 0; + uint32_t length_data_1 = 0; TALLOC_CTX *_mem_save_data_0; { uint32_t _flags_save_STRUCT = ndr->flags; @@ -464,11 +482,13 @@ static enum ndr_err_code ndr_pull_netr_ChallengeResponse(struct ndr_pull *ndr, i NDR_PULL_SET_MEM_CTX(ndr, r->data, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->data)); NDR_CHECK(ndr_pull_array_length(ndr, &r->data)); - if (ndr_get_array_length(ndr, &r->data) > ndr_get_array_size(ndr, &r->data)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->data), ndr_get_array_length(ndr, &r->data)); + size_data_1 = ndr_get_array_size(ndr, &r->data); + length_data_1 = ndr_get_array_length(ndr, &r->data); + if (length_data_1 > size_data_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_data_1, length_data_1); } - NDR_PULL_ALLOC_N(ndr, r->data, ndr_get_array_size(ndr, &r->data)); - NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->data, ndr_get_array_length(ndr, &r->data))); + NDR_PULL_ALLOC_N(ndr, r->data, size_data_1); + NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->data, length_data_1)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_data_0, 0); } if (r->data) { @@ -528,13 +548,15 @@ static enum ndr_err_code ndr_push_netr_NetworkInfo(struct ndr_push *ndr, int ndr static enum ndr_err_code ndr_pull_netr_NetworkInfo(struct ndr_pull *ndr, int ndr_flags, struct netr_NetworkInfo *r) { + uint32_t size_challenge_0 = 0; { uint32_t _flags_save_STRUCT = ndr->flags; ndr_set_flags(&ndr->flags, LIBNDR_PRINT_ARRAY_HEX); if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 5)); NDR_CHECK(ndr_pull_netr_IdentityInfo(ndr, NDR_SCALARS, &r->identity_info)); - NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->challenge, 8)); + size_challenge_0 = 8; + NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->challenge, size_challenge_0)); NDR_CHECK(ndr_pull_netr_ChallengeResponse(ndr, NDR_SCALARS, &r->nt)); NDR_CHECK(ndr_pull_netr_ChallengeResponse(ndr, NDR_SCALARS, &r->lm)); NDR_CHECK(ndr_pull_trailer_align(ndr, 5)); @@ -594,6 +616,7 @@ static enum ndr_err_code ndr_push_netr_GenericInfo(struct ndr_push *ndr, int ndr static enum ndr_err_code ndr_pull_netr_GenericInfo(struct ndr_pull *ndr, int ndr_flags, struct netr_GenericInfo *r) { uint32_t _ptr_data; + uint32_t size_data_1 = 0; TALLOC_CTX *_mem_save_data_0; { uint32_t _flags_save_STRUCT = ndr->flags; @@ -618,8 +641,9 @@ static enum ndr_err_code ndr_pull_netr_GenericInfo(struct ndr_pull *ndr, int ndr _mem_save_data_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->data, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->data)); - NDR_PULL_ALLOC_N(ndr, r->data, ndr_get_array_size(ndr, &r->data)); - NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->data, ndr_get_array_size(ndr, &r->data))); + size_data_1 = ndr_get_array_size(ndr, &r->data); + NDR_PULL_ALLOC_N(ndr, r->data, size_data_1); + NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->data, size_data_1)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_data_0, 0); } if (r->data) { @@ -778,8 +802,11 @@ _PUBLIC_ enum ndr_err_code ndr_pull_netr_LogonLevel(struct ndr_pull *ndr, int nd int level; uint16_t _level; TALLOC_CTX *_mem_save_password_0; + uint32_t _ptr_password; TALLOC_CTX *_mem_save_network_0; + uint32_t _ptr_network; TALLOC_CTX *_mem_save_generic_0; + uint32_t _ptr_generic; level = ndr_pull_get_switch_value(ndr, r); if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_uint1632(ndr, NDR_SCALARS, &_level)); @@ -789,7 +816,6 @@ _PUBLIC_ enum ndr_err_code ndr_pull_netr_LogonLevel(struct ndr_pull *ndr, int nd NDR_CHECK(ndr_pull_union_align(ndr, 5)); switch (level) { case NetlogonInteractiveInformation: { - uint32_t _ptr_password; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_password)); if (_ptr_password) { NDR_PULL_ALLOC(ndr, r->password); @@ -799,7 +825,6 @@ _PUBLIC_ enum ndr_err_code ndr_pull_netr_LogonLevel(struct ndr_pull *ndr, int nd break; } case NetlogonNetworkInformation: { - uint32_t _ptr_network; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_network)); if (_ptr_network) { NDR_PULL_ALLOC(ndr, r->network); @@ -809,7 +834,6 @@ _PUBLIC_ enum ndr_err_code ndr_pull_netr_LogonLevel(struct ndr_pull *ndr, int nd break; } case NetlogonServiceInformation: { - uint32_t _ptr_password; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_password)); if (_ptr_password) { NDR_PULL_ALLOC(ndr, r->password); @@ -819,7 +843,6 @@ _PUBLIC_ enum ndr_err_code ndr_pull_netr_LogonLevel(struct ndr_pull *ndr, int nd break; } case NetlogonGenericInformation: { - uint32_t _ptr_generic; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_generic)); if (_ptr_generic) { NDR_PULL_ALLOC(ndr, r->generic); @@ -829,7 +852,6 @@ _PUBLIC_ enum ndr_err_code ndr_pull_netr_LogonLevel(struct ndr_pull *ndr, int nd break; } case NetlogonInteractiveTransitiveInformation: { - uint32_t _ptr_password; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_password)); if (_ptr_password) { NDR_PULL_ALLOC(ndr, r->password); @@ -839,7 +861,6 @@ _PUBLIC_ enum ndr_err_code ndr_pull_netr_LogonLevel(struct ndr_pull *ndr, int nd break; } case NetlogonNetworkTransitiveInformation: { - uint32_t _ptr_network; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_network)); if (_ptr_network) { NDR_PULL_ALLOC(ndr, r->network); @@ -849,7 +870,6 @@ _PUBLIC_ enum ndr_err_code ndr_pull_netr_LogonLevel(struct ndr_pull *ndr, int nd break; } case NetlogonServiceTransitiveInformation: { - uint32_t _ptr_password; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_password)); if (_ptr_password) { NDR_PULL_ALLOC(ndr, r->password); @@ -1027,12 +1047,14 @@ _PUBLIC_ enum ndr_err_code ndr_push_netr_UserSessionKey(struct ndr_push *ndr, in _PUBLIC_ enum ndr_err_code ndr_pull_netr_UserSessionKey(struct ndr_pull *ndr, int ndr_flags, struct netr_UserSessionKey *r) { + uint32_t size_key_0 = 0; { uint32_t _flags_save_STRUCT = ndr->flags; ndr_set_flags(&ndr->flags, LIBNDR_PRINT_ARRAY_HEX); if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 1)); - NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->key, 16)); + size_key_0 = 16; + NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->key, size_key_0)); NDR_CHECK(ndr_pull_trailer_align(ndr, 1)); } if (ndr_flags & NDR_BUFFERS) { @@ -1074,12 +1096,14 @@ _PUBLIC_ enum ndr_err_code ndr_push_netr_LMSessionKey(struct ndr_push *ndr, int _PUBLIC_ enum ndr_err_code ndr_pull_netr_LMSessionKey(struct ndr_pull *ndr, int ndr_flags, struct netr_LMSessionKey *r) { + uint32_t size_key_0 = 0; { uint32_t _flags_save_STRUCT = ndr->flags; ndr_set_flags(&ndr->flags, LIBNDR_PRINT_ARRAY_HEX); if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 1)); - NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->key, 8)); + size_key_0 = 8; + NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->key, size_key_0)); NDR_CHECK(ndr_pull_trailer_align(ndr, 1)); } if (ndr_flags & NDR_BUFFERS) { @@ -1189,6 +1213,7 @@ static enum ndr_err_code ndr_pull_netr_SamBaseInfo(struct ndr_pull *ndr, int ndr { uint32_t _ptr_domain_sid; TALLOC_CTX *_mem_save_domain_sid_0; + uint32_t size_unknown_0 = 0; uint32_t cntr_unknown_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 5)); @@ -1221,7 +1246,8 @@ static enum ndr_err_code ndr_pull_netr_SamBaseInfo(struct ndr_pull *ndr, int ndr } NDR_CHECK(ndr_pull_netr_LMSessionKey(ndr, NDR_SCALARS, &r->LMSessKey)); NDR_CHECK(ndr_pull_samr_AcctFlags(ndr, NDR_SCALARS, &r->acct_flags)); - for (cntr_unknown_0 = 0; cntr_unknown_0 < 7; cntr_unknown_0++) { + size_unknown_0 = 7; + for (cntr_unknown_0 = 0; cntr_unknown_0 < size_unknown_0; cntr_unknown_0++) { NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->unknown[cntr_unknown_0])); } NDR_CHECK(ndr_pull_trailer_align(ndr, 5)); @@ -1411,6 +1437,7 @@ _PUBLIC_ enum ndr_err_code ndr_push_netr_SamInfo3(struct ndr_push *ndr, int ndr_ _PUBLIC_ enum ndr_err_code ndr_pull_netr_SamInfo3(struct ndr_pull *ndr, int ndr_flags, struct netr_SamInfo3 *r) { uint32_t _ptr_sids; + uint32_t size_sids_1 = 0; uint32_t cntr_sids_1; TALLOC_CTX *_mem_save_sids_0; TALLOC_CTX *_mem_save_sids_1; @@ -1432,13 +1459,14 @@ _PUBLIC_ enum ndr_err_code ndr_pull_netr_SamInfo3(struct ndr_pull *ndr, int ndr_ _mem_save_sids_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->sids, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->sids)); - NDR_PULL_ALLOC_N(ndr, r->sids, ndr_get_array_size(ndr, &r->sids)); + size_sids_1 = ndr_get_array_size(ndr, &r->sids); + NDR_PULL_ALLOC_N(ndr, r->sids, size_sids_1); _mem_save_sids_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->sids, 0); - for (cntr_sids_1 = 0; cntr_sids_1 < r->sidcount; cntr_sids_1++) { + for (cntr_sids_1 = 0; cntr_sids_1 < size_sids_1; cntr_sids_1++) { NDR_CHECK(ndr_pull_netr_SidAttr(ndr, NDR_SCALARS, &r->sids[cntr_sids_1])); } - for (cntr_sids_1 = 0; cntr_sids_1 < r->sidcount; cntr_sids_1++) { + for (cntr_sids_1 = 0; cntr_sids_1 < size_sids_1; cntr_sids_1++) { NDR_CHECK(ndr_pull_netr_SidAttr(ndr, NDR_BUFFERS, &r->sids[cntr_sids_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_sids_1, 0); @@ -1512,9 +1540,11 @@ static enum ndr_err_code ndr_push_netr_SamInfo6(struct ndr_push *ndr, int ndr_fl static enum ndr_err_code ndr_pull_netr_SamInfo6(struct ndr_pull *ndr, int ndr_flags, struct netr_SamInfo6 *r) { uint32_t _ptr_sids; + uint32_t size_sids_1 = 0; uint32_t cntr_sids_1; TALLOC_CTX *_mem_save_sids_0; TALLOC_CTX *_mem_save_sids_1; + uint32_t size_unknown4_0 = 0; uint32_t cntr_unknown4_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 5)); @@ -1528,7 +1558,8 @@ static enum ndr_err_code ndr_pull_netr_SamInfo6(struct ndr_pull *ndr, int ndr_fl } NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_SCALARS, &r->forest)); NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_SCALARS, &r->principle)); - for (cntr_unknown4_0 = 0; cntr_unknown4_0 < 20; cntr_unknown4_0++) { + size_unknown4_0 = 20; + for (cntr_unknown4_0 = 0; cntr_unknown4_0 < size_unknown4_0; cntr_unknown4_0++) { NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->unknown4[cntr_unknown4_0])); } NDR_CHECK(ndr_pull_trailer_align(ndr, 5)); @@ -1539,13 +1570,14 @@ static enum ndr_err_code ndr_pull_netr_SamInfo6(struct ndr_pull *ndr, int ndr_fl _mem_save_sids_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->sids, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->sids)); - NDR_PULL_ALLOC_N(ndr, r->sids, ndr_get_array_size(ndr, &r->sids)); + size_sids_1 = ndr_get_array_size(ndr, &r->sids); + NDR_PULL_ALLOC_N(ndr, r->sids, size_sids_1); _mem_save_sids_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->sids, 0); - for (cntr_sids_1 = 0; cntr_sids_1 < r->sidcount; cntr_sids_1++) { + for (cntr_sids_1 = 0; cntr_sids_1 < size_sids_1; cntr_sids_1++) { NDR_CHECK(ndr_pull_netr_SidAttr(ndr, NDR_SCALARS, &r->sids[cntr_sids_1])); } - for (cntr_sids_1 = 0; cntr_sids_1 < r->sidcount; cntr_sids_1++) { + for (cntr_sids_1 = 0; cntr_sids_1 < size_sids_1; cntr_sids_1++) { NDR_CHECK(ndr_pull_netr_SidAttr(ndr, NDR_BUFFERS, &r->sids[cntr_sids_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_sids_1, 0); @@ -1643,9 +1675,12 @@ static enum ndr_err_code ndr_push_netr_PacInfo(struct ndr_push *ndr, int ndr_fla static enum ndr_err_code ndr_pull_netr_PacInfo(struct ndr_pull *ndr, int ndr_flags, struct netr_PacInfo *r) { uint32_t _ptr_pac; + uint32_t size_pac_1 = 0; TALLOC_CTX *_mem_save_pac_0; uint32_t _ptr_auth; + uint32_t size_auth_1 = 0; TALLOC_CTX *_mem_save_auth_0; + uint32_t size_expansionroom_0 = 0; uint32_t cntr_expansionroom_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 5)); @@ -1667,7 +1702,8 @@ static enum ndr_err_code ndr_pull_netr_PacInfo(struct ndr_pull *ndr, int ndr_fla r->auth = NULL; } NDR_CHECK(ndr_pull_netr_UserSessionKey(ndr, NDR_SCALARS, &r->user_session_key)); - for (cntr_expansionroom_0 = 0; cntr_expansionroom_0 < 10; cntr_expansionroom_0++) { + size_expansionroom_0 = 10; + for (cntr_expansionroom_0 = 0; cntr_expansionroom_0 < size_expansionroom_0; cntr_expansionroom_0++) { NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->expansionroom[cntr_expansionroom_0])); } NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_SCALARS, &r->unknown1)); @@ -1681,8 +1717,9 @@ static enum ndr_err_code ndr_pull_netr_PacInfo(struct ndr_pull *ndr, int ndr_fla _mem_save_pac_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->pac, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->pac)); - NDR_PULL_ALLOC_N(ndr, r->pac, ndr_get_array_size(ndr, &r->pac)); - NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->pac, ndr_get_array_size(ndr, &r->pac))); + size_pac_1 = ndr_get_array_size(ndr, &r->pac); + NDR_PULL_ALLOC_N(ndr, r->pac, size_pac_1); + NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->pac, size_pac_1)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_pac_0, 0); } NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_BUFFERS, &r->logon_domain)); @@ -1692,8 +1729,9 @@ static enum ndr_err_code ndr_pull_netr_PacInfo(struct ndr_pull *ndr, int ndr_fla _mem_save_auth_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->auth, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->auth)); - NDR_PULL_ALLOC_N(ndr, r->auth, ndr_get_array_size(ndr, &r->auth)); - NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->auth, ndr_get_array_size(ndr, &r->auth))); + size_auth_1 = ndr_get_array_size(ndr, &r->auth); + NDR_PULL_ALLOC_N(ndr, r->auth, size_auth_1); + NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->auth, size_auth_1)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_auth_0, 0); } NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_BUFFERS, &r->unknown1)); @@ -1775,6 +1813,7 @@ static enum ndr_err_code ndr_push_netr_GenericInfo2(struct ndr_push *ndr, int nd static enum ndr_err_code ndr_pull_netr_GenericInfo2(struct ndr_pull *ndr, int ndr_flags, struct netr_GenericInfo2 *r) { uint32_t _ptr_data; + uint32_t size_data_1 = 0; TALLOC_CTX *_mem_save_data_0; { uint32_t _flags_save_STRUCT = ndr->flags; @@ -1795,8 +1834,9 @@ static enum ndr_err_code ndr_pull_netr_GenericInfo2(struct ndr_pull *ndr, int nd _mem_save_data_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->data, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->data)); - NDR_PULL_ALLOC_N(ndr, r->data, ndr_get_array_size(ndr, &r->data)); - NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->data, ndr_get_array_size(ndr, &r->data))); + size_data_1 = ndr_get_array_size(ndr, &r->data); + NDR_PULL_ALLOC_N(ndr, r->data, size_data_1); + NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->data, size_data_1)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_data_0, 0); } if (r->data) { @@ -1903,10 +1943,15 @@ _PUBLIC_ enum ndr_err_code ndr_pull_netr_Validation(struct ndr_pull *ndr, int nd int level; uint16_t _level; TALLOC_CTX *_mem_save_sam2_0; + uint32_t _ptr_sam2; TALLOC_CTX *_mem_save_sam3_0; + uint32_t _ptr_sam3; TALLOC_CTX *_mem_save_pac_0; + uint32_t _ptr_pac; TALLOC_CTX *_mem_save_generic_0; + uint32_t _ptr_generic; TALLOC_CTX *_mem_save_sam6_0; + uint32_t _ptr_sam6; level = ndr_pull_get_switch_value(ndr, r); if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, &_level)); @@ -1916,7 +1961,6 @@ _PUBLIC_ enum ndr_err_code ndr_pull_netr_Validation(struct ndr_pull *ndr, int nd NDR_CHECK(ndr_pull_union_align(ndr, 5)); switch (level) { case NetlogonValidationSamInfo: { - uint32_t _ptr_sam2; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_sam2)); if (_ptr_sam2) { NDR_PULL_ALLOC(ndr, r->sam2); @@ -1926,7 +1970,6 @@ _PUBLIC_ enum ndr_err_code ndr_pull_netr_Validation(struct ndr_pull *ndr, int nd break; } case NetlogonValidationSamInfo2: { - uint32_t _ptr_sam3; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_sam3)); if (_ptr_sam3) { NDR_PULL_ALLOC(ndr, r->sam3); @@ -1936,7 +1979,6 @@ _PUBLIC_ enum ndr_err_code ndr_pull_netr_Validation(struct ndr_pull *ndr, int nd break; } case 4: { - uint32_t _ptr_pac; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_pac)); if (_ptr_pac) { NDR_PULL_ALLOC(ndr, r->pac); @@ -1946,7 +1988,6 @@ _PUBLIC_ enum ndr_err_code ndr_pull_netr_Validation(struct ndr_pull *ndr, int nd break; } case NetlogonValidationGenericInfo2: { - uint32_t _ptr_generic; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_generic)); if (_ptr_generic) { NDR_PULL_ALLOC(ndr, r->generic); @@ -1956,7 +1997,6 @@ _PUBLIC_ enum ndr_err_code ndr_pull_netr_Validation(struct ndr_pull *ndr, int nd break; } case NetlogonValidationSamInfo4: { - uint32_t _ptr_sam6; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_sam6)); if (_ptr_sam6) { NDR_PULL_ALLOC(ndr, r->sam6); @@ -2098,12 +2138,14 @@ _PUBLIC_ enum ndr_err_code ndr_push_netr_Credential(struct ndr_push *ndr, int nd _PUBLIC_ enum ndr_err_code ndr_pull_netr_Credential(struct ndr_pull *ndr, int ndr_flags, struct netr_Credential *r) { + uint32_t size_data_0 = 0; { uint32_t _flags_save_STRUCT = ndr->flags; ndr_set_flags(&ndr->flags, LIBNDR_PRINT_ARRAY_HEX); if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 1)); - NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->data, 8)); + size_data_0 = 8; + NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->data, size_data_0)); NDR_CHECK(ndr_pull_trailer_align(ndr, 1)); } if (ndr_flags & NDR_BUFFERS) { @@ -2194,6 +2236,8 @@ static enum ndr_err_code ndr_push_netr_DELTA_DELETE_USER(struct ndr_push *ndr, i static enum ndr_err_code ndr_pull_netr_DELTA_DELETE_USER(struct ndr_pull *ndr, int ndr_flags, struct netr_DELTA_DELETE_USER *r) { uint32_t _ptr_account_name; + uint32_t size_account_name_1 = 0; + uint32_t length_account_name_1 = 0; TALLOC_CTX *_mem_save_account_name_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 5)); @@ -2219,11 +2263,13 @@ static enum ndr_err_code ndr_pull_netr_DELTA_DELETE_USER(struct ndr_pull *ndr, i NDR_PULL_SET_MEM_CTX(ndr, r->account_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->account_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->account_name)); - if (ndr_get_array_length(ndr, &r->account_name) > ndr_get_array_size(ndr, &r->account_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->account_name), ndr_get_array_length(ndr, &r->account_name)); + size_account_name_1 = ndr_get_array_size(ndr, &r->account_name); + length_account_name_1 = ndr_get_array_length(ndr, &r->account_name); + if (length_account_name_1 > size_account_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_account_name_1, length_account_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->account_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->account_name, ndr_get_array_length(ndr, &r->account_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_account_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->account_name, length_account_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_account_name_0, 0); } NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_BUFFERS, &r->unknown1)); @@ -2317,6 +2363,8 @@ static enum ndr_err_code ndr_push_netr_PasswordHistory(struct ndr_push *ndr, int static enum ndr_err_code ndr_pull_netr_PasswordHistory(struct ndr_pull *ndr, int ndr_flags, struct netr_PasswordHistory *r) { + uint32_t size_nt_history_0 = 0; + uint32_t size_lm_history_0 = 0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, &r->nt_length)); @@ -2325,10 +2373,12 @@ static enum ndr_err_code ndr_pull_netr_PasswordHistory(struct ndr_pull *ndr, int NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, &r->lm_length)); NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, &r->lm_size)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->lm_flags)); - NDR_PULL_ALLOC_N(ndr, r->nt_history, r->nt_length); - NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->nt_history, r->nt_length)); - NDR_PULL_ALLOC_N(ndr, r->lm_history, r->lm_length); - NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->lm_history, r->lm_length)); + size_nt_history_0 = r->nt_length; + NDR_PULL_ALLOC_N(ndr, r->nt_history, size_nt_history_0); + NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->nt_history, size_nt_history_0)); + size_lm_history_0 = r->lm_length; + NDR_PULL_ALLOC_N(ndr, r->lm_history, size_lm_history_0); + NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->lm_history, size_lm_history_0)); NDR_CHECK(ndr_pull_trailer_align(ndr, 4)); } if (ndr_flags & NDR_BUFFERS) { @@ -2487,6 +2537,7 @@ static enum ndr_err_code ndr_push_netr_USER_PRIVATE_INFO(struct ndr_push *ndr, i static enum ndr_err_code ndr_pull_netr_USER_PRIVATE_INFO(struct ndr_pull *ndr, int ndr_flags, struct netr_USER_PRIVATE_INFO *r) { uint32_t _ptr_SensitiveData; + uint32_t size_SensitiveData_1 = 0; TALLOC_CTX *_mem_save_SensitiveData_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 5)); @@ -2513,8 +2564,9 @@ static enum ndr_err_code ndr_pull_netr_USER_PRIVATE_INFO(struct ndr_pull *ndr, i _mem_save_SensitiveData_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->SensitiveData, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->SensitiveData)); - NDR_PULL_ALLOC_N(ndr, r->SensitiveData, ndr_get_array_size(ndr, &r->SensitiveData)); - NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->SensitiveData, ndr_get_array_size(ndr, &r->SensitiveData))); + size_SensitiveData_1 = ndr_get_array_size(ndr, &r->SensitiveData); + NDR_PULL_ALLOC_N(ndr, r->SensitiveData, size_SensitiveData_1); + NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->SensitiveData, size_SensitiveData_1)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_SensitiveData_0, 0); } ndr->flags = _flags_save_uint8; @@ -3004,10 +3056,12 @@ static enum ndr_err_code ndr_push_netr_DELTA_GROUP_MEMBER(struct ndr_push *ndr, static enum ndr_err_code ndr_pull_netr_DELTA_GROUP_MEMBER(struct ndr_pull *ndr, int ndr_flags, struct netr_DELTA_GROUP_MEMBER *r) { uint32_t _ptr_rids; + uint32_t size_rids_1 = 0; uint32_t cntr_rids_1; TALLOC_CTX *_mem_save_rids_0; TALLOC_CTX *_mem_save_rids_1; uint32_t _ptr_attribs; + uint32_t size_attribs_1 = 0; uint32_t cntr_attribs_1; TALLOC_CTX *_mem_save_attribs_0; TALLOC_CTX *_mem_save_attribs_1; @@ -3037,10 +3091,11 @@ static enum ndr_err_code ndr_pull_netr_DELTA_GROUP_MEMBER(struct ndr_pull *ndr, _mem_save_rids_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->rids, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->rids)); - NDR_PULL_ALLOC_N(ndr, r->rids, ndr_get_array_size(ndr, &r->rids)); + size_rids_1 = ndr_get_array_size(ndr, &r->rids); + NDR_PULL_ALLOC_N(ndr, r->rids, size_rids_1); _mem_save_rids_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->rids, 0); - for (cntr_rids_1 = 0; cntr_rids_1 < r->num_rids; cntr_rids_1++) { + for (cntr_rids_1 = 0; cntr_rids_1 < size_rids_1; cntr_rids_1++) { NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->rids[cntr_rids_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_rids_1, 0); @@ -3050,10 +3105,11 @@ static enum ndr_err_code ndr_pull_netr_DELTA_GROUP_MEMBER(struct ndr_pull *ndr, _mem_save_attribs_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->attribs, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->attribs)); - NDR_PULL_ALLOC_N(ndr, r->attribs, ndr_get_array_size(ndr, &r->attribs)); + size_attribs_1 = ndr_get_array_size(ndr, &r->attribs); + NDR_PULL_ALLOC_N(ndr, r->attribs, size_attribs_1); _mem_save_attribs_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->attribs, 0); - for (cntr_attribs_1 = 0; cntr_attribs_1 < r->num_rids; cntr_attribs_1++) { + for (cntr_attribs_1 = 0; cntr_attribs_1 < size_attribs_1; cntr_attribs_1++) { NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->attribs[cntr_attribs_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_attribs_1, 0); @@ -3333,6 +3389,7 @@ static enum ndr_err_code ndr_push_netr_DELTA_POLICY(struct ndr_push *ndr, int nd static enum ndr_err_code ndr_pull_netr_DELTA_POLICY(struct ndr_pull *ndr, int ndr_flags, struct netr_DELTA_POLICY *r) { uint32_t _ptr_eventauditoptions; + uint32_t size_eventauditoptions_1 = 0; uint32_t cntr_eventauditoptions_1; TALLOC_CTX *_mem_save_eventauditoptions_0; TALLOC_CTX *_mem_save_eventauditoptions_1; @@ -3377,10 +3434,11 @@ static enum ndr_err_code ndr_pull_netr_DELTA_POLICY(struct ndr_pull *ndr, int nd _mem_save_eventauditoptions_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->eventauditoptions, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->eventauditoptions)); - NDR_PULL_ALLOC_N(ndr, r->eventauditoptions, ndr_get_array_size(ndr, &r->eventauditoptions)); + size_eventauditoptions_1 = ndr_get_array_size(ndr, &r->eventauditoptions); + NDR_PULL_ALLOC_N(ndr, r->eventauditoptions, size_eventauditoptions_1); _mem_save_eventauditoptions_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->eventauditoptions, 0); - for (cntr_eventauditoptions_1 = 0; cntr_eventauditoptions_1 < r->maxauditeventcount + 1; cntr_eventauditoptions_1++) { + for (cntr_eventauditoptions_1 = 0; cntr_eventauditoptions_1 < size_eventauditoptions_1; cntr_eventauditoptions_1++) { NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->eventauditoptions[cntr_eventauditoptions_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_eventauditoptions_1, 0); @@ -3495,6 +3553,7 @@ static enum ndr_err_code ndr_push_netr_DELTA_TRUSTED_DOMAIN(struct ndr_push *ndr static enum ndr_err_code ndr_pull_netr_DELTA_TRUSTED_DOMAIN(struct ndr_pull *ndr, int ndr_flags, struct netr_DELTA_TRUSTED_DOMAIN *r) { uint32_t _ptr_controller_names; + uint32_t size_controller_names_1 = 0; uint32_t cntr_controller_names_1; TALLOC_CTX *_mem_save_controller_names_0; TALLOC_CTX *_mem_save_controller_names_1; @@ -3526,13 +3585,14 @@ static enum ndr_err_code ndr_pull_netr_DELTA_TRUSTED_DOMAIN(struct ndr_pull *ndr _mem_save_controller_names_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->controller_names, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->controller_names)); - NDR_PULL_ALLOC_N(ndr, r->controller_names, ndr_get_array_size(ndr, &r->controller_names)); + size_controller_names_1 = ndr_get_array_size(ndr, &r->controller_names); + NDR_PULL_ALLOC_N(ndr, r->controller_names, size_controller_names_1); _mem_save_controller_names_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->controller_names, 0); - for (cntr_controller_names_1 = 0; cntr_controller_names_1 < r->num_controllers; cntr_controller_names_1++) { + for (cntr_controller_names_1 = 0; cntr_controller_names_1 < size_controller_names_1; cntr_controller_names_1++) { NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_SCALARS, &r->controller_names[cntr_controller_names_1])); } - for (cntr_controller_names_1 = 0; cntr_controller_names_1 < r->num_controllers; cntr_controller_names_1++) { + for (cntr_controller_names_1 = 0; cntr_controller_names_1 < size_controller_names_1; cntr_controller_names_1++) { NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_BUFFERS, &r->controller_names[cntr_controller_names_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_controller_names_1, 0); @@ -3669,10 +3729,12 @@ static enum ndr_err_code ndr_push_netr_DELTA_ACCOUNT(struct ndr_push *ndr, int n static enum ndr_err_code ndr_pull_netr_DELTA_ACCOUNT(struct ndr_pull *ndr, int ndr_flags, struct netr_DELTA_ACCOUNT *r) { uint32_t _ptr_privilege_attrib; + uint32_t size_privilege_attrib_1 = 0; uint32_t cntr_privilege_attrib_1; TALLOC_CTX *_mem_save_privilege_attrib_0; TALLOC_CTX *_mem_save_privilege_attrib_1; uint32_t _ptr_privilege_name; + uint32_t size_privilege_name_1 = 0; uint32_t cntr_privilege_name_1; TALLOC_CTX *_mem_save_privilege_name_0; TALLOC_CTX *_mem_save_privilege_name_1; @@ -3711,10 +3773,11 @@ static enum ndr_err_code ndr_pull_netr_DELTA_ACCOUNT(struct ndr_pull *ndr, int n _mem_save_privilege_attrib_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->privilege_attrib, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->privilege_attrib)); - NDR_PULL_ALLOC_N(ndr, r->privilege_attrib, ndr_get_array_size(ndr, &r->privilege_attrib)); + size_privilege_attrib_1 = ndr_get_array_size(ndr, &r->privilege_attrib); + NDR_PULL_ALLOC_N(ndr, r->privilege_attrib, size_privilege_attrib_1); _mem_save_privilege_attrib_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->privilege_attrib, 0); - for (cntr_privilege_attrib_1 = 0; cntr_privilege_attrib_1 < r->privilege_entries; cntr_privilege_attrib_1++) { + for (cntr_privilege_attrib_1 = 0; cntr_privilege_attrib_1 < size_privilege_attrib_1; cntr_privilege_attrib_1++) { NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->privilege_attrib[cntr_privilege_attrib_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_privilege_attrib_1, 0); @@ -3724,13 +3787,14 @@ static enum ndr_err_code ndr_pull_netr_DELTA_ACCOUNT(struct ndr_pull *ndr, int n _mem_save_privilege_name_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->privilege_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->privilege_name)); - NDR_PULL_ALLOC_N(ndr, r->privilege_name, ndr_get_array_size(ndr, &r->privilege_name)); + size_privilege_name_1 = ndr_get_array_size(ndr, &r->privilege_name); + NDR_PULL_ALLOC_N(ndr, r->privilege_name, size_privilege_name_1); _mem_save_privilege_name_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->privilege_name, 0); - for (cntr_privilege_name_1 = 0; cntr_privilege_name_1 < r->privilege_entries; cntr_privilege_name_1++) { + for (cntr_privilege_name_1 = 0; cntr_privilege_name_1 < size_privilege_name_1; cntr_privilege_name_1++) { NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_SCALARS, &r->privilege_name[cntr_privilege_name_1])); } - for (cntr_privilege_name_1 = 0; cntr_privilege_name_1 < r->privilege_entries; cntr_privilege_name_1++) { + for (cntr_privilege_name_1 = 0; cntr_privilege_name_1 < size_privilege_name_1; cntr_privilege_name_1++) { NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_BUFFERS, &r->privilege_name[cntr_privilege_name_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_privilege_name_1, 0); @@ -3891,6 +3955,8 @@ static enum ndr_err_code ndr_push_netr_CIPHER_VALUE(struct ndr_push *ndr, int nd static enum ndr_err_code ndr_pull_netr_CIPHER_VALUE(struct ndr_pull *ndr, int ndr_flags, struct netr_CIPHER_VALUE *r) { uint32_t _ptr_cipher_data; + uint32_t size_cipher_data_1 = 0; + uint32_t length_cipher_data_1 = 0; TALLOC_CTX *_mem_save_cipher_data_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 5)); @@ -3910,11 +3976,13 @@ static enum ndr_err_code ndr_pull_netr_CIPHER_VALUE(struct ndr_pull *ndr, int nd NDR_PULL_SET_MEM_CTX(ndr, r->cipher_data, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->cipher_data)); NDR_CHECK(ndr_pull_array_length(ndr, &r->cipher_data)); - if (ndr_get_array_length(ndr, &r->cipher_data) > ndr_get_array_size(ndr, &r->cipher_data)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->cipher_data), ndr_get_array_length(ndr, &r->cipher_data)); + size_cipher_data_1 = ndr_get_array_size(ndr, &r->cipher_data); + length_cipher_data_1 = ndr_get_array_length(ndr, &r->cipher_data); + if (length_cipher_data_1 > size_cipher_data_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_cipher_data_1, length_cipher_data_1); } - NDR_PULL_ALLOC_N(ndr, r->cipher_data, ndr_get_array_size(ndr, &r->cipher_data)); - NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->cipher_data, ndr_get_array_length(ndr, &r->cipher_data))); + NDR_PULL_ALLOC_N(ndr, r->cipher_data, size_cipher_data_1); + NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->cipher_data, length_cipher_data_1)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_cipher_data_0, 0); } if (r->cipher_data) { @@ -4297,21 +4365,37 @@ static enum ndr_err_code ndr_pull_netr_DELTA_UNION(struct ndr_pull *ndr, int ndr int level; uint16_t _level; TALLOC_CTX *_mem_save_domain_0; + uint32_t _ptr_domain; TALLOC_CTX *_mem_save_group_0; + uint32_t _ptr_group; TALLOC_CTX *_mem_save_rename_group_0; + uint32_t _ptr_rename_group; TALLOC_CTX *_mem_save_user_0; + uint32_t _ptr_user; TALLOC_CTX *_mem_save_rename_user_0; + uint32_t _ptr_rename_user; TALLOC_CTX *_mem_save_group_member_0; + uint32_t _ptr_group_member; TALLOC_CTX *_mem_save_alias_0; + uint32_t _ptr_alias; TALLOC_CTX *_mem_save_rename_alias_0; + uint32_t _ptr_rename_alias; TALLOC_CTX *_mem_save_alias_member_0; + uint32_t _ptr_alias_member; TALLOC_CTX *_mem_save_policy_0; + uint32_t _ptr_policy; TALLOC_CTX *_mem_save_trusted_domain_0; + uint32_t _ptr_trusted_domain; TALLOC_CTX *_mem_save_account_0; + uint32_t _ptr_account; TALLOC_CTX *_mem_save_secret_0; + uint32_t _ptr_secret; TALLOC_CTX *_mem_save_delete_group_0; + uint32_t _ptr_delete_group; TALLOC_CTX *_mem_save_delete_user_0; + uint32_t _ptr_delete_user; TALLOC_CTX *_mem_save_modified_count_0; + uint32_t _ptr_modified_count; level = ndr_pull_get_switch_value(ndr, r); if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_uint1632(ndr, NDR_SCALARS, &_level)); @@ -4321,7 +4405,6 @@ static enum ndr_err_code ndr_pull_netr_DELTA_UNION(struct ndr_pull *ndr, int ndr NDR_CHECK(ndr_pull_union_align(ndr, 5)); switch (level) { case NETR_DELTA_DOMAIN: { - uint32_t _ptr_domain; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_domain)); if (_ptr_domain) { NDR_PULL_ALLOC(ndr, r->domain); @@ -4331,7 +4414,6 @@ static enum ndr_err_code ndr_pull_netr_DELTA_UNION(struct ndr_pull *ndr, int ndr break; } case NETR_DELTA_GROUP: { - uint32_t _ptr_group; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_group)); if (_ptr_group) { NDR_PULL_ALLOC(ndr, r->group); @@ -4344,7 +4426,6 @@ static enum ndr_err_code ndr_pull_netr_DELTA_UNION(struct ndr_pull *ndr, int ndr break; } case NETR_DELTA_RENAME_GROUP: { - uint32_t _ptr_rename_group; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_rename_group)); if (_ptr_rename_group) { NDR_PULL_ALLOC(ndr, r->rename_group); @@ -4354,7 +4435,6 @@ static enum ndr_err_code ndr_pull_netr_DELTA_UNION(struct ndr_pull *ndr, int ndr break; } case NETR_DELTA_USER: { - uint32_t _ptr_user; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_user)); if (_ptr_user) { NDR_PULL_ALLOC(ndr, r->user); @@ -4367,7 +4447,6 @@ static enum ndr_err_code ndr_pull_netr_DELTA_UNION(struct ndr_pull *ndr, int ndr break; } case NETR_DELTA_RENAME_USER: { - uint32_t _ptr_rename_user; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_rename_user)); if (_ptr_rename_user) { NDR_PULL_ALLOC(ndr, r->rename_user); @@ -4377,7 +4456,6 @@ static enum ndr_err_code ndr_pull_netr_DELTA_UNION(struct ndr_pull *ndr, int ndr break; } case NETR_DELTA_GROUP_MEMBER: { - uint32_t _ptr_group_member; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_group_member)); if (_ptr_group_member) { NDR_PULL_ALLOC(ndr, r->group_member); @@ -4387,7 +4465,6 @@ static enum ndr_err_code ndr_pull_netr_DELTA_UNION(struct ndr_pull *ndr, int ndr break; } case NETR_DELTA_ALIAS: { - uint32_t _ptr_alias; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_alias)); if (_ptr_alias) { NDR_PULL_ALLOC(ndr, r->alias); @@ -4400,7 +4477,6 @@ static enum ndr_err_code ndr_pull_netr_DELTA_UNION(struct ndr_pull *ndr, int ndr break; } case NETR_DELTA_RENAME_ALIAS: { - uint32_t _ptr_rename_alias; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_rename_alias)); if (_ptr_rename_alias) { NDR_PULL_ALLOC(ndr, r->rename_alias); @@ -4410,7 +4486,6 @@ static enum ndr_err_code ndr_pull_netr_DELTA_UNION(struct ndr_pull *ndr, int ndr break; } case NETR_DELTA_ALIAS_MEMBER: { - uint32_t _ptr_alias_member; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_alias_member)); if (_ptr_alias_member) { NDR_PULL_ALLOC(ndr, r->alias_member); @@ -4420,7 +4495,6 @@ static enum ndr_err_code ndr_pull_netr_DELTA_UNION(struct ndr_pull *ndr, int ndr break; } case NETR_DELTA_POLICY: { - uint32_t _ptr_policy; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_policy)); if (_ptr_policy) { NDR_PULL_ALLOC(ndr, r->policy); @@ -4430,7 +4504,6 @@ static enum ndr_err_code ndr_pull_netr_DELTA_UNION(struct ndr_pull *ndr, int ndr break; } case NETR_DELTA_TRUSTED_DOMAIN: { - uint32_t _ptr_trusted_domain; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_trusted_domain)); if (_ptr_trusted_domain) { NDR_PULL_ALLOC(ndr, r->trusted_domain); @@ -4444,7 +4517,6 @@ static enum ndr_err_code ndr_pull_netr_DELTA_UNION(struct ndr_pull *ndr, int ndr break; } case NETR_DELTA_ACCOUNT: { - uint32_t _ptr_account; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_account)); if (_ptr_account) { NDR_PULL_ALLOC(ndr, r->account); @@ -4458,7 +4530,6 @@ static enum ndr_err_code ndr_pull_netr_DELTA_UNION(struct ndr_pull *ndr, int ndr break; } case NETR_DELTA_SECRET: { - uint32_t _ptr_secret; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_secret)); if (_ptr_secret) { NDR_PULL_ALLOC(ndr, r->secret); @@ -4472,7 +4543,6 @@ static enum ndr_err_code ndr_pull_netr_DELTA_UNION(struct ndr_pull *ndr, int ndr break; } case NETR_DELTA_DELETE_GROUP2: { - uint32_t _ptr_delete_group; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_delete_group)); if (_ptr_delete_group) { NDR_PULL_ALLOC(ndr, r->delete_group); @@ -4482,7 +4552,6 @@ static enum ndr_err_code ndr_pull_netr_DELTA_UNION(struct ndr_pull *ndr, int ndr break; } case NETR_DELTA_DELETE_USER2: { - uint32_t _ptr_delete_user; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_delete_user)); if (_ptr_delete_user) { NDR_PULL_ALLOC(ndr, r->delete_user); @@ -4492,7 +4561,6 @@ static enum ndr_err_code ndr_pull_netr_DELTA_UNION(struct ndr_pull *ndr, int ndr break; } case NETR_DELTA_MODIFY_COUNT: { - uint32_t _ptr_modified_count; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_modified_count)); if (_ptr_modified_count) { NDR_PULL_ALLOC(ndr, r->modified_count); @@ -5058,7 +5126,11 @@ static enum ndr_err_code ndr_pull_netr_DELTA_ID_UNION(struct ndr_pull *ndr, int int level; uint16_t _level; TALLOC_CTX *_mem_save_sid_0; + uint32_t _ptr_sid; TALLOC_CTX *_mem_save_name_0; + uint32_t _ptr_name; + uint32_t size_name_1 = 0; + uint32_t length_name_1 = 0; level = ndr_pull_get_switch_value(ndr, r); if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_uint1632(ndr, NDR_SCALARS, &_level)); @@ -5116,7 +5188,6 @@ static enum ndr_err_code ndr_pull_netr_DELTA_ID_UNION(struct ndr_pull *ndr, int break; } case NETR_DELTA_POLICY: { - uint32_t _ptr_sid; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_sid)); if (_ptr_sid) { NDR_PULL_ALLOC(ndr, r->sid); @@ -5126,7 +5197,6 @@ static enum ndr_err_code ndr_pull_netr_DELTA_ID_UNION(struct ndr_pull *ndr, int break; } case NETR_DELTA_TRUSTED_DOMAIN: { - uint32_t _ptr_sid; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_sid)); if (_ptr_sid) { NDR_PULL_ALLOC(ndr, r->sid); @@ -5136,7 +5206,6 @@ static enum ndr_err_code ndr_pull_netr_DELTA_ID_UNION(struct ndr_pull *ndr, int break; } case NETR_DELTA_DELETE_TRUST: { - uint32_t _ptr_sid; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_sid)); if (_ptr_sid) { NDR_PULL_ALLOC(ndr, r->sid); @@ -5146,7 +5215,6 @@ static enum ndr_err_code ndr_pull_netr_DELTA_ID_UNION(struct ndr_pull *ndr, int break; } case NETR_DELTA_ACCOUNT: { - uint32_t _ptr_sid; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_sid)); if (_ptr_sid) { NDR_PULL_ALLOC(ndr, r->sid); @@ -5156,7 +5224,6 @@ static enum ndr_err_code ndr_pull_netr_DELTA_ID_UNION(struct ndr_pull *ndr, int break; } case NETR_DELTA_DELETE_ACCOUNT: { - uint32_t _ptr_sid; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_sid)); if (_ptr_sid) { NDR_PULL_ALLOC(ndr, r->sid); @@ -5166,7 +5233,6 @@ static enum ndr_err_code ndr_pull_netr_DELTA_ID_UNION(struct ndr_pull *ndr, int break; } case NETR_DELTA_SECRET: { - uint32_t _ptr_name; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_name)); if (_ptr_name) { NDR_PULL_ALLOC(ndr, r->name); @@ -5176,7 +5242,6 @@ static enum ndr_err_code ndr_pull_netr_DELTA_ID_UNION(struct ndr_pull *ndr, int break; } case NETR_DELTA_DELETE_SECRET: { - uint32_t _ptr_name; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_name)); if (_ptr_name) { NDR_PULL_ALLOC(ndr, r->name); @@ -5289,11 +5354,13 @@ static enum ndr_err_code ndr_pull_netr_DELTA_ID_UNION(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->name)); - if (ndr_get_array_length(ndr, &r->name) > ndr_get_array_size(ndr, &r->name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->name), ndr_get_array_length(ndr, &r->name)); + size_name_1 = ndr_get_array_size(ndr, &r->name); + length_name_1 = ndr_get_array_length(ndr, &r->name); + if (length_name_1 > size_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_name_1, length_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->name, ndr_get_array_length(ndr, &r->name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->name, length_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_name_0, 0); } break; @@ -5304,11 +5371,13 @@ static enum ndr_err_code ndr_pull_netr_DELTA_ID_UNION(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->name)); - if (ndr_get_array_length(ndr, &r->name) > ndr_get_array_size(ndr, &r->name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->name), ndr_get_array_length(ndr, &r->name)); + size_name_1 = ndr_get_array_size(ndr, &r->name); + length_name_1 = ndr_get_array_length(ndr, &r->name); + if (length_name_1 > size_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_name_1, length_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->name, ndr_get_array_length(ndr, &r->name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->name, length_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_name_0, 0); } break; @@ -5536,6 +5605,7 @@ static enum ndr_err_code ndr_push_netr_DELTA_ENUM_ARRAY(struct ndr_push *ndr, in static enum ndr_err_code ndr_pull_netr_DELTA_ENUM_ARRAY(struct ndr_pull *ndr, int ndr_flags, struct netr_DELTA_ENUM_ARRAY *r) { uint32_t _ptr_delta_enum; + uint32_t size_delta_enum_1 = 0; uint32_t cntr_delta_enum_1; TALLOC_CTX *_mem_save_delta_enum_0; TALLOC_CTX *_mem_save_delta_enum_1; @@ -5555,13 +5625,14 @@ static enum ndr_err_code ndr_pull_netr_DELTA_ENUM_ARRAY(struct ndr_pull *ndr, in _mem_save_delta_enum_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->delta_enum, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->delta_enum)); - NDR_PULL_ALLOC_N(ndr, r->delta_enum, ndr_get_array_size(ndr, &r->delta_enum)); + size_delta_enum_1 = ndr_get_array_size(ndr, &r->delta_enum); + NDR_PULL_ALLOC_N(ndr, r->delta_enum, size_delta_enum_1); _mem_save_delta_enum_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->delta_enum, 0); - for (cntr_delta_enum_1 = 0; cntr_delta_enum_1 < r->num_deltas; cntr_delta_enum_1++) { + for (cntr_delta_enum_1 = 0; cntr_delta_enum_1 < size_delta_enum_1; cntr_delta_enum_1++) { NDR_CHECK(ndr_pull_netr_DELTA_ENUM(ndr, NDR_SCALARS, &r->delta_enum[cntr_delta_enum_1])); } - for (cntr_delta_enum_1 = 0; cntr_delta_enum_1 < r->num_deltas; cntr_delta_enum_1++) { + for (cntr_delta_enum_1 = 0; cntr_delta_enum_1 < size_delta_enum_1; cntr_delta_enum_1++) { NDR_CHECK(ndr_pull_netr_DELTA_ENUM(ndr, NDR_BUFFERS, &r->delta_enum[cntr_delta_enum_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_delta_enum_1, 0); @@ -5619,12 +5690,14 @@ static enum ndr_err_code ndr_push_netr_UAS_INFO_0(struct ndr_push *ndr, int ndr_ static enum ndr_err_code ndr_pull_netr_UAS_INFO_0(struct ndr_pull *ndr, int ndr_flags, struct netr_UAS_INFO_0 *r) { + uint32_t size_computer_name_0 = 0; { uint32_t _flags_save_STRUCT = ndr->flags; ndr_set_flags(&ndr->flags, LIBNDR_PRINT_ARRAY_HEX); if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); - NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->computer_name, 16)); + size_computer_name_0 = 16; + NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->computer_name, size_computer_name_0)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->timecreated)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->serial_number)); NDR_CHECK(ndr_pull_trailer_align(ndr, 4)); @@ -5781,6 +5854,8 @@ static enum ndr_err_code ndr_push_netr_NETLOGON_INFO_2(struct ndr_push *ndr, int static enum ndr_err_code ndr_pull_netr_NETLOGON_INFO_2(struct ndr_pull *ndr, int ndr_flags, struct netr_NETLOGON_INFO_2 *r) { uint32_t _ptr_trusted_dc_name; + uint32_t size_trusted_dc_name_1 = 0; + uint32_t length_trusted_dc_name_1 = 0; TALLOC_CTX *_mem_save_trusted_dc_name_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 5)); @@ -5801,11 +5876,13 @@ static enum ndr_err_code ndr_pull_netr_NETLOGON_INFO_2(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->trusted_dc_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->trusted_dc_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->trusted_dc_name)); - if (ndr_get_array_length(ndr, &r->trusted_dc_name) > ndr_get_array_size(ndr, &r->trusted_dc_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->trusted_dc_name), ndr_get_array_length(ndr, &r->trusted_dc_name)); + size_trusted_dc_name_1 = ndr_get_array_size(ndr, &r->trusted_dc_name); + length_trusted_dc_name_1 = ndr_get_array_length(ndr, &r->trusted_dc_name); + if (length_trusted_dc_name_1 > size_trusted_dc_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_trusted_dc_name_1, length_trusted_dc_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->trusted_dc_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->trusted_dc_name, ndr_get_array_length(ndr, &r->trusted_dc_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_trusted_dc_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->trusted_dc_name, length_trusted_dc_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_trusted_dc_name_0, 0); } } @@ -5906,8 +5983,12 @@ static enum ndr_err_code ndr_push_netr_NETLOGON_INFO_4(struct ndr_push *ndr, int static enum ndr_err_code ndr_pull_netr_NETLOGON_INFO_4(struct ndr_pull *ndr, int ndr_flags, struct netr_NETLOGON_INFO_4 *r) { uint32_t _ptr_trusted_dc_name; + uint32_t size_trusted_dc_name_1 = 0; + uint32_t length_trusted_dc_name_1 = 0; TALLOC_CTX *_mem_save_trusted_dc_name_0; uint32_t _ptr_trusted_domain_name; + uint32_t size_trusted_domain_name_1 = 0; + uint32_t length_trusted_domain_name_1 = 0; TALLOC_CTX *_mem_save_trusted_domain_name_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 5)); @@ -5931,11 +6012,13 @@ static enum ndr_err_code ndr_pull_netr_NETLOGON_INFO_4(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->trusted_dc_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->trusted_dc_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->trusted_dc_name)); - if (ndr_get_array_length(ndr, &r->trusted_dc_name) > ndr_get_array_size(ndr, &r->trusted_dc_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->trusted_dc_name), ndr_get_array_length(ndr, &r->trusted_dc_name)); + size_trusted_dc_name_1 = ndr_get_array_size(ndr, &r->trusted_dc_name); + length_trusted_dc_name_1 = ndr_get_array_length(ndr, &r->trusted_dc_name); + if (length_trusted_dc_name_1 > size_trusted_dc_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_trusted_dc_name_1, length_trusted_dc_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->trusted_dc_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->trusted_dc_name, ndr_get_array_length(ndr, &r->trusted_dc_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_trusted_dc_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->trusted_dc_name, length_trusted_dc_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_trusted_dc_name_0, 0); } if (r->trusted_domain_name) { @@ -5943,11 +6026,13 @@ static enum ndr_err_code ndr_pull_netr_NETLOGON_INFO_4(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->trusted_domain_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->trusted_domain_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->trusted_domain_name)); - if (ndr_get_array_length(ndr, &r->trusted_domain_name) > ndr_get_array_size(ndr, &r->trusted_domain_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->trusted_domain_name), ndr_get_array_length(ndr, &r->trusted_domain_name)); + size_trusted_domain_name_1 = ndr_get_array_size(ndr, &r->trusted_domain_name); + length_trusted_domain_name_1 = ndr_get_array_length(ndr, &r->trusted_domain_name); + if (length_trusted_domain_name_1 > size_trusted_domain_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_trusted_domain_name_1, length_trusted_domain_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->trusted_domain_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->trusted_domain_name, ndr_get_array_length(ndr, &r->trusted_domain_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_trusted_domain_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->trusted_domain_name, length_trusted_domain_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_trusted_domain_name_0, 0); } } @@ -6041,9 +6126,13 @@ static enum ndr_err_code ndr_pull_netr_CONTROL_QUERY_INFORMATION(struct ndr_pull int level; uint32_t _level; TALLOC_CTX *_mem_save_info1_0; + uint32_t _ptr_info1; TALLOC_CTX *_mem_save_info2_0; + uint32_t _ptr_info2; TALLOC_CTX *_mem_save_info3_0; + uint32_t _ptr_info3; TALLOC_CTX *_mem_save_info4_0; + uint32_t _ptr_info4; level = ndr_pull_get_switch_value(ndr, r); if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &_level)); @@ -6053,7 +6142,6 @@ static enum ndr_err_code ndr_pull_netr_CONTROL_QUERY_INFORMATION(struct ndr_pull NDR_CHECK(ndr_pull_union_align(ndr, 5)); switch (level) { case 1: { - uint32_t _ptr_info1; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info1)); if (_ptr_info1) { NDR_PULL_ALLOC(ndr, r->info1); @@ -6063,7 +6151,6 @@ static enum ndr_err_code ndr_pull_netr_CONTROL_QUERY_INFORMATION(struct ndr_pull break; } case 2: { - uint32_t _ptr_info2; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info2)); if (_ptr_info2) { NDR_PULL_ALLOC(ndr, r->info2); @@ -6073,7 +6160,6 @@ static enum ndr_err_code ndr_pull_netr_CONTROL_QUERY_INFORMATION(struct ndr_pull break; } case 3: { - uint32_t _ptr_info3; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info3)); if (_ptr_info3) { NDR_PULL_ALLOC(ndr, r->info3); @@ -6083,7 +6169,6 @@ static enum ndr_err_code ndr_pull_netr_CONTROL_QUERY_INFORMATION(struct ndr_pull break; } case 4: { - uint32_t _ptr_info4; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info4)); if (_ptr_info4) { NDR_PULL_ALLOC(ndr, r->info4); @@ -6343,7 +6428,13 @@ static enum ndr_err_code ndr_pull_netr_CONTROL_DATA_INFORMATION(struct ndr_pull int level; uint32_t _level; TALLOC_CTX *_mem_save_domain_0; + uint32_t _ptr_domain; + uint32_t size_domain_1 = 0; + uint32_t length_domain_1 = 0; TALLOC_CTX *_mem_save_user_0; + uint32_t _ptr_user; + uint32_t size_user_1 = 0; + uint32_t length_user_1 = 0; level = ndr_pull_get_switch_value(ndr, r); if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &_level)); @@ -6353,7 +6444,6 @@ static enum ndr_err_code ndr_pull_netr_CONTROL_DATA_INFORMATION(struct ndr_pull NDR_CHECK(ndr_pull_union_align(ndr, 5)); switch (level) { case NETLOGON_CONTROL_REDISCOVER: { - uint32_t _ptr_domain; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_domain)); if (_ptr_domain) { NDR_PULL_ALLOC(ndr, r->domain); @@ -6363,7 +6453,6 @@ static enum ndr_err_code ndr_pull_netr_CONTROL_DATA_INFORMATION(struct ndr_pull break; } case NETLOGON_CONTROL_TC_QUERY: { - uint32_t _ptr_domain; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_domain)); if (_ptr_domain) { NDR_PULL_ALLOC(ndr, r->domain); @@ -6373,7 +6462,6 @@ static enum ndr_err_code ndr_pull_netr_CONTROL_DATA_INFORMATION(struct ndr_pull break; } case NETLOGON_CONTROL_TRANSPORT_NOTIFY: { - uint32_t _ptr_domain; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_domain)); if (_ptr_domain) { NDR_PULL_ALLOC(ndr, r->domain); @@ -6383,7 +6471,6 @@ static enum ndr_err_code ndr_pull_netr_CONTROL_DATA_INFORMATION(struct ndr_pull break; } case NETLOGON_CONTROL_CHANGE_PASSWORD: { - uint32_t _ptr_domain; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_domain)); if (_ptr_domain) { NDR_PULL_ALLOC(ndr, r->domain); @@ -6393,7 +6480,6 @@ static enum ndr_err_code ndr_pull_netr_CONTROL_DATA_INFORMATION(struct ndr_pull break; } case NETLOGON_CONTROL_TC_VERIFY: { - uint32_t _ptr_domain; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_domain)); if (_ptr_domain) { NDR_PULL_ALLOC(ndr, r->domain); @@ -6403,7 +6489,6 @@ static enum ndr_err_code ndr_pull_netr_CONTROL_DATA_INFORMATION(struct ndr_pull break; } case NETLOGON_CONTROL_FIND_USER: { - uint32_t _ptr_user; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_user)); if (_ptr_user) { NDR_PULL_ALLOC(ndr, r->user); @@ -6429,11 +6514,13 @@ static enum ndr_err_code ndr_pull_netr_CONTROL_DATA_INFORMATION(struct ndr_pull NDR_PULL_SET_MEM_CTX(ndr, r->domain, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->domain)); NDR_CHECK(ndr_pull_array_length(ndr, &r->domain)); - if (ndr_get_array_length(ndr, &r->domain) > ndr_get_array_size(ndr, &r->domain)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->domain), ndr_get_array_length(ndr, &r->domain)); + size_domain_1 = ndr_get_array_size(ndr, &r->domain); + length_domain_1 = ndr_get_array_length(ndr, &r->domain); + if (length_domain_1 > size_domain_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_domain_1, length_domain_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->domain), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->domain, ndr_get_array_length(ndr, &r->domain), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_domain_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->domain, length_domain_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_domain_0, 0); } break; @@ -6444,11 +6531,13 @@ static enum ndr_err_code ndr_pull_netr_CONTROL_DATA_INFORMATION(struct ndr_pull NDR_PULL_SET_MEM_CTX(ndr, r->domain, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->domain)); NDR_CHECK(ndr_pull_array_length(ndr, &r->domain)); - if (ndr_get_array_length(ndr, &r->domain) > ndr_get_array_size(ndr, &r->domain)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->domain), ndr_get_array_length(ndr, &r->domain)); + size_domain_1 = ndr_get_array_size(ndr, &r->domain); + length_domain_1 = ndr_get_array_length(ndr, &r->domain); + if (length_domain_1 > size_domain_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_domain_1, length_domain_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->domain), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->domain, ndr_get_array_length(ndr, &r->domain), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_domain_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->domain, length_domain_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_domain_0, 0); } break; @@ -6459,11 +6548,13 @@ static enum ndr_err_code ndr_pull_netr_CONTROL_DATA_INFORMATION(struct ndr_pull NDR_PULL_SET_MEM_CTX(ndr, r->domain, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->domain)); NDR_CHECK(ndr_pull_array_length(ndr, &r->domain)); - if (ndr_get_array_length(ndr, &r->domain) > ndr_get_array_size(ndr, &r->domain)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->domain), ndr_get_array_length(ndr, &r->domain)); + size_domain_1 = ndr_get_array_size(ndr, &r->domain); + length_domain_1 = ndr_get_array_length(ndr, &r->domain); + if (length_domain_1 > size_domain_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_domain_1, length_domain_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->domain), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->domain, ndr_get_array_length(ndr, &r->domain), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_domain_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->domain, length_domain_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_domain_0, 0); } break; @@ -6474,11 +6565,13 @@ static enum ndr_err_code ndr_pull_netr_CONTROL_DATA_INFORMATION(struct ndr_pull NDR_PULL_SET_MEM_CTX(ndr, r->domain, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->domain)); NDR_CHECK(ndr_pull_array_length(ndr, &r->domain)); - if (ndr_get_array_length(ndr, &r->domain) > ndr_get_array_size(ndr, &r->domain)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->domain), ndr_get_array_length(ndr, &r->domain)); + size_domain_1 = ndr_get_array_size(ndr, &r->domain); + length_domain_1 = ndr_get_array_length(ndr, &r->domain); + if (length_domain_1 > size_domain_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_domain_1, length_domain_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->domain), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->domain, ndr_get_array_length(ndr, &r->domain), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_domain_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->domain, length_domain_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_domain_0, 0); } break; @@ -6489,11 +6582,13 @@ static enum ndr_err_code ndr_pull_netr_CONTROL_DATA_INFORMATION(struct ndr_pull NDR_PULL_SET_MEM_CTX(ndr, r->domain, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->domain)); NDR_CHECK(ndr_pull_array_length(ndr, &r->domain)); - if (ndr_get_array_length(ndr, &r->domain) > ndr_get_array_size(ndr, &r->domain)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->domain), ndr_get_array_length(ndr, &r->domain)); + size_domain_1 = ndr_get_array_size(ndr, &r->domain); + length_domain_1 = ndr_get_array_length(ndr, &r->domain); + if (length_domain_1 > size_domain_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_domain_1, length_domain_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->domain), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->domain, ndr_get_array_length(ndr, &r->domain), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_domain_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->domain, length_domain_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_domain_0, 0); } break; @@ -6504,11 +6599,13 @@ static enum ndr_err_code ndr_pull_netr_CONTROL_DATA_INFORMATION(struct ndr_pull NDR_PULL_SET_MEM_CTX(ndr, r->user, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->user)); NDR_CHECK(ndr_pull_array_length(ndr, &r->user)); - if (ndr_get_array_length(ndr, &r->user) > ndr_get_array_size(ndr, &r->user)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->user), ndr_get_array_length(ndr, &r->user)); + size_user_1 = ndr_get_array_size(ndr, &r->user); + length_user_1 = ndr_get_array_length(ndr, &r->user); + if (length_user_1 > size_user_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_user_1, length_user_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->user), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->user, ndr_get_array_length(ndr, &r->user), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_user_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->user, length_user_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_user_0, 0); } break; @@ -6881,6 +6978,7 @@ static enum ndr_err_code ndr_push_netr_Blob(struct ndr_push *ndr, int ndr_flags, static enum ndr_err_code ndr_pull_netr_Blob(struct ndr_pull *ndr, int ndr_flags, struct netr_Blob *r) { uint32_t _ptr_data; + uint32_t size_data_1 = 0; TALLOC_CTX *_mem_save_data_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 5)); @@ -6898,8 +6996,9 @@ static enum ndr_err_code ndr_pull_netr_Blob(struct ndr_pull *ndr, int ndr_flags, _mem_save_data_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->data, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->data)); - NDR_PULL_ALLOC_N(ndr, r->data, ndr_get_array_size(ndr, &r->data)); - NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->data, ndr_get_array_size(ndr, &r->data))); + size_data_1 = ndr_get_array_size(ndr, &r->data); + NDR_PULL_ALLOC_N(ndr, r->data, size_data_1); + NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->data, size_data_1)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_data_0, 0); } if (r->data) { @@ -7084,16 +7183,28 @@ _PUBLIC_ enum ndr_err_code ndr_push_netr_DsRGetDCNameInfo(struct ndr_push *ndr, _PUBLIC_ enum ndr_err_code ndr_pull_netr_DsRGetDCNameInfo(struct ndr_pull *ndr, int ndr_flags, struct netr_DsRGetDCNameInfo *r) { uint32_t _ptr_dc_unc; + uint32_t size_dc_unc_1 = 0; + uint32_t length_dc_unc_1 = 0; TALLOC_CTX *_mem_save_dc_unc_0; uint32_t _ptr_dc_address; + uint32_t size_dc_address_1 = 0; + uint32_t length_dc_address_1 = 0; TALLOC_CTX *_mem_save_dc_address_0; uint32_t _ptr_domain_name; + uint32_t size_domain_name_1 = 0; + uint32_t length_domain_name_1 = 0; TALLOC_CTX *_mem_save_domain_name_0; uint32_t _ptr_forest_name; + uint32_t size_forest_name_1 = 0; + uint32_t length_forest_name_1 = 0; TALLOC_CTX *_mem_save_forest_name_0; uint32_t _ptr_dc_site_name; + uint32_t size_dc_site_name_1 = 0; + uint32_t length_dc_site_name_1 = 0; TALLOC_CTX *_mem_save_dc_site_name_0; uint32_t _ptr_client_site_name; + uint32_t size_client_site_name_1 = 0; + uint32_t length_client_site_name_1 = 0; TALLOC_CTX *_mem_save_client_site_name_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 5)); @@ -7144,11 +7255,13 @@ _PUBLIC_ enum ndr_err_code ndr_pull_netr_DsRGetDCNameInfo(struct ndr_pull *ndr, NDR_PULL_SET_MEM_CTX(ndr, r->dc_unc, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->dc_unc)); NDR_CHECK(ndr_pull_array_length(ndr, &r->dc_unc)); - if (ndr_get_array_length(ndr, &r->dc_unc) > ndr_get_array_size(ndr, &r->dc_unc)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->dc_unc), ndr_get_array_length(ndr, &r->dc_unc)); + size_dc_unc_1 = ndr_get_array_size(ndr, &r->dc_unc); + length_dc_unc_1 = ndr_get_array_length(ndr, &r->dc_unc); + if (length_dc_unc_1 > size_dc_unc_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_dc_unc_1, length_dc_unc_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->dc_unc), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->dc_unc, ndr_get_array_length(ndr, &r->dc_unc), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_dc_unc_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->dc_unc, length_dc_unc_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_dc_unc_0, 0); } if (r->dc_address) { @@ -7156,11 +7269,13 @@ _PUBLIC_ enum ndr_err_code ndr_pull_netr_DsRGetDCNameInfo(struct ndr_pull *ndr, NDR_PULL_SET_MEM_CTX(ndr, r->dc_address, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->dc_address)); NDR_CHECK(ndr_pull_array_length(ndr, &r->dc_address)); - if (ndr_get_array_length(ndr, &r->dc_address) > ndr_get_array_size(ndr, &r->dc_address)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->dc_address), ndr_get_array_length(ndr, &r->dc_address)); + size_dc_address_1 = ndr_get_array_size(ndr, &r->dc_address); + length_dc_address_1 = ndr_get_array_length(ndr, &r->dc_address); + if (length_dc_address_1 > size_dc_address_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_dc_address_1, length_dc_address_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->dc_address), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->dc_address, ndr_get_array_length(ndr, &r->dc_address), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_dc_address_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->dc_address, length_dc_address_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_dc_address_0, 0); } if (r->domain_name) { @@ -7168,11 +7283,13 @@ _PUBLIC_ enum ndr_err_code ndr_pull_netr_DsRGetDCNameInfo(struct ndr_pull *ndr, NDR_PULL_SET_MEM_CTX(ndr, r->domain_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->domain_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->domain_name)); - if (ndr_get_array_length(ndr, &r->domain_name) > ndr_get_array_size(ndr, &r->domain_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->domain_name), ndr_get_array_length(ndr, &r->domain_name)); + size_domain_name_1 = ndr_get_array_size(ndr, &r->domain_name); + length_domain_name_1 = ndr_get_array_length(ndr, &r->domain_name); + if (length_domain_name_1 > size_domain_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_domain_name_1, length_domain_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->domain_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->domain_name, ndr_get_array_length(ndr, &r->domain_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_domain_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->domain_name, length_domain_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_domain_name_0, 0); } if (r->forest_name) { @@ -7180,11 +7297,13 @@ _PUBLIC_ enum ndr_err_code ndr_pull_netr_DsRGetDCNameInfo(struct ndr_pull *ndr, NDR_PULL_SET_MEM_CTX(ndr, r->forest_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->forest_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->forest_name)); - if (ndr_get_array_length(ndr, &r->forest_name) > ndr_get_array_size(ndr, &r->forest_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->forest_name), ndr_get_array_length(ndr, &r->forest_name)); + size_forest_name_1 = ndr_get_array_size(ndr, &r->forest_name); + length_forest_name_1 = ndr_get_array_length(ndr, &r->forest_name); + if (length_forest_name_1 > size_forest_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_forest_name_1, length_forest_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->forest_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->forest_name, ndr_get_array_length(ndr, &r->forest_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_forest_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->forest_name, length_forest_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_forest_name_0, 0); } if (r->dc_site_name) { @@ -7192,11 +7311,13 @@ _PUBLIC_ enum ndr_err_code ndr_pull_netr_DsRGetDCNameInfo(struct ndr_pull *ndr, NDR_PULL_SET_MEM_CTX(ndr, r->dc_site_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->dc_site_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->dc_site_name)); - if (ndr_get_array_length(ndr, &r->dc_site_name) > ndr_get_array_size(ndr, &r->dc_site_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->dc_site_name), ndr_get_array_length(ndr, &r->dc_site_name)); + size_dc_site_name_1 = ndr_get_array_size(ndr, &r->dc_site_name); + length_dc_site_name_1 = ndr_get_array_length(ndr, &r->dc_site_name); + if (length_dc_site_name_1 > size_dc_site_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_dc_site_name_1, length_dc_site_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->dc_site_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->dc_site_name, ndr_get_array_length(ndr, &r->dc_site_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_dc_site_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->dc_site_name, length_dc_site_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_dc_site_name_0, 0); } if (r->client_site_name) { @@ -7204,11 +7325,13 @@ _PUBLIC_ enum ndr_err_code ndr_pull_netr_DsRGetDCNameInfo(struct ndr_pull *ndr, NDR_PULL_SET_MEM_CTX(ndr, r->client_site_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->client_site_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->client_site_name)); - if (ndr_get_array_length(ndr, &r->client_site_name) > ndr_get_array_size(ndr, &r->client_site_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->client_site_name), ndr_get_array_length(ndr, &r->client_site_name)); + size_client_site_name_1 = ndr_get_array_size(ndr, &r->client_site_name); + length_client_site_name_1 = ndr_get_array_length(ndr, &r->client_site_name); + if (length_client_site_name_1 > size_client_site_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_client_site_name_1, length_client_site_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->client_site_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->client_site_name, ndr_get_array_length(ndr, &r->client_site_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_client_site_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->client_site_name, length_client_site_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_client_site_name_0, 0); } } @@ -7466,6 +7589,7 @@ static enum ndr_err_code ndr_push_netr_LsaPolicyInformation(struct ndr_push *ndr static enum ndr_err_code ndr_pull_netr_LsaPolicyInformation(struct ndr_pull *ndr, int ndr_flags, struct netr_LsaPolicyInformation *r) { uint32_t _ptr_policy; + uint32_t size_policy_1 = 0; TALLOC_CTX *_mem_save_policy_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 5)); @@ -7483,8 +7607,9 @@ static enum ndr_err_code ndr_pull_netr_LsaPolicyInformation(struct ndr_pull *ndr _mem_save_policy_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->policy, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->policy)); - NDR_PULL_ALLOC_N(ndr, r->policy, ndr_get_array_size(ndr, &r->policy)); - NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->policy, ndr_get_array_size(ndr, &r->policy))); + size_policy_1 = ndr_get_array_size(ndr, &r->policy); + NDR_PULL_ALLOC_N(ndr, r->policy, size_policy_1); + NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->policy, size_policy_1)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_policy_0, 0); } if (r->policy) { @@ -7760,16 +7885,28 @@ static enum ndr_err_code ndr_push_netr_WorkstationInformation(struct ndr_push *n static enum ndr_err_code ndr_pull_netr_WorkstationInformation(struct ndr_pull *ndr, int ndr_flags, struct netr_WorkstationInformation *r) { uint32_t _ptr_dns_hostname; + uint32_t size_dns_hostname_1 = 0; + uint32_t length_dns_hostname_1 = 0; TALLOC_CTX *_mem_save_dns_hostname_0; uint32_t _ptr_sitename; + uint32_t size_sitename_1 = 0; + uint32_t length_sitename_1 = 0; TALLOC_CTX *_mem_save_sitename_0; uint32_t _ptr_dummy1; + uint32_t size_dummy1_1 = 0; + uint32_t length_dummy1_1 = 0; TALLOC_CTX *_mem_save_dummy1_0; uint32_t _ptr_dummy2; + uint32_t size_dummy2_1 = 0; + uint32_t length_dummy2_1 = 0; TALLOC_CTX *_mem_save_dummy2_0; uint32_t _ptr_dummy3; + uint32_t size_dummy3_1 = 0; + uint32_t length_dummy3_1 = 0; TALLOC_CTX *_mem_save_dummy3_0; uint32_t _ptr_dummy4; + uint32_t size_dummy4_1 = 0; + uint32_t length_dummy4_1 = 0; TALLOC_CTX *_mem_save_dummy4_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 5)); @@ -7827,11 +7964,13 @@ static enum ndr_err_code ndr_pull_netr_WorkstationInformation(struct ndr_pull *n NDR_PULL_SET_MEM_CTX(ndr, r->dns_hostname, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->dns_hostname)); NDR_CHECK(ndr_pull_array_length(ndr, &r->dns_hostname)); - if (ndr_get_array_length(ndr, &r->dns_hostname) > ndr_get_array_size(ndr, &r->dns_hostname)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->dns_hostname), ndr_get_array_length(ndr, &r->dns_hostname)); + size_dns_hostname_1 = ndr_get_array_size(ndr, &r->dns_hostname); + length_dns_hostname_1 = ndr_get_array_length(ndr, &r->dns_hostname); + if (length_dns_hostname_1 > size_dns_hostname_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_dns_hostname_1, length_dns_hostname_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->dns_hostname), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->dns_hostname, ndr_get_array_length(ndr, &r->dns_hostname), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_dns_hostname_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->dns_hostname, length_dns_hostname_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_dns_hostname_0, 0); } if (r->sitename) { @@ -7839,11 +7978,13 @@ static enum ndr_err_code ndr_pull_netr_WorkstationInformation(struct ndr_pull *n NDR_PULL_SET_MEM_CTX(ndr, r->sitename, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->sitename)); NDR_CHECK(ndr_pull_array_length(ndr, &r->sitename)); - if (ndr_get_array_length(ndr, &r->sitename) > ndr_get_array_size(ndr, &r->sitename)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->sitename), ndr_get_array_length(ndr, &r->sitename)); + size_sitename_1 = ndr_get_array_size(ndr, &r->sitename); + length_sitename_1 = ndr_get_array_length(ndr, &r->sitename); + if (length_sitename_1 > size_sitename_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_sitename_1, length_sitename_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->sitename), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->sitename, ndr_get_array_length(ndr, &r->sitename), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_sitename_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->sitename, length_sitename_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_sitename_0, 0); } if (r->dummy1) { @@ -7851,11 +7992,13 @@ static enum ndr_err_code ndr_pull_netr_WorkstationInformation(struct ndr_pull *n NDR_PULL_SET_MEM_CTX(ndr, r->dummy1, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->dummy1)); NDR_CHECK(ndr_pull_array_length(ndr, &r->dummy1)); - if (ndr_get_array_length(ndr, &r->dummy1) > ndr_get_array_size(ndr, &r->dummy1)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->dummy1), ndr_get_array_length(ndr, &r->dummy1)); + size_dummy1_1 = ndr_get_array_size(ndr, &r->dummy1); + length_dummy1_1 = ndr_get_array_length(ndr, &r->dummy1); + if (length_dummy1_1 > size_dummy1_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_dummy1_1, length_dummy1_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->dummy1), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->dummy1, ndr_get_array_length(ndr, &r->dummy1), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_dummy1_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->dummy1, length_dummy1_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_dummy1_0, 0); } if (r->dummy2) { @@ -7863,11 +8006,13 @@ static enum ndr_err_code ndr_pull_netr_WorkstationInformation(struct ndr_pull *n NDR_PULL_SET_MEM_CTX(ndr, r->dummy2, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->dummy2)); NDR_CHECK(ndr_pull_array_length(ndr, &r->dummy2)); - if (ndr_get_array_length(ndr, &r->dummy2) > ndr_get_array_size(ndr, &r->dummy2)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->dummy2), ndr_get_array_length(ndr, &r->dummy2)); + size_dummy2_1 = ndr_get_array_size(ndr, &r->dummy2); + length_dummy2_1 = ndr_get_array_length(ndr, &r->dummy2); + if (length_dummy2_1 > size_dummy2_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_dummy2_1, length_dummy2_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->dummy2), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->dummy2, ndr_get_array_length(ndr, &r->dummy2), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_dummy2_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->dummy2, length_dummy2_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_dummy2_0, 0); } if (r->dummy3) { @@ -7875,11 +8020,13 @@ static enum ndr_err_code ndr_pull_netr_WorkstationInformation(struct ndr_pull *n NDR_PULL_SET_MEM_CTX(ndr, r->dummy3, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->dummy3)); NDR_CHECK(ndr_pull_array_length(ndr, &r->dummy3)); - if (ndr_get_array_length(ndr, &r->dummy3) > ndr_get_array_size(ndr, &r->dummy3)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->dummy3), ndr_get_array_length(ndr, &r->dummy3)); + size_dummy3_1 = ndr_get_array_size(ndr, &r->dummy3); + length_dummy3_1 = ndr_get_array_length(ndr, &r->dummy3); + if (length_dummy3_1 > size_dummy3_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_dummy3_1, length_dummy3_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->dummy3), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->dummy3, ndr_get_array_length(ndr, &r->dummy3), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_dummy3_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->dummy3, length_dummy3_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_dummy3_0, 0); } if (r->dummy4) { @@ -7887,11 +8034,13 @@ static enum ndr_err_code ndr_pull_netr_WorkstationInformation(struct ndr_pull *n NDR_PULL_SET_MEM_CTX(ndr, r->dummy4, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->dummy4)); NDR_CHECK(ndr_pull_array_length(ndr, &r->dummy4)); - if (ndr_get_array_length(ndr, &r->dummy4) > ndr_get_array_size(ndr, &r->dummy4)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->dummy4), ndr_get_array_length(ndr, &r->dummy4)); + size_dummy4_1 = ndr_get_array_size(ndr, &r->dummy4); + length_dummy4_1 = ndr_get_array_length(ndr, &r->dummy4); + if (length_dummy4_1 > size_dummy4_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_dummy4_1, length_dummy4_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->dummy4), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->dummy4, ndr_get_array_length(ndr, &r->dummy4), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_dummy4_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->dummy4, length_dummy4_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_dummy4_0, 0); } NDR_CHECK(ndr_pull_netr_OsVersionContainer(ndr, NDR_BUFFERS, &r->os_version)); @@ -8000,7 +8149,9 @@ static enum ndr_err_code ndr_pull_netr_WorkstationInfo(struct ndr_pull *ndr, int int level; uint32_t _level; TALLOC_CTX *_mem_save_workstation_info_0; + uint32_t _ptr_workstation_info; TALLOC_CTX *_mem_save_lsa_policy_info_0; + uint32_t _ptr_lsa_policy_info; level = ndr_pull_get_switch_value(ndr, r); if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &_level)); @@ -8010,7 +8161,6 @@ static enum ndr_err_code ndr_pull_netr_WorkstationInfo(struct ndr_pull *ndr, int NDR_CHECK(ndr_pull_union_align(ndr, 5)); switch (level) { case 1: { - uint32_t _ptr_workstation_info; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_workstation_info)); if (_ptr_workstation_info) { NDR_PULL_ALLOC(ndr, r->workstation_info); @@ -8020,7 +8170,6 @@ static enum ndr_err_code ndr_pull_netr_WorkstationInfo(struct ndr_pull *ndr, int break; } case 2: { - uint32_t _ptr_lsa_policy_info; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_lsa_policy_info)); if (_ptr_lsa_policy_info) { NDR_PULL_ALLOC(ndr, r->lsa_policy_info); @@ -8369,6 +8518,7 @@ static enum ndr_err_code ndr_push_netr_DomainInformation(struct ndr_push *ndr, i static enum ndr_err_code ndr_pull_netr_DomainInformation(struct ndr_pull *ndr, int ndr_flags, struct netr_DomainInformation *r) { uint32_t _ptr_trusted_domains; + uint32_t size_trusted_domains_1 = 0; uint32_t cntr_trusted_domains_1; TALLOC_CTX *_mem_save_trusted_domains_0; TALLOC_CTX *_mem_save_trusted_domains_1; @@ -8399,13 +8549,14 @@ static enum ndr_err_code ndr_pull_netr_DomainInformation(struct ndr_pull *ndr, i _mem_save_trusted_domains_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->trusted_domains, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->trusted_domains)); - NDR_PULL_ALLOC_N(ndr, r->trusted_domains, ndr_get_array_size(ndr, &r->trusted_domains)); + size_trusted_domains_1 = ndr_get_array_size(ndr, &r->trusted_domains); + NDR_PULL_ALLOC_N(ndr, r->trusted_domains, size_trusted_domains_1); _mem_save_trusted_domains_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->trusted_domains, 0); - for (cntr_trusted_domains_1 = 0; cntr_trusted_domains_1 < r->trusted_domain_count; cntr_trusted_domains_1++) { + for (cntr_trusted_domains_1 = 0; cntr_trusted_domains_1 < size_trusted_domains_1; cntr_trusted_domains_1++) { NDR_CHECK(ndr_pull_netr_OneDomainInfo(ndr, NDR_SCALARS, &r->trusted_domains[cntr_trusted_domains_1])); } - for (cntr_trusted_domains_1 = 0; cntr_trusted_domains_1 < r->trusted_domain_count; cntr_trusted_domains_1++) { + for (cntr_trusted_domains_1 = 0; cntr_trusted_domains_1 < size_trusted_domains_1; cntr_trusted_domains_1++) { NDR_CHECK(ndr_pull_netr_OneDomainInfo(ndr, NDR_BUFFERS, &r->trusted_domains[cntr_trusted_domains_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_trusted_domains_1, 0); @@ -8503,7 +8654,9 @@ static enum ndr_err_code ndr_pull_netr_DomainInfo(struct ndr_pull *ndr, int ndr_ int level; uint32_t _level; TALLOC_CTX *_mem_save_domain_info_0; + uint32_t _ptr_domain_info; TALLOC_CTX *_mem_save_lsa_policy_info_0; + uint32_t _ptr_lsa_policy_info; level = ndr_pull_get_switch_value(ndr, r); if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &_level)); @@ -8513,7 +8666,6 @@ static enum ndr_err_code ndr_pull_netr_DomainInfo(struct ndr_pull *ndr, int ndr_ NDR_CHECK(ndr_pull_union_align(ndr, 5)); switch (level) { case 1: { - uint32_t _ptr_domain_info; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_domain_info)); if (_ptr_domain_info) { NDR_PULL_ALLOC(ndr, r->domain_info); @@ -8523,7 +8675,6 @@ static enum ndr_err_code ndr_pull_netr_DomainInfo(struct ndr_pull *ndr, int ndr_ break; } case 2: { - uint32_t _ptr_lsa_policy_info; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_lsa_policy_info)); if (_ptr_lsa_policy_info) { NDR_PULL_ALLOC(ndr, r->lsa_policy_info); @@ -8612,12 +8763,14 @@ static enum ndr_err_code ndr_push_netr_CryptPassword(struct ndr_push *ndr, int n static enum ndr_err_code ndr_pull_netr_CryptPassword(struct ndr_pull *ndr, int ndr_flags, struct netr_CryptPassword *r) { + uint32_t size_data_0 = 0; { uint32_t _flags_save_STRUCT = ndr->flags; ndr_set_flags(&ndr->flags, LIBNDR_PRINT_ARRAY_HEX); if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); - NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->data, 512)); + size_data_0 = 512; + NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->data, size_data_0)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->length)); NDR_CHECK(ndr_pull_trailer_align(ndr, 4)); } @@ -8668,6 +8821,7 @@ static enum ndr_err_code ndr_push_netr_DsRAddressToSitenamesWCtr(struct ndr_push static enum ndr_err_code ndr_pull_netr_DsRAddressToSitenamesWCtr(struct ndr_pull *ndr, int ndr_flags, struct netr_DsRAddressToSitenamesWCtr *r) { uint32_t _ptr_sitename; + uint32_t size_sitename_1 = 0; uint32_t cntr_sitename_1; TALLOC_CTX *_mem_save_sitename_0; TALLOC_CTX *_mem_save_sitename_1; @@ -8687,13 +8841,14 @@ static enum ndr_err_code ndr_pull_netr_DsRAddressToSitenamesWCtr(struct ndr_pull _mem_save_sitename_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->sitename, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->sitename)); - NDR_PULL_ALLOC_N(ndr, r->sitename, ndr_get_array_size(ndr, &r->sitename)); + size_sitename_1 = ndr_get_array_size(ndr, &r->sitename); + NDR_PULL_ALLOC_N(ndr, r->sitename, size_sitename_1); _mem_save_sitename_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->sitename, 0); - for (cntr_sitename_1 = 0; cntr_sitename_1 < r->count; cntr_sitename_1++) { + for (cntr_sitename_1 = 0; cntr_sitename_1 < size_sitename_1; cntr_sitename_1++) { NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_SCALARS, &r->sitename[cntr_sitename_1])); } - for (cntr_sitename_1 = 0; cntr_sitename_1 < r->count; cntr_sitename_1++) { + for (cntr_sitename_1 = 0; cntr_sitename_1 < size_sitename_1; cntr_sitename_1++) { NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_BUFFERS, &r->sitename[cntr_sitename_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_sitename_1, 0); @@ -8750,6 +8905,7 @@ static enum ndr_err_code ndr_push_netr_DsRAddress(struct ndr_push *ndr, int ndr_ static enum ndr_err_code ndr_pull_netr_DsRAddress(struct ndr_pull *ndr, int ndr_flags, struct netr_DsRAddress *r) { uint32_t _ptr_buffer; + uint32_t size_buffer_1 = 0; TALLOC_CTX *_mem_save_buffer_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 5)); @@ -8767,8 +8923,9 @@ static enum ndr_err_code ndr_pull_netr_DsRAddress(struct ndr_pull *ndr, int ndr_ _mem_save_buffer_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->buffer, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->buffer)); - NDR_PULL_ALLOC_N(ndr, r->buffer, ndr_get_array_size(ndr, &r->buffer)); - NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->buffer, ndr_get_array_size(ndr, &r->buffer))); + size_buffer_1 = ndr_get_array_size(ndr, &r->buffer); + NDR_PULL_ALLOC_N(ndr, r->buffer, size_buffer_1); + NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->buffer, size_buffer_1)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_buffer_0, 0); } if (r->buffer) { @@ -8884,8 +9041,12 @@ static enum ndr_err_code ndr_push_netr_DomainTrust(struct ndr_push *ndr, int ndr static enum ndr_err_code ndr_pull_netr_DomainTrust(struct ndr_pull *ndr, int ndr_flags, struct netr_DomainTrust *r) { uint32_t _ptr_netbios_name; + uint32_t size_netbios_name_1 = 0; + uint32_t length_netbios_name_1 = 0; TALLOC_CTX *_mem_save_netbios_name_0; uint32_t _ptr_dns_name; + uint32_t size_dns_name_1 = 0; + uint32_t length_dns_name_1 = 0; TALLOC_CTX *_mem_save_dns_name_0; uint32_t _ptr_sid; TALLOC_CTX *_mem_save_sid_0; @@ -8922,11 +9083,13 @@ static enum ndr_err_code ndr_pull_netr_DomainTrust(struct ndr_pull *ndr, int ndr NDR_PULL_SET_MEM_CTX(ndr, r->netbios_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->netbios_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->netbios_name)); - if (ndr_get_array_length(ndr, &r->netbios_name) > ndr_get_array_size(ndr, &r->netbios_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->netbios_name), ndr_get_array_length(ndr, &r->netbios_name)); + size_netbios_name_1 = ndr_get_array_size(ndr, &r->netbios_name); + length_netbios_name_1 = ndr_get_array_length(ndr, &r->netbios_name); + if (length_netbios_name_1 > size_netbios_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_netbios_name_1, length_netbios_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->netbios_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->netbios_name, ndr_get_array_length(ndr, &r->netbios_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_netbios_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->netbios_name, length_netbios_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_netbios_name_0, 0); } if (r->dns_name) { @@ -8934,11 +9097,13 @@ static enum ndr_err_code ndr_pull_netr_DomainTrust(struct ndr_pull *ndr, int ndr NDR_PULL_SET_MEM_CTX(ndr, r->dns_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->dns_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->dns_name)); - if (ndr_get_array_length(ndr, &r->dns_name) > ndr_get_array_size(ndr, &r->dns_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->dns_name), ndr_get_array_length(ndr, &r->dns_name)); + size_dns_name_1 = ndr_get_array_size(ndr, &r->dns_name); + length_dns_name_1 = ndr_get_array_length(ndr, &r->dns_name); + if (length_dns_name_1 > size_dns_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_dns_name_1, length_dns_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->dns_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->dns_name, ndr_get_array_length(ndr, &r->dns_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_dns_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->dns_name, length_dns_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_dns_name_0, 0); } if (r->sid) { @@ -9007,6 +9172,7 @@ static enum ndr_err_code ndr_push_netr_DomainTrustList(struct ndr_push *ndr, int static enum ndr_err_code ndr_pull_netr_DomainTrustList(struct ndr_pull *ndr, int ndr_flags, struct netr_DomainTrustList *r) { uint32_t _ptr_array; + uint32_t size_array_1 = 0; uint32_t cntr_array_1; TALLOC_CTX *_mem_save_array_0; TALLOC_CTX *_mem_save_array_1; @@ -9026,13 +9192,14 @@ static enum ndr_err_code ndr_pull_netr_DomainTrustList(struct ndr_pull *ndr, int _mem_save_array_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->array)); - NDR_PULL_ALLOC_N(ndr, r->array, ndr_get_array_size(ndr, &r->array)); + size_array_1 = ndr_get_array_size(ndr, &r->array); + NDR_PULL_ALLOC_N(ndr, r->array, size_array_1); _mem_save_array_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); - for (cntr_array_1 = 0; cntr_array_1 < r->count; cntr_array_1++) { + for (cntr_array_1 = 0; cntr_array_1 < size_array_1; cntr_array_1++) { NDR_CHECK(ndr_pull_netr_DomainTrust(ndr, NDR_SCALARS, &r->array[cntr_array_1])); } - for (cntr_array_1 = 0; cntr_array_1 < r->count; cntr_array_1++) { + for (cntr_array_1 = 0; cntr_array_1 < size_array_1; cntr_array_1++) { NDR_CHECK(ndr_pull_netr_DomainTrust(ndr, NDR_BUFFERS, &r->array[cntr_array_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_array_1, 0); @@ -9106,10 +9273,12 @@ static enum ndr_err_code ndr_push_netr_DsRAddressToSitenamesExWCtr(struct ndr_pu static enum ndr_err_code ndr_pull_netr_DsRAddressToSitenamesExWCtr(struct ndr_pull *ndr, int ndr_flags, struct netr_DsRAddressToSitenamesExWCtr *r) { uint32_t _ptr_sitename; + uint32_t size_sitename_1 = 0; uint32_t cntr_sitename_1; TALLOC_CTX *_mem_save_sitename_0; TALLOC_CTX *_mem_save_sitename_1; uint32_t _ptr_subnetname; + uint32_t size_subnetname_1 = 0; uint32_t cntr_subnetname_1; TALLOC_CTX *_mem_save_subnetname_0; TALLOC_CTX *_mem_save_subnetname_1; @@ -9135,13 +9304,14 @@ static enum ndr_err_code ndr_pull_netr_DsRAddressToSitenamesExWCtr(struct ndr_pu _mem_save_sitename_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->sitename, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->sitename)); - NDR_PULL_ALLOC_N(ndr, r->sitename, ndr_get_array_size(ndr, &r->sitename)); + size_sitename_1 = ndr_get_array_size(ndr, &r->sitename); + NDR_PULL_ALLOC_N(ndr, r->sitename, size_sitename_1); _mem_save_sitename_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->sitename, 0); - for (cntr_sitename_1 = 0; cntr_sitename_1 < r->count; cntr_sitename_1++) { + for (cntr_sitename_1 = 0; cntr_sitename_1 < size_sitename_1; cntr_sitename_1++) { NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_SCALARS, &r->sitename[cntr_sitename_1])); } - for (cntr_sitename_1 = 0; cntr_sitename_1 < r->count; cntr_sitename_1++) { + for (cntr_sitename_1 = 0; cntr_sitename_1 < size_sitename_1; cntr_sitename_1++) { NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_BUFFERS, &r->sitename[cntr_sitename_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_sitename_1, 0); @@ -9151,13 +9321,14 @@ static enum ndr_err_code ndr_pull_netr_DsRAddressToSitenamesExWCtr(struct ndr_pu _mem_save_subnetname_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->subnetname, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->subnetname)); - NDR_PULL_ALLOC_N(ndr, r->subnetname, ndr_get_array_size(ndr, &r->subnetname)); + size_subnetname_1 = ndr_get_array_size(ndr, &r->subnetname); + NDR_PULL_ALLOC_N(ndr, r->subnetname, size_subnetname_1); _mem_save_subnetname_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->subnetname, 0); - for (cntr_subnetname_1 = 0; cntr_subnetname_1 < r->count; cntr_subnetname_1++) { + for (cntr_subnetname_1 = 0; cntr_subnetname_1 < size_subnetname_1; cntr_subnetname_1++) { NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_SCALARS, &r->subnetname[cntr_subnetname_1])); } - for (cntr_subnetname_1 = 0; cntr_subnetname_1 < r->count; cntr_subnetname_1++) { + for (cntr_subnetname_1 = 0; cntr_subnetname_1 < size_subnetname_1; cntr_subnetname_1++) { NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_BUFFERS, &r->subnetname[cntr_subnetname_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_subnetname_1, 0); @@ -9239,6 +9410,7 @@ static enum ndr_err_code ndr_push_DcSitesCtr(struct ndr_push *ndr, int ndr_flags static enum ndr_err_code ndr_pull_DcSitesCtr(struct ndr_pull *ndr, int ndr_flags, struct DcSitesCtr *r) { uint32_t _ptr_sites; + uint32_t size_sites_1 = 0; uint32_t cntr_sites_1; TALLOC_CTX *_mem_save_sites_0; TALLOC_CTX *_mem_save_sites_1; @@ -9258,13 +9430,14 @@ static enum ndr_err_code ndr_pull_DcSitesCtr(struct ndr_pull *ndr, int ndr_flags _mem_save_sites_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->sites, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->sites)); - NDR_PULL_ALLOC_N(ndr, r->sites, ndr_get_array_size(ndr, &r->sites)); + size_sites_1 = ndr_get_array_size(ndr, &r->sites); + NDR_PULL_ALLOC_N(ndr, r->sites, size_sites_1); _mem_save_sites_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->sites, 0); - for (cntr_sites_1 = 0; cntr_sites_1 < r->num_sites; cntr_sites_1++) { + for (cntr_sites_1 = 0; cntr_sites_1 < size_sites_1; cntr_sites_1++) { NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_SCALARS, &r->sites[cntr_sites_1])); } - for (cntr_sites_1 = 0; cntr_sites_1 < r->num_sites; cntr_sites_1++) { + for (cntr_sites_1 = 0; cntr_sites_1 < size_sites_1; cntr_sites_1++) { NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_BUFFERS, &r->sites[cntr_sites_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_sites_1, 0); @@ -9336,10 +9509,12 @@ static enum ndr_err_code ndr_push_netr_TrustInfo(struct ndr_push *ndr, int ndr_f static enum ndr_err_code ndr_pull_netr_TrustInfo(struct ndr_pull *ndr, int ndr_flags, struct netr_TrustInfo *r) { uint32_t _ptr_data; + uint32_t size_data_1 = 0; uint32_t cntr_data_1; TALLOC_CTX *_mem_save_data_0; TALLOC_CTX *_mem_save_data_1; uint32_t _ptr_entries; + uint32_t size_entries_1 = 0; uint32_t cntr_entries_1; TALLOC_CTX *_mem_save_entries_0; TALLOC_CTX *_mem_save_entries_1; @@ -9366,10 +9541,11 @@ static enum ndr_err_code ndr_pull_netr_TrustInfo(struct ndr_pull *ndr, int ndr_f _mem_save_data_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->data, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->data)); - NDR_PULL_ALLOC_N(ndr, r->data, ndr_get_array_size(ndr, &r->data)); + size_data_1 = ndr_get_array_size(ndr, &r->data); + NDR_PULL_ALLOC_N(ndr, r->data, size_data_1); _mem_save_data_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->data, 0); - for (cntr_data_1 = 0; cntr_data_1 < r->count; cntr_data_1++) { + for (cntr_data_1 = 0; cntr_data_1 < size_data_1; cntr_data_1++) { NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->data[cntr_data_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_data_1, 0); @@ -9379,13 +9555,14 @@ static enum ndr_err_code ndr_pull_netr_TrustInfo(struct ndr_pull *ndr, int ndr_f _mem_save_entries_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->entries, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->entries)); - NDR_PULL_ALLOC_N(ndr, r->entries, ndr_get_array_size(ndr, &r->entries)); + size_entries_1 = ndr_get_array_size(ndr, &r->entries); + NDR_PULL_ALLOC_N(ndr, r->entries, size_entries_1); _mem_save_entries_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->entries, 0); - for (cntr_entries_1 = 0; cntr_entries_1 < r->count; cntr_entries_1++) { + for (cntr_entries_1 = 0; cntr_entries_1 < size_entries_1; cntr_entries_1++) { NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_SCALARS, &r->entries[cntr_entries_1])); } - for (cntr_entries_1 = 0; cntr_entries_1 < r->count; cntr_entries_1++) { + for (cntr_entries_1 = 0; cntr_entries_1 < size_entries_1; cntr_entries_1++) { NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_BUFFERS, &r->entries[cntr_entries_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_entries_1, 0); @@ -9483,6 +9660,12 @@ static enum ndr_err_code ndr_push_netr_LogonUasLogon(struct ndr_push *ndr, int f static enum ndr_err_code ndr_pull_netr_LogonUasLogon(struct ndr_pull *ndr, int flags, struct netr_LogonUasLogon *r) { uint32_t _ptr_server_name; + uint32_t size_server_name_1 = 0; + uint32_t length_server_name_1 = 0; + uint32_t size_account_name_1 = 0; + uint32_t length_account_name_1 = 0; + uint32_t size_workstation_1 = 0; + uint32_t length_workstation_1 = 0; uint32_t _ptr_info; TALLOC_CTX *_mem_save_server_name_0; TALLOC_CTX *_mem_save_info_0; @@ -9501,27 +9684,33 @@ static enum ndr_err_code ndr_pull_netr_LogonUasLogon(struct ndr_pull *ndr, int f NDR_PULL_SET_MEM_CTX(ndr, r->in.server_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.server_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.server_name)); - if (ndr_get_array_length(ndr, &r->in.server_name) > ndr_get_array_size(ndr, &r->in.server_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.server_name), ndr_get_array_length(ndr, &r->in.server_name)); + size_server_name_1 = ndr_get_array_size(ndr, &r->in.server_name); + length_server_name_1 = ndr_get_array_length(ndr, &r->in.server_name); + if (length_server_name_1 > size_server_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_name_1, length_server_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.server_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_name, ndr_get_array_length(ndr, &r->in.server_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_name, length_server_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_name_0, 0); } NDR_CHECK(ndr_pull_array_size(ndr, &r->in.account_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.account_name)); - if (ndr_get_array_length(ndr, &r->in.account_name) > ndr_get_array_size(ndr, &r->in.account_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.account_name), ndr_get_array_length(ndr, &r->in.account_name)); + size_account_name_1 = ndr_get_array_size(ndr, &r->in.account_name); + length_account_name_1 = ndr_get_array_length(ndr, &r->in.account_name); + if (length_account_name_1 > size_account_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_account_name_1, length_account_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.account_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.account_name, ndr_get_array_length(ndr, &r->in.account_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_account_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.account_name, length_account_name_1, sizeof(uint16_t), CH_UTF16)); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.workstation)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.workstation)); - if (ndr_get_array_length(ndr, &r->in.workstation) > ndr_get_array_size(ndr, &r->in.workstation)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.workstation), ndr_get_array_length(ndr, &r->in.workstation)); + size_workstation_1 = ndr_get_array_size(ndr, &r->in.workstation); + length_workstation_1 = ndr_get_array_length(ndr, &r->in.workstation); + if (length_workstation_1 > size_workstation_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_workstation_1, length_workstation_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.workstation), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.workstation, ndr_get_array_length(ndr, &r->in.workstation), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_workstation_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.workstation, length_workstation_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_ALLOC(ndr, r->out.info); ZERO_STRUCTP(r->out.info); } @@ -9631,6 +9820,12 @@ static enum ndr_err_code ndr_push_netr_LogonUasLogoff(struct ndr_push *ndr, int static enum ndr_err_code ndr_pull_netr_LogonUasLogoff(struct ndr_pull *ndr, int flags, struct netr_LogonUasLogoff *r) { uint32_t _ptr_server_name; + uint32_t size_server_name_1 = 0; + uint32_t length_server_name_1 = 0; + uint32_t size_account_name_1 = 0; + uint32_t length_account_name_1 = 0; + uint32_t size_workstation_1 = 0; + uint32_t length_workstation_1 = 0; TALLOC_CTX *_mem_save_server_name_0; TALLOC_CTX *_mem_save_info_0; if (flags & NDR_IN) { @@ -9647,27 +9842,33 @@ static enum ndr_err_code ndr_pull_netr_LogonUasLogoff(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->in.server_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.server_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.server_name)); - if (ndr_get_array_length(ndr, &r->in.server_name) > ndr_get_array_size(ndr, &r->in.server_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.server_name), ndr_get_array_length(ndr, &r->in.server_name)); + size_server_name_1 = ndr_get_array_size(ndr, &r->in.server_name); + length_server_name_1 = ndr_get_array_length(ndr, &r->in.server_name); + if (length_server_name_1 > size_server_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_name_1, length_server_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.server_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_name, ndr_get_array_length(ndr, &r->in.server_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_name, length_server_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_name_0, 0); } NDR_CHECK(ndr_pull_array_size(ndr, &r->in.account_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.account_name)); - if (ndr_get_array_length(ndr, &r->in.account_name) > ndr_get_array_size(ndr, &r->in.account_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.account_name), ndr_get_array_length(ndr, &r->in.account_name)); + size_account_name_1 = ndr_get_array_size(ndr, &r->in.account_name); + length_account_name_1 = ndr_get_array_length(ndr, &r->in.account_name); + if (length_account_name_1 > size_account_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_account_name_1, length_account_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.account_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.account_name, ndr_get_array_length(ndr, &r->in.account_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_account_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.account_name, length_account_name_1, sizeof(uint16_t), CH_UTF16)); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.workstation)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.workstation)); - if (ndr_get_array_length(ndr, &r->in.workstation) > ndr_get_array_size(ndr, &r->in.workstation)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.workstation), ndr_get_array_length(ndr, &r->in.workstation)); + size_workstation_1 = ndr_get_array_size(ndr, &r->in.workstation); + length_workstation_1 = ndr_get_array_length(ndr, &r->in.workstation); + if (length_workstation_1 > size_workstation_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_workstation_1, length_workstation_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.workstation), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.workstation, ndr_get_array_length(ndr, &r->in.workstation), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_workstation_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.workstation, length_workstation_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_ALLOC(ndr, r->out.info); ZERO_STRUCTP(r->out.info); } @@ -9778,7 +9979,11 @@ static enum ndr_err_code ndr_push_netr_LogonSamLogon(struct ndr_push *ndr, int f static enum ndr_err_code ndr_pull_netr_LogonSamLogon(struct ndr_pull *ndr, int flags, struct netr_LogonSamLogon *r) { uint32_t _ptr_server_name; + uint32_t size_server_name_1 = 0; + uint32_t length_server_name_1 = 0; uint32_t _ptr_computer_name; + uint32_t size_computer_name_1 = 0; + uint32_t length_computer_name_1 = 0; uint32_t _ptr_credential; uint32_t _ptr_return_authenticator; TALLOC_CTX *_mem_save_server_name_0; @@ -9802,11 +10007,13 @@ static enum ndr_err_code ndr_pull_netr_LogonSamLogon(struct ndr_pull *ndr, int f NDR_PULL_SET_MEM_CTX(ndr, r->in.server_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.server_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.server_name)); - if (ndr_get_array_length(ndr, &r->in.server_name) > ndr_get_array_size(ndr, &r->in.server_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.server_name), ndr_get_array_length(ndr, &r->in.server_name)); + size_server_name_1 = ndr_get_array_size(ndr, &r->in.server_name); + length_server_name_1 = ndr_get_array_length(ndr, &r->in.server_name); + if (length_server_name_1 > size_server_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_name_1, length_server_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.server_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_name, ndr_get_array_length(ndr, &r->in.server_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_name, length_server_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_name_0, 0); } NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_computer_name)); @@ -9820,11 +10027,13 @@ static enum ndr_err_code ndr_pull_netr_LogonSamLogon(struct ndr_pull *ndr, int f NDR_PULL_SET_MEM_CTX(ndr, r->in.computer_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.computer_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.computer_name)); - if (ndr_get_array_length(ndr, &r->in.computer_name) > ndr_get_array_size(ndr, &r->in.computer_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.computer_name), ndr_get_array_length(ndr, &r->in.computer_name)); + size_computer_name_1 = ndr_get_array_size(ndr, &r->in.computer_name); + length_computer_name_1 = ndr_get_array_length(ndr, &r->in.computer_name); + if (length_computer_name_1 > size_computer_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_computer_name_1, length_computer_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.computer_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.computer_name, ndr_get_array_length(ndr, &r->in.computer_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_computer_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.computer_name, length_computer_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_computer_name_0, 0); } NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_credential)); @@ -10008,7 +10217,11 @@ static enum ndr_err_code ndr_push_netr_LogonSamLogoff(struct ndr_push *ndr, int static enum ndr_err_code ndr_pull_netr_LogonSamLogoff(struct ndr_pull *ndr, int flags, struct netr_LogonSamLogoff *r) { uint32_t _ptr_server_name; + uint32_t size_server_name_1 = 0; + uint32_t length_server_name_1 = 0; uint32_t _ptr_computer_name; + uint32_t size_computer_name_1 = 0; + uint32_t length_computer_name_1 = 0; uint32_t _ptr_credential; uint32_t _ptr_return_authenticator; TALLOC_CTX *_mem_save_server_name_0; @@ -10029,11 +10242,13 @@ static enum ndr_err_code ndr_pull_netr_LogonSamLogoff(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->in.server_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.server_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.server_name)); - if (ndr_get_array_length(ndr, &r->in.server_name) > ndr_get_array_size(ndr, &r->in.server_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.server_name), ndr_get_array_length(ndr, &r->in.server_name)); + size_server_name_1 = ndr_get_array_size(ndr, &r->in.server_name); + length_server_name_1 = ndr_get_array_length(ndr, &r->in.server_name); + if (length_server_name_1 > size_server_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_name_1, length_server_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.server_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_name, ndr_get_array_length(ndr, &r->in.server_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_name, length_server_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_name_0, 0); } NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_computer_name)); @@ -10047,11 +10262,13 @@ static enum ndr_err_code ndr_pull_netr_LogonSamLogoff(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->in.computer_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.computer_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.computer_name)); - if (ndr_get_array_length(ndr, &r->in.computer_name) > ndr_get_array_size(ndr, &r->in.computer_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.computer_name), ndr_get_array_length(ndr, &r->in.computer_name)); + size_computer_name_1 = ndr_get_array_size(ndr, &r->in.computer_name); + length_computer_name_1 = ndr_get_array_length(ndr, &r->in.computer_name); + if (length_computer_name_1 > size_computer_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_computer_name_1, length_computer_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.computer_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.computer_name, ndr_get_array_length(ndr, &r->in.computer_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_computer_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.computer_name, length_computer_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_computer_name_0, 0); } NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_credential)); @@ -10189,6 +10406,10 @@ _PUBLIC_ enum ndr_err_code ndr_push_netr_ServerReqChallenge(struct ndr_push *ndr _PUBLIC_ enum ndr_err_code ndr_pull_netr_ServerReqChallenge(struct ndr_pull *ndr, int flags, struct netr_ServerReqChallenge *r) { uint32_t _ptr_server_name; + uint32_t size_server_name_1 = 0; + uint32_t length_server_name_1 = 0; + uint32_t size_computer_name_1 = 0; + uint32_t length_computer_name_1 = 0; TALLOC_CTX *_mem_save_server_name_0; TALLOC_CTX *_mem_save_credentials_0; TALLOC_CTX *_mem_save_return_credentials_0; @@ -10206,20 +10427,24 @@ _PUBLIC_ enum ndr_err_code ndr_pull_netr_ServerReqChallenge(struct ndr_pull *ndr NDR_PULL_SET_MEM_CTX(ndr, r->in.server_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.server_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.server_name)); - if (ndr_get_array_length(ndr, &r->in.server_name) > ndr_get_array_size(ndr, &r->in.server_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.server_name), ndr_get_array_length(ndr, &r->in.server_name)); + size_server_name_1 = ndr_get_array_size(ndr, &r->in.server_name); + length_server_name_1 = ndr_get_array_length(ndr, &r->in.server_name); + if (length_server_name_1 > size_server_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_name_1, length_server_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.server_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_name, ndr_get_array_length(ndr, &r->in.server_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_name, length_server_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_name_0, 0); } NDR_CHECK(ndr_pull_array_size(ndr, &r->in.computer_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.computer_name)); - if (ndr_get_array_length(ndr, &r->in.computer_name) > ndr_get_array_size(ndr, &r->in.computer_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.computer_name), ndr_get_array_length(ndr, &r->in.computer_name)); + size_computer_name_1 = ndr_get_array_size(ndr, &r->in.computer_name); + length_computer_name_1 = ndr_get_array_length(ndr, &r->in.computer_name); + if (length_computer_name_1 > size_computer_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_computer_name_1, length_computer_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.computer_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.computer_name, ndr_get_array_length(ndr, &r->in.computer_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_computer_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.computer_name, length_computer_name_1, sizeof(uint16_t), CH_UTF16)); if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) { NDR_PULL_ALLOC(ndr, r->in.credentials); } @@ -10325,6 +10550,12 @@ static enum ndr_err_code ndr_push_netr_ServerAuthenticate(struct ndr_push *ndr, static enum ndr_err_code ndr_pull_netr_ServerAuthenticate(struct ndr_pull *ndr, int flags, struct netr_ServerAuthenticate *r) { uint32_t _ptr_server_name; + uint32_t size_server_name_1 = 0; + uint32_t length_server_name_1 = 0; + uint32_t size_account_name_1 = 0; + uint32_t length_account_name_1 = 0; + uint32_t size_computer_name_1 = 0; + uint32_t length_computer_name_1 = 0; TALLOC_CTX *_mem_save_server_name_0; TALLOC_CTX *_mem_save_credentials_0; TALLOC_CTX *_mem_save_return_credentials_0; @@ -10342,28 +10573,34 @@ static enum ndr_err_code ndr_pull_netr_ServerAuthenticate(struct ndr_pull *ndr, NDR_PULL_SET_MEM_CTX(ndr, r->in.server_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.server_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.server_name)); - if (ndr_get_array_length(ndr, &r->in.server_name) > ndr_get_array_size(ndr, &r->in.server_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.server_name), ndr_get_array_length(ndr, &r->in.server_name)); + size_server_name_1 = ndr_get_array_size(ndr, &r->in.server_name); + length_server_name_1 = ndr_get_array_length(ndr, &r->in.server_name); + if (length_server_name_1 > size_server_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_name_1, length_server_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.server_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_name, ndr_get_array_length(ndr, &r->in.server_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_name, length_server_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_name_0, 0); } NDR_CHECK(ndr_pull_array_size(ndr, &r->in.account_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.account_name)); - if (ndr_get_array_length(ndr, &r->in.account_name) > ndr_get_array_size(ndr, &r->in.account_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.account_name), ndr_get_array_length(ndr, &r->in.account_name)); + size_account_name_1 = ndr_get_array_size(ndr, &r->in.account_name); + length_account_name_1 = ndr_get_array_length(ndr, &r->in.account_name); + if (length_account_name_1 > size_account_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_account_name_1, length_account_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.account_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.account_name, ndr_get_array_length(ndr, &r->in.account_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_account_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.account_name, length_account_name_1, sizeof(uint16_t), CH_UTF16)); NDR_CHECK(ndr_pull_netr_SchannelType(ndr, NDR_SCALARS, &r->in.secure_channel_type)); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.computer_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.computer_name)); - if (ndr_get_array_length(ndr, &r->in.computer_name) > ndr_get_array_size(ndr, &r->in.computer_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.computer_name), ndr_get_array_length(ndr, &r->in.computer_name)); + size_computer_name_1 = ndr_get_array_size(ndr, &r->in.computer_name); + length_computer_name_1 = ndr_get_array_length(ndr, &r->in.computer_name); + if (length_computer_name_1 > size_computer_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_computer_name_1, length_computer_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.computer_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.computer_name, ndr_get_array_length(ndr, &r->in.computer_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_computer_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.computer_name, length_computer_name_1, sizeof(uint16_t), CH_UTF16)); if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) { NDR_PULL_ALLOC(ndr, r->in.credentials); } @@ -10478,6 +10715,12 @@ static enum ndr_err_code ndr_push_netr_ServerPasswordSet(struct ndr_push *ndr, i static enum ndr_err_code ndr_pull_netr_ServerPasswordSet(struct ndr_pull *ndr, int flags, struct netr_ServerPasswordSet *r) { uint32_t _ptr_server_name; + uint32_t size_server_name_1 = 0; + uint32_t length_server_name_1 = 0; + uint32_t size_account_name_1 = 0; + uint32_t length_account_name_1 = 0; + uint32_t size_computer_name_1 = 0; + uint32_t length_computer_name_1 = 0; TALLOC_CTX *_mem_save_server_name_0; TALLOC_CTX *_mem_save_credential_0; TALLOC_CTX *_mem_save_return_authenticator_0; @@ -10496,28 +10739,34 @@ static enum ndr_err_code ndr_pull_netr_ServerPasswordSet(struct ndr_pull *ndr, i NDR_PULL_SET_MEM_CTX(ndr, r->in.server_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.server_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.server_name)); - if (ndr_get_array_length(ndr, &r->in.server_name) > ndr_get_array_size(ndr, &r->in.server_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.server_name), ndr_get_array_length(ndr, &r->in.server_name)); + size_server_name_1 = ndr_get_array_size(ndr, &r->in.server_name); + length_server_name_1 = ndr_get_array_length(ndr, &r->in.server_name); + if (length_server_name_1 > size_server_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_name_1, length_server_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.server_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_name, ndr_get_array_length(ndr, &r->in.server_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_name, length_server_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_name_0, 0); } NDR_CHECK(ndr_pull_array_size(ndr, &r->in.account_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.account_name)); - if (ndr_get_array_length(ndr, &r->in.account_name) > ndr_get_array_size(ndr, &r->in.account_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.account_name), ndr_get_array_length(ndr, &r->in.account_name)); + size_account_name_1 = ndr_get_array_size(ndr, &r->in.account_name); + length_account_name_1 = ndr_get_array_length(ndr, &r->in.account_name); + if (length_account_name_1 > size_account_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_account_name_1, length_account_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.account_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.account_name, ndr_get_array_length(ndr, &r->in.account_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_account_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.account_name, length_account_name_1, sizeof(uint16_t), CH_UTF16)); NDR_CHECK(ndr_pull_netr_SchannelType(ndr, NDR_SCALARS, &r->in.secure_channel_type)); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.computer_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.computer_name)); - if (ndr_get_array_length(ndr, &r->in.computer_name) > ndr_get_array_size(ndr, &r->in.computer_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.computer_name), ndr_get_array_length(ndr, &r->in.computer_name)); + size_computer_name_1 = ndr_get_array_size(ndr, &r->in.computer_name); + length_computer_name_1 = ndr_get_array_length(ndr, &r->in.computer_name); + if (length_computer_name_1 > size_computer_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_computer_name_1, length_computer_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.computer_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.computer_name, ndr_get_array_length(ndr, &r->in.computer_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_computer_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.computer_name, length_computer_name_1, sizeof(uint16_t), CH_UTF16)); if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) { NDR_PULL_ALLOC(ndr, r->in.credential); } @@ -10651,6 +10900,10 @@ static enum ndr_err_code ndr_push_netr_DatabaseDeltas(struct ndr_push *ndr, int static enum ndr_err_code ndr_pull_netr_DatabaseDeltas(struct ndr_pull *ndr, int flags, struct netr_DatabaseDeltas *r) { + uint32_t size_logon_server_1 = 0; + uint32_t length_logon_server_1 = 0; + uint32_t size_computername_1 = 0; + uint32_t length_computername_1 = 0; uint32_t _ptr_delta_enum_array; TALLOC_CTX *_mem_save_credential_0; TALLOC_CTX *_mem_save_return_authenticator_0; @@ -10662,18 +10915,22 @@ static enum ndr_err_code ndr_pull_netr_DatabaseDeltas(struct ndr_pull *ndr, int NDR_CHECK(ndr_pull_array_size(ndr, &r->in.logon_server)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.logon_server)); - if (ndr_get_array_length(ndr, &r->in.logon_server) > ndr_get_array_size(ndr, &r->in.logon_server)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.logon_server), ndr_get_array_length(ndr, &r->in.logon_server)); + size_logon_server_1 = ndr_get_array_size(ndr, &r->in.logon_server); + length_logon_server_1 = ndr_get_array_length(ndr, &r->in.logon_server); + if (length_logon_server_1 > size_logon_server_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_logon_server_1, length_logon_server_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.logon_server), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.logon_server, ndr_get_array_length(ndr, &r->in.logon_server), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_logon_server_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.logon_server, length_logon_server_1, sizeof(uint16_t), CH_UTF16)); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.computername)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.computername)); - if (ndr_get_array_length(ndr, &r->in.computername) > ndr_get_array_size(ndr, &r->in.computername)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.computername), ndr_get_array_length(ndr, &r->in.computername)); + size_computername_1 = ndr_get_array_size(ndr, &r->in.computername); + length_computername_1 = ndr_get_array_length(ndr, &r->in.computername); + if (length_computername_1 > size_computername_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_computername_1, length_computername_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.computername), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.computername, ndr_get_array_length(ndr, &r->in.computername), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_computername_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.computername, length_computername_1, sizeof(uint16_t), CH_UTF16)); if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) { NDR_PULL_ALLOC(ndr, r->in.credential); } @@ -10857,6 +11114,10 @@ static enum ndr_err_code ndr_push_netr_DatabaseSync(struct ndr_push *ndr, int fl static enum ndr_err_code ndr_pull_netr_DatabaseSync(struct ndr_pull *ndr, int flags, struct netr_DatabaseSync *r) { + uint32_t size_logon_server_1 = 0; + uint32_t length_logon_server_1 = 0; + uint32_t size_computername_1 = 0; + uint32_t length_computername_1 = 0; uint32_t _ptr_delta_enum_array; TALLOC_CTX *_mem_save_credential_0; TALLOC_CTX *_mem_save_return_authenticator_0; @@ -10868,18 +11129,22 @@ static enum ndr_err_code ndr_pull_netr_DatabaseSync(struct ndr_pull *ndr, int fl NDR_CHECK(ndr_pull_array_size(ndr, &r->in.logon_server)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.logon_server)); - if (ndr_get_array_length(ndr, &r->in.logon_server) > ndr_get_array_size(ndr, &r->in.logon_server)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.logon_server), ndr_get_array_length(ndr, &r->in.logon_server)); + size_logon_server_1 = ndr_get_array_size(ndr, &r->in.logon_server); + length_logon_server_1 = ndr_get_array_length(ndr, &r->in.logon_server); + if (length_logon_server_1 > size_logon_server_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_logon_server_1, length_logon_server_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.logon_server), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.logon_server, ndr_get_array_length(ndr, &r->in.logon_server), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_logon_server_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.logon_server, length_logon_server_1, sizeof(uint16_t), CH_UTF16)); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.computername)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.computername)); - if (ndr_get_array_length(ndr, &r->in.computername) > ndr_get_array_size(ndr, &r->in.computername)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.computername), ndr_get_array_length(ndr, &r->in.computername)); + size_computername_1 = ndr_get_array_size(ndr, &r->in.computername); + length_computername_1 = ndr_get_array_length(ndr, &r->in.computername); + if (length_computername_1 > size_computername_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_computername_1, length_computername_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.computername), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.computername, ndr_get_array_length(ndr, &r->in.computername), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_computername_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.computername, length_computername_1, sizeof(uint16_t), CH_UTF16)); if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) { NDR_PULL_ALLOC(ndr, r->in.credential); } @@ -11069,6 +11334,10 @@ static enum ndr_err_code ndr_push_netr_AccountDeltas(struct ndr_push *ndr, int f static enum ndr_err_code ndr_pull_netr_AccountDeltas(struct ndr_pull *ndr, int flags, struct netr_AccountDeltas *r) { uint32_t _ptr_logon_server; + uint32_t size_logon_server_1 = 0; + uint32_t length_logon_server_1 = 0; + uint32_t size_computername_1 = 0; + uint32_t length_computername_1 = 0; TALLOC_CTX *_mem_save_logon_server_0; TALLOC_CTX *_mem_save_return_authenticator_0; TALLOC_CTX *_mem_save_buffer_0; @@ -11089,20 +11358,24 @@ static enum ndr_err_code ndr_pull_netr_AccountDeltas(struct ndr_pull *ndr, int f NDR_PULL_SET_MEM_CTX(ndr, r->in.logon_server, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.logon_server)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.logon_server)); - if (ndr_get_array_length(ndr, &r->in.logon_server) > ndr_get_array_size(ndr, &r->in.logon_server)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.logon_server), ndr_get_array_length(ndr, &r->in.logon_server)); + size_logon_server_1 = ndr_get_array_size(ndr, &r->in.logon_server); + length_logon_server_1 = ndr_get_array_length(ndr, &r->in.logon_server); + if (length_logon_server_1 > size_logon_server_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_logon_server_1, length_logon_server_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.logon_server), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.logon_server, ndr_get_array_length(ndr, &r->in.logon_server), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_logon_server_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.logon_server, length_logon_server_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_logon_server_0, 0); } NDR_CHECK(ndr_pull_array_size(ndr, &r->in.computername)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.computername)); - if (ndr_get_array_length(ndr, &r->in.computername) > ndr_get_array_size(ndr, &r->in.computername)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.computername), ndr_get_array_length(ndr, &r->in.computername)); + size_computername_1 = ndr_get_array_size(ndr, &r->in.computername); + length_computername_1 = ndr_get_array_length(ndr, &r->in.computername); + if (length_computername_1 > size_computername_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_computername_1, length_computername_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.computername), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.computername, ndr_get_array_length(ndr, &r->in.computername), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_computername_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.computername, length_computername_1, sizeof(uint16_t), CH_UTF16)); NDR_CHECK(ndr_pull_netr_Authenticator(ndr, NDR_SCALARS, &r->in.credential)); if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) { NDR_PULL_ALLOC(ndr, r->in.return_authenticator); @@ -11300,6 +11573,10 @@ static enum ndr_err_code ndr_push_netr_AccountSync(struct ndr_push *ndr, int fla static enum ndr_err_code ndr_pull_netr_AccountSync(struct ndr_pull *ndr, int flags, struct netr_AccountSync *r) { uint32_t _ptr_logon_server; + uint32_t size_logon_server_1 = 0; + uint32_t length_logon_server_1 = 0; + uint32_t size_computername_1 = 0; + uint32_t length_computername_1 = 0; TALLOC_CTX *_mem_save_logon_server_0; TALLOC_CTX *_mem_save_return_authenticator_0; TALLOC_CTX *_mem_save_buffer_0; @@ -11321,20 +11598,24 @@ static enum ndr_err_code ndr_pull_netr_AccountSync(struct ndr_pull *ndr, int fla NDR_PULL_SET_MEM_CTX(ndr, r->in.logon_server, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.logon_server)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.logon_server)); - if (ndr_get_array_length(ndr, &r->in.logon_server) > ndr_get_array_size(ndr, &r->in.logon_server)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.logon_server), ndr_get_array_length(ndr, &r->in.logon_server)); + size_logon_server_1 = ndr_get_array_size(ndr, &r->in.logon_server); + length_logon_server_1 = ndr_get_array_length(ndr, &r->in.logon_server); + if (length_logon_server_1 > size_logon_server_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_logon_server_1, length_logon_server_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.logon_server), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.logon_server, ndr_get_array_length(ndr, &r->in.logon_server), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_logon_server_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.logon_server, length_logon_server_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_logon_server_0, 0); } NDR_CHECK(ndr_pull_array_size(ndr, &r->in.computername)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.computername)); - if (ndr_get_array_length(ndr, &r->in.computername) > ndr_get_array_size(ndr, &r->in.computername)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.computername), ndr_get_array_length(ndr, &r->in.computername)); + size_computername_1 = ndr_get_array_size(ndr, &r->in.computername); + length_computername_1 = ndr_get_array_length(ndr, &r->in.computername); + if (length_computername_1 > size_computername_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_computername_1, length_computername_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.computername), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.computername, ndr_get_array_length(ndr, &r->in.computername), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_computername_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.computername, length_computername_1, sizeof(uint16_t), CH_UTF16)); NDR_CHECK(ndr_pull_netr_Authenticator(ndr, NDR_SCALARS, &r->in.credential)); if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) { NDR_PULL_ALLOC(ndr, r->in.return_authenticator); @@ -11522,8 +11803,14 @@ static enum ndr_err_code ndr_push_netr_GetDcName(struct ndr_push *ndr, int flags static enum ndr_err_code ndr_pull_netr_GetDcName(struct ndr_pull *ndr, int flags, struct netr_GetDcName *r) { + uint32_t size_logon_server_1 = 0; + uint32_t length_logon_server_1 = 0; uint32_t _ptr_domainname; + uint32_t size_domainname_1 = 0; + uint32_t length_domainname_1 = 0; uint32_t _ptr_dcname; + uint32_t size_dcname_2 = 0; + uint32_t length_dcname_2 = 0; TALLOC_CTX *_mem_save_domainname_0; TALLOC_CTX *_mem_save_dcname_0; TALLOC_CTX *_mem_save_dcname_1; @@ -11532,11 +11819,13 @@ static enum ndr_err_code ndr_pull_netr_GetDcName(struct ndr_pull *ndr, int flags NDR_CHECK(ndr_pull_array_size(ndr, &r->in.logon_server)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.logon_server)); - if (ndr_get_array_length(ndr, &r->in.logon_server) > ndr_get_array_size(ndr, &r->in.logon_server)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.logon_server), ndr_get_array_length(ndr, &r->in.logon_server)); + size_logon_server_1 = ndr_get_array_size(ndr, &r->in.logon_server); + length_logon_server_1 = ndr_get_array_length(ndr, &r->in.logon_server); + if (length_logon_server_1 > size_logon_server_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_logon_server_1, length_logon_server_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.logon_server), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.logon_server, ndr_get_array_length(ndr, &r->in.logon_server), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_logon_server_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.logon_server, length_logon_server_1, sizeof(uint16_t), CH_UTF16)); NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_domainname)); if (_ptr_domainname) { NDR_PULL_ALLOC(ndr, r->in.domainname); @@ -11548,11 +11837,13 @@ static enum ndr_err_code ndr_pull_netr_GetDcName(struct ndr_pull *ndr, int flags NDR_PULL_SET_MEM_CTX(ndr, r->in.domainname, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.domainname)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.domainname)); - if (ndr_get_array_length(ndr, &r->in.domainname) > ndr_get_array_size(ndr, &r->in.domainname)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.domainname), ndr_get_array_length(ndr, &r->in.domainname)); + size_domainname_1 = ndr_get_array_size(ndr, &r->in.domainname); + length_domainname_1 = ndr_get_array_length(ndr, &r->in.domainname); + if (length_domainname_1 > size_domainname_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_domainname_1, length_domainname_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.domainname), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.domainname, ndr_get_array_length(ndr, &r->in.domainname), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_domainname_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.domainname, length_domainname_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_domainname_0, 0); } NDR_PULL_ALLOC(ndr, r->out.dcname); @@ -11575,11 +11866,13 @@ static enum ndr_err_code ndr_pull_netr_GetDcName(struct ndr_pull *ndr, int flags NDR_PULL_SET_MEM_CTX(ndr, *r->out.dcname, 0); NDR_CHECK(ndr_pull_array_size(ndr, r->out.dcname)); NDR_CHECK(ndr_pull_array_length(ndr, r->out.dcname)); - if (ndr_get_array_length(ndr, r->out.dcname) > ndr_get_array_size(ndr, r->out.dcname)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, r->out.dcname), ndr_get_array_length(ndr, r->out.dcname)); + size_dcname_2 = ndr_get_array_size(ndr, r->out.dcname); + length_dcname_2 = ndr_get_array_length(ndr, r->out.dcname); + if (length_dcname_2 > size_dcname_2) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_dcname_2, length_dcname_2); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, r->out.dcname), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, r->out.dcname, ndr_get_array_length(ndr, r->out.dcname), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_dcname_2, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, r->out.dcname, length_dcname_2, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_dcname_1, 0); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_dcname_0, LIBNDR_FLAG_REF_ALLOC); @@ -11655,6 +11948,8 @@ static enum ndr_err_code ndr_push_netr_LogonControl(struct ndr_push *ndr, int fl static enum ndr_err_code ndr_pull_netr_LogonControl(struct ndr_pull *ndr, int flags, struct netr_LogonControl *r) { uint32_t _ptr_logon_server; + uint32_t size_logon_server_1 = 0; + uint32_t length_logon_server_1 = 0; TALLOC_CTX *_mem_save_logon_server_0; TALLOC_CTX *_mem_save_query_0; if (flags & NDR_IN) { @@ -11671,11 +11966,13 @@ static enum ndr_err_code ndr_pull_netr_LogonControl(struct ndr_pull *ndr, int fl NDR_PULL_SET_MEM_CTX(ndr, r->in.logon_server, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.logon_server)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.logon_server)); - if (ndr_get_array_length(ndr, &r->in.logon_server) > ndr_get_array_size(ndr, &r->in.logon_server)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.logon_server), ndr_get_array_length(ndr, &r->in.logon_server)); + size_logon_server_1 = ndr_get_array_size(ndr, &r->in.logon_server); + length_logon_server_1 = ndr_get_array_length(ndr, &r->in.logon_server); + if (length_logon_server_1 > size_logon_server_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_logon_server_1, length_logon_server_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.logon_server), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.logon_server, ndr_get_array_length(ndr, &r->in.logon_server), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_logon_server_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.logon_server, length_logon_server_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_logon_server_0, 0); } NDR_CHECK(ndr_pull_netr_LogonControlCode(ndr, NDR_SCALARS, &r->in.function_code)); @@ -11768,8 +12065,14 @@ static enum ndr_err_code ndr_push_netr_GetAnyDCName(struct ndr_push *ndr, int fl static enum ndr_err_code ndr_pull_netr_GetAnyDCName(struct ndr_pull *ndr, int flags, struct netr_GetAnyDCName *r) { uint32_t _ptr_logon_server; + uint32_t size_logon_server_1 = 0; + uint32_t length_logon_server_1 = 0; uint32_t _ptr_domainname; + uint32_t size_domainname_1 = 0; + uint32_t length_domainname_1 = 0; uint32_t _ptr_dcname; + uint32_t size_dcname_2 = 0; + uint32_t length_dcname_2 = 0; TALLOC_CTX *_mem_save_logon_server_0; TALLOC_CTX *_mem_save_domainname_0; TALLOC_CTX *_mem_save_dcname_0; @@ -11788,11 +12091,13 @@ static enum ndr_err_code ndr_pull_netr_GetAnyDCName(struct ndr_pull *ndr, int fl NDR_PULL_SET_MEM_CTX(ndr, r->in.logon_server, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.logon_server)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.logon_server)); - if (ndr_get_array_length(ndr, &r->in.logon_server) > ndr_get_array_size(ndr, &r->in.logon_server)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.logon_server), ndr_get_array_length(ndr, &r->in.logon_server)); + size_logon_server_1 = ndr_get_array_size(ndr, &r->in.logon_server); + length_logon_server_1 = ndr_get_array_length(ndr, &r->in.logon_server); + if (length_logon_server_1 > size_logon_server_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_logon_server_1, length_logon_server_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.logon_server), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.logon_server, ndr_get_array_length(ndr, &r->in.logon_server), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_logon_server_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.logon_server, length_logon_server_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_logon_server_0, 0); } NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_domainname)); @@ -11806,11 +12111,13 @@ static enum ndr_err_code ndr_pull_netr_GetAnyDCName(struct ndr_pull *ndr, int fl NDR_PULL_SET_MEM_CTX(ndr, r->in.domainname, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.domainname)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.domainname)); - if (ndr_get_array_length(ndr, &r->in.domainname) > ndr_get_array_size(ndr, &r->in.domainname)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.domainname), ndr_get_array_length(ndr, &r->in.domainname)); + size_domainname_1 = ndr_get_array_size(ndr, &r->in.domainname); + length_domainname_1 = ndr_get_array_length(ndr, &r->in.domainname); + if (length_domainname_1 > size_domainname_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_domainname_1, length_domainname_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.domainname), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.domainname, ndr_get_array_length(ndr, &r->in.domainname), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_domainname_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.domainname, length_domainname_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_domainname_0, 0); } NDR_PULL_ALLOC(ndr, r->out.dcname); @@ -11833,11 +12140,13 @@ static enum ndr_err_code ndr_pull_netr_GetAnyDCName(struct ndr_pull *ndr, int fl NDR_PULL_SET_MEM_CTX(ndr, *r->out.dcname, 0); NDR_CHECK(ndr_pull_array_size(ndr, r->out.dcname)); NDR_CHECK(ndr_pull_array_length(ndr, r->out.dcname)); - if (ndr_get_array_length(ndr, r->out.dcname) > ndr_get_array_size(ndr, r->out.dcname)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, r->out.dcname), ndr_get_array_length(ndr, r->out.dcname)); + size_dcname_2 = ndr_get_array_size(ndr, r->out.dcname); + length_dcname_2 = ndr_get_array_length(ndr, r->out.dcname); + if (length_dcname_2 > size_dcname_2) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_dcname_2, length_dcname_2); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, r->out.dcname), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, r->out.dcname, ndr_get_array_length(ndr, r->out.dcname), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_dcname_2, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, r->out.dcname, length_dcname_2, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_dcname_1, 0); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_dcname_0, LIBNDR_FLAG_REF_ALLOC); @@ -11920,6 +12229,8 @@ static enum ndr_err_code ndr_push_netr_LogonControl2(struct ndr_push *ndr, int f static enum ndr_err_code ndr_pull_netr_LogonControl2(struct ndr_pull *ndr, int flags, struct netr_LogonControl2 *r) { uint32_t _ptr_logon_server; + uint32_t size_logon_server_1 = 0; + uint32_t length_logon_server_1 = 0; TALLOC_CTX *_mem_save_logon_server_0; TALLOC_CTX *_mem_save_data_0; TALLOC_CTX *_mem_save_query_0; @@ -11937,11 +12248,13 @@ static enum ndr_err_code ndr_pull_netr_LogonControl2(struct ndr_pull *ndr, int f NDR_PULL_SET_MEM_CTX(ndr, r->in.logon_server, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.logon_server)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.logon_server)); - if (ndr_get_array_length(ndr, &r->in.logon_server) > ndr_get_array_size(ndr, &r->in.logon_server)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.logon_server), ndr_get_array_length(ndr, &r->in.logon_server)); + size_logon_server_1 = ndr_get_array_size(ndr, &r->in.logon_server); + length_logon_server_1 = ndr_get_array_length(ndr, &r->in.logon_server); + if (length_logon_server_1 > size_logon_server_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_logon_server_1, length_logon_server_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.logon_server), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.logon_server, ndr_get_array_length(ndr, &r->in.logon_server), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_logon_server_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.logon_server, length_logon_server_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_logon_server_0, 0); } NDR_CHECK(ndr_pull_netr_LogonControlCode(ndr, NDR_SCALARS, &r->in.function_code)); @@ -12061,6 +12374,12 @@ static enum ndr_err_code ndr_push_netr_ServerAuthenticate2(struct ndr_push *ndr, static enum ndr_err_code ndr_pull_netr_ServerAuthenticate2(struct ndr_pull *ndr, int flags, struct netr_ServerAuthenticate2 *r) { uint32_t _ptr_server_name; + uint32_t size_server_name_1 = 0; + uint32_t length_server_name_1 = 0; + uint32_t size_account_name_1 = 0; + uint32_t length_account_name_1 = 0; + uint32_t size_computer_name_1 = 0; + uint32_t length_computer_name_1 = 0; TALLOC_CTX *_mem_save_server_name_0; TALLOC_CTX *_mem_save_credentials_0; TALLOC_CTX *_mem_save_return_credentials_0; @@ -12079,28 +12398,34 @@ static enum ndr_err_code ndr_pull_netr_ServerAuthenticate2(struct ndr_pull *ndr, NDR_PULL_SET_MEM_CTX(ndr, r->in.server_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.server_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.server_name)); - if (ndr_get_array_length(ndr, &r->in.server_name) > ndr_get_array_size(ndr, &r->in.server_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.server_name), ndr_get_array_length(ndr, &r->in.server_name)); + size_server_name_1 = ndr_get_array_size(ndr, &r->in.server_name); + length_server_name_1 = ndr_get_array_length(ndr, &r->in.server_name); + if (length_server_name_1 > size_server_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_name_1, length_server_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.server_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_name, ndr_get_array_length(ndr, &r->in.server_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_name, length_server_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_name_0, 0); } NDR_CHECK(ndr_pull_array_size(ndr, &r->in.account_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.account_name)); - if (ndr_get_array_length(ndr, &r->in.account_name) > ndr_get_array_size(ndr, &r->in.account_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.account_name), ndr_get_array_length(ndr, &r->in.account_name)); + size_account_name_1 = ndr_get_array_size(ndr, &r->in.account_name); + length_account_name_1 = ndr_get_array_length(ndr, &r->in.account_name); + if (length_account_name_1 > size_account_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_account_name_1, length_account_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.account_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.account_name, ndr_get_array_length(ndr, &r->in.account_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_account_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.account_name, length_account_name_1, sizeof(uint16_t), CH_UTF16)); NDR_CHECK(ndr_pull_netr_SchannelType(ndr, NDR_SCALARS, &r->in.secure_channel_type)); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.computer_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.computer_name)); - if (ndr_get_array_length(ndr, &r->in.computer_name) > ndr_get_array_size(ndr, &r->in.computer_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.computer_name), ndr_get_array_length(ndr, &r->in.computer_name)); + size_computer_name_1 = ndr_get_array_size(ndr, &r->in.computer_name); + length_computer_name_1 = ndr_get_array_length(ndr, &r->in.computer_name); + if (length_computer_name_1 > size_computer_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_computer_name_1, length_computer_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.computer_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.computer_name, ndr_get_array_length(ndr, &r->in.computer_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_computer_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.computer_name, length_computer_name_1, sizeof(uint16_t), CH_UTF16)); if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) { NDR_PULL_ALLOC(ndr, r->in.credentials); } @@ -12248,6 +12573,10 @@ static enum ndr_err_code ndr_push_netr_DatabaseSync2(struct ndr_push *ndr, int f static enum ndr_err_code ndr_pull_netr_DatabaseSync2(struct ndr_pull *ndr, int flags, struct netr_DatabaseSync2 *r) { + uint32_t size_logon_server_1 = 0; + uint32_t length_logon_server_1 = 0; + uint32_t size_computername_1 = 0; + uint32_t length_computername_1 = 0; uint32_t _ptr_delta_enum_array; TALLOC_CTX *_mem_save_credential_0; TALLOC_CTX *_mem_save_return_authenticator_0; @@ -12259,18 +12588,22 @@ static enum ndr_err_code ndr_pull_netr_DatabaseSync2(struct ndr_pull *ndr, int f NDR_CHECK(ndr_pull_array_size(ndr, &r->in.logon_server)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.logon_server)); - if (ndr_get_array_length(ndr, &r->in.logon_server) > ndr_get_array_size(ndr, &r->in.logon_server)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.logon_server), ndr_get_array_length(ndr, &r->in.logon_server)); + size_logon_server_1 = ndr_get_array_size(ndr, &r->in.logon_server); + length_logon_server_1 = ndr_get_array_length(ndr, &r->in.logon_server); + if (length_logon_server_1 > size_logon_server_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_logon_server_1, length_logon_server_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.logon_server), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.logon_server, ndr_get_array_length(ndr, &r->in.logon_server), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_logon_server_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.logon_server, length_logon_server_1, sizeof(uint16_t), CH_UTF16)); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.computername)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.computername)); - if (ndr_get_array_length(ndr, &r->in.computername) > ndr_get_array_size(ndr, &r->in.computername)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.computername), ndr_get_array_length(ndr, &r->in.computername)); + size_computername_1 = ndr_get_array_size(ndr, &r->in.computername); + length_computername_1 = ndr_get_array_length(ndr, &r->in.computername); + if (length_computername_1 > size_computername_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_computername_1, length_computername_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.computername), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.computername, ndr_get_array_length(ndr, &r->in.computername), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_computername_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.computername, length_computername_1, sizeof(uint16_t), CH_UTF16)); if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) { NDR_PULL_ALLOC(ndr, r->in.credential); } @@ -12453,6 +12786,10 @@ static enum ndr_err_code ndr_push_netr_DatabaseRedo(struct ndr_push *ndr, int fl static enum ndr_err_code ndr_pull_netr_DatabaseRedo(struct ndr_pull *ndr, int flags, struct netr_DatabaseRedo *r) { + uint32_t size_logon_server_1 = 0; + uint32_t length_logon_server_1 = 0; + uint32_t size_computername_1 = 0; + uint32_t length_computername_1 = 0; uint32_t _ptr_delta_enum_array; TALLOC_CTX *_mem_save_credential_0; TALLOC_CTX *_mem_save_return_authenticator_0; @@ -12463,18 +12800,22 @@ static enum ndr_err_code ndr_pull_netr_DatabaseRedo(struct ndr_pull *ndr, int fl NDR_CHECK(ndr_pull_array_size(ndr, &r->in.logon_server)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.logon_server)); - if (ndr_get_array_length(ndr, &r->in.logon_server) > ndr_get_array_size(ndr, &r->in.logon_server)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.logon_server), ndr_get_array_length(ndr, &r->in.logon_server)); + size_logon_server_1 = ndr_get_array_size(ndr, &r->in.logon_server); + length_logon_server_1 = ndr_get_array_length(ndr, &r->in.logon_server); + if (length_logon_server_1 > size_logon_server_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_logon_server_1, length_logon_server_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.logon_server), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.logon_server, ndr_get_array_length(ndr, &r->in.logon_server), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_logon_server_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.logon_server, length_logon_server_1, sizeof(uint16_t), CH_UTF16)); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.computername)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.computername)); - if (ndr_get_array_length(ndr, &r->in.computername) > ndr_get_array_size(ndr, &r->in.computername)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.computername), ndr_get_array_length(ndr, &r->in.computername)); + size_computername_1 = ndr_get_array_size(ndr, &r->in.computername); + length_computername_1 = ndr_get_array_length(ndr, &r->in.computername); + if (length_computername_1 > size_computername_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_computername_1, length_computername_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.computername), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.computername, ndr_get_array_length(ndr, &r->in.computername), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_computername_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.computername, length_computername_1, sizeof(uint16_t), CH_UTF16)); if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) { NDR_PULL_ALLOC(ndr, r->in.credential); } @@ -12616,6 +12957,8 @@ static enum ndr_err_code ndr_push_netr_LogonControl2Ex(struct ndr_push *ndr, int static enum ndr_err_code ndr_pull_netr_LogonControl2Ex(struct ndr_pull *ndr, int flags, struct netr_LogonControl2Ex *r) { uint32_t _ptr_logon_server; + uint32_t size_logon_server_1 = 0; + uint32_t length_logon_server_1 = 0; TALLOC_CTX *_mem_save_logon_server_0; TALLOC_CTX *_mem_save_data_0; TALLOC_CTX *_mem_save_query_0; @@ -12633,11 +12976,13 @@ static enum ndr_err_code ndr_pull_netr_LogonControl2Ex(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->in.logon_server, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.logon_server)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.logon_server)); - if (ndr_get_array_length(ndr, &r->in.logon_server) > ndr_get_array_size(ndr, &r->in.logon_server)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.logon_server), ndr_get_array_length(ndr, &r->in.logon_server)); + size_logon_server_1 = ndr_get_array_size(ndr, &r->in.logon_server); + length_logon_server_1 = ndr_get_array_length(ndr, &r->in.logon_server); + if (length_logon_server_1 > size_logon_server_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_logon_server_1, length_logon_server_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.logon_server), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.logon_server, ndr_get_array_length(ndr, &r->in.logon_server), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_logon_server_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.logon_server, length_logon_server_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_logon_server_0, 0); } NDR_CHECK(ndr_pull_netr_LogonControlCode(ndr, NDR_SCALARS, &r->in.function_code)); @@ -12730,6 +13075,8 @@ static enum ndr_err_code ndr_push_netr_NetrEnumerateTrustedDomains(struct ndr_pu static enum ndr_err_code ndr_pull_netr_NetrEnumerateTrustedDomains(struct ndr_pull *ndr, int flags, struct netr_NetrEnumerateTrustedDomains *r) { uint32_t _ptr_server_name; + uint32_t size_server_name_1 = 0; + uint32_t length_server_name_1 = 0; TALLOC_CTX *_mem_save_server_name_0; TALLOC_CTX *_mem_save_trusted_domains_blob_0; if (flags & NDR_IN) { @@ -12746,11 +13093,13 @@ static enum ndr_err_code ndr_pull_netr_NetrEnumerateTrustedDomains(struct ndr_pu NDR_PULL_SET_MEM_CTX(ndr, r->in.server_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.server_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.server_name)); - if (ndr_get_array_length(ndr, &r->in.server_name) > ndr_get_array_size(ndr, &r->in.server_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.server_name), ndr_get_array_length(ndr, &r->in.server_name)); + size_server_name_1 = ndr_get_array_size(ndr, &r->in.server_name); + length_server_name_1 = ndr_get_array_length(ndr, &r->in.server_name); + if (length_server_name_1 > size_server_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_name_1, length_server_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.server_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_name, ndr_get_array_length(ndr, &r->in.server_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_name, length_server_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_name_0, 0); } NDR_PULL_ALLOC(ndr, r->out.trusted_domains_blob); @@ -12843,7 +13192,11 @@ static enum ndr_err_code ndr_push_netr_DsRGetDCName(struct ndr_push *ndr, int fl static enum ndr_err_code ndr_pull_netr_DsRGetDCName(struct ndr_pull *ndr, int flags, struct netr_DsRGetDCName *r) { uint32_t _ptr_server_unc; + uint32_t size_server_unc_1 = 0; + uint32_t length_server_unc_1 = 0; uint32_t _ptr_domain_name; + uint32_t size_domain_name_1 = 0; + uint32_t length_domain_name_1 = 0; uint32_t _ptr_domain_guid; uint32_t _ptr_site_guid; uint32_t _ptr_info; @@ -12867,11 +13220,13 @@ static enum ndr_err_code ndr_pull_netr_DsRGetDCName(struct ndr_pull *ndr, int fl NDR_PULL_SET_MEM_CTX(ndr, r->in.server_unc, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.server_unc)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.server_unc)); - if (ndr_get_array_length(ndr, &r->in.server_unc) > ndr_get_array_size(ndr, &r->in.server_unc)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.server_unc), ndr_get_array_length(ndr, &r->in.server_unc)); + size_server_unc_1 = ndr_get_array_size(ndr, &r->in.server_unc); + length_server_unc_1 = ndr_get_array_length(ndr, &r->in.server_unc); + if (length_server_unc_1 > size_server_unc_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_unc_1, length_server_unc_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.server_unc), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_unc, ndr_get_array_length(ndr, &r->in.server_unc), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_unc_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_unc, length_server_unc_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_unc_0, 0); } NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_domain_name)); @@ -12885,11 +13240,13 @@ static enum ndr_err_code ndr_pull_netr_DsRGetDCName(struct ndr_pull *ndr, int fl NDR_PULL_SET_MEM_CTX(ndr, r->in.domain_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.domain_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.domain_name)); - if (ndr_get_array_length(ndr, &r->in.domain_name) > ndr_get_array_size(ndr, &r->in.domain_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.domain_name), ndr_get_array_length(ndr, &r->in.domain_name)); + size_domain_name_1 = ndr_get_array_size(ndr, &r->in.domain_name); + length_domain_name_1 = ndr_get_array_length(ndr, &r->in.domain_name); + if (length_domain_name_1 > size_domain_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_domain_name_1, length_domain_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.domain_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.domain_name, ndr_get_array_length(ndr, &r->in.domain_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_domain_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.domain_name, length_domain_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_domain_name_0, 0); } NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_domain_guid)); @@ -13043,7 +13400,11 @@ static enum ndr_err_code ndr_push_netr_LogonGetCapabilities(struct ndr_push *ndr static enum ndr_err_code ndr_pull_netr_LogonGetCapabilities(struct ndr_pull *ndr, int flags, struct netr_LogonGetCapabilities *r) { + uint32_t size_server_name_1 = 0; + uint32_t length_server_name_1 = 0; uint32_t _ptr_computer_name; + uint32_t size_computer_name_1 = 0; + uint32_t length_computer_name_1 = 0; TALLOC_CTX *_mem_save_computer_name_0; TALLOC_CTX *_mem_save_credential_0; TALLOC_CTX *_mem_save_return_authenticator_0; @@ -13053,11 +13414,13 @@ static enum ndr_err_code ndr_pull_netr_LogonGetCapabilities(struct ndr_pull *ndr NDR_CHECK(ndr_pull_array_size(ndr, &r->in.server_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.server_name)); - if (ndr_get_array_length(ndr, &r->in.server_name) > ndr_get_array_size(ndr, &r->in.server_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.server_name), ndr_get_array_length(ndr, &r->in.server_name)); + size_server_name_1 = ndr_get_array_size(ndr, &r->in.server_name); + length_server_name_1 = ndr_get_array_length(ndr, &r->in.server_name); + if (length_server_name_1 > size_server_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_name_1, length_server_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.server_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_name, ndr_get_array_length(ndr, &r->in.server_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_name, length_server_name_1, sizeof(uint16_t), CH_UTF16)); NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_computer_name)); if (_ptr_computer_name) { NDR_PULL_ALLOC(ndr, r->in.computer_name); @@ -13069,11 +13432,13 @@ static enum ndr_err_code ndr_pull_netr_LogonGetCapabilities(struct ndr_pull *ndr NDR_PULL_SET_MEM_CTX(ndr, r->in.computer_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.computer_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.computer_name)); - if (ndr_get_array_length(ndr, &r->in.computer_name) > ndr_get_array_size(ndr, &r->in.computer_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.computer_name), ndr_get_array_length(ndr, &r->in.computer_name)); + size_computer_name_1 = ndr_get_array_size(ndr, &r->in.computer_name); + length_computer_name_1 = ndr_get_array_length(ndr, &r->in.computer_name); + if (length_computer_name_1 > size_computer_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_computer_name_1, length_computer_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.computer_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.computer_name, ndr_get_array_length(ndr, &r->in.computer_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_computer_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.computer_name, length_computer_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_computer_name_0, 0); } if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) { @@ -13238,7 +13603,11 @@ static enum ndr_err_code ndr_push_netr_LogonGetTrustRid(struct ndr_push *ndr, in static enum ndr_err_code ndr_pull_netr_LogonGetTrustRid(struct ndr_pull *ndr, int flags, struct netr_LogonGetTrustRid *r) { uint32_t _ptr_server_name; + uint32_t size_server_name_1 = 0; + uint32_t length_server_name_1 = 0; uint32_t _ptr_domain_name; + uint32_t size_domain_name_1 = 0; + uint32_t length_domain_name_1 = 0; TALLOC_CTX *_mem_save_server_name_0; TALLOC_CTX *_mem_save_domain_name_0; TALLOC_CTX *_mem_save_rid_0; @@ -13256,11 +13625,13 @@ static enum ndr_err_code ndr_pull_netr_LogonGetTrustRid(struct ndr_pull *ndr, in NDR_PULL_SET_MEM_CTX(ndr, r->in.server_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.server_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.server_name)); - if (ndr_get_array_length(ndr, &r->in.server_name) > ndr_get_array_size(ndr, &r->in.server_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.server_name), ndr_get_array_length(ndr, &r->in.server_name)); + size_server_name_1 = ndr_get_array_size(ndr, &r->in.server_name); + length_server_name_1 = ndr_get_array_length(ndr, &r->in.server_name); + if (length_server_name_1 > size_server_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_name_1, length_server_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.server_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_name, ndr_get_array_length(ndr, &r->in.server_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_name, length_server_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_name_0, 0); } NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_domain_name)); @@ -13274,11 +13645,13 @@ static enum ndr_err_code ndr_pull_netr_LogonGetTrustRid(struct ndr_pull *ndr, in NDR_PULL_SET_MEM_CTX(ndr, r->in.domain_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.domain_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.domain_name)); - if (ndr_get_array_length(ndr, &r->in.domain_name) > ndr_get_array_size(ndr, &r->in.domain_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.domain_name), ndr_get_array_length(ndr, &r->in.domain_name)); + size_domain_name_1 = ndr_get_array_size(ndr, &r->in.domain_name); + length_domain_name_1 = ndr_get_array_length(ndr, &r->in.domain_name); + if (length_domain_name_1 > size_domain_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_domain_name_1, length_domain_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.domain_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.domain_name, ndr_get_array_length(ndr, &r->in.domain_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_domain_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.domain_name, length_domain_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_domain_name_0, 0); } NDR_PULL_ALLOC(ndr, r->out.rid); @@ -13471,6 +13844,12 @@ _PUBLIC_ enum ndr_err_code ndr_push_netr_ServerAuthenticate3(struct ndr_push *nd _PUBLIC_ enum ndr_err_code ndr_pull_netr_ServerAuthenticate3(struct ndr_pull *ndr, int flags, struct netr_ServerAuthenticate3 *r) { uint32_t _ptr_server_name; + uint32_t size_server_name_1 = 0; + uint32_t length_server_name_1 = 0; + uint32_t size_account_name_1 = 0; + uint32_t length_account_name_1 = 0; + uint32_t size_computer_name_1 = 0; + uint32_t length_computer_name_1 = 0; TALLOC_CTX *_mem_save_server_name_0; TALLOC_CTX *_mem_save_credentials_0; TALLOC_CTX *_mem_save_return_credentials_0; @@ -13490,28 +13869,34 @@ _PUBLIC_ enum ndr_err_code ndr_pull_netr_ServerAuthenticate3(struct ndr_pull *nd NDR_PULL_SET_MEM_CTX(ndr, r->in.server_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.server_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.server_name)); - if (ndr_get_array_length(ndr, &r->in.server_name) > ndr_get_array_size(ndr, &r->in.server_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.server_name), ndr_get_array_length(ndr, &r->in.server_name)); + size_server_name_1 = ndr_get_array_size(ndr, &r->in.server_name); + length_server_name_1 = ndr_get_array_length(ndr, &r->in.server_name); + if (length_server_name_1 > size_server_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_name_1, length_server_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.server_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_name, ndr_get_array_length(ndr, &r->in.server_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_name, length_server_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_name_0, 0); } NDR_CHECK(ndr_pull_array_size(ndr, &r->in.account_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.account_name)); - if (ndr_get_array_length(ndr, &r->in.account_name) > ndr_get_array_size(ndr, &r->in.account_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.account_name), ndr_get_array_length(ndr, &r->in.account_name)); + size_account_name_1 = ndr_get_array_size(ndr, &r->in.account_name); + length_account_name_1 = ndr_get_array_length(ndr, &r->in.account_name); + if (length_account_name_1 > size_account_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_account_name_1, length_account_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.account_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.account_name, ndr_get_array_length(ndr, &r->in.account_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_account_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.account_name, length_account_name_1, sizeof(uint16_t), CH_UTF16)); NDR_CHECK(ndr_pull_netr_SchannelType(ndr, NDR_SCALARS, &r->in.secure_channel_type)); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.computer_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.computer_name)); - if (ndr_get_array_length(ndr, &r->in.computer_name) > ndr_get_array_size(ndr, &r->in.computer_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.computer_name), ndr_get_array_length(ndr, &r->in.computer_name)); + size_computer_name_1 = ndr_get_array_size(ndr, &r->in.computer_name); + length_computer_name_1 = ndr_get_array_length(ndr, &r->in.computer_name); + if (length_computer_name_1 > size_computer_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_computer_name_1, length_computer_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.computer_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.computer_name, ndr_get_array_length(ndr, &r->in.computer_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_computer_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.computer_name, length_computer_name_1, sizeof(uint16_t), CH_UTF16)); if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) { NDR_PULL_ALLOC(ndr, r->in.credentials); } @@ -13662,9 +14047,15 @@ static enum ndr_err_code ndr_push_netr_DsRGetDCNameEx(struct ndr_push *ndr, int static enum ndr_err_code ndr_pull_netr_DsRGetDCNameEx(struct ndr_pull *ndr, int flags, struct netr_DsRGetDCNameEx *r) { uint32_t _ptr_server_unc; + uint32_t size_server_unc_1 = 0; + uint32_t length_server_unc_1 = 0; uint32_t _ptr_domain_name; + uint32_t size_domain_name_1 = 0; + uint32_t length_domain_name_1 = 0; uint32_t _ptr_domain_guid; uint32_t _ptr_site_name; + uint32_t size_site_name_1 = 0; + uint32_t length_site_name_1 = 0; uint32_t _ptr_info; TALLOC_CTX *_mem_save_server_unc_0; TALLOC_CTX *_mem_save_domain_name_0; @@ -13686,11 +14077,13 @@ static enum ndr_err_code ndr_pull_netr_DsRGetDCNameEx(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->in.server_unc, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.server_unc)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.server_unc)); - if (ndr_get_array_length(ndr, &r->in.server_unc) > ndr_get_array_size(ndr, &r->in.server_unc)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.server_unc), ndr_get_array_length(ndr, &r->in.server_unc)); + size_server_unc_1 = ndr_get_array_size(ndr, &r->in.server_unc); + length_server_unc_1 = ndr_get_array_length(ndr, &r->in.server_unc); + if (length_server_unc_1 > size_server_unc_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_unc_1, length_server_unc_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.server_unc), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_unc, ndr_get_array_length(ndr, &r->in.server_unc), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_unc_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_unc, length_server_unc_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_unc_0, 0); } NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_domain_name)); @@ -13704,11 +14097,13 @@ static enum ndr_err_code ndr_pull_netr_DsRGetDCNameEx(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->in.domain_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.domain_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.domain_name)); - if (ndr_get_array_length(ndr, &r->in.domain_name) > ndr_get_array_size(ndr, &r->in.domain_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.domain_name), ndr_get_array_length(ndr, &r->in.domain_name)); + size_domain_name_1 = ndr_get_array_size(ndr, &r->in.domain_name); + length_domain_name_1 = ndr_get_array_length(ndr, &r->in.domain_name); + if (length_domain_name_1 > size_domain_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_domain_name_1, length_domain_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.domain_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.domain_name, ndr_get_array_length(ndr, &r->in.domain_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_domain_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.domain_name, length_domain_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_domain_name_0, 0); } NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_domain_guid)); @@ -13734,11 +14129,13 @@ static enum ndr_err_code ndr_pull_netr_DsRGetDCNameEx(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->in.site_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.site_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.site_name)); - if (ndr_get_array_length(ndr, &r->in.site_name) > ndr_get_array_size(ndr, &r->in.site_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.site_name), ndr_get_array_length(ndr, &r->in.site_name)); + size_site_name_1 = ndr_get_array_size(ndr, &r->in.site_name); + length_site_name_1 = ndr_get_array_length(ndr, &r->in.site_name); + if (length_site_name_1 > size_site_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_site_name_1, length_site_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.site_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.site_name, ndr_get_array_length(ndr, &r->in.site_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_site_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.site_name, length_site_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_site_name_0, 0); } NDR_CHECK(ndr_pull_netr_DsRGetDCName_flags(ndr, NDR_SCALARS, &r->in.flags)); @@ -13854,7 +14251,11 @@ static enum ndr_err_code ndr_push_netr_DsRGetSiteName(struct ndr_push *ndr, int static enum ndr_err_code ndr_pull_netr_DsRGetSiteName(struct ndr_pull *ndr, int flags, struct netr_DsRGetSiteName *r) { uint32_t _ptr_computer_name; + uint32_t size_computer_name_1 = 0; + uint32_t length_computer_name_1 = 0; uint32_t _ptr_site; + uint32_t size_site_2 = 0; + uint32_t length_site_2 = 0; TALLOC_CTX *_mem_save_computer_name_0; TALLOC_CTX *_mem_save_site_0; TALLOC_CTX *_mem_save_site_1; @@ -13872,11 +14273,13 @@ static enum ndr_err_code ndr_pull_netr_DsRGetSiteName(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->in.computer_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.computer_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.computer_name)); - if (ndr_get_array_length(ndr, &r->in.computer_name) > ndr_get_array_size(ndr, &r->in.computer_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.computer_name), ndr_get_array_length(ndr, &r->in.computer_name)); + size_computer_name_1 = ndr_get_array_size(ndr, &r->in.computer_name); + length_computer_name_1 = ndr_get_array_length(ndr, &r->in.computer_name); + if (length_computer_name_1 > size_computer_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_computer_name_1, length_computer_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.computer_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.computer_name, ndr_get_array_length(ndr, &r->in.computer_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_computer_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.computer_name, length_computer_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_computer_name_0, 0); } NDR_PULL_ALLOC(ndr, r->out.site); @@ -13899,11 +14302,13 @@ static enum ndr_err_code ndr_pull_netr_DsRGetSiteName(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, *r->out.site, 0); NDR_CHECK(ndr_pull_array_size(ndr, r->out.site)); NDR_CHECK(ndr_pull_array_length(ndr, r->out.site)); - if (ndr_get_array_length(ndr, r->out.site) > ndr_get_array_size(ndr, r->out.site)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, r->out.site), ndr_get_array_length(ndr, r->out.site)); + size_site_2 = ndr_get_array_size(ndr, r->out.site); + length_site_2 = ndr_get_array_length(ndr, r->out.site); + if (length_site_2 > size_site_2) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_site_2, length_site_2); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, r->out.site), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, r->out.site, ndr_get_array_length(ndr, r->out.site), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_site_2, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, r->out.site, length_site_2, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_site_1, 0); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_site_0, LIBNDR_FLAG_REF_ALLOC); @@ -13997,7 +14402,11 @@ static enum ndr_err_code ndr_push_netr_LogonGetDomainInfo(struct ndr_push *ndr, static enum ndr_err_code ndr_pull_netr_LogonGetDomainInfo(struct ndr_pull *ndr, int flags, struct netr_LogonGetDomainInfo *r) { + uint32_t size_server_name_1 = 0; + uint32_t length_server_name_1 = 0; uint32_t _ptr_computer_name; + uint32_t size_computer_name_1 = 0; + uint32_t length_computer_name_1 = 0; TALLOC_CTX *_mem_save_computer_name_0; TALLOC_CTX *_mem_save_credential_0; TALLOC_CTX *_mem_save_return_authenticator_0; @@ -14008,11 +14417,13 @@ static enum ndr_err_code ndr_pull_netr_LogonGetDomainInfo(struct ndr_pull *ndr, NDR_CHECK(ndr_pull_array_size(ndr, &r->in.server_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.server_name)); - if (ndr_get_array_length(ndr, &r->in.server_name) > ndr_get_array_size(ndr, &r->in.server_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.server_name), ndr_get_array_length(ndr, &r->in.server_name)); + size_server_name_1 = ndr_get_array_size(ndr, &r->in.server_name); + length_server_name_1 = ndr_get_array_length(ndr, &r->in.server_name); + if (length_server_name_1 > size_server_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_name_1, length_server_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.server_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_name, ndr_get_array_length(ndr, &r->in.server_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_name, length_server_name_1, sizeof(uint16_t), CH_UTF16)); NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_computer_name)); if (_ptr_computer_name) { NDR_PULL_ALLOC(ndr, r->in.computer_name); @@ -14024,11 +14435,13 @@ static enum ndr_err_code ndr_pull_netr_LogonGetDomainInfo(struct ndr_pull *ndr, NDR_PULL_SET_MEM_CTX(ndr, r->in.computer_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.computer_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.computer_name)); - if (ndr_get_array_length(ndr, &r->in.computer_name) > ndr_get_array_size(ndr, &r->in.computer_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.computer_name), ndr_get_array_length(ndr, &r->in.computer_name)); + size_computer_name_1 = ndr_get_array_size(ndr, &r->in.computer_name); + length_computer_name_1 = ndr_get_array_length(ndr, &r->in.computer_name); + if (length_computer_name_1 > size_computer_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_computer_name_1, length_computer_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.computer_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.computer_name, ndr_get_array_length(ndr, &r->in.computer_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_computer_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.computer_name, length_computer_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_computer_name_0, 0); } if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) { @@ -14181,6 +14594,12 @@ static enum ndr_err_code ndr_push_netr_ServerPasswordSet2(struct ndr_push *ndr, static enum ndr_err_code ndr_pull_netr_ServerPasswordSet2(struct ndr_pull *ndr, int flags, struct netr_ServerPasswordSet2 *r) { uint32_t _ptr_server_name; + uint32_t size_server_name_1 = 0; + uint32_t length_server_name_1 = 0; + uint32_t size_account_name_1 = 0; + uint32_t length_account_name_1 = 0; + uint32_t size_computer_name_1 = 0; + uint32_t length_computer_name_1 = 0; TALLOC_CTX *_mem_save_server_name_0; TALLOC_CTX *_mem_save_credential_0; TALLOC_CTX *_mem_save_return_authenticator_0; @@ -14199,28 +14618,34 @@ static enum ndr_err_code ndr_pull_netr_ServerPasswordSet2(struct ndr_pull *ndr, NDR_PULL_SET_MEM_CTX(ndr, r->in.server_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.server_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.server_name)); - if (ndr_get_array_length(ndr, &r->in.server_name) > ndr_get_array_size(ndr, &r->in.server_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.server_name), ndr_get_array_length(ndr, &r->in.server_name)); + size_server_name_1 = ndr_get_array_size(ndr, &r->in.server_name); + length_server_name_1 = ndr_get_array_length(ndr, &r->in.server_name); + if (length_server_name_1 > size_server_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_name_1, length_server_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.server_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_name, ndr_get_array_length(ndr, &r->in.server_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_name, length_server_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_name_0, 0); } NDR_CHECK(ndr_pull_array_size(ndr, &r->in.account_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.account_name)); - if (ndr_get_array_length(ndr, &r->in.account_name) > ndr_get_array_size(ndr, &r->in.account_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.account_name), ndr_get_array_length(ndr, &r->in.account_name)); + size_account_name_1 = ndr_get_array_size(ndr, &r->in.account_name); + length_account_name_1 = ndr_get_array_length(ndr, &r->in.account_name); + if (length_account_name_1 > size_account_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_account_name_1, length_account_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.account_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.account_name, ndr_get_array_length(ndr, &r->in.account_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_account_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.account_name, length_account_name_1, sizeof(uint16_t), CH_UTF16)); NDR_CHECK(ndr_pull_netr_SchannelType(ndr, NDR_SCALARS, &r->in.secure_channel_type)); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.computer_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.computer_name)); - if (ndr_get_array_length(ndr, &r->in.computer_name) > ndr_get_array_size(ndr, &r->in.computer_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.computer_name), ndr_get_array_length(ndr, &r->in.computer_name)); + size_computer_name_1 = ndr_get_array_size(ndr, &r->in.computer_name); + length_computer_name_1 = ndr_get_array_length(ndr, &r->in.computer_name); + if (length_computer_name_1 > size_computer_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_computer_name_1, length_computer_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.computer_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.computer_name, ndr_get_array_length(ndr, &r->in.computer_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_computer_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.computer_name, length_computer_name_1, sizeof(uint16_t), CH_UTF16)); if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) { NDR_PULL_ALLOC(ndr, r->in.credential); } @@ -14346,6 +14771,12 @@ static enum ndr_err_code ndr_push_netr_ServerPasswordGet(struct ndr_push *ndr, i static enum ndr_err_code ndr_pull_netr_ServerPasswordGet(struct ndr_pull *ndr, int flags, struct netr_ServerPasswordGet *r) { uint32_t _ptr_server_name; + uint32_t size_server_name_1 = 0; + uint32_t length_server_name_1 = 0; + uint32_t size_account_name_1 = 0; + uint32_t length_account_name_1 = 0; + uint32_t size_computer_name_1 = 0; + uint32_t length_computer_name_1 = 0; TALLOC_CTX *_mem_save_server_name_0; TALLOC_CTX *_mem_save_credential_0; TALLOC_CTX *_mem_save_return_authenticator_0; @@ -14364,28 +14795,34 @@ static enum ndr_err_code ndr_pull_netr_ServerPasswordGet(struct ndr_pull *ndr, i NDR_PULL_SET_MEM_CTX(ndr, r->in.server_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.server_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.server_name)); - if (ndr_get_array_length(ndr, &r->in.server_name) > ndr_get_array_size(ndr, &r->in.server_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.server_name), ndr_get_array_length(ndr, &r->in.server_name)); + size_server_name_1 = ndr_get_array_size(ndr, &r->in.server_name); + length_server_name_1 = ndr_get_array_length(ndr, &r->in.server_name); + if (length_server_name_1 > size_server_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_name_1, length_server_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.server_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_name, ndr_get_array_length(ndr, &r->in.server_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_name, length_server_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_name_0, 0); } NDR_CHECK(ndr_pull_array_size(ndr, &r->in.account_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.account_name)); - if (ndr_get_array_length(ndr, &r->in.account_name) > ndr_get_array_size(ndr, &r->in.account_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.account_name), ndr_get_array_length(ndr, &r->in.account_name)); + size_account_name_1 = ndr_get_array_size(ndr, &r->in.account_name); + length_account_name_1 = ndr_get_array_length(ndr, &r->in.account_name); + if (length_account_name_1 > size_account_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_account_name_1, length_account_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.account_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.account_name, ndr_get_array_length(ndr, &r->in.account_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_account_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.account_name, length_account_name_1, sizeof(uint16_t), CH_UTF16)); NDR_CHECK(ndr_pull_netr_SchannelType(ndr, NDR_SCALARS, &r->in.secure_channel_type)); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.computer_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.computer_name)); - if (ndr_get_array_length(ndr, &r->in.computer_name) > ndr_get_array_size(ndr, &r->in.computer_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.computer_name), ndr_get_array_length(ndr, &r->in.computer_name)); + size_computer_name_1 = ndr_get_array_size(ndr, &r->in.computer_name); + length_computer_name_1 = ndr_get_array_length(ndr, &r->in.computer_name); + if (length_computer_name_1 > size_computer_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_computer_name_1, length_computer_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.computer_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.computer_name, ndr_get_array_length(ndr, &r->in.computer_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_computer_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.computer_name, length_computer_name_1, sizeof(uint16_t), CH_UTF16)); if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) { NDR_PULL_ALLOC(ndr, r->in.credential); } @@ -14546,6 +14983,9 @@ static enum ndr_err_code ndr_push_netr_DsRAddressToSitenamesW(struct ndr_push *n static enum ndr_err_code ndr_pull_netr_DsRAddressToSitenamesW(struct ndr_pull *ndr, int flags, struct netr_DsRAddressToSitenamesW *r) { uint32_t _ptr_server_name; + uint32_t size_server_name_1 = 0; + uint32_t length_server_name_1 = 0; + uint32_t size_addresses_1 = 0; uint32_t cntr_addresses_1; uint32_t _ptr_ctr; TALLOC_CTX *_mem_save_server_name_0; @@ -14566,11 +15006,13 @@ static enum ndr_err_code ndr_pull_netr_DsRAddressToSitenamesW(struct ndr_pull *n NDR_PULL_SET_MEM_CTX(ndr, r->in.server_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.server_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.server_name)); - if (ndr_get_array_length(ndr, &r->in.server_name) > ndr_get_array_size(ndr, &r->in.server_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.server_name), ndr_get_array_length(ndr, &r->in.server_name)); + size_server_name_1 = ndr_get_array_size(ndr, &r->in.server_name); + length_server_name_1 = ndr_get_array_length(ndr, &r->in.server_name); + if (length_server_name_1 > size_server_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_name_1, length_server_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.server_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_name, ndr_get_array_length(ndr, &r->in.server_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_name, length_server_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_name_0, 0); } NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.count)); @@ -14578,15 +15020,16 @@ static enum ndr_err_code ndr_pull_netr_DsRAddressToSitenamesW(struct ndr_pull *n return ndr_pull_error(ndr, NDR_ERR_RANGE, "value out of range"); } NDR_CHECK(ndr_pull_array_size(ndr, &r->in.addresses)); + size_addresses_1 = ndr_get_array_size(ndr, &r->in.addresses); if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) { - NDR_PULL_ALLOC_N(ndr, r->in.addresses, ndr_get_array_size(ndr, &r->in.addresses)); + NDR_PULL_ALLOC_N(ndr, r->in.addresses, size_addresses_1); } _mem_save_addresses_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->in.addresses, 0); - for (cntr_addresses_1 = 0; cntr_addresses_1 < r->in.count; cntr_addresses_1++) { + for (cntr_addresses_1 = 0; cntr_addresses_1 < size_addresses_1; cntr_addresses_1++) { NDR_CHECK(ndr_pull_netr_DsRAddress(ndr, NDR_SCALARS, &r->in.addresses[cntr_addresses_1])); } - for (cntr_addresses_1 = 0; cntr_addresses_1 < r->in.count; cntr_addresses_1++) { + for (cntr_addresses_1 = 0; cntr_addresses_1 < size_addresses_1; cntr_addresses_1++) { NDR_CHECK(ndr_pull_netr_DsRAddress(ndr, NDR_BUFFERS, &r->in.addresses[cntr_addresses_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_addresses_1, 0); @@ -14725,10 +15168,18 @@ static enum ndr_err_code ndr_push_netr_DsRGetDCNameEx2(struct ndr_push *ndr, int static enum ndr_err_code ndr_pull_netr_DsRGetDCNameEx2(struct ndr_pull *ndr, int flags, struct netr_DsRGetDCNameEx2 *r) { uint32_t _ptr_server_unc; + uint32_t size_server_unc_1 = 0; + uint32_t length_server_unc_1 = 0; uint32_t _ptr_client_account; + uint32_t size_client_account_1 = 0; + uint32_t length_client_account_1 = 0; uint32_t _ptr_domain_name; + uint32_t size_domain_name_1 = 0; + uint32_t length_domain_name_1 = 0; uint32_t _ptr_domain_guid; uint32_t _ptr_site_name; + uint32_t size_site_name_1 = 0; + uint32_t length_site_name_1 = 0; uint32_t _ptr_info; TALLOC_CTX *_mem_save_server_unc_0; TALLOC_CTX *_mem_save_client_account_0; @@ -14751,11 +15202,13 @@ static enum ndr_err_code ndr_pull_netr_DsRGetDCNameEx2(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->in.server_unc, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.server_unc)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.server_unc)); - if (ndr_get_array_length(ndr, &r->in.server_unc) > ndr_get_array_size(ndr, &r->in.server_unc)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.server_unc), ndr_get_array_length(ndr, &r->in.server_unc)); + size_server_unc_1 = ndr_get_array_size(ndr, &r->in.server_unc); + length_server_unc_1 = ndr_get_array_length(ndr, &r->in.server_unc); + if (length_server_unc_1 > size_server_unc_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_unc_1, length_server_unc_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.server_unc), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_unc, ndr_get_array_length(ndr, &r->in.server_unc), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_unc_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_unc, length_server_unc_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_unc_0, 0); } NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_client_account)); @@ -14769,11 +15222,13 @@ static enum ndr_err_code ndr_pull_netr_DsRGetDCNameEx2(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->in.client_account, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.client_account)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.client_account)); - if (ndr_get_array_length(ndr, &r->in.client_account) > ndr_get_array_size(ndr, &r->in.client_account)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.client_account), ndr_get_array_length(ndr, &r->in.client_account)); + size_client_account_1 = ndr_get_array_size(ndr, &r->in.client_account); + length_client_account_1 = ndr_get_array_length(ndr, &r->in.client_account); + if (length_client_account_1 > size_client_account_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_client_account_1, length_client_account_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.client_account), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.client_account, ndr_get_array_length(ndr, &r->in.client_account), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_client_account_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.client_account, length_client_account_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_client_account_0, 0); } NDR_CHECK(ndr_pull_samr_AcctFlags(ndr, NDR_SCALARS, &r->in.mask)); @@ -14788,11 +15243,13 @@ static enum ndr_err_code ndr_pull_netr_DsRGetDCNameEx2(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->in.domain_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.domain_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.domain_name)); - if (ndr_get_array_length(ndr, &r->in.domain_name) > ndr_get_array_size(ndr, &r->in.domain_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.domain_name), ndr_get_array_length(ndr, &r->in.domain_name)); + size_domain_name_1 = ndr_get_array_size(ndr, &r->in.domain_name); + length_domain_name_1 = ndr_get_array_length(ndr, &r->in.domain_name); + if (length_domain_name_1 > size_domain_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_domain_name_1, length_domain_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.domain_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.domain_name, ndr_get_array_length(ndr, &r->in.domain_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_domain_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.domain_name, length_domain_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_domain_name_0, 0); } NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_domain_guid)); @@ -14818,11 +15275,13 @@ static enum ndr_err_code ndr_pull_netr_DsRGetDCNameEx2(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->in.site_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.site_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.site_name)); - if (ndr_get_array_length(ndr, &r->in.site_name) > ndr_get_array_size(ndr, &r->in.site_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.site_name), ndr_get_array_length(ndr, &r->in.site_name)); + size_site_name_1 = ndr_get_array_size(ndr, &r->in.site_name); + length_site_name_1 = ndr_get_array_length(ndr, &r->in.site_name); + if (length_site_name_1 > size_site_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_site_name_1, length_site_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.site_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.site_name, ndr_get_array_length(ndr, &r->in.site_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_site_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.site_name, length_site_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_site_name_0, 0); } NDR_CHECK(ndr_pull_netr_DsRGetDCName_flags(ndr, NDR_SCALARS, &r->in.flags)); @@ -14980,6 +15439,8 @@ static enum ndr_err_code ndr_push_netr_NetrEnumerateTrustedDomainsEx(struct ndr_ static enum ndr_err_code ndr_pull_netr_NetrEnumerateTrustedDomainsEx(struct ndr_pull *ndr, int flags, struct netr_NetrEnumerateTrustedDomainsEx *r) { uint32_t _ptr_server_name; + uint32_t size_server_name_1 = 0; + uint32_t length_server_name_1 = 0; TALLOC_CTX *_mem_save_server_name_0; TALLOC_CTX *_mem_save_dom_trust_list_0; if (flags & NDR_IN) { @@ -14996,11 +15457,13 @@ static enum ndr_err_code ndr_pull_netr_NetrEnumerateTrustedDomainsEx(struct ndr_ NDR_PULL_SET_MEM_CTX(ndr, r->in.server_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.server_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.server_name)); - if (ndr_get_array_length(ndr, &r->in.server_name) > ndr_get_array_size(ndr, &r->in.server_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.server_name), ndr_get_array_length(ndr, &r->in.server_name)); + size_server_name_1 = ndr_get_array_size(ndr, &r->in.server_name); + length_server_name_1 = ndr_get_array_length(ndr, &r->in.server_name); + if (length_server_name_1 > size_server_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_name_1, length_server_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.server_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_name, ndr_get_array_length(ndr, &r->in.server_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_name, length_server_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_name_0, 0); } NDR_PULL_ALLOC(ndr, r->out.dom_trust_list); @@ -15089,6 +15552,9 @@ static enum ndr_err_code ndr_push_netr_DsRAddressToSitenamesExW(struct ndr_push static enum ndr_err_code ndr_pull_netr_DsRAddressToSitenamesExW(struct ndr_pull *ndr, int flags, struct netr_DsRAddressToSitenamesExW *r) { uint32_t _ptr_server_name; + uint32_t size_server_name_1 = 0; + uint32_t length_server_name_1 = 0; + uint32_t size_addresses_1 = 0; uint32_t cntr_addresses_1; uint32_t _ptr_ctr; TALLOC_CTX *_mem_save_server_name_0; @@ -15109,11 +15575,13 @@ static enum ndr_err_code ndr_pull_netr_DsRAddressToSitenamesExW(struct ndr_pull NDR_PULL_SET_MEM_CTX(ndr, r->in.server_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.server_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.server_name)); - if (ndr_get_array_length(ndr, &r->in.server_name) > ndr_get_array_size(ndr, &r->in.server_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.server_name), ndr_get_array_length(ndr, &r->in.server_name)); + size_server_name_1 = ndr_get_array_size(ndr, &r->in.server_name); + length_server_name_1 = ndr_get_array_length(ndr, &r->in.server_name); + if (length_server_name_1 > size_server_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_name_1, length_server_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.server_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_name, ndr_get_array_length(ndr, &r->in.server_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_name, length_server_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_name_0, 0); } NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.count)); @@ -15121,15 +15589,16 @@ static enum ndr_err_code ndr_pull_netr_DsRAddressToSitenamesExW(struct ndr_pull return ndr_pull_error(ndr, NDR_ERR_RANGE, "value out of range"); } NDR_CHECK(ndr_pull_array_size(ndr, &r->in.addresses)); + size_addresses_1 = ndr_get_array_size(ndr, &r->in.addresses); if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) { - NDR_PULL_ALLOC_N(ndr, r->in.addresses, ndr_get_array_size(ndr, &r->in.addresses)); + NDR_PULL_ALLOC_N(ndr, r->in.addresses, size_addresses_1); } _mem_save_addresses_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->in.addresses, 0); - for (cntr_addresses_1 = 0; cntr_addresses_1 < r->in.count; cntr_addresses_1++) { + for (cntr_addresses_1 = 0; cntr_addresses_1 < size_addresses_1; cntr_addresses_1++) { NDR_CHECK(ndr_pull_netr_DsRAddress(ndr, NDR_SCALARS, &r->in.addresses[cntr_addresses_1])); } - for (cntr_addresses_1 = 0; cntr_addresses_1 < r->in.count; cntr_addresses_1++) { + for (cntr_addresses_1 = 0; cntr_addresses_1 < size_addresses_1; cntr_addresses_1++) { NDR_CHECK(ndr_pull_netr_DsRAddress(ndr, NDR_BUFFERS, &r->in.addresses[cntr_addresses_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_addresses_1, 0); @@ -15241,6 +15710,8 @@ static enum ndr_err_code ndr_push_netr_DsrGetDcSiteCoverageW(struct ndr_push *nd static enum ndr_err_code ndr_pull_netr_DsrGetDcSiteCoverageW(struct ndr_pull *ndr, int flags, struct netr_DsrGetDcSiteCoverageW *r) { uint32_t _ptr_server_name; + uint32_t size_server_name_1 = 0; + uint32_t length_server_name_1 = 0; uint32_t _ptr_ctr; TALLOC_CTX *_mem_save_server_name_0; TALLOC_CTX *_mem_save_ctr_0; @@ -15259,11 +15730,13 @@ static enum ndr_err_code ndr_pull_netr_DsrGetDcSiteCoverageW(struct ndr_pull *nd NDR_PULL_SET_MEM_CTX(ndr, r->in.server_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.server_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.server_name)); - if (ndr_get_array_length(ndr, &r->in.server_name) > ndr_get_array_size(ndr, &r->in.server_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.server_name), ndr_get_array_length(ndr, &r->in.server_name)); + size_server_name_1 = ndr_get_array_size(ndr, &r->in.server_name); + length_server_name_1 = ndr_get_array_length(ndr, &r->in.server_name); + if (length_server_name_1 > size_server_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_name_1, length_server_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.server_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_name, ndr_get_array_length(ndr, &r->in.server_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_name, length_server_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_name_0, 0); } NDR_PULL_ALLOC(ndr, r->out.ctr); @@ -15380,7 +15853,11 @@ static enum ndr_err_code ndr_push_netr_LogonSamLogonEx(struct ndr_push *ndr, int static enum ndr_err_code ndr_pull_netr_LogonSamLogonEx(struct ndr_pull *ndr, int flags, struct netr_LogonSamLogonEx *r) { uint32_t _ptr_server_name; + uint32_t size_server_name_1 = 0; + uint32_t length_server_name_1 = 0; uint32_t _ptr_computer_name; + uint32_t size_computer_name_1 = 0; + uint32_t length_computer_name_1 = 0; TALLOC_CTX *_mem_save_server_name_0; TALLOC_CTX *_mem_save_computer_name_0; TALLOC_CTX *_mem_save_logon_0; @@ -15401,11 +15878,13 @@ static enum ndr_err_code ndr_pull_netr_LogonSamLogonEx(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->in.server_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.server_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.server_name)); - if (ndr_get_array_length(ndr, &r->in.server_name) > ndr_get_array_size(ndr, &r->in.server_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.server_name), ndr_get_array_length(ndr, &r->in.server_name)); + size_server_name_1 = ndr_get_array_size(ndr, &r->in.server_name); + length_server_name_1 = ndr_get_array_length(ndr, &r->in.server_name); + if (length_server_name_1 > size_server_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_name_1, length_server_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.server_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_name, ndr_get_array_length(ndr, &r->in.server_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_name, length_server_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_name_0, 0); } NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_computer_name)); @@ -15419,11 +15898,13 @@ static enum ndr_err_code ndr_pull_netr_LogonSamLogonEx(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->in.computer_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.computer_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.computer_name)); - if (ndr_get_array_length(ndr, &r->in.computer_name) > ndr_get_array_size(ndr, &r->in.computer_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.computer_name), ndr_get_array_length(ndr, &r->in.computer_name)); + size_computer_name_1 = ndr_get_array_size(ndr, &r->in.computer_name); + length_computer_name_1 = ndr_get_array_length(ndr, &r->in.computer_name); + if (length_computer_name_1 > size_computer_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_computer_name_1, length_computer_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.computer_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.computer_name, ndr_get_array_length(ndr, &r->in.computer_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_computer_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.computer_name, length_computer_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_computer_name_0, 0); } NDR_CHECK(ndr_pull_netr_LogonInfoClass(ndr, NDR_SCALARS, &r->in.logon_level)); @@ -15560,6 +16041,8 @@ static enum ndr_err_code ndr_push_netr_DsrEnumerateDomainTrusts(struct ndr_push static enum ndr_err_code ndr_pull_netr_DsrEnumerateDomainTrusts(struct ndr_pull *ndr, int flags, struct netr_DsrEnumerateDomainTrusts *r) { uint32_t _ptr_server_name; + uint32_t size_server_name_1 = 0; + uint32_t length_server_name_1 = 0; TALLOC_CTX *_mem_save_server_name_0; TALLOC_CTX *_mem_save_trusts_0; if (flags & NDR_IN) { @@ -15576,11 +16059,13 @@ static enum ndr_err_code ndr_pull_netr_DsrEnumerateDomainTrusts(struct ndr_pull NDR_PULL_SET_MEM_CTX(ndr, r->in.server_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.server_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.server_name)); - if (ndr_get_array_length(ndr, &r->in.server_name) > ndr_get_array_size(ndr, &r->in.server_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.server_name), ndr_get_array_length(ndr, &r->in.server_name)); + size_server_name_1 = ndr_get_array_size(ndr, &r->in.server_name); + length_server_name_1 = ndr_get_array_length(ndr, &r->in.server_name); + if (length_server_name_1 > size_server_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_name_1, length_server_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.server_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_name, ndr_get_array_length(ndr, &r->in.server_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_name, length_server_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_name_0, 0); } NDR_CHECK(ndr_pull_netr_TrustFlags(ndr, NDR_SCALARS, &r->in.trust_flags)); @@ -15674,9 +16159,15 @@ static enum ndr_err_code ndr_push_netr_DsrDeregisterDNSHostRecords(struct ndr_pu static enum ndr_err_code ndr_pull_netr_DsrDeregisterDNSHostRecords(struct ndr_pull *ndr, int flags, struct netr_DsrDeregisterDNSHostRecords *r) { uint32_t _ptr_server_name; + uint32_t size_server_name_1 = 0; + uint32_t length_server_name_1 = 0; uint32_t _ptr_domain; + uint32_t size_domain_1 = 0; + uint32_t length_domain_1 = 0; uint32_t _ptr_domain_guid; uint32_t _ptr_dsa_guid; + uint32_t size_dns_host_1 = 0; + uint32_t length_dns_host_1 = 0; TALLOC_CTX *_mem_save_server_name_0; TALLOC_CTX *_mem_save_domain_0; TALLOC_CTX *_mem_save_domain_guid_0; @@ -15693,11 +16184,13 @@ static enum ndr_err_code ndr_pull_netr_DsrDeregisterDNSHostRecords(struct ndr_pu NDR_PULL_SET_MEM_CTX(ndr, r->in.server_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.server_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.server_name)); - if (ndr_get_array_length(ndr, &r->in.server_name) > ndr_get_array_size(ndr, &r->in.server_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.server_name), ndr_get_array_length(ndr, &r->in.server_name)); + size_server_name_1 = ndr_get_array_size(ndr, &r->in.server_name); + length_server_name_1 = ndr_get_array_length(ndr, &r->in.server_name); + if (length_server_name_1 > size_server_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_name_1, length_server_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.server_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_name, ndr_get_array_length(ndr, &r->in.server_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_name, length_server_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_name_0, 0); } NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_domain)); @@ -15711,11 +16204,13 @@ static enum ndr_err_code ndr_pull_netr_DsrDeregisterDNSHostRecords(struct ndr_pu NDR_PULL_SET_MEM_CTX(ndr, r->in.domain, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.domain)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.domain)); - if (ndr_get_array_length(ndr, &r->in.domain) > ndr_get_array_size(ndr, &r->in.domain)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.domain), ndr_get_array_length(ndr, &r->in.domain)); + size_domain_1 = ndr_get_array_size(ndr, &r->in.domain); + length_domain_1 = ndr_get_array_length(ndr, &r->in.domain); + if (length_domain_1 > size_domain_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_domain_1, length_domain_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.domain), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.domain, ndr_get_array_length(ndr, &r->in.domain), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_domain_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.domain, length_domain_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_domain_0, 0); } NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_domain_guid)); @@ -15744,11 +16239,13 @@ static enum ndr_err_code ndr_pull_netr_DsrDeregisterDNSHostRecords(struct ndr_pu } NDR_CHECK(ndr_pull_array_size(ndr, &r->in.dns_host)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.dns_host)); - if (ndr_get_array_length(ndr, &r->in.dns_host) > ndr_get_array_size(ndr, &r->in.dns_host)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.dns_host), ndr_get_array_length(ndr, &r->in.dns_host)); + size_dns_host_1 = ndr_get_array_size(ndr, &r->in.dns_host); + length_dns_host_1 = ndr_get_array_length(ndr, &r->in.dns_host); + if (length_dns_host_1 > size_dns_host_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_dns_host_1, length_dns_host_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.dns_host), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.dns_host, ndr_get_array_length(ndr, &r->in.dns_host), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_dns_host_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.dns_host, length_dns_host_1, sizeof(uint16_t), CH_UTF16)); } if (flags & NDR_OUT) { NDR_CHECK(ndr_pull_WERROR(ndr, NDR_SCALARS, &r->out.result)); @@ -15856,6 +16353,12 @@ static enum ndr_err_code ndr_push_netr_ServerTrustPasswordsGet(struct ndr_push * static enum ndr_err_code ndr_pull_netr_ServerTrustPasswordsGet(struct ndr_pull *ndr, int flags, struct netr_ServerTrustPasswordsGet *r) { uint32_t _ptr_server_name; + uint32_t size_server_name_1 = 0; + uint32_t length_server_name_1 = 0; + uint32_t size_account_name_1 = 0; + uint32_t length_account_name_1 = 0; + uint32_t size_computer_name_1 = 0; + uint32_t length_computer_name_1 = 0; TALLOC_CTX *_mem_save_server_name_0; TALLOC_CTX *_mem_save_credential_0; TALLOC_CTX *_mem_save_return_authenticator_0; @@ -15875,28 +16378,34 @@ static enum ndr_err_code ndr_pull_netr_ServerTrustPasswordsGet(struct ndr_pull * NDR_PULL_SET_MEM_CTX(ndr, r->in.server_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.server_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.server_name)); - if (ndr_get_array_length(ndr, &r->in.server_name) > ndr_get_array_size(ndr, &r->in.server_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.server_name), ndr_get_array_length(ndr, &r->in.server_name)); + size_server_name_1 = ndr_get_array_size(ndr, &r->in.server_name); + length_server_name_1 = ndr_get_array_length(ndr, &r->in.server_name); + if (length_server_name_1 > size_server_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_name_1, length_server_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.server_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_name, ndr_get_array_length(ndr, &r->in.server_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_name, length_server_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_name_0, 0); } NDR_CHECK(ndr_pull_array_size(ndr, &r->in.account_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.account_name)); - if (ndr_get_array_length(ndr, &r->in.account_name) > ndr_get_array_size(ndr, &r->in.account_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.account_name), ndr_get_array_length(ndr, &r->in.account_name)); + size_account_name_1 = ndr_get_array_size(ndr, &r->in.account_name); + length_account_name_1 = ndr_get_array_length(ndr, &r->in.account_name); + if (length_account_name_1 > size_account_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_account_name_1, length_account_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.account_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.account_name, ndr_get_array_length(ndr, &r->in.account_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_account_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.account_name, length_account_name_1, sizeof(uint16_t), CH_UTF16)); NDR_CHECK(ndr_pull_netr_SchannelType(ndr, NDR_SCALARS, &r->in.secure_channel_type)); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.computer_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.computer_name)); - if (ndr_get_array_length(ndr, &r->in.computer_name) > ndr_get_array_size(ndr, &r->in.computer_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.computer_name), ndr_get_array_length(ndr, &r->in.computer_name)); + size_computer_name_1 = ndr_get_array_size(ndr, &r->in.computer_name); + length_computer_name_1 = ndr_get_array_length(ndr, &r->in.computer_name); + if (length_computer_name_1 > size_computer_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_computer_name_1, length_computer_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.computer_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.computer_name, ndr_get_array_length(ndr, &r->in.computer_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_computer_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.computer_name, length_computer_name_1, sizeof(uint16_t), CH_UTF16)); if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) { NDR_PULL_ALLOC(ndr, r->in.credential); } @@ -16025,7 +16534,11 @@ static enum ndr_err_code ndr_push_netr_DsRGetForestTrustInformation(struct ndr_p static enum ndr_err_code ndr_pull_netr_DsRGetForestTrustInformation(struct ndr_pull *ndr, int flags, struct netr_DsRGetForestTrustInformation *r) { uint32_t _ptr_server_name; + uint32_t size_server_name_1 = 0; + uint32_t length_server_name_1 = 0; uint32_t _ptr_trusted_domain_name; + uint32_t size_trusted_domain_name_1 = 0; + uint32_t length_trusted_domain_name_1 = 0; uint32_t _ptr_forest_trust_info; TALLOC_CTX *_mem_save_server_name_0; TALLOC_CTX *_mem_save_trusted_domain_name_0; @@ -16045,11 +16558,13 @@ static enum ndr_err_code ndr_pull_netr_DsRGetForestTrustInformation(struct ndr_p NDR_PULL_SET_MEM_CTX(ndr, r->in.server_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.server_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.server_name)); - if (ndr_get_array_length(ndr, &r->in.server_name) > ndr_get_array_size(ndr, &r->in.server_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.server_name), ndr_get_array_length(ndr, &r->in.server_name)); + size_server_name_1 = ndr_get_array_size(ndr, &r->in.server_name); + length_server_name_1 = ndr_get_array_length(ndr, &r->in.server_name); + if (length_server_name_1 > size_server_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_name_1, length_server_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.server_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_name, ndr_get_array_length(ndr, &r->in.server_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_name, length_server_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_name_0, 0); } NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_trusted_domain_name)); @@ -16063,11 +16578,13 @@ static enum ndr_err_code ndr_pull_netr_DsRGetForestTrustInformation(struct ndr_p NDR_PULL_SET_MEM_CTX(ndr, r->in.trusted_domain_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.trusted_domain_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.trusted_domain_name)); - if (ndr_get_array_length(ndr, &r->in.trusted_domain_name) > ndr_get_array_size(ndr, &r->in.trusted_domain_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.trusted_domain_name), ndr_get_array_length(ndr, &r->in.trusted_domain_name)); + size_trusted_domain_name_1 = ndr_get_array_size(ndr, &r->in.trusted_domain_name); + length_trusted_domain_name_1 = ndr_get_array_length(ndr, &r->in.trusted_domain_name); + if (length_trusted_domain_name_1 > size_trusted_domain_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_trusted_domain_name_1, length_trusted_domain_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.trusted_domain_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.trusted_domain_name, ndr_get_array_length(ndr, &r->in.trusted_domain_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_trusted_domain_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.trusted_domain_name, length_trusted_domain_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_trusted_domain_name_0, 0); } NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.flags)); @@ -16184,6 +16701,10 @@ static enum ndr_err_code ndr_push_netr_GetForestTrustInformation(struct ndr_push static enum ndr_err_code ndr_pull_netr_GetForestTrustInformation(struct ndr_pull *ndr, int flags, struct netr_GetForestTrustInformation *r) { uint32_t _ptr_server_name; + uint32_t size_server_name_1 = 0; + uint32_t length_server_name_1 = 0; + uint32_t size_trusted_domain_name_1 = 0; + uint32_t length_trusted_domain_name_1 = 0; uint32_t _ptr_forest_trust_info; TALLOC_CTX *_mem_save_server_name_0; TALLOC_CTX *_mem_save_credential_0; @@ -16204,20 +16725,24 @@ static enum ndr_err_code ndr_pull_netr_GetForestTrustInformation(struct ndr_pull NDR_PULL_SET_MEM_CTX(ndr, r->in.server_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.server_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.server_name)); - if (ndr_get_array_length(ndr, &r->in.server_name) > ndr_get_array_size(ndr, &r->in.server_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.server_name), ndr_get_array_length(ndr, &r->in.server_name)); + size_server_name_1 = ndr_get_array_size(ndr, &r->in.server_name); + length_server_name_1 = ndr_get_array_length(ndr, &r->in.server_name); + if (length_server_name_1 > size_server_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_name_1, length_server_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.server_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_name, ndr_get_array_length(ndr, &r->in.server_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_name, length_server_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_name_0, 0); } NDR_CHECK(ndr_pull_array_size(ndr, &r->in.trusted_domain_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.trusted_domain_name)); - if (ndr_get_array_length(ndr, &r->in.trusted_domain_name) > ndr_get_array_size(ndr, &r->in.trusted_domain_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.trusted_domain_name), ndr_get_array_length(ndr, &r->in.trusted_domain_name)); + size_trusted_domain_name_1 = ndr_get_array_size(ndr, &r->in.trusted_domain_name); + length_trusted_domain_name_1 = ndr_get_array_length(ndr, &r->in.trusted_domain_name); + if (length_trusted_domain_name_1 > size_trusted_domain_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_trusted_domain_name_1, length_trusted_domain_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.trusted_domain_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.trusted_domain_name, ndr_get_array_length(ndr, &r->in.trusted_domain_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_trusted_domain_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.trusted_domain_name, length_trusted_domain_name_1, sizeof(uint16_t), CH_UTF16)); if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) { NDR_PULL_ALLOC(ndr, r->in.credential); } @@ -16374,7 +16899,11 @@ static enum ndr_err_code ndr_push_netr_LogonSamLogonWithFlags(struct ndr_push *n static enum ndr_err_code ndr_pull_netr_LogonSamLogonWithFlags(struct ndr_pull *ndr, int flags, struct netr_LogonSamLogonWithFlags *r) { uint32_t _ptr_server_name; + uint32_t size_server_name_1 = 0; + uint32_t length_server_name_1 = 0; uint32_t _ptr_computer_name; + uint32_t size_computer_name_1 = 0; + uint32_t length_computer_name_1 = 0; uint32_t _ptr_credential; uint32_t _ptr_return_authenticator; TALLOC_CTX *_mem_save_server_name_0; @@ -16399,11 +16928,13 @@ static enum ndr_err_code ndr_pull_netr_LogonSamLogonWithFlags(struct ndr_pull *n NDR_PULL_SET_MEM_CTX(ndr, r->in.server_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.server_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.server_name)); - if (ndr_get_array_length(ndr, &r->in.server_name) > ndr_get_array_size(ndr, &r->in.server_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.server_name), ndr_get_array_length(ndr, &r->in.server_name)); + size_server_name_1 = ndr_get_array_size(ndr, &r->in.server_name); + length_server_name_1 = ndr_get_array_length(ndr, &r->in.server_name); + if (length_server_name_1 > size_server_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_name_1, length_server_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.server_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_name, ndr_get_array_length(ndr, &r->in.server_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_name, length_server_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_name_0, 0); } NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_computer_name)); @@ -16417,11 +16948,13 @@ static enum ndr_err_code ndr_pull_netr_LogonSamLogonWithFlags(struct ndr_pull *n NDR_PULL_SET_MEM_CTX(ndr, r->in.computer_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.computer_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.computer_name)); - if (ndr_get_array_length(ndr, &r->in.computer_name) > ndr_get_array_size(ndr, &r->in.computer_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.computer_name), ndr_get_array_length(ndr, &r->in.computer_name)); + size_computer_name_1 = ndr_get_array_size(ndr, &r->in.computer_name); + length_computer_name_1 = ndr_get_array_length(ndr, &r->in.computer_name); + if (length_computer_name_1 > size_computer_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_computer_name_1, length_computer_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.computer_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.computer_name, ndr_get_array_length(ndr, &r->in.computer_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_computer_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.computer_name, length_computer_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_computer_name_0, 0); } NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_credential)); @@ -16645,6 +17178,12 @@ static enum ndr_err_code ndr_push_netr_ServerGetTrustInfo(struct ndr_push *ndr, static enum ndr_err_code ndr_pull_netr_ServerGetTrustInfo(struct ndr_pull *ndr, int flags, struct netr_ServerGetTrustInfo *r) { uint32_t _ptr_server_name; + uint32_t size_server_name_1 = 0; + uint32_t length_server_name_1 = 0; + uint32_t size_account_name_1 = 0; + uint32_t length_account_name_1 = 0; + uint32_t size_computer_name_1 = 0; + uint32_t length_computer_name_1 = 0; uint32_t _ptr_trust_info; TALLOC_CTX *_mem_save_server_name_0; TALLOC_CTX *_mem_save_credential_0; @@ -16667,28 +17206,34 @@ static enum ndr_err_code ndr_pull_netr_ServerGetTrustInfo(struct ndr_pull *ndr, NDR_PULL_SET_MEM_CTX(ndr, r->in.server_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.server_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.server_name)); - if (ndr_get_array_length(ndr, &r->in.server_name) > ndr_get_array_size(ndr, &r->in.server_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.server_name), ndr_get_array_length(ndr, &r->in.server_name)); + size_server_name_1 = ndr_get_array_size(ndr, &r->in.server_name); + length_server_name_1 = ndr_get_array_length(ndr, &r->in.server_name); + if (length_server_name_1 > size_server_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_name_1, length_server_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.server_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_name, ndr_get_array_length(ndr, &r->in.server_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_name, length_server_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_name_0, 0); } NDR_CHECK(ndr_pull_array_size(ndr, &r->in.account_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.account_name)); - if (ndr_get_array_length(ndr, &r->in.account_name) > ndr_get_array_size(ndr, &r->in.account_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.account_name), ndr_get_array_length(ndr, &r->in.account_name)); + size_account_name_1 = ndr_get_array_size(ndr, &r->in.account_name); + length_account_name_1 = ndr_get_array_length(ndr, &r->in.account_name); + if (length_account_name_1 > size_account_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_account_name_1, length_account_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.account_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.account_name, ndr_get_array_length(ndr, &r->in.account_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_account_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.account_name, length_account_name_1, sizeof(uint16_t), CH_UTF16)); NDR_CHECK(ndr_pull_netr_SchannelType(ndr, NDR_SCALARS, &r->in.secure_channel_type)); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.computer_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.computer_name)); - if (ndr_get_array_length(ndr, &r->in.computer_name) > ndr_get_array_size(ndr, &r->in.computer_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.computer_name), ndr_get_array_length(ndr, &r->in.computer_name)); + size_computer_name_1 = ndr_get_array_size(ndr, &r->in.computer_name); + length_computer_name_1 = ndr_get_array_length(ndr, &r->in.computer_name); + if (length_computer_name_1 > size_computer_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_computer_name_1, length_computer_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.computer_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.computer_name, ndr_get_array_length(ndr, &r->in.computer_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_computer_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.computer_name, length_computer_name_1, sizeof(uint16_t), CH_UTF16)); if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) { NDR_PULL_ALLOC(ndr, r->in.credential); } diff --git a/librpc/gen_ndr/ndr_ntlmssp.c b/librpc/gen_ndr/ndr_ntlmssp.c index 130b8fe..0d54e4f 100644 --- a/librpc/gen_ndr/ndr_ntlmssp.c +++ b/librpc/gen_ndr/ndr_ntlmssp.c @@ -170,12 +170,14 @@ static enum ndr_err_code ndr_push_VERSION(struct ndr_push *ndr, int ndr_flags, c static enum ndr_err_code ndr_pull_VERSION(struct ndr_pull *ndr, int ndr_flags, struct VERSION *r) { + uint32_t size_Reserved_0 = 0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 2)); NDR_CHECK(ndr_pull_ntlmssp_WindowsMajorVersion(ndr, NDR_SCALARS, &r->ProductMajorVersion)); NDR_CHECK(ndr_pull_ntlmssp_WindowsMinorVersion(ndr, NDR_SCALARS, &r->ProductMinorVersion)); NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, &r->ProductBuild)); - NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->Reserved, 3)); + size_Reserved_0 = 3; + NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->Reserved, size_Reserved_0)); NDR_CHECK(ndr_pull_ntlmssp_NTLMRevisionCurrent(ndr, NDR_SCALARS, &r->NTLMRevisionCurrent)); NDR_CHECK(ndr_pull_trailer_align(ndr, 2)); } @@ -319,13 +321,15 @@ _PUBLIC_ enum ndr_err_code ndr_push_NEGOTIATE_MESSAGE(struct ndr_push *ndr, int _PUBLIC_ enum ndr_err_code ndr_pull_NEGOTIATE_MESSAGE(struct ndr_pull *ndr, int ndr_flags, struct NEGOTIATE_MESSAGE *r) { + uint32_t size_Signature_0 = 0; uint32_t _ptr_DomainName; TALLOC_CTX *_mem_save_DomainName_0; uint32_t _ptr_Workstation; TALLOC_CTX *_mem_save_Workstation_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 5)); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->Signature, 8, sizeof(uint8_t), CH_DOS)); + size_Signature_0 = 8; + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->Signature, size_Signature_0, sizeof(uint8_t), CH_DOS)); NDR_CHECK(ndr_pull_ntlmssp_MessageType(ndr, NDR_SCALARS, &r->MessageType)); NDR_CHECK(ndr_pull_NEGOTIATE(ndr, NDR_SCALARS, &r->NegotiateFlags)); NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, &r->DomainNameLen)); @@ -486,13 +490,15 @@ static enum ndr_err_code ndr_push_Restriction_Encoding(struct ndr_push *ndr, int static enum ndr_err_code ndr_pull_Restriction_Encoding(struct ndr_pull *ndr, int ndr_flags, struct Restriction_Encoding *r) { + uint32_t size_MachineId_0 = 0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->Size)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->Z4)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->IntegrityLevel)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->SubjectIntegrityLevel)); - NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->MachineId, 32)); + size_MachineId_0 = 32; + NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->MachineId, size_MachineId_0)); NDR_CHECK(ndr_pull_trailer_align(ndr, 4)); } if (ndr_flags & NDR_BUFFERS) { @@ -677,6 +683,7 @@ static enum ndr_err_code ndr_push_ntlmssp_AvValue(struct ndr_push *ndr, int ndr_ static enum ndr_err_code ndr_pull_ntlmssp_AvValue(struct ndr_pull *ndr, int ndr_flags, union ntlmssp_AvValue *r) { int level; + uint32_t size_ChannelBindings_0 = 0; { uint32_t _flags_save_UNION = ndr->flags; ndr_set_flags(&ndr->flags, LIBNDR_FLAG_NOALIGN); @@ -754,7 +761,8 @@ static enum ndr_err_code ndr_pull_ntlmssp_AvValue(struct ndr_pull *ndr, int ndr_ break; } case MsvChannelBindings: { - NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->ChannelBindings, 16)); + size_ChannelBindings_0 = 16; + NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->ChannelBindings, size_ChannelBindings_0)); break; } default: { @@ -1038,8 +1046,11 @@ _PUBLIC_ enum ndr_err_code ndr_push_CHALLENGE_MESSAGE(struct ndr_push *ndr, int _PUBLIC_ enum ndr_err_code ndr_pull_CHALLENGE_MESSAGE(struct ndr_pull *ndr, int ndr_flags, struct CHALLENGE_MESSAGE *r) { + uint32_t size_Signature_0 = 0; uint32_t _ptr_TargetName; TALLOC_CTX *_mem_save_TargetName_0; + uint32_t size_ServerChallenge_0 = 0; + uint32_t size_Reserved_0 = 0; uint32_t _ptr_TargetInfo; TALLOC_CTX *_mem_save_TargetInfo_0; { @@ -1047,7 +1058,8 @@ _PUBLIC_ enum ndr_err_code ndr_pull_CHALLENGE_MESSAGE(struct ndr_pull *ndr, int ndr_set_flags(&ndr->flags, LIBNDR_PRINT_ARRAY_HEX); if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 5)); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->Signature, 8, sizeof(uint8_t), CH_DOS)); + size_Signature_0 = 8; + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->Signature, size_Signature_0, sizeof(uint8_t), CH_DOS)); NDR_CHECK(ndr_pull_ntlmssp_MessageType(ndr, NDR_SCALARS, &r->MessageType)); NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, &r->TargetNameLen)); NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, &r->TargetNameMaxLen)); @@ -1064,8 +1076,10 @@ _PUBLIC_ enum ndr_err_code ndr_pull_CHALLENGE_MESSAGE(struct ndr_pull *ndr, int ndr->flags = _flags_save_string; } NDR_CHECK(ndr_pull_NEGOTIATE(ndr, NDR_SCALARS, &r->NegotiateFlags)); - NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->ServerChallenge, 8)); - NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->Reserved, 8)); + size_ServerChallenge_0 = 8; + NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->ServerChallenge, size_ServerChallenge_0)); + size_Reserved_0 = 8; + NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->Reserved, size_Reserved_0)); NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, &r->TargetInfoLen)); NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, &r->TargetNameInfoMaxLen)); NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_TargetInfo)); @@ -1176,12 +1190,14 @@ _PUBLIC_ enum ndr_err_code ndr_push_LM_RESPONSE(struct ndr_push *ndr, int ndr_fl _PUBLIC_ enum ndr_err_code ndr_pull_LM_RESPONSE(struct ndr_pull *ndr, int ndr_flags, struct LM_RESPONSE *r) { + uint32_t size_Response_0 = 0; { uint32_t _flags_save_STRUCT = ndr->flags; ndr_set_flags(&ndr->flags, LIBNDR_PRINT_ARRAY_HEX); if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 1)); - NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->Response, 24)); + size_Response_0 = 24; + NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->Response, size_Response_0)); NDR_CHECK(ndr_pull_trailer_align(ndr, 1)); } if (ndr_flags & NDR_BUFFERS) { @@ -1224,13 +1240,17 @@ _PUBLIC_ enum ndr_err_code ndr_push_LMv2_RESPONSE(struct ndr_push *ndr, int ndr_ _PUBLIC_ enum ndr_err_code ndr_pull_LMv2_RESPONSE(struct ndr_pull *ndr, int ndr_flags, struct LMv2_RESPONSE *r) { + uint32_t size_Response_0 = 0; + uint32_t size_ChallengeFromClient_0 = 0; { uint32_t _flags_save_STRUCT = ndr->flags; ndr_set_flags(&ndr->flags, LIBNDR_PRINT_ARRAY_HEX); if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 1)); - NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->Response, 16)); - NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->ChallengeFromClient, 8)); + size_Response_0 = 16; + NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->Response, size_Response_0)); + size_ChallengeFromClient_0 = 8; + NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->ChallengeFromClient, size_ChallengeFromClient_0)); NDR_CHECK(ndr_pull_trailer_align(ndr, 1)); } if (ndr_flags & NDR_BUFFERS) { @@ -1347,12 +1367,14 @@ _PUBLIC_ enum ndr_err_code ndr_push_NTLM_RESPONSE(struct ndr_push *ndr, int ndr_ _PUBLIC_ enum ndr_err_code ndr_pull_NTLM_RESPONSE(struct ndr_pull *ndr, int ndr_flags, struct NTLM_RESPONSE *r) { + uint32_t size_Response_0 = 0; { uint32_t _flags_save_STRUCT = ndr->flags; ndr_set_flags(&ndr->flags, LIBNDR_PRINT_ARRAY_HEX); if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 1)); - NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->Response, 24)); + size_Response_0 = 24; + NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->Response, size_Response_0)); NDR_CHECK(ndr_pull_trailer_align(ndr, 1)); } if (ndr_flags & NDR_BUFFERS) { @@ -1416,6 +1438,7 @@ static enum ndr_err_code ndr_push_NTLMv2_CLIENT_CHALLENGE(struct ndr_push *ndr, static enum ndr_err_code ndr_pull_NTLMv2_CLIENT_CHALLENGE(struct ndr_pull *ndr, int ndr_flags, struct NTLMv2_CLIENT_CHALLENGE *r) { + uint32_t size_ChallengeFromClient_0 = 0; { uint32_t _flags_save_STRUCT = ndr->flags; ndr_set_flags(&ndr->flags, LIBNDR_PRINT_ARRAY_HEX); @@ -1426,7 +1449,8 @@ static enum ndr_err_code ndr_pull_NTLMv2_CLIENT_CHALLENGE(struct ndr_pull *ndr, NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, &r->Reserved1)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->Reserved2)); NDR_CHECK(ndr_pull_NTTIME(ndr, NDR_SCALARS, &r->TimeStamp)); - NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->ChallengeFromClient, 8)); + size_ChallengeFromClient_0 = 8; + NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->ChallengeFromClient, size_ChallengeFromClient_0)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->Reserved3)); { uint32_t _flags_save_AV_PAIR_LIST = ndr->flags; @@ -1494,12 +1518,14 @@ _PUBLIC_ enum ndr_err_code ndr_push_NTLMv2_RESPONSE(struct ndr_push *ndr, int nd _PUBLIC_ enum ndr_err_code ndr_pull_NTLMv2_RESPONSE(struct ndr_pull *ndr, int ndr_flags, struct NTLMv2_RESPONSE *r) { + uint32_t size_Response_0 = 0; { uint32_t _flags_save_STRUCT = ndr->flags; ndr_set_flags(&ndr->flags, LIBNDR_PRINT_ARRAY_HEX); if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); - NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->Response, 16)); + size_Response_0 = 16; + NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->Response, size_Response_0)); NDR_CHECK(ndr_pull_NTLMv2_CLIENT_CHALLENGE(ndr, NDR_SCALARS, &r->Challenge)); NDR_CHECK(ndr_pull_trailer_align(ndr, 4)); } @@ -1753,6 +1779,7 @@ _PUBLIC_ enum ndr_err_code ndr_push_AUTHENTICATE_MESSAGE(struct ndr_push *ndr, i _PUBLIC_ enum ndr_err_code ndr_pull_AUTHENTICATE_MESSAGE(struct ndr_pull *ndr, int ndr_flags, struct AUTHENTICATE_MESSAGE *r) { + uint32_t size_Signature_0 = 0; uint32_t _ptr_LmChallengeResponse; TALLOC_CTX *_mem_save_LmChallengeResponse_0; uint32_t _ptr_NtChallengeResponse; @@ -1770,7 +1797,8 @@ _PUBLIC_ enum ndr_err_code ndr_pull_AUTHENTICATE_MESSAGE(struct ndr_pull *ndr, i ndr_set_flags(&ndr->flags, LIBNDR_FLAG_REMAINING); if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 5)); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->Signature, 8, sizeof(uint8_t), CH_DOS)); + size_Signature_0 = 8; + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->Signature, size_Signature_0, sizeof(uint8_t), CH_DOS)); NDR_CHECK(ndr_pull_ntlmssp_MessageType(ndr, NDR_SCALARS, &r->MessageType)); NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, &r->LmChallengeResponseLen)); NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, &r->LmChallengeResponseMaxLen)); @@ -2090,13 +2118,15 @@ _PUBLIC_ enum ndr_err_code ndr_push_NTLMSSP_MESSAGE_SIGNATURE_NTLMv2(struct ndr_ _PUBLIC_ enum ndr_err_code ndr_pull_NTLMSSP_MESSAGE_SIGNATURE_NTLMv2(struct ndr_pull *ndr, int ndr_flags, struct NTLMSSP_MESSAGE_SIGNATURE_NTLMv2 *r) { + uint32_t size_Checksum_0 = 0; { uint32_t _flags_save_STRUCT = ndr->flags; ndr_set_flags(&ndr->flags, LIBNDR_PRINT_ARRAY_HEX); if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->Version)); - NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->Checksum, 8)); + size_Checksum_0 = 8; + NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->Checksum, size_Checksum_0)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->SeqNum)); NDR_CHECK(ndr_pull_trailer_align(ndr, 4)); } diff --git a/librpc/gen_ndr/ndr_ntsvcs.c b/librpc/gen_ndr/ndr_ntsvcs.c index 07a4a45..e4c2087 100644 --- a/librpc/gen_ndr/ndr_ntsvcs.c +++ b/librpc/gen_ndr/ndr_ntsvcs.c @@ -54,11 +54,13 @@ static enum ndr_err_code ndr_push_PNP_HwProfInfo(struct ndr_push *ndr, int ndr_f static enum ndr_err_code ndr_pull_PNP_HwProfInfo(struct ndr_pull *ndr, int ndr_flags, struct PNP_HwProfInfo *r) { + uint32_t size_friendly_name_0 = 0; uint32_t cntr_friendly_name_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->profile_handle)); - for (cntr_friendly_name_0 = 0; cntr_friendly_name_0 < 80; cntr_friendly_name_0++) { + size_friendly_name_0 = 80; + for (cntr_friendly_name_0 = 0; cntr_friendly_name_0 < size_friendly_name_0; cntr_friendly_name_0++) { NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, &r->friendly_name[cntr_friendly_name_0])); } NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->flags)); @@ -375,14 +377,18 @@ static enum ndr_err_code ndr_push_PNP_ValidateDeviceInstance(struct ndr_push *nd static enum ndr_err_code ndr_pull_PNP_ValidateDeviceInstance(struct ndr_pull *ndr, int flags, struct PNP_ValidateDeviceInstance *r) { + uint32_t size_devicepath_1 = 0; + uint32_t length_devicepath_1 = 0; if (flags & NDR_IN) { NDR_CHECK(ndr_pull_array_size(ndr, &r->in.devicepath)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.devicepath)); - if (ndr_get_array_length(ndr, &r->in.devicepath) > ndr_get_array_size(ndr, &r->in.devicepath)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.devicepath), ndr_get_array_length(ndr, &r->in.devicepath)); + size_devicepath_1 = ndr_get_array_size(ndr, &r->in.devicepath); + length_devicepath_1 = ndr_get_array_length(ndr, &r->in.devicepath); + if (length_devicepath_1 > size_devicepath_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_devicepath_1, length_devicepath_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.devicepath), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.devicepath, ndr_get_array_length(ndr, &r->in.devicepath), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_devicepath_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.devicepath, length_devicepath_1, sizeof(uint16_t), CH_UTF16)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.flags)); } if (flags & NDR_OUT) { @@ -579,6 +585,10 @@ static enum ndr_err_code ndr_push_PNP_GetDeviceList(struct ndr_push *ndr, int fl static enum ndr_err_code ndr_pull_PNP_GetDeviceList(struct ndr_pull *ndr, int flags, struct PNP_GetDeviceList *r) { uint32_t _ptr_filter; + uint32_t size_filter_1 = 0; + uint32_t length_filter_1 = 0; + uint32_t size_buffer_1 = 0; + uint32_t length_buffer_1 = 0; uint32_t cntr_buffer_1; TALLOC_CTX *_mem_save_filter_0; TALLOC_CTX *_mem_save_buffer_1; @@ -597,11 +607,13 @@ static enum ndr_err_code ndr_pull_PNP_GetDeviceList(struct ndr_pull *ndr, int fl NDR_PULL_SET_MEM_CTX(ndr, r->in.filter, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.filter)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.filter)); - if (ndr_get_array_length(ndr, &r->in.filter) > ndr_get_array_size(ndr, &r->in.filter)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.filter), ndr_get_array_length(ndr, &r->in.filter)); + size_filter_1 = ndr_get_array_size(ndr, &r->in.filter); + length_filter_1 = ndr_get_array_length(ndr, &r->in.filter); + if (length_filter_1 > size_filter_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_filter_1, length_filter_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.filter), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.filter, ndr_get_array_length(ndr, &r->in.filter), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_filter_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.filter, length_filter_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_filter_0, 0); } if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) { @@ -620,15 +632,17 @@ static enum ndr_err_code ndr_pull_PNP_GetDeviceList(struct ndr_pull *ndr, int fl if (flags & NDR_OUT) { NDR_CHECK(ndr_pull_array_size(ndr, &r->out.buffer)); NDR_CHECK(ndr_pull_array_length(ndr, &r->out.buffer)); - if (ndr_get_array_length(ndr, &r->out.buffer) > ndr_get_array_size(ndr, &r->out.buffer)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->out.buffer), ndr_get_array_length(ndr, &r->out.buffer)); + size_buffer_1 = ndr_get_array_size(ndr, &r->out.buffer); + length_buffer_1 = ndr_get_array_length(ndr, &r->out.buffer); + if (length_buffer_1 > size_buffer_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_buffer_1, length_buffer_1); } if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) { - NDR_PULL_ALLOC_N(ndr, r->out.buffer, ndr_get_array_size(ndr, &r->out.buffer)); + NDR_PULL_ALLOC_N(ndr, r->out.buffer, size_buffer_1); } _mem_save_buffer_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->out.buffer, 0); - for (cntr_buffer_1 = 0; cntr_buffer_1 < ndr_get_array_length(ndr, &r->out.buffer); cntr_buffer_1++) { + for (cntr_buffer_1 = 0; cntr_buffer_1 < length_buffer_1; cntr_buffer_1++) { NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, &r->out.buffer[cntr_buffer_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_buffer_1, 0); @@ -725,6 +739,8 @@ static enum ndr_err_code ndr_push_PNP_GetDeviceListSize(struct ndr_push *ndr, in static enum ndr_err_code ndr_pull_PNP_GetDeviceListSize(struct ndr_pull *ndr, int flags, struct PNP_GetDeviceListSize *r) { uint32_t _ptr_devicename; + uint32_t size_devicename_1 = 0; + uint32_t length_devicename_1 = 0; TALLOC_CTX *_mem_save_devicename_0; TALLOC_CTX *_mem_save_size_0; if (flags & NDR_IN) { @@ -741,11 +757,13 @@ static enum ndr_err_code ndr_pull_PNP_GetDeviceListSize(struct ndr_pull *ndr, in NDR_PULL_SET_MEM_CTX(ndr, r->in.devicename, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.devicename)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.devicename)); - if (ndr_get_array_length(ndr, &r->in.devicename) > ndr_get_array_size(ndr, &r->in.devicename)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.devicename), ndr_get_array_length(ndr, &r->in.devicename)); + size_devicename_1 = ndr_get_array_size(ndr, &r->in.devicename); + length_devicename_1 = ndr_get_array_length(ndr, &r->in.devicename); + if (length_devicename_1 > size_devicename_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_devicename_1, length_devicename_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.devicename), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.devicename, ndr_get_array_length(ndr, &r->in.devicename), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_devicename_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.devicename, length_devicename_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_devicename_0, 0); } NDR_CHECK(ndr_pull_PNP_GetIdListFlags(ndr, NDR_SCALARS, &r->in.flags)); @@ -890,6 +908,10 @@ static enum ndr_err_code ndr_push_PNP_GetDeviceRegProp(struct ndr_push *ndr, int static enum ndr_err_code ndr_pull_PNP_GetDeviceRegProp(struct ndr_pull *ndr, int flags, struct PNP_GetDeviceRegProp *r) { + uint32_t size_devicepath_1 = 0; + uint32_t length_devicepath_1 = 0; + uint32_t size_buffer_1 = 0; + uint32_t length_buffer_1 = 0; TALLOC_CTX *_mem_save_reg_data_type_0; TALLOC_CTX *_mem_save_buffer_size_0; TALLOC_CTX *_mem_save_needed_0; @@ -898,11 +920,13 @@ static enum ndr_err_code ndr_pull_PNP_GetDeviceRegProp(struct ndr_pull *ndr, int NDR_CHECK(ndr_pull_array_size(ndr, &r->in.devicepath)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.devicepath)); - if (ndr_get_array_length(ndr, &r->in.devicepath) > ndr_get_array_size(ndr, &r->in.devicepath)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.devicepath), ndr_get_array_length(ndr, &r->in.devicepath)); + size_devicepath_1 = ndr_get_array_size(ndr, &r->in.devicepath); + length_devicepath_1 = ndr_get_array_length(ndr, &r->in.devicepath); + if (length_devicepath_1 > size_devicepath_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_devicepath_1, length_devicepath_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.devicepath), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.devicepath, ndr_get_array_length(ndr, &r->in.devicepath), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_devicepath_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.devicepath, length_devicepath_1, sizeof(uint16_t), CH_UTF16)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.property)); if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) { NDR_PULL_ALLOC(ndr, r->in.reg_data_type); @@ -945,13 +969,15 @@ static enum ndr_err_code ndr_pull_PNP_GetDeviceRegProp(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, _mem_save_reg_data_type_0, LIBNDR_FLAG_REF_ALLOC); NDR_CHECK(ndr_pull_array_size(ndr, &r->out.buffer)); NDR_CHECK(ndr_pull_array_length(ndr, &r->out.buffer)); - if (ndr_get_array_length(ndr, &r->out.buffer) > ndr_get_array_size(ndr, &r->out.buffer)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->out.buffer), ndr_get_array_length(ndr, &r->out.buffer)); + size_buffer_1 = ndr_get_array_size(ndr, &r->out.buffer); + length_buffer_1 = ndr_get_array_length(ndr, &r->out.buffer); + if (length_buffer_1 > size_buffer_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_buffer_1, length_buffer_1); } if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) { - NDR_PULL_ALLOC_N(ndr, r->out.buffer, ndr_get_array_size(ndr, &r->out.buffer)); + NDR_PULL_ALLOC_N(ndr, r->out.buffer, size_buffer_1); } - NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->out.buffer, ndr_get_array_length(ndr, &r->out.buffer))); + NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->out.buffer, length_buffer_1)); if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) { NDR_PULL_ALLOC(ndr, r->out.buffer_size); } @@ -2154,9 +2180,15 @@ static enum ndr_err_code ndr_push_PNP_HwProfFlags(struct ndr_push *ndr, int flag static enum ndr_err_code ndr_pull_PNP_HwProfFlags(struct ndr_pull *ndr, int flags, struct PNP_HwProfFlags *r) { + uint32_t size_devicepath_1 = 0; + uint32_t length_devicepath_1 = 0; uint32_t _ptr_veto_type; uint32_t _ptr_unknown5; + uint32_t size_unknown5_1 = 0; + uint32_t length_unknown5_1 = 0; uint32_t _ptr_unknown5a; + uint32_t size_unknown5a_2 = 0; + uint32_t length_unknown5a_2 = 0; TALLOC_CTX *_mem_save_profile_flags_0; TALLOC_CTX *_mem_save_veto_type_0; TALLOC_CTX *_mem_save_unknown5_0; @@ -2168,11 +2200,13 @@ static enum ndr_err_code ndr_pull_PNP_HwProfFlags(struct ndr_pull *ndr, int flag NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.action)); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.devicepath)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.devicepath)); - if (ndr_get_array_length(ndr, &r->in.devicepath) > ndr_get_array_size(ndr, &r->in.devicepath)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.devicepath), ndr_get_array_length(ndr, &r->in.devicepath)); + size_devicepath_1 = ndr_get_array_size(ndr, &r->in.devicepath); + length_devicepath_1 = ndr_get_array_length(ndr, &r->in.devicepath); + if (length_devicepath_1 > size_devicepath_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_devicepath_1, length_devicepath_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.devicepath), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.devicepath, ndr_get_array_length(ndr, &r->in.devicepath), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_devicepath_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.devicepath, length_devicepath_1, sizeof(uint16_t), CH_UTF16)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.config)); if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) { NDR_PULL_ALLOC(ndr, r->in.profile_flags); @@ -2204,11 +2238,13 @@ static enum ndr_err_code ndr_pull_PNP_HwProfFlags(struct ndr_pull *ndr, int flag NDR_PULL_SET_MEM_CTX(ndr, r->in.unknown5, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.unknown5)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.unknown5)); - if (ndr_get_array_length(ndr, &r->in.unknown5) > ndr_get_array_size(ndr, &r->in.unknown5)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.unknown5), ndr_get_array_length(ndr, &r->in.unknown5)); + size_unknown5_1 = ndr_get_array_size(ndr, &r->in.unknown5); + length_unknown5_1 = ndr_get_array_length(ndr, &r->in.unknown5); + if (length_unknown5_1 > size_unknown5_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_unknown5_1, length_unknown5_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.unknown5), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.unknown5, ndr_get_array_length(ndr, &r->in.unknown5), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_unknown5_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.unknown5, length_unknown5_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_unknown5_0, 0); } NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.name_length)); @@ -2256,11 +2292,13 @@ static enum ndr_err_code ndr_pull_PNP_HwProfFlags(struct ndr_pull *ndr, int flag NDR_PULL_SET_MEM_CTX(ndr, *r->out.unknown5a, 0); NDR_CHECK(ndr_pull_array_size(ndr, r->out.unknown5a)); NDR_CHECK(ndr_pull_array_length(ndr, r->out.unknown5a)); - if (ndr_get_array_length(ndr, r->out.unknown5a) > ndr_get_array_size(ndr, r->out.unknown5a)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, r->out.unknown5a), ndr_get_array_length(ndr, r->out.unknown5a)); + size_unknown5a_2 = ndr_get_array_size(ndr, r->out.unknown5a); + length_unknown5a_2 = ndr_get_array_length(ndr, r->out.unknown5a); + if (length_unknown5a_2 > size_unknown5a_2) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_unknown5a_2, length_unknown5a_2); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, r->out.unknown5a), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, r->out.unknown5a, ndr_get_array_length(ndr, r->out.unknown5a), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_unknown5a_2, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, r->out.unknown5a, length_unknown5a_2, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_unknown5a_1, 0); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_unknown5a_0, 0); diff --git a/librpc/gen_ndr/ndr_samr.c b/librpc/gen_ndr/ndr_samr.c index 8e6e005..f93016b 100644 --- a/librpc/gen_ndr/ndr_samr.c +++ b/librpc/gen_ndr/ndr_samr.c @@ -305,6 +305,7 @@ static enum ndr_err_code ndr_push_samr_SamArray(struct ndr_push *ndr, int ndr_fl static enum ndr_err_code ndr_pull_samr_SamArray(struct ndr_pull *ndr, int ndr_flags, struct samr_SamArray *r) { uint32_t _ptr_entries; + uint32_t size_entries_1 = 0; uint32_t cntr_entries_1; TALLOC_CTX *_mem_save_entries_0; TALLOC_CTX *_mem_save_entries_1; @@ -324,13 +325,14 @@ static enum ndr_err_code ndr_pull_samr_SamArray(struct ndr_pull *ndr, int ndr_fl _mem_save_entries_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->entries, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->entries)); - NDR_PULL_ALLOC_N(ndr, r->entries, ndr_get_array_size(ndr, &r->entries)); + size_entries_1 = ndr_get_array_size(ndr, &r->entries); + NDR_PULL_ALLOC_N(ndr, r->entries, size_entries_1); _mem_save_entries_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->entries, 0); - for (cntr_entries_1 = 0; cntr_entries_1 < r->count; cntr_entries_1++) { + for (cntr_entries_1 = 0; cntr_entries_1 < size_entries_1; cntr_entries_1++) { NDR_CHECK(ndr_pull_samr_SamEntry(ndr, NDR_SCALARS, &r->entries[cntr_entries_1])); } - for (cntr_entries_1 = 0; cntr_entries_1 < r->count; cntr_entries_1++) { + for (cntr_entries_1 = 0; cntr_entries_1 < size_entries_1; cntr_entries_1++) { NDR_CHECK(ndr_pull_samr_SamEntry(ndr, NDR_BUFFERS, &r->entries[cntr_entries_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_entries_1, 0); @@ -1252,6 +1254,7 @@ static enum ndr_err_code ndr_push_samr_Ids(struct ndr_push *ndr, int ndr_flags, static enum ndr_err_code ndr_pull_samr_Ids(struct ndr_pull *ndr, int ndr_flags, struct samr_Ids *r) { uint32_t _ptr_ids; + uint32_t size_ids_1 = 0; uint32_t cntr_ids_1; TALLOC_CTX *_mem_save_ids_0; TALLOC_CTX *_mem_save_ids_1; @@ -1274,10 +1277,11 @@ static enum ndr_err_code ndr_pull_samr_Ids(struct ndr_pull *ndr, int ndr_flags, _mem_save_ids_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->ids, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->ids)); - NDR_PULL_ALLOC_N(ndr, r->ids, ndr_get_array_size(ndr, &r->ids)); + size_ids_1 = ndr_get_array_size(ndr, &r->ids); + NDR_PULL_ALLOC_N(ndr, r->ids, size_ids_1); _mem_save_ids_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->ids, 0); - for (cntr_ids_1 = 0; cntr_ids_1 < r->count; cntr_ids_1++) { + for (cntr_ids_1 = 0; cntr_ids_1 < size_ids_1; cntr_ids_1++) { NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->ids[cntr_ids_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_ids_1, 0); @@ -1633,10 +1637,12 @@ static enum ndr_err_code ndr_push_samr_RidTypeArray(struct ndr_push *ndr, int nd static enum ndr_err_code ndr_pull_samr_RidTypeArray(struct ndr_pull *ndr, int ndr_flags, struct samr_RidTypeArray *r) { uint32_t _ptr_rids; + uint32_t size_rids_1 = 0; uint32_t cntr_rids_1; TALLOC_CTX *_mem_save_rids_0; TALLOC_CTX *_mem_save_rids_1; uint32_t _ptr_types; + uint32_t size_types_1 = 0; uint32_t cntr_types_1; TALLOC_CTX *_mem_save_types_0; TALLOC_CTX *_mem_save_types_1; @@ -1662,10 +1668,11 @@ static enum ndr_err_code ndr_pull_samr_RidTypeArray(struct ndr_pull *ndr, int nd _mem_save_rids_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->rids, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->rids)); - NDR_PULL_ALLOC_N(ndr, r->rids, ndr_get_array_size(ndr, &r->rids)); + size_rids_1 = ndr_get_array_size(ndr, &r->rids); + NDR_PULL_ALLOC_N(ndr, r->rids, size_rids_1); _mem_save_rids_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->rids, 0); - for (cntr_rids_1 = 0; cntr_rids_1 < r->count; cntr_rids_1++) { + for (cntr_rids_1 = 0; cntr_rids_1 < size_rids_1; cntr_rids_1++) { NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->rids[cntr_rids_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_rids_1, 0); @@ -1675,10 +1682,11 @@ static enum ndr_err_code ndr_pull_samr_RidTypeArray(struct ndr_pull *ndr, int nd _mem_save_types_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->types, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->types)); - NDR_PULL_ALLOC_N(ndr, r->types, ndr_get_array_size(ndr, &r->types)); + size_types_1 = ndr_get_array_size(ndr, &r->types); + NDR_PULL_ALLOC_N(ndr, r->types, size_types_1); _mem_save_types_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->types, 0); - for (cntr_types_1 = 0; cntr_types_1 < r->count; cntr_types_1++) { + for (cntr_types_1 = 0; cntr_types_1 < size_types_1; cntr_types_1++) { NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->types[cntr_types_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_types_1, 0); @@ -2089,6 +2097,8 @@ _PUBLIC_ enum ndr_err_code ndr_push_samr_LogonHours(struct ndr_push *ndr, int nd _PUBLIC_ enum ndr_err_code ndr_pull_samr_LogonHours(struct ndr_pull *ndr, int ndr_flags, struct samr_LogonHours *r) { uint32_t _ptr_bits; + uint32_t size_bits_1 = 0; + uint32_t length_bits_1 = 0; TALLOC_CTX *_mem_save_bits_0; { uint32_t _flags_save_STRUCT = ndr->flags; @@ -2110,11 +2120,13 @@ _PUBLIC_ enum ndr_err_code ndr_pull_samr_LogonHours(struct ndr_pull *ndr, int nd NDR_PULL_SET_MEM_CTX(ndr, r->bits, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->bits)); NDR_CHECK(ndr_pull_array_length(ndr, &r->bits)); - if (ndr_get_array_length(ndr, &r->bits) > ndr_get_array_size(ndr, &r->bits)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->bits), ndr_get_array_length(ndr, &r->bits)); + size_bits_1 = ndr_get_array_size(ndr, &r->bits); + length_bits_1 = ndr_get_array_length(ndr, &r->bits); + if (length_bits_1 > size_bits_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_bits_1, length_bits_1); } - NDR_PULL_ALLOC_N(ndr, r->bits, ndr_get_array_size(ndr, &r->bits)); - NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->bits, ndr_get_array_length(ndr, &r->bits))); + NDR_PULL_ALLOC_N(ndr, r->bits, size_bits_1); + NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->bits, length_bits_1)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_bits_0, 0); } if (r->bits) { @@ -2779,12 +2791,14 @@ _PUBLIC_ enum ndr_err_code ndr_push_samr_Password(struct ndr_push *ndr, int ndr_ _PUBLIC_ enum ndr_err_code ndr_pull_samr_Password(struct ndr_pull *ndr, int ndr_flags, struct samr_Password *r) { + uint32_t size_hash_0 = 0; { uint32_t _flags_save_STRUCT = ndr->flags; ndr_set_flags(&ndr->flags, LIBNDR_PRINT_ARRAY_HEX); if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 1)); - NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->hash, 16)); + size_hash_0 = 16; + NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->hash, size_hash_0)); NDR_CHECK(ndr_pull_trailer_align(ndr, 1)); } if (ndr_flags & NDR_BUFFERS) { @@ -3002,6 +3016,7 @@ static enum ndr_err_code ndr_push_samr_UserInfo21(struct ndr_push *ndr, int ndr_ static enum ndr_err_code ndr_pull_samr_UserInfo21(struct ndr_pull *ndr, int ndr_flags, struct samr_UserInfo21 *r) { uint32_t _ptr_buffer; + uint32_t size_buffer_1 = 0; TALLOC_CTX *_mem_save_buffer_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 5)); @@ -3064,8 +3079,9 @@ static enum ndr_err_code ndr_pull_samr_UserInfo21(struct ndr_pull *ndr, int ndr_ _mem_save_buffer_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->buffer, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->buffer)); - NDR_PULL_ALLOC_N(ndr, r->buffer, ndr_get_array_size(ndr, &r->buffer)); - NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->buffer, ndr_get_array_size(ndr, &r->buffer))); + size_buffer_1 = ndr_get_array_size(ndr, &r->buffer); + NDR_PULL_ALLOC_N(ndr, r->buffer, size_buffer_1); + NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->buffer, size_buffer_1)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_buffer_0, 0); } NDR_CHECK(ndr_pull_samr_LogonHours(ndr, NDR_BUFFERS, &r->logon_hours)); @@ -3141,12 +3157,14 @@ _PUBLIC_ enum ndr_err_code ndr_push_samr_CryptPassword(struct ndr_push *ndr, int _PUBLIC_ enum ndr_err_code ndr_pull_samr_CryptPassword(struct ndr_pull *ndr, int ndr_flags, struct samr_CryptPassword *r) { + uint32_t size_data_0 = 0; { uint32_t _flags_save_STRUCT = ndr->flags; ndr_set_flags(&ndr->flags, LIBNDR_PRINT_ARRAY_HEX); if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 1)); - NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->data, 516)); + size_data_0 = 516; + NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->data, size_data_0)); NDR_CHECK(ndr_pull_trailer_align(ndr, 1)); } if (ndr_flags & NDR_BUFFERS) { @@ -3260,12 +3278,14 @@ static enum ndr_err_code ndr_push_samr_CryptPasswordEx(struct ndr_push *ndr, int static enum ndr_err_code ndr_pull_samr_CryptPasswordEx(struct ndr_pull *ndr, int ndr_flags, struct samr_CryptPasswordEx *r) { + uint32_t size_data_0 = 0; { uint32_t _flags_save_STRUCT = ndr->flags; ndr_set_flags(&ndr->flags, LIBNDR_PRINT_ARRAY_HEX); if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 1)); - NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->data, 532)); + size_data_0 = 532; + NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->data, size_data_0)); NDR_CHECK(ndr_pull_trailer_align(ndr, 1)); } if (ndr_flags & NDR_BUFFERS) { @@ -3923,6 +3943,7 @@ _PUBLIC_ enum ndr_err_code ndr_push_samr_RidWithAttributeArray(struct ndr_push * _PUBLIC_ enum ndr_err_code ndr_pull_samr_RidWithAttributeArray(struct ndr_pull *ndr, int ndr_flags, struct samr_RidWithAttributeArray *r) { uint32_t _ptr_rids; + uint32_t size_rids_1 = 0; uint32_t cntr_rids_1; TALLOC_CTX *_mem_save_rids_0; TALLOC_CTX *_mem_save_rids_1; @@ -3942,10 +3963,11 @@ _PUBLIC_ enum ndr_err_code ndr_pull_samr_RidWithAttributeArray(struct ndr_pull * _mem_save_rids_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->rids, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->rids)); - NDR_PULL_ALLOC_N(ndr, r->rids, ndr_get_array_size(ndr, &r->rids)); + size_rids_1 = ndr_get_array_size(ndr, &r->rids); + NDR_PULL_ALLOC_N(ndr, r->rids, size_rids_1); _mem_save_rids_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->rids, 0); - for (cntr_rids_1 = 0; cntr_rids_1 < r->count; cntr_rids_1++) { + for (cntr_rids_1 = 0; cntr_rids_1 < size_rids_1; cntr_rids_1++) { NDR_CHECK(ndr_pull_samr_RidWithAttribute(ndr, NDR_SCALARS, &r->rids[cntr_rids_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_rids_1, 0); @@ -4061,6 +4083,7 @@ static enum ndr_err_code ndr_push_samr_DispInfoGeneral(struct ndr_push *ndr, int static enum ndr_err_code ndr_pull_samr_DispInfoGeneral(struct ndr_pull *ndr, int ndr_flags, struct samr_DispInfoGeneral *r) { uint32_t _ptr_entries; + uint32_t size_entries_1 = 0; uint32_t cntr_entries_1; TALLOC_CTX *_mem_save_entries_0; TALLOC_CTX *_mem_save_entries_1; @@ -4080,13 +4103,14 @@ static enum ndr_err_code ndr_pull_samr_DispInfoGeneral(struct ndr_pull *ndr, int _mem_save_entries_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->entries, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->entries)); - NDR_PULL_ALLOC_N(ndr, r->entries, ndr_get_array_size(ndr, &r->entries)); + size_entries_1 = ndr_get_array_size(ndr, &r->entries); + NDR_PULL_ALLOC_N(ndr, r->entries, size_entries_1); _mem_save_entries_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->entries, 0); - for (cntr_entries_1 = 0; cntr_entries_1 < r->count; cntr_entries_1++) { + for (cntr_entries_1 = 0; cntr_entries_1 < size_entries_1; cntr_entries_1++) { NDR_CHECK(ndr_pull_samr_DispEntryGeneral(ndr, NDR_SCALARS, &r->entries[cntr_entries_1])); } - for (cntr_entries_1 = 0; cntr_entries_1 < r->count; cntr_entries_1++) { + for (cntr_entries_1 = 0; cntr_entries_1 < size_entries_1; cntr_entries_1++) { NDR_CHECK(ndr_pull_samr_DispEntryGeneral(ndr, NDR_BUFFERS, &r->entries[cntr_entries_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_entries_1, 0); @@ -4197,6 +4221,7 @@ static enum ndr_err_code ndr_push_samr_DispInfoFull(struct ndr_push *ndr, int nd static enum ndr_err_code ndr_pull_samr_DispInfoFull(struct ndr_pull *ndr, int ndr_flags, struct samr_DispInfoFull *r) { uint32_t _ptr_entries; + uint32_t size_entries_1 = 0; uint32_t cntr_entries_1; TALLOC_CTX *_mem_save_entries_0; TALLOC_CTX *_mem_save_entries_1; @@ -4216,13 +4241,14 @@ static enum ndr_err_code ndr_pull_samr_DispInfoFull(struct ndr_pull *ndr, int nd _mem_save_entries_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->entries, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->entries)); - NDR_PULL_ALLOC_N(ndr, r->entries, ndr_get_array_size(ndr, &r->entries)); + size_entries_1 = ndr_get_array_size(ndr, &r->entries); + NDR_PULL_ALLOC_N(ndr, r->entries, size_entries_1); _mem_save_entries_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->entries, 0); - for (cntr_entries_1 = 0; cntr_entries_1 < r->count; cntr_entries_1++) { + for (cntr_entries_1 = 0; cntr_entries_1 < size_entries_1; cntr_entries_1++) { NDR_CHECK(ndr_pull_samr_DispEntryFull(ndr, NDR_SCALARS, &r->entries[cntr_entries_1])); } - for (cntr_entries_1 = 0; cntr_entries_1 < r->count; cntr_entries_1++) { + for (cntr_entries_1 = 0; cntr_entries_1 < size_entries_1; cntr_entries_1++) { NDR_CHECK(ndr_pull_samr_DispEntryFull(ndr, NDR_BUFFERS, &r->entries[cntr_entries_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_entries_1, 0); @@ -4333,6 +4359,7 @@ static enum ndr_err_code ndr_push_samr_DispInfoFullGroups(struct ndr_push *ndr, static enum ndr_err_code ndr_pull_samr_DispInfoFullGroups(struct ndr_pull *ndr, int ndr_flags, struct samr_DispInfoFullGroups *r) { uint32_t _ptr_entries; + uint32_t size_entries_1 = 0; uint32_t cntr_entries_1; TALLOC_CTX *_mem_save_entries_0; TALLOC_CTX *_mem_save_entries_1; @@ -4352,13 +4379,14 @@ static enum ndr_err_code ndr_pull_samr_DispInfoFullGroups(struct ndr_pull *ndr, _mem_save_entries_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->entries, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->entries)); - NDR_PULL_ALLOC_N(ndr, r->entries, ndr_get_array_size(ndr, &r->entries)); + size_entries_1 = ndr_get_array_size(ndr, &r->entries); + NDR_PULL_ALLOC_N(ndr, r->entries, size_entries_1); _mem_save_entries_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->entries, 0); - for (cntr_entries_1 = 0; cntr_entries_1 < r->count; cntr_entries_1++) { + for (cntr_entries_1 = 0; cntr_entries_1 < size_entries_1; cntr_entries_1++) { NDR_CHECK(ndr_pull_samr_DispEntryFullGroup(ndr, NDR_SCALARS, &r->entries[cntr_entries_1])); } - for (cntr_entries_1 = 0; cntr_entries_1 < r->count; cntr_entries_1++) { + for (cntr_entries_1 = 0; cntr_entries_1 < size_entries_1; cntr_entries_1++) { NDR_CHECK(ndr_pull_samr_DispEntryFullGroup(ndr, NDR_BUFFERS, &r->entries[cntr_entries_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_entries_1, 0); @@ -4458,6 +4486,7 @@ static enum ndr_err_code ndr_push_samr_DispInfoAscii(struct ndr_push *ndr, int n static enum ndr_err_code ndr_pull_samr_DispInfoAscii(struct ndr_pull *ndr, int ndr_flags, struct samr_DispInfoAscii *r) { uint32_t _ptr_entries; + uint32_t size_entries_1 = 0; uint32_t cntr_entries_1; TALLOC_CTX *_mem_save_entries_0; TALLOC_CTX *_mem_save_entries_1; @@ -4477,13 +4506,14 @@ static enum ndr_err_code ndr_pull_samr_DispInfoAscii(struct ndr_pull *ndr, int n _mem_save_entries_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->entries, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->entries)); - NDR_PULL_ALLOC_N(ndr, r->entries, ndr_get_array_size(ndr, &r->entries)); + size_entries_1 = ndr_get_array_size(ndr, &r->entries); + NDR_PULL_ALLOC_N(ndr, r->entries, size_entries_1); _mem_save_entries_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->entries, 0); - for (cntr_entries_1 = 0; cntr_entries_1 < r->count; cntr_entries_1++) { + for (cntr_entries_1 = 0; cntr_entries_1 < size_entries_1; cntr_entries_1++) { NDR_CHECK(ndr_pull_samr_DispEntryAscii(ndr, NDR_SCALARS, &r->entries[cntr_entries_1])); } - for (cntr_entries_1 = 0; cntr_entries_1 < r->count; cntr_entries_1++) { + for (cntr_entries_1 = 0; cntr_entries_1 < size_entries_1; cntr_entries_1++) { NDR_CHECK(ndr_pull_samr_DispEntryAscii(ndr, NDR_BUFFERS, &r->entries[cntr_entries_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_entries_1, 0); @@ -4993,6 +5023,7 @@ static enum ndr_err_code ndr_push_samr_ValidationBlob(struct ndr_push *ndr, int static enum ndr_err_code ndr_pull_samr_ValidationBlob(struct ndr_pull *ndr, int ndr_flags, struct samr_ValidationBlob *r) { uint32_t _ptr_data; + uint32_t size_data_1 = 0; TALLOC_CTX *_mem_save_data_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 5)); @@ -5010,8 +5041,9 @@ static enum ndr_err_code ndr_pull_samr_ValidationBlob(struct ndr_pull *ndr, int _mem_save_data_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->data, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->data)); - NDR_PULL_ALLOC_N(ndr, r->data, ndr_get_array_size(ndr, &r->data)); - NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->data, ndr_get_array_size(ndr, &r->data))); + size_data_1 = ndr_get_array_size(ndr, &r->data); + NDR_PULL_ALLOC_N(ndr, r->data, size_data_1); + NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->data, size_data_1)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_data_0, 0); } if (r->data) { @@ -5066,6 +5098,7 @@ static enum ndr_err_code ndr_push_samr_ValidatePasswordInfo(struct ndr_push *ndr static enum ndr_err_code ndr_pull_samr_ValidatePasswordInfo(struct ndr_pull *ndr, int ndr_flags, struct samr_ValidatePasswordInfo *r) { uint32_t _ptr_pwd_history; + uint32_t size_pwd_history_1 = 0; uint32_t cntr_pwd_history_1; TALLOC_CTX *_mem_save_pwd_history_0; TALLOC_CTX *_mem_save_pwd_history_1; @@ -5090,13 +5123,14 @@ static enum ndr_err_code ndr_pull_samr_ValidatePasswordInfo(struct ndr_pull *ndr _mem_save_pwd_history_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->pwd_history, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->pwd_history)); - NDR_PULL_ALLOC_N(ndr, r->pwd_history, ndr_get_array_size(ndr, &r->pwd_history)); + size_pwd_history_1 = ndr_get_array_size(ndr, &r->pwd_history); + NDR_PULL_ALLOC_N(ndr, r->pwd_history, size_pwd_history_1); _mem_save_pwd_history_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->pwd_history, 0); - for (cntr_pwd_history_1 = 0; cntr_pwd_history_1 < r->pwd_history_len; cntr_pwd_history_1++) { + for (cntr_pwd_history_1 = 0; cntr_pwd_history_1 < size_pwd_history_1; cntr_pwd_history_1++) { NDR_CHECK(ndr_pull_samr_ValidationBlob(ndr, NDR_SCALARS, &r->pwd_history[cntr_pwd_history_1])); } - for (cntr_pwd_history_1 = 0; cntr_pwd_history_1 < r->pwd_history_len; cntr_pwd_history_1++) { + for (cntr_pwd_history_1 = 0; cntr_pwd_history_1 < size_pwd_history_1; cntr_pwd_history_1++) { NDR_CHECK(ndr_pull_samr_ValidationBlob(ndr, NDR_BUFFERS, &r->pwd_history[cntr_pwd_history_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_pwd_history_1, 0); @@ -7425,6 +7459,8 @@ _PUBLIC_ enum ndr_err_code ndr_push_samr_LookupNames(struct ndr_push *ndr, int f _PUBLIC_ enum ndr_err_code ndr_pull_samr_LookupNames(struct ndr_pull *ndr, int flags, struct samr_LookupNames *r) { + uint32_t size_names_0 = 0; + uint32_t length_names_0 = 0; uint32_t cntr_names_0; TALLOC_CTX *_mem_save_domain_handle_0; TALLOC_CTX *_mem_save_names_0; @@ -7446,16 +7482,18 @@ _PUBLIC_ enum ndr_err_code ndr_pull_samr_LookupNames(struct ndr_pull *ndr, int f } NDR_CHECK(ndr_pull_array_size(ndr, &r->in.names)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.names)); - if (ndr_get_array_length(ndr, &r->in.names) > ndr_get_array_size(ndr, &r->in.names)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.names), ndr_get_array_length(ndr, &r->in.names)); + size_names_0 = ndr_get_array_size(ndr, &r->in.names); + length_names_0 = ndr_get_array_length(ndr, &r->in.names); + if (length_names_0 > size_names_0) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_names_0, length_names_0); } - NDR_PULL_ALLOC_N(ndr, r->in.names, ndr_get_array_size(ndr, &r->in.names)); + NDR_PULL_ALLOC_N(ndr, r->in.names, size_names_0); _mem_save_names_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->in.names, 0); - for (cntr_names_0 = 0; cntr_names_0 < ndr_get_array_length(ndr, &r->in.names); cntr_names_0++) { + for (cntr_names_0 = 0; cntr_names_0 < length_names_0; cntr_names_0++) { NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_SCALARS, &r->in.names[cntr_names_0])); } - for (cntr_names_0 = 0; cntr_names_0 < ndr_get_array_length(ndr, &r->in.names); cntr_names_0++) { + for (cntr_names_0 = 0; cntr_names_0 < length_names_0; cntr_names_0++) { NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_BUFFERS, &r->in.names[cntr_names_0])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_names_0, 0); @@ -7567,6 +7605,8 @@ static enum ndr_err_code ndr_push_samr_LookupRids(struct ndr_push *ndr, int flag static enum ndr_err_code ndr_pull_samr_LookupRids(struct ndr_pull *ndr, int flags, struct samr_LookupRids *r) { + uint32_t size_rids_0 = 0; + uint32_t length_rids_0 = 0; uint32_t cntr_rids_0; TALLOC_CTX *_mem_save_domain_handle_0; TALLOC_CTX *_mem_save_rids_0; @@ -7588,13 +7628,15 @@ static enum ndr_err_code ndr_pull_samr_LookupRids(struct ndr_pull *ndr, int flag } NDR_CHECK(ndr_pull_array_size(ndr, &r->in.rids)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.rids)); - if (ndr_get_array_length(ndr, &r->in.rids) > ndr_get_array_size(ndr, &r->in.rids)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.rids), ndr_get_array_length(ndr, &r->in.rids)); + size_rids_0 = ndr_get_array_size(ndr, &r->in.rids); + length_rids_0 = ndr_get_array_length(ndr, &r->in.rids); + if (length_rids_0 > size_rids_0) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_rids_0, length_rids_0); } - NDR_PULL_ALLOC_N(ndr, r->in.rids, ndr_get_array_size(ndr, &r->in.rids)); + NDR_PULL_ALLOC_N(ndr, r->in.rids, size_rids_0); _mem_save_rids_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->in.rids, 0); - for (cntr_rids_0 = 0; cntr_rids_0 < ndr_get_array_length(ndr, &r->in.rids); cntr_rids_0++) { + for (cntr_rids_0 = 0; cntr_rids_0 < length_rids_0; cntr_rids_0++) { NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.rids[cntr_rids_0])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_rids_0, 0); @@ -11266,6 +11308,8 @@ static enum ndr_err_code ndr_push_samr_Connect2(struct ndr_push *ndr, int flags, static enum ndr_err_code ndr_pull_samr_Connect2(struct ndr_pull *ndr, int flags, struct samr_Connect2 *r) { uint32_t _ptr_system_name; + uint32_t size_system_name_1 = 0; + uint32_t length_system_name_1 = 0; TALLOC_CTX *_mem_save_system_name_0; TALLOC_CTX *_mem_save_connect_handle_0; if (flags & NDR_IN) { @@ -11282,11 +11326,13 @@ static enum ndr_err_code ndr_pull_samr_Connect2(struct ndr_pull *ndr, int flags, NDR_PULL_SET_MEM_CTX(ndr, r->in.system_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.system_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.system_name)); - if (ndr_get_array_length(ndr, &r->in.system_name) > ndr_get_array_size(ndr, &r->in.system_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.system_name), ndr_get_array_length(ndr, &r->in.system_name)); + size_system_name_1 = ndr_get_array_size(ndr, &r->in.system_name); + length_system_name_1 = ndr_get_array_length(ndr, &r->in.system_name); + if (length_system_name_1 > size_system_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_system_name_1, length_system_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.system_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.system_name, ndr_get_array_length(ndr, &r->in.system_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_system_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.system_name, length_system_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_system_name_0, 0); } NDR_CHECK(ndr_pull_samr_ConnectAccessMask(ndr, NDR_SCALARS, &r->in.access_mask)); @@ -11586,6 +11632,8 @@ static enum ndr_err_code ndr_push_samr_Connect3(struct ndr_push *ndr, int flags, static enum ndr_err_code ndr_pull_samr_Connect3(struct ndr_pull *ndr, int flags, struct samr_Connect3 *r) { uint32_t _ptr_system_name; + uint32_t size_system_name_1 = 0; + uint32_t length_system_name_1 = 0; TALLOC_CTX *_mem_save_system_name_0; TALLOC_CTX *_mem_save_connect_handle_0; if (flags & NDR_IN) { @@ -11602,11 +11650,13 @@ static enum ndr_err_code ndr_pull_samr_Connect3(struct ndr_pull *ndr, int flags, NDR_PULL_SET_MEM_CTX(ndr, r->in.system_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.system_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.system_name)); - if (ndr_get_array_length(ndr, &r->in.system_name) > ndr_get_array_size(ndr, &r->in.system_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.system_name), ndr_get_array_length(ndr, &r->in.system_name)); + size_system_name_1 = ndr_get_array_size(ndr, &r->in.system_name); + length_system_name_1 = ndr_get_array_length(ndr, &r->in.system_name); + if (length_system_name_1 > size_system_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_system_name_1, length_system_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.system_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.system_name, ndr_get_array_length(ndr, &r->in.system_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_system_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.system_name, length_system_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_system_name_0, 0); } NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.unknown)); @@ -11686,6 +11736,8 @@ static enum ndr_err_code ndr_push_samr_Connect4(struct ndr_push *ndr, int flags, static enum ndr_err_code ndr_pull_samr_Connect4(struct ndr_pull *ndr, int flags, struct samr_Connect4 *r) { uint32_t _ptr_system_name; + uint32_t size_system_name_1 = 0; + uint32_t length_system_name_1 = 0; TALLOC_CTX *_mem_save_system_name_0; TALLOC_CTX *_mem_save_connect_handle_0; if (flags & NDR_IN) { @@ -11702,11 +11754,13 @@ static enum ndr_err_code ndr_pull_samr_Connect4(struct ndr_pull *ndr, int flags, NDR_PULL_SET_MEM_CTX(ndr, r->in.system_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.system_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.system_name)); - if (ndr_get_array_length(ndr, &r->in.system_name) > ndr_get_array_size(ndr, &r->in.system_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.system_name), ndr_get_array_length(ndr, &r->in.system_name)); + size_system_name_1 = ndr_get_array_size(ndr, &r->in.system_name); + length_system_name_1 = ndr_get_array_length(ndr, &r->in.system_name); + if (length_system_name_1 > size_system_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_system_name_1, length_system_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.system_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.system_name, ndr_get_array_length(ndr, &r->in.system_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_system_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.system_name, length_system_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_system_name_0, 0); } NDR_CHECK(ndr_pull_samr_ConnectVersion(ndr, NDR_SCALARS, &r->in.client_version)); @@ -12084,6 +12138,8 @@ _PUBLIC_ enum ndr_err_code ndr_push_samr_Connect5(struct ndr_push *ndr, int flag _PUBLIC_ enum ndr_err_code ndr_pull_samr_Connect5(struct ndr_pull *ndr, int flags, struct samr_Connect5 *r) { uint32_t _ptr_system_name; + uint32_t size_system_name_1 = 0; + uint32_t length_system_name_1 = 0; TALLOC_CTX *_mem_save_system_name_0; TALLOC_CTX *_mem_save_info_in_0; TALLOC_CTX *_mem_save_level_out_0; @@ -12103,11 +12159,13 @@ _PUBLIC_ enum ndr_err_code ndr_pull_samr_Connect5(struct ndr_pull *ndr, int flag NDR_PULL_SET_MEM_CTX(ndr, r->in.system_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.system_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.system_name)); - if (ndr_get_array_length(ndr, &r->in.system_name) > ndr_get_array_size(ndr, &r->in.system_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.system_name), ndr_get_array_length(ndr, &r->in.system_name)); + size_system_name_1 = ndr_get_array_size(ndr, &r->in.system_name); + length_system_name_1 = ndr_get_array_length(ndr, &r->in.system_name); + if (length_system_name_1 > size_system_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_system_name_1, length_system_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.system_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.system_name, ndr_get_array_length(ndr, &r->in.system_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_system_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.system_name, length_system_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_system_name_0, 0); } NDR_CHECK(ndr_pull_samr_ConnectAccessMask(ndr, NDR_SCALARS, &r->in.access_mask)); diff --git a/librpc/gen_ndr/ndr_schannel.c b/librpc/gen_ndr/ndr_schannel.c index 9a2396f..f2acd7b 100644 --- a/librpc/gen_ndr/ndr_schannel.c +++ b/librpc/gen_ndr/ndr_schannel.c @@ -42,6 +42,11 @@ _PUBLIC_ enum ndr_err_code ndr_push_netlogon_creds_CredentialState(struct ndr_pu _PUBLIC_ enum ndr_err_code ndr_pull_netlogon_creds_CredentialState(struct ndr_pull *ndr, int ndr_flags, struct netlogon_creds_CredentialState *r) { + uint32_t size_session_key_0 = 0; + uint32_t size_computer_name_0 = 0; + uint32_t length_computer_name_0 = 0; + uint32_t size_account_name_0 = 0; + uint32_t length_account_name_0 = 0; uint32_t _ptr_sid; TALLOC_CTX *_mem_save_sid_0; { @@ -50,7 +55,8 @@ _PUBLIC_ enum ndr_err_code ndr_pull_netlogon_creds_CredentialState(struct ndr_pu if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 5)); NDR_CHECK(ndr_pull_netr_NegotiateFlags(ndr, NDR_SCALARS, &r->negotiate_flags)); - NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->session_key, 16)); + size_session_key_0 = 16; + NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->session_key, size_session_key_0)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->sequence)); NDR_CHECK(ndr_pull_netr_Credential(ndr, NDR_SCALARS, &r->seed)); NDR_CHECK(ndr_pull_netr_Credential(ndr, NDR_SCALARS, &r->client)); @@ -58,18 +64,22 @@ _PUBLIC_ enum ndr_err_code ndr_pull_netlogon_creds_CredentialState(struct ndr_pu NDR_CHECK(ndr_pull_netr_SchannelType(ndr, NDR_SCALARS, &r->secure_channel_type)); NDR_CHECK(ndr_pull_array_size(ndr, &r->computer_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->computer_name)); - if (ndr_get_array_length(ndr, &r->computer_name) > ndr_get_array_size(ndr, &r->computer_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->computer_name), ndr_get_array_length(ndr, &r->computer_name)); + size_computer_name_0 = ndr_get_array_size(ndr, &r->computer_name); + length_computer_name_0 = ndr_get_array_length(ndr, &r->computer_name); + if (length_computer_name_0 > size_computer_name_0) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_computer_name_0, length_computer_name_0); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->computer_name), sizeof(uint8_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->computer_name, ndr_get_array_length(ndr, &r->computer_name), sizeof(uint8_t), CH_UTF8)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_computer_name_0, sizeof(uint8_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->computer_name, length_computer_name_0, sizeof(uint8_t), CH_UTF8)); NDR_CHECK(ndr_pull_array_size(ndr, &r->account_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->account_name)); - if (ndr_get_array_length(ndr, &r->account_name) > ndr_get_array_size(ndr, &r->account_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->account_name), ndr_get_array_length(ndr, &r->account_name)); + size_account_name_0 = ndr_get_array_size(ndr, &r->account_name); + length_account_name_0 = ndr_get_array_length(ndr, &r->account_name); + if (length_account_name_0 > size_account_name_0) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_account_name_0, length_account_name_0); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->account_name), sizeof(uint8_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->account_name, ndr_get_array_length(ndr, &r->account_name), sizeof(uint8_t), CH_UTF8)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_account_name_0, sizeof(uint8_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->account_name, length_account_name_0, sizeof(uint8_t), CH_UTF8)); NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_sid)); if (_ptr_sid) { NDR_PULL_ALLOC(ndr, r->sid); @@ -535,6 +545,9 @@ _PUBLIC_ enum ndr_err_code ndr_push_NL_AUTH_SIGNATURE(struct ndr_push *ndr, int _PUBLIC_ enum ndr_err_code ndr_pull_NL_AUTH_SIGNATURE(struct ndr_pull *ndr, int ndr_flags, struct NL_AUTH_SIGNATURE *r) { + uint32_t size_SequenceNumber_0 = 0; + uint32_t size_Checksum_0 = 0; + uint32_t size_Confounder_0 = 0; { uint32_t _flags_save_STRUCT = ndr->flags; ndr_set_flags(&ndr->flags, LIBNDR_PRINT_ARRAY_HEX); @@ -544,9 +557,12 @@ _PUBLIC_ enum ndr_err_code ndr_pull_NL_AUTH_SIGNATURE(struct ndr_pull *ndr, int NDR_CHECK(ndr_pull_NL_SEAL_ALGORITHM(ndr, NDR_SCALARS, &r->SealAlgorithm)); NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, &r->Pad)); NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, &r->Flags)); - NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->SequenceNumber, 8)); - NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->Checksum, 8)); - NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->Confounder, 8)); + size_SequenceNumber_0 = 8; + NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->SequenceNumber, size_SequenceNumber_0)); + size_Checksum_0 = 8; + NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->Checksum, size_Checksum_0)); + size_Confounder_0 = 8; + NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->Confounder, size_Confounder_0)); NDR_CHECK(ndr_pull_trailer_align(ndr, 3)); } if (ndr_flags & NDR_BUFFERS) { @@ -600,6 +616,9 @@ _PUBLIC_ enum ndr_err_code ndr_push_NL_AUTH_SHA2_SIGNATURE(struct ndr_push *ndr, _PUBLIC_ enum ndr_err_code ndr_pull_NL_AUTH_SHA2_SIGNATURE(struct ndr_pull *ndr, int ndr_flags, struct NL_AUTH_SHA2_SIGNATURE *r) { + uint32_t size_SequenceNumber_0 = 0; + uint32_t size_Checksum_0 = 0; + uint32_t size_Confounder_0 = 0; { uint32_t _flags_save_STRUCT = ndr->flags; ndr_set_flags(&ndr->flags, LIBNDR_PRINT_ARRAY_HEX); @@ -609,9 +628,12 @@ _PUBLIC_ enum ndr_err_code ndr_pull_NL_AUTH_SHA2_SIGNATURE(struct ndr_pull *ndr, NDR_CHECK(ndr_pull_NL_SEAL_ALGORITHM(ndr, NDR_SCALARS, &r->SealAlgorithm)); NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, &r->Pad)); NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, &r->Flags)); - NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->SequenceNumber, 8)); - NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->Checksum, 32)); - NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->Confounder, 8)); + size_SequenceNumber_0 = 8; + NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->SequenceNumber, size_SequenceNumber_0)); + size_Checksum_0 = 32; + NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->Checksum, size_Checksum_0)); + size_Confounder_0 = 8; + NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->Confounder, size_Confounder_0)); NDR_CHECK(ndr_pull_trailer_align(ndr, 3)); } if (ndr_flags & NDR_BUFFERS) { diff --git a/librpc/gen_ndr/ndr_security.c b/librpc/gen_ndr/ndr_security.c index b59eb19..4c80b00 100644 --- a/librpc/gen_ndr/ndr_security.c +++ b/librpc/gen_ndr/ndr_security.c @@ -501,6 +501,7 @@ _PUBLIC_ enum ndr_err_code ndr_push_security_acl(struct ndr_push *ndr, int ndr_f _PUBLIC_ enum ndr_err_code ndr_pull_security_acl(struct ndr_pull *ndr, int ndr_flags, struct security_acl *r) { + uint32_t size_aces_0 = 0; uint32_t cntr_aces_0; TALLOC_CTX *_mem_save_aces_0; if (ndr_flags & NDR_SCALARS) { @@ -511,19 +512,21 @@ _PUBLIC_ enum ndr_err_code ndr_pull_security_acl(struct ndr_pull *ndr, int ndr_f if (r->num_aces > 1000) { return ndr_pull_error(ndr, NDR_ERR_RANGE, "value out of range"); } - NDR_PULL_ALLOC_N(ndr, r->aces, r->num_aces); + size_aces_0 = r->num_aces; + NDR_PULL_ALLOC_N(ndr, r->aces, size_aces_0); _mem_save_aces_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->aces, 0); - for (cntr_aces_0 = 0; cntr_aces_0 < r->num_aces; cntr_aces_0++) { + for (cntr_aces_0 = 0; cntr_aces_0 < size_aces_0; cntr_aces_0++) { NDR_CHECK(ndr_pull_security_ace(ndr, NDR_SCALARS, &r->aces[cntr_aces_0])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_aces_0, 0); NDR_CHECK(ndr_pull_trailer_align(ndr, 4)); } if (ndr_flags & NDR_BUFFERS) { + size_aces_0 = r->num_aces; _mem_save_aces_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->aces, 0); - for (cntr_aces_0 = 0; cntr_aces_0 < r->num_aces; cntr_aces_0++) { + for (cntr_aces_0 = 0; cntr_aces_0 < size_aces_0; cntr_aces_0++) { NDR_CHECK(ndr_pull_security_ace(ndr, NDR_BUFFERS, &r->aces[cntr_aces_0])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_aces_0, 0); @@ -898,6 +901,7 @@ _PUBLIC_ enum ndr_err_code ndr_pull_security_token(struct ndr_pull *ndr, int ndr uint32_t _ptr_group_sid; TALLOC_CTX *_mem_save_group_sid_0; uint32_t _ptr_sids; + uint32_t size_sids_0 = 0; uint32_t cntr_sids_0; TALLOC_CTX *_mem_save_sids_0; TALLOC_CTX *_mem_save_sids_1; @@ -919,10 +923,11 @@ _PUBLIC_ enum ndr_err_code ndr_pull_security_token(struct ndr_pull *ndr, int ndr } NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->num_sids)); NDR_CHECK(ndr_pull_array_size(ndr, &r->sids)); - NDR_PULL_ALLOC_N(ndr, r->sids, ndr_get_array_size(ndr, &r->sids)); + size_sids_0 = ndr_get_array_size(ndr, &r->sids); + NDR_PULL_ALLOC_N(ndr, r->sids, size_sids_0); _mem_save_sids_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->sids, 0); - for (cntr_sids_0 = 0; cntr_sids_0 < r->num_sids; cntr_sids_0++) { + for (cntr_sids_0 = 0; cntr_sids_0 < size_sids_0; cntr_sids_0++) { NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_sids)); if (_ptr_sids) { NDR_PULL_ALLOC(ndr, r->sids[cntr_sids_0]); @@ -956,9 +961,10 @@ _PUBLIC_ enum ndr_err_code ndr_pull_security_token(struct ndr_pull *ndr, int ndr NDR_CHECK(ndr_pull_dom_sid(ndr, NDR_SCALARS, r->group_sid)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_group_sid_0, 0); } + size_sids_0 = ndr_get_array_size(ndr, &r->sids); _mem_save_sids_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->sids, 0); - for (cntr_sids_0 = 0; cntr_sids_0 < r->num_sids; cntr_sids_0++) { + for (cntr_sids_0 = 0; cntr_sids_0 < size_sids_0; cntr_sids_0++) { if (r->sids[cntr_sids_0]) { _mem_save_sids_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->sids[cntr_sids_0], 0); diff --git a/librpc/gen_ndr/ndr_spoolss.c b/librpc/gen_ndr/ndr_spoolss.c index c94edef..b11a6a1 100644 --- a/librpc/gen_ndr/ndr_spoolss.c +++ b/librpc/gen_ndr/ndr_spoolss.c @@ -1086,9 +1086,12 @@ _PUBLIC_ enum ndr_err_code ndr_push_spoolss_DeviceMode(struct ndr_push *ndr, int _PUBLIC_ enum ndr_err_code ndr_pull_spoolss_DeviceMode(struct ndr_pull *ndr, int ndr_flags, struct spoolss_DeviceMode *r) { + uint32_t size_devicename_0 = 0; + uint32_t size_formname_0 = 0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->devicename, MAXDEVICENAME, sizeof(uint16_t), CH_UTF16)); + size_devicename_0 = MAXDEVICENAME; + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->devicename, size_devicename_0, sizeof(uint16_t), CH_UTF16)); NDR_CHECK(ndr_pull_spoolss_DeviceModeSpecVersion(ndr, NDR_SCALARS, &r->specversion)); NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, &r->driverversion)); NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, &r->size)); @@ -1107,7 +1110,8 @@ _PUBLIC_ enum ndr_err_code ndr_pull_spoolss_DeviceMode(struct ndr_pull *ndr, int NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, &r->yresolution)); NDR_CHECK(ndr_pull_spoolss_DeviceModeTTOption(ndr, NDR_SCALARS, &r->ttoption)); NDR_CHECK(ndr_pull_spoolss_DeviceModeCollate(ndr, NDR_SCALARS, &r->collate)); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->formname, MAXDEVICENAME, sizeof(uint16_t), CH_UTF16)); + size_formname_0 = MAXDEVICENAME; + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->formname, size_formname_0, sizeof(uint16_t), CH_UTF16)); NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, &r->logpixels)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->bitsperpel)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->pelswidth)); @@ -5022,16 +5026,28 @@ static enum ndr_err_code ndr_push_spoolss_SetJobInfo1(struct ndr_push *ndr, int static enum ndr_err_code ndr_pull_spoolss_SetJobInfo1(struct ndr_pull *ndr, int ndr_flags, struct spoolss_SetJobInfo1 *r) { uint32_t _ptr_printer_name; + uint32_t size_printer_name_1 = 0; + uint32_t length_printer_name_1 = 0; TALLOC_CTX *_mem_save_printer_name_0; uint32_t _ptr_server_name; + uint32_t size_server_name_1 = 0; + uint32_t length_server_name_1 = 0; TALLOC_CTX *_mem_save_server_name_0; uint32_t _ptr_user_name; + uint32_t size_user_name_1 = 0; + uint32_t length_user_name_1 = 0; TALLOC_CTX *_mem_save_user_name_0; uint32_t _ptr_document_name; + uint32_t size_document_name_1 = 0; + uint32_t length_document_name_1 = 0; TALLOC_CTX *_mem_save_document_name_0; uint32_t _ptr_data_type; + uint32_t size_data_type_1 = 0; + uint32_t length_data_type_1 = 0; TALLOC_CTX *_mem_save_data_type_0; uint32_t _ptr_text_status; + uint32_t size_text_status_1 = 0; + uint32_t length_text_status_1 = 0; TALLOC_CTX *_mem_save_text_status_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 5)); @@ -5089,11 +5105,13 @@ static enum ndr_err_code ndr_pull_spoolss_SetJobInfo1(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->printer_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->printer_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->printer_name)); - if (ndr_get_array_length(ndr, &r->printer_name) > ndr_get_array_size(ndr, &r->printer_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->printer_name), ndr_get_array_length(ndr, &r->printer_name)); + size_printer_name_1 = ndr_get_array_size(ndr, &r->printer_name); + length_printer_name_1 = ndr_get_array_length(ndr, &r->printer_name); + if (length_printer_name_1 > size_printer_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_printer_name_1, length_printer_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->printer_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->printer_name, ndr_get_array_length(ndr, &r->printer_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_printer_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->printer_name, length_printer_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_printer_name_0, 0); } if (r->server_name) { @@ -5101,11 +5119,13 @@ static enum ndr_err_code ndr_pull_spoolss_SetJobInfo1(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->server_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->server_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->server_name)); - if (ndr_get_array_length(ndr, &r->server_name) > ndr_get_array_size(ndr, &r->server_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->server_name), ndr_get_array_length(ndr, &r->server_name)); + size_server_name_1 = ndr_get_array_size(ndr, &r->server_name); + length_server_name_1 = ndr_get_array_length(ndr, &r->server_name); + if (length_server_name_1 > size_server_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_name_1, length_server_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->server_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->server_name, ndr_get_array_length(ndr, &r->server_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->server_name, length_server_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_name_0, 0); } if (r->user_name) { @@ -5113,11 +5133,13 @@ static enum ndr_err_code ndr_pull_spoolss_SetJobInfo1(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->user_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->user_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->user_name)); - if (ndr_get_array_length(ndr, &r->user_name) > ndr_get_array_size(ndr, &r->user_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->user_name), ndr_get_array_length(ndr, &r->user_name)); + size_user_name_1 = ndr_get_array_size(ndr, &r->user_name); + length_user_name_1 = ndr_get_array_length(ndr, &r->user_name); + if (length_user_name_1 > size_user_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_user_name_1, length_user_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->user_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->user_name, ndr_get_array_length(ndr, &r->user_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_user_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->user_name, length_user_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_user_name_0, 0); } if (r->document_name) { @@ -5125,11 +5147,13 @@ static enum ndr_err_code ndr_pull_spoolss_SetJobInfo1(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->document_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->document_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->document_name)); - if (ndr_get_array_length(ndr, &r->document_name) > ndr_get_array_size(ndr, &r->document_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->document_name), ndr_get_array_length(ndr, &r->document_name)); + size_document_name_1 = ndr_get_array_size(ndr, &r->document_name); + length_document_name_1 = ndr_get_array_length(ndr, &r->document_name); + if (length_document_name_1 > size_document_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_document_name_1, length_document_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->document_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->document_name, ndr_get_array_length(ndr, &r->document_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_document_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->document_name, length_document_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_document_name_0, 0); } if (r->data_type) { @@ -5137,11 +5161,13 @@ static enum ndr_err_code ndr_pull_spoolss_SetJobInfo1(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->data_type, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->data_type)); NDR_CHECK(ndr_pull_array_length(ndr, &r->data_type)); - if (ndr_get_array_length(ndr, &r->data_type) > ndr_get_array_size(ndr, &r->data_type)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->data_type), ndr_get_array_length(ndr, &r->data_type)); + size_data_type_1 = ndr_get_array_size(ndr, &r->data_type); + length_data_type_1 = ndr_get_array_length(ndr, &r->data_type); + if (length_data_type_1 > size_data_type_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_data_type_1, length_data_type_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->data_type), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->data_type, ndr_get_array_length(ndr, &r->data_type), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_data_type_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->data_type, length_data_type_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_data_type_0, 0); } if (r->text_status) { @@ -5149,11 +5175,13 @@ static enum ndr_err_code ndr_pull_spoolss_SetJobInfo1(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->text_status, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->text_status)); NDR_CHECK(ndr_pull_array_length(ndr, &r->text_status)); - if (ndr_get_array_length(ndr, &r->text_status) > ndr_get_array_size(ndr, &r->text_status)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->text_status), ndr_get_array_length(ndr, &r->text_status)); + size_text_status_1 = ndr_get_array_size(ndr, &r->text_status); + length_text_status_1 = ndr_get_array_length(ndr, &r->text_status); + if (length_text_status_1 > size_text_status_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_text_status_1, length_text_status_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->text_status), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->text_status, ndr_get_array_length(ndr, &r->text_status), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_text_status_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->text_status, length_text_status_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_text_status_0, 0); } } @@ -5307,24 +5335,44 @@ static enum ndr_err_code ndr_push_spoolss_SetJobInfo2(struct ndr_push *ndr, int static enum ndr_err_code ndr_pull_spoolss_SetJobInfo2(struct ndr_pull *ndr, int ndr_flags, struct spoolss_SetJobInfo2 *r) { uint32_t _ptr_printer_name; + uint32_t size_printer_name_1 = 0; + uint32_t length_printer_name_1 = 0; TALLOC_CTX *_mem_save_printer_name_0; uint32_t _ptr_server_name; + uint32_t size_server_name_1 = 0; + uint32_t length_server_name_1 = 0; TALLOC_CTX *_mem_save_server_name_0; uint32_t _ptr_user_name; + uint32_t size_user_name_1 = 0; + uint32_t length_user_name_1 = 0; TALLOC_CTX *_mem_save_user_name_0; uint32_t _ptr_document_name; + uint32_t size_document_name_1 = 0; + uint32_t length_document_name_1 = 0; TALLOC_CTX *_mem_save_document_name_0; uint32_t _ptr_notify_name; + uint32_t size_notify_name_1 = 0; + uint32_t length_notify_name_1 = 0; TALLOC_CTX *_mem_save_notify_name_0; uint32_t _ptr_data_type; + uint32_t size_data_type_1 = 0; + uint32_t length_data_type_1 = 0; TALLOC_CTX *_mem_save_data_type_0; uint32_t _ptr_print_processor; + uint32_t size_print_processor_1 = 0; + uint32_t length_print_processor_1 = 0; TALLOC_CTX *_mem_save_print_processor_0; uint32_t _ptr_parameters; + uint32_t size_parameters_1 = 0; + uint32_t length_parameters_1 = 0; TALLOC_CTX *_mem_save_parameters_0; uint32_t _ptr_driver_name; + uint32_t size_driver_name_1 = 0; + uint32_t length_driver_name_1 = 0; TALLOC_CTX *_mem_save_driver_name_0; uint32_t _ptr_text_status; + uint32_t size_text_status_1 = 0; + uint32_t length_text_status_1 = 0; TALLOC_CTX *_mem_save_text_status_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 5)); @@ -5412,11 +5460,13 @@ static enum ndr_err_code ndr_pull_spoolss_SetJobInfo2(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->printer_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->printer_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->printer_name)); - if (ndr_get_array_length(ndr, &r->printer_name) > ndr_get_array_size(ndr, &r->printer_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->printer_name), ndr_get_array_length(ndr, &r->printer_name)); + size_printer_name_1 = ndr_get_array_size(ndr, &r->printer_name); + length_printer_name_1 = ndr_get_array_length(ndr, &r->printer_name); + if (length_printer_name_1 > size_printer_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_printer_name_1, length_printer_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->printer_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->printer_name, ndr_get_array_length(ndr, &r->printer_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_printer_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->printer_name, length_printer_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_printer_name_0, 0); } if (r->server_name) { @@ -5424,11 +5474,13 @@ static enum ndr_err_code ndr_pull_spoolss_SetJobInfo2(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->server_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->server_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->server_name)); - if (ndr_get_array_length(ndr, &r->server_name) > ndr_get_array_size(ndr, &r->server_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->server_name), ndr_get_array_length(ndr, &r->server_name)); + size_server_name_1 = ndr_get_array_size(ndr, &r->server_name); + length_server_name_1 = ndr_get_array_length(ndr, &r->server_name); + if (length_server_name_1 > size_server_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_name_1, length_server_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->server_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->server_name, ndr_get_array_length(ndr, &r->server_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->server_name, length_server_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_name_0, 0); } if (r->user_name) { @@ -5436,11 +5488,13 @@ static enum ndr_err_code ndr_pull_spoolss_SetJobInfo2(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->user_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->user_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->user_name)); - if (ndr_get_array_length(ndr, &r->user_name) > ndr_get_array_size(ndr, &r->user_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->user_name), ndr_get_array_length(ndr, &r->user_name)); + size_user_name_1 = ndr_get_array_size(ndr, &r->user_name); + length_user_name_1 = ndr_get_array_length(ndr, &r->user_name); + if (length_user_name_1 > size_user_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_user_name_1, length_user_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->user_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->user_name, ndr_get_array_length(ndr, &r->user_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_user_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->user_name, length_user_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_user_name_0, 0); } if (r->document_name) { @@ -5448,11 +5502,13 @@ static enum ndr_err_code ndr_pull_spoolss_SetJobInfo2(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->document_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->document_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->document_name)); - if (ndr_get_array_length(ndr, &r->document_name) > ndr_get_array_size(ndr, &r->document_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->document_name), ndr_get_array_length(ndr, &r->document_name)); + size_document_name_1 = ndr_get_array_size(ndr, &r->document_name); + length_document_name_1 = ndr_get_array_length(ndr, &r->document_name); + if (length_document_name_1 > size_document_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_document_name_1, length_document_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->document_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->document_name, ndr_get_array_length(ndr, &r->document_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_document_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->document_name, length_document_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_document_name_0, 0); } if (r->notify_name) { @@ -5460,11 +5516,13 @@ static enum ndr_err_code ndr_pull_spoolss_SetJobInfo2(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->notify_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->notify_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->notify_name)); - if (ndr_get_array_length(ndr, &r->notify_name) > ndr_get_array_size(ndr, &r->notify_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->notify_name), ndr_get_array_length(ndr, &r->notify_name)); + size_notify_name_1 = ndr_get_array_size(ndr, &r->notify_name); + length_notify_name_1 = ndr_get_array_length(ndr, &r->notify_name); + if (length_notify_name_1 > size_notify_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_notify_name_1, length_notify_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->notify_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->notify_name, ndr_get_array_length(ndr, &r->notify_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_notify_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->notify_name, length_notify_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_notify_name_0, 0); } if (r->data_type) { @@ -5472,11 +5530,13 @@ static enum ndr_err_code ndr_pull_spoolss_SetJobInfo2(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->data_type, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->data_type)); NDR_CHECK(ndr_pull_array_length(ndr, &r->data_type)); - if (ndr_get_array_length(ndr, &r->data_type) > ndr_get_array_size(ndr, &r->data_type)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->data_type), ndr_get_array_length(ndr, &r->data_type)); + size_data_type_1 = ndr_get_array_size(ndr, &r->data_type); + length_data_type_1 = ndr_get_array_length(ndr, &r->data_type); + if (length_data_type_1 > size_data_type_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_data_type_1, length_data_type_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->data_type), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->data_type, ndr_get_array_length(ndr, &r->data_type), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_data_type_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->data_type, length_data_type_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_data_type_0, 0); } if (r->print_processor) { @@ -5484,11 +5544,13 @@ static enum ndr_err_code ndr_pull_spoolss_SetJobInfo2(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->print_processor, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->print_processor)); NDR_CHECK(ndr_pull_array_length(ndr, &r->print_processor)); - if (ndr_get_array_length(ndr, &r->print_processor) > ndr_get_array_size(ndr, &r->print_processor)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->print_processor), ndr_get_array_length(ndr, &r->print_processor)); + size_print_processor_1 = ndr_get_array_size(ndr, &r->print_processor); + length_print_processor_1 = ndr_get_array_length(ndr, &r->print_processor); + if (length_print_processor_1 > size_print_processor_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_print_processor_1, length_print_processor_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->print_processor), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->print_processor, ndr_get_array_length(ndr, &r->print_processor), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_print_processor_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->print_processor, length_print_processor_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_print_processor_0, 0); } if (r->parameters) { @@ -5496,11 +5558,13 @@ static enum ndr_err_code ndr_pull_spoolss_SetJobInfo2(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->parameters, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->parameters)); NDR_CHECK(ndr_pull_array_length(ndr, &r->parameters)); - if (ndr_get_array_length(ndr, &r->parameters) > ndr_get_array_size(ndr, &r->parameters)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->parameters), ndr_get_array_length(ndr, &r->parameters)); + size_parameters_1 = ndr_get_array_size(ndr, &r->parameters); + length_parameters_1 = ndr_get_array_length(ndr, &r->parameters); + if (length_parameters_1 > size_parameters_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_parameters_1, length_parameters_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->parameters), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->parameters, ndr_get_array_length(ndr, &r->parameters), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_parameters_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->parameters, length_parameters_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_parameters_0, 0); } if (r->driver_name) { @@ -5508,11 +5572,13 @@ static enum ndr_err_code ndr_pull_spoolss_SetJobInfo2(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->driver_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->driver_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->driver_name)); - if (ndr_get_array_length(ndr, &r->driver_name) > ndr_get_array_size(ndr, &r->driver_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->driver_name), ndr_get_array_length(ndr, &r->driver_name)); + size_driver_name_1 = ndr_get_array_size(ndr, &r->driver_name); + length_driver_name_1 = ndr_get_array_length(ndr, &r->driver_name); + if (length_driver_name_1 > size_driver_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_driver_name_1, length_driver_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->driver_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->driver_name, ndr_get_array_length(ndr, &r->driver_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_driver_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->driver_name, length_driver_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_driver_name_0, 0); } if (r->text_status) { @@ -5520,11 +5586,13 @@ static enum ndr_err_code ndr_pull_spoolss_SetJobInfo2(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->text_status, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->text_status)); NDR_CHECK(ndr_pull_array_length(ndr, &r->text_status)); - if (ndr_get_array_length(ndr, &r->text_status) > ndr_get_array_size(ndr, &r->text_status)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->text_status), ndr_get_array_length(ndr, &r->text_status)); + size_text_status_1 = ndr_get_array_size(ndr, &r->text_status); + length_text_status_1 = ndr_get_array_length(ndr, &r->text_status); + if (length_text_status_1 > size_text_status_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_text_status_1, length_text_status_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->text_status), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->text_status, ndr_get_array_length(ndr, &r->text_status), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_text_status_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->text_status, length_text_status_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_text_status_0, 0); } } @@ -5709,24 +5777,44 @@ static enum ndr_err_code ndr_push_spoolss_SetJobInfo4(struct ndr_push *ndr, int static enum ndr_err_code ndr_pull_spoolss_SetJobInfo4(struct ndr_pull *ndr, int ndr_flags, struct spoolss_SetJobInfo4 *r) { uint32_t _ptr_printer_name; + uint32_t size_printer_name_1 = 0; + uint32_t length_printer_name_1 = 0; TALLOC_CTX *_mem_save_printer_name_0; uint32_t _ptr_server_name; + uint32_t size_server_name_1 = 0; + uint32_t length_server_name_1 = 0; TALLOC_CTX *_mem_save_server_name_0; uint32_t _ptr_user_name; + uint32_t size_user_name_1 = 0; + uint32_t length_user_name_1 = 0; TALLOC_CTX *_mem_save_user_name_0; uint32_t _ptr_document_name; + uint32_t size_document_name_1 = 0; + uint32_t length_document_name_1 = 0; TALLOC_CTX *_mem_save_document_name_0; uint32_t _ptr_notify_name; + uint32_t size_notify_name_1 = 0; + uint32_t length_notify_name_1 = 0; TALLOC_CTX *_mem_save_notify_name_0; uint32_t _ptr_data_type; + uint32_t size_data_type_1 = 0; + uint32_t length_data_type_1 = 0; TALLOC_CTX *_mem_save_data_type_0; uint32_t _ptr_print_processor; + uint32_t size_print_processor_1 = 0; + uint32_t length_print_processor_1 = 0; TALLOC_CTX *_mem_save_print_processor_0; uint32_t _ptr_parameters; + uint32_t size_parameters_1 = 0; + uint32_t length_parameters_1 = 0; TALLOC_CTX *_mem_save_parameters_0; uint32_t _ptr_driver_name; + uint32_t size_driver_name_1 = 0; + uint32_t length_driver_name_1 = 0; TALLOC_CTX *_mem_save_driver_name_0; uint32_t _ptr_text_status; + uint32_t size_text_status_1 = 0; + uint32_t length_text_status_1 = 0; TALLOC_CTX *_mem_save_text_status_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 5)); @@ -5815,11 +5903,13 @@ static enum ndr_err_code ndr_pull_spoolss_SetJobInfo4(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->printer_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->printer_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->printer_name)); - if (ndr_get_array_length(ndr, &r->printer_name) > ndr_get_array_size(ndr, &r->printer_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->printer_name), ndr_get_array_length(ndr, &r->printer_name)); + size_printer_name_1 = ndr_get_array_size(ndr, &r->printer_name); + length_printer_name_1 = ndr_get_array_length(ndr, &r->printer_name); + if (length_printer_name_1 > size_printer_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_printer_name_1, length_printer_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->printer_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->printer_name, ndr_get_array_length(ndr, &r->printer_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_printer_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->printer_name, length_printer_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_printer_name_0, 0); } if (r->server_name) { @@ -5827,11 +5917,13 @@ static enum ndr_err_code ndr_pull_spoolss_SetJobInfo4(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->server_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->server_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->server_name)); - if (ndr_get_array_length(ndr, &r->server_name) > ndr_get_array_size(ndr, &r->server_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->server_name), ndr_get_array_length(ndr, &r->server_name)); + size_server_name_1 = ndr_get_array_size(ndr, &r->server_name); + length_server_name_1 = ndr_get_array_length(ndr, &r->server_name); + if (length_server_name_1 > size_server_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_name_1, length_server_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->server_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->server_name, ndr_get_array_length(ndr, &r->server_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->server_name, length_server_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_name_0, 0); } if (r->user_name) { @@ -5839,11 +5931,13 @@ static enum ndr_err_code ndr_pull_spoolss_SetJobInfo4(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->user_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->user_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->user_name)); - if (ndr_get_array_length(ndr, &r->user_name) > ndr_get_array_size(ndr, &r->user_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->user_name), ndr_get_array_length(ndr, &r->user_name)); + size_user_name_1 = ndr_get_array_size(ndr, &r->user_name); + length_user_name_1 = ndr_get_array_length(ndr, &r->user_name); + if (length_user_name_1 > size_user_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_user_name_1, length_user_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->user_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->user_name, ndr_get_array_length(ndr, &r->user_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_user_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->user_name, length_user_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_user_name_0, 0); } if (r->document_name) { @@ -5851,11 +5945,13 @@ static enum ndr_err_code ndr_pull_spoolss_SetJobInfo4(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->document_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->document_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->document_name)); - if (ndr_get_array_length(ndr, &r->document_name) > ndr_get_array_size(ndr, &r->document_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->document_name), ndr_get_array_length(ndr, &r->document_name)); + size_document_name_1 = ndr_get_array_size(ndr, &r->document_name); + length_document_name_1 = ndr_get_array_length(ndr, &r->document_name); + if (length_document_name_1 > size_document_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_document_name_1, length_document_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->document_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->document_name, ndr_get_array_length(ndr, &r->document_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_document_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->document_name, length_document_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_document_name_0, 0); } if (r->notify_name) { @@ -5863,11 +5959,13 @@ static enum ndr_err_code ndr_pull_spoolss_SetJobInfo4(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->notify_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->notify_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->notify_name)); - if (ndr_get_array_length(ndr, &r->notify_name) > ndr_get_array_size(ndr, &r->notify_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->notify_name), ndr_get_array_length(ndr, &r->notify_name)); + size_notify_name_1 = ndr_get_array_size(ndr, &r->notify_name); + length_notify_name_1 = ndr_get_array_length(ndr, &r->notify_name); + if (length_notify_name_1 > size_notify_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_notify_name_1, length_notify_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->notify_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->notify_name, ndr_get_array_length(ndr, &r->notify_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_notify_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->notify_name, length_notify_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_notify_name_0, 0); } if (r->data_type) { @@ -5875,11 +5973,13 @@ static enum ndr_err_code ndr_pull_spoolss_SetJobInfo4(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->data_type, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->data_type)); NDR_CHECK(ndr_pull_array_length(ndr, &r->data_type)); - if (ndr_get_array_length(ndr, &r->data_type) > ndr_get_array_size(ndr, &r->data_type)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->data_type), ndr_get_array_length(ndr, &r->data_type)); + size_data_type_1 = ndr_get_array_size(ndr, &r->data_type); + length_data_type_1 = ndr_get_array_length(ndr, &r->data_type); + if (length_data_type_1 > size_data_type_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_data_type_1, length_data_type_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->data_type), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->data_type, ndr_get_array_length(ndr, &r->data_type), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_data_type_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->data_type, length_data_type_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_data_type_0, 0); } if (r->print_processor) { @@ -5887,11 +5987,13 @@ static enum ndr_err_code ndr_pull_spoolss_SetJobInfo4(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->print_processor, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->print_processor)); NDR_CHECK(ndr_pull_array_length(ndr, &r->print_processor)); - if (ndr_get_array_length(ndr, &r->print_processor) > ndr_get_array_size(ndr, &r->print_processor)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->print_processor), ndr_get_array_length(ndr, &r->print_processor)); + size_print_processor_1 = ndr_get_array_size(ndr, &r->print_processor); + length_print_processor_1 = ndr_get_array_length(ndr, &r->print_processor); + if (length_print_processor_1 > size_print_processor_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_print_processor_1, length_print_processor_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->print_processor), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->print_processor, ndr_get_array_length(ndr, &r->print_processor), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_print_processor_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->print_processor, length_print_processor_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_print_processor_0, 0); } if (r->parameters) { @@ -5899,11 +6001,13 @@ static enum ndr_err_code ndr_pull_spoolss_SetJobInfo4(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->parameters, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->parameters)); NDR_CHECK(ndr_pull_array_length(ndr, &r->parameters)); - if (ndr_get_array_length(ndr, &r->parameters) > ndr_get_array_size(ndr, &r->parameters)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->parameters), ndr_get_array_length(ndr, &r->parameters)); + size_parameters_1 = ndr_get_array_size(ndr, &r->parameters); + length_parameters_1 = ndr_get_array_length(ndr, &r->parameters); + if (length_parameters_1 > size_parameters_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_parameters_1, length_parameters_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->parameters), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->parameters, ndr_get_array_length(ndr, &r->parameters), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_parameters_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->parameters, length_parameters_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_parameters_0, 0); } if (r->driver_name) { @@ -5911,11 +6015,13 @@ static enum ndr_err_code ndr_pull_spoolss_SetJobInfo4(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->driver_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->driver_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->driver_name)); - if (ndr_get_array_length(ndr, &r->driver_name) > ndr_get_array_size(ndr, &r->driver_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->driver_name), ndr_get_array_length(ndr, &r->driver_name)); + size_driver_name_1 = ndr_get_array_size(ndr, &r->driver_name); + length_driver_name_1 = ndr_get_array_length(ndr, &r->driver_name); + if (length_driver_name_1 > size_driver_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_driver_name_1, length_driver_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->driver_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->driver_name, ndr_get_array_length(ndr, &r->driver_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_driver_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->driver_name, length_driver_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_driver_name_0, 0); } if (r->text_status) { @@ -5923,11 +6029,13 @@ static enum ndr_err_code ndr_pull_spoolss_SetJobInfo4(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->text_status, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->text_status)); NDR_CHECK(ndr_pull_array_length(ndr, &r->text_status)); - if (ndr_get_array_length(ndr, &r->text_status) > ndr_get_array_size(ndr, &r->text_status)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->text_status), ndr_get_array_length(ndr, &r->text_status)); + size_text_status_1 = ndr_get_array_size(ndr, &r->text_status); + length_text_status_1 = ndr_get_array_length(ndr, &r->text_status); + if (length_text_status_1 > size_text_status_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_text_status_1, length_text_status_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->text_status), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->text_status, ndr_get_array_length(ndr, &r->text_status), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_text_status_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->text_status, length_text_status_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_text_status_0, 0); } } @@ -6083,9 +6191,13 @@ _PUBLIC_ enum ndr_err_code ndr_pull_spoolss_SetJobInfo(struct ndr_pull *ndr, int int level; uint32_t _level; TALLOC_CTX *_mem_save_info1_0; + uint32_t _ptr_info1; TALLOC_CTX *_mem_save_info2_0; + uint32_t _ptr_info2; TALLOC_CTX *_mem_save_info3_0; + uint32_t _ptr_info3; TALLOC_CTX *_mem_save_info4_0; + uint32_t _ptr_info4; level = ndr_pull_get_switch_value(ndr, r); if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &_level)); @@ -6095,7 +6207,6 @@ _PUBLIC_ enum ndr_err_code ndr_pull_spoolss_SetJobInfo(struct ndr_pull *ndr, int NDR_CHECK(ndr_pull_union_align(ndr, 5)); switch (level) { case 1: { - uint32_t _ptr_info1; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info1)); if (_ptr_info1) { NDR_PULL_ALLOC(ndr, r->info1); @@ -6105,7 +6216,6 @@ _PUBLIC_ enum ndr_err_code ndr_pull_spoolss_SetJobInfo(struct ndr_pull *ndr, int break; } case 2: { - uint32_t _ptr_info2; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info2)); if (_ptr_info2) { NDR_PULL_ALLOC(ndr, r->info2); @@ -6115,7 +6225,6 @@ _PUBLIC_ enum ndr_err_code ndr_pull_spoolss_SetJobInfo(struct ndr_pull *ndr, int break; } case 3: { - uint32_t _ptr_info3; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info3)); if (_ptr_info3) { NDR_PULL_ALLOC(ndr, r->info3); @@ -6125,7 +6234,6 @@ _PUBLIC_ enum ndr_err_code ndr_pull_spoolss_SetJobInfo(struct ndr_pull *ndr, int break; } case 4: { - uint32_t _ptr_info4; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info4)); if (_ptr_info4) { NDR_PULL_ALLOC(ndr, r->info4); @@ -6388,8 +6496,12 @@ static enum ndr_err_code ndr_push_spoolss_SetPrinterInfo0(struct ndr_push *ndr, static enum ndr_err_code ndr_pull_spoolss_SetPrinterInfo0(struct ndr_pull *ndr, int ndr_flags, struct spoolss_SetPrinterInfo0 *r) { uint32_t _ptr_servername; + uint32_t size_servername_1 = 0; + uint32_t length_servername_1 = 0; TALLOC_CTX *_mem_save_servername_0; uint32_t _ptr_printername; + uint32_t size_printername_1 = 0; + uint32_t length_printername_1 = 0; TALLOC_CTX *_mem_save_printername_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 5)); @@ -6440,11 +6552,13 @@ static enum ndr_err_code ndr_pull_spoolss_SetPrinterInfo0(struct ndr_pull *ndr, NDR_PULL_SET_MEM_CTX(ndr, r->servername, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->servername)); NDR_CHECK(ndr_pull_array_length(ndr, &r->servername)); - if (ndr_get_array_length(ndr, &r->servername) > ndr_get_array_size(ndr, &r->servername)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->servername), ndr_get_array_length(ndr, &r->servername)); + size_servername_1 = ndr_get_array_size(ndr, &r->servername); + length_servername_1 = ndr_get_array_length(ndr, &r->servername); + if (length_servername_1 > size_servername_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_servername_1, length_servername_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->servername), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->servername, ndr_get_array_length(ndr, &r->servername), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_servername_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->servername, length_servername_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_servername_0, 0); } if (r->printername) { @@ -6452,11 +6566,13 @@ static enum ndr_err_code ndr_pull_spoolss_SetPrinterInfo0(struct ndr_pull *ndr, NDR_PULL_SET_MEM_CTX(ndr, r->printername, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->printername)); NDR_CHECK(ndr_pull_array_length(ndr, &r->printername)); - if (ndr_get_array_length(ndr, &r->printername) > ndr_get_array_size(ndr, &r->printername)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->printername), ndr_get_array_length(ndr, &r->printername)); + size_printername_1 = ndr_get_array_size(ndr, &r->printername); + length_printername_1 = ndr_get_array_length(ndr, &r->printername); + if (length_printername_1 > size_printername_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_printername_1, length_printername_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->printername), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->printername, ndr_get_array_length(ndr, &r->printername), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_printername_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->printername, length_printername_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_printername_0, 0); } } @@ -6545,10 +6661,16 @@ static enum ndr_err_code ndr_push_spoolss_SetPrinterInfo1(struct ndr_push *ndr, static enum ndr_err_code ndr_pull_spoolss_SetPrinterInfo1(struct ndr_pull *ndr, int ndr_flags, struct spoolss_SetPrinterInfo1 *r) { uint32_t _ptr_description; + uint32_t size_description_1 = 0; + uint32_t length_description_1 = 0; TALLOC_CTX *_mem_save_description_0; uint32_t _ptr_name; + uint32_t size_name_1 = 0; + uint32_t length_name_1 = 0; TALLOC_CTX *_mem_save_name_0; uint32_t _ptr_comment; + uint32_t size_comment_1 = 0; + uint32_t length_comment_1 = 0; TALLOC_CTX *_mem_save_comment_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 5)); @@ -6579,11 +6701,13 @@ static enum ndr_err_code ndr_pull_spoolss_SetPrinterInfo1(struct ndr_pull *ndr, NDR_PULL_SET_MEM_CTX(ndr, r->description, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->description)); NDR_CHECK(ndr_pull_array_length(ndr, &r->description)); - if (ndr_get_array_length(ndr, &r->description) > ndr_get_array_size(ndr, &r->description)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->description), ndr_get_array_length(ndr, &r->description)); + size_description_1 = ndr_get_array_size(ndr, &r->description); + length_description_1 = ndr_get_array_length(ndr, &r->description); + if (length_description_1 > size_description_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_description_1, length_description_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->description), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->description, ndr_get_array_length(ndr, &r->description), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_description_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->description, length_description_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_description_0, 0); } if (r->name) { @@ -6591,11 +6715,13 @@ static enum ndr_err_code ndr_pull_spoolss_SetPrinterInfo1(struct ndr_pull *ndr, NDR_PULL_SET_MEM_CTX(ndr, r->name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->name)); - if (ndr_get_array_length(ndr, &r->name) > ndr_get_array_size(ndr, &r->name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->name), ndr_get_array_length(ndr, &r->name)); + size_name_1 = ndr_get_array_size(ndr, &r->name); + length_name_1 = ndr_get_array_length(ndr, &r->name); + if (length_name_1 > size_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_name_1, length_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->name, ndr_get_array_length(ndr, &r->name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->name, length_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_name_0, 0); } if (r->comment) { @@ -6603,11 +6729,13 @@ static enum ndr_err_code ndr_pull_spoolss_SetPrinterInfo1(struct ndr_pull *ndr, NDR_PULL_SET_MEM_CTX(ndr, r->comment, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->comment)); NDR_CHECK(ndr_pull_array_length(ndr, &r->comment)); - if (ndr_get_array_length(ndr, &r->comment) > ndr_get_array_size(ndr, &r->comment)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->comment), ndr_get_array_length(ndr, &r->comment)); + size_comment_1 = ndr_get_array_size(ndr, &r->comment); + length_comment_1 = ndr_get_array_length(ndr, &r->comment); + if (length_comment_1 > size_comment_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_comment_1, length_comment_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->comment), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->comment, ndr_get_array_length(ndr, &r->comment), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_comment_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->comment, length_comment_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_comment_0, 0); } } @@ -6741,26 +6869,48 @@ static enum ndr_err_code ndr_push_spoolss_SetPrinterInfo2(struct ndr_push *ndr, static enum ndr_err_code ndr_pull_spoolss_SetPrinterInfo2(struct ndr_pull *ndr, int ndr_flags, struct spoolss_SetPrinterInfo2 *r) { uint32_t _ptr_servername; + uint32_t size_servername_1 = 0; + uint32_t length_servername_1 = 0; TALLOC_CTX *_mem_save_servername_0; uint32_t _ptr_printername; + uint32_t size_printername_1 = 0; + uint32_t length_printername_1 = 0; TALLOC_CTX *_mem_save_printername_0; uint32_t _ptr_sharename; + uint32_t size_sharename_1 = 0; + uint32_t length_sharename_1 = 0; TALLOC_CTX *_mem_save_sharename_0; uint32_t _ptr_portname; + uint32_t size_portname_1 = 0; + uint32_t length_portname_1 = 0; TALLOC_CTX *_mem_save_portname_0; uint32_t _ptr_drivername; + uint32_t size_drivername_1 = 0; + uint32_t length_drivername_1 = 0; TALLOC_CTX *_mem_save_drivername_0; uint32_t _ptr_comment; + uint32_t size_comment_1 = 0; + uint32_t length_comment_1 = 0; TALLOC_CTX *_mem_save_comment_0; uint32_t _ptr_location; + uint32_t size_location_1 = 0; + uint32_t length_location_1 = 0; TALLOC_CTX *_mem_save_location_0; uint32_t _ptr_sepfile; + uint32_t size_sepfile_1 = 0; + uint32_t length_sepfile_1 = 0; TALLOC_CTX *_mem_save_sepfile_0; uint32_t _ptr_printprocessor; + uint32_t size_printprocessor_1 = 0; + uint32_t length_printprocessor_1 = 0; TALLOC_CTX *_mem_save_printprocessor_0; uint32_t _ptr_datatype; + uint32_t size_datatype_1 = 0; + uint32_t length_datatype_1 = 0; TALLOC_CTX *_mem_save_datatype_0; uint32_t _ptr_parameters; + uint32_t size_parameters_1 = 0; + uint32_t length_parameters_1 = 0; TALLOC_CTX *_mem_save_parameters_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 5)); @@ -6851,11 +7001,13 @@ static enum ndr_err_code ndr_pull_spoolss_SetPrinterInfo2(struct ndr_pull *ndr, NDR_PULL_SET_MEM_CTX(ndr, r->servername, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->servername)); NDR_CHECK(ndr_pull_array_length(ndr, &r->servername)); - if (ndr_get_array_length(ndr, &r->servername) > ndr_get_array_size(ndr, &r->servername)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->servername), ndr_get_array_length(ndr, &r->servername)); + size_servername_1 = ndr_get_array_size(ndr, &r->servername); + length_servername_1 = ndr_get_array_length(ndr, &r->servername); + if (length_servername_1 > size_servername_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_servername_1, length_servername_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->servername), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->servername, ndr_get_array_length(ndr, &r->servername), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_servername_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->servername, length_servername_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_servername_0, 0); } if (r->printername) { @@ -6863,11 +7015,13 @@ static enum ndr_err_code ndr_pull_spoolss_SetPrinterInfo2(struct ndr_pull *ndr, NDR_PULL_SET_MEM_CTX(ndr, r->printername, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->printername)); NDR_CHECK(ndr_pull_array_length(ndr, &r->printername)); - if (ndr_get_array_length(ndr, &r->printername) > ndr_get_array_size(ndr, &r->printername)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->printername), ndr_get_array_length(ndr, &r->printername)); + size_printername_1 = ndr_get_array_size(ndr, &r->printername); + length_printername_1 = ndr_get_array_length(ndr, &r->printername); + if (length_printername_1 > size_printername_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_printername_1, length_printername_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->printername), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->printername, ndr_get_array_length(ndr, &r->printername), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_printername_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->printername, length_printername_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_printername_0, 0); } if (r->sharename) { @@ -6875,11 +7029,13 @@ static enum ndr_err_code ndr_pull_spoolss_SetPrinterInfo2(struct ndr_pull *ndr, NDR_PULL_SET_MEM_CTX(ndr, r->sharename, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->sharename)); NDR_CHECK(ndr_pull_array_length(ndr, &r->sharename)); - if (ndr_get_array_length(ndr, &r->sharename) > ndr_get_array_size(ndr, &r->sharename)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->sharename), ndr_get_array_length(ndr, &r->sharename)); + size_sharename_1 = ndr_get_array_size(ndr, &r->sharename); + length_sharename_1 = ndr_get_array_length(ndr, &r->sharename); + if (length_sharename_1 > size_sharename_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_sharename_1, length_sharename_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->sharename), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->sharename, ndr_get_array_length(ndr, &r->sharename), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_sharename_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->sharename, length_sharename_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_sharename_0, 0); } if (r->portname) { @@ -6887,11 +7043,13 @@ static enum ndr_err_code ndr_pull_spoolss_SetPrinterInfo2(struct ndr_pull *ndr, NDR_PULL_SET_MEM_CTX(ndr, r->portname, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->portname)); NDR_CHECK(ndr_pull_array_length(ndr, &r->portname)); - if (ndr_get_array_length(ndr, &r->portname) > ndr_get_array_size(ndr, &r->portname)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->portname), ndr_get_array_length(ndr, &r->portname)); + size_portname_1 = ndr_get_array_size(ndr, &r->portname); + length_portname_1 = ndr_get_array_length(ndr, &r->portname); + if (length_portname_1 > size_portname_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_portname_1, length_portname_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->portname), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->portname, ndr_get_array_length(ndr, &r->portname), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_portname_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->portname, length_portname_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_portname_0, 0); } if (r->drivername) { @@ -6899,11 +7057,13 @@ static enum ndr_err_code ndr_pull_spoolss_SetPrinterInfo2(struct ndr_pull *ndr, NDR_PULL_SET_MEM_CTX(ndr, r->drivername, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->drivername)); NDR_CHECK(ndr_pull_array_length(ndr, &r->drivername)); - if (ndr_get_array_length(ndr, &r->drivername) > ndr_get_array_size(ndr, &r->drivername)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->drivername), ndr_get_array_length(ndr, &r->drivername)); + size_drivername_1 = ndr_get_array_size(ndr, &r->drivername); + length_drivername_1 = ndr_get_array_length(ndr, &r->drivername); + if (length_drivername_1 > size_drivername_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_drivername_1, length_drivername_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->drivername), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->drivername, ndr_get_array_length(ndr, &r->drivername), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_drivername_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->drivername, length_drivername_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_drivername_0, 0); } if (r->comment) { @@ -6911,11 +7071,13 @@ static enum ndr_err_code ndr_pull_spoolss_SetPrinterInfo2(struct ndr_pull *ndr, NDR_PULL_SET_MEM_CTX(ndr, r->comment, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->comment)); NDR_CHECK(ndr_pull_array_length(ndr, &r->comment)); - if (ndr_get_array_length(ndr, &r->comment) > ndr_get_array_size(ndr, &r->comment)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->comment), ndr_get_array_length(ndr, &r->comment)); + size_comment_1 = ndr_get_array_size(ndr, &r->comment); + length_comment_1 = ndr_get_array_length(ndr, &r->comment); + if (length_comment_1 > size_comment_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_comment_1, length_comment_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->comment), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->comment, ndr_get_array_length(ndr, &r->comment), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_comment_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->comment, length_comment_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_comment_0, 0); } if (r->location) { @@ -6923,11 +7085,13 @@ static enum ndr_err_code ndr_pull_spoolss_SetPrinterInfo2(struct ndr_pull *ndr, NDR_PULL_SET_MEM_CTX(ndr, r->location, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->location)); NDR_CHECK(ndr_pull_array_length(ndr, &r->location)); - if (ndr_get_array_length(ndr, &r->location) > ndr_get_array_size(ndr, &r->location)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->location), ndr_get_array_length(ndr, &r->location)); + size_location_1 = ndr_get_array_size(ndr, &r->location); + length_location_1 = ndr_get_array_length(ndr, &r->location); + if (length_location_1 > size_location_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_location_1, length_location_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->location), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->location, ndr_get_array_length(ndr, &r->location), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_location_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->location, length_location_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_location_0, 0); } if (r->sepfile) { @@ -6935,11 +7099,13 @@ static enum ndr_err_code ndr_pull_spoolss_SetPrinterInfo2(struct ndr_pull *ndr, NDR_PULL_SET_MEM_CTX(ndr, r->sepfile, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->sepfile)); NDR_CHECK(ndr_pull_array_length(ndr, &r->sepfile)); - if (ndr_get_array_length(ndr, &r->sepfile) > ndr_get_array_size(ndr, &r->sepfile)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->sepfile), ndr_get_array_length(ndr, &r->sepfile)); + size_sepfile_1 = ndr_get_array_size(ndr, &r->sepfile); + length_sepfile_1 = ndr_get_array_length(ndr, &r->sepfile); + if (length_sepfile_1 > size_sepfile_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_sepfile_1, length_sepfile_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->sepfile), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->sepfile, ndr_get_array_length(ndr, &r->sepfile), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_sepfile_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->sepfile, length_sepfile_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_sepfile_0, 0); } if (r->printprocessor) { @@ -6947,11 +7113,13 @@ static enum ndr_err_code ndr_pull_spoolss_SetPrinterInfo2(struct ndr_pull *ndr, NDR_PULL_SET_MEM_CTX(ndr, r->printprocessor, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->printprocessor)); NDR_CHECK(ndr_pull_array_length(ndr, &r->printprocessor)); - if (ndr_get_array_length(ndr, &r->printprocessor) > ndr_get_array_size(ndr, &r->printprocessor)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->printprocessor), ndr_get_array_length(ndr, &r->printprocessor)); + size_printprocessor_1 = ndr_get_array_size(ndr, &r->printprocessor); + length_printprocessor_1 = ndr_get_array_length(ndr, &r->printprocessor); + if (length_printprocessor_1 > size_printprocessor_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_printprocessor_1, length_printprocessor_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->printprocessor), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->printprocessor, ndr_get_array_length(ndr, &r->printprocessor), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_printprocessor_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->printprocessor, length_printprocessor_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_printprocessor_0, 0); } if (r->datatype) { @@ -6959,11 +7127,13 @@ static enum ndr_err_code ndr_pull_spoolss_SetPrinterInfo2(struct ndr_pull *ndr, NDR_PULL_SET_MEM_CTX(ndr, r->datatype, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->datatype)); NDR_CHECK(ndr_pull_array_length(ndr, &r->datatype)); - if (ndr_get_array_length(ndr, &r->datatype) > ndr_get_array_size(ndr, &r->datatype)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->datatype), ndr_get_array_length(ndr, &r->datatype)); + size_datatype_1 = ndr_get_array_size(ndr, &r->datatype); + length_datatype_1 = ndr_get_array_length(ndr, &r->datatype); + if (length_datatype_1 > size_datatype_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_datatype_1, length_datatype_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->datatype), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->datatype, ndr_get_array_length(ndr, &r->datatype), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_datatype_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->datatype, length_datatype_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_datatype_0, 0); } if (r->parameters) { @@ -6971,11 +7141,13 @@ static enum ndr_err_code ndr_pull_spoolss_SetPrinterInfo2(struct ndr_pull *ndr, NDR_PULL_SET_MEM_CTX(ndr, r->parameters, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->parameters)); NDR_CHECK(ndr_pull_array_length(ndr, &r->parameters)); - if (ndr_get_array_length(ndr, &r->parameters) > ndr_get_array_size(ndr, &r->parameters)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->parameters), ndr_get_array_length(ndr, &r->parameters)); + size_parameters_1 = ndr_get_array_size(ndr, &r->parameters); + length_parameters_1 = ndr_get_array_length(ndr, &r->parameters); + if (length_parameters_1 > size_parameters_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_parameters_1, length_parameters_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->parameters), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->parameters, ndr_get_array_length(ndr, &r->parameters), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_parameters_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->parameters, length_parameters_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_parameters_0, 0); } } @@ -7126,8 +7298,12 @@ static enum ndr_err_code ndr_push_spoolss_SetPrinterInfo4(struct ndr_push *ndr, static enum ndr_err_code ndr_pull_spoolss_SetPrinterInfo4(struct ndr_pull *ndr, int ndr_flags, struct spoolss_SetPrinterInfo4 *r) { uint32_t _ptr_printername; + uint32_t size_printername_1 = 0; + uint32_t length_printername_1 = 0; TALLOC_CTX *_mem_save_printername_0; uint32_t _ptr_servername; + uint32_t size_servername_1 = 0; + uint32_t length_servername_1 = 0; TALLOC_CTX *_mem_save_servername_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 5)); @@ -7152,11 +7328,13 @@ static enum ndr_err_code ndr_pull_spoolss_SetPrinterInfo4(struct ndr_pull *ndr, NDR_PULL_SET_MEM_CTX(ndr, r->printername, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->printername)); NDR_CHECK(ndr_pull_array_length(ndr, &r->printername)); - if (ndr_get_array_length(ndr, &r->printername) > ndr_get_array_size(ndr, &r->printername)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->printername), ndr_get_array_length(ndr, &r->printername)); + size_printername_1 = ndr_get_array_size(ndr, &r->printername); + length_printername_1 = ndr_get_array_length(ndr, &r->printername); + if (length_printername_1 > size_printername_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_printername_1, length_printername_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->printername), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->printername, ndr_get_array_length(ndr, &r->printername), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_printername_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->printername, length_printername_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_printername_0, 0); } if (r->servername) { @@ -7164,11 +7342,13 @@ static enum ndr_err_code ndr_pull_spoolss_SetPrinterInfo4(struct ndr_pull *ndr, NDR_PULL_SET_MEM_CTX(ndr, r->servername, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->servername)); NDR_CHECK(ndr_pull_array_length(ndr, &r->servername)); - if (ndr_get_array_length(ndr, &r->servername) > ndr_get_array_size(ndr, &r->servername)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->servername), ndr_get_array_length(ndr, &r->servername)); + size_servername_1 = ndr_get_array_size(ndr, &r->servername); + length_servername_1 = ndr_get_array_length(ndr, &r->servername); + if (length_servername_1 > size_servername_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_servername_1, length_servername_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->servername), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->servername, ndr_get_array_length(ndr, &r->servername), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_servername_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->servername, length_servername_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_servername_0, 0); } } @@ -7226,8 +7406,12 @@ static enum ndr_err_code ndr_push_spoolss_SetPrinterInfo5(struct ndr_push *ndr, static enum ndr_err_code ndr_pull_spoolss_SetPrinterInfo5(struct ndr_pull *ndr, int ndr_flags, struct spoolss_SetPrinterInfo5 *r) { uint32_t _ptr_printername; + uint32_t size_printername_1 = 0; + uint32_t length_printername_1 = 0; TALLOC_CTX *_mem_save_printername_0; uint32_t _ptr_portname; + uint32_t size_portname_1 = 0; + uint32_t length_portname_1 = 0; TALLOC_CTX *_mem_save_portname_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 5)); @@ -7254,11 +7438,13 @@ static enum ndr_err_code ndr_pull_spoolss_SetPrinterInfo5(struct ndr_pull *ndr, NDR_PULL_SET_MEM_CTX(ndr, r->printername, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->printername)); NDR_CHECK(ndr_pull_array_length(ndr, &r->printername)); - if (ndr_get_array_length(ndr, &r->printername) > ndr_get_array_size(ndr, &r->printername)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->printername), ndr_get_array_length(ndr, &r->printername)); + size_printername_1 = ndr_get_array_size(ndr, &r->printername); + length_printername_1 = ndr_get_array_length(ndr, &r->printername); + if (length_printername_1 > size_printername_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_printername_1, length_printername_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->printername), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->printername, ndr_get_array_length(ndr, &r->printername), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_printername_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->printername, length_printername_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_printername_0, 0); } if (r->portname) { @@ -7266,11 +7452,13 @@ static enum ndr_err_code ndr_pull_spoolss_SetPrinterInfo5(struct ndr_pull *ndr, NDR_PULL_SET_MEM_CTX(ndr, r->portname, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->portname)); NDR_CHECK(ndr_pull_array_length(ndr, &r->portname)); - if (ndr_get_array_length(ndr, &r->portname) > ndr_get_array_size(ndr, &r->portname)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->portname), ndr_get_array_length(ndr, &r->portname)); + size_portname_1 = ndr_get_array_size(ndr, &r->portname); + length_portname_1 = ndr_get_array_length(ndr, &r->portname); + if (length_portname_1 > size_portname_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_portname_1, length_portname_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->portname), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->portname, ndr_get_array_length(ndr, &r->portname), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_portname_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->portname, length_portname_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_portname_0, 0); } } @@ -7353,6 +7541,8 @@ static enum ndr_err_code ndr_push_spoolss_SetPrinterInfo7(struct ndr_push *ndr, static enum ndr_err_code ndr_pull_spoolss_SetPrinterInfo7(struct ndr_pull *ndr, int ndr_flags, struct spoolss_SetPrinterInfo7 *r) { uint32_t _ptr_guid; + uint32_t size_guid_1 = 0; + uint32_t length_guid_1 = 0; TALLOC_CTX *_mem_save_guid_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 5)); @@ -7371,11 +7561,13 @@ static enum ndr_err_code ndr_pull_spoolss_SetPrinterInfo7(struct ndr_pull *ndr, NDR_PULL_SET_MEM_CTX(ndr, r->guid, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->guid)); NDR_CHECK(ndr_pull_array_length(ndr, &r->guid)); - if (ndr_get_array_length(ndr, &r->guid) > ndr_get_array_size(ndr, &r->guid)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->guid), ndr_get_array_length(ndr, &r->guid)); + size_guid_1 = ndr_get_array_size(ndr, &r->guid); + length_guid_1 = ndr_get_array_length(ndr, &r->guid); + if (length_guid_1 > size_guid_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_guid_1, length_guid_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->guid), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->guid, ndr_get_array_length(ndr, &r->guid), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_guid_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->guid, length_guid_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_guid_0, 0); } } @@ -7588,15 +7780,25 @@ static enum ndr_err_code ndr_pull_spoolss_SetPrinterInfo(struct ndr_pull *ndr, i int level; uint32_t _level; TALLOC_CTX *_mem_save_info0_0; + uint32_t _ptr_info0; TALLOC_CTX *_mem_save_info1_0; + uint32_t _ptr_info1; TALLOC_CTX *_mem_save_info2_0; + uint32_t _ptr_info2; TALLOC_CTX *_mem_save_info3_0; + uint32_t _ptr_info3; TALLOC_CTX *_mem_save_info4_0; + uint32_t _ptr_info4; TALLOC_CTX *_mem_save_info5_0; + uint32_t _ptr_info5; TALLOC_CTX *_mem_save_info6_0; + uint32_t _ptr_info6; TALLOC_CTX *_mem_save_info7_0; + uint32_t _ptr_info7; TALLOC_CTX *_mem_save_info8_0; + uint32_t _ptr_info8; TALLOC_CTX *_mem_save_info9_0; + uint32_t _ptr_info9; level = ndr_pull_get_switch_value(ndr, r); if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &_level)); @@ -7606,7 +7808,6 @@ static enum ndr_err_code ndr_pull_spoolss_SetPrinterInfo(struct ndr_pull *ndr, i NDR_CHECK(ndr_pull_union_align(ndr, 5)); switch (level) { case 0: { - uint32_t _ptr_info0; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info0)); if (_ptr_info0) { NDR_PULL_ALLOC(ndr, r->info0); @@ -7616,7 +7817,6 @@ static enum ndr_err_code ndr_pull_spoolss_SetPrinterInfo(struct ndr_pull *ndr, i break; } case 1: { - uint32_t _ptr_info1; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info1)); if (_ptr_info1) { NDR_PULL_ALLOC(ndr, r->info1); @@ -7626,7 +7826,6 @@ static enum ndr_err_code ndr_pull_spoolss_SetPrinterInfo(struct ndr_pull *ndr, i break; } case 2: { - uint32_t _ptr_info2; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info2)); if (_ptr_info2) { NDR_PULL_ALLOC(ndr, r->info2); @@ -7636,7 +7835,6 @@ static enum ndr_err_code ndr_pull_spoolss_SetPrinterInfo(struct ndr_pull *ndr, i break; } case 3: { - uint32_t _ptr_info3; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info3)); if (_ptr_info3) { NDR_PULL_ALLOC(ndr, r->info3); @@ -7646,7 +7844,6 @@ static enum ndr_err_code ndr_pull_spoolss_SetPrinterInfo(struct ndr_pull *ndr, i break; } case 4: { - uint32_t _ptr_info4; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info4)); if (_ptr_info4) { NDR_PULL_ALLOC(ndr, r->info4); @@ -7656,7 +7853,6 @@ static enum ndr_err_code ndr_pull_spoolss_SetPrinterInfo(struct ndr_pull *ndr, i break; } case 5: { - uint32_t _ptr_info5; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info5)); if (_ptr_info5) { NDR_PULL_ALLOC(ndr, r->info5); @@ -7666,7 +7862,6 @@ static enum ndr_err_code ndr_pull_spoolss_SetPrinterInfo(struct ndr_pull *ndr, i break; } case 6: { - uint32_t _ptr_info6; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info6)); if (_ptr_info6) { NDR_PULL_ALLOC(ndr, r->info6); @@ -7676,7 +7871,6 @@ static enum ndr_err_code ndr_pull_spoolss_SetPrinterInfo(struct ndr_pull *ndr, i break; } case 7: { - uint32_t _ptr_info7; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info7)); if (_ptr_info7) { NDR_PULL_ALLOC(ndr, r->info7); @@ -7686,7 +7880,6 @@ static enum ndr_err_code ndr_pull_spoolss_SetPrinterInfo(struct ndr_pull *ndr, i break; } case 8: { - uint32_t _ptr_info8; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info8)); if (_ptr_info8) { NDR_PULL_ALLOC(ndr, r->info8); @@ -7696,7 +7889,6 @@ static enum ndr_err_code ndr_pull_spoolss_SetPrinterInfo(struct ndr_pull *ndr, i break; } case 9: { - uint32_t _ptr_info9; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info9)); if (_ptr_info9) { NDR_PULL_ALLOC(ndr, r->info9); @@ -8018,6 +8210,8 @@ static enum ndr_err_code ndr_push_spoolss_AddDriverInfo1(struct ndr_push *ndr, i static enum ndr_err_code ndr_pull_spoolss_AddDriverInfo1(struct ndr_pull *ndr, int ndr_flags, struct spoolss_AddDriverInfo1 *r) { uint32_t _ptr_driver_name; + uint32_t size_driver_name_1 = 0; + uint32_t length_driver_name_1 = 0; TALLOC_CTX *_mem_save_driver_name_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 5)); @@ -8035,11 +8229,13 @@ static enum ndr_err_code ndr_pull_spoolss_AddDriverInfo1(struct ndr_pull *ndr, i NDR_PULL_SET_MEM_CTX(ndr, r->driver_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->driver_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->driver_name)); - if (ndr_get_array_length(ndr, &r->driver_name) > ndr_get_array_size(ndr, &r->driver_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->driver_name), ndr_get_array_length(ndr, &r->driver_name)); + size_driver_name_1 = ndr_get_array_size(ndr, &r->driver_name); + length_driver_name_1 = ndr_get_array_length(ndr, &r->driver_name); + if (length_driver_name_1 > size_driver_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_driver_name_1, length_driver_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->driver_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->driver_name, ndr_get_array_length(ndr, &r->driver_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_driver_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->driver_name, length_driver_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_driver_name_0, 0); } } @@ -8136,14 +8332,24 @@ static enum ndr_err_code ndr_push_spoolss_AddDriverInfo2(struct ndr_push *ndr, i static enum ndr_err_code ndr_pull_spoolss_AddDriverInfo2(struct ndr_pull *ndr, int ndr_flags, struct spoolss_AddDriverInfo2 *r) { uint32_t _ptr_driver_name; + uint32_t size_driver_name_1 = 0; + uint32_t length_driver_name_1 = 0; TALLOC_CTX *_mem_save_driver_name_0; uint32_t _ptr_architecture; + uint32_t size_architecture_1 = 0; + uint32_t length_architecture_1 = 0; TALLOC_CTX *_mem_save_architecture_0; uint32_t _ptr_driver_path; + uint32_t size_driver_path_1 = 0; + uint32_t length_driver_path_1 = 0; TALLOC_CTX *_mem_save_driver_path_0; uint32_t _ptr_data_file; + uint32_t size_data_file_1 = 0; + uint32_t length_data_file_1 = 0; TALLOC_CTX *_mem_save_data_file_0; uint32_t _ptr_config_file; + uint32_t size_config_file_1 = 0; + uint32_t length_config_file_1 = 0; TALLOC_CTX *_mem_save_config_file_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 5)); @@ -8186,11 +8392,13 @@ static enum ndr_err_code ndr_pull_spoolss_AddDriverInfo2(struct ndr_pull *ndr, i NDR_PULL_SET_MEM_CTX(ndr, r->driver_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->driver_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->driver_name)); - if (ndr_get_array_length(ndr, &r->driver_name) > ndr_get_array_size(ndr, &r->driver_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->driver_name), ndr_get_array_length(ndr, &r->driver_name)); + size_driver_name_1 = ndr_get_array_size(ndr, &r->driver_name); + length_driver_name_1 = ndr_get_array_length(ndr, &r->driver_name); + if (length_driver_name_1 > size_driver_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_driver_name_1, length_driver_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->driver_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->driver_name, ndr_get_array_length(ndr, &r->driver_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_driver_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->driver_name, length_driver_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_driver_name_0, 0); } if (r->architecture) { @@ -8198,11 +8406,13 @@ static enum ndr_err_code ndr_pull_spoolss_AddDriverInfo2(struct ndr_pull *ndr, i NDR_PULL_SET_MEM_CTX(ndr, r->architecture, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->architecture)); NDR_CHECK(ndr_pull_array_length(ndr, &r->architecture)); - if (ndr_get_array_length(ndr, &r->architecture) > ndr_get_array_size(ndr, &r->architecture)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->architecture), ndr_get_array_length(ndr, &r->architecture)); + size_architecture_1 = ndr_get_array_size(ndr, &r->architecture); + length_architecture_1 = ndr_get_array_length(ndr, &r->architecture); + if (length_architecture_1 > size_architecture_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_architecture_1, length_architecture_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->architecture), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->architecture, ndr_get_array_length(ndr, &r->architecture), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_architecture_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->architecture, length_architecture_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_architecture_0, 0); } if (r->driver_path) { @@ -8210,11 +8420,13 @@ static enum ndr_err_code ndr_pull_spoolss_AddDriverInfo2(struct ndr_pull *ndr, i NDR_PULL_SET_MEM_CTX(ndr, r->driver_path, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->driver_path)); NDR_CHECK(ndr_pull_array_length(ndr, &r->driver_path)); - if (ndr_get_array_length(ndr, &r->driver_path) > ndr_get_array_size(ndr, &r->driver_path)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->driver_path), ndr_get_array_length(ndr, &r->driver_path)); + size_driver_path_1 = ndr_get_array_size(ndr, &r->driver_path); + length_driver_path_1 = ndr_get_array_length(ndr, &r->driver_path); + if (length_driver_path_1 > size_driver_path_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_driver_path_1, length_driver_path_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->driver_path), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->driver_path, ndr_get_array_length(ndr, &r->driver_path), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_driver_path_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->driver_path, length_driver_path_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_driver_path_0, 0); } if (r->data_file) { @@ -8222,11 +8434,13 @@ static enum ndr_err_code ndr_pull_spoolss_AddDriverInfo2(struct ndr_pull *ndr, i NDR_PULL_SET_MEM_CTX(ndr, r->data_file, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->data_file)); NDR_CHECK(ndr_pull_array_length(ndr, &r->data_file)); - if (ndr_get_array_length(ndr, &r->data_file) > ndr_get_array_size(ndr, &r->data_file)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->data_file), ndr_get_array_length(ndr, &r->data_file)); + size_data_file_1 = ndr_get_array_size(ndr, &r->data_file); + length_data_file_1 = ndr_get_array_length(ndr, &r->data_file); + if (length_data_file_1 > size_data_file_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_data_file_1, length_data_file_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->data_file), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->data_file, ndr_get_array_length(ndr, &r->data_file), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_data_file_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->data_file, length_data_file_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_data_file_0, 0); } if (r->config_file) { @@ -8234,11 +8448,13 @@ static enum ndr_err_code ndr_pull_spoolss_AddDriverInfo2(struct ndr_pull *ndr, i NDR_PULL_SET_MEM_CTX(ndr, r->config_file, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->config_file)); NDR_CHECK(ndr_pull_array_length(ndr, &r->config_file)); - if (ndr_get_array_length(ndr, &r->config_file) > ndr_get_array_size(ndr, &r->config_file)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->config_file), ndr_get_array_length(ndr, &r->config_file)); + size_config_file_1 = ndr_get_array_size(ndr, &r->config_file); + length_config_file_1 = ndr_get_array_length(ndr, &r->config_file); + if (length_config_file_1 > size_config_file_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_config_file_1, length_config_file_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->config_file), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->config_file, ndr_get_array_length(ndr, &r->config_file), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_config_file_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->config_file, length_config_file_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_config_file_0, 0); } } @@ -8359,20 +8575,36 @@ static enum ndr_err_code ndr_push_spoolss_AddDriverInfo3(struct ndr_push *ndr, i static enum ndr_err_code ndr_pull_spoolss_AddDriverInfo3(struct ndr_pull *ndr, int ndr_flags, struct spoolss_AddDriverInfo3 *r) { uint32_t _ptr_driver_name; + uint32_t size_driver_name_1 = 0; + uint32_t length_driver_name_1 = 0; TALLOC_CTX *_mem_save_driver_name_0; uint32_t _ptr_architecture; + uint32_t size_architecture_1 = 0; + uint32_t length_architecture_1 = 0; TALLOC_CTX *_mem_save_architecture_0; uint32_t _ptr_driver_path; + uint32_t size_driver_path_1 = 0; + uint32_t length_driver_path_1 = 0; TALLOC_CTX *_mem_save_driver_path_0; uint32_t _ptr_data_file; + uint32_t size_data_file_1 = 0; + uint32_t length_data_file_1 = 0; TALLOC_CTX *_mem_save_data_file_0; uint32_t _ptr_config_file; + uint32_t size_config_file_1 = 0; + uint32_t length_config_file_1 = 0; TALLOC_CTX *_mem_save_config_file_0; uint32_t _ptr_help_file; + uint32_t size_help_file_1 = 0; + uint32_t length_help_file_1 = 0; TALLOC_CTX *_mem_save_help_file_0; uint32_t _ptr_monitor_name; + uint32_t size_monitor_name_1 = 0; + uint32_t length_monitor_name_1 = 0; TALLOC_CTX *_mem_save_monitor_name_0; uint32_t _ptr_default_datatype; + uint32_t size_default_datatype_1 = 0; + uint32_t length_default_datatype_1 = 0; TALLOC_CTX *_mem_save_default_datatype_0; uint32_t _ptr_dependent_files; TALLOC_CTX *_mem_save_dependent_files_0; @@ -8442,11 +8674,13 @@ static enum ndr_err_code ndr_pull_spoolss_AddDriverInfo3(struct ndr_pull *ndr, i NDR_PULL_SET_MEM_CTX(ndr, r->driver_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->driver_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->driver_name)); - if (ndr_get_array_length(ndr, &r->driver_name) > ndr_get_array_size(ndr, &r->driver_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->driver_name), ndr_get_array_length(ndr, &r->driver_name)); + size_driver_name_1 = ndr_get_array_size(ndr, &r->driver_name); + length_driver_name_1 = ndr_get_array_length(ndr, &r->driver_name); + if (length_driver_name_1 > size_driver_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_driver_name_1, length_driver_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->driver_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->driver_name, ndr_get_array_length(ndr, &r->driver_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_driver_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->driver_name, length_driver_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_driver_name_0, 0); } if (r->architecture) { @@ -8454,11 +8688,13 @@ static enum ndr_err_code ndr_pull_spoolss_AddDriverInfo3(struct ndr_pull *ndr, i NDR_PULL_SET_MEM_CTX(ndr, r->architecture, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->architecture)); NDR_CHECK(ndr_pull_array_length(ndr, &r->architecture)); - if (ndr_get_array_length(ndr, &r->architecture) > ndr_get_array_size(ndr, &r->architecture)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->architecture), ndr_get_array_length(ndr, &r->architecture)); + size_architecture_1 = ndr_get_array_size(ndr, &r->architecture); + length_architecture_1 = ndr_get_array_length(ndr, &r->architecture); + if (length_architecture_1 > size_architecture_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_architecture_1, length_architecture_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->architecture), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->architecture, ndr_get_array_length(ndr, &r->architecture), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_architecture_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->architecture, length_architecture_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_architecture_0, 0); } if (r->driver_path) { @@ -8466,11 +8702,13 @@ static enum ndr_err_code ndr_pull_spoolss_AddDriverInfo3(struct ndr_pull *ndr, i NDR_PULL_SET_MEM_CTX(ndr, r->driver_path, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->driver_path)); NDR_CHECK(ndr_pull_array_length(ndr, &r->driver_path)); - if (ndr_get_array_length(ndr, &r->driver_path) > ndr_get_array_size(ndr, &r->driver_path)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->driver_path), ndr_get_array_length(ndr, &r->driver_path)); + size_driver_path_1 = ndr_get_array_size(ndr, &r->driver_path); + length_driver_path_1 = ndr_get_array_length(ndr, &r->driver_path); + if (length_driver_path_1 > size_driver_path_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_driver_path_1, length_driver_path_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->driver_path), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->driver_path, ndr_get_array_length(ndr, &r->driver_path), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_driver_path_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->driver_path, length_driver_path_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_driver_path_0, 0); } if (r->data_file) { @@ -8478,11 +8716,13 @@ static enum ndr_err_code ndr_pull_spoolss_AddDriverInfo3(struct ndr_pull *ndr, i NDR_PULL_SET_MEM_CTX(ndr, r->data_file, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->data_file)); NDR_CHECK(ndr_pull_array_length(ndr, &r->data_file)); - if (ndr_get_array_length(ndr, &r->data_file) > ndr_get_array_size(ndr, &r->data_file)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->data_file), ndr_get_array_length(ndr, &r->data_file)); + size_data_file_1 = ndr_get_array_size(ndr, &r->data_file); + length_data_file_1 = ndr_get_array_length(ndr, &r->data_file); + if (length_data_file_1 > size_data_file_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_data_file_1, length_data_file_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->data_file), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->data_file, ndr_get_array_length(ndr, &r->data_file), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_data_file_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->data_file, length_data_file_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_data_file_0, 0); } if (r->config_file) { @@ -8490,11 +8730,13 @@ static enum ndr_err_code ndr_pull_spoolss_AddDriverInfo3(struct ndr_pull *ndr, i NDR_PULL_SET_MEM_CTX(ndr, r->config_file, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->config_file)); NDR_CHECK(ndr_pull_array_length(ndr, &r->config_file)); - if (ndr_get_array_length(ndr, &r->config_file) > ndr_get_array_size(ndr, &r->config_file)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->config_file), ndr_get_array_length(ndr, &r->config_file)); + size_config_file_1 = ndr_get_array_size(ndr, &r->config_file); + length_config_file_1 = ndr_get_array_length(ndr, &r->config_file); + if (length_config_file_1 > size_config_file_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_config_file_1, length_config_file_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->config_file), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->config_file, ndr_get_array_length(ndr, &r->config_file), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_config_file_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->config_file, length_config_file_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_config_file_0, 0); } if (r->help_file) { @@ -8502,11 +8744,13 @@ static enum ndr_err_code ndr_pull_spoolss_AddDriverInfo3(struct ndr_pull *ndr, i NDR_PULL_SET_MEM_CTX(ndr, r->help_file, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->help_file)); NDR_CHECK(ndr_pull_array_length(ndr, &r->help_file)); - if (ndr_get_array_length(ndr, &r->help_file) > ndr_get_array_size(ndr, &r->help_file)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->help_file), ndr_get_array_length(ndr, &r->help_file)); + size_help_file_1 = ndr_get_array_size(ndr, &r->help_file); + length_help_file_1 = ndr_get_array_length(ndr, &r->help_file); + if (length_help_file_1 > size_help_file_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_help_file_1, length_help_file_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->help_file), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->help_file, ndr_get_array_length(ndr, &r->help_file), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_help_file_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->help_file, length_help_file_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_help_file_0, 0); } if (r->monitor_name) { @@ -8514,11 +8758,13 @@ static enum ndr_err_code ndr_pull_spoolss_AddDriverInfo3(struct ndr_pull *ndr, i NDR_PULL_SET_MEM_CTX(ndr, r->monitor_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->monitor_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->monitor_name)); - if (ndr_get_array_length(ndr, &r->monitor_name) > ndr_get_array_size(ndr, &r->monitor_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->monitor_name), ndr_get_array_length(ndr, &r->monitor_name)); + size_monitor_name_1 = ndr_get_array_size(ndr, &r->monitor_name); + length_monitor_name_1 = ndr_get_array_length(ndr, &r->monitor_name); + if (length_monitor_name_1 > size_monitor_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_monitor_name_1, length_monitor_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->monitor_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->monitor_name, ndr_get_array_length(ndr, &r->monitor_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_monitor_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->monitor_name, length_monitor_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_monitor_name_0, 0); } if (r->default_datatype) { @@ -8526,11 +8772,13 @@ static enum ndr_err_code ndr_pull_spoolss_AddDriverInfo3(struct ndr_pull *ndr, i NDR_PULL_SET_MEM_CTX(ndr, r->default_datatype, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->default_datatype)); NDR_CHECK(ndr_pull_array_length(ndr, &r->default_datatype)); - if (ndr_get_array_length(ndr, &r->default_datatype) > ndr_get_array_size(ndr, &r->default_datatype)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->default_datatype), ndr_get_array_length(ndr, &r->default_datatype)); + size_default_datatype_1 = ndr_get_array_size(ndr, &r->default_datatype); + length_default_datatype_1 = ndr_get_array_length(ndr, &r->default_datatype); + if (length_default_datatype_1 > size_default_datatype_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_default_datatype_1, length_default_datatype_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->default_datatype), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->default_datatype, ndr_get_array_length(ndr, &r->default_datatype), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_default_datatype_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->default_datatype, length_default_datatype_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_default_datatype_0, 0); } if (r->dependent_files) { @@ -8687,20 +8935,36 @@ static enum ndr_err_code ndr_push_spoolss_AddDriverInfo4(struct ndr_push *ndr, i static enum ndr_err_code ndr_pull_spoolss_AddDriverInfo4(struct ndr_pull *ndr, int ndr_flags, struct spoolss_AddDriverInfo4 *r) { uint32_t _ptr_driver_name; + uint32_t size_driver_name_1 = 0; + uint32_t length_driver_name_1 = 0; TALLOC_CTX *_mem_save_driver_name_0; uint32_t _ptr_architecture; + uint32_t size_architecture_1 = 0; + uint32_t length_architecture_1 = 0; TALLOC_CTX *_mem_save_architecture_0; uint32_t _ptr_driver_path; + uint32_t size_driver_path_1 = 0; + uint32_t length_driver_path_1 = 0; TALLOC_CTX *_mem_save_driver_path_0; uint32_t _ptr_data_file; + uint32_t size_data_file_1 = 0; + uint32_t length_data_file_1 = 0; TALLOC_CTX *_mem_save_data_file_0; uint32_t _ptr_config_file; + uint32_t size_config_file_1 = 0; + uint32_t length_config_file_1 = 0; TALLOC_CTX *_mem_save_config_file_0; uint32_t _ptr_help_file; + uint32_t size_help_file_1 = 0; + uint32_t length_help_file_1 = 0; TALLOC_CTX *_mem_save_help_file_0; uint32_t _ptr_monitor_name; + uint32_t size_monitor_name_1 = 0; + uint32_t length_monitor_name_1 = 0; TALLOC_CTX *_mem_save_monitor_name_0; uint32_t _ptr_default_datatype; + uint32_t size_default_datatype_1 = 0; + uint32_t length_default_datatype_1 = 0; TALLOC_CTX *_mem_save_default_datatype_0; uint32_t _ptr_dependent_files; TALLOC_CTX *_mem_save_dependent_files_0; @@ -8779,11 +9043,13 @@ static enum ndr_err_code ndr_pull_spoolss_AddDriverInfo4(struct ndr_pull *ndr, i NDR_PULL_SET_MEM_CTX(ndr, r->driver_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->driver_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->driver_name)); - if (ndr_get_array_length(ndr, &r->driver_name) > ndr_get_array_size(ndr, &r->driver_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->driver_name), ndr_get_array_length(ndr, &r->driver_name)); + size_driver_name_1 = ndr_get_array_size(ndr, &r->driver_name); + length_driver_name_1 = ndr_get_array_length(ndr, &r->driver_name); + if (length_driver_name_1 > size_driver_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_driver_name_1, length_driver_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->driver_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->driver_name, ndr_get_array_length(ndr, &r->driver_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_driver_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->driver_name, length_driver_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_driver_name_0, 0); } if (r->architecture) { @@ -8791,11 +9057,13 @@ static enum ndr_err_code ndr_pull_spoolss_AddDriverInfo4(struct ndr_pull *ndr, i NDR_PULL_SET_MEM_CTX(ndr, r->architecture, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->architecture)); NDR_CHECK(ndr_pull_array_length(ndr, &r->architecture)); - if (ndr_get_array_length(ndr, &r->architecture) > ndr_get_array_size(ndr, &r->architecture)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->architecture), ndr_get_array_length(ndr, &r->architecture)); + size_architecture_1 = ndr_get_array_size(ndr, &r->architecture); + length_architecture_1 = ndr_get_array_length(ndr, &r->architecture); + if (length_architecture_1 > size_architecture_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_architecture_1, length_architecture_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->architecture), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->architecture, ndr_get_array_length(ndr, &r->architecture), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_architecture_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->architecture, length_architecture_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_architecture_0, 0); } if (r->driver_path) { @@ -8803,11 +9071,13 @@ static enum ndr_err_code ndr_pull_spoolss_AddDriverInfo4(struct ndr_pull *ndr, i NDR_PULL_SET_MEM_CTX(ndr, r->driver_path, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->driver_path)); NDR_CHECK(ndr_pull_array_length(ndr, &r->driver_path)); - if (ndr_get_array_length(ndr, &r->driver_path) > ndr_get_array_size(ndr, &r->driver_path)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->driver_path), ndr_get_array_length(ndr, &r->driver_path)); + size_driver_path_1 = ndr_get_array_size(ndr, &r->driver_path); + length_driver_path_1 = ndr_get_array_length(ndr, &r->driver_path); + if (length_driver_path_1 > size_driver_path_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_driver_path_1, length_driver_path_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->driver_path), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->driver_path, ndr_get_array_length(ndr, &r->driver_path), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_driver_path_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->driver_path, length_driver_path_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_driver_path_0, 0); } if (r->data_file) { @@ -8815,11 +9085,13 @@ static enum ndr_err_code ndr_pull_spoolss_AddDriverInfo4(struct ndr_pull *ndr, i NDR_PULL_SET_MEM_CTX(ndr, r->data_file, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->data_file)); NDR_CHECK(ndr_pull_array_length(ndr, &r->data_file)); - if (ndr_get_array_length(ndr, &r->data_file) > ndr_get_array_size(ndr, &r->data_file)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->data_file), ndr_get_array_length(ndr, &r->data_file)); + size_data_file_1 = ndr_get_array_size(ndr, &r->data_file); + length_data_file_1 = ndr_get_array_length(ndr, &r->data_file); + if (length_data_file_1 > size_data_file_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_data_file_1, length_data_file_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->data_file), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->data_file, ndr_get_array_length(ndr, &r->data_file), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_data_file_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->data_file, length_data_file_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_data_file_0, 0); } if (r->config_file) { @@ -8827,11 +9099,13 @@ static enum ndr_err_code ndr_pull_spoolss_AddDriverInfo4(struct ndr_pull *ndr, i NDR_PULL_SET_MEM_CTX(ndr, r->config_file, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->config_file)); NDR_CHECK(ndr_pull_array_length(ndr, &r->config_file)); - if (ndr_get_array_length(ndr, &r->config_file) > ndr_get_array_size(ndr, &r->config_file)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->config_file), ndr_get_array_length(ndr, &r->config_file)); + size_config_file_1 = ndr_get_array_size(ndr, &r->config_file); + length_config_file_1 = ndr_get_array_length(ndr, &r->config_file); + if (length_config_file_1 > size_config_file_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_config_file_1, length_config_file_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->config_file), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->config_file, ndr_get_array_length(ndr, &r->config_file), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_config_file_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->config_file, length_config_file_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_config_file_0, 0); } if (r->help_file) { @@ -8839,11 +9113,13 @@ static enum ndr_err_code ndr_pull_spoolss_AddDriverInfo4(struct ndr_pull *ndr, i NDR_PULL_SET_MEM_CTX(ndr, r->help_file, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->help_file)); NDR_CHECK(ndr_pull_array_length(ndr, &r->help_file)); - if (ndr_get_array_length(ndr, &r->help_file) > ndr_get_array_size(ndr, &r->help_file)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->help_file), ndr_get_array_length(ndr, &r->help_file)); + size_help_file_1 = ndr_get_array_size(ndr, &r->help_file); + length_help_file_1 = ndr_get_array_length(ndr, &r->help_file); + if (length_help_file_1 > size_help_file_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_help_file_1, length_help_file_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->help_file), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->help_file, ndr_get_array_length(ndr, &r->help_file), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_help_file_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->help_file, length_help_file_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_help_file_0, 0); } if (r->monitor_name) { @@ -8851,11 +9127,13 @@ static enum ndr_err_code ndr_pull_spoolss_AddDriverInfo4(struct ndr_pull *ndr, i NDR_PULL_SET_MEM_CTX(ndr, r->monitor_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->monitor_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->monitor_name)); - if (ndr_get_array_length(ndr, &r->monitor_name) > ndr_get_array_size(ndr, &r->monitor_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->monitor_name), ndr_get_array_length(ndr, &r->monitor_name)); + size_monitor_name_1 = ndr_get_array_size(ndr, &r->monitor_name); + length_monitor_name_1 = ndr_get_array_length(ndr, &r->monitor_name); + if (length_monitor_name_1 > size_monitor_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_monitor_name_1, length_monitor_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->monitor_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->monitor_name, ndr_get_array_length(ndr, &r->monitor_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_monitor_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->monitor_name, length_monitor_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_monitor_name_0, 0); } if (r->default_datatype) { @@ -8863,11 +9141,13 @@ static enum ndr_err_code ndr_pull_spoolss_AddDriverInfo4(struct ndr_pull *ndr, i NDR_PULL_SET_MEM_CTX(ndr, r->default_datatype, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->default_datatype)); NDR_CHECK(ndr_pull_array_length(ndr, &r->default_datatype)); - if (ndr_get_array_length(ndr, &r->default_datatype) > ndr_get_array_size(ndr, &r->default_datatype)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->default_datatype), ndr_get_array_length(ndr, &r->default_datatype)); + size_default_datatype_1 = ndr_get_array_size(ndr, &r->default_datatype); + length_default_datatype_1 = ndr_get_array_length(ndr, &r->default_datatype); + if (length_default_datatype_1 > size_default_datatype_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_default_datatype_1, length_default_datatype_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->default_datatype), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->default_datatype, ndr_get_array_length(ndr, &r->default_datatype), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_default_datatype_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->default_datatype, length_default_datatype_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_default_datatype_0, 0); } if (r->dependent_files) { @@ -9089,32 +9369,56 @@ static enum ndr_err_code ndr_push_spoolss_AddDriverInfo6(struct ndr_push *ndr, i static enum ndr_err_code ndr_pull_spoolss_AddDriverInfo6(struct ndr_pull *ndr, int ndr_flags, struct spoolss_AddDriverInfo6 *r) { uint32_t _ptr_driver_name; + uint32_t size_driver_name_1 = 0; + uint32_t length_driver_name_1 = 0; TALLOC_CTX *_mem_save_driver_name_0; uint32_t _ptr_architecture; + uint32_t size_architecture_1 = 0; + uint32_t length_architecture_1 = 0; TALLOC_CTX *_mem_save_architecture_0; uint32_t _ptr_driver_path; + uint32_t size_driver_path_1 = 0; + uint32_t length_driver_path_1 = 0; TALLOC_CTX *_mem_save_driver_path_0; uint32_t _ptr_data_file; + uint32_t size_data_file_1 = 0; + uint32_t length_data_file_1 = 0; TALLOC_CTX *_mem_save_data_file_0; uint32_t _ptr_config_file; + uint32_t size_config_file_1 = 0; + uint32_t length_config_file_1 = 0; TALLOC_CTX *_mem_save_config_file_0; uint32_t _ptr_help_file; + uint32_t size_help_file_1 = 0; + uint32_t length_help_file_1 = 0; TALLOC_CTX *_mem_save_help_file_0; uint32_t _ptr_monitor_name; + uint32_t size_monitor_name_1 = 0; + uint32_t length_monitor_name_1 = 0; TALLOC_CTX *_mem_save_monitor_name_0; uint32_t _ptr_default_datatype; + uint32_t size_default_datatype_1 = 0; + uint32_t length_default_datatype_1 = 0; TALLOC_CTX *_mem_save_default_datatype_0; uint32_t _ptr_dependent_files; TALLOC_CTX *_mem_save_dependent_files_0; uint32_t _ptr_previous_names; TALLOC_CTX *_mem_save_previous_names_0; uint32_t _ptr_manufacturer_name; + uint32_t size_manufacturer_name_1 = 0; + uint32_t length_manufacturer_name_1 = 0; TALLOC_CTX *_mem_save_manufacturer_name_0; uint32_t _ptr_manufacturer_url; + uint32_t size_manufacturer_url_1 = 0; + uint32_t length_manufacturer_url_1 = 0; TALLOC_CTX *_mem_save_manufacturer_url_0; uint32_t _ptr_hardware_id; + uint32_t size_hardware_id_1 = 0; + uint32_t length_hardware_id_1 = 0; TALLOC_CTX *_mem_save_hardware_id_0; uint32_t _ptr_provider; + uint32_t size_provider_1 = 0; + uint32_t length_provider_1 = 0; TALLOC_CTX *_mem_save_provider_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 8)); @@ -9215,11 +9519,13 @@ static enum ndr_err_code ndr_pull_spoolss_AddDriverInfo6(struct ndr_pull *ndr, i NDR_PULL_SET_MEM_CTX(ndr, r->driver_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->driver_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->driver_name)); - if (ndr_get_array_length(ndr, &r->driver_name) > ndr_get_array_size(ndr, &r->driver_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->driver_name), ndr_get_array_length(ndr, &r->driver_name)); + size_driver_name_1 = ndr_get_array_size(ndr, &r->driver_name); + length_driver_name_1 = ndr_get_array_length(ndr, &r->driver_name); + if (length_driver_name_1 > size_driver_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_driver_name_1, length_driver_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->driver_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->driver_name, ndr_get_array_length(ndr, &r->driver_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_driver_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->driver_name, length_driver_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_driver_name_0, 0); } if (r->architecture) { @@ -9227,11 +9533,13 @@ static enum ndr_err_code ndr_pull_spoolss_AddDriverInfo6(struct ndr_pull *ndr, i NDR_PULL_SET_MEM_CTX(ndr, r->architecture, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->architecture)); NDR_CHECK(ndr_pull_array_length(ndr, &r->architecture)); - if (ndr_get_array_length(ndr, &r->architecture) > ndr_get_array_size(ndr, &r->architecture)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->architecture), ndr_get_array_length(ndr, &r->architecture)); + size_architecture_1 = ndr_get_array_size(ndr, &r->architecture); + length_architecture_1 = ndr_get_array_length(ndr, &r->architecture); + if (length_architecture_1 > size_architecture_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_architecture_1, length_architecture_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->architecture), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->architecture, ndr_get_array_length(ndr, &r->architecture), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_architecture_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->architecture, length_architecture_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_architecture_0, 0); } if (r->driver_path) { @@ -9239,11 +9547,13 @@ static enum ndr_err_code ndr_pull_spoolss_AddDriverInfo6(struct ndr_pull *ndr, i NDR_PULL_SET_MEM_CTX(ndr, r->driver_path, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->driver_path)); NDR_CHECK(ndr_pull_array_length(ndr, &r->driver_path)); - if (ndr_get_array_length(ndr, &r->driver_path) > ndr_get_array_size(ndr, &r->driver_path)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->driver_path), ndr_get_array_length(ndr, &r->driver_path)); + size_driver_path_1 = ndr_get_array_size(ndr, &r->driver_path); + length_driver_path_1 = ndr_get_array_length(ndr, &r->driver_path); + if (length_driver_path_1 > size_driver_path_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_driver_path_1, length_driver_path_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->driver_path), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->driver_path, ndr_get_array_length(ndr, &r->driver_path), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_driver_path_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->driver_path, length_driver_path_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_driver_path_0, 0); } if (r->data_file) { @@ -9251,11 +9561,13 @@ static enum ndr_err_code ndr_pull_spoolss_AddDriverInfo6(struct ndr_pull *ndr, i NDR_PULL_SET_MEM_CTX(ndr, r->data_file, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->data_file)); NDR_CHECK(ndr_pull_array_length(ndr, &r->data_file)); - if (ndr_get_array_length(ndr, &r->data_file) > ndr_get_array_size(ndr, &r->data_file)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->data_file), ndr_get_array_length(ndr, &r->data_file)); + size_data_file_1 = ndr_get_array_size(ndr, &r->data_file); + length_data_file_1 = ndr_get_array_length(ndr, &r->data_file); + if (length_data_file_1 > size_data_file_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_data_file_1, length_data_file_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->data_file), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->data_file, ndr_get_array_length(ndr, &r->data_file), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_data_file_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->data_file, length_data_file_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_data_file_0, 0); } if (r->config_file) { @@ -9263,11 +9575,13 @@ static enum ndr_err_code ndr_pull_spoolss_AddDriverInfo6(struct ndr_pull *ndr, i NDR_PULL_SET_MEM_CTX(ndr, r->config_file, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->config_file)); NDR_CHECK(ndr_pull_array_length(ndr, &r->config_file)); - if (ndr_get_array_length(ndr, &r->config_file) > ndr_get_array_size(ndr, &r->config_file)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->config_file), ndr_get_array_length(ndr, &r->config_file)); + size_config_file_1 = ndr_get_array_size(ndr, &r->config_file); + length_config_file_1 = ndr_get_array_length(ndr, &r->config_file); + if (length_config_file_1 > size_config_file_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_config_file_1, length_config_file_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->config_file), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->config_file, ndr_get_array_length(ndr, &r->config_file), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_config_file_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->config_file, length_config_file_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_config_file_0, 0); } if (r->help_file) { @@ -9275,11 +9589,13 @@ static enum ndr_err_code ndr_pull_spoolss_AddDriverInfo6(struct ndr_pull *ndr, i NDR_PULL_SET_MEM_CTX(ndr, r->help_file, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->help_file)); NDR_CHECK(ndr_pull_array_length(ndr, &r->help_file)); - if (ndr_get_array_length(ndr, &r->help_file) > ndr_get_array_size(ndr, &r->help_file)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->help_file), ndr_get_array_length(ndr, &r->help_file)); + size_help_file_1 = ndr_get_array_size(ndr, &r->help_file); + length_help_file_1 = ndr_get_array_length(ndr, &r->help_file); + if (length_help_file_1 > size_help_file_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_help_file_1, length_help_file_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->help_file), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->help_file, ndr_get_array_length(ndr, &r->help_file), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_help_file_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->help_file, length_help_file_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_help_file_0, 0); } if (r->monitor_name) { @@ -9287,11 +9603,13 @@ static enum ndr_err_code ndr_pull_spoolss_AddDriverInfo6(struct ndr_pull *ndr, i NDR_PULL_SET_MEM_CTX(ndr, r->monitor_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->monitor_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->monitor_name)); - if (ndr_get_array_length(ndr, &r->monitor_name) > ndr_get_array_size(ndr, &r->monitor_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->monitor_name), ndr_get_array_length(ndr, &r->monitor_name)); + size_monitor_name_1 = ndr_get_array_size(ndr, &r->monitor_name); + length_monitor_name_1 = ndr_get_array_length(ndr, &r->monitor_name); + if (length_monitor_name_1 > size_monitor_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_monitor_name_1, length_monitor_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->monitor_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->monitor_name, ndr_get_array_length(ndr, &r->monitor_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_monitor_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->monitor_name, length_monitor_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_monitor_name_0, 0); } if (r->default_datatype) { @@ -9299,11 +9617,13 @@ static enum ndr_err_code ndr_pull_spoolss_AddDriverInfo6(struct ndr_pull *ndr, i NDR_PULL_SET_MEM_CTX(ndr, r->default_datatype, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->default_datatype)); NDR_CHECK(ndr_pull_array_length(ndr, &r->default_datatype)); - if (ndr_get_array_length(ndr, &r->default_datatype) > ndr_get_array_size(ndr, &r->default_datatype)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->default_datatype), ndr_get_array_length(ndr, &r->default_datatype)); + size_default_datatype_1 = ndr_get_array_size(ndr, &r->default_datatype); + length_default_datatype_1 = ndr_get_array_length(ndr, &r->default_datatype); + if (length_default_datatype_1 > size_default_datatype_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_default_datatype_1, length_default_datatype_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->default_datatype), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->default_datatype, ndr_get_array_length(ndr, &r->default_datatype), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_default_datatype_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->default_datatype, length_default_datatype_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_default_datatype_0, 0); } if (r->dependent_files) { @@ -9323,11 +9643,13 @@ static enum ndr_err_code ndr_pull_spoolss_AddDriverInfo6(struct ndr_pull *ndr, i NDR_PULL_SET_MEM_CTX(ndr, r->manufacturer_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->manufacturer_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->manufacturer_name)); - if (ndr_get_array_length(ndr, &r->manufacturer_name) > ndr_get_array_size(ndr, &r->manufacturer_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->manufacturer_name), ndr_get_array_length(ndr, &r->manufacturer_name)); + size_manufacturer_name_1 = ndr_get_array_size(ndr, &r->manufacturer_name); + length_manufacturer_name_1 = ndr_get_array_length(ndr, &r->manufacturer_name); + if (length_manufacturer_name_1 > size_manufacturer_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_manufacturer_name_1, length_manufacturer_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->manufacturer_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->manufacturer_name, ndr_get_array_length(ndr, &r->manufacturer_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_manufacturer_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->manufacturer_name, length_manufacturer_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_manufacturer_name_0, 0); } if (r->manufacturer_url) { @@ -9335,11 +9657,13 @@ static enum ndr_err_code ndr_pull_spoolss_AddDriverInfo6(struct ndr_pull *ndr, i NDR_PULL_SET_MEM_CTX(ndr, r->manufacturer_url, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->manufacturer_url)); NDR_CHECK(ndr_pull_array_length(ndr, &r->manufacturer_url)); - if (ndr_get_array_length(ndr, &r->manufacturer_url) > ndr_get_array_size(ndr, &r->manufacturer_url)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->manufacturer_url), ndr_get_array_length(ndr, &r->manufacturer_url)); + size_manufacturer_url_1 = ndr_get_array_size(ndr, &r->manufacturer_url); + length_manufacturer_url_1 = ndr_get_array_length(ndr, &r->manufacturer_url); + if (length_manufacturer_url_1 > size_manufacturer_url_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_manufacturer_url_1, length_manufacturer_url_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->manufacturer_url), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->manufacturer_url, ndr_get_array_length(ndr, &r->manufacturer_url), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_manufacturer_url_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->manufacturer_url, length_manufacturer_url_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_manufacturer_url_0, 0); } if (r->hardware_id) { @@ -9347,11 +9671,13 @@ static enum ndr_err_code ndr_pull_spoolss_AddDriverInfo6(struct ndr_pull *ndr, i NDR_PULL_SET_MEM_CTX(ndr, r->hardware_id, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->hardware_id)); NDR_CHECK(ndr_pull_array_length(ndr, &r->hardware_id)); - if (ndr_get_array_length(ndr, &r->hardware_id) > ndr_get_array_size(ndr, &r->hardware_id)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->hardware_id), ndr_get_array_length(ndr, &r->hardware_id)); + size_hardware_id_1 = ndr_get_array_size(ndr, &r->hardware_id); + length_hardware_id_1 = ndr_get_array_length(ndr, &r->hardware_id); + if (length_hardware_id_1 > size_hardware_id_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_hardware_id_1, length_hardware_id_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->hardware_id), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->hardware_id, ndr_get_array_length(ndr, &r->hardware_id), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_hardware_id_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->hardware_id, length_hardware_id_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_hardware_id_0, 0); } if (r->provider) { @@ -9359,11 +9685,13 @@ static enum ndr_err_code ndr_pull_spoolss_AddDriverInfo6(struct ndr_pull *ndr, i NDR_PULL_SET_MEM_CTX(ndr, r->provider, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->provider)); NDR_CHECK(ndr_pull_array_length(ndr, &r->provider)); - if (ndr_get_array_length(ndr, &r->provider) > ndr_get_array_size(ndr, &r->provider)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->provider), ndr_get_array_length(ndr, &r->provider)); + size_provider_1 = ndr_get_array_size(ndr, &r->provider); + length_provider_1 = ndr_get_array_length(ndr, &r->provider); + if (length_provider_1 > size_provider_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_provider_1, length_provider_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->provider), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->provider, ndr_get_array_length(ndr, &r->provider), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_provider_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->provider, length_provider_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_provider_0, 0); } } @@ -9611,40 +9939,70 @@ static enum ndr_err_code ndr_push_spoolss_AddDriverInfo8(struct ndr_push *ndr, i static enum ndr_err_code ndr_pull_spoolss_AddDriverInfo8(struct ndr_pull *ndr, int ndr_flags, struct spoolss_AddDriverInfo8 *r) { uint32_t _ptr_driver_name; + uint32_t size_driver_name_1 = 0; + uint32_t length_driver_name_1 = 0; TALLOC_CTX *_mem_save_driver_name_0; uint32_t _ptr_architecture; + uint32_t size_architecture_1 = 0; + uint32_t length_architecture_1 = 0; TALLOC_CTX *_mem_save_architecture_0; uint32_t _ptr_driver_path; + uint32_t size_driver_path_1 = 0; + uint32_t length_driver_path_1 = 0; TALLOC_CTX *_mem_save_driver_path_0; uint32_t _ptr_data_file; + uint32_t size_data_file_1 = 0; + uint32_t length_data_file_1 = 0; TALLOC_CTX *_mem_save_data_file_0; uint32_t _ptr_config_file; + uint32_t size_config_file_1 = 0; + uint32_t length_config_file_1 = 0; TALLOC_CTX *_mem_save_config_file_0; uint32_t _ptr_help_file; + uint32_t size_help_file_1 = 0; + uint32_t length_help_file_1 = 0; TALLOC_CTX *_mem_save_help_file_0; uint32_t _ptr_monitor_name; + uint32_t size_monitor_name_1 = 0; + uint32_t length_monitor_name_1 = 0; TALLOC_CTX *_mem_save_monitor_name_0; uint32_t _ptr_default_datatype; + uint32_t size_default_datatype_1 = 0; + uint32_t length_default_datatype_1 = 0; TALLOC_CTX *_mem_save_default_datatype_0; uint32_t _ptr_dependent_files; TALLOC_CTX *_mem_save_dependent_files_0; uint32_t _ptr_previous_names; TALLOC_CTX *_mem_save_previous_names_0; uint32_t _ptr_manufacturer_name; + uint32_t size_manufacturer_name_1 = 0; + uint32_t length_manufacturer_name_1 = 0; TALLOC_CTX *_mem_save_manufacturer_name_0; uint32_t _ptr_manufacturer_url; + uint32_t size_manufacturer_url_1 = 0; + uint32_t length_manufacturer_url_1 = 0; TALLOC_CTX *_mem_save_manufacturer_url_0; uint32_t _ptr_hardware_id; + uint32_t size_hardware_id_1 = 0; + uint32_t length_hardware_id_1 = 0; TALLOC_CTX *_mem_save_hardware_id_0; uint32_t _ptr_provider; + uint32_t size_provider_1 = 0; + uint32_t length_provider_1 = 0; TALLOC_CTX *_mem_save_provider_0; uint32_t _ptr_print_processor; + uint32_t size_print_processor_1 = 0; + uint32_t length_print_processor_1 = 0; TALLOC_CTX *_mem_save_print_processor_0; uint32_t _ptr_vendor_setup; + uint32_t size_vendor_setup_1 = 0; + uint32_t length_vendor_setup_1 = 0; TALLOC_CTX *_mem_save_vendor_setup_0; uint32_t _ptr_color_profiles; TALLOC_CTX *_mem_save_color_profiles_0; uint32_t _ptr_inf_path; + uint32_t size_inf_path_1 = 0; + uint32_t length_inf_path_1 = 0; TALLOC_CTX *_mem_save_inf_path_0; uint32_t _ptr_core_driver_dependencies; TALLOC_CTX *_mem_save_core_driver_dependencies_0; @@ -9782,11 +10140,13 @@ static enum ndr_err_code ndr_pull_spoolss_AddDriverInfo8(struct ndr_pull *ndr, i NDR_PULL_SET_MEM_CTX(ndr, r->driver_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->driver_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->driver_name)); - if (ndr_get_array_length(ndr, &r->driver_name) > ndr_get_array_size(ndr, &r->driver_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->driver_name), ndr_get_array_length(ndr, &r->driver_name)); + size_driver_name_1 = ndr_get_array_size(ndr, &r->driver_name); + length_driver_name_1 = ndr_get_array_length(ndr, &r->driver_name); + if (length_driver_name_1 > size_driver_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_driver_name_1, length_driver_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->driver_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->driver_name, ndr_get_array_length(ndr, &r->driver_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_driver_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->driver_name, length_driver_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_driver_name_0, 0); } if (r->architecture) { @@ -9794,11 +10154,13 @@ static enum ndr_err_code ndr_pull_spoolss_AddDriverInfo8(struct ndr_pull *ndr, i NDR_PULL_SET_MEM_CTX(ndr, r->architecture, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->architecture)); NDR_CHECK(ndr_pull_array_length(ndr, &r->architecture)); - if (ndr_get_array_length(ndr, &r->architecture) > ndr_get_array_size(ndr, &r->architecture)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->architecture), ndr_get_array_length(ndr, &r->architecture)); + size_architecture_1 = ndr_get_array_size(ndr, &r->architecture); + length_architecture_1 = ndr_get_array_length(ndr, &r->architecture); + if (length_architecture_1 > size_architecture_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_architecture_1, length_architecture_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->architecture), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->architecture, ndr_get_array_length(ndr, &r->architecture), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_architecture_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->architecture, length_architecture_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_architecture_0, 0); } if (r->driver_path) { @@ -9806,11 +10168,13 @@ static enum ndr_err_code ndr_pull_spoolss_AddDriverInfo8(struct ndr_pull *ndr, i NDR_PULL_SET_MEM_CTX(ndr, r->driver_path, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->driver_path)); NDR_CHECK(ndr_pull_array_length(ndr, &r->driver_path)); - if (ndr_get_array_length(ndr, &r->driver_path) > ndr_get_array_size(ndr, &r->driver_path)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->driver_path), ndr_get_array_length(ndr, &r->driver_path)); + size_driver_path_1 = ndr_get_array_size(ndr, &r->driver_path); + length_driver_path_1 = ndr_get_array_length(ndr, &r->driver_path); + if (length_driver_path_1 > size_driver_path_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_driver_path_1, length_driver_path_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->driver_path), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->driver_path, ndr_get_array_length(ndr, &r->driver_path), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_driver_path_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->driver_path, length_driver_path_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_driver_path_0, 0); } if (r->data_file) { @@ -9818,11 +10182,13 @@ static enum ndr_err_code ndr_pull_spoolss_AddDriverInfo8(struct ndr_pull *ndr, i NDR_PULL_SET_MEM_CTX(ndr, r->data_file, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->data_file)); NDR_CHECK(ndr_pull_array_length(ndr, &r->data_file)); - if (ndr_get_array_length(ndr, &r->data_file) > ndr_get_array_size(ndr, &r->data_file)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->data_file), ndr_get_array_length(ndr, &r->data_file)); + size_data_file_1 = ndr_get_array_size(ndr, &r->data_file); + length_data_file_1 = ndr_get_array_length(ndr, &r->data_file); + if (length_data_file_1 > size_data_file_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_data_file_1, length_data_file_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->data_file), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->data_file, ndr_get_array_length(ndr, &r->data_file), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_data_file_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->data_file, length_data_file_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_data_file_0, 0); } if (r->config_file) { @@ -9830,11 +10196,13 @@ static enum ndr_err_code ndr_pull_spoolss_AddDriverInfo8(struct ndr_pull *ndr, i NDR_PULL_SET_MEM_CTX(ndr, r->config_file, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->config_file)); NDR_CHECK(ndr_pull_array_length(ndr, &r->config_file)); - if (ndr_get_array_length(ndr, &r->config_file) > ndr_get_array_size(ndr, &r->config_file)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->config_file), ndr_get_array_length(ndr, &r->config_file)); + size_config_file_1 = ndr_get_array_size(ndr, &r->config_file); + length_config_file_1 = ndr_get_array_length(ndr, &r->config_file); + if (length_config_file_1 > size_config_file_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_config_file_1, length_config_file_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->config_file), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->config_file, ndr_get_array_length(ndr, &r->config_file), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_config_file_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->config_file, length_config_file_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_config_file_0, 0); } if (r->help_file) { @@ -9842,11 +10210,13 @@ static enum ndr_err_code ndr_pull_spoolss_AddDriverInfo8(struct ndr_pull *ndr, i NDR_PULL_SET_MEM_CTX(ndr, r->help_file, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->help_file)); NDR_CHECK(ndr_pull_array_length(ndr, &r->help_file)); - if (ndr_get_array_length(ndr, &r->help_file) > ndr_get_array_size(ndr, &r->help_file)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->help_file), ndr_get_array_length(ndr, &r->help_file)); + size_help_file_1 = ndr_get_array_size(ndr, &r->help_file); + length_help_file_1 = ndr_get_array_length(ndr, &r->help_file); + if (length_help_file_1 > size_help_file_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_help_file_1, length_help_file_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->help_file), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->help_file, ndr_get_array_length(ndr, &r->help_file), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_help_file_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->help_file, length_help_file_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_help_file_0, 0); } if (r->monitor_name) { @@ -9854,11 +10224,13 @@ static enum ndr_err_code ndr_pull_spoolss_AddDriverInfo8(struct ndr_pull *ndr, i NDR_PULL_SET_MEM_CTX(ndr, r->monitor_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->monitor_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->monitor_name)); - if (ndr_get_array_length(ndr, &r->monitor_name) > ndr_get_array_size(ndr, &r->monitor_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->monitor_name), ndr_get_array_length(ndr, &r->monitor_name)); + size_monitor_name_1 = ndr_get_array_size(ndr, &r->monitor_name); + length_monitor_name_1 = ndr_get_array_length(ndr, &r->monitor_name); + if (length_monitor_name_1 > size_monitor_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_monitor_name_1, length_monitor_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->monitor_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->monitor_name, ndr_get_array_length(ndr, &r->monitor_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_monitor_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->monitor_name, length_monitor_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_monitor_name_0, 0); } if (r->default_datatype) { @@ -9866,11 +10238,13 @@ static enum ndr_err_code ndr_pull_spoolss_AddDriverInfo8(struct ndr_pull *ndr, i NDR_PULL_SET_MEM_CTX(ndr, r->default_datatype, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->default_datatype)); NDR_CHECK(ndr_pull_array_length(ndr, &r->default_datatype)); - if (ndr_get_array_length(ndr, &r->default_datatype) > ndr_get_array_size(ndr, &r->default_datatype)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->default_datatype), ndr_get_array_length(ndr, &r->default_datatype)); + size_default_datatype_1 = ndr_get_array_size(ndr, &r->default_datatype); + length_default_datatype_1 = ndr_get_array_length(ndr, &r->default_datatype); + if (length_default_datatype_1 > size_default_datatype_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_default_datatype_1, length_default_datatype_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->default_datatype), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->default_datatype, ndr_get_array_length(ndr, &r->default_datatype), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_default_datatype_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->default_datatype, length_default_datatype_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_default_datatype_0, 0); } if (r->dependent_files) { @@ -9890,11 +10264,13 @@ static enum ndr_err_code ndr_pull_spoolss_AddDriverInfo8(struct ndr_pull *ndr, i NDR_PULL_SET_MEM_CTX(ndr, r->manufacturer_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->manufacturer_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->manufacturer_name)); - if (ndr_get_array_length(ndr, &r->manufacturer_name) > ndr_get_array_size(ndr, &r->manufacturer_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->manufacturer_name), ndr_get_array_length(ndr, &r->manufacturer_name)); + size_manufacturer_name_1 = ndr_get_array_size(ndr, &r->manufacturer_name); + length_manufacturer_name_1 = ndr_get_array_length(ndr, &r->manufacturer_name); + if (length_manufacturer_name_1 > size_manufacturer_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_manufacturer_name_1, length_manufacturer_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->manufacturer_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->manufacturer_name, ndr_get_array_length(ndr, &r->manufacturer_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_manufacturer_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->manufacturer_name, length_manufacturer_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_manufacturer_name_0, 0); } if (r->manufacturer_url) { @@ -9902,11 +10278,13 @@ static enum ndr_err_code ndr_pull_spoolss_AddDriverInfo8(struct ndr_pull *ndr, i NDR_PULL_SET_MEM_CTX(ndr, r->manufacturer_url, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->manufacturer_url)); NDR_CHECK(ndr_pull_array_length(ndr, &r->manufacturer_url)); - if (ndr_get_array_length(ndr, &r->manufacturer_url) > ndr_get_array_size(ndr, &r->manufacturer_url)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->manufacturer_url), ndr_get_array_length(ndr, &r->manufacturer_url)); + size_manufacturer_url_1 = ndr_get_array_size(ndr, &r->manufacturer_url); + length_manufacturer_url_1 = ndr_get_array_length(ndr, &r->manufacturer_url); + if (length_manufacturer_url_1 > size_manufacturer_url_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_manufacturer_url_1, length_manufacturer_url_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->manufacturer_url), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->manufacturer_url, ndr_get_array_length(ndr, &r->manufacturer_url), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_manufacturer_url_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->manufacturer_url, length_manufacturer_url_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_manufacturer_url_0, 0); } if (r->hardware_id) { @@ -9914,11 +10292,13 @@ static enum ndr_err_code ndr_pull_spoolss_AddDriverInfo8(struct ndr_pull *ndr, i NDR_PULL_SET_MEM_CTX(ndr, r->hardware_id, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->hardware_id)); NDR_CHECK(ndr_pull_array_length(ndr, &r->hardware_id)); - if (ndr_get_array_length(ndr, &r->hardware_id) > ndr_get_array_size(ndr, &r->hardware_id)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->hardware_id), ndr_get_array_length(ndr, &r->hardware_id)); + size_hardware_id_1 = ndr_get_array_size(ndr, &r->hardware_id); + length_hardware_id_1 = ndr_get_array_length(ndr, &r->hardware_id); + if (length_hardware_id_1 > size_hardware_id_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_hardware_id_1, length_hardware_id_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->hardware_id), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->hardware_id, ndr_get_array_length(ndr, &r->hardware_id), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_hardware_id_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->hardware_id, length_hardware_id_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_hardware_id_0, 0); } if (r->provider) { @@ -9926,11 +10306,13 @@ static enum ndr_err_code ndr_pull_spoolss_AddDriverInfo8(struct ndr_pull *ndr, i NDR_PULL_SET_MEM_CTX(ndr, r->provider, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->provider)); NDR_CHECK(ndr_pull_array_length(ndr, &r->provider)); - if (ndr_get_array_length(ndr, &r->provider) > ndr_get_array_size(ndr, &r->provider)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->provider), ndr_get_array_length(ndr, &r->provider)); + size_provider_1 = ndr_get_array_size(ndr, &r->provider); + length_provider_1 = ndr_get_array_length(ndr, &r->provider); + if (length_provider_1 > size_provider_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_provider_1, length_provider_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->provider), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->provider, ndr_get_array_length(ndr, &r->provider), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_provider_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->provider, length_provider_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_provider_0, 0); } if (r->print_processor) { @@ -9938,11 +10320,13 @@ static enum ndr_err_code ndr_pull_spoolss_AddDriverInfo8(struct ndr_pull *ndr, i NDR_PULL_SET_MEM_CTX(ndr, r->print_processor, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->print_processor)); NDR_CHECK(ndr_pull_array_length(ndr, &r->print_processor)); - if (ndr_get_array_length(ndr, &r->print_processor) > ndr_get_array_size(ndr, &r->print_processor)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->print_processor), ndr_get_array_length(ndr, &r->print_processor)); + size_print_processor_1 = ndr_get_array_size(ndr, &r->print_processor); + length_print_processor_1 = ndr_get_array_length(ndr, &r->print_processor); + if (length_print_processor_1 > size_print_processor_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_print_processor_1, length_print_processor_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->print_processor), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->print_processor, ndr_get_array_length(ndr, &r->print_processor), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_print_processor_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->print_processor, length_print_processor_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_print_processor_0, 0); } if (r->vendor_setup) { @@ -9950,11 +10334,13 @@ static enum ndr_err_code ndr_pull_spoolss_AddDriverInfo8(struct ndr_pull *ndr, i NDR_PULL_SET_MEM_CTX(ndr, r->vendor_setup, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->vendor_setup)); NDR_CHECK(ndr_pull_array_length(ndr, &r->vendor_setup)); - if (ndr_get_array_length(ndr, &r->vendor_setup) > ndr_get_array_size(ndr, &r->vendor_setup)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->vendor_setup), ndr_get_array_length(ndr, &r->vendor_setup)); + size_vendor_setup_1 = ndr_get_array_size(ndr, &r->vendor_setup); + length_vendor_setup_1 = ndr_get_array_length(ndr, &r->vendor_setup); + if (length_vendor_setup_1 > size_vendor_setup_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_vendor_setup_1, length_vendor_setup_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->vendor_setup), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->vendor_setup, ndr_get_array_length(ndr, &r->vendor_setup), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_vendor_setup_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->vendor_setup, length_vendor_setup_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_vendor_setup_0, 0); } if (r->color_profiles) { @@ -9968,11 +10354,13 @@ static enum ndr_err_code ndr_pull_spoolss_AddDriverInfo8(struct ndr_pull *ndr, i NDR_PULL_SET_MEM_CTX(ndr, r->inf_path, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->inf_path)); NDR_CHECK(ndr_pull_array_length(ndr, &r->inf_path)); - if (ndr_get_array_length(ndr, &r->inf_path) > ndr_get_array_size(ndr, &r->inf_path)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->inf_path), ndr_get_array_length(ndr, &r->inf_path)); + size_inf_path_1 = ndr_get_array_size(ndr, &r->inf_path); + length_inf_path_1 = ndr_get_array_length(ndr, &r->inf_path); + if (length_inf_path_1 > size_inf_path_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_inf_path_1, length_inf_path_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->inf_path), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->inf_path, ndr_get_array_length(ndr, &r->inf_path), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_inf_path_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->inf_path, length_inf_path_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_inf_path_0, 0); } if (r->core_driver_dependencies) { @@ -10202,11 +10590,17 @@ static enum ndr_err_code ndr_pull_spoolss_AddDriverInfo(struct ndr_pull *ndr, in int level; uint32_t _level; TALLOC_CTX *_mem_save_info1_0; + uint32_t _ptr_info1; TALLOC_CTX *_mem_save_info2_0; + uint32_t _ptr_info2; TALLOC_CTX *_mem_save_info3_0; + uint32_t _ptr_info3; TALLOC_CTX *_mem_save_info4_0; + uint32_t _ptr_info4; TALLOC_CTX *_mem_save_info6_0; + uint32_t _ptr_info6; TALLOC_CTX *_mem_save_info8_0; + uint32_t _ptr_info8; level = ndr_pull_get_switch_value(ndr, r); if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &_level)); @@ -10216,7 +10610,6 @@ static enum ndr_err_code ndr_pull_spoolss_AddDriverInfo(struct ndr_pull *ndr, in NDR_CHECK(ndr_pull_union_align(ndr, 5)); switch (level) { case 1: { - uint32_t _ptr_info1; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info1)); if (_ptr_info1) { NDR_PULL_ALLOC(ndr, r->info1); @@ -10226,7 +10619,6 @@ static enum ndr_err_code ndr_pull_spoolss_AddDriverInfo(struct ndr_pull *ndr, in break; } case 2: { - uint32_t _ptr_info2; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info2)); if (_ptr_info2) { NDR_PULL_ALLOC(ndr, r->info2); @@ -10236,7 +10628,6 @@ static enum ndr_err_code ndr_pull_spoolss_AddDriverInfo(struct ndr_pull *ndr, in break; } case 3: { - uint32_t _ptr_info3; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info3)); if (_ptr_info3) { NDR_PULL_ALLOC(ndr, r->info3); @@ -10246,7 +10637,6 @@ static enum ndr_err_code ndr_pull_spoolss_AddDriverInfo(struct ndr_pull *ndr, in break; } case 4: { - uint32_t _ptr_info4; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info4)); if (_ptr_info4) { NDR_PULL_ALLOC(ndr, r->info4); @@ -10256,7 +10646,6 @@ static enum ndr_err_code ndr_pull_spoolss_AddDriverInfo(struct ndr_pull *ndr, in break; } case 6: { - uint32_t _ptr_info6; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info6)); if (_ptr_info6) { NDR_PULL_ALLOC(ndr, r->info6); @@ -10266,7 +10655,6 @@ static enum ndr_err_code ndr_pull_spoolss_AddDriverInfo(struct ndr_pull *ndr, in break; } case 8: { - uint32_t _ptr_info8; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info8)); if (_ptr_info8) { NDR_PULL_ALLOC(ndr, r->info8); @@ -15177,10 +15565,16 @@ static enum ndr_err_code ndr_push_spoolss_DocumentInfo1(struct ndr_push *ndr, in static enum ndr_err_code ndr_pull_spoolss_DocumentInfo1(struct ndr_pull *ndr, int ndr_flags, struct spoolss_DocumentInfo1 *r) { uint32_t _ptr_document_name; + uint32_t size_document_name_1 = 0; + uint32_t length_document_name_1 = 0; TALLOC_CTX *_mem_save_document_name_0; uint32_t _ptr_output_file; + uint32_t size_output_file_1 = 0; + uint32_t length_output_file_1 = 0; TALLOC_CTX *_mem_save_output_file_0; uint32_t _ptr_datatype; + uint32_t size_datatype_1 = 0; + uint32_t length_datatype_1 = 0; TALLOC_CTX *_mem_save_datatype_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 5)); @@ -15210,11 +15604,13 @@ static enum ndr_err_code ndr_pull_spoolss_DocumentInfo1(struct ndr_pull *ndr, in NDR_PULL_SET_MEM_CTX(ndr, r->document_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->document_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->document_name)); - if (ndr_get_array_length(ndr, &r->document_name) > ndr_get_array_size(ndr, &r->document_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->document_name), ndr_get_array_length(ndr, &r->document_name)); + size_document_name_1 = ndr_get_array_size(ndr, &r->document_name); + length_document_name_1 = ndr_get_array_length(ndr, &r->document_name); + if (length_document_name_1 > size_document_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_document_name_1, length_document_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->document_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->document_name, ndr_get_array_length(ndr, &r->document_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_document_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->document_name, length_document_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_document_name_0, 0); } if (r->output_file) { @@ -15222,11 +15618,13 @@ static enum ndr_err_code ndr_pull_spoolss_DocumentInfo1(struct ndr_pull *ndr, in NDR_PULL_SET_MEM_CTX(ndr, r->output_file, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->output_file)); NDR_CHECK(ndr_pull_array_length(ndr, &r->output_file)); - if (ndr_get_array_length(ndr, &r->output_file) > ndr_get_array_size(ndr, &r->output_file)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->output_file), ndr_get_array_length(ndr, &r->output_file)); + size_output_file_1 = ndr_get_array_size(ndr, &r->output_file); + length_output_file_1 = ndr_get_array_length(ndr, &r->output_file); + if (length_output_file_1 > size_output_file_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_output_file_1, length_output_file_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->output_file), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->output_file, ndr_get_array_length(ndr, &r->output_file), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_output_file_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->output_file, length_output_file_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_output_file_0, 0); } if (r->datatype) { @@ -15234,11 +15632,13 @@ static enum ndr_err_code ndr_pull_spoolss_DocumentInfo1(struct ndr_pull *ndr, in NDR_PULL_SET_MEM_CTX(ndr, r->datatype, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->datatype)); NDR_CHECK(ndr_pull_array_length(ndr, &r->datatype)); - if (ndr_get_array_length(ndr, &r->datatype) > ndr_get_array_size(ndr, &r->datatype)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->datatype), ndr_get_array_length(ndr, &r->datatype)); + size_datatype_1 = ndr_get_array_size(ndr, &r->datatype); + length_datatype_1 = ndr_get_array_length(ndr, &r->datatype); + if (length_datatype_1 > size_datatype_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_datatype_1, length_datatype_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->datatype), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->datatype, ndr_get_array_length(ndr, &r->datatype), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_datatype_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->datatype, length_datatype_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_datatype_0, 0); } } @@ -15320,6 +15720,7 @@ static enum ndr_err_code ndr_pull_spoolss_DocumentInfo(struct ndr_pull *ndr, int int level; uint32_t _level; TALLOC_CTX *_mem_save_info1_0; + uint32_t _ptr_info1; level = ndr_pull_get_switch_value(ndr, r); if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &_level)); @@ -15329,7 +15730,6 @@ static enum ndr_err_code ndr_pull_spoolss_DocumentInfo(struct ndr_pull *ndr, int NDR_CHECK(ndr_pull_union_align(ndr, 5)); switch (level) { case 1: { - uint32_t _ptr_info1; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info1)); if (_ptr_info1) { NDR_PULL_ALLOC(ndr, r->info1); @@ -16380,6 +16780,8 @@ static enum ndr_err_code ndr_push_spoolss_AddFormInfo1(struct ndr_push *ndr, int static enum ndr_err_code ndr_pull_spoolss_AddFormInfo1(struct ndr_pull *ndr, int ndr_flags, struct spoolss_AddFormInfo1 *r) { uint32_t _ptr_form_name; + uint32_t size_form_name_1 = 0; + uint32_t length_form_name_1 = 0; TALLOC_CTX *_mem_save_form_name_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 5)); @@ -16400,11 +16802,13 @@ static enum ndr_err_code ndr_pull_spoolss_AddFormInfo1(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->form_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->form_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->form_name)); - if (ndr_get_array_length(ndr, &r->form_name) > ndr_get_array_size(ndr, &r->form_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->form_name), ndr_get_array_length(ndr, &r->form_name)); + size_form_name_1 = ndr_get_array_size(ndr, &r->form_name); + length_form_name_1 = ndr_get_array_length(ndr, &r->form_name); + if (length_form_name_1 > size_form_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_form_name_1, length_form_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->form_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->form_name, ndr_get_array_length(ndr, &r->form_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_form_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->form_name, length_form_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_form_name_0, 0); } } @@ -16475,12 +16879,20 @@ static enum ndr_err_code ndr_push_spoolss_AddFormInfo2(struct ndr_push *ndr, int static enum ndr_err_code ndr_pull_spoolss_AddFormInfo2(struct ndr_pull *ndr, int ndr_flags, struct spoolss_AddFormInfo2 *r) { uint32_t _ptr_form_name; + uint32_t size_form_name_1 = 0; + uint32_t length_form_name_1 = 0; TALLOC_CTX *_mem_save_form_name_0; uint32_t _ptr_keyword; + uint32_t size_keyword_1 = 0; + uint32_t length_keyword_1 = 0; TALLOC_CTX *_mem_save_keyword_0; uint32_t _ptr_mui_dll; + uint32_t size_mui_dll_1 = 0; + uint32_t length_mui_dll_1 = 0; TALLOC_CTX *_mem_save_mui_dll_0; uint32_t _ptr_display_name; + uint32_t size_display_name_1 = 0; + uint32_t length_display_name_1 = 0; TALLOC_CTX *_mem_save_display_name_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 5)); @@ -16522,11 +16934,13 @@ static enum ndr_err_code ndr_pull_spoolss_AddFormInfo2(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->form_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->form_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->form_name)); - if (ndr_get_array_length(ndr, &r->form_name) > ndr_get_array_size(ndr, &r->form_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->form_name), ndr_get_array_length(ndr, &r->form_name)); + size_form_name_1 = ndr_get_array_size(ndr, &r->form_name); + length_form_name_1 = ndr_get_array_length(ndr, &r->form_name); + if (length_form_name_1 > size_form_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_form_name_1, length_form_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->form_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->form_name, ndr_get_array_length(ndr, &r->form_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_form_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->form_name, length_form_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_form_name_0, 0); } if (r->keyword) { @@ -16534,11 +16948,13 @@ static enum ndr_err_code ndr_pull_spoolss_AddFormInfo2(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->keyword, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->keyword)); NDR_CHECK(ndr_pull_array_length(ndr, &r->keyword)); - if (ndr_get_array_length(ndr, &r->keyword) > ndr_get_array_size(ndr, &r->keyword)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->keyword), ndr_get_array_length(ndr, &r->keyword)); + size_keyword_1 = ndr_get_array_size(ndr, &r->keyword); + length_keyword_1 = ndr_get_array_length(ndr, &r->keyword); + if (length_keyword_1 > size_keyword_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_keyword_1, length_keyword_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->keyword), sizeof(uint8_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->keyword, ndr_get_array_length(ndr, &r->keyword), sizeof(uint8_t), CH_DOS)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_keyword_1, sizeof(uint8_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->keyword, length_keyword_1, sizeof(uint8_t), CH_DOS)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_keyword_0, 0); } if (r->mui_dll) { @@ -16546,11 +16962,13 @@ static enum ndr_err_code ndr_pull_spoolss_AddFormInfo2(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->mui_dll, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->mui_dll)); NDR_CHECK(ndr_pull_array_length(ndr, &r->mui_dll)); - if (ndr_get_array_length(ndr, &r->mui_dll) > ndr_get_array_size(ndr, &r->mui_dll)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->mui_dll), ndr_get_array_length(ndr, &r->mui_dll)); + size_mui_dll_1 = ndr_get_array_size(ndr, &r->mui_dll); + length_mui_dll_1 = ndr_get_array_length(ndr, &r->mui_dll); + if (length_mui_dll_1 > size_mui_dll_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_mui_dll_1, length_mui_dll_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->mui_dll), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->mui_dll, ndr_get_array_length(ndr, &r->mui_dll), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_mui_dll_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->mui_dll, length_mui_dll_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_mui_dll_0, 0); } if (r->display_name) { @@ -16558,11 +16976,13 @@ static enum ndr_err_code ndr_pull_spoolss_AddFormInfo2(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->display_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->display_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->display_name)); - if (ndr_get_array_length(ndr, &r->display_name) > ndr_get_array_size(ndr, &r->display_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->display_name), ndr_get_array_length(ndr, &r->display_name)); + size_display_name_1 = ndr_get_array_size(ndr, &r->display_name); + length_display_name_1 = ndr_get_array_length(ndr, &r->display_name); + if (length_display_name_1 > size_display_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_display_name_1, length_display_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->display_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->display_name, ndr_get_array_length(ndr, &r->display_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_display_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->display_name, length_display_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_display_name_0, 0); } } @@ -16652,7 +17072,9 @@ static enum ndr_err_code ndr_pull_spoolss_AddFormInfo(struct ndr_pull *ndr, int int level; uint32_t _level; TALLOC_CTX *_mem_save_info1_0; + uint32_t _ptr_info1; TALLOC_CTX *_mem_save_info2_0; + uint32_t _ptr_info2; level = ndr_pull_get_switch_value(ndr, r); if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &_level)); @@ -16662,7 +17084,6 @@ static enum ndr_err_code ndr_pull_spoolss_AddFormInfo(struct ndr_pull *ndr, int NDR_CHECK(ndr_pull_union_align(ndr, 5)); switch (level) { case 1: { - uint32_t _ptr_info1; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info1)); if (_ptr_info1) { NDR_PULL_ALLOC(ndr, r->info1); @@ -16672,7 +17093,6 @@ static enum ndr_err_code ndr_pull_spoolss_AddFormInfo(struct ndr_pull *ndr, int break; } case 2: { - uint32_t _ptr_info2; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info2)); if (_ptr_info2) { NDR_PULL_ALLOC(ndr, r->info2); @@ -18308,6 +18728,7 @@ static enum ndr_err_code ndr_push_spoolss_NotifyOptionType(struct ndr_push *ndr, static enum ndr_err_code ndr_pull_spoolss_NotifyOptionType(struct ndr_pull *ndr, int ndr_flags, struct spoolss_NotifyOptionType *r) { uint32_t _ptr_fields; + uint32_t size_fields_1 = 0; uint32_t cntr_fields_1; TALLOC_CTX *_mem_save_fields_0; TALLOC_CTX *_mem_save_fields_1; @@ -18331,10 +18752,11 @@ static enum ndr_err_code ndr_pull_spoolss_NotifyOptionType(struct ndr_pull *ndr, _mem_save_fields_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->fields, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->fields)); - NDR_PULL_ALLOC_N(ndr, r->fields, ndr_get_array_size(ndr, &r->fields)); + size_fields_1 = ndr_get_array_size(ndr, &r->fields); + NDR_PULL_ALLOC_N(ndr, r->fields, size_fields_1); _mem_save_fields_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->fields, 0); - for (cntr_fields_1 = 0; cntr_fields_1 < r->count; cntr_fields_1++) { + for (cntr_fields_1 = 0; cntr_fields_1 < size_fields_1; cntr_fields_1++) { NDR_CHECK(ndr_pull_set_switch_value(ndr, &r->fields[cntr_fields_1], r->type)); NDR_CHECK(ndr_pull_spoolss_Field(ndr, NDR_SCALARS, &r->fields[cntr_fields_1])); } @@ -18427,6 +18849,7 @@ static enum ndr_err_code ndr_push_spoolss_NotifyOption(struct ndr_push *ndr, int static enum ndr_err_code ndr_pull_spoolss_NotifyOption(struct ndr_pull *ndr, int ndr_flags, struct spoolss_NotifyOption *r) { uint32_t _ptr_types; + uint32_t size_types_1 = 0; uint32_t cntr_types_1; TALLOC_CTX *_mem_save_types_0; TALLOC_CTX *_mem_save_types_1; @@ -18448,13 +18871,14 @@ static enum ndr_err_code ndr_pull_spoolss_NotifyOption(struct ndr_pull *ndr, int _mem_save_types_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->types, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->types)); - NDR_PULL_ALLOC_N(ndr, r->types, ndr_get_array_size(ndr, &r->types)); + size_types_1 = ndr_get_array_size(ndr, &r->types); + NDR_PULL_ALLOC_N(ndr, r->types, size_types_1); _mem_save_types_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->types, 0); - for (cntr_types_1 = 0; cntr_types_1 < r->count; cntr_types_1++) { + for (cntr_types_1 = 0; cntr_types_1 < size_types_1; cntr_types_1++) { NDR_CHECK(ndr_pull_spoolss_NotifyOptionType(ndr, NDR_SCALARS, &r->types[cntr_types_1])); } - for (cntr_types_1 = 0; cntr_types_1 < r->count; cntr_types_1++) { + for (cntr_types_1 = 0; cntr_types_1 < size_types_1; cntr_types_1++) { NDR_CHECK(ndr_pull_spoolss_NotifyOptionType(ndr, NDR_BUFFERS, &r->types[cntr_types_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_types_1, 0); @@ -18513,6 +18937,7 @@ static enum ndr_err_code ndr_push_spoolss_NotifyString(struct ndr_push *ndr, int static enum ndr_err_code ndr_pull_spoolss_NotifyString(struct ndr_pull *ndr, int ndr_flags, struct spoolss_NotifyString *r) { uint32_t _ptr_string; + uint32_t size_string_1 = 0; TALLOC_CTX *_mem_save_string_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 5)); @@ -18530,7 +18955,8 @@ static enum ndr_err_code ndr_pull_spoolss_NotifyString(struct ndr_pull *ndr, int _mem_save_string_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->string, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->string)); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->string, ndr_get_array_size(ndr, &r->string), sizeof(uint16_t), CH_UTF16)); + size_string_1 = ndr_get_array_size(ndr, &r->string); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->string, size_string_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_string_0, 0); } if (r->string) { @@ -18649,6 +19075,8 @@ static enum ndr_err_code ndr_pull_spoolss_NotifyData(struct ndr_pull *ndr, int n { int level; uint32_t _level; + uint32_t size_integer_0 = 0; + uint32_t cntr_integer_0; level = ndr_pull_get_switch_value(ndr, r); if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &_level)); @@ -18658,8 +19086,8 @@ static enum ndr_err_code ndr_pull_spoolss_NotifyData(struct ndr_pull *ndr, int n NDR_CHECK(ndr_pull_union_align(ndr, 5)); switch (level) { case 1: { - uint32_t cntr_integer_0; - for (cntr_integer_0 = 0; cntr_integer_0 < 2; cntr_integer_0++) { + size_integer_0 = 2; + for (cntr_integer_0 = 0; cntr_integer_0 < size_integer_0; cntr_integer_0++) { NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->integer[cntr_integer_0])); } break; } @@ -18829,6 +19257,7 @@ static enum ndr_err_code ndr_push_spoolss_NotifyInfo(struct ndr_push *ndr, int n static enum ndr_err_code ndr_pull_spoolss_NotifyInfo(struct ndr_pull *ndr, int ndr_flags, struct spoolss_NotifyInfo *r) { + uint32_t size_notifies_0 = 0; uint32_t cntr_notifies_0; TALLOC_CTX *_mem_save_notifies_0; if (ndr_flags & NDR_SCALARS) { @@ -18837,10 +19266,11 @@ static enum ndr_err_code ndr_pull_spoolss_NotifyInfo(struct ndr_pull *ndr, int n NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->version)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->flags)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->count)); - NDR_PULL_ALLOC_N(ndr, r->notifies, ndr_get_array_size(ndr, &r->notifies)); + size_notifies_0 = ndr_get_array_size(ndr, &r->notifies); + NDR_PULL_ALLOC_N(ndr, r->notifies, size_notifies_0); _mem_save_notifies_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->notifies, 0); - for (cntr_notifies_0 = 0; cntr_notifies_0 < r->count; cntr_notifies_0++) { + for (cntr_notifies_0 = 0; cntr_notifies_0 < size_notifies_0; cntr_notifies_0++) { NDR_CHECK(ndr_pull_spoolss_Notify(ndr, NDR_SCALARS, &r->notifies[cntr_notifies_0])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_notifies_0, 0); @@ -18850,9 +19280,10 @@ static enum ndr_err_code ndr_pull_spoolss_NotifyInfo(struct ndr_pull *ndr, int n NDR_CHECK(ndr_pull_trailer_align(ndr, 5)); } if (ndr_flags & NDR_BUFFERS) { + size_notifies_0 = ndr_get_array_size(ndr, &r->notifies); _mem_save_notifies_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->notifies, 0); - for (cntr_notifies_0 = 0; cntr_notifies_0 < r->count; cntr_notifies_0++) { + for (cntr_notifies_0 = 0; cntr_notifies_0 < size_notifies_0; cntr_notifies_0++) { NDR_CHECK(ndr_pull_spoolss_Notify(ndr, NDR_BUFFERS, &r->notifies[cntr_notifies_0])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_notifies_0, 0); @@ -18917,6 +19348,7 @@ static enum ndr_err_code ndr_pull_spoolss_ReplyPrinterInfo(struct ndr_pull *ndr, int level; uint32_t _level; TALLOC_CTX *_mem_save_info0_0; + uint32_t _ptr_info0; level = ndr_pull_get_switch_value(ndr, r); if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &_level)); @@ -18926,7 +19358,6 @@ static enum ndr_err_code ndr_pull_spoolss_ReplyPrinterInfo(struct ndr_pull *ndr, NDR_CHECK(ndr_pull_union_align(ndr, 5)); switch (level) { case 0: { - uint32_t _ptr_info0; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info0)); if (_ptr_info0) { NDR_PULL_ALLOC(ndr, r->info0); @@ -19034,8 +19465,12 @@ static enum ndr_err_code ndr_push_spoolss_UserLevel1(struct ndr_push *ndr, int n static enum ndr_err_code ndr_pull_spoolss_UserLevel1(struct ndr_pull *ndr, int ndr_flags, struct spoolss_UserLevel1 *r) { uint32_t _ptr_client; + uint32_t size_client_1 = 0; + uint32_t length_client_1 = 0; TALLOC_CTX *_mem_save_client_0; uint32_t _ptr_user; + uint32_t size_user_1 = 0; + uint32_t length_user_1 = 0; TALLOC_CTX *_mem_save_user_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 5)); @@ -19064,11 +19499,13 @@ static enum ndr_err_code ndr_pull_spoolss_UserLevel1(struct ndr_pull *ndr, int n NDR_PULL_SET_MEM_CTX(ndr, r->client, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->client)); NDR_CHECK(ndr_pull_array_length(ndr, &r->client)); - if (ndr_get_array_length(ndr, &r->client) > ndr_get_array_size(ndr, &r->client)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->client), ndr_get_array_length(ndr, &r->client)); + size_client_1 = ndr_get_array_size(ndr, &r->client); + length_client_1 = ndr_get_array_length(ndr, &r->client); + if (length_client_1 > size_client_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_client_1, length_client_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->client), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->client, ndr_get_array_length(ndr, &r->client), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_client_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->client, length_client_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_client_0, 0); } if (r->user) { @@ -19076,11 +19513,13 @@ static enum ndr_err_code ndr_pull_spoolss_UserLevel1(struct ndr_pull *ndr, int n NDR_PULL_SET_MEM_CTX(ndr, r->user, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->user)); NDR_CHECK(ndr_pull_array_length(ndr, &r->user)); - if (ndr_get_array_length(ndr, &r->user) > ndr_get_array_size(ndr, &r->user)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->user), ndr_get_array_length(ndr, &r->user)); + size_user_1 = ndr_get_array_size(ndr, &r->user); + length_user_1 = ndr_get_array_length(ndr, &r->user); + if (length_user_1 > size_user_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_user_1, length_user_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->user), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->user, ndr_get_array_length(ndr, &r->user), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_user_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->user, length_user_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_user_0, 0); } } @@ -19179,8 +19618,12 @@ static enum ndr_err_code ndr_push_spoolss_UserLevel3(struct ndr_push *ndr, int n static enum ndr_err_code ndr_pull_spoolss_UserLevel3(struct ndr_pull *ndr, int ndr_flags, struct spoolss_UserLevel3 *r) { uint32_t _ptr_client; + uint32_t size_client_1 = 0; + uint32_t length_client_1 = 0; TALLOC_CTX *_mem_save_client_0; uint32_t _ptr_user; + uint32_t size_user_1 = 0; + uint32_t length_user_1 = 0; TALLOC_CTX *_mem_save_user_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 5)); @@ -19212,11 +19655,13 @@ static enum ndr_err_code ndr_pull_spoolss_UserLevel3(struct ndr_pull *ndr, int n NDR_PULL_SET_MEM_CTX(ndr, r->client, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->client)); NDR_CHECK(ndr_pull_array_length(ndr, &r->client)); - if (ndr_get_array_length(ndr, &r->client) > ndr_get_array_size(ndr, &r->client)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->client), ndr_get_array_length(ndr, &r->client)); + size_client_1 = ndr_get_array_size(ndr, &r->client); + length_client_1 = ndr_get_array_length(ndr, &r->client); + if (length_client_1 > size_client_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_client_1, length_client_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->client), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->client, ndr_get_array_length(ndr, &r->client), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_client_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->client, length_client_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_client_0, 0); } if (r->user) { @@ -19224,11 +19669,13 @@ static enum ndr_err_code ndr_pull_spoolss_UserLevel3(struct ndr_pull *ndr, int n NDR_PULL_SET_MEM_CTX(ndr, r->user, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->user)); NDR_CHECK(ndr_pull_array_length(ndr, &r->user)); - if (ndr_get_array_length(ndr, &r->user) > ndr_get_array_size(ndr, &r->user)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->user), ndr_get_array_length(ndr, &r->user)); + size_user_1 = ndr_get_array_size(ndr, &r->user); + length_user_1 = ndr_get_array_length(ndr, &r->user); + if (length_user_1 > size_user_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_user_1, length_user_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->user), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->user, ndr_get_array_length(ndr, &r->user), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_user_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->user, length_user_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_user_0, 0); } } @@ -19318,8 +19765,11 @@ static enum ndr_err_code ndr_pull_spoolss_UserLevel(struct ndr_pull *ndr, int nd int level; uint32_t _level; TALLOC_CTX *_mem_save_level1_0; + uint32_t _ptr_level1; TALLOC_CTX *_mem_save_level2_0; + uint32_t _ptr_level2; TALLOC_CTX *_mem_save_level3_0; + uint32_t _ptr_level3; level = ndr_pull_get_switch_value(ndr, r); if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &_level)); @@ -19329,7 +19779,6 @@ static enum ndr_err_code ndr_pull_spoolss_UserLevel(struct ndr_pull *ndr, int nd NDR_CHECK(ndr_pull_union_align(ndr, 5)); switch (level) { case 1: { - uint32_t _ptr_level1; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_level1)); if (_ptr_level1) { NDR_PULL_ALLOC(ndr, r->level1); @@ -19339,7 +19788,6 @@ static enum ndr_err_code ndr_pull_spoolss_UserLevel(struct ndr_pull *ndr, int nd break; } case 2: { - uint32_t _ptr_level2; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_level2)); if (_ptr_level2) { NDR_PULL_ALLOC(ndr, r->level2); @@ -19349,7 +19797,6 @@ static enum ndr_err_code ndr_pull_spoolss_UserLevel(struct ndr_pull *ndr, int nd break; } case 3: { - uint32_t _ptr_level3; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_level3)); if (_ptr_level3) { NDR_PULL_ALLOC(ndr, r->level3); @@ -19842,20 +20289,34 @@ _PUBLIC_ enum ndr_err_code ndr_push_spoolss_PortData1(struct ndr_push *ndr, int _PUBLIC_ enum ndr_err_code ndr_pull_spoolss_PortData1(struct ndr_pull *ndr, int ndr_flags, struct spoolss_PortData1 *r) { + uint32_t size_portname_0 = 0; + uint32_t size_hostaddress_0 = 0; + uint32_t size_snmpcommunity_0 = 0; + uint32_t size_queue_0 = 0; + uint32_t size_ip_address_0 = 0; + uint32_t size_hardware_address_0 = 0; + uint32_t size_device_type_0 = 0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->portname, 64, sizeof(uint16_t), CH_UTF16)); + size_portname_0 = 64; + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->portname, size_portname_0, sizeof(uint16_t), CH_UTF16)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->version)); NDR_CHECK(ndr_pull_spoolss_PortProtocol(ndr, NDR_SCALARS, &r->protocol)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->size)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->reserved)); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->hostaddress, 49, sizeof(uint16_t), CH_UTF16)); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->snmpcommunity, 33, sizeof(uint16_t), CH_UTF16)); + size_hostaddress_0 = 49; + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->hostaddress, size_hostaddress_0, sizeof(uint16_t), CH_UTF16)); + size_snmpcommunity_0 = 33; + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->snmpcommunity, size_snmpcommunity_0, sizeof(uint16_t), CH_UTF16)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->dblspool)); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->queue, 33, sizeof(uint16_t), CH_UTF16)); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->ip_address, 16, sizeof(uint16_t), CH_UTF16)); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->hardware_address, 13, sizeof(uint16_t), CH_UTF16)); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->device_type, 257, sizeof(uint16_t), CH_UTF16)); + size_queue_0 = 33; + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->queue, size_queue_0, sizeof(uint16_t), CH_UTF16)); + size_ip_address_0 = 16; + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->ip_address, size_ip_address_0, sizeof(uint16_t), CH_UTF16)); + size_hardware_address_0 = 13; + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->hardware_address, size_hardware_address_0, sizeof(uint16_t), CH_UTF16)); + size_device_type_0 = 257; + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->device_type, size_device_type_0, sizeof(uint16_t), CH_UTF16)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->port_number)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->snmp_enabled)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->snmp_dev_index)); @@ -19915,18 +20376,28 @@ _PUBLIC_ enum ndr_err_code ndr_push_spoolss_PortData2(struct ndr_push *ndr, int _PUBLIC_ enum ndr_err_code ndr_pull_spoolss_PortData2(struct ndr_pull *ndr, int ndr_flags, struct spoolss_PortData2 *r) { + uint32_t size_portname_0 = 0; + uint32_t size_hostaddress_0 = 0; + uint32_t size_snmpcommunity_0 = 0; + uint32_t size_queue_0 = 0; + uint32_t size_device_type_0 = 0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->portname, 64, sizeof(uint16_t), CH_UTF16)); + size_portname_0 = 64; + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->portname, size_portname_0, sizeof(uint16_t), CH_UTF16)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->version)); NDR_CHECK(ndr_pull_spoolss_PortProtocol(ndr, NDR_SCALARS, &r->protocol)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->size)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->reserved)); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->hostaddress, 128, sizeof(uint16_t), CH_UTF16)); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->snmpcommunity, 33, sizeof(uint16_t), CH_UTF16)); + size_hostaddress_0 = 128; + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->hostaddress, size_hostaddress_0, sizeof(uint16_t), CH_UTF16)); + size_snmpcommunity_0 = 33; + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->snmpcommunity, size_snmpcommunity_0, sizeof(uint16_t), CH_UTF16)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->dblspool)); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->queue, 33, sizeof(uint16_t), CH_UTF16)); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->device_type, 257, sizeof(uint16_t), CH_UTF16)); + size_queue_0 = 33; + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->queue, size_queue_0, sizeof(uint16_t), CH_UTF16)); + size_device_type_0 = 257; + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->device_type, size_device_type_0, sizeof(uint16_t), CH_UTF16)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->port_number)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->snmp_enabled)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->snmp_dev_index)); @@ -20047,12 +20518,14 @@ static enum ndr_err_code ndr_push_spoolss_CorePrinterDriver(struct ndr_push *ndr static enum ndr_err_code ndr_pull_spoolss_CorePrinterDriver(struct ndr_pull *ndr, int ndr_flags, struct spoolss_CorePrinterDriver *r) { + uint32_t size_formname_0 = 0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 8)); NDR_CHECK(ndr_pull_GUID(ndr, NDR_SCALARS, &r->core_driver_guid)); NDR_CHECK(ndr_pull_NTTIME(ndr, NDR_SCALARS, &r->driver_date)); NDR_CHECK(ndr_pull_hyper(ndr, NDR_SCALARS, &r->driver_version)); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->formname, 520, sizeof(uint8_t), CH_UTF8)); + size_formname_0 = 520; + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->formname, size_formname_0, sizeof(uint8_t), CH_UTF8)); NDR_CHECK(ndr_pull_trailer_align(ndr, 8)); } if (ndr_flags & NDR_BUFFERS) { @@ -20110,6 +20583,8 @@ _PUBLIC_ enum ndr_err_code ndr_push__spoolss_EnumPrinters(struct ndr_push *ndr, _PUBLIC_ enum ndr_err_code ndr_pull__spoolss_EnumPrinters(struct ndr_pull *ndr, int flags, struct _spoolss_EnumPrinters *r) { uint32_t _ptr_server; + uint32_t size_server_1 = 0; + uint32_t length_server_1 = 0; uint32_t _ptr_buffer; uint32_t _ptr_info; TALLOC_CTX *_mem_save_server_0; @@ -20132,11 +20607,13 @@ _PUBLIC_ enum ndr_err_code ndr_pull__spoolss_EnumPrinters(struct ndr_pull *ndr, NDR_PULL_SET_MEM_CTX(ndr, r->in.server, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.server)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.server)); - if (ndr_get_array_length(ndr, &r->in.server) > ndr_get_array_size(ndr, &r->in.server)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.server), ndr_get_array_length(ndr, &r->in.server)); + size_server_1 = ndr_get_array_size(ndr, &r->in.server); + length_server_1 = ndr_get_array_length(ndr, &r->in.server); + if (length_server_1 > size_server_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_1, length_server_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.server), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server, ndr_get_array_length(ndr, &r->in.server), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server, length_server_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_0, 0); } NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.level)); @@ -20211,6 +20688,7 @@ _PUBLIC_ enum ndr_err_code ndr_push___spoolss_EnumPrinters(struct ndr_push *ndr, _PUBLIC_ enum ndr_err_code ndr_pull___spoolss_EnumPrinters(struct ndr_pull *ndr, int flags, struct __spoolss_EnumPrinters *r) { + uint32_t size_info_0 = 0; uint32_t cntr_info_0; TALLOC_CTX *_mem_save_info_0; if (flags & NDR_IN) { @@ -20220,14 +20698,15 @@ _PUBLIC_ enum ndr_err_code ndr_pull___spoolss_EnumPrinters(struct ndr_pull *ndr, NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.count)); } if (flags & NDR_OUT) { - NDR_PULL_ALLOC_N(ndr, r->out.info, r->in.count); + size_info_0 = r->in.count; + NDR_PULL_ALLOC_N(ndr, r->out.info, size_info_0); _mem_save_info_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->out.info, 0); - for (cntr_info_0 = 0; cntr_info_0 < r->in.count; cntr_info_0++) { + for (cntr_info_0 = 0; cntr_info_0 < size_info_0; cntr_info_0++) { NDR_CHECK(ndr_pull_set_switch_value(ndr, &r->out.info[cntr_info_0], r->in.level)); NDR_CHECK(ndr_pull_spoolss_PrinterInfo(ndr, NDR_SCALARS, &r->out.info[cntr_info_0])); } - for (cntr_info_0 = 0; cntr_info_0 < r->in.count; cntr_info_0++) { + for (cntr_info_0 = 0; cntr_info_0 < size_info_0; cntr_info_0++) { NDR_CHECK(ndr_pull_spoolss_PrinterInfo(ndr, NDR_BUFFERS, &r->out.info[cntr_info_0])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_info_0, 0); @@ -20332,7 +20811,11 @@ _PUBLIC_ enum ndr_err_code ndr_push_spoolss_OpenPrinter(struct ndr_push *ndr, in _PUBLIC_ enum ndr_err_code ndr_pull_spoolss_OpenPrinter(struct ndr_pull *ndr, int flags, struct spoolss_OpenPrinter *r) { uint32_t _ptr_printername; + uint32_t size_printername_1 = 0; + uint32_t length_printername_1 = 0; uint32_t _ptr_datatype; + uint32_t size_datatype_1 = 0; + uint32_t length_datatype_1 = 0; TALLOC_CTX *_mem_save_printername_0; TALLOC_CTX *_mem_save_datatype_0; TALLOC_CTX *_mem_save_handle_0; @@ -20350,11 +20833,13 @@ _PUBLIC_ enum ndr_err_code ndr_pull_spoolss_OpenPrinter(struct ndr_pull *ndr, in NDR_PULL_SET_MEM_CTX(ndr, r->in.printername, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.printername)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.printername)); - if (ndr_get_array_length(ndr, &r->in.printername) > ndr_get_array_size(ndr, &r->in.printername)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.printername), ndr_get_array_length(ndr, &r->in.printername)); + size_printername_1 = ndr_get_array_size(ndr, &r->in.printername); + length_printername_1 = ndr_get_array_length(ndr, &r->in.printername); + if (length_printername_1 > size_printername_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_printername_1, length_printername_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.printername), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.printername, ndr_get_array_length(ndr, &r->in.printername), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_printername_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.printername, length_printername_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_printername_0, 0); } NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_datatype)); @@ -20368,11 +20853,13 @@ _PUBLIC_ enum ndr_err_code ndr_pull_spoolss_OpenPrinter(struct ndr_pull *ndr, in NDR_PULL_SET_MEM_CTX(ndr, r->in.datatype, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.datatype)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.datatype)); - if (ndr_get_array_length(ndr, &r->in.datatype) > ndr_get_array_size(ndr, &r->in.datatype)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.datatype), ndr_get_array_length(ndr, &r->in.datatype)); + size_datatype_1 = ndr_get_array_size(ndr, &r->in.datatype); + length_datatype_1 = ndr_get_array_length(ndr, &r->in.datatype); + if (length_datatype_1 > size_datatype_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_datatype_1, length_datatype_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.datatype), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.datatype, ndr_get_array_length(ndr, &r->in.datatype), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_datatype_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.datatype, length_datatype_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_datatype_0, 0); } NDR_CHECK(ndr_pull_spoolss_DevmodeContainer(ndr, NDR_SCALARS|NDR_BUFFERS, &r->in.devmode_ctr)); @@ -20793,6 +21280,7 @@ _PUBLIC_ enum ndr_err_code ndr_push___spoolss_EnumJobs(struct ndr_push *ndr, int _PUBLIC_ enum ndr_err_code ndr_pull___spoolss_EnumJobs(struct ndr_pull *ndr, int flags, struct __spoolss_EnumJobs *r) { + uint32_t size_info_0 = 0; uint32_t cntr_info_0; TALLOC_CTX *_mem_save_info_0; if (flags & NDR_IN) { @@ -20802,14 +21290,15 @@ _PUBLIC_ enum ndr_err_code ndr_pull___spoolss_EnumJobs(struct ndr_pull *ndr, int NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.count)); } if (flags & NDR_OUT) { - NDR_PULL_ALLOC_N(ndr, r->out.info, r->in.count); + size_info_0 = r->in.count; + NDR_PULL_ALLOC_N(ndr, r->out.info, size_info_0); _mem_save_info_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->out.info, 0); - for (cntr_info_0 = 0; cntr_info_0 < r->in.count; cntr_info_0++) { + for (cntr_info_0 = 0; cntr_info_0 < size_info_0; cntr_info_0++) { NDR_CHECK(ndr_pull_set_switch_value(ndr, &r->out.info[cntr_info_0], r->in.level)); NDR_CHECK(ndr_pull_spoolss_JobInfo(ndr, NDR_SCALARS, &r->out.info[cntr_info_0])); } - for (cntr_info_0 = 0; cntr_info_0 < r->in.count; cntr_info_0++) { + for (cntr_info_0 = 0; cntr_info_0 < size_info_0; cntr_info_0++) { NDR_CHECK(ndr_pull_spoolss_JobInfo(ndr, NDR_BUFFERS, &r->out.info[cntr_info_0])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_info_0, 0); @@ -20916,6 +21405,8 @@ static enum ndr_err_code ndr_push_spoolss_AddPrinter(struct ndr_push *ndr, int f static enum ndr_err_code ndr_pull_spoolss_AddPrinter(struct ndr_pull *ndr, int flags, struct spoolss_AddPrinter *r) { uint32_t _ptr_server; + uint32_t size_server_1 = 0; + uint32_t length_server_1 = 0; TALLOC_CTX *_mem_save_server_0; TALLOC_CTX *_mem_save_info_ctr_0; TALLOC_CTX *_mem_save_devmode_ctr_0; @@ -20935,11 +21426,13 @@ static enum ndr_err_code ndr_pull_spoolss_AddPrinter(struct ndr_pull *ndr, int f NDR_PULL_SET_MEM_CTX(ndr, r->in.server, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.server)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.server)); - if (ndr_get_array_length(ndr, &r->in.server) > ndr_get_array_size(ndr, &r->in.server)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.server), ndr_get_array_length(ndr, &r->in.server)); + size_server_1 = ndr_get_array_size(ndr, &r->in.server); + length_server_1 = ndr_get_array_length(ndr, &r->in.server); + if (length_server_1 > size_server_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_1, length_server_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.server), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server, ndr_get_array_length(ndr, &r->in.server), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server, length_server_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_0, 0); } if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) { @@ -21355,6 +21848,8 @@ static enum ndr_err_code ndr_push_spoolss_AddPrinterDriver(struct ndr_push *ndr, static enum ndr_err_code ndr_pull_spoolss_AddPrinterDriver(struct ndr_pull *ndr, int flags, struct spoolss_AddPrinterDriver *r) { uint32_t _ptr_servername; + uint32_t size_servername_1 = 0; + uint32_t length_servername_1 = 0; TALLOC_CTX *_mem_save_servername_0; TALLOC_CTX *_mem_save_info_ctr_0; if (flags & NDR_IN) { @@ -21369,11 +21864,13 @@ static enum ndr_err_code ndr_pull_spoolss_AddPrinterDriver(struct ndr_pull *ndr, NDR_PULL_SET_MEM_CTX(ndr, r->in.servername, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.servername)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.servername)); - if (ndr_get_array_length(ndr, &r->in.servername) > ndr_get_array_size(ndr, &r->in.servername)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.servername), ndr_get_array_length(ndr, &r->in.servername)); + size_servername_1 = ndr_get_array_size(ndr, &r->in.servername); + length_servername_1 = ndr_get_array_length(ndr, &r->in.servername); + if (length_servername_1 > size_servername_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_servername_1, length_servername_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.servername), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.servername, ndr_get_array_length(ndr, &r->in.servername), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_servername_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.servername, length_servername_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_servername_0, 0); } if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) { @@ -21466,7 +21963,11 @@ _PUBLIC_ enum ndr_err_code ndr_push__spoolss_EnumPrinterDrivers(struct ndr_push _PUBLIC_ enum ndr_err_code ndr_pull__spoolss_EnumPrinterDrivers(struct ndr_pull *ndr, int flags, struct _spoolss_EnumPrinterDrivers *r) { uint32_t _ptr_server; + uint32_t size_server_1 = 0; + uint32_t length_server_1 = 0; uint32_t _ptr_environment; + uint32_t size_environment_1 = 0; + uint32_t length_environment_1 = 0; uint32_t _ptr_buffer; uint32_t _ptr_info; TALLOC_CTX *_mem_save_server_0; @@ -21489,11 +21990,13 @@ _PUBLIC_ enum ndr_err_code ndr_pull__spoolss_EnumPrinterDrivers(struct ndr_pull NDR_PULL_SET_MEM_CTX(ndr, r->in.server, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.server)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.server)); - if (ndr_get_array_length(ndr, &r->in.server) > ndr_get_array_size(ndr, &r->in.server)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.server), ndr_get_array_length(ndr, &r->in.server)); + size_server_1 = ndr_get_array_size(ndr, &r->in.server); + length_server_1 = ndr_get_array_length(ndr, &r->in.server); + if (length_server_1 > size_server_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_1, length_server_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.server), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server, ndr_get_array_length(ndr, &r->in.server), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server, length_server_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_0, 0); } NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_environment)); @@ -21507,11 +22010,13 @@ _PUBLIC_ enum ndr_err_code ndr_pull__spoolss_EnumPrinterDrivers(struct ndr_pull NDR_PULL_SET_MEM_CTX(ndr, r->in.environment, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.environment)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.environment)); - if (ndr_get_array_length(ndr, &r->in.environment) > ndr_get_array_size(ndr, &r->in.environment)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.environment), ndr_get_array_length(ndr, &r->in.environment)); + size_environment_1 = ndr_get_array_size(ndr, &r->in.environment); + length_environment_1 = ndr_get_array_length(ndr, &r->in.environment); + if (length_environment_1 > size_environment_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_environment_1, length_environment_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.environment), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.environment, ndr_get_array_length(ndr, &r->in.environment), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_environment_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.environment, length_environment_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_environment_0, 0); } NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.level)); @@ -21586,6 +22091,7 @@ _PUBLIC_ enum ndr_err_code ndr_push___spoolss_EnumPrinterDrivers(struct ndr_push _PUBLIC_ enum ndr_err_code ndr_pull___spoolss_EnumPrinterDrivers(struct ndr_pull *ndr, int flags, struct __spoolss_EnumPrinterDrivers *r) { + uint32_t size_info_0 = 0; uint32_t cntr_info_0; TALLOC_CTX *_mem_save_info_0; if (flags & NDR_IN) { @@ -21595,14 +22101,15 @@ _PUBLIC_ enum ndr_err_code ndr_pull___spoolss_EnumPrinterDrivers(struct ndr_pull NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.count)); } if (flags & NDR_OUT) { - NDR_PULL_ALLOC_N(ndr, r->out.info, r->in.count); + size_info_0 = r->in.count; + NDR_PULL_ALLOC_N(ndr, r->out.info, size_info_0); _mem_save_info_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->out.info, 0); - for (cntr_info_0 = 0; cntr_info_0 < r->in.count; cntr_info_0++) { + for (cntr_info_0 = 0; cntr_info_0 < size_info_0; cntr_info_0++) { NDR_CHECK(ndr_pull_set_switch_value(ndr, &r->out.info[cntr_info_0], r->in.level)); NDR_CHECK(ndr_pull_spoolss_DriverInfo(ndr, NDR_SCALARS, &r->out.info[cntr_info_0])); } - for (cntr_info_0 = 0; cntr_info_0 < r->in.count; cntr_info_0++) { + for (cntr_info_0 = 0; cntr_info_0 < size_info_0; cntr_info_0++) { NDR_CHECK(ndr_pull_spoolss_DriverInfo(ndr, NDR_BUFFERS, &r->out.info[cntr_info_0])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_info_0, 0); @@ -21723,6 +22230,8 @@ static enum ndr_err_code ndr_push_spoolss_GetPrinterDriver(struct ndr_push *ndr, static enum ndr_err_code ndr_pull_spoolss_GetPrinterDriver(struct ndr_pull *ndr, int flags, struct spoolss_GetPrinterDriver *r) { uint32_t _ptr_architecture; + uint32_t size_architecture_1 = 0; + uint32_t length_architecture_1 = 0; uint32_t _ptr_buffer; uint32_t _ptr_info; TALLOC_CTX *_mem_save_handle_0; @@ -21751,11 +22260,13 @@ static enum ndr_err_code ndr_pull_spoolss_GetPrinterDriver(struct ndr_pull *ndr, NDR_PULL_SET_MEM_CTX(ndr, r->in.architecture, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.architecture)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.architecture)); - if (ndr_get_array_length(ndr, &r->in.architecture) > ndr_get_array_size(ndr, &r->in.architecture)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.architecture), ndr_get_array_length(ndr, &r->in.architecture)); + size_architecture_1 = ndr_get_array_size(ndr, &r->in.architecture); + length_architecture_1 = ndr_get_array_length(ndr, &r->in.architecture); + if (length_architecture_1 > size_architecture_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_architecture_1, length_architecture_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.architecture), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.architecture, ndr_get_array_length(ndr, &r->in.architecture), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_architecture_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.architecture, length_architecture_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_architecture_0, 0); } NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.level)); @@ -21903,7 +22414,11 @@ _PUBLIC_ enum ndr_err_code ndr_push_spoolss_GetPrinterDriverDirectory(struct ndr _PUBLIC_ enum ndr_err_code ndr_pull_spoolss_GetPrinterDriverDirectory(struct ndr_pull *ndr, int flags, struct spoolss_GetPrinterDriverDirectory *r) { uint32_t _ptr_server; + uint32_t size_server_1 = 0; + uint32_t length_server_1 = 0; uint32_t _ptr_environment; + uint32_t size_environment_1 = 0; + uint32_t length_environment_1 = 0; uint32_t _ptr_buffer; uint32_t _ptr_info; TALLOC_CTX *_mem_save_server_0; @@ -21925,11 +22440,13 @@ _PUBLIC_ enum ndr_err_code ndr_pull_spoolss_GetPrinterDriverDirectory(struct ndr NDR_PULL_SET_MEM_CTX(ndr, r->in.server, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.server)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.server)); - if (ndr_get_array_length(ndr, &r->in.server) > ndr_get_array_size(ndr, &r->in.server)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.server), ndr_get_array_length(ndr, &r->in.server)); + size_server_1 = ndr_get_array_size(ndr, &r->in.server); + length_server_1 = ndr_get_array_length(ndr, &r->in.server); + if (length_server_1 > size_server_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_1, length_server_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.server), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server, ndr_get_array_length(ndr, &r->in.server), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server, length_server_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_0, 0); } NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_environment)); @@ -21943,11 +22460,13 @@ _PUBLIC_ enum ndr_err_code ndr_pull_spoolss_GetPrinterDriverDirectory(struct ndr NDR_PULL_SET_MEM_CTX(ndr, r->in.environment, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.environment)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.environment)); - if (ndr_get_array_length(ndr, &r->in.environment) > ndr_get_array_size(ndr, &r->in.environment)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.environment), ndr_get_array_length(ndr, &r->in.environment)); + size_environment_1 = ndr_get_array_size(ndr, &r->in.environment); + length_environment_1 = ndr_get_array_length(ndr, &r->in.environment); + if (length_environment_1 > size_environment_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_environment_1, length_environment_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.environment), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.environment, ndr_get_array_length(ndr, &r->in.environment), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_environment_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.environment, length_environment_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_environment_0, 0); } NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.level)); @@ -22078,6 +22597,12 @@ static enum ndr_err_code ndr_push_spoolss_DeletePrinterDriver(struct ndr_push *n static enum ndr_err_code ndr_pull_spoolss_DeletePrinterDriver(struct ndr_pull *ndr, int flags, struct spoolss_DeletePrinterDriver *r) { uint32_t _ptr_server; + uint32_t size_server_1 = 0; + uint32_t length_server_1 = 0; + uint32_t size_architecture_0 = 0; + uint32_t length_architecture_0 = 0; + uint32_t size_driver_0 = 0; + uint32_t length_driver_0 = 0; TALLOC_CTX *_mem_save_server_0; if (flags & NDR_IN) { NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_server)); @@ -22091,27 +22616,33 @@ static enum ndr_err_code ndr_pull_spoolss_DeletePrinterDriver(struct ndr_pull *n NDR_PULL_SET_MEM_CTX(ndr, r->in.server, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.server)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.server)); - if (ndr_get_array_length(ndr, &r->in.server) > ndr_get_array_size(ndr, &r->in.server)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.server), ndr_get_array_length(ndr, &r->in.server)); + size_server_1 = ndr_get_array_size(ndr, &r->in.server); + length_server_1 = ndr_get_array_length(ndr, &r->in.server); + if (length_server_1 > size_server_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_1, length_server_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.server), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server, ndr_get_array_length(ndr, &r->in.server), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server, length_server_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_0, 0); } NDR_CHECK(ndr_pull_array_size(ndr, &r->in.architecture)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.architecture)); - if (ndr_get_array_length(ndr, &r->in.architecture) > ndr_get_array_size(ndr, &r->in.architecture)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.architecture), ndr_get_array_length(ndr, &r->in.architecture)); + size_architecture_0 = ndr_get_array_size(ndr, &r->in.architecture); + length_architecture_0 = ndr_get_array_length(ndr, &r->in.architecture); + if (length_architecture_0 > size_architecture_0) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_architecture_0, length_architecture_0); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.architecture), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.architecture, ndr_get_array_length(ndr, &r->in.architecture), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_architecture_0, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.architecture, length_architecture_0, sizeof(uint16_t), CH_UTF16)); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.driver)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.driver)); - if (ndr_get_array_length(ndr, &r->in.driver) > ndr_get_array_size(ndr, &r->in.driver)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.driver), ndr_get_array_length(ndr, &r->in.driver)); + size_driver_0 = ndr_get_array_size(ndr, &r->in.driver); + length_driver_0 = ndr_get_array_length(ndr, &r->in.driver); + if (length_driver_0 > size_driver_0) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_driver_0, length_driver_0); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.driver), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.driver, ndr_get_array_length(ndr, &r->in.driver), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_driver_0, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.driver, length_driver_0, sizeof(uint16_t), CH_UTF16)); } if (flags & NDR_OUT) { NDR_CHECK(ndr_pull_WERROR(ndr, NDR_SCALARS, &r->out.result)); @@ -22180,6 +22711,14 @@ static enum ndr_err_code ndr_push_spoolss_AddPrintProcessor(struct ndr_push *ndr static enum ndr_err_code ndr_pull_spoolss_AddPrintProcessor(struct ndr_pull *ndr, int flags, struct spoolss_AddPrintProcessor *r) { uint32_t _ptr_server; + uint32_t size_server_1 = 0; + uint32_t length_server_1 = 0; + uint32_t size_architecture_0 = 0; + uint32_t length_architecture_0 = 0; + uint32_t size_path_name_0 = 0; + uint32_t length_path_name_0 = 0; + uint32_t size_print_processor_name_0 = 0; + uint32_t length_print_processor_name_0 = 0; TALLOC_CTX *_mem_save_server_0; if (flags & NDR_IN) { NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_server)); @@ -22193,34 +22732,42 @@ static enum ndr_err_code ndr_pull_spoolss_AddPrintProcessor(struct ndr_pull *ndr NDR_PULL_SET_MEM_CTX(ndr, r->in.server, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.server)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.server)); - if (ndr_get_array_length(ndr, &r->in.server) > ndr_get_array_size(ndr, &r->in.server)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.server), ndr_get_array_length(ndr, &r->in.server)); + size_server_1 = ndr_get_array_size(ndr, &r->in.server); + length_server_1 = ndr_get_array_length(ndr, &r->in.server); + if (length_server_1 > size_server_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_1, length_server_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.server), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server, ndr_get_array_length(ndr, &r->in.server), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server, length_server_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_0, 0); } NDR_CHECK(ndr_pull_array_size(ndr, &r->in.architecture)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.architecture)); - if (ndr_get_array_length(ndr, &r->in.architecture) > ndr_get_array_size(ndr, &r->in.architecture)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.architecture), ndr_get_array_length(ndr, &r->in.architecture)); + size_architecture_0 = ndr_get_array_size(ndr, &r->in.architecture); + length_architecture_0 = ndr_get_array_length(ndr, &r->in.architecture); + if (length_architecture_0 > size_architecture_0) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_architecture_0, length_architecture_0); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.architecture), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.architecture, ndr_get_array_length(ndr, &r->in.architecture), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_architecture_0, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.architecture, length_architecture_0, sizeof(uint16_t), CH_UTF16)); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.path_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.path_name)); - if (ndr_get_array_length(ndr, &r->in.path_name) > ndr_get_array_size(ndr, &r->in.path_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.path_name), ndr_get_array_length(ndr, &r->in.path_name)); + size_path_name_0 = ndr_get_array_size(ndr, &r->in.path_name); + length_path_name_0 = ndr_get_array_length(ndr, &r->in.path_name); + if (length_path_name_0 > size_path_name_0) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_path_name_0, length_path_name_0); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.path_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.path_name, ndr_get_array_length(ndr, &r->in.path_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_path_name_0, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.path_name, length_path_name_0, sizeof(uint16_t), CH_UTF16)); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.print_processor_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.print_processor_name)); - if (ndr_get_array_length(ndr, &r->in.print_processor_name) > ndr_get_array_size(ndr, &r->in.print_processor_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.print_processor_name), ndr_get_array_length(ndr, &r->in.print_processor_name)); + size_print_processor_name_0 = ndr_get_array_size(ndr, &r->in.print_processor_name); + length_print_processor_name_0 = ndr_get_array_length(ndr, &r->in.print_processor_name); + if (length_print_processor_name_0 > size_print_processor_name_0) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_print_processor_name_0, length_print_processor_name_0); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.print_processor_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.print_processor_name, ndr_get_array_length(ndr, &r->in.print_processor_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_print_processor_name_0, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.print_processor_name, length_print_processor_name_0, sizeof(uint16_t), CH_UTF16)); } if (flags & NDR_OUT) { NDR_CHECK(ndr_pull_WERROR(ndr, NDR_SCALARS, &r->out.result)); @@ -22303,7 +22850,11 @@ _PUBLIC_ enum ndr_err_code ndr_push__spoolss_EnumPrintProcessors(struct ndr_push _PUBLIC_ enum ndr_err_code ndr_pull__spoolss_EnumPrintProcessors(struct ndr_pull *ndr, int flags, struct _spoolss_EnumPrintProcessors *r) { uint32_t _ptr_servername; + uint32_t size_servername_1 = 0; + uint32_t length_servername_1 = 0; uint32_t _ptr_environment; + uint32_t size_environment_1 = 0; + uint32_t length_environment_1 = 0; uint32_t _ptr_buffer; uint32_t _ptr_info; TALLOC_CTX *_mem_save_servername_0; @@ -22326,11 +22877,13 @@ _PUBLIC_ enum ndr_err_code ndr_pull__spoolss_EnumPrintProcessors(struct ndr_pull NDR_PULL_SET_MEM_CTX(ndr, r->in.servername, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.servername)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.servername)); - if (ndr_get_array_length(ndr, &r->in.servername) > ndr_get_array_size(ndr, &r->in.servername)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.servername), ndr_get_array_length(ndr, &r->in.servername)); + size_servername_1 = ndr_get_array_size(ndr, &r->in.servername); + length_servername_1 = ndr_get_array_length(ndr, &r->in.servername); + if (length_servername_1 > size_servername_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_servername_1, length_servername_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.servername), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.servername, ndr_get_array_length(ndr, &r->in.servername), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_servername_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.servername, length_servername_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_servername_0, 0); } NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_environment)); @@ -22344,11 +22897,13 @@ _PUBLIC_ enum ndr_err_code ndr_pull__spoolss_EnumPrintProcessors(struct ndr_pull NDR_PULL_SET_MEM_CTX(ndr, r->in.environment, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.environment)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.environment)); - if (ndr_get_array_length(ndr, &r->in.environment) > ndr_get_array_size(ndr, &r->in.environment)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.environment), ndr_get_array_length(ndr, &r->in.environment)); + size_environment_1 = ndr_get_array_size(ndr, &r->in.environment); + length_environment_1 = ndr_get_array_length(ndr, &r->in.environment); + if (length_environment_1 > size_environment_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_environment_1, length_environment_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.environment), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.environment, ndr_get_array_length(ndr, &r->in.environment), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_environment_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.environment, length_environment_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_environment_0, 0); } NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.level)); @@ -22423,6 +22978,7 @@ _PUBLIC_ enum ndr_err_code ndr_push___spoolss_EnumPrintProcessors(struct ndr_pus _PUBLIC_ enum ndr_err_code ndr_pull___spoolss_EnumPrintProcessors(struct ndr_pull *ndr, int flags, struct __spoolss_EnumPrintProcessors *r) { + uint32_t size_info_0 = 0; uint32_t cntr_info_0; TALLOC_CTX *_mem_save_info_0; if (flags & NDR_IN) { @@ -22432,14 +22988,15 @@ _PUBLIC_ enum ndr_err_code ndr_pull___spoolss_EnumPrintProcessors(struct ndr_pul NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.count)); } if (flags & NDR_OUT) { - NDR_PULL_ALLOC_N(ndr, r->out.info, r->in.count); + size_info_0 = r->in.count; + NDR_PULL_ALLOC_N(ndr, r->out.info, size_info_0); _mem_save_info_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->out.info, 0); - for (cntr_info_0 = 0; cntr_info_0 < r->in.count; cntr_info_0++) { + for (cntr_info_0 = 0; cntr_info_0 < size_info_0; cntr_info_0++) { NDR_CHECK(ndr_pull_set_switch_value(ndr, &r->out.info[cntr_info_0], r->in.level)); NDR_CHECK(ndr_pull_spoolss_PrintProcessorInfo(ndr, NDR_SCALARS, &r->out.info[cntr_info_0])); } - for (cntr_info_0 = 0; cntr_info_0 < r->in.count; cntr_info_0++) { + for (cntr_info_0 = 0; cntr_info_0 < size_info_0; cntr_info_0++) { NDR_CHECK(ndr_pull_spoolss_PrintProcessorInfo(ndr, NDR_BUFFERS, &r->out.info[cntr_info_0])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_info_0, 0); @@ -22563,7 +23120,11 @@ static enum ndr_err_code ndr_push_spoolss_GetPrintProcessorDirectory(struct ndr_ static enum ndr_err_code ndr_pull_spoolss_GetPrintProcessorDirectory(struct ndr_pull *ndr, int flags, struct spoolss_GetPrintProcessorDirectory *r) { uint32_t _ptr_server; + uint32_t size_server_1 = 0; + uint32_t length_server_1 = 0; uint32_t _ptr_environment; + uint32_t size_environment_1 = 0; + uint32_t length_environment_1 = 0; uint32_t _ptr_buffer; uint32_t _ptr_info; TALLOC_CTX *_mem_save_server_0; @@ -22585,11 +23146,13 @@ static enum ndr_err_code ndr_pull_spoolss_GetPrintProcessorDirectory(struct ndr_ NDR_PULL_SET_MEM_CTX(ndr, r->in.server, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.server)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.server)); - if (ndr_get_array_length(ndr, &r->in.server) > ndr_get_array_size(ndr, &r->in.server)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.server), ndr_get_array_length(ndr, &r->in.server)); + size_server_1 = ndr_get_array_size(ndr, &r->in.server); + length_server_1 = ndr_get_array_length(ndr, &r->in.server); + if (length_server_1 > size_server_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_1, length_server_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.server), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server, ndr_get_array_length(ndr, &r->in.server), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server, length_server_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_0, 0); } NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_environment)); @@ -22603,11 +23166,13 @@ static enum ndr_err_code ndr_pull_spoolss_GetPrintProcessorDirectory(struct ndr_ NDR_PULL_SET_MEM_CTX(ndr, r->in.environment, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.environment)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.environment)); - if (ndr_get_array_length(ndr, &r->in.environment) > ndr_get_array_size(ndr, &r->in.environment)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.environment), ndr_get_array_length(ndr, &r->in.environment)); + size_environment_1 = ndr_get_array_size(ndr, &r->in.environment); + length_environment_1 = ndr_get_array_length(ndr, &r->in.environment); + if (length_environment_1 > size_environment_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_environment_1, length_environment_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.environment), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.environment, ndr_get_array_length(ndr, &r->in.environment), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_environment_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.environment, length_environment_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_environment_0, 0); } NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.level)); @@ -23076,6 +23641,7 @@ static enum ndr_err_code ndr_push_spoolss_ReadPrinter(struct ndr_push *ndr, int static enum ndr_err_code ndr_pull_spoolss_ReadPrinter(struct ndr_pull *ndr, int flags, struct spoolss_ReadPrinter *r) { + uint32_t size_data_1 = 0; TALLOC_CTX *_mem_save_handle_0; TALLOC_CTX *_mem_save__data_size_0; if (flags & NDR_IN) { @@ -23096,10 +23662,11 @@ static enum ndr_err_code ndr_pull_spoolss_ReadPrinter(struct ndr_pull *ndr, int } if (flags & NDR_OUT) { NDR_CHECK(ndr_pull_array_size(ndr, &r->out.data)); + size_data_1 = ndr_get_array_size(ndr, &r->out.data); if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) { - NDR_PULL_ALLOC_N(ndr, r->out.data, ndr_get_array_size(ndr, &r->out.data)); + NDR_PULL_ALLOC_N(ndr, r->out.data, size_data_1); } - NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->out.data, ndr_get_array_size(ndr, &r->out.data))); + NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->out.data, size_data_1)); if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) { NDR_PULL_ALLOC(ndr, r->out._data_size); } @@ -23239,6 +23806,7 @@ static enum ndr_err_code ndr_push_spoolss_AddJob(struct ndr_push *ndr, int flags static enum ndr_err_code ndr_pull_spoolss_AddJob(struct ndr_pull *ndr, int flags, struct spoolss_AddJob *r) { uint32_t _ptr_buffer; + uint32_t size_buffer_1 = 0; TALLOC_CTX *_mem_save_handle_0; TALLOC_CTX *_mem_save_buffer_0; TALLOC_CTX *_mem_save_needed_0; @@ -23263,8 +23831,9 @@ static enum ndr_err_code ndr_pull_spoolss_AddJob(struct ndr_pull *ndr, int flags _mem_save_buffer_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->in.buffer, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.buffer)); - NDR_PULL_ALLOC_N(ndr, r->in.buffer, ndr_get_array_size(ndr, &r->in.buffer)); - NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->in.buffer, ndr_get_array_size(ndr, &r->in.buffer))); + size_buffer_1 = ndr_get_array_size(ndr, &r->in.buffer); + NDR_PULL_ALLOC_N(ndr, r->in.buffer, size_buffer_1); + NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->in.buffer, size_buffer_1)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_buffer_0, 0); } NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.offered)); @@ -23285,8 +23854,9 @@ static enum ndr_err_code ndr_pull_spoolss_AddJob(struct ndr_pull *ndr, int flags _mem_save_buffer_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->out.buffer, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->out.buffer)); - NDR_PULL_ALLOC_N(ndr, r->out.buffer, ndr_get_array_size(ndr, &r->out.buffer)); - NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->out.buffer, ndr_get_array_size(ndr, &r->out.buffer))); + size_buffer_1 = ndr_get_array_size(ndr, &r->out.buffer); + NDR_PULL_ALLOC_N(ndr, r->out.buffer, size_buffer_1); + NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->out.buffer, size_buffer_1)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_buffer_0, 0); } if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) { @@ -23441,6 +24011,9 @@ static enum ndr_err_code ndr_push_spoolss_GetPrinterData(struct ndr_push *ndr, i static enum ndr_err_code ndr_pull_spoolss_GetPrinterData(struct ndr_pull *ndr, int flags, struct spoolss_GetPrinterData *r) { + uint32_t size_value_name_0 = 0; + uint32_t length_value_name_0 = 0; + uint32_t size_data_1 = 0; TALLOC_CTX *_mem_save_handle_0; TALLOC_CTX *_mem_save_type_0; TALLOC_CTX *_mem_save_needed_0; @@ -23456,11 +24029,13 @@ static enum ndr_err_code ndr_pull_spoolss_GetPrinterData(struct ndr_pull *ndr, i NDR_PULL_SET_MEM_CTX(ndr, _mem_save_handle_0, LIBNDR_FLAG_REF_ALLOC); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.value_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.value_name)); - if (ndr_get_array_length(ndr, &r->in.value_name) > ndr_get_array_size(ndr, &r->in.value_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.value_name), ndr_get_array_length(ndr, &r->in.value_name)); + size_value_name_0 = ndr_get_array_size(ndr, &r->in.value_name); + length_value_name_0 = ndr_get_array_length(ndr, &r->in.value_name); + if (length_value_name_0 > size_value_name_0) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_value_name_0, length_value_name_0); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.value_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.value_name, ndr_get_array_length(ndr, &r->in.value_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_value_name_0, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.value_name, length_value_name_0, sizeof(uint16_t), CH_UTF16)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.offered)); NDR_PULL_ALLOC(ndr, r->out.type); ZERO_STRUCTP(r->out.type); @@ -23478,10 +24053,11 @@ static enum ndr_err_code ndr_pull_spoolss_GetPrinterData(struct ndr_pull *ndr, i NDR_CHECK(ndr_pull_winreg_Type(ndr, NDR_SCALARS, r->out.type)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_type_0, LIBNDR_FLAG_REF_ALLOC); NDR_CHECK(ndr_pull_array_size(ndr, &r->out.data)); + size_data_1 = ndr_get_array_size(ndr, &r->out.data); if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) { - NDR_PULL_ALLOC_N(ndr, r->out.data, ndr_get_array_size(ndr, &r->out.data)); + NDR_PULL_ALLOC_N(ndr, r->out.data, size_data_1); } - NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->out.data, ndr_get_array_size(ndr, &r->out.data))); + NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->out.data, size_data_1)); if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) { NDR_PULL_ALLOC(ndr, r->out.needed); } @@ -23563,6 +24139,9 @@ static enum ndr_err_code ndr_push_spoolss_SetPrinterData(struct ndr_push *ndr, i static enum ndr_err_code ndr_pull_spoolss_SetPrinterData(struct ndr_pull *ndr, int flags, struct spoolss_SetPrinterData *r) { + uint32_t size_value_name_0 = 0; + uint32_t length_value_name_0 = 0; + uint32_t size_data_1 = 0; TALLOC_CTX *_mem_save_handle_0; if (flags & NDR_IN) { if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) { @@ -23574,17 +24153,20 @@ static enum ndr_err_code ndr_pull_spoolss_SetPrinterData(struct ndr_pull *ndr, i NDR_PULL_SET_MEM_CTX(ndr, _mem_save_handle_0, LIBNDR_FLAG_REF_ALLOC); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.value_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.value_name)); - if (ndr_get_array_length(ndr, &r->in.value_name) > ndr_get_array_size(ndr, &r->in.value_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.value_name), ndr_get_array_length(ndr, &r->in.value_name)); + size_value_name_0 = ndr_get_array_size(ndr, &r->in.value_name); + length_value_name_0 = ndr_get_array_length(ndr, &r->in.value_name); + if (length_value_name_0 > size_value_name_0) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_value_name_0, length_value_name_0); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.value_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.value_name, ndr_get_array_length(ndr, &r->in.value_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_value_name_0, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.value_name, length_value_name_0, sizeof(uint16_t), CH_UTF16)); NDR_CHECK(ndr_pull_winreg_Type(ndr, NDR_SCALARS, &r->in.type)); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.data)); + size_data_1 = ndr_get_array_size(ndr, &r->in.data); if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) { - NDR_PULL_ALLOC_N(ndr, r->in.data, ndr_get_array_size(ndr, &r->in.data)); +