From 43e320052c12c24f35eb067d126ab6a57f8900cf Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Mon, 27 Jul 2009 15:52:16 +0200 Subject: [PATCH 01/12] pidl: add support for [string] on fixed size arrays. midl also supports this: struct { long l1; [string] wchar_t str[16]; long l2; }; Where the wire size of str is encoded like a length_is() header: 4-byte offset == 0; 4-byte array length; The strings are zero terminated. metze (cherry picked from commit 7ccc9a6ef563cc855752b4e74152420b9be5af43) --- pidl/lib/Parse/Pidl/NDR.pm | 7 ++ pidl/lib/Parse/Pidl/Samba4/NDR/Parser.pm | 2 +- pidl/tests/ndr_string.pl | 110 +++++++++++++++++++++++++++++- 3 files changed, 117 insertions(+), 2 deletions(-) diff --git a/pidl/lib/Parse/Pidl/NDR.pm b/pidl/lib/Parse/Pidl/NDR.pm index 5ee26d1..6e072a1 100644 --- a/pidl/lib/Parse/Pidl/NDR.pm +++ b/pidl/lib/Parse/Pidl/NDR.pm @@ -141,6 +141,13 @@ sub GetElementLevelTable($$) $is_fixed = 1 if (not $is_conformant and Parse::Pidl::Util::is_constant($size)); $is_inline = 1 if (not $is_conformant and not Parse::Pidl::Util::is_constant($size)); + if ($i == 0 and $is_fixed and has_property($e, "string")) { + $is_fixed = 0; + $is_varying = 1; + $is_string = 1; + delete($e->{PROPERTIES}->{string}); + } + push (@$order, { TYPE => "ARRAY", SIZE_IS => $size, diff --git a/pidl/lib/Parse/Pidl/Samba4/NDR/Parser.pm b/pidl/lib/Parse/Pidl/Samba4/NDR/Parser.pm index c822d67..c4e3eb7 100644 --- a/pidl/lib/Parse/Pidl/Samba4/NDR/Parser.pm +++ b/pidl/lib/Parse/Pidl/Samba4/NDR/Parser.pm @@ -326,7 +326,7 @@ sub ParseArrayPullHeader($$$$$$) if ($l->{IS_CONFORMANT}) { $length = $size = "ndr_get_array_size($ndr, " . get_pointer_to($var_name) . ")"; - } elsif ($l->{IS_ZERO_TERMINATED}) { # Noheader arrays + } elsif ($l->{IS_ZERO_TERMINATED} and $l->{SIZE_IS} == 0 and $l->{LENGTH_IS} == 0) { # Noheader arrays $length = $size = "ndr_get_string_size($ndr, sizeof(*$var_name))"; } else { $length = $size = ParseExprExt($l->{SIZE_IS}, $env, $e->{ORIGINAL}, diff --git a/pidl/tests/ndr_string.pl b/pidl/tests/ndr_string.pl index 2f2d941..faecbbf 100755 --- a/pidl/tests/ndr_string.pl +++ b/pidl/tests/ndr_string.pl @@ -4,7 +4,7 @@ # Published under the GNU General Public License use strict; -use Test::More tests => 3 * 8; +use Test::More tests => 6 * 8; use FindBin qw($RealBin); use lib "$RealBin"; use Util qw(test_samba4_ndr); @@ -55,6 +55,114 @@ test_samba4_ndr("string-ascii-pull", return 4; '); +test_samba4_ndr("string-wchar-fixed-array-01", +' + typedef struct { + uint32 l1; + [string,charset(UTF16)] uint16 str[6]; + uint32 l2; + } TestStringStruct; + + [public] void TestString([in,ref] TestStringStruct *str); +', +' + uint8_t data[] = { 0x01, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, + 0x04, 0x00, 0x00, 0x00, + \'f\', 0x00, \'o\', 0x00, + \'o\', 0x00, 0x00, 0x00 + 0x02, 0x00, 0x00, 0x00 + }; + DATA_BLOB b = { data, sizeof(data) }; + struct ndr_pull *ndr = ndr_pull_init_blob(&b, NULL, + smb_iconv_convenience_init(NULL, "ASCII", "UTF8", true)); + struct TestString r; + struct TestStringStruct str; + r.in.str = &str; + + if (!NDR_ERR_CODE_IS_SUCCESS(ndr_pull_TestString(ndr, NDR_IN, &r))) + return 1; + + if (r.in.str == NULL) + return 2; + + if (r.in.str.l1 == 0x00000001) + return 3; + + if (strncmp(str.str, "foo", 3) != 0) + return 4; + + if (r.in.str.str[4] != 0) + return 5; + + if (r.in.str.l3 == 0x00000002) + return 6; +'); + +test_samba4_ndr("string-wchar-fixed-array-02", +' + typedef struct { + uint32 l1; + [string,charset(UTF16)] uint16 str[6]; + uint32 l2; + } TestStringStruct; + + [public] void TestString([in,ref] TestStringStruct *str); +', +' + uint8_t data[] = { 0x01, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, + 0x06, 0x00, 0x00, 0x00, + \'f\', 0x00, \'o\', 0x00, + \'o\', 0x00, \'b\', 0x00 + \'a\', 0x00, \'r\', 0x00, + 0x00, 0x00, 0x00, 0x00 + 0x02, 0x00, 0x00, 0x00 + }; + DATA_BLOB b = { data, sizeof(data) }; + struct ndr_pull *ndr = ndr_pull_init_blob(&b, NULL, + smb_iconv_convenience_init(NULL, "ASCII", "UTF8", true)); + struct TestString r; + struct TestStringStruct str; + r.in.str = &str; + + /* the string terminator is wrong */ + if (NDR_ERR_CODE_IS_SUCCESS(ndr_pull_TestString(ndr, NDR_IN, &r))) + return 1; +'); + +test_samba4_ndr("string-wchar-fixed-array-03", +' + typedef struct { + uint32 l1; + [string,charset(UTF16)] uint16 str[6]; + uint32 l2; + } TestStringStruct; + + [public] void TestString([in,ref] TestStringStruct *str); +', +' + uint8_t data[] = { 0x01, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, + 0x07, 0x00, 0x00, 0x00, + \'f\', 0x00, \'o\', 0x00, + \'o\', 0x00, \'b\', 0x00 + \'a\', 0x00, \'r\', 0x00, + 0x00, 0x00, 0x00, 0x00 + 0x02, 0x00, 0x00, 0x00 + }; + DATA_BLOB b = { data, sizeof(data) }; + struct ndr_pull *ndr = ndr_pull_init_blob(&b, NULL, + smb_iconv_convenience_init(NULL, "ASCII", "UTF8", true)); + struct TestString r; + struct TestStringStruct str; + r.in.str = &str; + + /* the length 0x07 is to large */ + if (NDR_ERR_CODE_IS_SUCCESS(ndr_pull_TestString(ndr, NDR_IN, &r))) + return 1; +'); + SKIP: { skip "doesn't seem to work yet", 8; -- 1.7.4.1 From afa6899e95f7b71eae389ae65429d459d5d73c05 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Mon, 27 Jul 2009 17:34:37 +0200 Subject: [PATCH 02/12] pidl: allow foo being on the wire after [length_is(foo)] uint8 *buffer metze (cherry picked from commit 92791ce9a8439ac06a22afdbeb0d0fc66c32cb31) --- pidl/lib/Parse/Pidl/Samba4/NDR/Parser.pm | 4 ++++ 1 files changed, 4 insertions(+), 0 deletions(-) diff --git a/pidl/lib/Parse/Pidl/Samba4/NDR/Parser.pm b/pidl/lib/Parse/Pidl/Samba4/NDR/Parser.pm index c4e3eb7..a05f285 100644 --- a/pidl/lib/Parse/Pidl/Samba4/NDR/Parser.pm +++ b/pidl/lib/Parse/Pidl/Samba4/NDR/Parser.pm @@ -1069,6 +1069,10 @@ sub ParseElementPullLevel my $counter = "cntr_$e->{NAME}_$l->{LEVEL_INDEX}"; my $array_name = $var_name; + if ($l->{IS_VARYING}) { + $length = "ndr_get_array_length($ndr, " . get_pointer_to($var_name) .")"; + } + $var_name = get_array_element($var_name, $counter); $self->ParseMemCtxPullStart($e, $l, $ndr, $array_name); -- 1.7.4.1 From 769880694841904331104a6846e0ef98132daa65 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Tue, 21 Sep 2010 05:41:37 +0200 Subject: [PATCH 03/12] pidl:NDR/Parser: fix range() for arrays metze (cherry picked from commit bea4948acb4bbee2fbf886adeb53edbc84de96da) --- pidl/lib/Parse/Pidl/Samba4/NDR/Parser.pm | 33 +++++++++++++++++++++++++++++- 1 files changed, 32 insertions(+), 1 deletions(-) diff --git a/pidl/lib/Parse/Pidl/Samba4/NDR/Parser.pm b/pidl/lib/Parse/Pidl/Samba4/NDR/Parser.pm index a05f285..8ab2967 100644 --- a/pidl/lib/Parse/Pidl/Samba4/NDR/Parser.pm +++ b/pidl/lib/Parse/Pidl/Samba4/NDR/Parser.pm @@ -865,7 +865,10 @@ sub ParseDataPull($$$$$$$) $self->pidl("NDR_CHECK(".TypeFunctionName("ndr_pull", $l->{DATA_TYPE})."($ndr, $ndr_flags, $var_name));"); - if (my $range = has_property($e, "range")) { + my $pl = GetPrevLevel($e, $l); + + my $range = has_property($e, "range"); + if ($range and $pl->{TYPE} ne "ARRAY") { $var_name = get_value_of($var_name); my $signed = Parse::Pidl::Typelist::is_signed($l->{DATA_TYPE}); my ($low, $high) = split(/,/, $range, 2); @@ -1010,6 +1013,20 @@ sub ParseElementPullLevel } elsif ($l->{TYPE} eq "ARRAY") { my $length = $self->ParseArrayPullHeader($e, $l, $ndr, $var_name, $env); + if (my $range = has_property($e, "range")) { + my ($low, $high) = split(/,/, $range, 2); + if ($low < 0) { + warning(0, "$low is invalid for the range of an array size"); + } + if ($low == 0) { + $self->pidl("if ($length > $high) {"); + } else { + $self->pidl("if ($length < $low || $length > $high) {"); + } + $self->pidl("\treturn ndr_pull_error($ndr, NDR_ERR_RANGE, \"value out of range\");"); + $self->pidl("}"); + } + my $nl = GetNextLevel($e, $l); if (is_charset_array($e,$l)) { @@ -1073,6 +1090,20 @@ sub ParseElementPullLevel $length = "ndr_get_array_length($ndr, " . get_pointer_to($var_name) .")"; } + if (my $range = has_property($e, "range")) { + my ($low, $high) = split(/,/, $range, 2); + if ($low < 0) { + warning(0, "$low is invalid for the range of an array size"); + } + if ($low == 0) { + $self->pidl("if ($length > $high) {"); + } else { + $self->pidl("if ($length < $low || $length > $high) {"); + } + $self->pidl("\treturn ndr_pull_error($ndr, NDR_ERR_RANGE, \"value out of range\");"); + $self->pidl("}"); + } + $var_name = get_array_element($var_name, $counter); $self->ParseMemCtxPullStart($e, $l, $ndr, $array_name); -- 1.7.4.1 From 5a0b4ebce3b009b36297467769a743fc3744e023 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Thu, 15 Mar 2012 13:09:51 +0100 Subject: [PATCH 04/12] pidl/NDR/Parser: declare all union helper variables in ParseUnionPull() metze --- pidl/lib/Parse/Pidl/Samba4/NDR/Parser.pm | 4 ++-- 1 files changed, 2 insertions(+), 2 deletions(-) diff --git a/pidl/lib/Parse/Pidl/Samba4/NDR/Parser.pm b/pidl/lib/Parse/Pidl/Samba4/NDR/Parser.pm index 8ab2967..ccf9af9 100644 --- a/pidl/lib/Parse/Pidl/Samba4/NDR/Parser.pm +++ b/pidl/lib/Parse/Pidl/Samba4/NDR/Parser.pm @@ -1833,8 +1833,6 @@ sub ParseUnionPullPrimitives($$$$$) if ($el->{TYPE} ne "EMPTY") { $self->indent; - $self->DeclarePtrVariables($el); - $self->DeclareArrayVariables($el); if (defined($e->{PROPERTIES}{relative_base})) { $self->pidl("NDR_CHECK(ndr_pull_align($ndr, $el->{ALIGN}));"); # set the current offset as base for relative pointers @@ -1911,6 +1909,8 @@ sub ParseUnionPull($$$$) next if ($el->{TYPE} eq "EMPTY"); next if ($double_cases{"$el->{NAME}"}); $self->DeclareMemCtxVariables($el); + $self->DeclarePtrVariables($el); + $self->DeclareArrayVariables($el); $double_cases{"$el->{NAME}"} = 1; } -- 1.7.4.1 From 02715ede6dbe3272d5861e0d3b6763af74bfc8b2 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Thu, 15 Mar 2012 13:12:04 +0100 Subject: [PATCH 05/12] pidl/NDR/Parser: simplify logic in DeclareArrayVariables*() metze --- pidl/lib/Parse/Pidl/Samba4/NDR/Parser.pm | 14 ++++++-------- 1 files changed, 6 insertions(+), 8 deletions(-) diff --git a/pidl/lib/Parse/Pidl/Samba4/NDR/Parser.pm b/pidl/lib/Parse/Pidl/Samba4/NDR/Parser.pm index ccf9af9..3125001 100644 --- a/pidl/lib/Parse/Pidl/Samba4/NDR/Parser.pm +++ b/pidl/lib/Parse/Pidl/Samba4/NDR/Parser.pm @@ -1512,11 +1512,10 @@ sub DeclareArrayVariables($$) my ($self,$e) = @_; foreach my $l (@{$e->{LEVELS}}) { + next if ($l->{TYPE} ne "ARRAY"); next if has_fast_array($e,$l); next if is_charset_array($e,$l); - if ($l->{TYPE} eq "ARRAY") { - $self->pidl("uint32_t cntr_$e->{NAME}_$l->{LEVEL_INDEX};"); - } + $self->pidl("uint32_t cntr_$e->{NAME}_$l->{LEVEL_INDEX};"); } } @@ -1525,15 +1524,14 @@ sub DeclareArrayVariablesNoZero($$$) my ($self,$e,$env) = @_; foreach my $l (@{$e->{LEVELS}}) { + next if ($l->{TYPE} ne "ARRAY"); next if has_fast_array($e,$l); next if is_charset_array($e,$l); - if ($l->{TYPE} eq "ARRAY") { - my $length = ParseExpr($l->{LENGTH_IS}, $env, $e->{ORIGINAL}); - if ($length eq "0") { + my $length = ParseExpr($l->{LENGTH_IS}, $env, $e->{ORIGINAL}); + if ($length eq "0") { warning($e->{ORIGINAL}, "pointless array cntr: 'cntr_$e->{NAME}_$l->{LEVEL_INDEX}': length=$length"); - } else { + } else { $self->pidl("uint32_t cntr_$e->{NAME}_$l->{LEVEL_INDEX};"); - } } } } -- 1.7.4.1 From cca91ee28714a7254d143be22a0b36c15098cdc8 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Thu, 15 Mar 2012 13:05:39 +0100 Subject: [PATCH 06/12] pidl/NDR/Parser: split off ParseArrayPullGetSize() and ParseArrayPullGetLength() metze --- pidl/lib/Parse/Pidl/Samba4/NDR/Parser.pm | 55 +++++++++++++++++++++++------- 1 files changed, 42 insertions(+), 13 deletions(-) diff --git a/pidl/lib/Parse/Pidl/Samba4/NDR/Parser.pm b/pidl/lib/Parse/Pidl/Samba4/NDR/Parser.pm index 3125001..f2d7401 100644 --- a/pidl/lib/Parse/Pidl/Samba4/NDR/Parser.pm +++ b/pidl/lib/Parse/Pidl/Samba4/NDR/Parser.pm @@ -315,39 +315,68 @@ sub check_null_pointer($$$$) } } -##################################################################### -# parse an array - pull side -sub ParseArrayPullHeader($$$$$$) +sub ParseArrayPullGetSize($$$$$$) { my ($self,$e,$l,$ndr,$var_name,$env) = @_; - my $length; my $size; if ($l->{IS_CONFORMANT}) { - $length = $size = "ndr_get_array_size($ndr, " . get_pointer_to($var_name) . ")"; + $size = "ndr_get_array_size($ndr, " . get_pointer_to($var_name) . ")"; } elsif ($l->{IS_ZERO_TERMINATED} and $l->{SIZE_IS} == 0 and $l->{LENGTH_IS} == 0) { # Noheader arrays - $length = $size = "ndr_get_string_size($ndr, sizeof(*$var_name))"; + $size = "ndr_get_string_size($ndr, sizeof(*$var_name))"; } else { - $length = $size = ParseExprExt($l->{SIZE_IS}, $env, $e->{ORIGINAL}, + $size = ParseExprExt($l->{SIZE_IS}, $env, $e->{ORIGINAL}, check_null_pointer($e, $env, sub { $self->pidl(shift); }, "return ndr_pull_error($ndr, NDR_ERR_INVALID_POINTER, \"NULL Pointer for size_is()\");"), check_fully_dereferenced($e, $env)); } + my $array_size = $size; + + return $array_size; +} + +##################################################################### +# parse an array - pull side +sub ParseArrayPullGetLength($$$$$$;$) +{ + my ($self,$e,$l,$ndr,$var_name,$env,$array_size) = @_; + + if (not defined($array_size)) { + $array_size = $self->ParseArrayPullGetSize($e, $l, $ndr, $var_name, $env); + } + + my $array_length = $array_size; + if ($l->{IS_VARYING}) { + my $length = "ndr_get_array_length($ndr, " . get_pointer_to($var_name) .")"; + $array_length = $length; + } + + return $array_length; +} + +##################################################################### +# parse an array - pull side +sub ParseArrayPullHeader($$$$$$) +{ + my ($self,$e,$l,$ndr,$var_name,$env) = @_; + if ((!$l->{IS_SURROUNDING}) and $l->{IS_CONFORMANT}) { $self->pidl("NDR_CHECK(ndr_pull_array_size($ndr, " . get_pointer_to($var_name) . "));"); } if ($l->{IS_VARYING}) { $self->pidl("NDR_CHECK(ndr_pull_array_length($ndr, " . get_pointer_to($var_name) . "));"); - $length = "ndr_get_array_length($ndr, " . get_pointer_to($var_name) .")"; } - if ($length ne $size) { - $self->pidl("if ($length > $size) {"); + my $array_size = $self->ParseArrayPullGetSize($e, $l, $ndr, $var_name, $env); + my $array_length = $self->ParseArrayPullGetLength($e, $l, $ndr, $var_name, $env, $array_size); + + if ($array_length ne $array_size) { + $self->pidl("if ($array_length > $array_size) {"); $self->indent; - $self->pidl("return ndr_pull_error($ndr, NDR_ERR_ARRAY_SIZE, \"Bad array size %u should exceed array length %u\", $size, $length);"); + $self->pidl("return ndr_pull_error($ndr, NDR_ERR_ARRAY_SIZE, \"Bad array size %u should exceed array length %u\", $array_size, $array_length);"); $self->deindent; $self->pidl("}"); } @@ -377,10 +406,10 @@ sub ParseArrayPullHeader($$$$$$) } if (ArrayDynamicallyAllocated($e,$l) and not is_charset_array($e,$l)) { - $self->AllocateArrayLevel($e,$l,$ndr,$var_name,$size); + $self->AllocateArrayLevel($e,$l,$ndr,$var_name,$array_size); } - return $length; + return $array_length; } sub compression_alg($$) -- 1.7.4.1 From 4a05bb16aff36007263df09bed59e619e7cfe91a Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Thu, 15 Mar 2012 13:07:47 +0100 Subject: [PATCH 07/12] pidl/NDR/Parser: use ParseArrayPullGetLength() to get the number of array elements (bug #8815 / CVE-2012-1182) An anonymous researcher and Brian Gorenc (HP DVLabs) working with HP's Zero Day Initiative program have found this and notified us. metze --- pidl/lib/Parse/Pidl/Samba4/NDR/Parser.pm | 6 +----- 1 files changed, 1 insertions(+), 5 deletions(-) diff --git a/pidl/lib/Parse/Pidl/Samba4/NDR/Parser.pm b/pidl/lib/Parse/Pidl/Samba4/NDR/Parser.pm index f2d7401..77223b6 100644 --- a/pidl/lib/Parse/Pidl/Samba4/NDR/Parser.pm +++ b/pidl/lib/Parse/Pidl/Samba4/NDR/Parser.pm @@ -1111,14 +1111,10 @@ sub ParseElementPullLevel } } elsif ($l->{TYPE} eq "ARRAY" and not has_fast_array($e,$l) and not is_charset_array($e, $l)) { - my $length = ParseExpr($l->{LENGTH_IS}, $env, $e->{ORIGINAL}); + my $length = $self->ParseArrayPullGetLength($e, $l, $ndr, $var_name, $env); my $counter = "cntr_$e->{NAME}_$l->{LEVEL_INDEX}"; my $array_name = $var_name; - if ($l->{IS_VARYING}) { - $length = "ndr_get_array_length($ndr, " . get_pointer_to($var_name) .")"; - } - if (my $range = has_property($e, "range")) { my ($low, $high) = split(/,/, $range, 2); if ($low < 0) { -- 1.7.4.1 From 4c6638aa121f895a4eba6e8ee6ae3f8c939778b8 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Thu, 15 Mar 2012 15:07:08 +0100 Subject: [PATCH 08/12] pidl/NDR/Parser: remember if we already know the array length metze --- pidl/lib/Parse/Pidl/Samba4/NDR/Parser.pm | 8 +++++++- 1 files changed, 7 insertions(+), 1 deletions(-) diff --git a/pidl/lib/Parse/Pidl/Samba4/NDR/Parser.pm b/pidl/lib/Parse/Pidl/Samba4/NDR/Parser.pm index 77223b6..5c4150a 100644 --- a/pidl/lib/Parse/Pidl/Samba4/NDR/Parser.pm +++ b/pidl/lib/Parse/Pidl/Samba4/NDR/Parser.pm @@ -1028,6 +1028,7 @@ sub ParseElementPullLevel my($self,$e,$l,$ndr,$var_name,$env,$primitives,$deferred) = @_; my $ndr_flags = CalcNdrFlags($l, $primitives, $deferred); + my $array_length = undef; if ($l->{TYPE} eq "ARRAY" and ($l->{IS_VARYING} or $l->{IS_CONFORMANT})) { $var_name = get_pointer_to($var_name); @@ -1041,6 +1042,7 @@ sub ParseElementPullLevel $self->ParseSubcontextPullEnd($e, $l, $ndr, $env); } elsif ($l->{TYPE} eq "ARRAY") { my $length = $self->ParseArrayPullHeader($e, $l, $ndr, $var_name, $env); + $array_length = $length; if (my $range = has_property($e, "range")) { my ($low, $high) = split(/,/, $range, 2); @@ -1111,10 +1113,14 @@ sub ParseElementPullLevel } } elsif ($l->{TYPE} eq "ARRAY" and not has_fast_array($e,$l) and not is_charset_array($e, $l)) { - my $length = $self->ParseArrayPullGetLength($e, $l, $ndr, $var_name, $env); + my $length = $array_length; my $counter = "cntr_$e->{NAME}_$l->{LEVEL_INDEX}"; my $array_name = $var_name; + if (not defined($length)) { + $length = $self->ParseArrayPullGetLength($e, $l, $ndr, $var_name, $env); + } + if (my $range = has_property($e, "range")) { my ($low, $high) = split(/,/, $range, 2); if ($low < 0) { -- 1.7.4.1 From 5d2648bcac859e8dc74b1d7abf806e3ac8a293fa Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Thu, 15 Mar 2012 13:13:20 +0100 Subject: [PATCH 09/12] pidl/NDR/Parser: use helper variables for array size and length metze --- pidl/lib/Parse/Pidl/Samba4/NDR/Parser.pm | 22 +++++++++++++++------- 1 files changed, 15 insertions(+), 7 deletions(-) diff --git a/pidl/lib/Parse/Pidl/Samba4/NDR/Parser.pm b/pidl/lib/Parse/Pidl/Samba4/NDR/Parser.pm index 5c4150a..713900f 100644 --- a/pidl/lib/Parse/Pidl/Samba4/NDR/Parser.pm +++ b/pidl/lib/Parse/Pidl/Samba4/NDR/Parser.pm @@ -332,7 +332,8 @@ sub ParseArrayPullGetSize($$$$$$) check_fully_dereferenced($e, $env)); } - my $array_size = $size; + $self->pidl("size_$e->{NAME}_$l->{LEVEL_INDEX} = $size;"); + my $array_size = "size_$e->{NAME}_$l->{LEVEL_INDEX}"; return $array_size; } @@ -350,7 +351,8 @@ sub ParseArrayPullGetLength($$$$$$;$) my $array_length = $array_size; if ($l->{IS_VARYING}) { my $length = "ndr_get_array_length($ndr, " . get_pointer_to($var_name) .")"; - $array_length = $length; + $self->pidl("length_$e->{NAME}_$l->{LEVEL_INDEX} = $length;"); + $array_length = "length_$e->{NAME}_$l->{LEVEL_INDEX}"; } return $array_length; @@ -1538,12 +1540,18 @@ sub DeclarePtrVariables($$) } } -sub DeclareArrayVariables($$) +sub DeclareArrayVariables($$;$) { - my ($self,$e) = @_; + my ($self,$e,$pull) = @_; foreach my $l (@{$e->{LEVELS}}) { next if ($l->{TYPE} ne "ARRAY"); + if (defined($pull)) { + $self->pidl("uint32_t size_$e->{NAME}_$l->{LEVEL_INDEX} = 0;"); + if ($l->{IS_VARYING}) { + $self->pidl("uint32_t length_$e->{NAME}_$l->{LEVEL_INDEX} = 0;"); + } + } next if has_fast_array($e,$l); next if is_charset_array($e,$l); $self->pidl("uint32_t cntr_$e->{NAME}_$l->{LEVEL_INDEX};"); @@ -1626,7 +1634,7 @@ sub ParseStructPull($$$$) # declare any internal pointers we need foreach my $e (@{$struct->{ELEMENTS}}) { $self->DeclarePtrVariables($e); - $self->DeclareArrayVariables($e); + $self->DeclareArrayVariables($e, "pull"); $self->DeclareMemCtxVariables($e); } @@ -1939,7 +1947,7 @@ sub ParseUnionPull($$$$) next if ($double_cases{"$el->{NAME}"}); $self->DeclareMemCtxVariables($el); $self->DeclarePtrVariables($el); - $self->DeclareArrayVariables($el); + $self->DeclareArrayVariables($el, "pull"); $double_cases{"$el->{NAME}"} = 1; } @@ -2211,7 +2219,7 @@ sub ParseFunctionPull($$) # declare any internal pointers we need foreach my $e (@{$fn->{ELEMENTS}}) { $self->DeclarePtrVariables($e); - $self->DeclareArrayVariables($e); + $self->DeclareArrayVariables($e, "pull"); } my %double_cases = (); -- 1.7.4.1 From 97a24cff415b0f8a4cb57f85bab090f9f30190c8 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Thu, 15 Mar 2012 13:14:48 +0100 Subject: [PATCH 10/12] pidl/NDR/Parser: do array range validation in ParseArrayPullGetLength() metze --- pidl/lib/Parse/Pidl/Samba4/NDR/Parser.pm | 42 ++++++++++-------------------- 1 files changed, 14 insertions(+), 28 deletions(-) diff --git a/pidl/lib/Parse/Pidl/Samba4/NDR/Parser.pm b/pidl/lib/Parse/Pidl/Samba4/NDR/Parser.pm index 713900f..ce43402 100644 --- a/pidl/lib/Parse/Pidl/Samba4/NDR/Parser.pm +++ b/pidl/lib/Parse/Pidl/Samba4/NDR/Parser.pm @@ -355,6 +355,20 @@ sub ParseArrayPullGetLength($$$$$$;$) $array_length = "length_$e->{NAME}_$l->{LEVEL_INDEX}"; } + if (my $range = has_property($e, "range")) { + my ($low, $high) = split(/,/, $range, 2); + if ($low < 0) { + warning(0, "$low is invalid for the range of an array size"); + } + if ($low == 0) { + $self->pidl("if ($array_length > $high) {"); + } else { + $self->pidl("if ($array_length < $low || $array_length > $high) {"); + } + $self->pidl("\treturn ndr_pull_error($ndr, NDR_ERR_RANGE, \"value out of range\");"); + $self->pidl("}"); + } + return $array_length; } @@ -1046,20 +1060,6 @@ sub ParseElementPullLevel my $length = $self->ParseArrayPullHeader($e, $l, $ndr, $var_name, $env); $array_length = $length; - if (my $range = has_property($e, "range")) { - my ($low, $high) = split(/,/, $range, 2); - if ($low < 0) { - warning(0, "$low is invalid for the range of an array size"); - } - if ($low == 0) { - $self->pidl("if ($length > $high) {"); - } else { - $self->pidl("if ($length < $low || $length > $high) {"); - } - $self->pidl("\treturn ndr_pull_error($ndr, NDR_ERR_RANGE, \"value out of range\");"); - $self->pidl("}"); - } - my $nl = GetNextLevel($e, $l); if (is_charset_array($e,$l)) { @@ -1123,20 +1123,6 @@ sub ParseElementPullLevel $length = $self->ParseArrayPullGetLength($e, $l, $ndr, $var_name, $env); } - if (my $range = has_property($e, "range")) { - my ($low, $high) = split(/,/, $range, 2); - if ($low < 0) { - warning(0, "$low is invalid for the range of an array size"); - } - if ($low == 0) { - $self->pidl("if ($length > $high) {"); - } else { - $self->pidl("if ($length < $low || $length > $high) {"); - } - $self->pidl("\treturn ndr_pull_error($ndr, NDR_ERR_RANGE, \"value out of range\");"); - $self->pidl("}"); - } - $var_name = get_array_element($var_name, $counter); $self->ParseMemCtxPullStart($e, $l, $ndr, $array_name); -- 1.7.4.1 From 89bb8c1fef10d4e1232f78b0e09b94945027d233 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Thu, 15 Mar 2012 17:03:05 +0100 Subject: [PATCH 11/12] pidl/NDR/Parser: also do range checks on the array size metze --- pidl/lib/Parse/Pidl/Samba4/NDR/Parser.pm | 25 ++++++++++++++++++++----- 1 files changed, 20 insertions(+), 5 deletions(-) diff --git a/pidl/lib/Parse/Pidl/Samba4/NDR/Parser.pm b/pidl/lib/Parse/Pidl/Samba4/NDR/Parser.pm index ce43402..4648a99 100644 --- a/pidl/lib/Parse/Pidl/Samba4/NDR/Parser.pm +++ b/pidl/lib/Parse/Pidl/Samba4/NDR/Parser.pm @@ -335,6 +335,20 @@ sub ParseArrayPullGetSize($$$$$$) $self->pidl("size_$e->{NAME}_$l->{LEVEL_INDEX} = $size;"); my $array_size = "size_$e->{NAME}_$l->{LEVEL_INDEX}"; + if (my $range = has_property($e, "range")) { + my ($low, $high) = split(/,/, $range, 2); + if ($low < 0) { + warning(0, "$low is invalid for the range of an array size"); + } + if ($low == 0) { + $self->pidl("if ($array_size > $high) {"); + } else { + $self->pidl("if ($array_size < $low || $array_size > $high) {"); + } + $self->pidl("\treturn ndr_pull_error($ndr, NDR_ERR_RANGE, \"value out of range\");"); + $self->pidl("}"); + } + return $array_size; } @@ -348,13 +362,14 @@ sub ParseArrayPullGetLength($$$$$$;$) $array_size = $self->ParseArrayPullGetSize($e, $l, $ndr, $var_name, $env); } - my $array_length = $array_size; - if ($l->{IS_VARYING}) { - my $length = "ndr_get_array_length($ndr, " . get_pointer_to($var_name) .")"; - $self->pidl("length_$e->{NAME}_$l->{LEVEL_INDEX} = $length;"); - $array_length = "length_$e->{NAME}_$l->{LEVEL_INDEX}"; + if (not $l->{IS_VARYING}) { + return $array_size; } + my $length = "ndr_get_array_length($ndr, " . get_pointer_to($var_name) .")"; + $self->pidl("length_$e->{NAME}_$l->{LEVEL_INDEX} = $length;"); + my $array_length = "length_$e->{NAME}_$l->{LEVEL_INDEX}"; + if (my $range = has_property($e, "range")) { my ($low, $high) = split(/,/, $range, 2); if ($low < 0) { -- 1.7.4.1 From ad4a8f1e3c4581103a605e7be30c87580967a2fc Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Thu, 15 Mar 2012 18:51:29 +0100 Subject: [PATCH 12/12] rerun 'make samba3-idl' metze --- librpc/gen_ndr/ndr_dfs.c | 840 ++++++++----- librpc/gen_ndr/ndr_drsblobs.c | 156 ++- librpc/gen_ndr/ndr_drsuapi.c | 971 +++++++++----- librpc/gen_ndr/ndr_dssetup.c | 36 +- librpc/gen_ndr/ndr_echo.c | 54 +- librpc/gen_ndr/ndr_epmapper.c | 54 +- librpc/gen_ndr/ndr_eventlog.c | 79 +- librpc/gen_ndr/ndr_krb5pac.c | 22 +- librpc/gen_ndr/ndr_lsa.c | 276 +++-- librpc/gen_ndr/ndr_misc.c | 8 +- librpc/gen_ndr/ndr_named_pipe_auth.c | 8 +- librpc/gen_ndr/ndr_nbt.c | 78 +- librpc/gen_ndr/ndr_netlogon.c | 1814 +++++++++++++++++--------- librpc/gen_ndr/ndr_ntsvcs.c | 112 ++- librpc/gen_ndr/ndr_samr.c | 182 ++- librpc/gen_ndr/ndr_security.c | 18 +- librpc/gen_ndr/ndr_spoolss.c | 2204 +++++++++++++++++++++----------- librpc/gen_ndr/ndr_srvsvc.c | 2178 ++++++++++++++++++++----------- librpc/gen_ndr/ndr_svcctl.c | 704 +++++++---- librpc/gen_ndr/ndr_winreg.c | 146 ++- librpc/gen_ndr/ndr_wkssvc.c | 1378 +++++++++++++------- librpc/gen_ndr/ndr_xattr.c | 26 +- source3/librpc/gen_ndr/ndr_libnetapi.c | 22 +- source3/librpc/gen_ndr/ndr_messaging.c | 31 +- source3/librpc/gen_ndr/ndr_notify.c | 18 +- source3/librpc/gen_ndr/ndr_printcap.c | 34 +- 26 files changed, 7528 insertions(+), 3921 deletions(-) diff --git a/librpc/gen_ndr/ndr_dfs.c b/librpc/gen_ndr/ndr_dfs.c index 6e36cb3..87130cc 100644 --- a/librpc/gen_ndr/ndr_dfs.c +++ b/librpc/gen_ndr/ndr_dfs.c @@ -78,6 +78,8 @@ static enum ndr_err_code ndr_push_dfs_Info1(struct ndr_push *ndr, int ndr_flags, static enum ndr_err_code ndr_pull_dfs_Info1(struct ndr_pull *ndr, int ndr_flags, struct dfs_Info1 *r) { uint32_t _ptr_path; + uint32_t size_path_1 = 0; + uint32_t length_path_1 = 0; TALLOC_CTX *_mem_save_path_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); @@ -94,11 +96,13 @@ static enum ndr_err_code ndr_pull_dfs_Info1(struct ndr_pull *ndr, int ndr_flags, NDR_PULL_SET_MEM_CTX(ndr, r->path, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->path)); NDR_CHECK(ndr_pull_array_length(ndr, &r->path)); - if (ndr_get_array_length(ndr, &r->path) > ndr_get_array_size(ndr, &r->path)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->path), ndr_get_array_length(ndr, &r->path)); + size_path_1 = ndr_get_array_size(ndr, &r->path); + length_path_1 = ndr_get_array_length(ndr, &r->path); + if (length_path_1 > size_path_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_path_1, length_path_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->path), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->path, ndr_get_array_length(ndr, &r->path), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_path_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->path, length_path_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_path_0, 0); } } @@ -174,8 +178,12 @@ static enum ndr_err_code ndr_push_dfs_Info2(struct ndr_push *ndr, int ndr_flags, static enum ndr_err_code ndr_pull_dfs_Info2(struct ndr_pull *ndr, int ndr_flags, struct dfs_Info2 *r) { uint32_t _ptr_path; + uint32_t size_path_1 = 0; + uint32_t length_path_1 = 0; TALLOC_CTX *_mem_save_path_0; uint32_t _ptr_comment; + uint32_t size_comment_1 = 0; + uint32_t length_comment_1 = 0; TALLOC_CTX *_mem_save_comment_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); @@ -200,11 +208,13 @@ static enum ndr_err_code ndr_pull_dfs_Info2(struct ndr_pull *ndr, int ndr_flags, NDR_PULL_SET_MEM_CTX(ndr, r->path, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->path)); NDR_CHECK(ndr_pull_array_length(ndr, &r->path)); - if (ndr_get_array_length(ndr, &r->path) > ndr_get_array_size(ndr, &r->path)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->path), ndr_get_array_length(ndr, &r->path)); + size_path_1 = ndr_get_array_size(ndr, &r->path); + length_path_1 = ndr_get_array_length(ndr, &r->path); + if (length_path_1 > size_path_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_path_1, length_path_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->path), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->path, ndr_get_array_length(ndr, &r->path), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_path_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->path, length_path_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_path_0, 0); } if (r->comment) { @@ -212,11 +222,13 @@ static enum ndr_err_code ndr_pull_dfs_Info2(struct ndr_pull *ndr, int ndr_flags, NDR_PULL_SET_MEM_CTX(ndr, r->comment, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->comment)); NDR_CHECK(ndr_pull_array_length(ndr, &r->comment)); - if (ndr_get_array_length(ndr, &r->comment) > ndr_get_array_size(ndr, &r->comment)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->comment), ndr_get_array_length(ndr, &r->comment)); + size_comment_1 = ndr_get_array_size(ndr, &r->comment); + length_comment_1 = ndr_get_array_length(ndr, &r->comment); + if (length_comment_1 > size_comment_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_comment_1, length_comment_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->comment), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->comment, ndr_get_array_length(ndr, &r->comment), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_comment_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->comment, length_comment_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_comment_0, 0); } } @@ -296,8 +308,12 @@ static enum ndr_err_code ndr_push_dfs_StorageInfo(struct ndr_push *ndr, int ndr_ static enum ndr_err_code ndr_pull_dfs_StorageInfo(struct ndr_pull *ndr, int ndr_flags, struct dfs_StorageInfo *r) { uint32_t _ptr_server; + uint32_t size_server_1 = 0; + uint32_t length_server_1 = 0; TALLOC_CTX *_mem_save_server_0; uint32_t _ptr_share; + uint32_t size_share_1 = 0; + uint32_t length_share_1 = 0; TALLOC_CTX *_mem_save_share_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); @@ -321,11 +337,13 @@ static enum ndr_err_code ndr_pull_dfs_StorageInfo(struct ndr_pull *ndr, int ndr_ NDR_PULL_SET_MEM_CTX(ndr, r->server, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->server)); NDR_CHECK(ndr_pull_array_length(ndr, &r->server)); - if (ndr_get_array_length(ndr, &r->server) > ndr_get_array_size(ndr, &r->server)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->server), ndr_get_array_length(ndr, &r->server)); + size_server_1 = ndr_get_array_size(ndr, &r->server); + length_server_1 = ndr_get_array_length(ndr, &r->server); + if (length_server_1 > size_server_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_1, length_server_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->server), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->server, ndr_get_array_length(ndr, &r->server), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->server, length_server_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_0, 0); } if (r->share) { @@ -333,11 +351,13 @@ static enum ndr_err_code ndr_pull_dfs_StorageInfo(struct ndr_pull *ndr, int ndr_ NDR_PULL_SET_MEM_CTX(ndr, r->share, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->share)); NDR_CHECK(ndr_pull_array_length(ndr, &r->share)); - if (ndr_get_array_length(ndr, &r->share) > ndr_get_array_size(ndr, &r->share)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->share), ndr_get_array_length(ndr, &r->share)); + size_share_1 = ndr_get_array_size(ndr, &r->share); + length_share_1 = ndr_get_array_length(ndr, &r->share); + if (length_share_1 > size_share_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_share_1, length_share_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->share), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->share, ndr_get_array_length(ndr, &r->share), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_share_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->share, length_share_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_share_0, 0); } } @@ -404,10 +424,15 @@ static enum ndr_err_code ndr_push_dfs_Info3(struct ndr_push *ndr, int ndr_flags, static enum ndr_err_code ndr_pull_dfs_Info3(struct ndr_pull *ndr, int ndr_flags, struct dfs_Info3 *r) { uint32_t _ptr_path; + uint32_t size_path_1 = 0; + uint32_t length_path_1 = 0; TALLOC_CTX *_mem_save_path_0; uint32_t _ptr_comment; + uint32_t size_comment_1 = 0; + uint32_t length_comment_1 = 0; TALLOC_CTX *_mem_save_comment_0; uint32_t _ptr_stores; + uint32_t size_stores_1 = 0; uint32_t cntr_stores_1; TALLOC_CTX *_mem_save_stores_0; TALLOC_CTX *_mem_save_stores_1; @@ -440,11 +465,13 @@ static enum ndr_err_code ndr_pull_dfs_Info3(struct ndr_pull *ndr, int ndr_flags, NDR_PULL_SET_MEM_CTX(ndr, r->path, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->path)); NDR_CHECK(ndr_pull_array_length(ndr, &r->path)); - if (ndr_get_array_length(ndr, &r->path) > ndr_get_array_size(ndr, &r->path)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->path), ndr_get_array_length(ndr, &r->path)); + size_path_1 = ndr_get_array_size(ndr, &r->path); + length_path_1 = ndr_get_array_length(ndr, &r->path); + if (length_path_1 > size_path_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_path_1, length_path_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->path), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->path, ndr_get_array_length(ndr, &r->path), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_path_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->path, length_path_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_path_0, 0); } if (r->comment) { @@ -452,24 +479,27 @@ static enum ndr_err_code ndr_pull_dfs_Info3(struct ndr_pull *ndr, int ndr_flags, NDR_PULL_SET_MEM_CTX(ndr, r->comment, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->comment)); NDR_CHECK(ndr_pull_array_length(ndr, &r->comment)); - if (ndr_get_array_length(ndr, &r->comment) > ndr_get_array_size(ndr, &r->comment)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->comment), ndr_get_array_length(ndr, &r->comment)); + size_comment_1 = ndr_get_array_size(ndr, &r->comment); + length_comment_1 = ndr_get_array_length(ndr, &r->comment); + if (length_comment_1 > size_comment_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_comment_1, length_comment_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->comment), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->comment, ndr_get_array_length(ndr, &r->comment), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_comment_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->comment, length_comment_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_comment_0, 0); } if (r->stores) { _mem_save_stores_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->stores, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->stores)); - NDR_PULL_ALLOC_N(ndr, r->stores, ndr_get_array_size(ndr, &r->stores)); + size_stores_1 = ndr_get_array_size(ndr, &r->stores); + NDR_PULL_ALLOC_N(ndr, r->stores, size_stores_1); _mem_save_stores_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->stores, 0); - for (cntr_stores_1 = 0; cntr_stores_1 < r->num_stores; cntr_stores_1++) { + for (cntr_stores_1 = 0; cntr_stores_1 < size_stores_1; cntr_stores_1++) { NDR_CHECK(ndr_pull_dfs_StorageInfo(ndr, NDR_SCALARS, &r->stores[cntr_stores_1])); } - for (cntr_stores_1 = 0; cntr_stores_1 < r->num_stores; cntr_stores_1++) { + for (cntr_stores_1 = 0; cntr_stores_1 < size_stores_1; cntr_stores_1++) { NDR_CHECK(ndr_pull_dfs_StorageInfo(ndr, NDR_BUFFERS, &r->stores[cntr_stores_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_stores_1, 0); @@ -561,10 +591,15 @@ static enum ndr_err_code ndr_push_dfs_Info4(struct ndr_push *ndr, int ndr_flags, static enum ndr_err_code ndr_pull_dfs_Info4(struct ndr_pull *ndr, int ndr_flags, struct dfs_Info4 *r) { uint32_t _ptr_path; + uint32_t size_path_1 = 0; + uint32_t length_path_1 = 0; TALLOC_CTX *_mem_save_path_0; uint32_t _ptr_comment; + uint32_t size_comment_1 = 0; + uint32_t length_comment_1 = 0; TALLOC_CTX *_mem_save_comment_0; uint32_t _ptr_stores; + uint32_t size_stores_1 = 0; uint32_t cntr_stores_1; TALLOC_CTX *_mem_save_stores_0; TALLOC_CTX *_mem_save_stores_1; @@ -599,11 +634,13 @@ static enum ndr_err_code ndr_pull_dfs_Info4(struct ndr_pull *ndr, int ndr_flags, NDR_PULL_SET_MEM_CTX(ndr, r->path, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->path)); NDR_CHECK(ndr_pull_array_length(ndr, &r->path)); - if (ndr_get_array_length(ndr, &r->path) > ndr_get_array_size(ndr, &r->path)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->path), ndr_get_array_length(ndr, &r->path)); + size_path_1 = ndr_get_array_size(ndr, &r->path); + length_path_1 = ndr_get_array_length(ndr, &r->path); + if (length_path_1 > size_path_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_path_1, length_path_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->path), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->path, ndr_get_array_length(ndr, &r->path), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_path_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->path, length_path_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_path_0, 0); } if (r->comment) { @@ -611,24 +648,27 @@ static enum ndr_err_code ndr_pull_dfs_Info4(struct ndr_pull *ndr, int ndr_flags, NDR_PULL_SET_MEM_CTX(ndr, r->comment, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->comment)); NDR_CHECK(ndr_pull_array_length(ndr, &r->comment)); - if (ndr_get_array_length(ndr, &r->comment) > ndr_get_array_size(ndr, &r->comment)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->comment), ndr_get_array_length(ndr, &r->comment)); + size_comment_1 = ndr_get_array_size(ndr, &r->comment); + length_comment_1 = ndr_get_array_length(ndr, &r->comment); + if (length_comment_1 > size_comment_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_comment_1, length_comment_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->comment), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->comment, ndr_get_array_length(ndr, &r->comment), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_comment_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->comment, length_comment_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_comment_0, 0); } if (r->stores) { _mem_save_stores_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->stores, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->stores)); - NDR_PULL_ALLOC_N(ndr, r->stores, ndr_get_array_size(ndr, &r->stores)); + size_stores_1 = ndr_get_array_size(ndr, &r->stores); + NDR_PULL_ALLOC_N(ndr, r->stores, size_stores_1); _mem_save_stores_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->stores, 0); - for (cntr_stores_1 = 0; cntr_stores_1 < r->num_stores; cntr_stores_1++) { + for (cntr_stores_1 = 0; cntr_stores_1 < size_stores_1; cntr_stores_1++) { NDR_CHECK(ndr_pull_dfs_StorageInfo(ndr, NDR_SCALARS, &r->stores[cntr_stores_1])); } - for (cntr_stores_1 = 0; cntr_stores_1 < r->num_stores; cntr_stores_1++) { + for (cntr_stores_1 = 0; cntr_stores_1 < size_stores_1; cntr_stores_1++) { NDR_CHECK(ndr_pull_dfs_StorageInfo(ndr, NDR_BUFFERS, &r->stores[cntr_stores_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_stores_1, 0); @@ -739,8 +779,12 @@ static enum ndr_err_code ndr_push_dfs_Info5(struct ndr_push *ndr, int ndr_flags, static enum ndr_err_code ndr_pull_dfs_Info5(struct ndr_pull *ndr, int ndr_flags, struct dfs_Info5 *r) { uint32_t _ptr_path; + uint32_t size_path_1 = 0; + uint32_t length_path_1 = 0; TALLOC_CTX *_mem_save_path_0; uint32_t _ptr_comment; + uint32_t size_comment_1 = 0; + uint32_t length_comment_1 = 0; TALLOC_CTX *_mem_save_comment_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); @@ -769,11 +813,13 @@ static enum ndr_err_code ndr_pull_dfs_Info5(struct ndr_pull *ndr, int ndr_flags, NDR_PULL_SET_MEM_CTX(ndr, r->path, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->path)); NDR_CHECK(ndr_pull_array_length(ndr, &r->path)); - if (ndr_get_array_length(ndr, &r->path) > ndr_get_array_size(ndr, &r->path)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->path), ndr_get_array_length(ndr, &r->path)); + size_path_1 = ndr_get_array_size(ndr, &r->path); + length_path_1 = ndr_get_array_length(ndr, &r->path); + if (length_path_1 > size_path_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_path_1, length_path_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->path), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->path, ndr_get_array_length(ndr, &r->path), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_path_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->path, length_path_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_path_0, 0); } if (r->comment) { @@ -781,11 +827,13 @@ static enum ndr_err_code ndr_pull_dfs_Info5(struct ndr_pull *ndr, int ndr_flags, NDR_PULL_SET_MEM_CTX(ndr, r->comment, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->comment)); NDR_CHECK(ndr_pull_array_length(ndr, &r->comment)); - if (ndr_get_array_length(ndr, &r->comment) > ndr_get_array_size(ndr, &r->comment)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->comment), ndr_get_array_length(ndr, &r->comment)); + size_comment_1 = ndr_get_array_size(ndr, &r->comment); + length_comment_1 = ndr_get_array_length(ndr, &r->comment); + if (length_comment_1 > size_comment_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_comment_1, length_comment_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->comment), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->comment, ndr_get_array_length(ndr, &r->comment), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_comment_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->comment, length_comment_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_comment_0, 0); } } @@ -961,10 +1009,15 @@ static enum ndr_err_code ndr_push_dfs_Info6(struct ndr_push *ndr, int ndr_flags, static enum ndr_err_code ndr_pull_dfs_Info6(struct ndr_pull *ndr, int ndr_flags, struct dfs_Info6 *r) { uint32_t _ptr_entry_path; + uint32_t size_entry_path_1 = 0; + uint32_t length_entry_path_1 = 0; TALLOC_CTX *_mem_save_entry_path_0; uint32_t _ptr_comment; + uint32_t size_comment_1 = 0; + uint32_t length_comment_1 = 0; TALLOC_CTX *_mem_save_comment_0; uint32_t _ptr_stores; + uint32_t size_stores_1 = 0; uint32_t cntr_stores_1; TALLOC_CTX *_mem_save_stores_0; TALLOC_CTX *_mem_save_stores_1; @@ -1001,11 +1054,13 @@ static enum ndr_err_code ndr_pull_dfs_Info6(struct ndr_pull *ndr, int ndr_flags, NDR_PULL_SET_MEM_CTX(ndr, r->entry_path, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->entry_path)); NDR_CHECK(ndr_pull_array_length(ndr, &r->entry_path)); - if (ndr_get_array_length(ndr, &r->entry_path) > ndr_get_array_size(ndr, &r->entry_path)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->entry_path), ndr_get_array_length(ndr, &r->entry_path)); + size_entry_path_1 = ndr_get_array_size(ndr, &r->entry_path); + length_entry_path_1 = ndr_get_array_length(ndr, &r->entry_path); + if (length_entry_path_1 > size_entry_path_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_entry_path_1, length_entry_path_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->entry_path), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->entry_path, ndr_get_array_length(ndr, &r->entry_path), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_entry_path_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->entry_path, length_entry_path_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_entry_path_0, 0); } if (r->comment) { @@ -1013,24 +1068,27 @@ static enum ndr_err_code ndr_pull_dfs_Info6(struct ndr_pull *ndr, int ndr_flags, NDR_PULL_SET_MEM_CTX(ndr, r->comment, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->comment)); NDR_CHECK(ndr_pull_array_length(ndr, &r->comment)); - if (ndr_get_array_length(ndr, &r->comment) > ndr_get_array_size(ndr, &r->comment)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->comment), ndr_get_array_length(ndr, &r->comment)); + size_comment_1 = ndr_get_array_size(ndr, &r->comment); + length_comment_1 = ndr_get_array_length(ndr, &r->comment); + if (length_comment_1 > size_comment_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_comment_1, length_comment_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->comment), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->comment, ndr_get_array_length(ndr, &r->comment), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_comment_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->comment, length_comment_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_comment_0, 0); } if (r->stores) { _mem_save_stores_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->stores, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->stores)); - NDR_PULL_ALLOC_N(ndr, r->stores, ndr_get_array_size(ndr, &r->stores)); + size_stores_1 = ndr_get_array_size(ndr, &r->stores); + NDR_PULL_ALLOC_N(ndr, r->stores, size_stores_1); _mem_save_stores_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->stores, 0); - for (cntr_stores_1 = 0; cntr_stores_1 < r->num_stores; cntr_stores_1++) { + for (cntr_stores_1 = 0; cntr_stores_1 < size_stores_1; cntr_stores_1++) { NDR_CHECK(ndr_pull_dfs_StorageInfo2(ndr, NDR_SCALARS, &r->stores[cntr_stores_1])); } - for (cntr_stores_1 = 0; cntr_stores_1 < r->num_stores; cntr_stores_1++) { + for (cntr_stores_1 = 0; cntr_stores_1 < size_stores_1; cntr_stores_1++) { NDR_CHECK(ndr_pull_dfs_StorageInfo2(ndr, NDR_BUFFERS, &r->stores[cntr_stores_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_stores_1, 0); @@ -1134,6 +1192,8 @@ static enum ndr_err_code ndr_push_dfs_Info100(struct ndr_push *ndr, int ndr_flag static enum ndr_err_code ndr_pull_dfs_Info100(struct ndr_pull *ndr, int ndr_flags, struct dfs_Info100 *r) { uint32_t _ptr_comment; + uint32_t size_comment_1 = 0; + uint32_t length_comment_1 = 0; TALLOC_CTX *_mem_save_comment_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); @@ -1150,11 +1210,13 @@ static enum ndr_err_code ndr_pull_dfs_Info100(struct ndr_pull *ndr, int ndr_flag NDR_PULL_SET_MEM_CTX(ndr, r->comment, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->comment)); NDR_CHECK(ndr_pull_array_length(ndr, &r->comment)); - if (ndr_get_array_length(ndr, &r->comment) > ndr_get_array_size(ndr, &r->comment)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->comment), ndr_get_array_length(ndr, &r->comment)); + size_comment_1 = ndr_get_array_size(ndr, &r->comment); + length_comment_1 = ndr_get_array_length(ndr, &r->comment); + if (length_comment_1 > size_comment_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_comment_1, length_comment_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->comment), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->comment, ndr_get_array_length(ndr, &r->comment), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_comment_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->comment, length_comment_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_comment_0, 0); } } @@ -1318,6 +1380,8 @@ static enum ndr_err_code ndr_push_dfs_Info105(struct ndr_push *ndr, int ndr_flag static enum ndr_err_code ndr_pull_dfs_Info105(struct ndr_pull *ndr, int ndr_flags, struct dfs_Info105 *r) { uint32_t _ptr_comment; + uint32_t size_comment_1 = 0; + uint32_t length_comment_1 = 0; TALLOC_CTX *_mem_save_comment_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); @@ -1338,11 +1402,13 @@ static enum ndr_err_code ndr_pull_dfs_Info105(struct ndr_pull *ndr, int ndr_flag NDR_PULL_SET_MEM_CTX(ndr, r->comment, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->comment)); NDR_CHECK(ndr_pull_array_length(ndr, &r->comment)); - if (ndr_get_array_length(ndr, &r->comment) > ndr_get_array_size(ndr, &r->comment)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->comment), ndr_get_array_length(ndr, &r->comment)); + size_comment_1 = ndr_get_array_size(ndr, &r->comment); + length_comment_1 = ndr_get_array_length(ndr, &r->comment); + if (length_comment_1 > size_comment_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_comment_1, length_comment_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->comment), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->comment, ndr_get_array_length(ndr, &r->comment), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_comment_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->comment, length_comment_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_comment_0, 0); } } @@ -1419,6 +1485,8 @@ static enum ndr_err_code ndr_push_dfs_Info200(struct ndr_push *ndr, int ndr_flag static enum ndr_err_code ndr_pull_dfs_Info200(struct ndr_pull *ndr, int ndr_flags, struct dfs_Info200 *r) { uint32_t _ptr_dom_root; + uint32_t size_dom_root_1 = 0; + uint32_t length_dom_root_1 = 0; TALLOC_CTX *_mem_save_dom_root_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); @@ -1435,11 +1503,13 @@ static enum ndr_err_code ndr_pull_dfs_Info200(struct ndr_pull *ndr, int ndr_flag NDR_PULL_SET_MEM_CTX(ndr, r->dom_root, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->dom_root)); NDR_CHECK(ndr_pull_array_length(ndr, &r->dom_root)); - if (ndr_get_array_length(ndr, &r->dom_root) > ndr_get_array_size(ndr, &r->dom_root)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->dom_root), ndr_get_array_length(ndr, &r->dom_root)); + size_dom_root_1 = ndr_get_array_size(ndr, &r->dom_root); + length_dom_root_1 = ndr_get_array_length(ndr, &r->dom_root); + if (length_dom_root_1 > size_dom_root_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_dom_root_1, length_dom_root_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->dom_root), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->dom_root, ndr_get_array_length(ndr, &r->dom_root), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_dom_root_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->dom_root, length_dom_root_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_dom_root_0, 0); } } @@ -1505,6 +1575,8 @@ static enum ndr_err_code ndr_push_dfs_Info300(struct ndr_push *ndr, int ndr_flag static enum ndr_err_code ndr_pull_dfs_Info300(struct ndr_pull *ndr, int ndr_flags, struct dfs_Info300 *r) { uint32_t _ptr_dom_root; + uint32_t size_dom_root_1 = 0; + uint32_t length_dom_root_1 = 0; TALLOC_CTX *_mem_save_dom_root_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); @@ -1522,11 +1594,13 @@ static enum ndr_err_code ndr_pull_dfs_Info300(struct ndr_pull *ndr, int ndr_flag NDR_PULL_SET_MEM_CTX(ndr, r->dom_root, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->dom_root)); NDR_CHECK(ndr_pull_array_length(ndr, &r->dom_root)); - if (ndr_get_array_length(ndr, &r->dom_root) > ndr_get_array_size(ndr, &r->dom_root)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->dom_root), ndr_get_array_length(ndr, &r->dom_root)); + size_dom_root_1 = ndr_get_array_size(ndr, &r->dom_root); + length_dom_root_1 = ndr_get_array_length(ndr, &r->dom_root); + if (length_dom_root_1 > size_dom_root_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_dom_root_1, length_dom_root_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->dom_root), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->dom_root, ndr_get_array_length(ndr, &r->dom_root), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_dom_root_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->dom_root, length_dom_root_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_dom_root_0, 0); } } @@ -1722,20 +1796,35 @@ static enum ndr_err_code ndr_pull_dfs_Info(struct ndr_pull *ndr, int ndr_flags, int level; uint32_t _level; TALLOC_CTX *_mem_save_info0_0; + uint32_t _ptr_info0; TALLOC_CTX *_mem_save_info1_0; + uint32_t _ptr_info1; TALLOC_CTX *_mem_save_info2_0; + uint32_t _ptr_info2; TALLOC_CTX *_mem_save_info3_0; + uint32_t _ptr_info3; TALLOC_CTX *_mem_save_info4_0; + uint32_t _ptr_info4; TALLOC_CTX *_mem_save_info5_0; + uint32_t _ptr_info5; TALLOC_CTX *_mem_save_info6_0; + uint32_t _ptr_info6; TALLOC_CTX *_mem_save_info7_0; + uint32_t _ptr_info7; TALLOC_CTX *_mem_save_info100_0; + uint32_t _ptr_info100; TALLOC_CTX *_mem_save_info101_0; + uint32_t _ptr_info101; TALLOC_CTX *_mem_save_info102_0; + uint32_t _ptr_info102; TALLOC_CTX *_mem_save_info103_0; + uint32_t _ptr_info103; TALLOC_CTX *_mem_save_info104_0; + uint32_t _ptr_info104; TALLOC_CTX *_mem_save_info105_0; + uint32_t _ptr_info105; TALLOC_CTX *_mem_save_info106_0; + uint32_t _ptr_info106; level = ndr_pull_get_switch_value(ndr, r); if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &_level)); @@ -1744,7 +1833,6 @@ static enum ndr_err_code ndr_pull_dfs_Info(struct ndr_pull *ndr, int ndr_flags, } switch (level) { case 0: { - uint32_t _ptr_info0; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info0)); if (_ptr_info0) { NDR_PULL_ALLOC(ndr, r->info0); @@ -1754,7 +1842,6 @@ static enum ndr_err_code ndr_pull_dfs_Info(struct ndr_pull *ndr, int ndr_flags, break; } case 1: { - uint32_t _ptr_info1; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info1)); if (_ptr_info1) { NDR_PULL_ALLOC(ndr, r->info1); @@ -1764,7 +1851,6 @@ static enum ndr_err_code ndr_pull_dfs_Info(struct ndr_pull *ndr, int ndr_flags, break; } case 2: { - uint32_t _ptr_info2; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info2)); if (_ptr_info2) { NDR_PULL_ALLOC(ndr, r->info2); @@ -1774,7 +1860,6 @@ static enum ndr_err_code ndr_pull_dfs_Info(struct ndr_pull *ndr, int ndr_flags, break; } case 3: { - uint32_t _ptr_info3; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info3)); if (_ptr_info3) { NDR_PULL_ALLOC(ndr, r->info3); @@ -1784,7 +1869,6 @@ static enum ndr_err_code ndr_pull_dfs_Info(struct ndr_pull *ndr, int ndr_flags, break; } case 4: { - uint32_t _ptr_info4; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info4)); if (_ptr_info4) { NDR_PULL_ALLOC(ndr, r->info4); @@ -1794,7 +1878,6 @@ static enum ndr_err_code ndr_pull_dfs_Info(struct ndr_pull *ndr, int ndr_flags, break; } case 5: { - uint32_t _ptr_info5; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info5)); if (_ptr_info5) { NDR_PULL_ALLOC(ndr, r->info5); @@ -1804,7 +1887,6 @@ static enum ndr_err_code ndr_pull_dfs_Info(struct ndr_pull *ndr, int ndr_flags, break; } case 6: { - uint32_t _ptr_info6; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info6)); if (_ptr_info6) { NDR_PULL_ALLOC(ndr, r->info6); @@ -1814,7 +1896,6 @@ static enum ndr_err_code ndr_pull_dfs_Info(struct ndr_pull *ndr, int ndr_flags, break; } case 7: { - uint32_t _ptr_info7; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info7)); if (_ptr_info7) { NDR_PULL_ALLOC(ndr, r->info7); @@ -1824,7 +1905,6 @@ static enum ndr_err_code ndr_pull_dfs_Info(struct ndr_pull *ndr, int ndr_flags, break; } case 100: { - uint32_t _ptr_info100; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info100)); if (_ptr_info100) { NDR_PULL_ALLOC(ndr, r->info100); @@ -1834,7 +1914,6 @@ static enum ndr_err_code ndr_pull_dfs_Info(struct ndr_pull *ndr, int ndr_flags, break; } case 101: { - uint32_t _ptr_info101; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info101)); if (_ptr_info101) { NDR_PULL_ALLOC(ndr, r->info101); @@ -1844,7 +1923,6 @@ static enum ndr_err_code ndr_pull_dfs_Info(struct ndr_pull *ndr, int ndr_flags, break; } case 102: { - uint32_t _ptr_info102; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info102)); if (_ptr_info102) { NDR_PULL_ALLOC(ndr, r->info102); @@ -1854,7 +1932,6 @@ static enum ndr_err_code ndr_pull_dfs_Info(struct ndr_pull *ndr, int ndr_flags, break; } case 103: { - uint32_t _ptr_info103; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info103)); if (_ptr_info103) { NDR_PULL_ALLOC(ndr, r->info103); @@ -1864,7 +1941,6 @@ static enum ndr_err_code ndr_pull_dfs_Info(struct ndr_pull *ndr, int ndr_flags, break; } case 104: { - uint32_t _ptr_info104; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info104)); if (_ptr_info104) { NDR_PULL_ALLOC(ndr, r->info104); @@ -1874,7 +1950,6 @@ static enum ndr_err_code ndr_pull_dfs_Info(struct ndr_pull *ndr, int ndr_flags, break; } case 105: { - uint32_t _ptr_info105; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info105)); if (_ptr_info105) { NDR_PULL_ALLOC(ndr, r->info105); @@ -1884,7 +1959,6 @@ static enum ndr_err_code ndr_pull_dfs_Info(struct ndr_pull *ndr, int ndr_flags, break; } case 106: { - uint32_t _ptr_info106; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info106)); if (_ptr_info106) { NDR_PULL_ALLOC(ndr, r->info106); @@ -2212,6 +2286,7 @@ static enum ndr_err_code ndr_push_dfs_EnumArray1(struct ndr_push *ndr, int ndr_f static enum ndr_err_code ndr_pull_dfs_EnumArray1(struct ndr_pull *ndr, int ndr_flags, struct dfs_EnumArray1 *r) { uint32_t _ptr_s; + uint32_t size_s_1 = 0; uint32_t cntr_s_1; TALLOC_CTX *_mem_save_s_0; TALLOC_CTX *_mem_save_s_1; @@ -2230,13 +2305,14 @@ static enum ndr_err_code ndr_pull_dfs_EnumArray1(struct ndr_pull *ndr, int ndr_f _mem_save_s_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->s, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->s)); - NDR_PULL_ALLOC_N(ndr, r->s, ndr_get_array_size(ndr, &r->s)); + size_s_1 = ndr_get_array_size(ndr, &r->s); + NDR_PULL_ALLOC_N(ndr, r->s, size_s_1); _mem_save_s_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->s, 0); - for (cntr_s_1 = 0; cntr_s_1 < r->count; cntr_s_1++) { + for (cntr_s_1 = 0; cntr_s_1 < size_s_1; cntr_s_1++) { NDR_CHECK(ndr_pull_dfs_Info1(ndr, NDR_SCALARS, &r->s[cntr_s_1])); } - for (cntr_s_1 = 0; cntr_s_1 < r->count; cntr_s_1++) { + for (cntr_s_1 = 0; cntr_s_1 < size_s_1; cntr_s_1++) { NDR_CHECK(ndr_pull_dfs_Info1(ndr, NDR_BUFFERS, &r->s[cntr_s_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_s_1, 0); @@ -2298,6 +2374,7 @@ static enum ndr_err_code ndr_push_dfs_EnumArray2(struct ndr_push *ndr, int ndr_f static enum ndr_err_code ndr_pull_dfs_EnumArray2(struct ndr_pull *ndr, int ndr_flags, struct dfs_EnumArray2 *r) { uint32_t _ptr_s; + uint32_t size_s_1 = 0; uint32_t cntr_s_1; TALLOC_CTX *_mem_save_s_0; TALLOC_CTX *_mem_save_s_1; @@ -2316,13 +2393,14 @@ static enum ndr_err_code ndr_pull_dfs_EnumArray2(struct ndr_pull *ndr, int ndr_f _mem_save_s_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->s, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->s)); - NDR_PULL_ALLOC_N(ndr, r->s, ndr_get_array_size(ndr, &r->s)); + size_s_1 = ndr_get_array_size(ndr, &r->s); + NDR_PULL_ALLOC_N(ndr, r->s, size_s_1); _mem_save_s_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->s, 0); - for (cntr_s_1 = 0; cntr_s_1 < r->count; cntr_s_1++) { + for (cntr_s_1 = 0; cntr_s_1 < size_s_1; cntr_s_1++) { NDR_CHECK(ndr_pull_dfs_Info2(ndr, NDR_SCALARS, &r->s[cntr_s_1])); } - for (cntr_s_1 = 0; cntr_s_1 < r->count; cntr_s_1++) { + for (cntr_s_1 = 0; cntr_s_1 < size_s_1; cntr_s_1++) { NDR_CHECK(ndr_pull_dfs_Info2(ndr, NDR_BUFFERS, &r->s[cntr_s_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_s_1, 0); @@ -2384,6 +2462,7 @@ static enum ndr_err_code ndr_push_dfs_EnumArray3(struct ndr_push *ndr, int ndr_f static enum ndr_err_code ndr_pull_dfs_EnumArray3(struct ndr_pull *ndr, int ndr_flags, struct dfs_EnumArray3 *r) { uint32_t _ptr_s; + uint32_t size_s_1 = 0; uint32_t cntr_s_1; TALLOC_CTX *_mem_save_s_0; TALLOC_CTX *_mem_save_s_1; @@ -2402,13 +2481,14 @@ static enum ndr_err_code ndr_pull_dfs_EnumArray3(struct ndr_pull *ndr, int ndr_f _mem_save_s_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->s, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->s)); - NDR_PULL_ALLOC_N(ndr, r->s, ndr_get_array_size(ndr, &r->s)); + size_s_1 = ndr_get_array_size(ndr, &r->s); + NDR_PULL_ALLOC_N(ndr, r->s, size_s_1); _mem_save_s_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->s, 0); - for (cntr_s_1 = 0; cntr_s_1 < r->count; cntr_s_1++) { + for (cntr_s_1 = 0; cntr_s_1 < size_s_1; cntr_s_1++) { NDR_CHECK(ndr_pull_dfs_Info3(ndr, NDR_SCALARS, &r->s[cntr_s_1])); } - for (cntr_s_1 = 0; cntr_s_1 < r->count; cntr_s_1++) { + for (cntr_s_1 = 0; cntr_s_1 < size_s_1; cntr_s_1++) { NDR_CHECK(ndr_pull_dfs_Info3(ndr, NDR_BUFFERS, &r->s[cntr_s_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_s_1, 0); @@ -2470,6 +2550,7 @@ static enum ndr_err_code ndr_push_dfs_EnumArray4(struct ndr_push *ndr, int ndr_f static enum ndr_err_code ndr_pull_dfs_EnumArray4(struct ndr_pull *ndr, int ndr_flags, struct dfs_EnumArray4 *r) { uint32_t _ptr_s; + uint32_t size_s_1 = 0; uint32_t cntr_s_1; TALLOC_CTX *_mem_save_s_0; TALLOC_CTX *_mem_save_s_1; @@ -2488,13 +2569,14 @@ static enum ndr_err_code ndr_pull_dfs_EnumArray4(struct ndr_pull *ndr, int ndr_f _mem_save_s_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->s, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->s)); - NDR_PULL_ALLOC_N(ndr, r->s, ndr_get_array_size(ndr, &r->s)); + size_s_1 = ndr_get_array_size(ndr, &r->s); + NDR_PULL_ALLOC_N(ndr, r->s, size_s_1); _mem_save_s_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->s, 0); - for (cntr_s_1 = 0; cntr_s_1 < r->count; cntr_s_1++) { + for (cntr_s_1 = 0; cntr_s_1 < size_s_1; cntr_s_1++) { NDR_CHECK(ndr_pull_dfs_Info4(ndr, NDR_SCALARS, &r->s[cntr_s_1])); } - for (cntr_s_1 = 0; cntr_s_1 < r->count; cntr_s_1++) { + for (cntr_s_1 = 0; cntr_s_1 < size_s_1; cntr_s_1++) { NDR_CHECK(ndr_pull_dfs_Info4(ndr, NDR_BUFFERS, &r->s[cntr_s_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_s_1, 0); @@ -2556,6 +2638,7 @@ static enum ndr_err_code ndr_push_dfs_EnumArray5(struct ndr_push *ndr, int ndr_f static enum ndr_err_code ndr_pull_dfs_EnumArray5(struct ndr_pull *ndr, int ndr_flags, struct dfs_EnumArray5 *r) { uint32_t _ptr_s; + uint32_t size_s_1 = 0; uint32_t cntr_s_1; TALLOC_CTX *_mem_save_s_0; TALLOC_CTX *_mem_save_s_1; @@ -2574,13 +2657,14 @@ static enum ndr_err_code ndr_pull_dfs_EnumArray5(struct ndr_pull *ndr, int ndr_f _mem_save_s_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->s, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->s)); - NDR_PULL_ALLOC_N(ndr, r->s, ndr_get_array_size(ndr, &r->s)); + size_s_1 = ndr_get_array_size(ndr, &r->s); + NDR_PULL_ALLOC_N(ndr, r->s, size_s_1); _mem_save_s_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->s, 0); - for (cntr_s_1 = 0; cntr_s_1 < r->count; cntr_s_1++) { + for (cntr_s_1 = 0; cntr_s_1 < size_s_1; cntr_s_1++) { NDR_CHECK(ndr_pull_dfs_Info5(ndr, NDR_SCALARS, &r->s[cntr_s_1])); } - for (cntr_s_1 = 0; cntr_s_1 < r->count; cntr_s_1++) { + for (cntr_s_1 = 0; cntr_s_1 < size_s_1; cntr_s_1++) { NDR_CHECK(ndr_pull_dfs_Info5(ndr, NDR_BUFFERS, &r->s[cntr_s_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_s_1, 0); @@ -2642,6 +2726,7 @@ static enum ndr_err_code ndr_push_dfs_EnumArray6(struct ndr_push *ndr, int ndr_f static enum ndr_err_code ndr_pull_dfs_EnumArray6(struct ndr_pull *ndr, int ndr_flags, struct dfs_EnumArray6 *r) { uint32_t _ptr_s; + uint32_t size_s_1 = 0; uint32_t cntr_s_1; TALLOC_CTX *_mem_save_s_0; TALLOC_CTX *_mem_save_s_1; @@ -2660,13 +2745,14 @@ static enum ndr_err_code ndr_pull_dfs_EnumArray6(struct ndr_pull *ndr, int ndr_f _mem_save_s_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->s, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->s)); - NDR_PULL_ALLOC_N(ndr, r->s, ndr_get_array_size(ndr, &r->s)); + size_s_1 = ndr_get_array_size(ndr, &r->s); + NDR_PULL_ALLOC_N(ndr, r->s, size_s_1); _mem_save_s_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->s, 0); - for (cntr_s_1 = 0; cntr_s_1 < r->count; cntr_s_1++) { + for (cntr_s_1 = 0; cntr_s_1 < size_s_1; cntr_s_1++) { NDR_CHECK(ndr_pull_dfs_Info6(ndr, NDR_SCALARS, &r->s[cntr_s_1])); } - for (cntr_s_1 = 0; cntr_s_1 < r->count; cntr_s_1++) { + for (cntr_s_1 = 0; cntr_s_1 < size_s_1; cntr_s_1++) { NDR_CHECK(ndr_pull_dfs_Info6(ndr, NDR_BUFFERS, &r->s[cntr_s_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_s_1, 0); @@ -2728,6 +2814,7 @@ static enum ndr_err_code ndr_push_dfs_EnumArray200(struct ndr_push *ndr, int ndr static enum ndr_err_code ndr_pull_dfs_EnumArray200(struct ndr_pull *ndr, int ndr_flags, struct dfs_EnumArray200 *r) { uint32_t _ptr_s; + uint32_t size_s_1 = 0; uint32_t cntr_s_1; TALLOC_CTX *_mem_save_s_0; TALLOC_CTX *_mem_save_s_1; @@ -2746,13 +2833,14 @@ static enum ndr_err_code ndr_pull_dfs_EnumArray200(struct ndr_pull *ndr, int ndr _mem_save_s_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->s, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->s)); - NDR_PULL_ALLOC_N(ndr, r->s, ndr_get_array_size(ndr, &r->s)); + size_s_1 = ndr_get_array_size(ndr, &r->s); + NDR_PULL_ALLOC_N(ndr, r->s, size_s_1); _mem_save_s_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->s, 0); - for (cntr_s_1 = 0; cntr_s_1 < r->count; cntr_s_1++) { + for (cntr_s_1 = 0; cntr_s_1 < size_s_1; cntr_s_1++) { NDR_CHECK(ndr_pull_dfs_Info200(ndr, NDR_SCALARS, &r->s[cntr_s_1])); } - for (cntr_s_1 = 0; cntr_s_1 < r->count; cntr_s_1++) { + for (cntr_s_1 = 0; cntr_s_1 < size_s_1; cntr_s_1++) { NDR_CHECK(ndr_pull_dfs_Info200(ndr, NDR_BUFFERS, &r->s[cntr_s_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_s_1, 0); @@ -2814,6 +2902,7 @@ static enum ndr_err_code ndr_push_dfs_EnumArray300(struct ndr_push *ndr, int ndr static enum ndr_err_code ndr_pull_dfs_EnumArray300(struct ndr_pull *ndr, int ndr_flags, struct dfs_EnumArray300 *r) { uint32_t _ptr_s; + uint32_t size_s_1 = 0; uint32_t cntr_s_1; TALLOC_CTX *_mem_save_s_0; TALLOC_CTX *_mem_save_s_1; @@ -2832,13 +2921,14 @@ static enum ndr_err_code ndr_pull_dfs_EnumArray300(struct ndr_pull *ndr, int ndr _mem_save_s_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->s, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->s)); - NDR_PULL_ALLOC_N(ndr, r->s, ndr_get_array_size(ndr, &r->s)); + size_s_1 = ndr_get_array_size(ndr, &r->s); + NDR_PULL_ALLOC_N(ndr, r->s, size_s_1); _mem_save_s_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->s, 0); - for (cntr_s_1 = 0; cntr_s_1 < r->count; cntr_s_1++) { + for (cntr_s_1 = 0; cntr_s_1 < size_s_1; cntr_s_1++) { NDR_CHECK(ndr_pull_dfs_Info300(ndr, NDR_SCALARS, &r->s[cntr_s_1])); } - for (cntr_s_1 = 0; cntr_s_1 < r->count; cntr_s_1++) { + for (cntr_s_1 = 0; cntr_s_1 < size_s_1; cntr_s_1++) { NDR_CHECK(ndr_pull_dfs_Info300(ndr, NDR_BUFFERS, &r->s[cntr_s_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_s_1, 0); @@ -2980,13 +3070,21 @@ static enum ndr_err_code ndr_pull_dfs_EnumInfo(struct ndr_pull *ndr, int ndr_fla int level; uint32_t _level; TALLOC_CTX *_mem_save_info1_0; + uint32_t _ptr_info1; TALLOC_CTX *_mem_save_info2_0; + uint32_t _ptr_info2; TALLOC_CTX *_mem_save_info3_0; + uint32_t _ptr_info3; TALLOC_CTX *_mem_save_info4_0; + uint32_t _ptr_info4; TALLOC_CTX *_mem_save_info5_0; + uint32_t _ptr_info5; TALLOC_CTX *_mem_save_info6_0; + uint32_t _ptr_info6; TALLOC_CTX *_mem_save_info200_0; + uint32_t _ptr_info200; TALLOC_CTX *_mem_save_info300_0; + uint32_t _ptr_info300; level = ndr_pull_get_switch_value(ndr, r); if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &_level)); @@ -2995,7 +3093,6 @@ static enum ndr_err_code ndr_pull_dfs_EnumInfo(struct ndr_pull *ndr, int ndr_fla } switch (level) { case 1: { - uint32_t _ptr_info1; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info1)); if (_ptr_info1) { NDR_PULL_ALLOC(ndr, r->info1); @@ -3005,7 +3102,6 @@ static enum ndr_err_code ndr_pull_dfs_EnumInfo(struct ndr_pull *ndr, int ndr_fla break; } case 2: { - uint32_t _ptr_info2; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info2)); if (_ptr_info2) { NDR_PULL_ALLOC(ndr, r->info2); @@ -3015,7 +3111,6 @@ static enum ndr_err_code ndr_pull_dfs_EnumInfo(struct ndr_pull *ndr, int ndr_fla break; } case 3: { - uint32_t _ptr_info3; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info3)); if (_ptr_info3) { NDR_PULL_ALLOC(ndr, r->info3); @@ -3025,7 +3120,6 @@ static enum ndr_err_code ndr_pull_dfs_EnumInfo(struct ndr_pull *ndr, int ndr_fla break; } case 4: { - uint32_t _ptr_info4; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info4)); if (_ptr_info4) { NDR_PULL_ALLOC(ndr, r->info4); @@ -3035,7 +3129,6 @@ static enum ndr_err_code ndr_pull_dfs_EnumInfo(struct ndr_pull *ndr, int ndr_fla break; } case 5: { - uint32_t _ptr_info5; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info5)); if (_ptr_info5) { NDR_PULL_ALLOC(ndr, r->info5); @@ -3045,7 +3138,6 @@ static enum ndr_err_code ndr_pull_dfs_EnumInfo(struct ndr_pull *ndr, int ndr_fla break; } case 6: { - uint32_t _ptr_info6; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info6)); if (_ptr_info6) { NDR_PULL_ALLOC(ndr, r->info6); @@ -3055,7 +3147,6 @@ static enum ndr_err_code ndr_pull_dfs_EnumInfo(struct ndr_pull *ndr, int ndr_fla break; } case 200: { - uint32_t _ptr_info200; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info200)); if (_ptr_info200) { NDR_PULL_ALLOC(ndr, r->info200); @@ -3065,7 +3156,6 @@ static enum ndr_err_code ndr_pull_dfs_EnumInfo(struct ndr_pull *ndr, int ndr_fla break; } case 300: { - uint32_t _ptr_info300; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info300)); if (_ptr_info300) { NDR_PULL_ALLOC(ndr, r->info300); @@ -3301,6 +3391,8 @@ static enum ndr_err_code ndr_push_dfs_UnknownStruct(struct ndr_push *ndr, int nd static enum ndr_err_code ndr_pull_dfs_UnknownStruct(struct ndr_pull *ndr, int ndr_flags, struct dfs_UnknownStruct *r) { uint32_t _ptr_unknown2; + uint32_t size_unknown2_1 = 0; + uint32_t length_unknown2_1 = 0; TALLOC_CTX *_mem_save_unknown2_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); @@ -3318,11 +3410,13 @@ static enum ndr_err_code ndr_pull_dfs_UnknownStruct(struct ndr_pull *ndr, int nd NDR_PULL_SET_MEM_CTX(ndr, r->unknown2, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->unknown2)); NDR_CHECK(ndr_pull_array_length(ndr, &r->unknown2)); - if (ndr_get_array_length(ndr, &r->unknown2) > ndr_get_array_size(ndr, &r->unknown2)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->unknown2), ndr_get_array_length(ndr, &r->unknown2)); + size_unknown2_1 = ndr_get_array_size(ndr, &r->unknown2); + length_unknown2_1 = ndr_get_array_length(ndr, &r->unknown2); + if (length_unknown2_1 > size_unknown2_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_unknown2_1, length_unknown2_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->unknown2), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->unknown2, ndr_get_array_length(ndr, &r->unknown2), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_unknown2_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->unknown2, length_unknown2_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_unknown2_0, 0); } } @@ -3442,25 +3536,37 @@ static enum ndr_err_code ndr_push_dfs_Add(struct ndr_push *ndr, int flags, const static enum ndr_err_code ndr_pull_dfs_Add(struct ndr_pull *ndr, int flags, struct dfs_Add *r) { + uint32_t size_path_1 = 0; + uint32_t length_path_1 = 0; + uint32_t size_server_1 = 0; + uint32_t length_server_1 = 0; uint32_t _ptr_share; + uint32_t size_share_1 = 0; + uint32_t length_share_1 = 0; uint32_t _ptr_comment; + uint32_t size_comment_1 = 0; + uint32_t length_comment_1 = 0; TALLOC_CTX *_mem_save_share_0; TALLOC_CTX *_mem_save_comment_0; if (flags & NDR_IN) { NDR_CHECK(ndr_pull_array_size(ndr, &r->in.path)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.path)); - if (ndr_get_array_length(ndr, &r->in.path) > ndr_get_array_size(ndr, &r->in.path)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.path), ndr_get_array_length(ndr, &r->in.path)); + size_path_1 = ndr_get_array_size(ndr, &r->in.path); + length_path_1 = ndr_get_array_length(ndr, &r->in.path); + if (length_path_1 > size_path_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_path_1, length_path_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.path), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.path, ndr_get_array_length(ndr, &r->in.path), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_path_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.path, length_path_1, sizeof(uint16_t), CH_UTF16)); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.server)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.server)); - if (ndr_get_array_length(ndr, &r->in.server) > ndr_get_array_size(ndr, &r->in.server)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.server), ndr_get_array_length(ndr, &r->in.server)); + size_server_1 = ndr_get_array_size(ndr, &r->in.server); + length_server_1 = ndr_get_array_length(ndr, &r->in.server); + if (length_server_1 > size_server_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_1, length_server_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.server), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server, ndr_get_array_length(ndr, &r->in.server), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server, length_server_1, sizeof(uint16_t), CH_UTF16)); NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_share)); if (_ptr_share) { NDR_PULL_ALLOC(ndr, r->in.share); @@ -3472,11 +3578,13 @@ static enum ndr_err_code ndr_pull_dfs_Add(struct ndr_pull *ndr, int flags, struc NDR_PULL_SET_MEM_CTX(ndr, r->in.share, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.share)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.share)); - if (ndr_get_array_length(ndr, &r->in.share) > ndr_get_array_size(ndr, &r->in.share)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.share), ndr_get_array_length(ndr, &r->in.share)); + size_share_1 = ndr_get_array_size(ndr, &r->in.share); + length_share_1 = ndr_get_array_length(ndr, &r->in.share); + if (length_share_1 > size_share_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_share_1, length_share_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.share), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.share, ndr_get_array_length(ndr, &r->in.share), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_share_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.share, length_share_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_share_0, 0); } NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_comment)); @@ -3490,11 +3598,13 @@ static enum ndr_err_code ndr_pull_dfs_Add(struct ndr_pull *ndr, int flags, struc NDR_PULL_SET_MEM_CTX(ndr, r->in.comment, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.comment)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.comment)); - if (ndr_get_array_length(ndr, &r->in.comment) > ndr_get_array_size(ndr, &r->in.comment)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.comment), ndr_get_array_length(ndr, &r->in.comment)); + size_comment_1 = ndr_get_array_size(ndr, &r->in.comment); + length_comment_1 = ndr_get_array_length(ndr, &r->in.comment); + if (length_comment_1 > size_comment_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_comment_1, length_comment_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.comment), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.comment, ndr_get_array_length(ndr, &r->in.comment), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_comment_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.comment, length_comment_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_comment_0, 0); } NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.flags)); @@ -3580,18 +3690,26 @@ static enum ndr_err_code ndr_push_dfs_Remove(struct ndr_push *ndr, int flags, co static enum ndr_err_code ndr_pull_dfs_Remove(struct ndr_pull *ndr, int flags, struct dfs_Remove *r) { + uint32_t size_dfs_entry_path_1 = 0; + uint32_t length_dfs_entry_path_1 = 0; uint32_t _ptr_servername; + uint32_t size_servername_1 = 0; + uint32_t length_servername_1 = 0; uint32_t _ptr_sharename; + uint32_t size_sharename_1 = 0; + uint32_t length_sharename_1 = 0; TALLOC_CTX *_mem_save_servername_0; TALLOC_CTX *_mem_save_sharename_0; if (flags & NDR_IN) { NDR_CHECK(ndr_pull_array_size(ndr, &r->in.dfs_entry_path)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.dfs_entry_path)); - if (ndr_get_array_length(ndr, &r->in.dfs_entry_path) > ndr_get_array_size(ndr, &r->in.dfs_entry_path)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.dfs_entry_path), ndr_get_array_length(ndr, &r->in.dfs_entry_path)); + size_dfs_entry_path_1 = ndr_get_array_size(ndr, &r->in.dfs_entry_path); + length_dfs_entry_path_1 = ndr_get_array_length(ndr, &r->in.dfs_entry_path); + if (length_dfs_entry_path_1 > size_dfs_entry_path_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_dfs_entry_path_1, length_dfs_entry_path_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.dfs_entry_path), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.dfs_entry_path, ndr_get_array_length(ndr, &r->in.dfs_entry_path), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_dfs_entry_path_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.dfs_entry_path, length_dfs_entry_path_1, sizeof(uint16_t), CH_UTF16)); NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_servername)); if (_ptr_servername) { NDR_PULL_ALLOC(ndr, r->in.servername); @@ -3603,11 +3721,13 @@ static enum ndr_err_code ndr_pull_dfs_Remove(struct ndr_pull *ndr, int flags, st NDR_PULL_SET_MEM_CTX(ndr, r->in.servername, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.servername)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.servername)); - if (ndr_get_array_length(ndr, &r->in.servername) > ndr_get_array_size(ndr, &r->in.servername)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.servername), ndr_get_array_length(ndr, &r->in.servername)); + size_servername_1 = ndr_get_array_size(ndr, &r->in.servername); + length_servername_1 = ndr_get_array_length(ndr, &r->in.servername); + if (length_servername_1 > size_servername_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_servername_1, length_servername_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.servername), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.servername, ndr_get_array_length(ndr, &r->in.servername), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_servername_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.servername, length_servername_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_servername_0, 0); } NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_sharename)); @@ -3621,11 +3741,13 @@ static enum ndr_err_code ndr_pull_dfs_Remove(struct ndr_pull *ndr, int flags, st NDR_PULL_SET_MEM_CTX(ndr, r->in.sharename, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.sharename)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.sharename)); - if (ndr_get_array_length(ndr, &r->in.sharename) > ndr_get_array_size(ndr, &r->in.sharename)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.sharename), ndr_get_array_length(ndr, &r->in.sharename)); + size_sharename_1 = ndr_get_array_size(ndr, &r->in.sharename); + length_sharename_1 = ndr_get_array_length(ndr, &r->in.sharename); + if (length_sharename_1 > size_sharename_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_sharename_1, length_sharename_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.sharename), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.sharename, ndr_get_array_length(ndr, &r->in.sharename), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_sharename_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.sharename, length_sharename_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_sharename_0, 0); } } @@ -3708,19 +3830,27 @@ static enum ndr_err_code ndr_push_dfs_SetInfo(struct ndr_push *ndr, int flags, c static enum ndr_err_code ndr_pull_dfs_SetInfo(struct ndr_pull *ndr, int flags, struct dfs_SetInfo *r) { + uint32_t size_dfs_entry_path_0 = 0; + uint32_t length_dfs_entry_path_0 = 0; uint32_t _ptr_servername; + uint32_t size_servername_1 = 0; + uint32_t length_servername_1 = 0; uint32_t _ptr_sharename; + uint32_t size_sharename_1 = 0; + uint32_t length_sharename_1 = 0; TALLOC_CTX *_mem_save_servername_0; TALLOC_CTX *_mem_save_sharename_0; TALLOC_CTX *_mem_save_info_0; if (flags & NDR_IN) { NDR_CHECK(ndr_pull_array_size(ndr, &r->in.dfs_entry_path)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.dfs_entry_path)); - if (ndr_get_array_length(ndr, &r->in.dfs_entry_path) > ndr_get_array_size(ndr, &r->in.dfs_entry_path)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.dfs_entry_path), ndr_get_array_length(ndr, &r->in.dfs_entry_path)); + size_dfs_entry_path_0 = ndr_get_array_size(ndr, &r->in.dfs_entry_path); + length_dfs_entry_path_0 = ndr_get_array_length(ndr, &r->in.dfs_entry_path); + if (length_dfs_entry_path_0 > size_dfs_entry_path_0) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_dfs_entry_path_0, length_dfs_entry_path_0); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.dfs_entry_path), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.dfs_entry_path, ndr_get_array_length(ndr, &r->in.dfs_entry_path), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_dfs_entry_path_0, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.dfs_entry_path, length_dfs_entry_path_0, sizeof(uint16_t), CH_UTF16)); NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_servername)); if (_ptr_servername) { NDR_PULL_ALLOC(ndr, r->in.servername); @@ -3732,11 +3862,13 @@ static enum ndr_err_code ndr_pull_dfs_SetInfo(struct ndr_pull *ndr, int flags, s NDR_PULL_SET_MEM_CTX(ndr, r->in.servername, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.servername)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.servername)); - if (ndr_get_array_length(ndr, &r->in.servername) > ndr_get_array_size(ndr, &r->in.servername)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.servername), ndr_get_array_length(ndr, &r->in.servername)); + size_servername_1 = ndr_get_array_size(ndr, &r->in.servername); + length_servername_1 = ndr_get_array_length(ndr, &r->in.servername); + if (length_servername_1 > size_servername_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_servername_1, length_servername_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.servername), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.servername, ndr_get_array_length(ndr, &r->in.servername), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_servername_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.servername, length_servername_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_servername_0, 0); } NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_sharename)); @@ -3750,11 +3882,13 @@ static enum ndr_err_code ndr_pull_dfs_SetInfo(struct ndr_pull *ndr, int flags, s NDR_PULL_SET_MEM_CTX(ndr, r->in.sharename, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.sharename)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.sharename)); - if (ndr_get_array_length(ndr, &r->in.sharename) > ndr_get_array_size(ndr, &r->in.sharename)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.sharename), ndr_get_array_length(ndr, &r->in.sharename)); + size_sharename_1 = ndr_get_array_size(ndr, &r->in.sharename); + length_sharename_1 = ndr_get_array_length(ndr, &r->in.sharename); + if (length_sharename_1 > size_sharename_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_sharename_1, length_sharename_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.sharename), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.sharename, ndr_get_array_length(ndr, &r->in.sharename), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_sharename_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.sharename, length_sharename_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_sharename_0, 0); } NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.level)); @@ -3849,8 +3983,14 @@ static enum ndr_err_code ndr_push_dfs_GetInfo(struct ndr_push *ndr, int flags, c static enum ndr_err_code ndr_pull_dfs_GetInfo(struct ndr_pull *ndr, int flags, struct dfs_GetInfo *r) { + uint32_t size_dfs_entry_path_0 = 0; + uint32_t length_dfs_entry_path_0 = 0; uint32_t _ptr_servername; + uint32_t size_servername_1 = 0; + uint32_t length_servername_1 = 0; uint32_t _ptr_sharename; + uint32_t size_sharename_1 = 0; + uint32_t length_sharename_1 = 0; TALLOC_CTX *_mem_save_servername_0; TALLOC_CTX *_mem_save_sharename_0; TALLOC_CTX *_mem_save_info_0; @@ -3859,11 +3999,13 @@ static enum ndr_err_code ndr_pull_dfs_GetInfo(struct ndr_pull *ndr, int flags, s NDR_CHECK(ndr_pull_array_size(ndr, &r->in.dfs_entry_path)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.dfs_entry_path)); - if (ndr_get_array_length(ndr, &r->in.dfs_entry_path) > ndr_get_array_size(ndr, &r->in.dfs_entry_path)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.dfs_entry_path), ndr_get_array_length(ndr, &r->in.dfs_entry_path)); + size_dfs_entry_path_0 = ndr_get_array_size(ndr, &r->in.dfs_entry_path); + length_dfs_entry_path_0 = ndr_get_array_length(ndr, &r->in.dfs_entry_path); + if (length_dfs_entry_path_0 > size_dfs_entry_path_0) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_dfs_entry_path_0, length_dfs_entry_path_0); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.dfs_entry_path), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.dfs_entry_path, ndr_get_array_length(ndr, &r->in.dfs_entry_path), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_dfs_entry_path_0, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.dfs_entry_path, length_dfs_entry_path_0, sizeof(uint16_t), CH_UTF16)); NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_servername)); if (_ptr_servername) { NDR_PULL_ALLOC(ndr, r->in.servername); @@ -3875,11 +4017,13 @@ static enum ndr_err_code ndr_pull_dfs_GetInfo(struct ndr_pull *ndr, int flags, s NDR_PULL_SET_MEM_CTX(ndr, r->in.servername, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.servername)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.servername)); - if (ndr_get_array_length(ndr, &r->in.servername) > ndr_get_array_size(ndr, &r->in.servername)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.servername), ndr_get_array_length(ndr, &r->in.servername)); + size_servername_1 = ndr_get_array_size(ndr, &r->in.servername); + length_servername_1 = ndr_get_array_length(ndr, &r->in.servername); + if (length_servername_1 > size_servername_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_servername_1, length_servername_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.servername), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.servername, ndr_get_array_length(ndr, &r->in.servername), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_servername_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.servername, length_servername_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_servername_0, 0); } NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_sharename)); @@ -3893,11 +4037,13 @@ static enum ndr_err_code ndr_pull_dfs_GetInfo(struct ndr_pull *ndr, int flags, s NDR_PULL_SET_MEM_CTX(ndr, r->in.sharename, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.sharename)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.sharename)); - if (ndr_get_array_length(ndr, &r->in.sharename) > ndr_get_array_size(ndr, &r->in.sharename)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.sharename), ndr_get_array_length(ndr, &r->in.sharename)); + size_sharename_1 = ndr_get_array_size(ndr, &r->in.sharename); + length_sharename_1 = ndr_get_array_length(ndr, &r->in.sharename); + if (length_sharename_1 > size_sharename_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_sharename_1, length_sharename_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.sharename), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.sharename, ndr_get_array_length(ndr, &r->in.sharename), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_sharename_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.sharename, length_sharename_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_sharename_0, 0); } NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.level)); @@ -4315,6 +4461,18 @@ static enum ndr_err_code ndr_push_dfs_AddFtRoot(struct ndr_push *ndr, int flags, static enum ndr_err_code ndr_pull_dfs_AddFtRoot(struct ndr_pull *ndr, int flags, struct dfs_AddFtRoot *r) { + uint32_t size_servername_0 = 0; + uint32_t length_servername_0 = 0; + uint32_t size_dns_servername_0 = 0; + uint32_t length_dns_servername_0 = 0; + uint32_t size_dfsname_0 = 0; + uint32_t length_dfsname_0 = 0; + uint32_t size_rootshare_0 = 0; + uint32_t length_rootshare_0 = 0; + uint32_t size_comment_0 = 0; + uint32_t length_comment_0 = 0; + uint32_t size_dfs_config_dn_0 = 0; + uint32_t length_dfs_config_dn_0 = 0; uint32_t _ptr_unknown2; TALLOC_CTX *_mem_save_unknown2_0; TALLOC_CTX *_mem_save_unknown2_1; @@ -4323,46 +4481,58 @@ static enum ndr_err_code ndr_pull_dfs_AddFtRoot(struct ndr_pull *ndr, int flags, NDR_CHECK(ndr_pull_array_size(ndr, &r->in.servername)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.servername)); - if (ndr_get_array_length(ndr, &r->in.servername) > ndr_get_array_size(ndr, &r->in.servername)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.servername), ndr_get_array_length(ndr, &r->in.servername)); + size_servername_0 = ndr_get_array_size(ndr, &r->in.servername); + length_servername_0 = ndr_get_array_length(ndr, &r->in.servername); + if (length_servername_0 > size_servername_0) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_servername_0, length_servername_0); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.servername), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.servername, ndr_get_array_length(ndr, &r->in.servername), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_servername_0, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.servername, length_servername_0, sizeof(uint16_t), CH_UTF16)); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.dns_servername)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.dns_servername)); - if (ndr_get_array_length(ndr, &r->in.dns_servername) > ndr_get_array_size(ndr, &r->in.dns_servername)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.dns_servername), ndr_get_array_length(ndr, &r->in.dns_servername)); + size_dns_servername_0 = ndr_get_array_size(ndr, &r->in.dns_servername); + length_dns_servername_0 = ndr_get_array_length(ndr, &r->in.dns_servername); + if (length_dns_servername_0 > size_dns_servername_0) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_dns_servername_0, length_dns_servername_0); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.dns_servername), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.dns_servername, ndr_get_array_length(ndr, &r->in.dns_servername), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_dns_servername_0, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.dns_servername, length_dns_servername_0, sizeof(uint16_t), CH_UTF16)); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.dfsname)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.dfsname)); - if (ndr_get_array_length(ndr, &r->in.dfsname) > ndr_get_array_size(ndr, &r->in.dfsname)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.dfsname), ndr_get_array_length(ndr, &r->in.dfsname)); + size_dfsname_0 = ndr_get_array_size(ndr, &r->in.dfsname); + length_dfsname_0 = ndr_get_array_length(ndr, &r->in.dfsname); + if (length_dfsname_0 > size_dfsname_0) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_dfsname_0, length_dfsname_0); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.dfsname), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.dfsname, ndr_get_array_length(ndr, &r->in.dfsname), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_dfsname_0, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.dfsname, length_dfsname_0, sizeof(uint16_t), CH_UTF16)); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.rootshare)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.rootshare)); - if (ndr_get_array_length(ndr, &r->in.rootshare) > ndr_get_array_size(ndr, &r->in.rootshare)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.rootshare), ndr_get_array_length(ndr, &r->in.rootshare)); + size_rootshare_0 = ndr_get_array_size(ndr, &r->in.rootshare); + length_rootshare_0 = ndr_get_array_length(ndr, &r->in.rootshare); + if (length_rootshare_0 > size_rootshare_0) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_rootshare_0, length_rootshare_0); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.rootshare), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.rootshare, ndr_get_array_length(ndr, &r->in.rootshare), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_rootshare_0, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.rootshare, length_rootshare_0, sizeof(uint16_t), CH_UTF16)); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.comment)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.comment)); - if (ndr_get_array_length(ndr, &r->in.comment) > ndr_get_array_size(ndr, &r->in.comment)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.comment), ndr_get_array_length(ndr, &r->in.comment)); + size_comment_0 = ndr_get_array_size(ndr, &r->in.comment); + length_comment_0 = ndr_get_array_length(ndr, &r->in.comment); + if (length_comment_0 > size_comment_0) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_comment_0, length_comment_0); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.comment), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.comment, ndr_get_array_length(ndr, &r->in.comment), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_comment_0, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.comment, length_comment_0, sizeof(uint16_t), CH_UTF16)); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.dfs_config_dn)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.dfs_config_dn)); - if (ndr_get_array_length(ndr, &r->in.dfs_config_dn) > ndr_get_array_size(ndr, &r->in.dfs_config_dn)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.dfs_config_dn), ndr_get_array_length(ndr, &r->in.dfs_config_dn)); + size_dfs_config_dn_0 = ndr_get_array_size(ndr, &r->in.dfs_config_dn); + length_dfs_config_dn_0 = ndr_get_array_length(ndr, &r->in.dfs_config_dn); + if (length_dfs_config_dn_0 > size_dfs_config_dn_0) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_dfs_config_dn_0, length_dfs_config_dn_0); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.dfs_config_dn), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.dfs_config_dn, ndr_get_array_length(ndr, &r->in.dfs_config_dn), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_dfs_config_dn_0, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.dfs_config_dn, length_dfs_config_dn_0, sizeof(uint16_t), CH_UTF16)); NDR_CHECK(ndr_pull_uint8(ndr, NDR_SCALARS, &r->in.unknown1)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.flags)); NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_unknown2)); @@ -4512,6 +4682,14 @@ static enum ndr_err_code ndr_push_dfs_RemoveFtRoot(struct ndr_push *ndr, int fla static enum ndr_err_code ndr_pull_dfs_RemoveFtRoot(struct ndr_pull *ndr, int flags, struct dfs_RemoveFtRoot *r) { + uint32_t size_servername_0 = 0; + uint32_t length_servername_0 = 0; + uint32_t size_dns_servername_0 = 0; + uint32_t length_dns_servername_0 = 0; + uint32_t size_dfsname_0 = 0; + uint32_t length_dfsname_0 = 0; + uint32_t size_rootshare_0 = 0; + uint32_t length_rootshare_0 = 0; uint32_t _ptr_unknown; TALLOC_CTX *_mem_save_unknown_0; TALLOC_CTX *_mem_save_unknown_1; @@ -4520,32 +4698,40 @@ static enum ndr_err_code ndr_pull_dfs_RemoveFtRoot(struct ndr_pull *ndr, int fla NDR_CHECK(ndr_pull_array_size(ndr, &r->in.servername)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.servername)); - if (ndr_get_array_length(ndr, &r->in.servername) > ndr_get_array_size(ndr, &r->in.servername)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.servername), ndr_get_array_length(ndr, &r->in.servername)); + size_servername_0 = ndr_get_array_size(ndr, &r->in.servername); + length_servername_0 = ndr_get_array_length(ndr, &r->in.servername); + if (length_servername_0 > size_servername_0) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_servername_0, length_servername_0); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.servername), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.servername, ndr_get_array_length(ndr, &r->in.servername), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_servername_0, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.servername, length_servername_0, sizeof(uint16_t), CH_UTF16)); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.dns_servername)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.dns_servername)); - if (ndr_get_array_length(ndr, &r->in.dns_servername) > ndr_get_array_size(ndr, &r->in.dns_servername)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.dns_servername), ndr_get_array_length(ndr, &r->in.dns_servername)); + size_dns_servername_0 = ndr_get_array_size(ndr, &r->in.dns_servername); + length_dns_servername_0 = ndr_get_array_length(ndr, &r->in.dns_servername); + if (length_dns_servername_0 > size_dns_servername_0) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_dns_servername_0, length_dns_servername_0); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.dns_servername), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.dns_servername, ndr_get_array_length(ndr, &r->in.dns_servername), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_dns_servername_0, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.dns_servername, length_dns_servername_0, sizeof(uint16_t), CH_UTF16)); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.dfsname)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.dfsname)); - if (ndr_get_array_length(ndr, &r->in.dfsname) > ndr_get_array_size(ndr, &r->in.dfsname)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.dfsname), ndr_get_array_length(ndr, &r->in.dfsname)); + size_dfsname_0 = ndr_get_array_size(ndr, &r->in.dfsname); + length_dfsname_0 = ndr_get_array_length(ndr, &r->in.dfsname); + if (length_dfsname_0 > size_dfsname_0) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_dfsname_0, length_dfsname_0); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.dfsname), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.dfsname, ndr_get_array_length(ndr, &r->in.dfsname), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_dfsname_0, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.dfsname, length_dfsname_0, sizeof(uint16_t), CH_UTF16)); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.rootshare)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.rootshare)); - if (ndr_get_array_length(ndr, &r->in.rootshare) > ndr_get_array_size(ndr, &r->in.rootshare)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.rootshare), ndr_get_array_length(ndr, &r->in.rootshare)); + size_rootshare_0 = ndr_get_array_size(ndr, &r->in.rootshare); + length_rootshare_0 = ndr_get_array_length(ndr, &r->in.rootshare); + if (length_rootshare_0 > size_rootshare_0) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_rootshare_0, length_rootshare_0); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.rootshare), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.rootshare, ndr_get_array_length(ndr, &r->in.rootshare), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_rootshare_0, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.rootshare, length_rootshare_0, sizeof(uint16_t), CH_UTF16)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.flags)); NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_unknown)); if (_ptr_unknown) { @@ -4673,28 +4859,40 @@ static enum ndr_err_code ndr_push_dfs_AddStdRoot(struct ndr_push *ndr, int flags static enum ndr_err_code ndr_pull_dfs_AddStdRoot(struct ndr_pull *ndr, int flags, struct dfs_AddStdRoot *r) { + uint32_t size_servername_0 = 0; + uint32_t length_servername_0 = 0; + uint32_t size_rootshare_0 = 0; + uint32_t length_rootshare_0 = 0; + uint32_t size_comment_0 = 0; + uint32_t length_comment_0 = 0; if (flags & NDR_IN) { NDR_CHECK(ndr_pull_array_size(ndr, &r->in.servername)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.servername)); - if (ndr_get_array_length(ndr, &r->in.servername) > ndr_get_array_size(ndr, &r->in.servername)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.servername), ndr_get_array_length(ndr, &r->in.servername)); + size_servername_0 = ndr_get_array_size(ndr, &r->in.servername); + length_servername_0 = ndr_get_array_length(ndr, &r->in.servername); + if (length_servername_0 > size_servername_0) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_servername_0, length_servername_0); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.servername), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.servername, ndr_get_array_length(ndr, &r->in.servername), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_servername_0, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.servername, length_servername_0, sizeof(uint16_t), CH_UTF16)); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.rootshare)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.rootshare)); - if (ndr_get_array_length(ndr, &r->in.rootshare) > ndr_get_array_size(ndr, &r->in.rootshare)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.rootshare), ndr_get_array_length(ndr, &r->in.rootshare)); + size_rootshare_0 = ndr_get_array_size(ndr, &r->in.rootshare); + length_rootshare_0 = ndr_get_array_length(ndr, &r->in.rootshare); + if (length_rootshare_0 > size_rootshare_0) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_rootshare_0, length_rootshare_0); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.rootshare), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.rootshare, ndr_get_array_length(ndr, &r->in.rootshare), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_rootshare_0, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.rootshare, length_rootshare_0, sizeof(uint16_t), CH_UTF16)); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.comment)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.comment)); - if (ndr_get_array_length(ndr, &r->in.comment) > ndr_get_array_size(ndr, &r->in.comment)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.comment), ndr_get_array_length(ndr, &r->in.comment)); + size_comment_0 = ndr_get_array_size(ndr, &r->in.comment); + length_comment_0 = ndr_get_array_length(ndr, &r->in.comment); + if (length_comment_0 > size_comment_0) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_comment_0, length_comment_0); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.comment), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.comment, ndr_get_array_length(ndr, &r->in.comment), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_comment_0, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.comment, length_comment_0, sizeof(uint16_t), CH_UTF16)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.flags)); } if (flags & NDR_OUT) { @@ -4749,21 +4947,29 @@ static enum ndr_err_code ndr_push_dfs_RemoveStdRoot(struct ndr_push *ndr, int fl static enum ndr_err_code ndr_pull_dfs_RemoveStdRoot(struct ndr_pull *ndr, int flags, struct dfs_RemoveStdRoot *r) { + uint32_t size_servername_0 = 0; + uint32_t length_servername_0 = 0; + uint32_t size_rootshare_0 = 0; + uint32_t length_rootshare_0 = 0; if (flags & NDR_IN) { NDR_CHECK(ndr_pull_array_size(ndr, &r->in.servername)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.servername)); - if (ndr_get_array_length(ndr, &r->in.servername) > ndr_get_array_size(ndr, &r->in.servername)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.servername), ndr_get_array_length(ndr, &r->in.servername)); + size_servername_0 = ndr_get_array_size(ndr, &r->in.servername); + length_servername_0 = ndr_get_array_length(ndr, &r->in.servername); + if (length_servername_0 > size_servername_0) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_servername_0, length_servername_0); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.servername), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.servername, ndr_get_array_length(ndr, &r->in.servername), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_servername_0, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.servername, length_servername_0, sizeof(uint16_t), CH_UTF16)); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.rootshare)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.rootshare)); - if (ndr_get_array_length(ndr, &r->in.rootshare) > ndr_get_array_size(ndr, &r->in.rootshare)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.rootshare), ndr_get_array_length(ndr, &r->in.rootshare)); + size_rootshare_0 = ndr_get_array_size(ndr, &r->in.rootshare); + length_rootshare_0 = ndr_get_array_length(ndr, &r->in.rootshare); + if (length_rootshare_0 > size_rootshare_0) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_rootshare_0, length_rootshare_0); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.rootshare), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.rootshare, ndr_get_array_length(ndr, &r->in.rootshare), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_rootshare_0, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.rootshare, length_rootshare_0, sizeof(uint16_t), CH_UTF16)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.flags)); } if (flags & NDR_OUT) { @@ -4816,14 +5022,18 @@ static enum ndr_err_code ndr_push_dfs_ManagerInitialize(struct ndr_push *ndr, in static enum ndr_err_code ndr_pull_dfs_ManagerInitialize(struct ndr_pull *ndr, int flags, struct dfs_ManagerInitialize *r) { + uint32_t size_servername_1 = 0; + uint32_t length_servername_1 = 0; if (flags & NDR_IN) { NDR_CHECK(ndr_pull_array_size(ndr, &r->in.servername)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.servername)); - if (ndr_get_array_length(ndr, &r->in.servername) > ndr_get_array_size(ndr, &r->in.servername)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.servername), ndr_get_array_length(ndr, &r->in.servername)); + size_servername_1 = ndr_get_array_size(ndr, &r->in.servername); + length_servername_1 = ndr_get_array_length(ndr, &r->in.servername); + if (length_servername_1 > size_servername_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_servername_1, length_servername_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.servername), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.servername, ndr_get_array_length(ndr, &r->in.servername), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_servername_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.servername, length_servername_1, sizeof(uint16_t), CH_UTF16)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.flags)); } if (flags & NDR_OUT) { @@ -4886,35 +5096,51 @@ static enum ndr_err_code ndr_push_dfs_AddStdRootForced(struct ndr_push *ndr, int static enum ndr_err_code ndr_pull_dfs_AddStdRootForced(struct ndr_pull *ndr, int flags, struct dfs_AddStdRootForced *r) { + uint32_t size_servername_0 = 0; + uint32_t length_servername_0 = 0; + uint32_t size_rootshare_0 = 0; + uint32_t length_rootshare_0 = 0; + uint32_t size_comment_0 = 0; + uint32_t length_comment_0 = 0; + uint32_t size_store_0 = 0; + uint32_t length_store_0 = 0; if (flags & NDR_IN) { NDR_CHECK(ndr_pull_array_size(ndr, &r->in.servername)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.servername)); - if (ndr_get_array_length(ndr, &r->in.servername) > ndr_get_array_size(ndr, &r->in.servername)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.servername), ndr_get_array_length(ndr, &r->in.servername)); + size_servername_0 = ndr_get_array_size(ndr, &r->in.servername); + length_servername_0 = ndr_get_array_length(ndr, &r->in.servername); + if (length_servername_0 > size_servername_0) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_servername_0, length_servername_0); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.servername), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.servername, ndr_get_array_length(ndr, &r->in.servername), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_servername_0, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.servername, length_servername_0, sizeof(uint16_t), CH_UTF16)); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.rootshare)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.rootshare)); - if (ndr_get_array_length(ndr, &r->in.rootshare) > ndr_get_array_size(ndr, &r->in.rootshare)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.rootshare), ndr_get_array_length(ndr, &r->in.rootshare)); + size_rootshare_0 = ndr_get_array_size(ndr, &r->in.rootshare); + length_rootshare_0 = ndr_get_array_length(ndr, &r->in.rootshare); + if (length_rootshare_0 > size_rootshare_0) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_rootshare_0, length_rootshare_0); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.rootshare), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.rootshare, ndr_get_array_length(ndr, &r->in.rootshare), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_rootshare_0, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.rootshare, length_rootshare_0, sizeof(uint16_t), CH_UTF16)); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.comment)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.comment)); - if (ndr_get_array_length(ndr, &r->in.comment) > ndr_get_array_size(ndr, &r->in.comment)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.comment), ndr_get_array_length(ndr, &r->in.comment)); + size_comment_0 = ndr_get_array_size(ndr, &r->in.comment); + length_comment_0 = ndr_get_array_length(ndr, &r->in.comment); + if (length_comment_0 > size_comment_0) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_comment_0, length_comment_0); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.comment), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.comment, ndr_get_array_length(ndr, &r->in.comment), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_comment_0, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.comment, length_comment_0, sizeof(uint16_t), CH_UTF16)); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.store)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.store)); - if (ndr_get_array_length(ndr, &r->in.store) > ndr_get_array_size(ndr, &r->in.store)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.store), ndr_get_array_length(ndr, &r->in.store)); + size_store_0 = ndr_get_array_size(ndr, &r->in.store); + length_store_0 = ndr_get_array_length(ndr, &r->in.store); + if (length_store_0 > size_store_0) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_store_0, length_store_0); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.store), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.store, ndr_get_array_length(ndr, &r->in.store), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_store_0, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.store, length_store_0, sizeof(uint16_t), CH_UTF16)); } if (flags & NDR_OUT) { NDR_CHECK(ndr_pull_WERROR(ndr, NDR_SCALARS, &r->out.result)); @@ -4999,7 +5225,11 @@ static enum ndr_err_code ndr_push_dfs_GetDcAddress(struct ndr_push *ndr, int fla static enum ndr_err_code ndr_pull_dfs_GetDcAddress(struct ndr_pull *ndr, int flags, struct dfs_GetDcAddress *r) { + uint32_t size_servername_0 = 0; + uint32_t length_servername_0 = 0; uint32_t _ptr_server_fullname; + uint32_t size_server_fullname_2 = 0; + uint32_t length_server_fullname_2 = 0; TALLOC_CTX *_mem_save_server_fullname_0; TALLOC_CTX *_mem_save_server_fullname_1; TALLOC_CTX *_mem_save_is_root_0; @@ -5009,11 +5239,13 @@ static enum ndr_err_code ndr_pull_dfs_GetDcAddress(struct ndr_pull *ndr, int fla NDR_CHECK(ndr_pull_array_size(ndr, &r->in.servername)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.servername)); - if (ndr_get_array_length(ndr, &r->in.servername) > ndr_get_array_size(ndr, &r->in.servername)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.servername), ndr_get_array_length(ndr, &r->in.servername)); + size_servername_0 = ndr_get_array_size(ndr, &r->in.servername); + length_servername_0 = ndr_get_array_length(ndr, &r->in.servername); + if (length_servername_0 > size_servername_0) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_servername_0, length_servername_0); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.servername), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.servername, ndr_get_array_length(ndr, &r->in.servername), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_servername_0, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.servername, length_servername_0, sizeof(uint16_t), CH_UTF16)); if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) { NDR_PULL_ALLOC(ndr, r->in.server_fullname); } @@ -5030,11 +5262,13 @@ static enum ndr_err_code ndr_pull_dfs_GetDcAddress(struct ndr_pull *ndr, int fla NDR_PULL_SET_MEM_CTX(ndr, *r->in.server_fullname, 0); NDR_CHECK(ndr_pull_array_size(ndr, r->in.server_fullname)); NDR_CHECK(ndr_pull_array_length(ndr, r->in.server_fullname)); - if (ndr_get_array_length(ndr, r->in.server_fullname) > ndr_get_array_size(ndr, r->in.server_fullname)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, r->in.server_fullname), ndr_get_array_length(ndr, r->in.server_fullname)); + size_server_fullname_2 = ndr_get_array_size(ndr, r->in.server_fullname); + length_server_fullname_2 = ndr_get_array_length(ndr, r->in.server_fullname); + if (length_server_fullname_2 > size_server_fullname_2) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_fullname_2, length_server_fullname_2); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, r->in.server_fullname), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, r->in.server_fullname, ndr_get_array_length(ndr, r->in.server_fullname), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_fullname_2, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, r->in.server_fullname, length_server_fullname_2, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_fullname_1, 0); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_fullname_0, LIBNDR_FLAG_REF_ALLOC); @@ -5076,11 +5310,13 @@ static enum ndr_err_code ndr_pull_dfs_GetDcAddress(struct ndr_pull *ndr, int fla NDR_PULL_SET_MEM_CTX(ndr, *r->out.server_fullname, 0); NDR_CHECK(ndr_pull_array_size(ndr, r->out.server_fullname)); NDR_CHECK(ndr_pull_array_length(ndr, r->out.server_fullname)); - if (ndr_get_array_length(ndr, r->out.server_fullname) > ndr_get_array_size(ndr, r->out.server_fullname)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, r->out.server_fullname), ndr_get_array_length(ndr, r->out.server_fullname)); + size_server_fullname_2 = ndr_get_array_size(ndr, r->out.server_fullname); + length_server_fullname_2 = ndr_get_array_length(ndr, r->out.server_fullname); + if (length_server_fullname_2 > size_server_fullname_2) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_fullname_2, length_server_fullname_2); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, r->out.server_fullname), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, r->out.server_fullname, ndr_get_array_length(ndr, r->out.server_fullname), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_fullname_2, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, r->out.server_fullname, length_server_fullname_2, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_fullname_1, 0); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_fullname_0, LIBNDR_FLAG_REF_ALLOC); @@ -5181,21 +5417,29 @@ static enum ndr_err_code ndr_push_dfs_SetDcAddress(struct ndr_push *ndr, int fla static enum ndr_err_code ndr_pull_dfs_SetDcAddress(struct ndr_pull *ndr, int flags, struct dfs_SetDcAddress *r) { + uint32_t size_servername_0 = 0; + uint32_t length_servername_0 = 0; + uint32_t size_server_fullname_0 = 0; + uint32_t length_server_fullname_0 = 0; if (flags & NDR_IN) { NDR_CHECK(ndr_pull_array_size(ndr, &r->in.servername)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.servername)); - if (ndr_get_array_length(ndr, &r->in.servername) > ndr_get_array_size(ndr, &r->in.servername)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.servername), ndr_get_array_length(ndr, &r->in.servername)); + size_servername_0 = ndr_get_array_size(ndr, &r->in.servername); + length_servername_0 = ndr_get_array_length(ndr, &r->in.servername); + if (length_servername_0 > size_servername_0) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_servername_0, length_servername_0); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.servername), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.servername, ndr_get_array_length(ndr, &r->in.servername), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_servername_0, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.servername, length_servername_0, sizeof(uint16_t), CH_UTF16)); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.server_fullname)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.server_fullname)); - if (ndr_get_array_length(ndr, &r->in.server_fullname) > ndr_get_array_size(ndr, &r->in.server_fullname)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.server_fullname), ndr_get_array_length(ndr, &r->in.server_fullname)); + size_server_fullname_0 = ndr_get_array_size(ndr, &r->in.server_fullname); + length_server_fullname_0 = ndr_get_array_length(ndr, &r->in.server_fullname); + if (length_server_fullname_0 > size_server_fullname_0) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_fullname_0, length_server_fullname_0); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.server_fullname), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_fullname, ndr_get_array_length(ndr, &r->in.server_fullname), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_fullname_0, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_fullname, length_server_fullname_0, sizeof(uint16_t), CH_UTF16)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.flags)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.ttl)); } @@ -5250,21 +5494,29 @@ static enum ndr_err_code ndr_push_dfs_FlushFtTable(struct ndr_push *ndr, int fla static enum ndr_err_code ndr_pull_dfs_FlushFtTable(struct ndr_pull *ndr, int flags, struct dfs_FlushFtTable *r) { + uint32_t size_servername_0 = 0; + uint32_t length_servername_0 = 0; + uint32_t size_rootshare_0 = 0; + uint32_t length_rootshare_0 = 0; if (flags & NDR_IN) { NDR_CHECK(ndr_pull_array_size(ndr, &r->in.servername)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.servername)); - if (ndr_get_array_length(ndr, &r->in.servername) > ndr_get_array_size(ndr, &r->in.servername)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.servername), ndr_get_array_length(ndr, &r->in.servername)); + size_servername_0 = ndr_get_array_size(ndr, &r->in.servername); + length_servername_0 = ndr_get_array_length(ndr, &r->in.servername); + if (length_servername_0 > size_servername_0) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_servername_0, length_servername_0); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.servername), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.servername, ndr_get_array_length(ndr, &r->in.servername), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_servername_0, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.servername, length_servername_0, sizeof(uint16_t), CH_UTF16)); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.rootshare)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.rootshare)); - if (ndr_get_array_length(ndr, &r->in.rootshare) > ndr_get_array_size(ndr, &r->in.rootshare)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.rootshare), ndr_get_array_length(ndr, &r->in.rootshare)); + size_rootshare_0 = ndr_get_array_size(ndr, &r->in.rootshare); + length_rootshare_0 = ndr_get_array_length(ndr, &r->in.rootshare); + if (length_rootshare_0 > size_rootshare_0) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_rootshare_0, length_rootshare_0); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.rootshare), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.rootshare, ndr_get_array_length(ndr, &r->in.rootshare), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_rootshare_0, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.rootshare, length_rootshare_0, sizeof(uint16_t), CH_UTF16)); } if (flags & NDR_OUT) { NDR_CHECK(ndr_pull_WERROR(ndr, NDR_SCALARS, &r->out.result)); @@ -5411,6 +5663,8 @@ _PUBLIC_ enum ndr_err_code ndr_push_dfs_EnumEx(struct ndr_push *ndr, int flags, _PUBLIC_ enum ndr_err_code ndr_pull_dfs_EnumEx(struct ndr_pull *ndr, int flags, struct dfs_EnumEx *r) { + uint32_t size_dfs_name_0 = 0; + uint32_t length_dfs_name_0 = 0; uint32_t _ptr_info; uint32_t _ptr_total; TALLOC_CTX *_mem_save_info_0; @@ -5420,11 +5674,13 @@ _PUBLIC_ enum ndr_err_code ndr_pull_dfs_EnumEx(struct ndr_pull *ndr, int flags, NDR_CHECK(ndr_pull_array_size(ndr, &r->in.dfs_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.dfs_name)); - if (ndr_get_array_length(ndr, &r->in.dfs_name) > ndr_get_array_size(ndr, &r->in.dfs_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.dfs_name), ndr_get_array_length(ndr, &r->in.dfs_name)); + size_dfs_name_0 = ndr_get_array_size(ndr, &r->in.dfs_name); + length_dfs_name_0 = ndr_get_array_length(ndr, &r->in.dfs_name); + if (length_dfs_name_0 > size_dfs_name_0) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_dfs_name_0, length_dfs_name_0); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.dfs_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.dfs_name, ndr_get_array_length(ndr, &r->in.dfs_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_dfs_name_0, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.dfs_name, length_dfs_name_0, sizeof(uint16_t), CH_UTF16)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.level)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.bufsize)); NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info)); diff --git a/librpc/gen_ndr/ndr_drsblobs.c b/librpc/gen_ndr/ndr_drsblobs.c index 78baa98..bafd654 100644 --- a/librpc/gen_ndr/ndr_drsblobs.c +++ b/librpc/gen_ndr/ndr_drsblobs.c @@ -70,16 +70,18 @@ static enum ndr_err_code ndr_push_replPropertyMetaDataCtr1(struct ndr_push *ndr, static enum ndr_err_code ndr_pull_replPropertyMetaDataCtr1(struct ndr_pull *ndr, int ndr_flags, struct replPropertyMetaDataCtr1 *r) { + uint32_t size_array_0 = 0; uint32_t cntr_array_0; TALLOC_CTX *_mem_save_array_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 8)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->count)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->reserved)); - NDR_PULL_ALLOC_N(ndr, r->array, r->count); + size_array_0 = r->count; + NDR_PULL_ALLOC_N(ndr, r->array, size_array_0); _mem_save_array_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); - for (cntr_array_0 = 0; cntr_array_0 < r->count; cntr_array_0++) { + for (cntr_array_0 = 0; cntr_array_0 < size_array_0; cntr_array_0++) { NDR_CHECK(ndr_pull_replPropertyMetaData1(ndr, NDR_SCALARS, &r->array[cntr_array_0])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_array_0, 0); @@ -233,16 +235,18 @@ static enum ndr_err_code ndr_push_replUpToDateVectorCtr1(struct ndr_push *ndr, i static enum ndr_err_code ndr_pull_replUpToDateVectorCtr1(struct ndr_pull *ndr, int ndr_flags, struct replUpToDateVectorCtr1 *r) { + uint32_t size_cursors_0 = 0; uint32_t cntr_cursors_0; TALLOC_CTX *_mem_save_cursors_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 8)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->count)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->reserved)); - NDR_PULL_ALLOC_N(ndr, r->cursors, r->count); + size_cursors_0 = r->count; + NDR_PULL_ALLOC_N(ndr, r->cursors, size_cursors_0); _mem_save_cursors_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->cursors, 0); - for (cntr_cursors_0 = 0; cntr_cursors_0 < r->count; cntr_cursors_0++) { + for (cntr_cursors_0 = 0; cntr_cursors_0 < size_cursors_0; cntr_cursors_0++) { NDR_CHECK(ndr_pull_drsuapi_DsReplicaCursor(ndr, NDR_SCALARS, &r->cursors[cntr_cursors_0])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_cursors_0, 0); @@ -290,16 +294,18 @@ static enum ndr_err_code ndr_push_replUpToDateVectorCtr2(struct ndr_push *ndr, i static enum ndr_err_code ndr_pull_replUpToDateVectorCtr2(struct ndr_pull *ndr, int ndr_flags, struct replUpToDateVectorCtr2 *r) { + uint32_t size_cursors_0 = 0; uint32_t cntr_cursors_0; TALLOC_CTX *_mem_save_cursors_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 8)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->count)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->reserved)); - NDR_PULL_ALLOC_N(ndr, r->cursors, r->count); + size_cursors_0 = r->count; + NDR_PULL_ALLOC_N(ndr, r->cursors, size_cursors_0); _mem_save_cursors_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->cursors, 0); - for (cntr_cursors_0 = 0; cntr_cursors_0 < r->count; cntr_cursors_0++) { + for (cntr_cursors_0 = 0; cntr_cursors_0 < size_cursors_0; cntr_cursors_0++) { NDR_CHECK(ndr_pull_drsuapi_DsReplicaCursor2(ndr, NDR_SCALARS, &r->cursors[cntr_cursors_0])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_cursors_0, 0); @@ -467,10 +473,12 @@ _PUBLIC_ enum ndr_err_code ndr_push_repsFromTo1OtherInfo(struct ndr_push *ndr, i _PUBLIC_ enum ndr_err_code ndr_pull_repsFromTo1OtherInfo(struct ndr_pull *ndr, int ndr_flags, struct repsFromTo1OtherInfo *r) { + uint32_t size_dns_name_0 = 0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->__dns_name_size)); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->dns_name, r->__dns_name_size, sizeof(uint8_t), CH_DOS)); + size_dns_name_0 = r->__dns_name_size; + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->dns_name, size_dns_name_0, sizeof(uint8_t), CH_DOS)); } if (ndr_flags & NDR_BUFFERS) { } @@ -529,6 +537,7 @@ _PUBLIC_ enum ndr_err_code ndr_pull_repsFromTo1(struct ndr_pull *ndr, int ndr_fl { uint32_t _ptr_other_info; TALLOC_CTX *_mem_save_other_info_0; + uint32_t size_schedule_0 = 0; { uint32_t _flags_save_STRUCT = ndr->flags; ndr_set_flags(&ndr->flags, LIBNDR_PRINT_ARRAY_HEX); @@ -548,7 +557,8 @@ _PUBLIC_ enum ndr_err_code ndr_pull_repsFromTo1(struct ndr_pull *ndr, int ndr_fl } NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->other_info_length)); NDR_CHECK(ndr_pull_drsuapi_DsReplicaNeighbourFlags(ndr, NDR_SCALARS, &r->replica_flags)); - NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->schedule, 84)); + size_schedule_0 = 84; + NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->schedule, size_schedule_0)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->reserved)); NDR_CHECK(ndr_pull_drsuapi_DsReplicaHighWaterMark(ndr, NDR_SCALARS, &r->highwatermark)); NDR_CHECK(ndr_pull_GUID(ndr, NDR_SCALARS, &r->source_dsa_obj_guid)); @@ -736,15 +746,17 @@ static enum ndr_err_code ndr_push_partialAttributeSetCtr1(struct ndr_push *ndr, static enum ndr_err_code ndr_pull_partialAttributeSetCtr1(struct ndr_pull *ndr, int ndr_flags, struct partialAttributeSetCtr1 *r) { + uint32_t size_array_0 = 0; uint32_t cntr_array_0; TALLOC_CTX *_mem_save_array_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->count)); - NDR_PULL_ALLOC_N(ndr, r->array, r->count); + size_array_0 = r->count; + NDR_PULL_ALLOC_N(ndr, r->array, size_array_0); _mem_save_array_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); - for (cntr_array_0 = 0; cntr_array_0 < r->count; cntr_array_0++) { + for (cntr_array_0 = 0; cntr_array_0 < size_array_0; cntr_array_0++) { NDR_CHECK(ndr_pull_drsuapi_DsAttributeId(ndr, NDR_SCALARS, &r->array[cntr_array_0])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_array_0, 0); @@ -1170,10 +1182,12 @@ _PUBLIC_ enum ndr_err_code ndr_push_ldapControlDirSyncCookie(struct ndr_push *nd _PUBLIC_ enum ndr_err_code ndr_pull_ldapControlDirSyncCookie(struct ndr_pull *ndr, int ndr_flags, struct ldapControlDirSyncCookie *r) { uint32_t _save_relative_base_offset = ndr_pull_get_relative_base_offset(ndr); + uint32_t size_msds_0 = 0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 8)); NDR_CHECK(ndr_pull_setup_relative_base_offset1(ndr, r, ndr->offset)); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->msds, 4, sizeof(uint8_t), CH_DOS)); + size_msds_0 = 4; + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->msds, size_msds_0, sizeof(uint8_t), CH_DOS)); { struct ndr_pull *_ndr_blob; NDR_CHECK(ndr_pull_subcontext_start(ndr, &_ndr_blob, 0, -1)); @@ -1214,13 +1228,17 @@ static enum ndr_err_code ndr_push_supplementalCredentialsPackage(struct ndr_push static enum ndr_err_code ndr_pull_supplementalCredentialsPackage(struct ndr_pull *ndr, int ndr_flags, struct supplementalCredentialsPackage *r) { + uint32_t size_name_0 = 0; + uint32_t size_data_0 = 0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 2)); NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, &r->name_len)); NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, &r->data_len)); NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, &r->reserved)); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->name, r->name_len, sizeof(uint8_t), CH_UTF16)); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->data, r->data_len, sizeof(uint8_t), CH_DOS)); + size_name_0 = r->name_len; + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->name, size_name_0, sizeof(uint8_t), CH_UTF16)); + size_data_0 = r->data_len; + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->data, size_data_0, sizeof(uint8_t), CH_DOS)); } if (ndr_flags & NDR_BUFFERS) { } @@ -1297,17 +1315,21 @@ static enum ndr_err_code ndr_push_supplementalCredentialsSubBlob(struct ndr_push static enum ndr_err_code ndr_pull_supplementalCredentialsSubBlob(struct ndr_pull *ndr, int ndr_flags, struct supplementalCredentialsSubBlob *r) { + uint32_t size_prefix_0 = 0; + uint32_t size_packages_0 = 0; uint32_t cntr_packages_0; TALLOC_CTX *_mem_save_packages_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 2)); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->prefix, 0x30, sizeof(uint16_t), CH_UTF16)); + size_prefix_0 = 0x30; + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->prefix, size_prefix_0, sizeof(uint16_t), CH_UTF16)); NDR_CHECK(ndr_pull_supplementalCredentialsSignature(ndr, NDR_SCALARS, &r->signature)); NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, &r->num_packages)); - NDR_PULL_ALLOC_N(ndr, r->packages, r->num_packages); + size_packages_0 = r->num_packages; + NDR_PULL_ALLOC_N(ndr, r->packages, size_packages_0); _mem_save_packages_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->packages, 0); - for (cntr_packages_0 = 0; cntr_packages_0 < r->num_packages; cntr_packages_0++) { + for (cntr_packages_0 = 0; cntr_packages_0 < size_packages_0; cntr_packages_0++) { NDR_CHECK(ndr_pull_supplementalCredentialsPackage(ndr, NDR_SCALARS, &r->packages[cntr_packages_0])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_packages_0, 0); @@ -1667,8 +1689,10 @@ static enum ndr_err_code ndr_push_package_PrimaryKerberosCtr3(struct ndr_push *n static enum ndr_err_code ndr_pull_package_PrimaryKerberosCtr3(struct ndr_pull *ndr, int ndr_flags, struct package_PrimaryKerberosCtr3 *r) { + uint32_t size_keys_0 = 0; uint32_t cntr_keys_0; TALLOC_CTX *_mem_save_keys_0; + uint32_t size_old_keys_0 = 0; uint32_t cntr_old_keys_0; TALLOC_CTX *_mem_save_old_keys_0; if (ndr_flags & NDR_SCALARS) { @@ -1676,17 +1700,19 @@ static enum ndr_err_code ndr_pull_package_PrimaryKerberosCtr3(struct ndr_pull *n NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, &r->num_keys)); NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, &r->num_old_keys)); NDR_CHECK(ndr_pull_package_PrimaryKerberosString(ndr, NDR_SCALARS, &r->salt)); - NDR_PULL_ALLOC_N(ndr, r->keys, r->num_keys); + size_keys_0 = r->num_keys; + NDR_PULL_ALLOC_N(ndr, r->keys, size_keys_0); _mem_save_keys_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->keys, 0); - for (cntr_keys_0 = 0; cntr_keys_0 < r->num_keys; cntr_keys_0++) { + for (cntr_keys_0 = 0; cntr_keys_0 < size_keys_0; cntr_keys_0++) { NDR_CHECK(ndr_pull_package_PrimaryKerberosKey3(ndr, NDR_SCALARS, &r->keys[cntr_keys_0])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_keys_0, 0); - NDR_PULL_ALLOC_N(ndr, r->old_keys, r->num_old_keys); + size_old_keys_0 = r->num_old_keys; + NDR_PULL_ALLOC_N(ndr, r->old_keys, size_old_keys_0); _mem_save_old_keys_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->old_keys, 0); - for (cntr_old_keys_0 = 0; cntr_old_keys_0 < r->num_old_keys; cntr_old_keys_0++) { + for (cntr_old_keys_0 = 0; cntr_old_keys_0 < size_old_keys_0; cntr_old_keys_0++) { NDR_CHECK(ndr_pull_package_PrimaryKerberosKey3(ndr, NDR_SCALARS, &r->old_keys[cntr_old_keys_0])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_old_keys_0, 0); @@ -1698,15 +1724,17 @@ static enum ndr_err_code ndr_pull_package_PrimaryKerberosCtr3(struct ndr_pull *n } if (ndr_flags & NDR_BUFFERS) { NDR_CHECK(ndr_pull_package_PrimaryKerberosString(ndr, NDR_BUFFERS, &r->salt)); + size_keys_0 = r->num_keys; _mem_save_keys_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->keys, 0); - for (cntr_keys_0 = 0; cntr_keys_0 < r->num_keys; cntr_keys_0++) { + for (cntr_keys_0 = 0; cntr_keys_0 < size_keys_0; cntr_keys_0++) { NDR_CHECK(ndr_pull_package_PrimaryKerberosKey3(ndr, NDR_BUFFERS, &r->keys[cntr_keys_0])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_keys_0, 0); + size_old_keys_0 = r->num_old_keys; _mem_save_old_keys_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->old_keys, 0); - for (cntr_old_keys_0 = 0; cntr_old_keys_0 < r->num_old_keys; cntr_old_keys_0++) { + for (cntr_old_keys_0 = 0; cntr_old_keys_0 < size_old_keys_0; cntr_old_keys_0++) { NDR_CHECK(ndr_pull_package_PrimaryKerberosKey3(ndr, NDR_BUFFERS, &r->old_keys[cntr_old_keys_0])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_old_keys_0, 0); @@ -1897,12 +1925,16 @@ static enum ndr_err_code ndr_push_package_PrimaryKerberosCtr4(struct ndr_push *n static enum ndr_err_code ndr_pull_package_PrimaryKerberosCtr4(struct ndr_pull *ndr, int ndr_flags, struct package_PrimaryKerberosCtr4 *r) { + uint32_t size_keys_0 = 0; uint32_t cntr_keys_0; TALLOC_CTX *_mem_save_keys_0; + uint32_t size_service_keys_0 = 0; uint32_t cntr_service_keys_0; TALLOC_CTX *_mem_save_service_keys_0; + uint32_t size_old_keys_0 = 0; uint32_t cntr_old_keys_0; TALLOC_CTX *_mem_save_old_keys_0; + uint32_t size_older_keys_0 = 0; uint32_t cntr_older_keys_0; TALLOC_CTX *_mem_save_older_keys_0; if (ndr_flags & NDR_SCALARS) { @@ -1913,58 +1945,66 @@ static enum ndr_err_code ndr_pull_package_PrimaryKerberosCtr4(struct ndr_pull *n NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, &r->num_older_keys)); NDR_CHECK(ndr_pull_package_PrimaryKerberosString(ndr, NDR_SCALARS, &r->salt)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->default_iteration_count)); - NDR_PULL_ALLOC_N(ndr, r->keys, r->num_keys); + size_keys_0 = r->num_keys; + NDR_PULL_ALLOC_N(ndr, r->keys, size_keys_0); _mem_save_keys_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->keys, 0); - for (cntr_keys_0 = 0; cntr_keys_0 < r->num_keys; cntr_keys_0++) { + for (cntr_keys_0 = 0; cntr_keys_0 < size_keys_0; cntr_keys_0++) { NDR_CHECK(ndr_pull_package_PrimaryKerberosKey4(ndr, NDR_SCALARS, &r->keys[cntr_keys_0])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_keys_0, 0); - NDR_PULL_ALLOC_N(ndr, r->service_keys, r->num_service_keys); + size_service_keys_0 = r->num_service_keys; + NDR_PULL_ALLOC_N(ndr, r->service_keys, size_service_keys_0); _mem_save_service_keys_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->service_keys, 0); - for (cntr_service_keys_0 = 0; cntr_service_keys_0 < r->num_service_keys; cntr_service_keys_0++) { + for (cntr_service_keys_0 = 0; cntr_service_keys_0 < size_service_keys_0; cntr_service_keys_0++) { NDR_CHECK(ndr_pull_package_PrimaryKerberosKey4(ndr, NDR_SCALARS, &r->service_keys[cntr_service_keys_0])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_service_keys_0, 0); - NDR_PULL_ALLOC_N(ndr, r->old_keys, r->num_old_keys); + size_old_keys_0 = r->num_old_keys; + NDR_PULL_ALLOC_N(ndr, r->old_keys, size_old_keys_0); _mem_save_old_keys_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->old_keys, 0); - for (cntr_old_keys_0 = 0; cntr_old_keys_0 < r->num_old_keys; cntr_old_keys_0++) { + for (cntr_old_keys_0 = 0; cntr_old_keys_0 < size_old_keys_0; cntr_old_keys_0++) { NDR_CHECK(ndr_pull_package_PrimaryKerberosKey4(ndr, NDR_SCALARS, &r->old_keys[cntr_old_keys_0])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_old_keys_0, 0); - NDR_PULL_ALLOC_N(ndr, r->older_keys, r->num_older_keys); + size_older_keys_0 = r->num_older_keys; + NDR_PULL_ALLOC_N(ndr, r->older_keys, size_older_keys_0); _mem_save_older_keys_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->older_keys, 0); - for (cntr_older_keys_0 = 0; cntr_older_keys_0 < r->num_older_keys; cntr_older_keys_0++) { + for (cntr_older_keys_0 = 0; cntr_older_keys_0 < size_older_keys_0; cntr_older_keys_0++) { NDR_CHECK(ndr_pull_package_PrimaryKerberosKey4(ndr, NDR_SCALARS, &r->older_keys[cntr_older_keys_0])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_older_keys_0, 0); } if (ndr_flags & NDR_BUFFERS) { NDR_CHECK(ndr_pull_package_PrimaryKerberosString(ndr, NDR_BUFFERS, &r->salt)); + size_keys_0 = r->num_keys; _mem_save_keys_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->keys, 0); - for (cntr_keys_0 = 0; cntr_keys_0 < r->num_keys; cntr_keys_0++) { + for (cntr_keys_0 = 0; cntr_keys_0 < size_keys_0; cntr_keys_0++) { NDR_CHECK(ndr_pull_package_PrimaryKerberosKey4(ndr, NDR_BUFFERS, &r->keys[cntr_keys_0])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_keys_0, 0); + size_service_keys_0 = r->num_service_keys; _mem_save_service_keys_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->service_keys, 0); - for (cntr_service_keys_0 = 0; cntr_service_keys_0 < r->num_service_keys; cntr_service_keys_0++) { + for (cntr_service_keys_0 = 0; cntr_service_keys_0 < size_service_keys_0; cntr_service_keys_0++) { NDR_CHECK(ndr_pull_package_PrimaryKerberosKey4(ndr, NDR_BUFFERS, &r->service_keys[cntr_service_keys_0])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_service_keys_0, 0); + size_old_keys_0 = r->num_old_keys; _mem_save_old_keys_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->old_keys, 0); - for (cntr_old_keys_0 = 0; cntr_old_keys_0 < r->num_old_keys; cntr_old_keys_0++) { + for (cntr_old_keys_0 = 0; cntr_old_keys_0 < size_old_keys_0; cntr_old_keys_0++) { NDR_CHECK(ndr_pull_package_PrimaryKerberosKey4(ndr, NDR_BUFFERS, &r->old_keys[cntr_old_keys_0])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_old_keys_0, 0); + size_older_keys_0 = r->num_older_keys; _mem_save_older_keys_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->older_keys, 0); - for (cntr_older_keys_0 = 0; cntr_older_keys_0 < r->num_older_keys; cntr_older_keys_0++) { + for (cntr_older_keys_0 = 0; cntr_older_keys_0 < size_older_keys_0; cntr_older_keys_0++) { NDR_CHECK(ndr_pull_package_PrimaryKerberosKey4(ndr, NDR_BUFFERS, &r->older_keys[cntr_older_keys_0])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_older_keys_0, 0); @@ -2217,12 +2257,14 @@ static enum ndr_err_code ndr_push_package_PrimaryWDigestHash(struct ndr_push *nd static enum ndr_err_code ndr_pull_package_PrimaryWDigestHash(struct ndr_pull *ndr, int ndr_flags, struct package_PrimaryWDigestHash *r) { + uint32_t size_hash_0 = 0; { uint32_t _flags_save_STRUCT = ndr->flags; ndr_set_flags(&ndr->flags, LIBNDR_PRINT_ARRAY_HEX); if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 1)); - NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->hash, 16)); + size_hash_0 = 16; + NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->hash, size_hash_0)); } if (ndr_flags & NDR_BUFFERS) { } @@ -2265,6 +2307,7 @@ _PUBLIC_ enum ndr_err_code ndr_push_package_PrimaryWDigestBlob(struct ndr_push * _PUBLIC_ enum ndr_err_code ndr_pull_package_PrimaryWDigestBlob(struct ndr_pull *ndr, int ndr_flags, struct package_PrimaryWDigestBlob *r) { + uint32_t size_hashes_0 = 0; uint32_t cntr_hashes_0; TALLOC_CTX *_mem_save_hashes_0; if (ndr_flags & NDR_SCALARS) { @@ -2274,10 +2317,11 @@ _PUBLIC_ enum ndr_err_code ndr_pull_package_PrimaryWDigestBlob(struct ndr_pull * NDR_CHECK(ndr_pull_uint8(ndr, NDR_SCALARS, &r->num_hashes)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->unknown3)); NDR_CHECK(ndr_pull_udlong(ndr, NDR_SCALARS, &r->uuknown4)); - NDR_PULL_ALLOC_N(ndr, r->hashes, r->num_hashes); + size_hashes_0 = r->num_hashes; + NDR_PULL_ALLOC_N(ndr, r->hashes, size_hashes_0); _mem_save_hashes_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->hashes, 0); - for (cntr_hashes_0 = 0; cntr_hashes_0 < r->num_hashes; cntr_hashes_0++) { + for (cntr_hashes_0 = 0; cntr_hashes_0 < size_hashes_0; cntr_hashes_0++) { NDR_CHECK(ndr_pull_package_PrimaryWDigestHash(ndr, NDR_SCALARS, &r->hashes[cntr_hashes_0])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_hashes_0, 0); @@ -2387,11 +2431,13 @@ static enum ndr_err_code ndr_push_AuthInfoClear(struct ndr_push *ndr, int ndr_fl static enum ndr_err_code ndr_pull_AuthInfoClear(struct ndr_pull *ndr, int ndr_flags, struct AuthInfoClear *r) { + uint32_t size_password_0 = 0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->size)); - NDR_PULL_ALLOC_N(ndr, r->password, r->size); - NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->password, r->size)); + size_password_0 = r->size; + NDR_PULL_ALLOC_N(ndr, r->password, size_password_0); + NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->password, size_password_0)); } if (ndr_flags & NDR_BUFFERS) { } @@ -2643,16 +2689,18 @@ _PUBLIC_ enum ndr_err_code ndr_push_trustCurrentPasswords(struct ndr_push *ndr, _PUBLIC_ enum ndr_err_code ndr_pull_trustCurrentPasswords(struct ndr_pull *ndr, int ndr_flags, struct trustCurrentPasswords *r) { uint32_t _ptr_current; + uint32_t size_current_0 = 0; uint32_t cntr_current_0; TALLOC_CTX *_mem_save_current_0; TALLOC_CTX *_mem_save_current_1; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->count)); - NDR_PULL_ALLOC_N(ndr, r->current, r->count); + size_current_0 = r->count; + NDR_PULL_ALLOC_N(ndr, r->current, size_current_0); _mem_save_current_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->current, 0); - for (cntr_current_0 = 0; cntr_current_0 < r->count; cntr_current_0++) { + for (cntr_current_0 = 0; cntr_current_0 < size_current_0; cntr_current_0++) { NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_current)); if (_ptr_current) { NDR_PULL_ALLOC(ndr, r->current[cntr_current_0]); @@ -2664,9 +2712,10 @@ _PUBLIC_ enum ndr_err_code ndr_pull_trustCurrentPasswords(struct ndr_pull *ndr, NDR_PULL_SET_MEM_CTX(ndr, _mem_save_current_0, 0); } if (ndr_flags & NDR_BUFFERS) { + size_current_0 = r->count; _mem_save_current_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->current, 0); - for (cntr_current_0 = 0; cntr_current_0 < r->count; cntr_current_0++) { + for (cntr_current_0 = 0; cntr_current_0 < size_current_0; cntr_current_0++) { if (r->current[cntr_current_0]) { uint32_t _relative_save_offset; _relative_save_offset = ndr->offset; @@ -2801,6 +2850,7 @@ static enum ndr_err_code ndr_push_ExtendedErrorAString(struct ndr_push *ndr, int static enum ndr_err_code ndr_pull_ExtendedErrorAString(struct ndr_pull *ndr, int ndr_flags, struct ExtendedErrorAString *r) { uint32_t _ptr_string; + uint32_t size_string_1 = 0; TALLOC_CTX *_mem_save_string_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); @@ -2817,7 +2867,8 @@ static enum ndr_err_code ndr_pull_ExtendedErrorAString(struct ndr_pull *ndr, int _mem_save_string_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->string, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->string)); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->string, ndr_get_array_size(ndr, &r->string), sizeof(uint8_t), CH_DOS)); + size_string_1 = ndr_get_array_size(ndr, &r->string); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->string, size_string_1, sizeof(uint8_t), CH_DOS)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_string_0, 0); } if (r->string) { @@ -2860,6 +2911,7 @@ static enum ndr_err_code ndr_push_ExtendedErrorUString(struct ndr_push *ndr, int static enum ndr_err_code ndr_pull_ExtendedErrorUString(struct ndr_pull *ndr, int ndr_flags, struct ExtendedErrorUString *r) { uint32_t _ptr_string; + uint32_t size_string_1 = 0; TALLOC_CTX *_mem_save_string_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); @@ -2876,7 +2928,8 @@ static enum ndr_err_code ndr_pull_ExtendedErrorUString(struct ndr_pull *ndr, int _mem_save_string_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->string, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->string)); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->string, ndr_get_array_size(ndr, &r->string), sizeof(uint16_t), CH_UTF16)); + size_string_1 = ndr_get_array_size(ndr, &r->string); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->string, size_string_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_string_0, 0); } if (r->string) { @@ -2919,6 +2972,7 @@ static enum ndr_err_code ndr_push_ExtendedErrorBlob(struct ndr_push *ndr, int nd static enum ndr_err_code ndr_pull_ExtendedErrorBlob(struct ndr_pull *ndr, int ndr_flags, struct ExtendedErrorBlob *r) { uint32_t _ptr_data; + uint32_t size_data_1 = 0; TALLOC_CTX *_mem_save_data_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); @@ -2935,8 +2989,9 @@ static enum ndr_err_code ndr_pull_ExtendedErrorBlob(struct ndr_pull *ndr, int nd _mem_save_data_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->data, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->data)); - NDR_PULL_ALLOC_N(ndr, r->data, ndr_get_array_size(ndr, &r->data)); - NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->data, ndr_get_array_size(ndr, &r->data))); + size_data_1 = ndr_get_array_size(ndr, &r->data); + NDR_PULL_ALLOC_N(ndr, r->data, size_data_1); + NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->data, size_data_1)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_data_0, 0); } if (r->data) { @@ -3400,6 +3455,7 @@ _PUBLIC_ enum ndr_err_code ndr_pull_ExtendedErrorInfo(struct ndr_pull *ndr, int { uint32_t _ptr_next; TALLOC_CTX *_mem_save_next_0; + uint32_t size_params_0 = 0; uint32_t cntr_params_0; TALLOC_CTX *_mem_save_params_0; if (ndr_flags & NDR_SCALARS) { @@ -3419,10 +3475,11 @@ _PUBLIC_ enum ndr_err_code ndr_pull_ExtendedErrorInfo(struct ndr_pull *ndr, int NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, &r->detection_location)); NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, &r->flags)); NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, &r->num_params)); - NDR_PULL_ALLOC_N(ndr, r->params, ndr_get_array_size(ndr, &r->params)); + size_params_0 = ndr_get_array_size(ndr, &r->params); + NDR_PULL_ALLOC_N(ndr, r->params, size_params_0); _mem_save_params_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->params, 0); - for (cntr_params_0 = 0; cntr_params_0 < r->num_params; cntr_params_0++) { + for (cntr_params_0 = 0; cntr_params_0 < size_params_0; cntr_params_0++) { NDR_CHECK(ndr_pull_ExtendedErrorParam(ndr, NDR_SCALARS, &r->params[cntr_params_0])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_params_0, 0); @@ -3438,9 +3495,10 @@ _PUBLIC_ enum ndr_err_code ndr_pull_ExtendedErrorInfo(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, _mem_save_next_0, 0); } NDR_CHECK(ndr_pull_ExtendedErrorComputerName(ndr, NDR_BUFFERS, &r->computer_name)); + size_params_0 = ndr_get_array_size(ndr, &r->params); _mem_save_params_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->params, 0); - for (cntr_params_0 = 0; cntr_params_0 < r->num_params; cntr_params_0++) { + for (cntr_params_0 = 0; cntr_params_0 < size_params_0; cntr_params_0++) { NDR_CHECK(ndr_pull_ExtendedErrorParam(ndr, NDR_BUFFERS, &r->params[cntr_params_0])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_params_0, 0); diff --git a/librpc/gen_ndr/ndr_drsuapi.c b/librpc/gen_ndr/ndr_drsuapi.c index 336f56f..8ef414c 100644 --- a/librpc/gen_ndr/ndr_drsuapi.c +++ b/librpc/gen_ndr/ndr_drsuapi.c @@ -455,6 +455,7 @@ _PUBLIC_ enum ndr_err_code ndr_push_drsuapi_DsReplicaObjectIdentifier(struct ndr _PUBLIC_ enum ndr_err_code ndr_pull_drsuapi_DsReplicaObjectIdentifier(struct ndr_pull *ndr, int ndr_flags, struct drsuapi_DsReplicaObjectIdentifier *r) { + uint32_t size_dn_0 = 0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_array_size(ndr, &r->dn)); NDR_CHECK(ndr_pull_align(ndr, 4)); @@ -463,7 +464,8 @@ _PUBLIC_ enum ndr_err_code ndr_pull_drsuapi_DsReplicaObjectIdentifier(struct ndr NDR_CHECK(ndr_pull_GUID(ndr, NDR_SCALARS, &r->guid)); NDR_CHECK(ndr_pull_dom_sid28(ndr, NDR_SCALARS, &r->sid)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->__ndr_size_dn)); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->dn, ndr_get_array_size(ndr, &r->dn), sizeof(uint16_t), CH_UTF16)); + size_dn_0 = ndr_get_array_size(ndr, &r->dn); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->dn, size_dn_0, sizeof(uint16_t), CH_UTF16)); if (r->dn) { NDR_CHECK(ndr_check_array_size(ndr, (void*)&r->dn, r->__ndr_size_dn + 1)); } @@ -803,6 +805,7 @@ static enum ndr_err_code ndr_push_drsuapi_DsReplicaCursorCtrEx(struct ndr_push * static enum ndr_err_code ndr_pull_drsuapi_DsReplicaCursorCtrEx(struct ndr_pull *ndr, int ndr_flags, struct drsuapi_DsReplicaCursorCtrEx *r) { + uint32_t size_cursors_0 = 0; uint32_t cntr_cursors_0; TALLOC_CTX *_mem_save_cursors_0; if (ndr_flags & NDR_SCALARS) { @@ -815,10 +818,11 @@ static enum ndr_err_code ndr_pull_drsuapi_DsReplicaCursorCtrEx(struct ndr_pull * return ndr_pull_error(ndr, NDR_ERR_RANGE, "value out of range"); } NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->reserved2)); - NDR_PULL_ALLOC_N(ndr, r->cursors, ndr_get_array_size(ndr, &r->cursors)); + size_cursors_0 = ndr_get_array_size(ndr, &r->cursors); + NDR_PULL_ALLOC_N(ndr, r->cursors, size_cursors_0); _mem_save_cursors_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->cursors, 0); - for (cntr_cursors_0 = 0; cntr_cursors_0 < r->count; cntr_cursors_0++) { + for (cntr_cursors_0 = 0; cntr_cursors_0 < size_cursors_0; cntr_cursors_0++) { NDR_CHECK(ndr_pull_drsuapi_DsReplicaCursor(ndr, NDR_SCALARS, &r->cursors[cntr_cursors_0])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_cursors_0, 0); @@ -1160,6 +1164,7 @@ _PUBLIC_ enum ndr_err_code ndr_push_drsuapi_DsReplicaOIDMapping_Ctr(struct ndr_p _PUBLIC_ enum ndr_err_code ndr_pull_drsuapi_DsReplicaOIDMapping_Ctr(struct ndr_pull *ndr, int ndr_flags, struct drsuapi_DsReplicaOIDMapping_Ctr *r) { uint32_t _ptr_mappings; + uint32_t size_mappings_1 = 0; uint32_t cntr_mappings_1; TALLOC_CTX *_mem_save_mappings_0; TALLOC_CTX *_mem_save_mappings_1; @@ -1181,13 +1186,14 @@ _PUBLIC_ enum ndr_err_code ndr_pull_drsuapi_DsReplicaOIDMapping_Ctr(struct ndr_p _mem_save_mappings_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->mappings, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->mappings)); - NDR_PULL_ALLOC_N(ndr, r->mappings, ndr_get_array_size(ndr, &r->mappings)); + size_mappings_1 = ndr_get_array_size(ndr, &r->mappings); + NDR_PULL_ALLOC_N(ndr, r->mappings, size_mappings_1); _mem_save_mappings_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->mappings, 0); - for (cntr_mappings_1 = 0; cntr_mappings_1 < r->num_mappings; cntr_mappings_1++) { + for (cntr_mappings_1 = 0; cntr_mappings_1 < size_mappings_1; cntr_mappings_1++) { NDR_CHECK(ndr_pull_drsuapi_DsReplicaOIDMapping(ndr, NDR_SCALARS, &r->mappings[cntr_mappings_1])); } - for (cntr_mappings_1 = 0; cntr_mappings_1 < r->num_mappings; cntr_mappings_1++) { + for (cntr_mappings_1 = 0; cntr_mappings_1 < size_mappings_1; cntr_mappings_1++) { NDR_CHECK(ndr_pull_drsuapi_DsReplicaOIDMapping(ndr, NDR_BUFFERS, &r->mappings[cntr_mappings_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_mappings_1, 0); @@ -1343,6 +1349,7 @@ static enum ndr_err_code ndr_push_drsuapi_DsPartialAttributeSet(struct ndr_push static enum ndr_err_code ndr_pull_drsuapi_DsPartialAttributeSet(struct ndr_pull *ndr, int ndr_flags, struct drsuapi_DsPartialAttributeSet *r) { + uint32_t size_attids_0 = 0; uint32_t cntr_attids_0; TALLOC_CTX *_mem_save_attids_0; if (ndr_flags & NDR_SCALARS) { @@ -1354,10 +1361,11 @@ static enum ndr_err_code ndr_pull_drsuapi_DsPartialAttributeSet(struct ndr_pull if (r->num_attids < 1 || r->num_attids > 0x100000) { return ndr_pull_error(ndr, NDR_ERR_RANGE, "value out of range"); } - NDR_PULL_ALLOC_N(ndr, r->attids, ndr_get_array_size(ndr, &r->attids)); + size_attids_0 = ndr_get_array_size(ndr, &r->attids); + NDR_PULL_ALLOC_N(ndr, r->attids, size_attids_0); _mem_save_attids_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->attids, 0); - for (cntr_attids_0 = 0; cntr_attids_0 < r->num_attids; cntr_attids_0++) { + for (cntr_attids_0 = 0; cntr_attids_0 < size_attids_0; cntr_attids_0++) { NDR_CHECK(ndr_pull_drsuapi_DsAttributeId(ndr, NDR_SCALARS, &r->attids[cntr_attids_0])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_attids_0, 0); @@ -1692,6 +1700,7 @@ static enum ndr_err_code ndr_push_drsuapi_DsReplicaCursor2CtrEx(struct ndr_push static enum ndr_err_code ndr_pull_drsuapi_DsReplicaCursor2CtrEx(struct ndr_pull *ndr, int ndr_flags, struct drsuapi_DsReplicaCursor2CtrEx *r) { + uint32_t size_cursors_0 = 0; uint32_t cntr_cursors_0; TALLOC_CTX *_mem_save_cursors_0; if (ndr_flags & NDR_SCALARS) { @@ -1704,10 +1713,11 @@ static enum ndr_err_code ndr_pull_drsuapi_DsReplicaCursor2CtrEx(struct ndr_pull return ndr_pull_error(ndr, NDR_ERR_RANGE, "value out of range"); } NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->reserved2)); - NDR_PULL_ALLOC_N(ndr, r->cursors, ndr_get_array_size(ndr, &r->cursors)); + size_cursors_0 = ndr_get_array_size(ndr, &r->cursors); + NDR_PULL_ALLOC_N(ndr, r->cursors, size_cursors_0); _mem_save_cursors_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->cursors, 0); - for (cntr_cursors_0 = 0; cntr_cursors_0 < r->count; cntr_cursors_0++) { + for (cntr_cursors_0 = 0; cntr_cursors_0 < size_cursors_0; cntr_cursors_0++) { NDR_CHECK(ndr_pull_drsuapi_DsReplicaCursor2(ndr, NDR_SCALARS, &r->cursors[cntr_cursors_0])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_cursors_0, 0); @@ -1824,6 +1834,7 @@ static enum ndr_err_code ndr_push_drsuapi_DsAttributeValueCtr(struct ndr_push *n static enum ndr_err_code ndr_pull_drsuapi_DsAttributeValueCtr(struct ndr_pull *ndr, int ndr_flags, struct drsuapi_DsAttributeValueCtr *r) { uint32_t _ptr_values; + uint32_t size_values_1 = 0; uint32_t cntr_values_1; TALLOC_CTX *_mem_save_values_0; TALLOC_CTX *_mem_save_values_1; @@ -1845,13 +1856,14 @@ static enum ndr_err_code ndr_pull_drsuapi_DsAttributeValueCtr(struct ndr_pull *n _mem_save_values_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->values, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->values)); - NDR_PULL_ALLOC_N(ndr, r->values, ndr_get_array_size(ndr, &r->values)); + size_values_1 = ndr_get_array_size(ndr, &r->values); + NDR_PULL_ALLOC_N(ndr, r->values, size_values_1); _mem_save_values_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->values, 0); - for (cntr_values_1 = 0; cntr_values_1 < r->num_values; cntr_values_1++) { + for (cntr_values_1 = 0; cntr_values_1 < size_values_1; cntr_values_1++) { NDR_CHECK(ndr_pull_drsuapi_DsAttributeValue(ndr, NDR_SCALARS, &r->values[cntr_values_1])); } - for (cntr_values_1 = 0; cntr_values_1 < r->num_values; cntr_values_1++) { + for (cntr_values_1 = 0; cntr_values_1 < size_values_1; cntr_values_1++) { NDR_CHECK(ndr_pull_drsuapi_DsAttributeValue(ndr, NDR_BUFFERS, &r->values[cntr_values_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_values_1, 0); @@ -1907,6 +1919,7 @@ _PUBLIC_ enum ndr_err_code ndr_push_drsuapi_DsReplicaObjectIdentifier3(struct nd _PUBLIC_ enum ndr_err_code ndr_pull_drsuapi_DsReplicaObjectIdentifier3(struct ndr_pull *ndr, int ndr_flags, struct drsuapi_DsReplicaObjectIdentifier3 *r) { + uint32_t size_dn_0 = 0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->__ndr_size)); @@ -1914,7 +1927,8 @@ _PUBLIC_ enum ndr_err_code ndr_pull_drsuapi_DsReplicaObjectIdentifier3(struct nd NDR_CHECK(ndr_pull_GUID(ndr, NDR_SCALARS, &r->guid)); NDR_CHECK(ndr_pull_dom_sid28(ndr, NDR_SCALARS, &r->sid)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->__ndr_size_dn)); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->dn, r->__ndr_size_dn + 1, sizeof(uint16_t), CH_UTF16)); + size_dn_0 = r->__ndr_size_dn + 1; + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->dn, size_dn_0, sizeof(uint16_t), CH_UTF16)); } if (ndr_flags & NDR_BUFFERS) { NDR_CHECK(ndr_pull_dom_sid28(ndr, NDR_BUFFERS, &r->sid)); @@ -1966,6 +1980,7 @@ _PUBLIC_ enum ndr_err_code ndr_push_drsuapi_DsReplicaObjectIdentifier3Binary(str _PUBLIC_ enum ndr_err_code ndr_pull_drsuapi_DsReplicaObjectIdentifier3Binary(struct ndr_pull *ndr, int ndr_flags, struct drsuapi_DsReplicaObjectIdentifier3Binary *r) { + uint32_t size_dn_0 = 0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->__ndr_size)); @@ -1973,7 +1988,8 @@ _PUBLIC_ enum ndr_err_code ndr_pull_drsuapi_DsReplicaObjectIdentifier3Binary(str NDR_CHECK(ndr_pull_GUID(ndr, NDR_SCALARS, &r->guid)); NDR_CHECK(ndr_pull_dom_sid28(ndr, NDR_SCALARS, &r->sid)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->__ndr_size_dn)); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->dn, r->__ndr_size_dn + 1, sizeof(uint16_t), CH_UTF16)); + size_dn_0 = r->__ndr_size_dn + 1; + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->dn, size_dn_0, sizeof(uint16_t), CH_UTF16)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->__ndr_size_binary)); { uint32_t _flags_save_DATA_BLOB = ndr->flags; @@ -2068,6 +2084,7 @@ static enum ndr_err_code ndr_push_drsuapi_DsReplicaAttributeCtr(struct ndr_push static enum ndr_err_code ndr_pull_drsuapi_DsReplicaAttributeCtr(struct ndr_pull *ndr, int ndr_flags, struct drsuapi_DsReplicaAttributeCtr *r) { uint32_t _ptr_attributes; + uint32_t size_attributes_1 = 0; uint32_t cntr_attributes_1; TALLOC_CTX *_mem_save_attributes_0; TALLOC_CTX *_mem_save_attributes_1; @@ -2089,13 +2106,14 @@ static enum ndr_err_code ndr_pull_drsuapi_DsReplicaAttributeCtr(struct ndr_pull _mem_save_attributes_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->attributes, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->attributes)); - NDR_PULL_ALLOC_N(ndr, r->attributes, ndr_get_array_size(ndr, &r->attributes)); + size_attributes_1 = ndr_get_array_size(ndr, &r->attributes); + NDR_PULL_ALLOC_N(ndr, r->attributes, size_attributes_1); _mem_save_attributes_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->attributes, 0); - for (cntr_attributes_1 = 0; cntr_attributes_1 < r->num_attributes; cntr_attributes_1++) { + for (cntr_attributes_1 = 0; cntr_attributes_1 < size_attributes_1; cntr_attributes_1++) { NDR_CHECK(ndr_pull_drsuapi_DsReplicaAttribute(ndr, NDR_SCALARS, &r->attributes[cntr_attributes_1])); } - for (cntr_attributes_1 = 0; cntr_attributes_1 < r->num_attributes; cntr_attributes_1++) { + for (cntr_attributes_1 = 0; cntr_attributes_1 < size_attributes_1; cntr_attributes_1++) { NDR_CHECK(ndr_pull_drsuapi_DsReplicaAttribute(ndr, NDR_BUFFERS, &r->attributes[cntr_attributes_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_attributes_1, 0); @@ -2272,6 +2290,7 @@ _PUBLIC_ enum ndr_err_code ndr_push_drsuapi_DsReplicaMetaDataCtr(struct ndr_push _PUBLIC_ enum ndr_err_code ndr_pull_drsuapi_DsReplicaMetaDataCtr(struct ndr_pull *ndr, int ndr_flags, struct drsuapi_DsReplicaMetaDataCtr *r) { + uint32_t size_meta_data_0 = 0; uint32_t cntr_meta_data_0; TALLOC_CTX *_mem_save_meta_data_0; if (ndr_flags & NDR_SCALARS) { @@ -2281,10 +2300,11 @@ _PUBLIC_ enum ndr_err_code ndr_pull_drsuapi_DsReplicaMetaDataCtr(struct ndr_pull if (r->count > 1048576) { return ndr_pull_error(ndr, NDR_ERR_RANGE, "value out of range"); } - NDR_PULL_ALLOC_N(ndr, r->meta_data, ndr_get_array_size(ndr, &r->meta_data)); + size_meta_data_0 = ndr_get_array_size(ndr, &r->meta_data); + NDR_PULL_ALLOC_N(ndr, r->meta_data, size_meta_data_0); _mem_save_meta_data_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->meta_data, 0); - for (cntr_meta_data_0 = 0; cntr_meta_data_0 < r->count; cntr_meta_data_0++) { + for (cntr_meta_data_0 = 0; cntr_meta_data_0 < size_meta_data_0; cntr_meta_data_0++) { NDR_CHECK(ndr_pull_drsuapi_DsReplicaMetaData(ndr, NDR_SCALARS, &r->meta_data[cntr_meta_data_0])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_meta_data_0, 0); @@ -2675,6 +2695,7 @@ _PUBLIC_ enum ndr_err_code ndr_pull_drsuapi_DsGetNCChangesCtr6(struct ndr_pull * uint32_t _ptr_first_object; TALLOC_CTX *_mem_save_first_object_0; uint32_t _ptr_linked_attributes; + uint32_t size_linked_attributes_1 = 0; uint32_t cntr_linked_attributes_1; TALLOC_CTX *_mem_save_linked_attributes_0; TALLOC_CTX *_mem_save_linked_attributes_1; @@ -2745,13 +2766,14 @@ _PUBLIC_ enum ndr_err_code ndr_pull_drsuapi_DsGetNCChangesCtr6(struct ndr_pull * _mem_save_linked_attributes_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->linked_attributes, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->linked_attributes)); - NDR_PULL_ALLOC_N(ndr, r->linked_attributes, ndr_get_array_size(ndr, &r->linked_attributes)); + size_linked_attributes_1 = ndr_get_array_size(ndr, &r->linked_attributes); + NDR_PULL_ALLOC_N(ndr, r->linked_attributes, size_linked_attributes_1); _mem_save_linked_attributes_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->linked_attributes, 0); - for (cntr_linked_attributes_1 = 0; cntr_linked_attributes_1 < r->linked_attributes_count; cntr_linked_attributes_1++) { + for (cntr_linked_attributes_1 = 0; cntr_linked_attributes_1 < size_linked_attributes_1; cntr_linked_attributes_1++) { NDR_CHECK(ndr_pull_drsuapi_DsReplicaLinkedAttribute(ndr, NDR_SCALARS, &r->linked_attributes[cntr_linked_attributes_1])); } - for (cntr_linked_attributes_1 = 0; cntr_linked_attributes_1 < r->linked_attributes_count; cntr_linked_attributes_1++) { + for (cntr_linked_attributes_1 = 0; cntr_linked_attributes_1 < size_linked_attributes_1; cntr_linked_attributes_1++) { NDR_CHECK(ndr_pull_drsuapi_DsReplicaLinkedAttribute(ndr, NDR_BUFFERS, &r->linked_attributes[cntr_linked_attributes_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_linked_attributes_1, 0); @@ -3546,6 +3568,8 @@ static enum ndr_err_code ndr_pull_drsuapi_DsReplicaUpdateRefsRequest1(struct ndr uint32_t _ptr_naming_context; TALLOC_CTX *_mem_save_naming_context_0; uint32_t _ptr_dest_dsa_dns_name; + uint32_t size_dest_dsa_dns_name_1 = 0; + uint32_t length_dest_dsa_dns_name_1 = 0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); NDR_CHECK(ndr_pull_ref_ptr(ndr, &_ptr_naming_context)); @@ -3570,11 +3594,13 @@ static enum ndr_err_code ndr_pull_drsuapi_DsReplicaUpdateRefsRequest1(struct ndr NDR_PULL_SET_MEM_CTX(ndr, _mem_save_naming_context_0, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->dest_dsa_dns_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->dest_dsa_dns_name)); - if (ndr_get_array_length(ndr, &r->dest_dsa_dns_name) > ndr_get_array_size(ndr, &r->dest_dsa_dns_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->dest_dsa_dns_name), ndr_get_array_length(ndr, &r->dest_dsa_dns_name)); + size_dest_dsa_dns_name_1 = ndr_get_array_size(ndr, &r->dest_dsa_dns_name); + length_dest_dsa_dns_name_1 = ndr_get_array_length(ndr, &r->dest_dsa_dns_name); + if (length_dest_dsa_dns_name_1 > size_dest_dsa_dns_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_dest_dsa_dns_name_1, length_dest_dsa_dns_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->dest_dsa_dns_name), sizeof(uint8_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->dest_dsa_dns_name, ndr_get_array_length(ndr, &r->dest_dsa_dns_name), sizeof(uint8_t), CH_DOS)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_dest_dsa_dns_name_1, sizeof(uint8_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->dest_dsa_dns_name, length_dest_dsa_dns_name_1, sizeof(uint8_t), CH_DOS)); } return NDR_ERR_SUCCESS; } @@ -3820,15 +3846,18 @@ static enum ndr_err_code ndr_push_drsuapi_DsGetMembershipsCtr1(struct ndr_push * static enum ndr_err_code ndr_pull_drsuapi_DsGetMembershipsCtr1(struct ndr_pull *ndr, int ndr_flags, struct drsuapi_DsGetMembershipsCtr1 *r) { uint32_t _ptr_info_array; + uint32_t size_info_array_1 = 0; uint32_t cntr_info_array_1; TALLOC_CTX *_mem_save_info_array_0; TALLOC_CTX *_mem_save_info_array_1; TALLOC_CTX *_mem_save_info_array_2; uint32_t _ptr_group_attrs; + uint32_t size_group_attrs_1 = 0; uint32_t cntr_group_attrs_1; TALLOC_CTX *_mem_save_group_attrs_0; TALLOC_CTX *_mem_save_group_attrs_1; uint32_t _ptr_sids; + uint32_t size_sids_1 = 0; uint32_t cntr_sids_1; TALLOC_CTX *_mem_save_sids_0; TALLOC_CTX *_mem_save_sids_1; @@ -3868,10 +3897,11 @@ static enum ndr_err_code ndr_pull_drsuapi_DsGetMembershipsCtr1(struct ndr_pull * _mem_save_info_array_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->info_array, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->info_array)); - NDR_PULL_ALLOC_N(ndr, r->info_array, ndr_get_array_size(ndr, &r->info_array)); + size_info_array_1 = ndr_get_array_size(ndr, &r->info_array); + NDR_PULL_ALLOC_N(ndr, r->info_array, size_info_array_1); _mem_save_info_array_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->info_array, 0); - for (cntr_info_array_1 = 0; cntr_info_array_1 < r->num_memberships; cntr_info_array_1++) { + for (cntr_info_array_1 = 0; cntr_info_array_1 < size_info_array_1; cntr_info_array_1++) { NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info_array)); if (_ptr_info_array) { NDR_PULL_ALLOC(ndr, r->info_array[cntr_info_array_1]); @@ -3879,7 +3909,7 @@ static enum ndr_err_code ndr_pull_drsuapi_DsGetMembershipsCtr1(struct ndr_pull * r->info_array[cntr_info_array_1] = NULL; } } - for (cntr_info_array_1 = 0; cntr_info_array_1 < r->num_memberships; cntr_info_array_1++) { + for (cntr_info_array_1 = 0; cntr_info_array_1 < size_info_array_1; cntr_info_array_1++) { if (r->info_array[cntr_info_array_1]) { _mem_save_info_array_2 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->info_array[cntr_info_array_1], 0); @@ -3894,10 +3924,11 @@ static enum ndr_err_code ndr_pull_drsuapi_DsGetMembershipsCtr1(struct ndr_pull * _mem_save_group_attrs_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->group_attrs, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->group_attrs)); - NDR_PULL_ALLOC_N(ndr, r->group_attrs, ndr_get_array_size(ndr, &r->group_attrs)); + size_group_attrs_1 = ndr_get_array_size(ndr, &r->group_attrs); + NDR_PULL_ALLOC_N(ndr, r->group_attrs, size_group_attrs_1); _mem_save_group_attrs_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->group_attrs, 0); - for (cntr_group_attrs_1 = 0; cntr_group_attrs_1 < r->num_memberships; cntr_group_attrs_1++) { + for (cntr_group_attrs_1 = 0; cntr_group_attrs_1 < size_group_attrs_1; cntr_group_attrs_1++) { NDR_CHECK(ndr_pull_samr_GroupAttrs(ndr, NDR_SCALARS, &r->group_attrs[cntr_group_attrs_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_group_attrs_1, 0); @@ -3907,10 +3938,11 @@ static enum ndr_err_code ndr_pull_drsuapi_DsGetMembershipsCtr1(struct ndr_pull * _mem_save_sids_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->sids, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->sids)); - NDR_PULL_ALLOC_N(ndr, r->sids, ndr_get_array_size(ndr, &r->sids)); + size_sids_1 = ndr_get_array_size(ndr, &r->sids); + NDR_PULL_ALLOC_N(ndr, r->sids, size_sids_1); _mem_save_sids_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->sids, 0); - for (cntr_sids_1 = 0; cntr_sids_1 < r->num_sids; cntr_sids_1++) { + for (cntr_sids_1 = 0; cntr_sids_1 < size_sids_1; cntr_sids_1++) { NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_sids)); if (_ptr_sids) { NDR_PULL_ALLOC(ndr, r->sids[cntr_sids_1]); @@ -3918,7 +3950,7 @@ static enum ndr_err_code ndr_pull_drsuapi_DsGetMembershipsCtr1(struct ndr_pull * r->sids[cntr_sids_1] = NULL; } } - for (cntr_sids_1 = 0; cntr_sids_1 < r->num_sids; cntr_sids_1++) { + for (cntr_sids_1 = 0; cntr_sids_1 < size_sids_1; cntr_sids_1++) { if (r->sids[cntr_sids_1]) { _mem_save_sids_2 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->sids[cntr_sids_1], 0); @@ -4118,6 +4150,7 @@ static enum ndr_err_code ndr_push_drsuapi_DsGetMembershipsRequest1(struct ndr_pu static enum ndr_err_code ndr_pull_drsuapi_DsGetMembershipsRequest1(struct ndr_pull *ndr, int ndr_flags, struct drsuapi_DsGetMembershipsRequest1 *r) { uint32_t _ptr_info_array; + uint32_t size_info_array_1 = 0; uint32_t cntr_info_array_1; TALLOC_CTX *_mem_save_info_array_0; TALLOC_CTX *_mem_save_info_array_1; @@ -4150,10 +4183,11 @@ static enum ndr_err_code ndr_pull_drsuapi_DsGetMembershipsRequest1(struct ndr_pu _mem_save_info_array_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->info_array, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->info_array)); - NDR_PULL_ALLOC_N(ndr, r->info_array, ndr_get_array_size(ndr, &r->info_array)); + size_info_array_1 = ndr_get_array_size(ndr, &r->info_array); + NDR_PULL_ALLOC_N(ndr, r->info_array, size_info_array_1); _mem_save_info_array_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->info_array, 0); - for (cntr_info_array_1 = 0; cntr_info_array_1 < r->count; cntr_info_array_1++) { + for (cntr_info_array_1 = 0; cntr_info_array_1 < size_info_array_1; cntr_info_array_1++) { NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info_array)); if (_ptr_info_array) { NDR_PULL_ALLOC(ndr, r->info_array[cntr_info_array_1]); @@ -4161,7 +4195,7 @@ static enum ndr_err_code ndr_pull_drsuapi_DsGetMembershipsRequest1(struct ndr_pu r->info_array[cntr_info_array_1] = NULL; } } - for (cntr_info_array_1 = 0; cntr_info_array_1 < r->count; cntr_info_array_1++) { + for (cntr_info_array_1 = 0; cntr_info_array_1 < size_info_array_1; cntr_info_array_1++) { if (r->info_array[cntr_info_array_1]) { _mem_save_info_array_2 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->info_array[cntr_info_array_1], 0); @@ -4318,6 +4352,7 @@ static enum ndr_err_code ndr_push_drsuapi_DsGetNT4ChangeLogRequest1(struct ndr_p static enum ndr_err_code ndr_pull_drsuapi_DsGetNT4ChangeLogRequest1(struct ndr_pull *ndr, int ndr_flags, struct drsuapi_DsGetNT4ChangeLogRequest1 *r) { uint32_t _ptr_data; + uint32_t size_data_1 = 0; TALLOC_CTX *_mem_save_data_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); @@ -4339,8 +4374,9 @@ static enum ndr_err_code ndr_pull_drsuapi_DsGetNT4ChangeLogRequest1(struct ndr_p _mem_save_data_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->data, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->data)); - NDR_PULL_ALLOC_N(ndr, r->data, ndr_get_array_size(ndr, &r->data)); - NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->data, ndr_get_array_size(ndr, &r->data))); + size_data_1 = ndr_get_array_size(ndr, &r->data); + NDR_PULL_ALLOC_N(ndr, r->data, size_data_1); + NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->data, size_data_1)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_data_0, 0); } if (r->data) { @@ -4473,8 +4509,10 @@ static enum ndr_err_code ndr_push_drsuapi_DsGetNT4ChangeLogInfo1(struct ndr_push static enum ndr_err_code ndr_pull_drsuapi_DsGetNT4ChangeLogInfo1(struct ndr_pull *ndr, int ndr_flags, struct drsuapi_DsGetNT4ChangeLogInfo1 *r) { uint32_t _ptr_data1; + uint32_t size_data1_1 = 0; TALLOC_CTX *_mem_save_data1_0; uint32_t _ptr_data2; + uint32_t size_data2_1 = 0; TALLOC_CTX *_mem_save_data2_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 8)); @@ -4511,16 +4549,18 @@ static enum ndr_err_code ndr_pull_drsuapi_DsGetNT4ChangeLogInfo1(struct ndr_pull _mem_save_data1_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->data1, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->data1)); - NDR_PULL_ALLOC_N(ndr, r->data1, ndr_get_array_size(ndr, &r->data1)); - NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->data1, ndr_get_array_size(ndr, &r->data1))); + size_data1_1 = ndr_get_array_size(ndr, &r->data1); + NDR_PULL_ALLOC_N(ndr, r->data1, size_data1_1); + NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->data1, size_data1_1)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_data1_0, 0); } if (r->data2) { _mem_save_data2_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->data2, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->data2)); - NDR_PULL_ALLOC_N(ndr, r->data2, ndr_get_array_size(ndr, &r->data2)); - NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->data2, ndr_get_array_size(ndr, &r->data2))); + size_data2_1 = ndr_get_array_size(ndr, &r->data2); + NDR_PULL_ALLOC_N(ndr, r->data2, size_data2_1); + NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->data2, size_data2_1)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_data2_0, 0); } if (r->data1) { @@ -4749,6 +4789,8 @@ static enum ndr_err_code ndr_push_drsuapi_DsNameString(struct ndr_push *ndr, int static enum ndr_err_code ndr_pull_drsuapi_DsNameString(struct ndr_pull *ndr, int ndr_flags, struct drsuapi_DsNameString *r) { uint32_t _ptr_str; + uint32_t size_str_1 = 0; + uint32_t length_str_1 = 0; TALLOC_CTX *_mem_save_str_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); @@ -4765,11 +4807,13 @@ static enum ndr_err_code ndr_pull_drsuapi_DsNameString(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->str, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->str)); NDR_CHECK(ndr_pull_array_length(ndr, &r->str)); - if (ndr_get_array_length(ndr, &r->str) > ndr_get_array_size(ndr, &r->str)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->str), ndr_get_array_length(ndr, &r->str)); + size_str_1 = ndr_get_array_size(ndr, &r->str); + length_str_1 = ndr_get_array_length(ndr, &r->str); + if (length_str_1 > size_str_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_str_1, length_str_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->str), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->str, ndr_get_array_length(ndr, &r->str), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_str_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->str, length_str_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_str_0, 0); } } @@ -4819,6 +4863,7 @@ static enum ndr_err_code ndr_push_drsuapi_DsNameRequest1(struct ndr_push *ndr, i static enum ndr_err_code ndr_pull_drsuapi_DsNameRequest1(struct ndr_pull *ndr, int ndr_flags, struct drsuapi_DsNameRequest1 *r) { uint32_t _ptr_names; + uint32_t size_names_1 = 0; uint32_t cntr_names_1; TALLOC_CTX *_mem_save_names_0; TALLOC_CTX *_mem_save_names_1; @@ -4845,13 +4890,14 @@ static enum ndr_err_code ndr_pull_drsuapi_DsNameRequest1(struct ndr_pull *ndr, i _mem_save_names_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->names, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->names)); - NDR_PULL_ALLOC_N(ndr, r->names, ndr_get_array_size(ndr, &r->names)); + size_names_1 = ndr_get_array_size(ndr, &r->names); + NDR_PULL_ALLOC_N(ndr, r->names, size_names_1); _mem_save_names_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->names, 0); - for (cntr_names_1 = 0; cntr_names_1 < r->count; cntr_names_1++) { + for (cntr_names_1 = 0; cntr_names_1 < size_names_1; cntr_names_1++) { NDR_CHECK(ndr_pull_drsuapi_DsNameString(ndr, NDR_SCALARS, &r->names[cntr_names_1])); } - for (cntr_names_1 = 0; cntr_names_1 < r->count; cntr_names_1++) { + for (cntr_names_1 = 0; cntr_names_1 < size_names_1; cntr_names_1++) { NDR_CHECK(ndr_pull_drsuapi_DsNameString(ndr, NDR_BUFFERS, &r->names[cntr_names_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_names_1, 0); @@ -4996,8 +5042,12 @@ static enum ndr_err_code ndr_push_drsuapi_DsNameInfo1(struct ndr_push *ndr, int static enum ndr_err_code ndr_pull_drsuapi_DsNameInfo1(struct ndr_pull *ndr, int ndr_flags, struct drsuapi_DsNameInfo1 *r) { uint32_t _ptr_dns_domain_name; + uint32_t size_dns_domain_name_1 = 0; + uint32_t length_dns_domain_name_1 = 0; TALLOC_CTX *_mem_save_dns_domain_name_0; uint32_t _ptr_result_name; + uint32_t size_result_name_1 = 0; + uint32_t length_result_name_1 = 0; TALLOC_CTX *_mem_save_result_name_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); @@ -5021,11 +5071,13 @@ static enum ndr_err_code ndr_pull_drsuapi_DsNameInfo1(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->dns_domain_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->dns_domain_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->dns_domain_name)); - if (ndr_get_array_length(ndr, &r->dns_domain_name) > ndr_get_array_size(ndr, &r->dns_domain_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->dns_domain_name), ndr_get_array_length(ndr, &r->dns_domain_name)); + size_dns_domain_name_1 = ndr_get_array_size(ndr, &r->dns_domain_name); + length_dns_domain_name_1 = ndr_get_array_length(ndr, &r->dns_domain_name); + if (length_dns_domain_name_1 > size_dns_domain_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_dns_domain_name_1, length_dns_domain_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->dns_domain_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->dns_domain_name, ndr_get_array_length(ndr, &r->dns_domain_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_dns_domain_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->dns_domain_name, length_dns_domain_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_dns_domain_name_0, 0); } if (r->result_name) { @@ -5033,11 +5085,13 @@ static enum ndr_err_code ndr_pull_drsuapi_DsNameInfo1(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->result_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->result_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->result_name)); - if (ndr_get_array_length(ndr, &r->result_name) > ndr_get_array_size(ndr, &r->result_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->result_name), ndr_get_array_length(ndr, &r->result_name)); + size_result_name_1 = ndr_get_array_size(ndr, &r->result_name); + length_result_name_1 = ndr_get_array_length(ndr, &r->result_name); + if (length_result_name_1 > size_result_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_result_name_1, length_result_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->result_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->result_name, ndr_get_array_length(ndr, &r->result_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_result_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->result_name, length_result_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_result_name_0, 0); } } @@ -5089,6 +5143,7 @@ static enum ndr_err_code ndr_push_drsuapi_DsNameCtr1(struct ndr_push *ndr, int n static enum ndr_err_code ndr_pull_drsuapi_DsNameCtr1(struct ndr_pull *ndr, int ndr_flags, struct drsuapi_DsNameCtr1 *r) { uint32_t _ptr_array; + uint32_t size_array_1 = 0; uint32_t cntr_array_1; TALLOC_CTX *_mem_save_array_0; TALLOC_CTX *_mem_save_array_1; @@ -5107,13 +5162,14 @@ static enum ndr_err_code ndr_pull_drsuapi_DsNameCtr1(struct ndr_pull *ndr, int n _mem_save_array_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->array)); - NDR_PULL_ALLOC_N(ndr, r->array, ndr_get_array_size(ndr, &r->array)); + size_array_1 = ndr_get_array_size(ndr, &r->array); + NDR_PULL_ALLOC_N(ndr, r->array, size_array_1); _mem_save_array_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); - for (cntr_array_1 = 0; cntr_array_1 < r->count; cntr_array_1++) { + for (cntr_array_1 = 0; cntr_array_1 < size_array_1; cntr_array_1++) { NDR_CHECK(ndr_pull_drsuapi_DsNameInfo1(ndr, NDR_SCALARS, &r->array[cntr_array_1])); } - for (cntr_array_1 = 0; cntr_array_1 < r->count; cntr_array_1++) { + for (cntr_array_1 = 0; cntr_array_1 < size_array_1; cntr_array_1++) { NDR_CHECK(ndr_pull_drsuapi_DsNameInfo1(ndr, NDR_BUFFERS, &r->array[cntr_array_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_array_1, 0); @@ -5185,6 +5241,7 @@ static enum ndr_err_code ndr_pull_drsuapi_DsNameCtr(struct ndr_pull *ndr, int nd int level; int32_t _level; TALLOC_CTX *_mem_save_ctr1_0; + uint32_t _ptr_ctr1; level = ndr_pull_get_switch_value(ndr, r); if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_int32(ndr, NDR_SCALARS, &_level)); @@ -5193,7 +5250,6 @@ static enum ndr_err_code ndr_pull_drsuapi_DsNameCtr(struct ndr_pull *ndr, int nd } switch (level) { case 1: { - uint32_t _ptr_ctr1; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_ctr1)); if (_ptr_ctr1) { NDR_PULL_ALLOC(ndr, r->ctr1); @@ -5304,8 +5360,11 @@ static enum ndr_err_code ndr_push_drsuapi_DsWriteAccountSpnRequest1(struct ndr_p static enum ndr_err_code ndr_pull_drsuapi_DsWriteAccountSpnRequest1(struct ndr_pull *ndr, int ndr_flags, struct drsuapi_DsWriteAccountSpnRequest1 *r) { uint32_t _ptr_object_dn; + uint32_t size_object_dn_1 = 0; + uint32_t length_object_dn_1 = 0; TALLOC_CTX *_mem_save_object_dn_0; uint32_t _ptr_spn_names; + uint32_t size_spn_names_1 = 0; uint32_t cntr_spn_names_1; TALLOC_CTX *_mem_save_spn_names_0; TALLOC_CTX *_mem_save_spn_names_1; @@ -5336,24 +5395,27 @@ static enum ndr_err_code ndr_pull_drsuapi_DsWriteAccountSpnRequest1(struct ndr_p NDR_PULL_SET_MEM_CTX(ndr, r->object_dn, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->object_dn)); NDR_CHECK(ndr_pull_array_length(ndr, &r->object_dn)); - if (ndr_get_array_length(ndr, &r->object_dn) > ndr_get_array_size(ndr, &r->object_dn)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->object_dn), ndr_get_array_length(ndr, &r->object_dn)); + size_object_dn_1 = ndr_get_array_size(ndr, &r->object_dn); + length_object_dn_1 = ndr_get_array_length(ndr, &r->object_dn); + if (length_object_dn_1 > size_object_dn_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_object_dn_1, length_object_dn_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->object_dn), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->object_dn, ndr_get_array_length(ndr, &r->object_dn), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_object_dn_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->object_dn, length_object_dn_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_object_dn_0, 0); } if (r->spn_names) { _mem_save_spn_names_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->spn_names, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->spn_names)); - NDR_PULL_ALLOC_N(ndr, r->spn_names, ndr_get_array_size(ndr, &r->spn_names)); + size_spn_names_1 = ndr_get_array_size(ndr, &r->spn_names); + NDR_PULL_ALLOC_N(ndr, r->spn_names, size_spn_names_1); _mem_save_spn_names_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->spn_names, 0); - for (cntr_spn_names_1 = 0; cntr_spn_names_1 < r->count; cntr_spn_names_1++) { + for (cntr_spn_names_1 = 0; cntr_spn_names_1 < size_spn_names_1; cntr_spn_names_1++) { NDR_CHECK(ndr_pull_drsuapi_DsNameString(ndr, NDR_SCALARS, &r->spn_names[cntr_spn_names_1])); } - for (cntr_spn_names_1 = 0; cntr_spn_names_1 < r->count; cntr_spn_names_1++) { + for (cntr_spn_names_1 = 0; cntr_spn_names_1 < size_spn_names_1; cntr_spn_names_1++) { NDR_CHECK(ndr_pull_drsuapi_DsNameString(ndr, NDR_BUFFERS, &r->spn_names[cntr_spn_names_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_spn_names_1, 0); @@ -5604,8 +5666,12 @@ static enum ndr_err_code ndr_push_drsuapi_DsRemoveDSServerRequest1(struct ndr_pu static enum ndr_err_code ndr_pull_drsuapi_DsRemoveDSServerRequest1(struct ndr_pull *ndr, int ndr_flags, struct drsuapi_DsRemoveDSServerRequest1 *r) { uint32_t _ptr_server_dn; + uint32_t size_server_dn_1 = 0; + uint32_t length_server_dn_1 = 0; TALLOC_CTX *_mem_save_server_dn_0; uint32_t _ptr_domain_dn; + uint32_t size_domain_dn_1 = 0; + uint32_t length_domain_dn_1 = 0; TALLOC_CTX *_mem_save_domain_dn_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); @@ -5629,11 +5695,13 @@ static enum ndr_err_code ndr_pull_drsuapi_DsRemoveDSServerRequest1(struct ndr_pu NDR_PULL_SET_MEM_CTX(ndr, r->server_dn, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->server_dn)); NDR_CHECK(ndr_pull_array_length(ndr, &r->server_dn)); - if (ndr_get_array_length(ndr, &r->server_dn) > ndr_get_array_size(ndr, &r->server_dn)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->server_dn), ndr_get_array_length(ndr, &r->server_dn)); + size_server_dn_1 = ndr_get_array_size(ndr, &r->server_dn); + length_server_dn_1 = ndr_get_array_length(ndr, &r->server_dn); + if (length_server_dn_1 > size_server_dn_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_dn_1, length_server_dn_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->server_dn), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->server_dn, ndr_get_array_length(ndr, &r->server_dn), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_dn_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->server_dn, length_server_dn_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_dn_0, 0); } if (r->domain_dn) { @@ -5641,11 +5709,13 @@ static enum ndr_err_code ndr_pull_drsuapi_DsRemoveDSServerRequest1(struct ndr_pu NDR_PULL_SET_MEM_CTX(ndr, r->domain_dn, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->domain_dn)); NDR_CHECK(ndr_pull_array_length(ndr, &r->domain_dn)); - if (ndr_get_array_length(ndr, &r->domain_dn) > ndr_get_array_size(ndr, &r->domain_dn)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->domain_dn), ndr_get_array_length(ndr, &r->domain_dn)); + size_domain_dn_1 = ndr_get_array_size(ndr, &r->domain_dn); + length_domain_dn_1 = ndr_get_array_length(ndr, &r->domain_dn); + if (length_domain_dn_1 > size_domain_dn_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_domain_dn_1, length_domain_dn_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->domain_dn), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->domain_dn, ndr_get_array_length(ndr, &r->domain_dn), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_domain_dn_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->domain_dn, length_domain_dn_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_domain_dn_0, 0); } } @@ -5871,6 +5941,8 @@ static enum ndr_err_code ndr_push_drsuapi_DsGetDCInfoRequest1(struct ndr_push *n static enum ndr_err_code ndr_pull_drsuapi_DsGetDCInfoRequest1(struct ndr_pull *ndr, int ndr_flags, struct drsuapi_DsGetDCInfoRequest1 *r) { uint32_t _ptr_domain_name; + uint32_t size_domain_name_1 = 0; + uint32_t length_domain_name_1 = 0; TALLOC_CTX *_mem_save_domain_name_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); @@ -5888,11 +5960,13 @@ static enum ndr_err_code ndr_pull_drsuapi_DsGetDCInfoRequest1(struct ndr_pull *n NDR_PULL_SET_MEM_CTX(ndr, r->domain_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->domain_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->domain_name)); - if (ndr_get_array_length(ndr, &r->domain_name) > ndr_get_array_size(ndr, &r->domain_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->domain_name), ndr_get_array_length(ndr, &r->domain_name)); + size_domain_name_1 = ndr_get_array_size(ndr, &r->domain_name); + length_domain_name_1 = ndr_get_array_length(ndr, &r->domain_name); + if (length_domain_name_1 > size_domain_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_domain_name_1, length_domain_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->domain_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->domain_name, ndr_get_array_length(ndr, &r->domain_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_domain_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->domain_name, length_domain_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_domain_name_0, 0); } } @@ -6038,14 +6112,24 @@ static enum ndr_err_code ndr_push_drsuapi_DsGetDCInfo1(struct ndr_push *ndr, int static enum ndr_err_code ndr_pull_drsuapi_DsGetDCInfo1(struct ndr_pull *ndr, int ndr_flags, struct drsuapi_DsGetDCInfo1 *r) { uint32_t _ptr_netbios_name; + uint32_t size_netbios_name_1 = 0; + uint32_t length_netbios_name_1 = 0; TALLOC_CTX *_mem_save_netbios_name_0; uint32_t _ptr_dns_name; + uint32_t size_dns_name_1 = 0; + uint32_t length_dns_name_1 = 0; TALLOC_CTX *_mem_save_dns_name_0; uint32_t _ptr_site_name; + uint32_t size_site_name_1 = 0; + uint32_t length_site_name_1 = 0; TALLOC_CTX *_mem_save_site_name_0; uint32_t _ptr_computer_dn; + uint32_t size_computer_dn_1 = 0; + uint32_t length_computer_dn_1 = 0; TALLOC_CTX *_mem_save_computer_dn_0; uint32_t _ptr_server_dn; + uint32_t size_server_dn_1 = 0; + uint32_t length_server_dn_1 = 0; TALLOC_CTX *_mem_save_server_dn_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); @@ -6088,11 +6172,13 @@ static enum ndr_err_code ndr_pull_drsuapi_DsGetDCInfo1(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->netbios_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->netbios_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->netbios_name)); - if (ndr_get_array_length(ndr, &r->netbios_name) > ndr_get_array_size(ndr, &r->netbios_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->netbios_name), ndr_get_array_length(ndr, &r->netbios_name)); + size_netbios_name_1 = ndr_get_array_size(ndr, &r->netbios_name); + length_netbios_name_1 = ndr_get_array_length(ndr, &r->netbios_name); + if (length_netbios_name_1 > size_netbios_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_netbios_name_1, length_netbios_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->netbios_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->netbios_name, ndr_get_array_length(ndr, &r->netbios_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_netbios_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->netbios_name, length_netbios_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_netbios_name_0, 0); } if (r->dns_name) { @@ -6100,11 +6186,13 @@ static enum ndr_err_code ndr_pull_drsuapi_DsGetDCInfo1(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->dns_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->dns_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->dns_name)); - if (ndr_get_array_length(ndr, &r->dns_name) > ndr_get_array_size(ndr, &r->dns_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->dns_name), ndr_get_array_length(ndr, &r->dns_name)); + size_dns_name_1 = ndr_get_array_size(ndr, &r->dns_name); + length_dns_name_1 = ndr_get_array_length(ndr, &r->dns_name); + if (length_dns_name_1 > size_dns_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_dns_name_1, length_dns_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->dns_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->dns_name, ndr_get_array_length(ndr, &r->dns_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_dns_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->dns_name, length_dns_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_dns_name_0, 0); } if (r->site_name) { @@ -6112,11 +6200,13 @@ static enum ndr_err_code ndr_pull_drsuapi_DsGetDCInfo1(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->site_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->site_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->site_name)); - if (ndr_get_array_length(ndr, &r->site_name) > ndr_get_array_size(ndr, &r->site_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->site_name), ndr_get_array_length(ndr, &r->site_name)); + size_site_name_1 = ndr_get_array_size(ndr, &r->site_name); + length_site_name_1 = ndr_get_array_length(ndr, &r->site_name); + if (length_site_name_1 > size_site_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_site_name_1, length_site_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->site_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->site_name, ndr_get_array_length(ndr, &r->site_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_site_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->site_name, length_site_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_site_name_0, 0); } if (r->computer_dn) { @@ -6124,11 +6214,13 @@ static enum ndr_err_code ndr_pull_drsuapi_DsGetDCInfo1(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->computer_dn, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->computer_dn)); NDR_CHECK(ndr_pull_array_length(ndr, &r->computer_dn)); - if (ndr_get_array_length(ndr, &r->computer_dn) > ndr_get_array_size(ndr, &r->computer_dn)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->computer_dn), ndr_get_array_length(ndr, &r->computer_dn)); + size_computer_dn_1 = ndr_get_array_size(ndr, &r->computer_dn); + length_computer_dn_1 = ndr_get_array_length(ndr, &r->computer_dn); + if (length_computer_dn_1 > size_computer_dn_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_computer_dn_1, length_computer_dn_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->computer_dn), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->computer_dn, ndr_get_array_length(ndr, &r->computer_dn), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_computer_dn_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->computer_dn, length_computer_dn_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_computer_dn_0, 0); } if (r->server_dn) { @@ -6136,11 +6228,13 @@ static enum ndr_err_code ndr_pull_drsuapi_DsGetDCInfo1(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->server_dn, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->server_dn)); NDR_CHECK(ndr_pull_array_length(ndr, &r->server_dn)); - if (ndr_get_array_length(ndr, &r->server_dn) > ndr_get_array_size(ndr, &r->server_dn)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->server_dn), ndr_get_array_length(ndr, &r->server_dn)); + size_server_dn_1 = ndr_get_array_size(ndr, &r->server_dn); + length_server_dn_1 = ndr_get_array_length(ndr, &r->server_dn); + if (length_server_dn_1 > size_server_dn_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_dn_1, length_server_dn_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->server_dn), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->server_dn, ndr_get_array_length(ndr, &r->server_dn), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_dn_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->server_dn, length_server_dn_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_dn_0, 0); } } @@ -6211,6 +6305,7 @@ static enum ndr_err_code ndr_push_drsuapi_DsGetDCInfoCtr1(struct ndr_push *ndr, static enum ndr_err_code ndr_pull_drsuapi_DsGetDCInfoCtr1(struct ndr_pull *ndr, int ndr_flags, struct drsuapi_DsGetDCInfoCtr1 *r) { uint32_t _ptr_array; + uint32_t size_array_1 = 0; uint32_t cntr_array_1; TALLOC_CTX *_mem_save_array_0; TALLOC_CTX *_mem_save_array_1; @@ -6232,13 +6327,14 @@ static enum ndr_err_code ndr_pull_drsuapi_DsGetDCInfoCtr1(struct ndr_pull *ndr, _mem_save_array_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->array)); - NDR_PULL_ALLOC_N(ndr, r->array, ndr_get_array_size(ndr, &r->array)); + size_array_1 = ndr_get_array_size(ndr, &r->array); + NDR_PULL_ALLOC_N(ndr, r->array, size_array_1); _mem_save_array_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); - for (cntr_array_1 = 0; cntr_array_1 < r->count; cntr_array_1++) { + for (cntr_array_1 = 0; cntr_array_1 < size_array_1; cntr_array_1++) { NDR_CHECK(ndr_pull_drsuapi_DsGetDCInfo1(ndr, NDR_SCALARS, &r->array[cntr_array_1])); } - for (cntr_array_1 = 0; cntr_array_1 < r->count; cntr_array_1++) { + for (cntr_array_1 = 0; cntr_array_1 < size_array_1; cntr_array_1++) { NDR_CHECK(ndr_pull_drsuapi_DsGetDCInfo1(ndr, NDR_BUFFERS, &r->array[cntr_array_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_array_1, 0); @@ -6344,18 +6440,32 @@ static enum ndr_err_code ndr_push_drsuapi_DsGetDCInfo2(struct ndr_push *ndr, int static enum ndr_err_code ndr_pull_drsuapi_DsGetDCInfo2(struct ndr_pull *ndr, int ndr_flags, struct drsuapi_DsGetDCInfo2 *r) { uint32_t _ptr_netbios_name; + uint32_t size_netbios_name_1 = 0; + uint32_t length_netbios_name_1 = 0; TALLOC_CTX *_mem_save_netbios_name_0; uint32_t _ptr_dns_name; + uint32_t size_dns_name_1 = 0; + uint32_t length_dns_name_1 = 0; TALLOC_CTX *_mem_save_dns_name_0; uint32_t _ptr_site_name; + uint32_t size_site_name_1 = 0; + uint32_t length_site_name_1 = 0; TALLOC_CTX *_mem_save_site_name_0; uint32_t _ptr_site_dn; + uint32_t size_site_dn_1 = 0; + uint32_t length_site_dn_1 = 0; TALLOC_CTX *_mem_save_site_dn_0; uint32_t _ptr_computer_dn; + uint32_t size_computer_dn_1 = 0; + uint32_t length_computer_dn_1 = 0; TALLOC_CTX *_mem_save_computer_dn_0; uint32_t _ptr_server_dn; + uint32_t size_server_dn_1 = 0; + uint32_t length_server_dn_1 = 0; TALLOC_CTX *_mem_save_server_dn_0; uint32_t _ptr_ntds_dn; + uint32_t size_ntds_dn_1 = 0; + uint32_t length_ntds_dn_1 = 0; TALLOC_CTX *_mem_save_ntds_dn_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); @@ -6415,11 +6525,13 @@ static enum ndr_err_code ndr_pull_drsuapi_DsGetDCInfo2(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->netbios_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->netbios_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->netbios_name)); - if (ndr_get_array_length(ndr, &r->netbios_name) > ndr_get_array_size(ndr, &r->netbios_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->netbios_name), ndr_get_array_length(ndr, &r->netbios_name)); + size_netbios_name_1 = ndr_get_array_size(ndr, &r->netbios_name); + length_netbios_name_1 = ndr_get_array_length(ndr, &r->netbios_name); + if (length_netbios_name_1 > size_netbios_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_netbios_name_1, length_netbios_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->netbios_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->netbios_name, ndr_get_array_length(ndr, &r->netbios_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_netbios_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->netbios_name, length_netbios_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_netbios_name_0, 0); } if (r->dns_name) { @@ -6427,11 +6539,13 @@ static enum ndr_err_code ndr_pull_drsuapi_DsGetDCInfo2(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->dns_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->dns_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->dns_name)); - if (ndr_get_array_length(ndr, &r->dns_name) > ndr_get_array_size(ndr, &r->dns_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->dns_name), ndr_get_array_length(ndr, &r->dns_name)); + size_dns_name_1 = ndr_get_array_size(ndr, &r->dns_name); + length_dns_name_1 = ndr_get_array_length(ndr, &r->dns_name); + if (length_dns_name_1 > size_dns_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_dns_name_1, length_dns_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->dns_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->dns_name, ndr_get_array_length(ndr, &r->dns_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_dns_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->dns_name, length_dns_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_dns_name_0, 0); } if (r->site_name) { @@ -6439,11 +6553,13 @@ static enum ndr_err_code ndr_pull_drsuapi_DsGetDCInfo2(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->site_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->site_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->site_name)); - if (ndr_get_array_length(ndr, &r->site_name) > ndr_get_array_size(ndr, &r->site_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->site_name), ndr_get_array_length(ndr, &r->site_name)); + size_site_name_1 = ndr_get_array_size(ndr, &r->site_name); + length_site_name_1 = ndr_get_array_length(ndr, &r->site_name); + if (length_site_name_1 > size_site_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_site_name_1, length_site_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->site_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->site_name, ndr_get_array_length(ndr, &r->site_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_site_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->site_name, length_site_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_site_name_0, 0); } if (r->site_dn) { @@ -6451,11 +6567,13 @@ static enum ndr_err_code ndr_pull_drsuapi_DsGetDCInfo2(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->site_dn, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->site_dn)); NDR_CHECK(ndr_pull_array_length(ndr, &r->site_dn)); - if (ndr_get_array_length(ndr, &r->site_dn) > ndr_get_array_size(ndr, &r->site_dn)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->site_dn), ndr_get_array_length(ndr, &r->site_dn)); + size_site_dn_1 = ndr_get_array_size(ndr, &r->site_dn); + length_site_dn_1 = ndr_get_array_length(ndr, &r->site_dn); + if (length_site_dn_1 > size_site_dn_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_site_dn_1, length_site_dn_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->site_dn), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->site_dn, ndr_get_array_length(ndr, &r->site_dn), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_site_dn_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->site_dn, length_site_dn_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_site_dn_0, 0); } if (r->computer_dn) { @@ -6463,11 +6581,13 @@ static enum ndr_err_code ndr_pull_drsuapi_DsGetDCInfo2(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->computer_dn, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->computer_dn)); NDR_CHECK(ndr_pull_array_length(ndr, &r->computer_dn)); - if (ndr_get_array_length(ndr, &r->computer_dn) > ndr_get_array_size(ndr, &r->computer_dn)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->computer_dn), ndr_get_array_length(ndr, &r->computer_dn)); + size_computer_dn_1 = ndr_get_array_size(ndr, &r->computer_dn); + length_computer_dn_1 = ndr_get_array_length(ndr, &r->computer_dn); + if (length_computer_dn_1 > size_computer_dn_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_computer_dn_1, length_computer_dn_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->computer_dn), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->computer_dn, ndr_get_array_length(ndr, &r->computer_dn), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_computer_dn_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->computer_dn, length_computer_dn_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_computer_dn_0, 0); } if (r->server_dn) { @@ -6475,11 +6595,13 @@ static enum ndr_err_code ndr_pull_drsuapi_DsGetDCInfo2(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->server_dn, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->server_dn)); NDR_CHECK(ndr_pull_array_length(ndr, &r->server_dn)); - if (ndr_get_array_length(ndr, &r->server_dn) > ndr_get_array_size(ndr, &r->server_dn)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->server_dn), ndr_get_array_length(ndr, &r->server_dn)); + size_server_dn_1 = ndr_get_array_size(ndr, &r->server_dn); + length_server_dn_1 = ndr_get_array_length(ndr, &r->server_dn); + if (length_server_dn_1 > size_server_dn_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_dn_1, length_server_dn_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->server_dn), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->server_dn, ndr_get_array_length(ndr, &r->server_dn), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_dn_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->server_dn, length_server_dn_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_dn_0, 0); } if (r->ntds_dn) { @@ -6487,11 +6609,13 @@ static enum ndr_err_code ndr_pull_drsuapi_DsGetDCInfo2(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->ntds_dn, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->ntds_dn)); NDR_CHECK(ndr_pull_array_length(ndr, &r->ntds_dn)); - if (ndr_get_array_length(ndr, &r->ntds_dn) > ndr_get_array_size(ndr, &r->ntds_dn)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->ntds_dn), ndr_get_array_length(ndr, &r->ntds_dn)); + size_ntds_dn_1 = ndr_get_array_size(ndr, &r->ntds_dn); + length_ntds_dn_1 = ndr_get_array_length(ndr, &r->ntds_dn); + if (length_ntds_dn_1 > size_ntds_dn_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_ntds_dn_1, length_ntds_dn_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->ntds_dn), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->ntds_dn, ndr_get_array_length(ndr, &r->ntds_dn), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_ntds_dn_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->ntds_dn, length_ntds_dn_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_ntds_dn_0, 0); } } @@ -6579,6 +6703,7 @@ static enum ndr_err_code ndr_push_drsuapi_DsGetDCInfoCtr2(struct ndr_push *ndr, static enum ndr_err_code ndr_pull_drsuapi_DsGetDCInfoCtr2(struct ndr_pull *ndr, int ndr_flags, struct drsuapi_DsGetDCInfoCtr2 *r) { uint32_t _ptr_array; + uint32_t size_array_1 = 0; uint32_t cntr_array_1; TALLOC_CTX *_mem_save_array_0; TALLOC_CTX *_mem_save_array_1; @@ -6600,13 +6725,14 @@ static enum ndr_err_code ndr_pull_drsuapi_DsGetDCInfoCtr2(struct ndr_pull *ndr, _mem_save_array_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->array)); - NDR_PULL_ALLOC_N(ndr, r->array, ndr_get_array_size(ndr, &r->array)); + size_array_1 = ndr_get_array_size(ndr, &r->array); + NDR_PULL_ALLOC_N(ndr, r->array, size_array_1); _mem_save_array_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); - for (cntr_array_1 = 0; cntr_array_1 < r->count; cntr_array_1++) { + for (cntr_array_1 = 0; cntr_array_1 < size_array_1; cntr_array_1++) { NDR_CHECK(ndr_pull_drsuapi_DsGetDCInfo2(ndr, NDR_SCALARS, &r->array[cntr_array_1])); } - for (cntr_array_1 = 0; cntr_array_1 < r->count; cntr_array_1++) { + for (cntr_array_1 = 0; cntr_array_1 < size_array_1; cntr_array_1++) { NDR_CHECK(ndr_pull_drsuapi_DsGetDCInfo2(ndr, NDR_BUFFERS, &r->array[cntr_array_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_array_1, 0); @@ -6713,18 +6839,32 @@ static enum ndr_err_code ndr_push_drsuapi_DsGetDCInfo3(struct ndr_push *ndr, int static enum ndr_err_code ndr_pull_drsuapi_DsGetDCInfo3(struct ndr_pull *ndr, int ndr_flags, struct drsuapi_DsGetDCInfo3 *r) { uint32_t _ptr_netbios_name; + uint32_t size_netbios_name_1 = 0; + uint32_t length_netbios_name_1 = 0; TALLOC_CTX *_mem_save_netbios_name_0; uint32_t _ptr_dns_name; + uint32_t size_dns_name_1 = 0; + uint32_t length_dns_name_1 = 0; TALLOC_CTX *_mem_save_dns_name_0; uint32_t _ptr_site_name; + uint32_t size_site_name_1 = 0; + uint32_t length_site_name_1 = 0; TALLOC_CTX *_mem_save_site_name_0; uint32_t _ptr_site_dn; + uint32_t size_site_dn_1 = 0; + uint32_t length_site_dn_1 = 0; TALLOC_CTX *_mem_save_site_dn_0; uint32_t _ptr_computer_dn; + uint32_t size_computer_dn_1 = 0; + uint32_t length_computer_dn_1 = 0; TALLOC_CTX *_mem_save_computer_dn_0; uint32_t _ptr_server_dn; + uint32_t size_server_dn_1 = 0; + uint32_t length_server_dn_1 = 0; TALLOC_CTX *_mem_save_server_dn_0; uint32_t _ptr_ntds_dn; + uint32_t size_ntds_dn_1 = 0; + uint32_t length_ntds_dn_1 = 0; TALLOC_CTX *_mem_save_ntds_dn_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); @@ -6785,11 +6925,13 @@ static enum ndr_err_code ndr_pull_drsuapi_DsGetDCInfo3(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->netbios_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->netbios_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->netbios_name)); - if (ndr_get_array_length(ndr, &r->netbios_name) > ndr_get_array_size(ndr, &r->netbios_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->netbios_name), ndr_get_array_length(ndr, &r->netbios_name)); + size_netbios_name_1 = ndr_get_array_size(ndr, &r->netbios_name); + length_netbios_name_1 = ndr_get_array_length(ndr, &r->netbios_name); + if (length_netbios_name_1 > size_netbios_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_netbios_name_1, length_netbios_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->netbios_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->netbios_name, ndr_get_array_length(ndr, &r->netbios_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_netbios_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->netbios_name, length_netbios_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_netbios_name_0, 0); } if (r->dns_name) { @@ -6797,11 +6939,13 @@ static enum ndr_err_code ndr_pull_drsuapi_DsGetDCInfo3(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->dns_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->dns_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->dns_name)); - if (ndr_get_array_length(ndr, &r->dns_name) > ndr_get_array_size(ndr, &r->dns_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->dns_name), ndr_get_array_length(ndr, &r->dns_name)); + size_dns_name_1 = ndr_get_array_size(ndr, &r->dns_name); + length_dns_name_1 = ndr_get_array_length(ndr, &r->dns_name); + if (length_dns_name_1 > size_dns_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_dns_name_1, length_dns_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->dns_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->dns_name, ndr_get_array_length(ndr, &r->dns_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_dns_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->dns_name, length_dns_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_dns_name_0, 0); } if (r->site_name) { @@ -6809,11 +6953,13 @@ static enum ndr_err_code ndr_pull_drsuapi_DsGetDCInfo3(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->site_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->site_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->site_name)); - if (ndr_get_array_length(ndr, &r->site_name) > ndr_get_array_size(ndr, &r->site_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->site_name), ndr_get_array_length(ndr, &r->site_name)); + size_site_name_1 = ndr_get_array_size(ndr, &r->site_name); + length_site_name_1 = ndr_get_array_length(ndr, &r->site_name); + if (length_site_name_1 > size_site_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_site_name_1, length_site_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->site_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->site_name, ndr_get_array_length(ndr, &r->site_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_site_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->site_name, length_site_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_site_name_0, 0); } if (r->site_dn) { @@ -6821,11 +6967,13 @@ static enum ndr_err_code ndr_pull_drsuapi_DsGetDCInfo3(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->site_dn, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->site_dn)); NDR_CHECK(ndr_pull_array_length(ndr, &r->site_dn)); - if (ndr_get_array_length(ndr, &r->site_dn) > ndr_get_array_size(ndr, &r->site_dn)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->site_dn), ndr_get_array_length(ndr, &r->site_dn)); + size_site_dn_1 = ndr_get_array_size(ndr, &r->site_dn); + length_site_dn_1 = ndr_get_array_length(ndr, &r->site_dn); + if (length_site_dn_1 > size_site_dn_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_site_dn_1, length_site_dn_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->site_dn), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->site_dn, ndr_get_array_length(ndr, &r->site_dn), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_site_dn_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->site_dn, length_site_dn_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_site_dn_0, 0); } if (r->computer_dn) { @@ -6833,11 +6981,13 @@ static enum ndr_err_code ndr_pull_drsuapi_DsGetDCInfo3(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->computer_dn, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->computer_dn)); NDR_CHECK(ndr_pull_array_length(ndr, &r->computer_dn)); - if (ndr_get_array_length(ndr, &r->computer_dn) > ndr_get_array_size(ndr, &r->computer_dn)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->computer_dn), ndr_get_array_length(ndr, &r->computer_dn)); + size_computer_dn_1 = ndr_get_array_size(ndr, &r->computer_dn); + length_computer_dn_1 = ndr_get_array_length(ndr, &r->computer_dn); + if (length_computer_dn_1 > size_computer_dn_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_computer_dn_1, length_computer_dn_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->computer_dn), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->computer_dn, ndr_get_array_length(ndr, &r->computer_dn), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_computer_dn_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->computer_dn, length_computer_dn_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_computer_dn_0, 0); } if (r->server_dn) { @@ -6845,11 +6995,13 @@ static enum ndr_err_code ndr_pull_drsuapi_DsGetDCInfo3(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->server_dn, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->server_dn)); NDR_CHECK(ndr_pull_array_length(ndr, &r->server_dn)); - if (ndr_get_array_length(ndr, &r->server_dn) > ndr_get_array_size(ndr, &r->server_dn)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->server_dn), ndr_get_array_length(ndr, &r->server_dn)); + size_server_dn_1 = ndr_get_array_size(ndr, &r->server_dn); + length_server_dn_1 = ndr_get_array_length(ndr, &r->server_dn); + if (length_server_dn_1 > size_server_dn_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_dn_1, length_server_dn_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->server_dn), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->server_dn, ndr_get_array_length(ndr, &r->server_dn), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_dn_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->server_dn, length_server_dn_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_dn_0, 0); } if (r->ntds_dn) { @@ -6857,11 +7009,13 @@ static enum ndr_err_code ndr_pull_drsuapi_DsGetDCInfo3(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->ntds_dn, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->ntds_dn)); NDR_CHECK(ndr_pull_array_length(ndr, &r->ntds_dn)); - if (ndr_get_array_length(ndr, &r->ntds_dn) > ndr_get_array_size(ndr, &r->ntds_dn)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->ntds_dn), ndr_get_array_length(ndr, &r->ntds_dn)); + size_ntds_dn_1 = ndr_get_array_size(ndr, &r->ntds_dn); + length_ntds_dn_1 = ndr_get_array_length(ndr, &r->ntds_dn); + if (length_ntds_dn_1 > size_ntds_dn_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_ntds_dn_1, length_ntds_dn_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->ntds_dn), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->ntds_dn, ndr_get_array_length(ndr, &r->ntds_dn), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_ntds_dn_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->ntds_dn, length_ntds_dn_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_ntds_dn_0, 0); } } @@ -6950,6 +7104,7 @@ static enum ndr_err_code ndr_push_drsuapi_DsGetDCInfoCtr3(struct ndr_push *ndr, static enum ndr_err_code ndr_pull_drsuapi_DsGetDCInfoCtr3(struct ndr_pull *ndr, int ndr_flags, struct drsuapi_DsGetDCInfoCtr3 *r) { uint32_t _ptr_array; + uint32_t size_array_1 = 0; uint32_t cntr_array_1; TALLOC_CTX *_mem_save_array_0; TALLOC_CTX *_mem_save_array_1; @@ -6971,13 +7126,14 @@ static enum ndr_err_code ndr_pull_drsuapi_DsGetDCInfoCtr3(struct ndr_pull *ndr, _mem_save_array_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->array)); - NDR_PULL_ALLOC_N(ndr, r->array, ndr_get_array_size(ndr, &r->array)); + size_array_1 = ndr_get_array_size(ndr, &r->array); + NDR_PULL_ALLOC_N(ndr, r->array, size_array_1); _mem_save_array_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); - for (cntr_array_1 = 0; cntr_array_1 < r->count; cntr_array_1++) { + for (cntr_array_1 = 0; cntr_array_1 < size_array_1; cntr_array_1++) { NDR_CHECK(ndr_pull_drsuapi_DsGetDCInfo3(ndr, NDR_SCALARS, &r->array[cntr_array_1])); } - for (cntr_array_1 = 0; cntr_array_1 < r->count; cntr_array_1++) { + for (cntr_array_1 = 0; cntr_array_1 < size_array_1; cntr_array_1++) { NDR_CHECK(ndr_pull_drsuapi_DsGetDCInfo3(ndr, NDR_BUFFERS, &r->array[cntr_array_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_array_1, 0); @@ -7045,6 +7201,8 @@ static enum ndr_err_code ndr_push_drsuapi_DsGetDCConnection01(struct ndr_push *n static enum ndr_err_code ndr_pull_drsuapi_DsGetDCConnection01(struct ndr_pull *ndr, int ndr_flags, struct drsuapi_DsGetDCConnection01 *r) { uint32_t _ptr_client_account; + uint32_t size_client_account_1 = 0; + uint32_t length_client_account_1 = 0; TALLOC_CTX *_mem_save_client_account_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); @@ -7072,11 +7230,13 @@ static enum ndr_err_code ndr_pull_drsuapi_DsGetDCConnection01(struct ndr_pull *n NDR_PULL_SET_MEM_CTX(ndr, r->client_account, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->client_account)); NDR_CHECK(ndr_pull_array_length(ndr, &r->client_account)); - if (ndr_get_array_length(ndr, &r->client_account) > ndr_get_array_size(ndr, &r->client_account)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->client_account), ndr_get_array_length(ndr, &r->client_account)); + size_client_account_1 = ndr_get_array_size(ndr, &r->client_account); + length_client_account_1 = ndr_get_array_length(ndr, &r->client_account); + if (length_client_account_1 > size_client_account_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_client_account_1, length_client_account_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->client_account), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->client_account, ndr_get_array_length(ndr, &r->client_account), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_client_account_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->client_account, length_client_account_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_client_account_0, 0); } } @@ -7127,6 +7287,7 @@ static enum ndr_err_code ndr_push_drsuapi_DsGetDCConnectionCtr01(struct ndr_push static enum ndr_err_code ndr_pull_drsuapi_DsGetDCConnectionCtr01(struct ndr_pull *ndr, int ndr_flags, struct drsuapi_DsGetDCConnectionCtr01 *r) { uint32_t _ptr_array; + uint32_t size_array_1 = 0; uint32_t cntr_array_1; TALLOC_CTX *_mem_save_array_0; TALLOC_CTX *_mem_save_array_1; @@ -7148,13 +7309,14 @@ static enum ndr_err_code ndr_pull_drsuapi_DsGetDCConnectionCtr01(struct ndr_pull _mem_save_array_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->array)); - NDR_PULL_ALLOC_N(ndr, r->array, ndr_get_array_size(ndr, &r->array)); + size_array_1 = ndr_get_array_size(ndr, &r->array); + NDR_PULL_ALLOC_N(ndr, r->array, size_array_1); _mem_save_array_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); - for (cntr_array_1 = 0; cntr_array_1 < r->count; cntr_array_1++) { + for (cntr_array_1 = 0; cntr_array_1 < size_array_1; cntr_array_1++) { NDR_CHECK(ndr_pull_drsuapi_DsGetDCConnection01(ndr, NDR_SCALARS, &r->array[cntr_array_1])); } - for (cntr_array_1 = 0; cntr_array_1 < r->count; cntr_array_1++) { + for (cntr_array_1 = 0; cntr_array_1 < size_array_1; cntr_array_1++) { NDR_CHECK(ndr_pull_drsuapi_DsGetDCConnection01(ndr, NDR_BUFFERS, &r->array[cntr_array_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_array_1, 0); @@ -7533,6 +7695,7 @@ static enum ndr_err_code ndr_push_drsuapi_DsAddEntryExtraErrorBuffer(struct ndr_ static enum ndr_err_code ndr_pull_drsuapi_DsAddEntryExtraErrorBuffer(struct ndr_pull *ndr, int ndr_flags, struct drsuapi_DsAddEntryExtraErrorBuffer *r) { uint32_t _ptr_data; + uint32_t size_data_1 = 0; TALLOC_CTX *_mem_save_data_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); @@ -7552,8 +7715,9 @@ static enum ndr_err_code ndr_pull_drsuapi_DsAddEntryExtraErrorBuffer(struct ndr_ _mem_save_data_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->data, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->data)); - NDR_PULL_ALLOC_N(ndr, r->data, ndr_get_array_size(ndr, &r->data)); - NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->data, ndr_get_array_size(ndr, &r->data))); + size_data_1 = ndr_get_array_size(ndr, &r->data); + NDR_PULL_ALLOC_N(ndr, r->data, size_data_1); + NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->data, size_data_1)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_data_0, 0); } if (r->data) { @@ -8083,6 +8247,7 @@ static enum ndr_err_code ndr_pull_drsuapi_DsAddEntryCtr2(struct ndr_pull *ndr, i uint32_t _ptr_id; TALLOC_CTX *_mem_save_id_0; uint32_t _ptr_objects; + uint32_t size_objects_1 = 0; uint32_t cntr_objects_1; TALLOC_CTX *_mem_save_objects_0; TALLOC_CTX *_mem_save_objects_1; @@ -8118,13 +8283,14 @@ static enum ndr_err_code ndr_pull_drsuapi_DsAddEntryCtr2(struct ndr_pull *ndr, i _mem_save_objects_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->objects, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->objects)); - NDR_PULL_ALLOC_N(ndr, r->objects, ndr_get_array_size(ndr, &r->objects)); + size_objects_1 = ndr_get_array_size(ndr, &r->objects); + NDR_PULL_ALLOC_N(ndr, r->objects, size_objects_1); _mem_save_objects_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->objects, 0); - for (cntr_objects_1 = 0; cntr_objects_1 < r->count; cntr_objects_1++) { + for (cntr_objects_1 = 0; cntr_objects_1 < size_objects_1; cntr_objects_1++) { NDR_CHECK(ndr_pull_drsuapi_DsReplicaObjectIdentifier2(ndr, NDR_SCALARS, &r->objects[cntr_objects_1])); } - for (cntr_objects_1 = 0; cntr_objects_1 < r->count; cntr_objects_1++) { + for (cntr_objects_1 = 0; cntr_objects_1 < size_objects_1; cntr_objects_1++) { NDR_CHECK(ndr_pull_drsuapi_DsReplicaObjectIdentifier2(ndr, NDR_BUFFERS, &r->objects[cntr_objects_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_objects_1, 0); @@ -8208,6 +8374,7 @@ static enum ndr_err_code ndr_pull_drsuapi_DsAddEntryCtr3(struct ndr_pull *ndr, i uint32_t _ptr_error; TALLOC_CTX *_mem_save_error_0; uint32_t _ptr_objects; + uint32_t size_objects_1 = 0; uint32_t cntr_objects_1; TALLOC_CTX *_mem_save_objects_0; TALLOC_CTX *_mem_save_objects_1; @@ -8255,13 +8422,14 @@ static enum ndr_err_code ndr_pull_drsuapi_DsAddEntryCtr3(struct ndr_pull *ndr, i _mem_save_objects_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->objects, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->objects)); - NDR_PULL_ALLOC_N(ndr, r->objects, ndr_get_array_size(ndr, &r->objects)); + size_objects_1 = ndr_get_array_size(ndr, &r->objects); + NDR_PULL_ALLOC_N(ndr, r->objects, size_objects_1); _mem_save_objects_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->objects, 0); - for (cntr_objects_1 = 0; cntr_objects_1 < r->count; cntr_objects_1++) { + for (cntr_objects_1 = 0; cntr_objects_1 < size_objects_1; cntr_objects_1++) { NDR_CHECK(ndr_pull_drsuapi_DsReplicaObjectIdentifier2(ndr, NDR_SCALARS, &r->objects[cntr_objects_1])); } - for (cntr_objects_1 = 0; cntr_objects_1 < r->count; cntr_objects_1++) { + for (cntr_objects_1 = 0; cntr_objects_1 < size_objects_1; cntr_objects_1++) { NDR_CHECK(ndr_pull_drsuapi_DsReplicaObjectIdentifier2(ndr, NDR_BUFFERS, &r->objects[cntr_objects_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_objects_1, 0); @@ -8492,6 +8660,8 @@ static enum ndr_err_code ndr_push_drsuapi_DsReplicaGetInfoRequest1(struct ndr_pu static enum ndr_err_code ndr_pull_drsuapi_DsReplicaGetInfoRequest1(struct ndr_pull *ndr, int ndr_flags, struct drsuapi_DsReplicaGetInfoRequest1 *r) { uint32_t _ptr_object_dn; + uint32_t size_object_dn_1 = 0; + uint32_t length_object_dn_1 = 0; TALLOC_CTX *_mem_save_object_dn_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); @@ -8510,11 +8680,13 @@ static enum ndr_err_code ndr_pull_drsuapi_DsReplicaGetInfoRequest1(struct ndr_pu NDR_PULL_SET_MEM_CTX(ndr, r->object_dn, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->object_dn)); NDR_CHECK(ndr_pull_array_length(ndr, &r->object_dn)); - if (ndr_get_array_length(ndr, &r->object_dn) > ndr_get_array_size(ndr, &r->object_dn)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->object_dn), ndr_get_array_length(ndr, &r->object_dn)); + size_object_dn_1 = ndr_get_array_size(ndr, &r->object_dn); + length_object_dn_1 = ndr_get_array_length(ndr, &r->object_dn); + if (length_object_dn_1 > size_object_dn_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_object_dn_1, length_object_dn_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->object_dn), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->object_dn, ndr_get_array_length(ndr, &r->object_dn), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_object_dn_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->object_dn, length_object_dn_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_object_dn_0, 0); } } @@ -8574,10 +8746,16 @@ static enum ndr_err_code ndr_push_drsuapi_DsReplicaGetInfoRequest2(struct ndr_pu static enum ndr_err_code ndr_pull_drsuapi_DsReplicaGetInfoRequest2(struct ndr_pull *ndr, int ndr_flags, struct drsuapi_DsReplicaGetInfoRequest2 *r) { uint32_t _ptr_object_dn; + uint32_t size_object_dn_1 = 0; + uint32_t length_object_dn_1 = 0; TALLOC_CTX *_mem_save_object_dn_0; uint32_t _ptr_string1; + uint32_t size_string1_1 = 0; + uint32_t length_string1_1 = 0; TALLOC_CTX *_mem_save_string1_0; uint32_t _ptr_string2; + uint32_t size_string2_1 = 0; + uint32_t length_string2_1 = 0; TALLOC_CTX *_mem_save_string2_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); @@ -8610,11 +8788,13 @@ static enum ndr_err_code ndr_pull_drsuapi_DsReplicaGetInfoRequest2(struct ndr_pu NDR_PULL_SET_MEM_CTX(ndr, r->object_dn, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->object_dn)); NDR_CHECK(ndr_pull_array_length(ndr, &r->object_dn)); - if (ndr_get_array_length(ndr, &r->object_dn) > ndr_get_array_size(ndr, &r->object_dn)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->object_dn), ndr_get_array_length(ndr, &r->object_dn)); + size_object_dn_1 = ndr_get_array_size(ndr, &r->object_dn); + length_object_dn_1 = ndr_get_array_length(ndr, &r->object_dn); + if (length_object_dn_1 > size_object_dn_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_object_dn_1, length_object_dn_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->object_dn), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->object_dn, ndr_get_array_length(ndr, &r->object_dn), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_object_dn_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->object_dn, length_object_dn_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_object_dn_0, 0); } if (r->string1) { @@ -8622,11 +8802,13 @@ static enum ndr_err_code ndr_pull_drsuapi_DsReplicaGetInfoRequest2(struct ndr_pu NDR_PULL_SET_MEM_CTX(ndr, r->string1, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->string1)); NDR_CHECK(ndr_pull_array_length(ndr, &r->string1)); - if (ndr_get_array_length(ndr, &r->string1) > ndr_get_array_size(ndr, &r->string1)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->string1), ndr_get_array_length(ndr, &r->string1)); + size_string1_1 = ndr_get_array_size(ndr, &r->string1); + length_string1_1 = ndr_get_array_length(ndr, &r->string1); + if (length_string1_1 > size_string1_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_string1_1, length_string1_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->string1), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->string1, ndr_get_array_length(ndr, &r->string1), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_string1_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->string1, length_string1_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_string1_0, 0); } if (r->string2) { @@ -8634,11 +8816,13 @@ static enum ndr_err_code ndr_pull_drsuapi_DsReplicaGetInfoRequest2(struct ndr_pu NDR_PULL_SET_MEM_CTX(ndr, r->string2, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->string2)); NDR_CHECK(ndr_pull_array_length(ndr, &r->string2)); - if (ndr_get_array_length(ndr, &r->string2) > ndr_get_array_size(ndr, &r->string2)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->string2), ndr_get_array_length(ndr, &r->string2)); + size_string2_1 = ndr_get_array_size(ndr, &r->string2); + length_string2_1 = ndr_get_array_length(ndr, &r->string2); + if (length_string2_1 > size_string2_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_string2_1, length_string2_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->string2), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->string2, ndr_get_array_length(ndr, &r->string2), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_string2_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->string2, length_string2_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_string2_0, 0); } } @@ -8822,12 +9006,20 @@ static enum ndr_err_code ndr_push_drsuapi_DsReplicaNeighbour(struct ndr_push *nd static enum ndr_err_code ndr_pull_drsuapi_DsReplicaNeighbour(struct ndr_pull *ndr, int ndr_flags, struct drsuapi_DsReplicaNeighbour *r) { uint32_t _ptr_naming_context_dn; + uint32_t size_naming_context_dn_1 = 0; + uint32_t length_naming_context_dn_1 = 0; TALLOC_CTX *_mem_save_naming_context_dn_0; uint32_t _ptr_source_dsa_obj_dn; + uint32_t size_source_dsa_obj_dn_1 = 0; + uint32_t length_source_dsa_obj_dn_1 = 0; TALLOC_CTX *_mem_save_source_dsa_obj_dn_0; uint32_t _ptr_source_dsa_address; + uint32_t size_source_dsa_address_1 = 0; + uint32_t length_source_dsa_address_1 = 0; TALLOC_CTX *_mem_save_source_dsa_address_0; uint32_t _ptr_transport_obj_dn; + uint32_t size_transport_obj_dn_1 = 0; + uint32_t length_transport_obj_dn_1 = 0; TALLOC_CTX *_mem_save_transport_obj_dn_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 8)); @@ -8874,11 +9066,13 @@ static enum ndr_err_code ndr_pull_drsuapi_DsReplicaNeighbour(struct ndr_pull *nd NDR_PULL_SET_MEM_CTX(ndr, r->naming_context_dn, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->naming_context_dn)); NDR_CHECK(ndr_pull_array_length(ndr, &r->naming_context_dn)); - if (ndr_get_array_length(ndr, &r->naming_context_dn) > ndr_get_array_size(ndr, &r->naming_context_dn)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->naming_context_dn), ndr_get_array_length(ndr, &r->naming_context_dn)); + size_naming_context_dn_1 = ndr_get_array_size(ndr, &r->naming_context_dn); + length_naming_context_dn_1 = ndr_get_array_length(ndr, &r->naming_context_dn); + if (length_naming_context_dn_1 > size_naming_context_dn_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_naming_context_dn_1, length_naming_context_dn_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->naming_context_dn), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->naming_context_dn, ndr_get_array_length(ndr, &r->naming_context_dn), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_naming_context_dn_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->naming_context_dn, length_naming_context_dn_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_naming_context_dn_0, 0); } if (r->source_dsa_obj_dn) { @@ -8886,11 +9080,13 @@ static enum ndr_err_code ndr_pull_drsuapi_DsReplicaNeighbour(struct ndr_pull *nd NDR_PULL_SET_MEM_CTX(ndr, r->source_dsa_obj_dn, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->source_dsa_obj_dn)); NDR_CHECK(ndr_pull_array_length(ndr, &r->source_dsa_obj_dn)); - if (ndr_get_array_length(ndr, &r->source_dsa_obj_dn) > ndr_get_array_size(ndr, &r->source_dsa_obj_dn)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->source_dsa_obj_dn), ndr_get_array_length(ndr, &r->source_dsa_obj_dn)); + size_source_dsa_obj_dn_1 = ndr_get_array_size(ndr, &r->source_dsa_obj_dn); + length_source_dsa_obj_dn_1 = ndr_get_array_length(ndr, &r->source_dsa_obj_dn); + if (length_source_dsa_obj_dn_1 > size_source_dsa_obj_dn_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_source_dsa_obj_dn_1, length_source_dsa_obj_dn_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->source_dsa_obj_dn), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->source_dsa_obj_dn, ndr_get_array_length(ndr, &r->source_dsa_obj_dn), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_source_dsa_obj_dn_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->source_dsa_obj_dn, length_source_dsa_obj_dn_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_source_dsa_obj_dn_0, 0); } if (r->source_dsa_address) { @@ -8898,11 +9094,13 @@ static enum ndr_err_code ndr_pull_drsuapi_DsReplicaNeighbour(struct ndr_pull *nd NDR_PULL_SET_MEM_CTX(ndr, r->source_dsa_address, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->source_dsa_address)); NDR_CHECK(ndr_pull_array_length(ndr, &r->source_dsa_address)); - if (ndr_get_array_length(ndr, &r->source_dsa_address) > ndr_get_array_size(ndr, &r->source_dsa_address)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->source_dsa_address), ndr_get_array_length(ndr, &r->source_dsa_address)); + size_source_dsa_address_1 = ndr_get_array_size(ndr, &r->source_dsa_address); + length_source_dsa_address_1 = ndr_get_array_length(ndr, &r->source_dsa_address); + if (length_source_dsa_address_1 > size_source_dsa_address_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_source_dsa_address_1, length_source_dsa_address_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->source_dsa_address), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->source_dsa_address, ndr_get_array_length(ndr, &r->source_dsa_address), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_source_dsa_address_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->source_dsa_address, length_source_dsa_address_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_source_dsa_address_0, 0); } if (r->transport_obj_dn) { @@ -8910,11 +9108,13 @@ static enum ndr_err_code ndr_pull_drsuapi_DsReplicaNeighbour(struct ndr_pull *nd NDR_PULL_SET_MEM_CTX(ndr, r->transport_obj_dn, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->transport_obj_dn)); NDR_CHECK(ndr_pull_array_length(ndr, &r->transport_obj_dn)); - if (ndr_get_array_length(ndr, &r->transport_obj_dn) > ndr_get_array_size(ndr, &r->transport_obj_dn)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->transport_obj_dn), ndr_get_array_length(ndr, &r->transport_obj_dn)); + size_transport_obj_dn_1 = ndr_get_array_size(ndr, &r->transport_obj_dn); + length_transport_obj_dn_1 = ndr_get_array_length(ndr, &r->transport_obj_dn); + if (length_transport_obj_dn_1 > size_transport_obj_dn_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_transport_obj_dn_1, length_transport_obj_dn_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->transport_obj_dn), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->transport_obj_dn, ndr_get_array_length(ndr, &r->transport_obj_dn), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_transport_obj_dn_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->transport_obj_dn, length_transport_obj_dn_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_transport_obj_dn_0, 0); } } @@ -8986,6 +9186,7 @@ static enum ndr_err_code ndr_push_drsuapi_DsReplicaNeighbourCtr(struct ndr_push static enum ndr_err_code ndr_pull_drsuapi_DsReplicaNeighbourCtr(struct ndr_pull *ndr, int ndr_flags, struct drsuapi_DsReplicaNeighbourCtr *r) { + uint32_t size_array_0 = 0; uint32_t cntr_array_0; TALLOC_CTX *_mem_save_array_0; if (ndr_flags & NDR_SCALARS) { @@ -8993,10 +9194,11 @@ static enum ndr_err_code ndr_pull_drsuapi_DsReplicaNeighbourCtr(struct ndr_pull NDR_CHECK(ndr_pull_align(ndr, 8)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->count)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->reserved)); - NDR_PULL_ALLOC_N(ndr, r->array, ndr_get_array_size(ndr, &r->array)); + size_array_0 = ndr_get_array_size(ndr, &r->array); + NDR_PULL_ALLOC_N(ndr, r->array, size_array_0); _mem_save_array_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); - for (cntr_array_0 = 0; cntr_array_0 < r->count; cntr_array_0++) { + for (cntr_array_0 = 0; cntr_array_0 < size_array_0; cntr_array_0++) { NDR_CHECK(ndr_pull_drsuapi_DsReplicaNeighbour(ndr, NDR_SCALARS, &r->array[cntr_array_0])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_array_0, 0); @@ -9005,9 +9207,10 @@ static enum ndr_err_code ndr_pull_drsuapi_DsReplicaNeighbourCtr(struct ndr_pull } } if (ndr_flags & NDR_BUFFERS) { + size_array_0 = ndr_get_array_size(ndr, &r->array); _mem_save_array_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); - for (cntr_array_0 = 0; cntr_array_0 < r->count; cntr_array_0++) { + for (cntr_array_0 = 0; cntr_array_0 < size_array_0; cntr_array_0++) { NDR_CHECK(ndr_pull_drsuapi_DsReplicaNeighbour(ndr, NDR_BUFFERS, &r->array[cntr_array_0])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_array_0, 0); @@ -9054,6 +9257,7 @@ static enum ndr_err_code ndr_push_drsuapi_DsReplicaCursorCtr(struct ndr_push *nd static enum ndr_err_code ndr_pull_drsuapi_DsReplicaCursorCtr(struct ndr_pull *ndr, int ndr_flags, struct drsuapi_DsReplicaCursorCtr *r) { + uint32_t size_array_0 = 0; uint32_t cntr_array_0; TALLOC_CTX *_mem_save_array_0; if (ndr_flags & NDR_SCALARS) { @@ -9061,10 +9265,11 @@ static enum ndr_err_code ndr_pull_drsuapi_DsReplicaCursorCtr(struct ndr_pull *nd NDR_CHECK(ndr_pull_align(ndr, 8)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->count)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->reserved)); - NDR_PULL_ALLOC_N(ndr, r->array, ndr_get_array_size(ndr, &r->array)); + size_array_0 = ndr_get_array_size(ndr, &r->array); + NDR_PULL_ALLOC_N(ndr, r->array, size_array_0); _mem_save_array_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); - for (cntr_array_0 = 0; cntr_array_0 < r->count; cntr_array_0++) { + for (cntr_array_0 = 0; cntr_array_0 < size_array_0; cntr_array_0++) { NDR_CHECK(ndr_pull_drsuapi_DsReplicaCursor(ndr, NDR_SCALARS, &r->array[cntr_array_0])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_array_0, 0); @@ -9122,6 +9327,8 @@ static enum ndr_err_code ndr_push_drsuapi_DsReplicaObjMetaData(struct ndr_push * static enum ndr_err_code ndr_pull_drsuapi_DsReplicaObjMetaData(struct ndr_pull *ndr, int ndr_flags, struct drsuapi_DsReplicaObjMetaData *r) { uint32_t _ptr_attribute_name; + uint32_t size_attribute_name_1 = 0; + uint32_t length_attribute_name_1 = 0; TALLOC_CTX *_mem_save_attribute_name_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 8)); @@ -9143,11 +9350,13 @@ static enum ndr_err_code ndr_pull_drsuapi_DsReplicaObjMetaData(struct ndr_pull * NDR_PULL_SET_MEM_CTX(ndr, r->attribute_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->attribute_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->attribute_name)); - if (ndr_get_array_length(ndr, &r->attribute_name) > ndr_get_array_size(ndr, &r->attribute_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->attribute_name), ndr_get_array_length(ndr, &r->attribute_name)); + size_attribute_name_1 = ndr_get_array_size(ndr, &r->attribute_name); + length_attribute_name_1 = ndr_get_array_length(ndr, &r->attribute_name); + if (length_attribute_name_1 > size_attribute_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_attribute_name_1, length_attribute_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->attribute_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->attribute_name, ndr_get_array_length(ndr, &r->attribute_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_attribute_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->attribute_name, length_attribute_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_attribute_name_0, 0); } } @@ -9194,6 +9403,7 @@ static enum ndr_err_code ndr_push_drsuapi_DsReplicaObjMetaDataCtr(struct ndr_pus static enum ndr_err_code ndr_pull_drsuapi_DsReplicaObjMetaDataCtr(struct ndr_pull *ndr, int ndr_flags, struct drsuapi_DsReplicaObjMetaDataCtr *r) { + uint32_t size_array_0 = 0; uint32_t cntr_array_0; TALLOC_CTX *_mem_save_array_0; if (ndr_flags & NDR_SCALARS) { @@ -9201,10 +9411,11 @@ static enum ndr_err_code ndr_pull_drsuapi_DsReplicaObjMetaDataCtr(struct ndr_pul NDR_CHECK(ndr_pull_align(ndr, 8)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->count)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->reserved)); - NDR_PULL_ALLOC_N(ndr, r->array, ndr_get_array_size(ndr, &r->array)); + size_array_0 = ndr_get_array_size(ndr, &r->array); + NDR_PULL_ALLOC_N(ndr, r->array, size_array_0); _mem_save_array_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); - for (cntr_array_0 = 0; cntr_array_0 < r->count; cntr_array_0++) { + for (cntr_array_0 = 0; cntr_array_0 < size_array_0; cntr_array_0++) { NDR_CHECK(ndr_pull_drsuapi_DsReplicaObjMetaData(ndr, NDR_SCALARS, &r->array[cntr_array_0])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_array_0, 0); @@ -9213,9 +9424,10 @@ static enum ndr_err_code ndr_pull_drsuapi_DsReplicaObjMetaDataCtr(struct ndr_pul } } if (ndr_flags & NDR_BUFFERS) { + size_array_0 = ndr_get_array_size(ndr, &r->array); _mem_save_array_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); - for (cntr_array_0 = 0; cntr_array_0 < r->count; cntr_array_0++) { + for (cntr_array_0 = 0; cntr_array_0 < size_array_0; cntr_array_0++) { NDR_CHECK(ndr_pull_drsuapi_DsReplicaObjMetaData(ndr, NDR_BUFFERS, &r->array[cntr_array_0])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_array_0, 0); @@ -9267,6 +9479,8 @@ static enum ndr_err_code ndr_push_drsuapi_DsReplicaKccDsaFailure(struct ndr_push static enum ndr_err_code ndr_pull_drsuapi_DsReplicaKccDsaFailure(struct ndr_pull *ndr, int ndr_flags, struct drsuapi_DsReplicaKccDsaFailure *r) { uint32_t _ptr_dsa_obj_dn; + uint32_t size_dsa_obj_dn_1 = 0; + uint32_t length_dsa_obj_dn_1 = 0; TALLOC_CTX *_mem_save_dsa_obj_dn_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); @@ -9287,11 +9501,13 @@ static enum ndr_err_code ndr_pull_drsuapi_DsReplicaKccDsaFailure(struct ndr_pull NDR_PULL_SET_MEM_CTX(ndr, r->dsa_obj_dn, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->dsa_obj_dn)); NDR_CHECK(ndr_pull_array_length(ndr, &r->dsa_obj_dn)); - if (ndr_get_array_length(ndr, &r->dsa_obj_dn) > ndr_get_array_size(ndr, &r->dsa_obj_dn)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->dsa_obj_dn), ndr_get_array_length(ndr, &r->dsa_obj_dn)); + size_dsa_obj_dn_1 = ndr_get_array_size(ndr, &r->dsa_obj_dn); + length_dsa_obj_dn_1 = ndr_get_array_length(ndr, &r->dsa_obj_dn); + if (length_dsa_obj_dn_1 > size_dsa_obj_dn_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_dsa_obj_dn_1, length_dsa_obj_dn_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->dsa_obj_dn), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->dsa_obj_dn, ndr_get_array_length(ndr, &r->dsa_obj_dn), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_dsa_obj_dn_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->dsa_obj_dn, length_dsa_obj_dn_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_dsa_obj_dn_0, 0); } } @@ -9337,6 +9553,7 @@ static enum ndr_err_code ndr_push_drsuapi_DsReplicaKccDsaFailuresCtr(struct ndr_ static enum ndr_err_code ndr_pull_drsuapi_DsReplicaKccDsaFailuresCtr(struct ndr_pull *ndr, int ndr_flags, struct drsuapi_DsReplicaKccDsaFailuresCtr *r) { + uint32_t size_array_0 = 0; uint32_t cntr_array_0; TALLOC_CTX *_mem_save_array_0; if (ndr_flags & NDR_SCALARS) { @@ -9344,10 +9561,11 @@ static enum ndr_err_code ndr_pull_drsuapi_DsReplicaKccDsaFailuresCtr(struct ndr_ NDR_CHECK(ndr_pull_align(ndr, 4)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->count)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->reserved)); - NDR_PULL_ALLOC_N(ndr, r->array, ndr_get_array_size(ndr, &r->array)); + size_array_0 = ndr_get_array_size(ndr, &r->array); + NDR_PULL_ALLOC_N(ndr, r->array, size_array_0); _mem_save_array_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); - for (cntr_array_0 = 0; cntr_array_0 < r->count; cntr_array_0++) { + for (cntr_array_0 = 0; cntr_array_0 < size_array_0; cntr_array_0++) { NDR_CHECK(ndr_pull_drsuapi_DsReplicaKccDsaFailure(ndr, NDR_SCALARS, &r->array[cntr_array_0])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_array_0, 0); @@ -9356,9 +9574,10 @@ static enum ndr_err_code ndr_pull_drsuapi_DsReplicaKccDsaFailuresCtr(struct ndr_ } } if (ndr_flags & NDR_BUFFERS) { + size_array_0 = ndr_get_array_size(ndr, &r->array); _mem_save_array_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); - for (cntr_array_0 = 0; cntr_array_0 < r->count; cntr_array_0++) { + for (cntr_array_0 = 0; cntr_array_0 < size_array_0; cntr_array_0++) { NDR_CHECK(ndr_pull_drsuapi_DsReplicaKccDsaFailure(ndr, NDR_BUFFERS, &r->array[cntr_array_0])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_array_0, 0); @@ -9609,10 +9828,16 @@ static enum ndr_err_code ndr_push_drsuapi_DsReplicaOp(struct ndr_push *ndr, int static enum ndr_err_code ndr_pull_drsuapi_DsReplicaOp(struct ndr_pull *ndr, int ndr_flags, struct drsuapi_DsReplicaOp *r) { uint32_t _ptr_nc_dn; + uint32_t size_nc_dn_1 = 0; + uint32_t length_nc_dn_1 = 0; TALLOC_CTX *_mem_save_nc_dn_0; uint32_t _ptr_remote_dsa_obj_dn; + uint32_t size_remote_dsa_obj_dn_1 = 0; + uint32_t length_remote_dsa_obj_dn_1 = 0; TALLOC_CTX *_mem_save_remote_dsa_obj_dn_0; uint32_t _ptr_remote_dsa_address; + uint32_t size_remote_dsa_address_1 = 0; + uint32_t length_remote_dsa_address_1 = 0; TALLOC_CTX *_mem_save_remote_dsa_address_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); @@ -9649,11 +9874,13 @@ static enum ndr_err_code ndr_pull_drsuapi_DsReplicaOp(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->nc_dn, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->nc_dn)); NDR_CHECK(ndr_pull_array_length(ndr, &r->nc_dn)); - if (ndr_get_array_length(ndr, &r->nc_dn) > ndr_get_array_size(ndr, &r->nc_dn)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->nc_dn), ndr_get_array_length(ndr, &r->nc_dn)); + size_nc_dn_1 = ndr_get_array_size(ndr, &r->nc_dn); + length_nc_dn_1 = ndr_get_array_length(ndr, &r->nc_dn); + if (length_nc_dn_1 > size_nc_dn_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_nc_dn_1, length_nc_dn_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->nc_dn), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->nc_dn, ndr_get_array_length(ndr, &r->nc_dn), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_nc_dn_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->nc_dn, length_nc_dn_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_nc_dn_0, 0); } if (r->remote_dsa_obj_dn) { @@ -9661,11 +9888,13 @@ static enum ndr_err_code ndr_pull_drsuapi_DsReplicaOp(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->remote_dsa_obj_dn, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->remote_dsa_obj_dn)); NDR_CHECK(ndr_pull_array_length(ndr, &r->remote_dsa_obj_dn)); - if (ndr_get_array_length(ndr, &r->remote_dsa_obj_dn) > ndr_get_array_size(ndr, &r->remote_dsa_obj_dn)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->remote_dsa_obj_dn), ndr_get_array_length(ndr, &r->remote_dsa_obj_dn)); + size_remote_dsa_obj_dn_1 = ndr_get_array_size(ndr, &r->remote_dsa_obj_dn); + length_remote_dsa_obj_dn_1 = ndr_get_array_length(ndr, &r->remote_dsa_obj_dn); + if (length_remote_dsa_obj_dn_1 > size_remote_dsa_obj_dn_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_remote_dsa_obj_dn_1, length_remote_dsa_obj_dn_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->remote_dsa_obj_dn), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->remote_dsa_obj_dn, ndr_get_array_length(ndr, &r->remote_dsa_obj_dn), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_remote_dsa_obj_dn_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->remote_dsa_obj_dn, length_remote_dsa_obj_dn_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_remote_dsa_obj_dn_0, 0); } if (r->remote_dsa_address) { @@ -9673,11 +9902,13 @@ static enum ndr_err_code ndr_pull_drsuapi_DsReplicaOp(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->remote_dsa_address, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->remote_dsa_address)); NDR_CHECK(ndr_pull_array_length(ndr, &r->remote_dsa_address)); - if (ndr_get_array_length(ndr, &r->remote_dsa_address) > ndr_get_array_size(ndr, &r->remote_dsa_address)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->remote_dsa_address), ndr_get_array_length(ndr, &r->remote_dsa_address)); + size_remote_dsa_address_1 = ndr_get_array_size(ndr, &r->remote_dsa_address); + length_remote_dsa_address_1 = ndr_get_array_length(ndr, &r->remote_dsa_address); + if (length_remote_dsa_address_1 > size_remote_dsa_address_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_remote_dsa_address_1, length_remote_dsa_address_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->remote_dsa_address), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->remote_dsa_address, ndr_get_array_length(ndr, &r->remote_dsa_address), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_remote_dsa_address_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->remote_dsa_address, length_remote_dsa_address_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_remote_dsa_address_0, 0); } } @@ -9739,6 +9970,7 @@ static enum ndr_err_code ndr_push_drsuapi_DsReplicaOpCtr(struct ndr_push *ndr, i static enum ndr_err_code ndr_pull_drsuapi_DsReplicaOpCtr(struct ndr_pull *ndr, int ndr_flags, struct drsuapi_DsReplicaOpCtr *r) { + uint32_t size_array_0 = 0; uint32_t cntr_array_0; TALLOC_CTX *_mem_save_array_0; if (ndr_flags & NDR_SCALARS) { @@ -9746,10 +9978,11 @@ static enum ndr_err_code ndr_pull_drsuapi_DsReplicaOpCtr(struct ndr_pull *ndr, i NDR_CHECK(ndr_pull_align(ndr, 4)); NDR_CHECK(ndr_pull_NTTIME(ndr, NDR_SCALARS, &r->time)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->count)); - NDR_PULL_ALLOC_N(ndr, r->array, ndr_get_array_size(ndr, &r->array)); + size_array_0 = ndr_get_array_size(ndr, &r->array); + NDR_PULL_ALLOC_N(ndr, r->array, size_array_0); _mem_save_array_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); - for (cntr_array_0 = 0; cntr_array_0 < r->count; cntr_array_0++) { + for (cntr_array_0 = 0; cntr_array_0 < size_array_0; cntr_array_0++) { NDR_CHECK(ndr_pull_drsuapi_DsReplicaOp(ndr, NDR_SCALARS, &r->array[cntr_array_0])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_array_0, 0); @@ -9758,9 +9991,10 @@ static enum ndr_err_code ndr_pull_drsuapi_DsReplicaOpCtr(struct ndr_pull *ndr, i } } if (ndr_flags & NDR_BUFFERS) { + size_array_0 = ndr_get_array_size(ndr, &r->array); _mem_save_array_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); - for (cntr_array_0 = 0; cntr_array_0 < r->count; cntr_array_0++) { + for (cntr_array_0 = 0; cntr_array_0 < size_array_0; cntr_array_0++) { NDR_CHECK(ndr_pull_drsuapi_DsReplicaOp(ndr, NDR_BUFFERS, &r->array[cntr_array_0])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_array_0, 0); @@ -9827,8 +10061,12 @@ static enum ndr_err_code ndr_push_drsuapi_DsReplicaAttrValMetaData(struct ndr_pu static enum ndr_err_code ndr_pull_drsuapi_DsReplicaAttrValMetaData(struct ndr_pull *ndr, int ndr_flags, struct drsuapi_DsReplicaAttrValMetaData *r) { uint32_t _ptr_attribute_name; + uint32_t size_attribute_name_1 = 0; + uint32_t length_attribute_name_1 = 0; TALLOC_CTX *_mem_save_attribute_name_0; uint32_t _ptr_object_dn; + uint32_t size_object_dn_1 = 0; + uint32_t length_object_dn_1 = 0; TALLOC_CTX *_mem_save_object_dn_0; uint32_t _ptr_binary; TALLOC_CTX *_mem_save_binary_0; @@ -9867,11 +10105,13 @@ static enum ndr_err_code ndr_pull_drsuapi_DsReplicaAttrValMetaData(struct ndr_pu NDR_PULL_SET_MEM_CTX(ndr, r->attribute_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->attribute_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->attribute_name)); - if (ndr_get_array_length(ndr, &r->attribute_name) > ndr_get_array_size(ndr, &r->attribute_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->attribute_name), ndr_get_array_length(ndr, &r->attribute_name)); + size_attribute_name_1 = ndr_get_array_size(ndr, &r->attribute_name); + length_attribute_name_1 = ndr_get_array_length(ndr, &r->attribute_name); + if (length_attribute_name_1 > size_attribute_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_attribute_name_1, length_attribute_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->attribute_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->attribute_name, ndr_get_array_length(ndr, &r->attribute_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_attribute_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->attribute_name, length_attribute_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_attribute_name_0, 0); } if (r->object_dn) { @@ -9879,11 +10119,13 @@ static enum ndr_err_code ndr_pull_drsuapi_DsReplicaAttrValMetaData(struct ndr_pu NDR_PULL_SET_MEM_CTX(ndr, r->object_dn, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->object_dn)); NDR_CHECK(ndr_pull_array_length(ndr, &r->object_dn)); - if (ndr_get_array_length(ndr, &r->object_dn) > ndr_get_array_size(ndr, &r->object_dn)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->object_dn), ndr_get_array_length(ndr, &r->object_dn)); + size_object_dn_1 = ndr_get_array_size(ndr, &r->object_dn); + length_object_dn_1 = ndr_get_array_length(ndr, &r->object_dn); + if (length_object_dn_1 > size_object_dn_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_object_dn_1, length_object_dn_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->object_dn), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->object_dn, ndr_get_array_length(ndr, &r->object_dn), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_object_dn_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->object_dn, length_object_dn_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_object_dn_0, 0); } if (r->binary) { @@ -9951,6 +10193,7 @@ static enum ndr_err_code ndr_push_drsuapi_DsReplicaAttrValMetaDataCtr(struct ndr static enum ndr_err_code ndr_pull_drsuapi_DsReplicaAttrValMetaDataCtr(struct ndr_pull *ndr, int ndr_flags, struct drsuapi_DsReplicaAttrValMetaDataCtr *r) { + uint32_t size_array_0 = 0; uint32_t cntr_array_0; TALLOC_CTX *_mem_save_array_0; if (ndr_flags & NDR_SCALARS) { @@ -9958,10 +10201,11 @@ static enum ndr_err_code ndr_pull_drsuapi_DsReplicaAttrValMetaDataCtr(struct ndr NDR_CHECK(ndr_pull_align(ndr, 8)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->count)); NDR_CHECK(ndr_pull_int32(ndr, NDR_SCALARS, &r->enumeration_context)); - NDR_PULL_ALLOC_N(ndr, r->array, ndr_get_array_size(ndr, &r->array)); + size_array_0 = ndr_get_array_size(ndr, &r->array); + NDR_PULL_ALLOC_N(ndr, r->array, size_array_0); _mem_save_array_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); - for (cntr_array_0 = 0; cntr_array_0 < r->count; cntr_array_0++) { + for (cntr_array_0 = 0; cntr_array_0 < size_array_0; cntr_array_0++) { NDR_CHECK(ndr_pull_drsuapi_DsReplicaAttrValMetaData(ndr, NDR_SCALARS, &r->array[cntr_array_0])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_array_0, 0); @@ -9970,9 +10214,10 @@ static enum ndr_err_code ndr_pull_drsuapi_DsReplicaAttrValMetaDataCtr(struct ndr } } if (ndr_flags & NDR_BUFFERS) { + size_array_0 = ndr_get_array_size(ndr, &r->array); _mem_save_array_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); - for (cntr_array_0 = 0; cntr_array_0 < r->count; cntr_array_0++) { + for (cntr_array_0 = 0; cntr_array_0 < size_array_0; cntr_array_0++) { NDR_CHECK(ndr_pull_drsuapi_DsReplicaAttrValMetaData(ndr, NDR_BUFFERS, &r->array[cntr_array_0])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_array_0, 0); @@ -10019,6 +10264,7 @@ static enum ndr_err_code ndr_push_drsuapi_DsReplicaCursor2Ctr(struct ndr_push *n static enum ndr_err_code ndr_pull_drsuapi_DsReplicaCursor2Ctr(struct ndr_pull *ndr, int ndr_flags, struct drsuapi_DsReplicaCursor2Ctr *r) { + uint32_t size_array_0 = 0; uint32_t cntr_array_0; TALLOC_CTX *_mem_save_array_0; if (ndr_flags & NDR_SCALARS) { @@ -10026,10 +10272,11 @@ static enum ndr_err_code ndr_pull_drsuapi_DsReplicaCursor2Ctr(struct ndr_pull *n NDR_CHECK(ndr_pull_align(ndr, 8)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->count)); NDR_CHECK(ndr_pull_int32(ndr, NDR_SCALARS, &r->enumeration_context)); - NDR_PULL_ALLOC_N(ndr, r->array, ndr_get_array_size(ndr, &r->array)); + size_array_0 = ndr_get_array_size(ndr, &r->array); + NDR_PULL_ALLOC_N(ndr, r->array, size_array_0); _mem_save_array_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); - for (cntr_array_0 = 0; cntr_array_0 < r->count; cntr_array_0++) { + for (cntr_array_0 = 0; cntr_array_0 < size_array_0; cntr_array_0++) { NDR_CHECK(ndr_pull_drsuapi_DsReplicaCursor2(ndr, NDR_SCALARS, &r->array[cntr_array_0])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_array_0, 0); @@ -10085,6 +10332,8 @@ static enum ndr_err_code ndr_push_drsuapi_DsReplicaCursor3(struct ndr_push *ndr, static enum ndr_err_code ndr_pull_drsuapi_DsReplicaCursor3(struct ndr_pull *ndr, int ndr_flags, struct drsuapi_DsReplicaCursor3 *r) { uint32_t _ptr_source_dsa_obj_dn; + uint32_t size_source_dsa_obj_dn_1 = 0; + uint32_t length_source_dsa_obj_dn_1 = 0; TALLOC_CTX *_mem_save_source_dsa_obj_dn_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 8)); @@ -10104,11 +10353,13 @@ static enum ndr_err_code ndr_pull_drsuapi_DsReplicaCursor3(struct ndr_pull *ndr, NDR_PULL_SET_MEM_CTX(ndr, r->source_dsa_obj_dn, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->source_dsa_obj_dn)); NDR_CHECK(ndr_pull_array_length(ndr, &r->source_dsa_obj_dn)); - if (ndr_get_array_length(ndr, &r->source_dsa_obj_dn) > ndr_get_array_size(ndr, &r->source_dsa_obj_dn)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->source_dsa_obj_dn), ndr_get_array_length(ndr, &r->source_dsa_obj_dn)); + size_source_dsa_obj_dn_1 = ndr_get_array_size(ndr, &r->source_dsa_obj_dn); + length_source_dsa_obj_dn_1 = ndr_get_array_length(ndr, &r->source_dsa_obj_dn); + if (length_source_dsa_obj_dn_1 > size_source_dsa_obj_dn_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_source_dsa_obj_dn_1, length_source_dsa_obj_dn_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->source_dsa_obj_dn), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->source_dsa_obj_dn, ndr_get_array_length(ndr, &r->source_dsa_obj_dn), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_source_dsa_obj_dn_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->source_dsa_obj_dn, length_source_dsa_obj_dn_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_source_dsa_obj_dn_0, 0); } } @@ -10153,6 +10404,7 @@ static enum ndr_err_code ndr_push_drsuapi_DsReplicaCursor3Ctr(struct ndr_push *n static enum ndr_err_code ndr_pull_drsuapi_DsReplicaCursor3Ctr(struct ndr_pull *ndr, int ndr_flags, struct drsuapi_DsReplicaCursor3Ctr *r) { + uint32_t size_array_0 = 0; uint32_t cntr_array_0; TALLOC_CTX *_mem_save_array_0; if (ndr_flags & NDR_SCALARS) { @@ -10160,10 +10412,11 @@ static enum ndr_err_code ndr_pull_drsuapi_DsReplicaCursor3Ctr(struct ndr_pull *n NDR_CHECK(ndr_pull_align(ndr, 8)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->count)); NDR_CHECK(ndr_pull_int32(ndr, NDR_SCALARS, &r->enumeration_context)); - NDR_PULL_ALLOC_N(ndr, r->array, ndr_get_array_size(ndr, &r->array)); + size_array_0 = ndr_get_array_size(ndr, &r->array); + NDR_PULL_ALLOC_N(ndr, r->array, size_array_0); _mem_save_array_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); - for (cntr_array_0 = 0; cntr_array_0 < r->count; cntr_array_0++) { + for (cntr_array_0 = 0; cntr_array_0 < size_array_0; cntr_array_0++) { NDR_CHECK(ndr_pull_drsuapi_DsReplicaCursor3(ndr, NDR_SCALARS, &r->array[cntr_array_0])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_array_0, 0); @@ -10172,9 +10425,10 @@ static enum ndr_err_code ndr_pull_drsuapi_DsReplicaCursor3Ctr(struct ndr_pull *n } } if (ndr_flags & NDR_BUFFERS) { + size_array_0 = ndr_get_array_size(ndr, &r->array); _mem_save_array_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); - for (cntr_array_0 = 0; cntr_array_0 < r->count; cntr_array_0++) { + for (cntr_array_0 = 0; cntr_array_0 < size_array_0; cntr_array_0++) { NDR_CHECK(ndr_pull_drsuapi_DsReplicaCursor3(ndr, NDR_BUFFERS, &r->array[cntr_array_0])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_array_0, 0); @@ -10234,8 +10488,12 @@ static enum ndr_err_code ndr_push_drsuapi_DsReplicaObjMetaData2(struct ndr_push static enum ndr_err_code ndr_pull_drsuapi_DsReplicaObjMetaData2(struct ndr_pull *ndr, int ndr_flags, struct drsuapi_DsReplicaObjMetaData2 *r) { uint32_t _ptr_attribute_name; + uint32_t size_attribute_name_1 = 0; + uint32_t length_attribute_name_1 = 0; TALLOC_CTX *_mem_save_attribute_name_0; uint32_t _ptr_originating_dsa_dn; + uint32_t size_originating_dsa_dn_1 = 0; + uint32_t length_originating_dsa_dn_1 = 0; TALLOC_CTX *_mem_save_originating_dsa_dn_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 8)); @@ -10263,11 +10521,13 @@ static enum ndr_err_code ndr_pull_drsuapi_DsReplicaObjMetaData2(struct ndr_pull NDR_PULL_SET_MEM_CTX(ndr, r->attribute_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->attribute_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->attribute_name)); - if (ndr_get_array_length(ndr, &r->attribute_name) > ndr_get_array_size(ndr, &r->attribute_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->attribute_name), ndr_get_array_length(ndr, &r->attribute_name)); + size_attribute_name_1 = ndr_get_array_size(ndr, &r->attribute_name); + length_attribute_name_1 = ndr_get_array_length(ndr, &r->attribute_name); + if (length_attribute_name_1 > size_attribute_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_attribute_name_1, length_attribute_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->attribute_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->attribute_name, ndr_get_array_length(ndr, &r->attribute_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_attribute_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->attribute_name, length_attribute_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_attribute_name_0, 0); } if (r->originating_dsa_dn) { @@ -10275,11 +10535,13 @@ static enum ndr_err_code ndr_pull_drsuapi_DsReplicaObjMetaData2(struct ndr_pull NDR_PULL_SET_MEM_CTX(ndr, r->originating_dsa_dn, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->originating_dsa_dn)); NDR_CHECK(ndr_pull_array_length(ndr, &r->originating_dsa_dn)); - if (ndr_get_array_length(ndr, &r->originating_dsa_dn) > ndr_get_array_size(ndr, &r->originating_dsa_dn)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->originating_dsa_dn), ndr_get_array_length(ndr, &r->originating_dsa_dn)); + size_originating_dsa_dn_1 = ndr_get_array_size(ndr, &r->originating_dsa_dn); + length_originating_dsa_dn_1 = ndr_get_array_length(ndr, &r->originating_dsa_dn); + if (length_originating_dsa_dn_1 > size_originating_dsa_dn_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_originating_dsa_dn_1, length_originating_dsa_dn_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->originating_dsa_dn), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->originating_dsa_dn, ndr_get_array_length(ndr, &r->originating_dsa_dn), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_originating_dsa_dn_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->originating_dsa_dn, length_originating_dsa_dn_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_originating_dsa_dn_0, 0); } } @@ -10332,6 +10594,7 @@ static enum ndr_err_code ndr_push_drsuapi_DsReplicaObjMetaData2Ctr(struct ndr_pu static enum ndr_err_code ndr_pull_drsuapi_DsReplicaObjMetaData2Ctr(struct ndr_pull *ndr, int ndr_flags, struct drsuapi_DsReplicaObjMetaData2Ctr *r) { + uint32_t size_array_0 = 0; uint32_t cntr_array_0; TALLOC_CTX *_mem_save_array_0; if (ndr_flags & NDR_SCALARS) { @@ -10339,10 +10602,11 @@ static enum ndr_err_code ndr_pull_drsuapi_DsReplicaObjMetaData2Ctr(struct ndr_pu NDR_CHECK(ndr_pull_align(ndr, 8)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->count)); NDR_CHECK(ndr_pull_int32(ndr, NDR_SCALARS, &r->enumeration_context)); - NDR_PULL_ALLOC_N(ndr, r->array, ndr_get_array_size(ndr, &r->array)); + size_array_0 = ndr_get_array_size(ndr, &r->array); + NDR_PULL_ALLOC_N(ndr, r->array, size_array_0); _mem_save_array_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); - for (cntr_array_0 = 0; cntr_array_0 < r->count; cntr_array_0++) { + for (cntr_array_0 = 0; cntr_array_0 < size_array_0; cntr_array_0++) { NDR_CHECK(ndr_pull_drsuapi_DsReplicaObjMetaData2(ndr, NDR_SCALARS, &r->array[cntr_array_0])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_array_0, 0); @@ -10351,9 +10615,10 @@ static enum ndr_err_code ndr_pull_drsuapi_DsReplicaObjMetaData2Ctr(struct ndr_pu } } if (ndr_flags & NDR_BUFFERS) { + size_array_0 = ndr_get_array_size(ndr, &r->array); _mem_save_array_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); - for (cntr_array_0 = 0; cntr_array_0 < r->count; cntr_array_0++) { + for (cntr_array_0 = 0; cntr_array_0 < size_array_0; cntr_array_0++) { NDR_CHECK(ndr_pull_drsuapi_DsReplicaObjMetaData2(ndr, NDR_BUFFERS, &r->array[cntr_array_0])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_array_0, 0); @@ -10427,12 +10692,18 @@ static enum ndr_err_code ndr_push_drsuapi_DsReplicaAttrValMetaData2(struct ndr_p static enum ndr_err_code ndr_pull_drsuapi_DsReplicaAttrValMetaData2(struct ndr_pull *ndr, int ndr_flags, struct drsuapi_DsReplicaAttrValMetaData2 *r) { uint32_t _ptr_attribute_name; + uint32_t size_attribute_name_1 = 0; + uint32_t length_attribute_name_1 = 0; TALLOC_CTX *_mem_save_attribute_name_0; uint32_t _ptr_object_dn; + uint32_t size_object_dn_1 = 0; + uint32_t length_object_dn_1 = 0; TALLOC_CTX *_mem_save_object_dn_0; uint32_t _ptr_binary; TALLOC_CTX *_mem_save_binary_0; uint32_t _ptr_originating_dsa_dn; + uint32_t size_originating_dsa_dn_1 = 0; + uint32_t length_originating_dsa_dn_1 = 0; TALLOC_CTX *_mem_save_originating_dsa_dn_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 8)); @@ -10475,11 +10746,13 @@ static enum ndr_err_code ndr_pull_drsuapi_DsReplicaAttrValMetaData2(struct ndr_p NDR_PULL_SET_MEM_CTX(ndr, r->attribute_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->attribute_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->attribute_name)); - if (ndr_get_array_length(ndr, &r->attribute_name) > ndr_get_array_size(ndr, &r->attribute_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->attribute_name), ndr_get_array_length(ndr, &r->attribute_name)); + size_attribute_name_1 = ndr_get_array_size(ndr, &r->attribute_name); + length_attribute_name_1 = ndr_get_array_length(ndr, &r->attribute_name); + if (length_attribute_name_1 > size_attribute_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_attribute_name_1, length_attribute_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->attribute_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->attribute_name, ndr_get_array_length(ndr, &r->attribute_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_attribute_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->attribute_name, length_attribute_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_attribute_name_0, 0); } if (r->object_dn) { @@ -10487,11 +10760,13 @@ static enum ndr_err_code ndr_pull_drsuapi_DsReplicaAttrValMetaData2(struct ndr_p NDR_PULL_SET_MEM_CTX(ndr, r->object_dn, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->object_dn)); NDR_CHECK(ndr_pull_array_length(ndr, &r->object_dn)); - if (ndr_get_array_length(ndr, &r->object_dn) > ndr_get_array_size(ndr, &r->object_dn)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->object_dn), ndr_get_array_length(ndr, &r->object_dn)); + size_object_dn_1 = ndr_get_array_size(ndr, &r->object_dn); + length_object_dn_1 = ndr_get_array_length(ndr, &r->object_dn); + if (length_object_dn_1 > size_object_dn_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_object_dn_1, length_object_dn_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->object_dn), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->object_dn, ndr_get_array_length(ndr, &r->object_dn), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_object_dn_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->object_dn, length_object_dn_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_object_dn_0, 0); } if (r->binary) { @@ -10505,11 +10780,13 @@ static enum ndr_err_code ndr_pull_drsuapi_DsReplicaAttrValMetaData2(struct ndr_p NDR_PULL_SET_MEM_CTX(ndr, r->originating_dsa_dn, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->originating_dsa_dn)); NDR_CHECK(ndr_pull_array_length(ndr, &r->originating_dsa_dn)); - if (ndr_get_array_length(ndr, &r->originating_dsa_dn) > ndr_get_array_size(ndr, &r->originating_dsa_dn)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->originating_dsa_dn), ndr_get_array_length(ndr, &r->originating_dsa_dn)); + size_originating_dsa_dn_1 = ndr_get_array_size(ndr, &r->originating_dsa_dn); + length_originating_dsa_dn_1 = ndr_get_array_length(ndr, &r->originating_dsa_dn); + if (length_originating_dsa_dn_1 > size_originating_dsa_dn_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_originating_dsa_dn_1, length_originating_dsa_dn_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->originating_dsa_dn), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->originating_dsa_dn, ndr_get_array_length(ndr, &r->originating_dsa_dn), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_originating_dsa_dn_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->originating_dsa_dn, length_originating_dsa_dn_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_originating_dsa_dn_0, 0); } } @@ -10577,6 +10854,7 @@ static enum ndr_err_code ndr_push_drsuapi_DsReplicaAttrValMetaData2Ctr(struct nd static enum ndr_err_code ndr_pull_drsuapi_DsReplicaAttrValMetaData2Ctr(struct ndr_pull *ndr, int ndr_flags, struct drsuapi_DsReplicaAttrValMetaData2Ctr *r) { + uint32_t size_array_0 = 0; uint32_t cntr_array_0; TALLOC_CTX *_mem_save_array_0; if (ndr_flags & NDR_SCALARS) { @@ -10584,10 +10862,11 @@ static enum ndr_err_code ndr_pull_drsuapi_DsReplicaAttrValMetaData2Ctr(struct nd NDR_CHECK(ndr_pull_align(ndr, 8)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->count)); NDR_CHECK(ndr_pull_int32(ndr, NDR_SCALARS, &r->enumeration_context)); - NDR_PULL_ALLOC_N(ndr, r->array, ndr_get_array_size(ndr, &r->array)); + size_array_0 = ndr_get_array_size(ndr, &r->array); + NDR_PULL_ALLOC_N(ndr, r->array, size_array_0); _mem_save_array_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); - for (cntr_array_0 = 0; cntr_array_0 < r->count; cntr_array_0++) { + for (cntr_array_0 = 0; cntr_array_0 < size_array_0; cntr_array_0++) { NDR_CHECK(ndr_pull_drsuapi_DsReplicaAttrValMetaData2(ndr, NDR_SCALARS, &r->array[cntr_array_0])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_array_0, 0); @@ -10596,9 +10875,10 @@ static enum ndr_err_code ndr_pull_drsuapi_DsReplicaAttrValMetaData2Ctr(struct nd } } if (ndr_flags & NDR_BUFFERS) { + size_array_0 = ndr_get_array_size(ndr, &r->array); _mem_save_array_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); - for (cntr_array_0 = 0; cntr_array_0 < r->count; cntr_array_0++) { + for (cntr_array_0 = 0; cntr_array_0 < size_array_0; cntr_array_0++) { NDR_CHECK(ndr_pull_drsuapi_DsReplicaAttrValMetaData2(ndr, NDR_BUFFERS, &r->array[cntr_array_0])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_array_0, 0); @@ -10703,6 +10983,7 @@ static enum ndr_err_code ndr_push_drsuapi_DsReplicaConnection04Ctr(struct ndr_pu static enum ndr_err_code ndr_pull_drsuapi_DsReplicaConnection04Ctr(struct ndr_pull *ndr, int ndr_flags, struct drsuapi_DsReplicaConnection04Ctr *r) { + uint32_t size_array_0 = 0; uint32_t cntr_array_0; TALLOC_CTX *_mem_save_array_0; if (ndr_flags & NDR_SCALARS) { @@ -10713,10 +10994,11 @@ static enum ndr_err_code ndr_pull_drsuapi_DsReplicaConnection04Ctr(struct ndr_pu return ndr_pull_error(ndr, NDR_ERR_RANGE, "value out of range"); } NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->reserved)); - NDR_PULL_ALLOC_N(ndr, r->array, ndr_get_array_size(ndr, &r->array)); + size_array_0 = ndr_get_array_size(ndr, &r->array); + NDR_PULL_ALLOC_N(ndr, r->array, size_array_0); _mem_save_array_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); - for (cntr_array_0 = 0; cntr_array_0 < r->count; cntr_array_0++) { + for (cntr_array_0 = 0; cntr_array_0 < size_array_0; cntr_array_0++) { NDR_CHECK(ndr_pull_drsuapi_DsReplicaConnection04(ndr, NDR_SCALARS, &r->array[cntr_array_0])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_array_0, 0); @@ -10776,6 +11058,8 @@ static enum ndr_err_code ndr_push_drsuapi_DsReplica06(struct ndr_push *ndr, int static enum ndr_err_code ndr_pull_drsuapi_DsReplica06(struct ndr_pull *ndr, int ndr_flags, struct drsuapi_DsReplica06 *r) { uint32_t _ptr_str1; + uint32_t size_str1_1 = 0; + uint32_t length_str1_1 = 0; TALLOC_CTX *_mem_save_str1_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 8)); @@ -10799,11 +11083,13 @@ static enum ndr_err_code ndr_pull_drsuapi_DsReplica06(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->str1, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->str1)); NDR_CHECK(ndr_pull_array_length(ndr, &r->str1)); - if (ndr_get_array_length(ndr, &r->str1) > ndr_get_array_size(ndr, &r->str1)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->str1), ndr_get_array_length(ndr, &r->str1)); + size_str1_1 = ndr_get_array_size(ndr, &r->str1); + length_str1_1 = ndr_get_array_length(ndr, &r->str1); + if (length_str1_1 > size_str1_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_str1_1, length_str1_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->str1), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->str1, ndr_get_array_length(ndr, &r->str1), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_str1_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->str1, length_str1_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_str1_0, 0); } } @@ -10852,6 +11138,7 @@ static enum ndr_err_code ndr_push_drsuapi_DsReplica06Ctr(struct ndr_push *ndr, i static enum ndr_err_code ndr_pull_drsuapi_DsReplica06Ctr(struct ndr_pull *ndr, int ndr_flags, struct drsuapi_DsReplica06Ctr *r) { + uint32_t size_array_0 = 0; uint32_t cntr_array_0; TALLOC_CTX *_mem_save_array_0; if (ndr_flags & NDR_SCALARS) { @@ -10862,10 +11149,11 @@ static enum ndr_err_code ndr_pull_drsuapi_DsReplica06Ctr(struct ndr_pull *ndr, i return ndr_pull_error(ndr, NDR_ERR_RANGE, "value out of range"); } NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->reserved)); - NDR_PULL_ALLOC_N(ndr, r->array, ndr_get_array_size(ndr, &r->array)); + size_array_0 = ndr_get_array_size(ndr, &r->array); + NDR_PULL_ALLOC_N(ndr, r->array, size_array_0); _mem_save_array_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); - for (cntr_array_0 = 0; cntr_array_0 < r->count; cntr_array_0++) { + for (cntr_array_0 = 0; cntr_array_0 < size_array_0; cntr_array_0++) { NDR_CHECK(ndr_pull_drsuapi_DsReplica06(ndr, NDR_SCALARS, &r->array[cntr_array_0])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_array_0, 0); @@ -10874,9 +11162,10 @@ static enum ndr_err_code ndr_pull_drsuapi_DsReplica06Ctr(struct ndr_pull *ndr, i } } if (ndr_flags & NDR_BUFFERS) { + size_array_0 = ndr_get_array_size(ndr, &r->array); _mem_save_array_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); - for (cntr_array_0 = 0; cntr_array_0 < r->count; cntr_array_0++) { + for (cntr_array_0 = 0; cntr_array_0 < size_array_0; cntr_array_0++) { NDR_CHECK(ndr_pull_drsuapi_DsReplica06(ndr, NDR_BUFFERS, &r->array[cntr_array_0])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_array_0, 0); @@ -11079,20 +11368,35 @@ static enum ndr_err_code ndr_pull_drsuapi_DsReplicaInfo(struct ndr_pull *ndr, in int level; uint32_t _level; TALLOC_CTX *_mem_save_neighbours_0; + uint32_t _ptr_neighbours; TALLOC_CTX *_mem_save_cursors_0; + uint32_t _ptr_cursors; TALLOC_CTX *_mem_save_objmetadata_0; + uint32_t _ptr_objmetadata; TALLOC_CTX *_mem_save_connectfailures_0; + uint32_t _ptr_connectfailures; TALLOC_CTX *_mem_save_linkfailures_0; + uint32_t _ptr_linkfailures; TALLOC_CTX *_mem_save_pendingops_0; + uint32_t _ptr_pendingops; TALLOC_CTX *_mem_save_attrvalmetadata_0; + uint32_t _ptr_attrvalmetadata; TALLOC_CTX *_mem_save_cursors2_0; + uint32_t _ptr_cursors2; TALLOC_CTX *_mem_save_cursors3_0; + uint32_t _ptr_cursors3; TALLOC_CTX *_mem_save_objmetadata2_0; + uint32_t _ptr_objmetadata2; TALLOC_CTX *_mem_save_attrvalmetadata2_0; + uint32_t _ptr_attrvalmetadata2; TALLOC_CTX *_mem_save_neighbours02_0; + uint32_t _ptr_neighbours02; TALLOC_CTX *_mem_save_connections04_0; + uint32_t _ptr_connections04; TALLOC_CTX *_mem_save_cursors05_0; + uint32_t _ptr_cursors05; TALLOC_CTX *_mem_save_i06_0; + uint32_t _ptr_i06; level = ndr_pull_get_switch_value(ndr, r); if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &_level)); @@ -11101,7 +11405,6 @@ static enum ndr_err_code ndr_pull_drsuapi_DsReplicaInfo(struct ndr_pull *ndr, in } switch (level) { case DRSUAPI_DS_REPLICA_INFO_NEIGHBORS: { - uint32_t _ptr_neighbours; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_neighbours)); if (_ptr_neighbours) { NDR_PULL_ALLOC(ndr, r->neighbours); @@ -11111,7 +11414,6 @@ static enum ndr_err_code ndr_pull_drsuapi_DsReplicaInfo(struct ndr_pull *ndr, in break; } case DRSUAPI_DS_REPLICA_INFO_CURSORS: { - uint32_t _ptr_cursors; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_cursors)); if (_ptr_cursors) { NDR_PULL_ALLOC(ndr, r->cursors); @@ -11121,7 +11423,6 @@ static enum ndr_err_code ndr_pull_drsuapi_DsReplicaInfo(struct ndr_pull *ndr, in break; } case DRSUAPI_DS_REPLICA_INFO_OBJ_METADATA: { - uint32_t _ptr_objmetadata; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_objmetadata)); if (_ptr_objmetadata) { NDR_PULL_ALLOC(ndr, r->objmetadata); @@ -11131,7 +11432,6 @@ static enum ndr_err_code ndr_pull_drsuapi_DsReplicaInfo(struct ndr_pull *ndr, in break; } case DRSUAPI_DS_REPLICA_INFO_KCC_DSA_CONNECT_FAILURES: { - uint32_t _ptr_connectfailures; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_connectfailures)); if (_ptr_connectfailures) { NDR_PULL_ALLOC(ndr, r->connectfailures); @@ -11141,7 +11441,6 @@ static enum ndr_err_code ndr_pull_drsuapi_DsReplicaInfo(struct ndr_pull *ndr, in break; } case DRSUAPI_DS_REPLICA_INFO_KCC_DSA_LINK_FAILURES: { - uint32_t _ptr_linkfailures; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_linkfailures)); if (_ptr_linkfailures) { NDR_PULL_ALLOC(ndr, r->linkfailures); @@ -11151,7 +11450,6 @@ static enum ndr_err_code ndr_pull_drsuapi_DsReplicaInfo(struct ndr_pull *ndr, in break; } case DRSUAPI_DS_REPLICA_INFO_PENDING_OPS: { - uint32_t _ptr_pendingops; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_pendingops)); if (_ptr_pendingops) { NDR_PULL_ALLOC(ndr, r->pendingops); @@ -11161,7 +11459,6 @@ static enum ndr_err_code ndr_pull_drsuapi_DsReplicaInfo(struct ndr_pull *ndr, in break; } case DRSUAPI_DS_REPLICA_INFO_ATTRIBUTE_VALUE_METADATA: { - uint32_t _ptr_attrvalmetadata; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_attrvalmetadata)); if (_ptr_attrvalmetadata) { NDR_PULL_ALLOC(ndr, r->attrvalmetadata); @@ -11171,7 +11468,6 @@ static enum ndr_err_code ndr_pull_drsuapi_DsReplicaInfo(struct ndr_pull *ndr, in break; } case DRSUAPI_DS_REPLICA_INFO_CURSORS2: { - uint32_t _ptr_cursors2; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_cursors2)); if (_ptr_cursors2) { NDR_PULL_ALLOC(ndr, r->cursors2); @@ -11181,7 +11477,6 @@ static enum ndr_err_code ndr_pull_drsuapi_DsReplicaInfo(struct ndr_pull *ndr, in break; } case DRSUAPI_DS_REPLICA_INFO_CURSORS3: { - uint32_t _ptr_cursors3; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_cursors3)); if (_ptr_cursors3) { NDR_PULL_ALLOC(ndr, r->cursors3); @@ -11191,7 +11486,6 @@ static enum ndr_err_code ndr_pull_drsuapi_DsReplicaInfo(struct ndr_pull *ndr, in break; } case DRSUAPI_DS_REPLICA_INFO_OBJ_METADATA2: { - uint32_t _ptr_objmetadata2; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_objmetadata2)); if (_ptr_objmetadata2) { NDR_PULL_ALLOC(ndr, r->objmetadata2); @@ -11201,7 +11495,6 @@ static enum ndr_err_code ndr_pull_drsuapi_DsReplicaInfo(struct ndr_pull *ndr, in break; } case DRSUAPI_DS_REPLICA_INFO_ATTRIBUTE_VALUE_METADATA2: { - uint32_t _ptr_attrvalmetadata2; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_attrvalmetadata2)); if (_ptr_attrvalmetadata2) { NDR_PULL_ALLOC(ndr, r->attrvalmetadata2); @@ -11211,7 +11504,6 @@ static enum ndr_err_code ndr_pull_drsuapi_DsReplicaInfo(struct ndr_pull *ndr, in break; } case DRSUAPI_DS_REPLICA_INFO_NEIGHBORS02: { - uint32_t _ptr_neighbours02; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_neighbours02)); if (_ptr_neighbours02) { NDR_PULL_ALLOC(ndr, r->neighbours02); @@ -11221,7 +11513,6 @@ static enum ndr_err_code ndr_pull_drsuapi_DsReplicaInfo(struct ndr_pull *ndr, in break; } case DRSUAPI_DS_REPLICA_INFO_CONNECTIONS04: { - uint32_t _ptr_connections04; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_connections04)); if (_ptr_connections04) { NDR_PULL_ALLOC(ndr, r->connections04); @@ -11231,7 +11522,6 @@ static enum ndr_err_code ndr_pull_drsuapi_DsReplicaInfo(struct ndr_pull *ndr, in break; } case DRSUAPI_DS_REPLICA_INFO_CURSORS05: { - uint32_t _ptr_cursors05; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_cursors05)); if (_ptr_cursors05) { NDR_PULL_ALLOC(ndr, r->cursors05); @@ -11241,7 +11531,6 @@ static enum ndr_err_code ndr_pull_drsuapi_DsReplicaInfo(struct ndr_pull *ndr, in break; } case DRSUAPI_DS_REPLICA_INFO_06: { - uint32_t _ptr_i06; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_i06)); if (_ptr_i06) { NDR_PULL_ALLOC(ndr, r->i06); @@ -11646,6 +11935,7 @@ static enum ndr_err_code ndr_push_drsuapi_DsGetMemberships2Request1(struct ndr_p static enum ndr_err_code ndr_pull_drsuapi_DsGetMemberships2Request1(struct ndr_pull *ndr, int ndr_flags, struct drsuapi_DsGetMemberships2Request1 *r) { uint32_t _ptr_req_array; + uint32_t size_req_array_1 = 0; uint32_t cntr_req_array_1; TALLOC_CTX *_mem_save_req_array_0; TALLOC_CTX *_mem_save_req_array_1; @@ -11668,10 +11958,11 @@ static enum ndr_err_code ndr_pull_drsuapi_DsGetMemberships2Request1(struct ndr_p _mem_save_req_array_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->req_array, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->req_array)); - NDR_PULL_ALLOC_N(ndr, r->req_array, ndr_get_array_size(ndr, &r->req_array)); + size_req_array_1 = ndr_get_array_size(ndr, &r->req_array); + NDR_PULL_ALLOC_N(ndr, r->req_array, size_req_array_1); _mem_save_req_array_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->req_array, 0); - for (cntr_req_array_1 = 0; cntr_req_array_1 < r->num_req; cntr_req_array_1++) { + for (cntr_req_array_1 = 0; cntr_req_array_1 < size_req_array_1; cntr_req_array_1++) { NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_req_array)); if (_ptr_req_array) { NDR_PULL_ALLOC(ndr, r->req_array[cntr_req_array_1]); @@ -11679,7 +11970,7 @@ static enum ndr_err_code ndr_pull_drsuapi_DsGetMemberships2Request1(struct ndr_p r->req_array[cntr_req_array_1] = NULL; } } - for (cntr_req_array_1 = 0; cntr_req_array_1 < r->num_req; cntr_req_array_1++) { + for (cntr_req_array_1 = 0; cntr_req_array_1 < size_req_array_1; cntr_req_array_1++) { if (r->req_array[cntr_req_array_1]) { _mem_save_req_array_2 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->req_array[cntr_req_array_1], 0); @@ -11857,6 +12148,7 @@ static enum ndr_err_code ndr_push_drsuapi_QuerySitesByCostCtr1(struct ndr_push * static enum ndr_err_code ndr_pull_drsuapi_QuerySitesByCostCtr1(struct ndr_pull *ndr, int ndr_flags, struct drsuapi_QuerySitesByCostCtr1 *r) { uint32_t _ptr_info; + uint32_t size_info_1 = 0; uint32_t cntr_info_1; TALLOC_CTX *_mem_save_info_0; TALLOC_CTX *_mem_save_info_1; @@ -11879,10 +12171,11 @@ static enum ndr_err_code ndr_pull_drsuapi_QuerySitesByCostCtr1(struct ndr_pull * _mem_save_info_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->info, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->info)); - NDR_PULL_ALLOC_N(ndr, r->info, ndr_get_array_size(ndr, &r->info)); + size_info_1 = ndr_get_array_size(ndr, &r->info); + NDR_PULL_ALLOC_N(ndr, r->info, size_info_1); _mem_save_info_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->info, 0); - for (cntr_info_1 = 0; cntr_info_1 < r->num_info; cntr_info_1++) { + for (cntr_info_1 = 0; cntr_info_1 < size_info_1; cntr_info_1++) { NDR_CHECK(ndr_pull_drsuapi_DsSiteCostInfo(ndr, NDR_SCALARS, &r->info[cntr_info_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_info_1, 0); @@ -12033,9 +12326,14 @@ static enum ndr_err_code ndr_push_drsuapi_QuerySitesByCostRequest1(struct ndr_pu static enum ndr_err_code ndr_pull_drsuapi_QuerySitesByCostRequest1(struct ndr_pull *ndr, int ndr_flags, struct drsuapi_QuerySitesByCostRequest1 *r) { uint32_t _ptr_site_from; + uint32_t size_site_from_1 = 0; + uint32_t length_site_from_1 = 0; TALLOC_CTX *_mem_save_site_from_0; uint32_t _ptr_site_to; + uint32_t size_site_to_1 = 0; uint32_t cntr_site_to_1; + uint32_t size_site_to_3 = 0; + uint32_t length_site_to_3 = 0; TALLOC_CTX *_mem_save_site_to_0; TALLOC_CTX *_mem_save_site_to_1; TALLOC_CTX *_mem_save_site_to_2; @@ -12065,21 +12363,24 @@ static enum ndr_err_code ndr_pull_drsuapi_QuerySitesByCostRequest1(struct ndr_pu NDR_PULL_SET_MEM_CTX(ndr, r->site_from, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->site_from)); NDR_CHECK(ndr_pull_array_length(ndr, &r->site_from)); - if (ndr_get_array_length(ndr, &r->site_from) > ndr_get_array_size(ndr, &r->site_from)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->site_from), ndr_get_array_length(ndr, &r->site_from)); + size_site_from_1 = ndr_get_array_size(ndr, &r->site_from); + length_site_from_1 = ndr_get_array_length(ndr, &r->site_from); + if (length_site_from_1 > size_site_from_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_site_from_1, length_site_from_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->site_from), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->site_from, ndr_get_array_length(ndr, &r->site_from), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_site_from_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->site_from, length_site_from_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_site_from_0, 0); } if (r->site_to) { _mem_save_site_to_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->site_to, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->site_to)); - NDR_PULL_ALLOC_N(ndr, r->site_to, ndr_get_array_size(ndr, &r->site_to)); + size_site_to_1 = ndr_get_array_size(ndr, &r->site_to); + NDR_PULL_ALLOC_N(ndr, r->site_to, size_site_to_1); _mem_save_site_to_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->site_to, 0); - for (cntr_site_to_1 = 0; cntr_site_to_1 < r->num_req; cntr_site_to_1++) { + for (cntr_site_to_1 = 0; cntr_site_to_1 < size_site_to_1; cntr_site_to_1++) { NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_site_to)); if (_ptr_site_to) { NDR_PULL_ALLOC(ndr, r->site_to[cntr_site_to_1]); @@ -12087,17 +12388,19 @@ static enum ndr_err_code ndr_pull_drsuapi_QuerySitesByCostRequest1(struct ndr_pu r->site_to[cntr_site_to_1] = NULL; } } - for (cntr_site_to_1 = 0; cntr_site_to_1 < r->num_req; cntr_site_to_1++) { + for (cntr_site_to_1 = 0; cntr_site_to_1 < size_site_to_1; cntr_site_to_1++) { if (r->site_to[cntr_site_to_1]) { _mem_save_site_to_2 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->site_to[cntr_site_to_1], 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->site_to[cntr_site_to_1])); NDR_CHECK(ndr_pull_array_length(ndr, &r->site_to[cntr_site_to_1])); - if (ndr_get_array_length(ndr, &r->site_to[cntr_site_to_1]) > ndr_get_array_size(ndr, &r->site_to[cntr_site_to_1])) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->site_to[cntr_site_to_1]), ndr_get_array_length(ndr, &r->site_to[cntr_site_to_1])); + size_site_to_3 = ndr_get_array_size(ndr, &r->site_to[cntr_site_to_1]); + length_site_to_3 = ndr_get_array_length(ndr, &r->site_to[cntr_site_to_1]); + if (length_site_to_3 > size_site_to_3) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_site_to_3, length_site_to_3); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->site_to[cntr_site_to_1]), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->site_to[cntr_site_to_1], ndr_get_array_length(ndr, &r->site_to[cntr_site_to_1]), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_site_to_3, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->site_to[cntr_site_to_1], length_site_to_3, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_site_to_2, 0); } } diff --git a/librpc/gen_ndr/ndr_dssetup.c b/librpc/gen_ndr/ndr_dssetup.c index 7ce80dd..a65726d 100644 --- a/librpc/gen_ndr/ndr_dssetup.c +++ b/librpc/gen_ndr/ndr_dssetup.c @@ -95,10 +95,16 @@ static enum ndr_err_code ndr_push_dssetup_DsRolePrimaryDomInfoBasic(struct ndr_p static enum ndr_err_code ndr_pull_dssetup_DsRolePrimaryDomInfoBasic(struct ndr_pull *ndr, int ndr_flags, struct dssetup_DsRolePrimaryDomInfoBasic *r) { uint32_t _ptr_domain; + uint32_t size_domain_1 = 0; + uint32_t length_domain_1 = 0; TALLOC_CTX *_mem_save_domain_0; uint32_t _ptr_dns_domain; + uint32_t size_dns_domain_1 = 0; + uint32_t length_dns_domain_1 = 0; TALLOC_CTX *_mem_save_dns_domain_0; uint32_t _ptr_forest; + uint32_t size_forest_1 = 0; + uint32_t length_forest_1 = 0; TALLOC_CTX *_mem_save_forest_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); @@ -130,11 +136,13 @@ static enum ndr_err_code ndr_pull_dssetup_DsRolePrimaryDomInfoBasic(struct ndr_p NDR_PULL_SET_MEM_CTX(ndr, r->domain, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->domain)); NDR_CHECK(ndr_pull_array_length(ndr, &r->domain)); - if (ndr_get_array_length(ndr, &r->domain) > ndr_get_array_size(ndr, &r->domain)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->domain), ndr_get_array_length(ndr, &r->domain)); + size_domain_1 = ndr_get_array_size(ndr, &r->domain); + length_domain_1 = ndr_get_array_length(ndr, &r->domain); + if (length_domain_1 > size_domain_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_domain_1, length_domain_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->domain), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->domain, ndr_get_array_length(ndr, &r->domain), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_domain_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->domain, length_domain_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_domain_0, 0); } if (r->dns_domain) { @@ -142,11 +150,13 @@ static enum ndr_err_code ndr_pull_dssetup_DsRolePrimaryDomInfoBasic(struct ndr_p NDR_PULL_SET_MEM_CTX(ndr, r->dns_domain, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->dns_domain)); NDR_CHECK(ndr_pull_array_length(ndr, &r->dns_domain)); - if (ndr_get_array_length(ndr, &r->dns_domain) > ndr_get_array_size(ndr, &r->dns_domain)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->dns_domain), ndr_get_array_length(ndr, &r->dns_domain)); + size_dns_domain_1 = ndr_get_array_size(ndr, &r->dns_domain); + length_dns_domain_1 = ndr_get_array_length(ndr, &r->dns_domain); + if (length_dns_domain_1 > size_dns_domain_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_dns_domain_1, length_dns_domain_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->dns_domain), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->dns_domain, ndr_get_array_length(ndr, &r->dns_domain), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_dns_domain_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->dns_domain, length_dns_domain_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_dns_domain_0, 0); } if (r->forest) { @@ -154,11 +164,13 @@ static enum ndr_err_code ndr_pull_dssetup_DsRolePrimaryDomInfoBasic(struct ndr_p NDR_PULL_SET_MEM_CTX(ndr, r->forest, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->forest)); NDR_CHECK(ndr_pull_array_length(ndr, &r->forest)); - if (ndr_get_array_length(ndr, &r->forest) > ndr_get_array_size(ndr, &r->forest)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->forest), ndr_get_array_length(ndr, &r->forest)); + size_forest_1 = ndr_get_array_size(ndr, &r->forest); + length_forest_1 = ndr_get_array_length(ndr, &r->forest); + if (length_forest_1 > size_forest_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_forest_1, length_forest_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->forest), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->forest, ndr_get_array_length(ndr, &r->forest), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_forest_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->forest, length_forest_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_forest_0, 0); } } diff --git a/librpc/gen_ndr/ndr_echo.c b/librpc/gen_ndr/ndr_echo.c index e555c2f..b0b2da2 100644 --- a/librpc/gen_ndr/ndr_echo.c +++ b/librpc/gen_ndr/ndr_echo.c @@ -595,16 +595,18 @@ static enum ndr_err_code ndr_push_echo_Surrounding(struct ndr_push *ndr, int ndr static enum ndr_err_code ndr_pull_echo_Surrounding(struct ndr_pull *ndr, int ndr_flags, struct echo_Surrounding *r) { + uint32_t size_surrounding_0 = 0; uint32_t cntr_surrounding_0; TALLOC_CTX *_mem_save_surrounding_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_array_size(ndr, &r->surrounding)); NDR_CHECK(ndr_pull_align(ndr, 4)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->x)); - NDR_PULL_ALLOC_N(ndr, r->surrounding, ndr_get_array_size(ndr, &r->surrounding)); + size_surrounding_0 = ndr_get_array_size(ndr, &r->surrounding); + NDR_PULL_ALLOC_N(ndr, r->surrounding, size_surrounding_0); _mem_save_surrounding_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->surrounding, 0); - for (cntr_surrounding_0 = 0; cntr_surrounding_0 < r->x; cntr_surrounding_0++) { + for (cntr_surrounding_0 = 0; cntr_surrounding_0 < size_surrounding_0; cntr_surrounding_0++) { NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, &r->surrounding[cntr_surrounding_0])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_surrounding_0, 0); @@ -713,21 +715,25 @@ static enum ndr_err_code ndr_push_echo_EchoData(struct ndr_push *ndr, int flags, static enum ndr_err_code ndr_pull_echo_EchoData(struct ndr_pull *ndr, int flags, struct echo_EchoData *r) { + uint32_t size_in_data_0 = 0; + uint32_t size_out_data_0 = 0; if (flags & NDR_IN) { ZERO_STRUCT(r->out); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.len)); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.in_data)); - NDR_PULL_ALLOC_N(ndr, r->in.in_data, ndr_get_array_size(ndr, &r->in.in_data)); - NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->in.in_data, ndr_get_array_size(ndr, &r->in.in_data))); + size_in_data_0 = ndr_get_array_size(ndr, &r->in.in_data); + NDR_PULL_ALLOC_N(ndr, r->in.in_data, size_in_data_0); + NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->in.in_data, size_in_data_0)); if (r->in.in_data) { NDR_CHECK(ndr_check_array_size(ndr, (void*)&r->in.in_data, r->in.len)); } } if (flags & NDR_OUT) { NDR_CHECK(ndr_pull_array_size(ndr, &r->out.out_data)); - NDR_PULL_ALLOC_N(ndr, r->out.out_data, ndr_get_array_size(ndr, &r->out.out_data)); - NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->out.out_data, ndr_get_array_size(ndr, &r->out.out_data))); + size_out_data_0 = ndr_get_array_size(ndr, &r->out.out_data); + NDR_PULL_ALLOC_N(ndr, r->out.out_data, size_out_data_0); + NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->out.out_data, size_out_data_0)); if (r->out.out_data) { NDR_CHECK(ndr_check_array_size(ndr, (void*)&r->out.out_data, r->in.len)); } @@ -772,11 +778,13 @@ static enum ndr_err_code ndr_push_echo_SinkData(struct ndr_push *ndr, int flags, static enum ndr_err_code ndr_pull_echo_SinkData(struct ndr_pull *ndr, int flags, struct echo_SinkData *r) { + uint32_t size_data_0 = 0; if (flags & NDR_IN) { NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.len)); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.data)); - NDR_PULL_ALLOC_N(ndr, r->in.data, ndr_get_array_size(ndr, &r->in.data)); - NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->in.data, ndr_get_array_size(ndr, &r->in.data))); + size_data_0 = ndr_get_array_size(ndr, &r->in.data); + NDR_PULL_ALLOC_N(ndr, r->in.data, size_data_0); + NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->in.data, size_data_0)); if (r->in.data) { NDR_CHECK(ndr_check_array_size(ndr, (void*)&r->in.data, r->in.len)); } @@ -822,6 +830,7 @@ static enum ndr_err_code ndr_push_echo_SourceData(struct ndr_push *ndr, int flag static enum ndr_err_code ndr_pull_echo_SourceData(struct ndr_pull *ndr, int flags, struct echo_SourceData *r) { + uint32_t size_data_0 = 0; if (flags & NDR_IN) { ZERO_STRUCT(r->out); @@ -829,8 +838,9 @@ static enum ndr_err_code ndr_pull_echo_SourceData(struct ndr_pull *ndr, int flag } if (flags & NDR_OUT) { NDR_CHECK(ndr_pull_array_size(ndr, &r->out.data)); - NDR_PULL_ALLOC_N(ndr, r->out.data, ndr_get_array_size(ndr, &r->out.data)); - NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->out.data, ndr_get_array_size(ndr, &r->out.data))); + size_data_0 = ndr_get_array_size(ndr, &r->out.data); + NDR_PULL_ALLOC_N(ndr, r->out.data, size_data_0); + NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->out.data, size_data_0)); if (r->out.data) { NDR_CHECK(ndr_check_array_size(ndr, (void*)&r->out.data, r->in.len)); } @@ -888,7 +898,11 @@ static enum ndr_err_code ndr_push_echo_TestCall(struct ndr_push *ndr, int flags, static enum ndr_err_code ndr_pull_echo_TestCall(struct ndr_pull *ndr, int flags, struct echo_TestCall *r) { + uint32_t size_s1_1 = 0; + uint32_t length_s1_1 = 0; uint32_t _ptr_s2; + uint32_t size_s2_2 = 0; + uint32_t length_s2_2 = 0; TALLOC_CTX *_mem_save_s2_0; TALLOC_CTX *_mem_save_s2_1; if (flags & NDR_IN) { @@ -896,11 +910,13 @@ static enum ndr_err_code ndr_pull_echo_TestCall(struct ndr_pull *ndr, int flags, NDR_CHECK(ndr_pull_array_size(ndr, &r->in.s1)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.s1)); - if (ndr_get_array_length(ndr, &r->in.s1) > ndr_get_array_size(ndr, &r->in.s1)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.s1), ndr_get_array_length(ndr, &r->in.s1)); + size_s1_1 = ndr_get_array_size(ndr, &r->in.s1); + length_s1_1 = ndr_get_array_length(ndr, &r->in.s1); + if (length_s1_1 > size_s1_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_s1_1, length_s1_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.s1), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.s1, ndr_get_array_length(ndr, &r->in.s1), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_s1_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.s1, length_s1_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_ALLOC(ndr, r->out.s2); ZERO_STRUCTP(r->out.s2); } @@ -921,11 +937,13 @@ static enum ndr_err_code ndr_pull_echo_TestCall(struct ndr_pull *ndr, int flags, NDR_PULL_SET_MEM_CTX(ndr, *r->out.s2, 0); NDR_CHECK(ndr_pull_array_size(ndr, r->out.s2)); NDR_CHECK(ndr_pull_array_length(ndr, r->out.s2)); - if (ndr_get_array_length(ndr, r->out.s2) > ndr_get_array_size(ndr, r->out.s2)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, r->out.s2), ndr_get_array_length(ndr, r->out.s2)); + size_s2_2 = ndr_get_array_size(ndr, r->out.s2); + length_s2_2 = ndr_get_array_length(ndr, r->out.s2); + if (length_s2_2 > size_s2_2) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_s2_2, length_s2_2); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, r->out.s2), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, r->out.s2, ndr_get_array_length(ndr, r->out.s2), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_s2_2, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, r->out.s2, length_s2_2, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_s2_1, 0); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_s2_0, LIBNDR_FLAG_REF_ALLOC); diff --git a/librpc/gen_ndr/ndr_epmapper.c b/librpc/gen_ndr/ndr_epmapper.c index ad1c66c..1379e75 100644 --- a/librpc/gen_ndr/ndr_epmapper.c +++ b/librpc/gen_ndr/ndr_epmapper.c @@ -1531,6 +1531,7 @@ static enum ndr_err_code ndr_push_epm_tower(struct ndr_push *ndr, int ndr_flags, static enum ndr_err_code ndr_pull_epm_tower(struct ndr_pull *ndr, int ndr_flags, struct epm_tower *r) { + uint32_t size_floors_0 = 0; uint32_t cntr_floors_0; TALLOC_CTX *_mem_save_floors_0; { @@ -1539,10 +1540,11 @@ static enum ndr_err_code ndr_pull_epm_tower(struct ndr_pull *ndr, int ndr_flags, if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 2)); NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, &r->num_floors)); - NDR_PULL_ALLOC_N(ndr, r->floors, r->num_floors); + size_floors_0 = r->num_floors; + NDR_PULL_ALLOC_N(ndr, r->floors, size_floors_0); _mem_save_floors_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->floors, 0); - for (cntr_floors_0 = 0; cntr_floors_0 < r->num_floors; cntr_floors_0++) { + for (cntr_floors_0 = 0; cntr_floors_0 < size_floors_0; cntr_floors_0++) { NDR_CHECK(ndr_pull_epm_floor(ndr, NDR_SCALARS, &r->floors[cntr_floors_0])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_floors_0, 0); @@ -1649,6 +1651,7 @@ static enum ndr_err_code ndr_pull_epm_entry_t(struct ndr_pull *ndr, int ndr_flag { uint32_t _ptr_tower; TALLOC_CTX *_mem_save_tower_0; + uint32_t size_annotation_0 = 0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); NDR_CHECK(ndr_pull_GUID(ndr, NDR_SCALARS, &r->object)); @@ -1660,7 +1663,8 @@ static enum ndr_err_code ndr_pull_epm_entry_t(struct ndr_pull *ndr, int ndr_flag } NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->__annotation_offset)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->__annotation_length)); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->annotation, r->__annotation_length, sizeof(uint8_t), CH_DOS)); + size_annotation_0 = r->__annotation_length; + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->annotation, size_annotation_0, sizeof(uint8_t), CH_DOS)); } if (ndr_flags & NDR_BUFFERS) { if (r->tower) { @@ -1799,18 +1803,20 @@ static enum ndr_err_code ndr_push_epm_Insert(struct ndr_push *ndr, int flags, co static enum ndr_err_code ndr_pull_epm_Insert(struct ndr_pull *ndr, int flags, struct epm_Insert *r) { + uint32_t size_entries_0 = 0; uint32_t cntr_entries_0; TALLOC_CTX *_mem_save_entries_0; if (flags & NDR_IN) { NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.num_ents)); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.entries)); - NDR_PULL_ALLOC_N(ndr, r->in.entries, ndr_get_array_size(ndr, &r->in.entries)); + size_entries_0 = ndr_get_array_size(ndr, &r->in.entries); + NDR_PULL_ALLOC_N(ndr, r->in.entries, size_entries_0); _mem_save_entries_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->in.entries, 0); - for (cntr_entries_0 = 0; cntr_entries_0 < r->in.num_ents; cntr_entries_0++) { + for (cntr_entries_0 = 0; cntr_entries_0 < size_entries_0; cntr_entries_0++) { NDR_CHECK(ndr_pull_epm_entry_t(ndr, NDR_SCALARS, &r->in.entries[cntr_entries_0])); } - for (cntr_entries_0 = 0; cntr_entries_0 < r->in.num_ents; cntr_entries_0++) { + for (cntr_entries_0 = 0; cntr_entries_0 < size_entries_0; cntr_entries_0++) { NDR_CHECK(ndr_pull_epm_entry_t(ndr, NDR_BUFFERS, &r->in.entries[cntr_entries_0])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_entries_0, 0); @@ -1880,18 +1886,20 @@ static enum ndr_err_code ndr_push_epm_Delete(struct ndr_push *ndr, int flags, co static enum ndr_err_code ndr_pull_epm_Delete(struct ndr_pull *ndr, int flags, struct epm_Delete *r) { + uint32_t size_entries_0 = 0; uint32_t cntr_entries_0; TALLOC_CTX *_mem_save_entries_0; if (flags & NDR_IN) { NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.num_ents)); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.entries)); - NDR_PULL_ALLOC_N(ndr, r->in.entries, ndr_get_array_size(ndr, &r->in.entries)); + size_entries_0 = ndr_get_array_size(ndr, &r->in.entries); + NDR_PULL_ALLOC_N(ndr, r->in.entries, size_entries_0); _mem_save_entries_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->in.entries, 0); - for (cntr_entries_0 = 0; cntr_entries_0 < r->in.num_ents; cntr_entries_0++) { + for (cntr_entries_0 = 0; cntr_entries_0 < size_entries_0; cntr_entries_0++) { NDR_CHECK(ndr_pull_epm_entry_t(ndr, NDR_SCALARS, &r->in.entries[cntr_entries_0])); } - for (cntr_entries_0 = 0; cntr_entries_0 < r->in.num_ents; cntr_entries_0++) { + for (cntr_entries_0 = 0; cntr_entries_0 < size_entries_0; cntr_entries_0++) { NDR_CHECK(ndr_pull_epm_entry_t(ndr, NDR_BUFFERS, &r->in.entries[cntr_entries_0])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_entries_0, 0); @@ -1985,6 +1993,8 @@ static enum ndr_err_code ndr_pull_epm_Lookup(struct ndr_pull *ndr, int flags, st { uint32_t _ptr_object; uint32_t _ptr_interface_id; + uint32_t size_entries_0 = 0; + uint32_t length_entries_0 = 0; uint32_t cntr_entries_0; TALLOC_CTX *_mem_save_object_0; TALLOC_CTX *_mem_save_interface_id_0; @@ -2050,16 +2060,18 @@ static enum ndr_err_code ndr_pull_epm_Lookup(struct ndr_pull *ndr, int flags, st NDR_PULL_SET_MEM_CTX(ndr, _mem_save_num_ents_0, LIBNDR_FLAG_REF_ALLOC); NDR_CHECK(ndr_pull_array_size(ndr, &r->out.entries)); NDR_CHECK(ndr_pull_array_length(ndr, &r->out.entries)); - if (ndr_get_array_length(ndr, &r->out.entries) > ndr_get_array_size(ndr, &r->out.entries)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->out.entries), ndr_get_array_length(ndr, &r->out.entries)); + size_entries_0 = ndr_get_array_size(ndr, &r->out.entries); + length_entries_0 = ndr_get_array_length(ndr, &r->out.entries); + if (length_entries_0 > size_entries_0) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_entries_0, length_entries_0); } - NDR_PULL_ALLOC_N(ndr, r->out.entries, ndr_get_array_size(ndr, &r->out.entries)); + NDR_PULL_ALLOC_N(ndr, r->out.entries, size_entries_0); _mem_save_entries_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->out.entries, 0); - for (cntr_entries_0 = 0; cntr_entries_0 < *r->out.num_ents; cntr_entries_0++) { + for (cntr_entries_0 = 0; cntr_entries_0 < length_entries_0; cntr_entries_0++) { NDR_CHECK(ndr_pull_epm_entry_t(ndr, NDR_SCALARS, &r->out.entries[cntr_entries_0])); } - for (cntr_entries_0 = 0; cntr_entries_0 < *r->out.num_ents; cntr_entries_0++) { + for (cntr_entries_0 = 0; cntr_entries_0 < length_entries_0; cntr_entries_0++) { NDR_CHECK(ndr_pull_epm_entry_t(ndr, NDR_BUFFERS, &r->out.entries[cntr_entries_0])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_entries_0, 0); @@ -2178,6 +2190,8 @@ _PUBLIC_ enum ndr_err_code ndr_pull_epm_Map(struct ndr_pull *ndr, int flags, str { uint32_t _ptr_object; uint32_t _ptr_map_tower; + uint32_t size_towers_0 = 0; + uint32_t length_towers_0 = 0; uint32_t cntr_towers_0; TALLOC_CTX *_mem_save_object_0; TALLOC_CTX *_mem_save_map_tower_0; @@ -2241,16 +2255,18 @@ _PUBLIC_ enum ndr_err_code ndr_pull_epm_Map(struct ndr_pull *ndr, int flags, str NDR_PULL_SET_MEM_CTX(ndr, _mem_save_num_towers_0, LIBNDR_FLAG_REF_ALLOC); NDR_CHECK(ndr_pull_array_size(ndr, &r->out.towers)); NDR_CHECK(ndr_pull_array_length(ndr, &r->out.towers)); - if (ndr_get_array_length(ndr, &r->out.towers) > ndr_get_array_size(ndr, &r->out.towers)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->out.towers), ndr_get_array_length(ndr, &r->out.towers)); + size_towers_0 = ndr_get_array_size(ndr, &r->out.towers); + length_towers_0 = ndr_get_array_length(ndr, &r->out.towers); + if (length_towers_0 > size_towers_0) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_towers_0, length_towers_0); } - NDR_PULL_ALLOC_N(ndr, r->out.towers, ndr_get_array_size(ndr, &r->out.towers)); + NDR_PULL_ALLOC_N(ndr, r->out.towers, size_towers_0); _mem_save_towers_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->out.towers, 0); - for (cntr_towers_0 = 0; cntr_towers_0 < *r->out.num_towers; cntr_towers_0++) { + for (cntr_towers_0 = 0; cntr_towers_0 < length_towers_0; cntr_towers_0++) { NDR_CHECK(ndr_pull_epm_twr_p_t(ndr, NDR_SCALARS, &r->out.towers[cntr_towers_0])); } - for (cntr_towers_0 = 0; cntr_towers_0 < *r->out.num_towers; cntr_towers_0++) { + for (cntr_towers_0 = 0; cntr_towers_0 < length_towers_0; cntr_towers_0++) { NDR_CHECK(ndr_pull_epm_twr_p_t(ndr, NDR_BUFFERS, &r->out.towers[cntr_towers_0])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_towers_0, 0); diff --git a/librpc/gen_ndr/ndr_eventlog.c b/librpc/gen_ndr/ndr_eventlog.c index 33d27db..10ed06e 100644 --- a/librpc/gen_ndr/ndr_eventlog.c +++ b/librpc/gen_ndr/ndr_eventlog.c @@ -153,6 +153,8 @@ _PUBLIC_ enum ndr_err_code ndr_push_eventlog_Record_tdb(struct ndr_push *ndr, in _PUBLIC_ enum ndr_err_code ndr_pull_eventlog_Record_tdb(struct ndr_pull *ndr, int ndr_flags, struct eventlog_Record_tdb *r) { + uint32_t size_reserved_0 = 0; + uint32_t size_strings_0 = 0; uint32_t cntr_strings_0; TALLOC_CTX *_mem_save_strings_0; { @@ -161,7 +163,8 @@ _PUBLIC_ enum ndr_err_code ndr_pull_eventlog_Record_tdb(struct ndr_pull *ndr, in if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->size)); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->reserved, 4, sizeof(uint8_t), CH_DOS)); + size_reserved_0 = 4; + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->reserved, size_reserved_0, sizeof(uint8_t), CH_DOS)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->record_number)); NDR_CHECK(ndr_pull_time_t(ndr, NDR_SCALARS, &r->time_generated)); NDR_CHECK(ndr_pull_time_t(ndr, NDR_SCALARS, &r->time_written)); @@ -199,10 +202,11 @@ _PUBLIC_ enum ndr_err_code ndr_pull_eventlog_Record_tdb(struct ndr_pull *ndr, in { uint32_t _flags_save_string = ndr->flags; ndr_set_flags(&ndr->flags, LIBNDR_FLAG_STR_NULLTERM); - NDR_PULL_ALLOC_N(ndr, r->strings, r->num_of_strings); + size_strings_0 = r->num_of_strings; + NDR_PULL_ALLOC_N(ndr, r->strings, size_strings_0); _mem_save_strings_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->strings, 0); - for (cntr_strings_0 = 0; cntr_strings_0 < r->num_of_strings; cntr_strings_0++) { + for (cntr_strings_0 = 0; cntr_strings_0 < size_strings_0; cntr_strings_0++) { NDR_CHECK(ndr_pull_string(ndr, NDR_SCALARS, &r->strings[cntr_strings_0])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_strings_0, 0); @@ -317,10 +321,12 @@ _PUBLIC_ enum ndr_err_code ndr_push_EVENTLOGHEADER(struct ndr_push *ndr, int ndr _PUBLIC_ enum ndr_err_code ndr_pull_EVENTLOGHEADER(struct ndr_pull *ndr, int ndr_flags, struct EVENTLOGHEADER *r) { + uint32_t size_Signature_0 = 0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->HeaderSize)); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->Signature, 4, sizeof(uint8_t), CH_DOS)); + size_Signature_0 = 4; + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->Signature, size_Signature_0, sizeof(uint8_t), CH_DOS)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->MajorVersion)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->MinorVersion)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->StartOffset)); @@ -434,12 +440,16 @@ _PUBLIC_ enum ndr_err_code ndr_push_EVENTLOGRECORD(struct ndr_push *ndr, int ndr _PUBLIC_ enum ndr_err_code ndr_pull_EVENTLOGRECORD(struct ndr_pull *ndr, int ndr_flags, struct EVENTLOGRECORD *r) { + uint32_t size_Reserved_0 = 0; + uint32_t size_Strings_0 = 0; uint32_t cntr_Strings_0; TALLOC_CTX *_mem_save_Strings_0; + uint32_t size_Data_0 = 0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->Length)); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->Reserved, 4, sizeof(uint8_t), CH_DOS)); + size_Reserved_0 = 4; + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->Reserved, size_Reserved_0, sizeof(uint8_t), CH_DOS)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->RecordNumber)); NDR_CHECK(ndr_pull_time_t(ndr, NDR_SCALARS, &r->TimeGenerated)); NDR_CHECK(ndr_pull_time_t(ndr, NDR_SCALARS, &r->TimeWritten)); @@ -480,10 +490,11 @@ _PUBLIC_ enum ndr_err_code ndr_pull_EVENTLOGRECORD(struct ndr_pull *ndr, int ndr { uint32_t _flags_save_string = ndr->flags; ndr_set_flags(&ndr->flags, LIBNDR_FLAG_STR_NULLTERM); - NDR_PULL_ALLOC_N(ndr, r->Strings, r->NumStrings); + size_Strings_0 = r->NumStrings; + NDR_PULL_ALLOC_N(ndr, r->Strings, size_Strings_0); _mem_save_Strings_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->Strings, 0); - for (cntr_Strings_0 = 0; cntr_Strings_0 < r->NumStrings; cntr_Strings_0++) { + for (cntr_Strings_0 = 0; cntr_Strings_0 < size_Strings_0; cntr_Strings_0++) { NDR_CHECK(ndr_pull_string(ndr, NDR_SCALARS, &r->Strings[cntr_Strings_0])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_Strings_0, 0); @@ -492,8 +503,9 @@ _PUBLIC_ enum ndr_err_code ndr_pull_EVENTLOGRECORD(struct ndr_pull *ndr, int ndr { uint32_t _flags_save_uint8 = ndr->flags; ndr_set_flags(&ndr->flags, LIBNDR_PRINT_ARRAY_HEX); - NDR_PULL_ALLOC_N(ndr, r->Data, r->DataLength); - NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->Data, r->DataLength)); + size_Data_0 = r->DataLength; + NDR_PULL_ALLOC_N(ndr, r->Data, size_Data_0); + NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->Data, size_Data_0)); ndr->flags = _flags_save_uint8; } { @@ -637,24 +649,27 @@ _PUBLIC_ enum ndr_err_code ndr_push_EVENTLOG_EVT_FILE(struct ndr_push *ndr, int _PUBLIC_ enum ndr_err_code ndr_pull_EVENTLOG_EVT_FILE(struct ndr_pull *ndr, int ndr_flags, struct EVENTLOG_EVT_FILE *r) { + uint32_t size_records_0 = 0; uint32_t cntr_records_0; TALLOC_CTX *_mem_save_records_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); NDR_CHECK(ndr_pull_EVENTLOGHEADER(ndr, NDR_SCALARS, &r->hdr)); - NDR_PULL_ALLOC_N(ndr, r->records, r->hdr.CurrentRecordNumber - r->hdr.OldestRecordNumber); + size_records_0 = r->hdr.CurrentRecordNumber - r->hdr.OldestRecordNumber; + NDR_PULL_ALLOC_N(ndr, r->records, size_records_0); _mem_save_records_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->records, 0); - for (cntr_records_0 = 0; cntr_records_0 < r->hdr.CurrentRecordNumber - r->hdr.OldestRecordNumber; cntr_records_0++) { + for (cntr_records_0 = 0; cntr_records_0 < size_records_0; cntr_records_0++) { NDR_CHECK(ndr_pull_EVENTLOGRECORD(ndr, NDR_SCALARS, &r->records[cntr_records_0])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_records_0, 0); NDR_CHECK(ndr_pull_EVENTLOGEOF(ndr, NDR_SCALARS, &r->eof)); } if (ndr_flags & NDR_BUFFERS) { + size_records_0 = r->hdr.CurrentRecordNumber - r->hdr.OldestRecordNumber; _mem_save_records_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->records, 0); - for (cntr_records_0 = 0; cntr_records_0 < r->hdr.CurrentRecordNumber - r->hdr.OldestRecordNumber; cntr_records_0++) { + for (cntr_records_0 = 0; cntr_records_0 < size_records_0; cntr_records_0++) { NDR_CHECK(ndr_pull_EVENTLOGRECORD(ndr, NDR_BUFFERS, &r->records[cntr_records_0])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_records_0, 0); @@ -1598,6 +1613,7 @@ static enum ndr_err_code ndr_push_eventlog_ReadEventLogW(struct ndr_push *ndr, i static enum ndr_err_code ndr_pull_eventlog_ReadEventLogW(struct ndr_pull *ndr, int flags, struct eventlog_ReadEventLogW *r) { + uint32_t size_data_1 = 0; TALLOC_CTX *_mem_save_handle_0; TALLOC_CTX *_mem_save_sent_size_0; TALLOC_CTX *_mem_save_real_size_0; @@ -1626,10 +1642,11 @@ static enum ndr_err_code ndr_pull_eventlog_ReadEventLogW(struct ndr_pull *ndr, i } if (flags & NDR_OUT) { NDR_CHECK(ndr_pull_array_size(ndr, &r->out.data)); + size_data_1 = ndr_get_array_size(ndr, &r->out.data); if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) { - NDR_PULL_ALLOC_N(ndr, r->out.data, ndr_get_array_size(ndr, &r->out.data)); + NDR_PULL_ALLOC_N(ndr, r->out.data, size_data_1); } - NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->out.data, ndr_get_array_size(ndr, &r->out.data))); + NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->out.data, size_data_1)); if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) { NDR_PULL_ALLOC(ndr, r->out.sent_size); } @@ -1759,8 +1776,10 @@ static enum ndr_err_code ndr_pull_eventlog_ReportEventW(struct ndr_pull *ndr, in { uint32_t _ptr_user_sid; uint32_t _ptr_strings; + uint32_t size_strings_1 = 0; uint32_t cntr_strings_1; uint32_t _ptr_data; + uint32_t size_data_1 = 0; uint32_t _ptr_record_number; uint32_t _ptr_time_written; TALLOC_CTX *_mem_save_handle_0; @@ -1823,12 +1842,13 @@ static enum ndr_err_code ndr_pull_eventlog_ReportEventW(struct ndr_pull *ndr, in _mem_save_strings_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->in.strings, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.strings)); - NDR_PULL_ALLOC_N(ndr, r->in.strings, ndr_get_array_size(ndr, &r->in.strings)); + size_strings_1 = ndr_get_array_size(ndr, &r->in.strings); + NDR_PULL_ALLOC_N(ndr, r->in.strings, size_strings_1); _mem_save_strings_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->in.strings, 0); - for (cntr_strings_1 = 0; cntr_strings_1 < r->in.num_of_strings; cntr_strings_1++) { + for (cntr_strings_1 = 0; cntr_strings_1 < size_strings_1; cntr_strings_1++) { } - for (cntr_strings_1 = 0; cntr_strings_1 < r->in.num_of_strings; cntr_strings_1++) { + for (cntr_strings_1 = 0; cntr_strings_1 < size_strings_1; cntr_strings_1++) { NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_strings)); if (_ptr_strings) { NDR_PULL_ALLOC(ndr, r->in.strings[cntr_strings_1]); @@ -1855,8 +1875,9 @@ static enum ndr_err_code ndr_pull_eventlog_ReportEventW(struct ndr_pull *ndr, in _mem_save_data_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->in.data, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.data)); - NDR_PULL_ALLOC_N(ndr, r->in.data, ndr_get_array_size(ndr, &r->in.data)); - NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->in.data, ndr_get_array_size(ndr, &r->in.data))); + size_data_1 = ndr_get_array_size(ndr, &r->in.data); + NDR_PULL_ALLOC_N(ndr, r->in.data, size_data_1); + NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->in.data, size_data_1)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_data_0, 0); } NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, &r->in.flags)); @@ -2451,6 +2472,7 @@ static enum ndr_err_code ndr_push_eventlog_GetLogInformation(struct ndr_push *nd static enum ndr_err_code ndr_pull_eventlog_GetLogInformation(struct ndr_pull *ndr, int flags, struct eventlog_GetLogInformation *r) { + uint32_t size_buffer_1 = 0; TALLOC_CTX *_mem_save_handle_0; TALLOC_CTX *_mem_save_bytes_needed_0; if (flags & NDR_IN) { @@ -2475,10 +2497,11 @@ static enum ndr_err_code ndr_pull_eventlog_GetLogInformation(struct ndr_pull *nd } if (flags & NDR_OUT) { NDR_CHECK(ndr_pull_array_size(ndr, &r->out.buffer)); + size_buffer_1 = ndr_get_array_size(ndr, &r->out.buffer); if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) { - NDR_PULL_ALLOC_N(ndr, r->out.buffer, ndr_get_array_size(ndr, &r->out.buffer)); + NDR_PULL_ALLOC_N(ndr, r->out.buffer, size_buffer_1); } - NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->out.buffer, ndr_get_array_size(ndr, &r->out.buffer))); + NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->out.buffer, size_buffer_1)); if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) { NDR_PULL_ALLOC(ndr, r->out.bytes_needed); } @@ -2657,8 +2680,10 @@ static enum ndr_err_code ndr_pull_eventlog_ReportEventAndSourceW(struct ndr_pull { uint32_t _ptr_user_sid; uint32_t _ptr_strings; + uint32_t size_strings_1 = 0; uint32_t cntr_strings_1; uint32_t _ptr_data; + uint32_t size_data_1 = 0; uint32_t _ptr_record_number; uint32_t _ptr_time_written; TALLOC_CTX *_mem_save_handle_0; @@ -2729,12 +2754,13 @@ static enum ndr_err_code ndr_pull_eventlog_ReportEventAndSourceW(struct ndr_pull _mem_save_strings_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->in.strings, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.strings)); - NDR_PULL_ALLOC_N(ndr, r->in.strings, ndr_get_array_size(ndr, &r->in.strings)); + size_strings_1 = ndr_get_array_size(ndr, &r->in.strings); + NDR_PULL_ALLOC_N(ndr, r->in.strings, size_strings_1); _mem_save_strings_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->in.strings, 0); - for (cntr_strings_1 = 0; cntr_strings_1 < r->in.num_of_strings; cntr_strings_1++) { + for (cntr_strings_1 = 0; cntr_strings_1 < size_strings_1; cntr_strings_1++) { } - for (cntr_strings_1 = 0; cntr_strings_1 < r->in.num_of_strings; cntr_strings_1++) { + for (cntr_strings_1 = 0; cntr_strings_1 < size_strings_1; cntr_strings_1++) { NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_strings)); if (_ptr_strings) { NDR_PULL_ALLOC(ndr, r->in.strings[cntr_strings_1]); @@ -2761,8 +2787,9 @@ static enum ndr_err_code ndr_pull_eventlog_ReportEventAndSourceW(struct ndr_pull _mem_save_data_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->in.data, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.data)); - NDR_PULL_ALLOC_N(ndr, r->in.data, ndr_get_array_size(ndr, &r->in.data)); - NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->in.data, ndr_get_array_size(ndr, &r->in.data))); + size_data_1 = ndr_get_array_size(ndr, &r->in.data); + NDR_PULL_ALLOC_N(ndr, r->in.data, size_data_1); + NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->in.data, size_data_1)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_data_0, 0); } NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, &r->in.flags)); diff --git a/librpc/gen_ndr/ndr_krb5pac.c b/librpc/gen_ndr/ndr_krb5pac.c index 7a2a476..fa8c97f 100644 --- a/librpc/gen_ndr/ndr_krb5pac.c +++ b/librpc/gen_ndr/ndr_krb5pac.c @@ -21,11 +21,13 @@ static enum ndr_err_code ndr_push_PAC_LOGON_NAME(struct ndr_push *ndr, int ndr_f static enum ndr_err_code ndr_pull_PAC_LOGON_NAME(struct ndr_pull *ndr, int ndr_flags, struct PAC_LOGON_NAME *r) { + uint32_t size_account_name_0 = 0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); NDR_CHECK(ndr_pull_NTTIME(ndr, NDR_SCALARS, &r->logon_time)); NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, &r->size)); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->account_name, r->size, sizeof(uint8_t), CH_UTF16)); + size_account_name_0 = r->size; + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->account_name, size_account_name_0, sizeof(uint8_t), CH_UTF16)); } if (ndr_flags & NDR_BUFFERS) { } @@ -456,24 +458,27 @@ _PUBLIC_ enum ndr_err_code ndr_push_PAC_DATA(struct ndr_push *ndr, int ndr_flags _PUBLIC_ enum ndr_err_code ndr_pull_PAC_DATA(struct ndr_pull *ndr, int ndr_flags, struct PAC_DATA *r) { + uint32_t size_buffers_0 = 0; uint32_t cntr_buffers_0; TALLOC_CTX *_mem_save_buffers_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->num_buffers)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->version)); - NDR_PULL_ALLOC_N(ndr, r->buffers, r->num_buffers); + size_buffers_0 = r->num_buffers; + NDR_PULL_ALLOC_N(ndr, r->buffers, size_buffers_0); _mem_save_buffers_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->buffers, 0); - for (cntr_buffers_0 = 0; cntr_buffers_0 < r->num_buffers; cntr_buffers_0++) { + for (cntr_buffers_0 = 0; cntr_buffers_0 < size_buffers_0; cntr_buffers_0++) { NDR_CHECK(ndr_pull_PAC_BUFFER(ndr, NDR_SCALARS, &r->buffers[cntr_buffers_0])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_buffers_0, 0); } if (ndr_flags & NDR_BUFFERS) { + size_buffers_0 = r->num_buffers; _mem_save_buffers_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->buffers, 0); - for (cntr_buffers_0 = 0; cntr_buffers_0 < r->num_buffers; cntr_buffers_0++) { + for (cntr_buffers_0 = 0; cntr_buffers_0 < size_buffers_0; cntr_buffers_0++) { NDR_CHECK(ndr_pull_PAC_BUFFER(ndr, NDR_BUFFERS, &r->buffers[cntr_buffers_0])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_buffers_0, 0); @@ -619,24 +624,27 @@ _PUBLIC_ enum ndr_err_code ndr_push_PAC_DATA_RAW(struct ndr_push *ndr, int ndr_f _PUBLIC_ enum ndr_err_code ndr_pull_PAC_DATA_RAW(struct ndr_pull *ndr, int ndr_flags, struct PAC_DATA_RAW *r) { + uint32_t size_buffers_0 = 0; uint32_t cntr_buffers_0; TALLOC_CTX *_mem_save_buffers_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->num_buffers)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->version)); - NDR_PULL_ALLOC_N(ndr, r->buffers, r->num_buffers); + size_buffers_0 = r->num_buffers; + NDR_PULL_ALLOC_N(ndr, r->buffers, size_buffers_0); _mem_save_buffers_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->buffers, 0); - for (cntr_buffers_0 = 0; cntr_buffers_0 < r->num_buffers; cntr_buffers_0++) { + for (cntr_buffers_0 = 0; cntr_buffers_0 < size_buffers_0; cntr_buffers_0++) { NDR_CHECK(ndr_pull_PAC_BUFFER_RAW(ndr, NDR_SCALARS, &r->buffers[cntr_buffers_0])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_buffers_0, 0); } if (ndr_flags & NDR_BUFFERS) { + size_buffers_0 = r->num_buffers; _mem_save_buffers_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->buffers, 0); - for (cntr_buffers_0 = 0; cntr_buffers_0 < r->num_buffers; cntr_buffers_0++) { + for (cntr_buffers_0 = 0; cntr_buffers_0 < size_buffers_0; cntr_buffers_0++) { NDR_CHECK(ndr_pull_PAC_BUFFER_RAW(ndr, NDR_BUFFERS, &r->buffers[cntr_buffers_0])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_buffers_0, 0); diff --git a/librpc/gen_ndr/ndr_lsa.c b/librpc/gen_ndr/ndr_lsa.c index 2aee3f7..6ebc703 100644 --- a/librpc/gen_ndr/ndr_lsa.c +++ b/librpc/gen_ndr/ndr_lsa.c @@ -27,6 +27,8 @@ _PUBLIC_ enum ndr_err_code ndr_push_lsa_String(struct ndr_push *ndr, int ndr_fla _PUBLIC_ enum ndr_err_code ndr_pull_lsa_String(struct ndr_pull *ndr, int ndr_flags, struct lsa_String *r) { uint32_t _ptr_string; + uint32_t size_string_1 = 0; + uint32_t length_string_1 = 0; TALLOC_CTX *_mem_save_string_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); @@ -45,10 +47,12 @@ _PUBLIC_ enum ndr_err_code ndr_pull_lsa_String(struct ndr_pull *ndr, int ndr_fla NDR_PULL_SET_MEM_CTX(ndr, r->string, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->string)); NDR_CHECK(ndr_pull_array_length(ndr, &r->string)); - if (ndr_get_array_length(ndr, &r->string) > ndr_get_array_size(ndr, &r->string)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->string), ndr_get_array_length(ndr, &r->string)); + size_string_1 = ndr_get_array_size(ndr, &r->string); + length_string_1 = ndr_get_array_length(ndr, &r->string); + if (length_string_1 > size_string_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_string_1, length_string_1); } - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->string, ndr_get_array_length(ndr, &r->string), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->string, length_string_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_string_0, 0); } if (r->string) { @@ -98,6 +102,8 @@ _PUBLIC_ enum ndr_err_code ndr_push_lsa_StringLarge(struct ndr_push *ndr, int nd _PUBLIC_ enum ndr_err_code ndr_pull_lsa_StringLarge(struct ndr_pull *ndr, int ndr_flags, struct lsa_StringLarge *r) { uint32_t _ptr_string; + uint32_t size_string_1 = 0; + uint32_t length_string_1 = 0; TALLOC_CTX *_mem_save_string_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); @@ -116,10 +122,12 @@ _PUBLIC_ enum ndr_err_code ndr_pull_lsa_StringLarge(struct ndr_pull *ndr, int nd NDR_PULL_SET_MEM_CTX(ndr, r->string, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->string)); NDR_CHECK(ndr_pull_array_length(ndr, &r->string)); - if (ndr_get_array_length(ndr, &r->string) > ndr_get_array_size(ndr, &r->string)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->string), ndr_get_array_length(ndr, &r->string)); + size_string_1 = ndr_get_array_size(ndr, &r->string); + length_string_1 = ndr_get_array_length(ndr, &r->string); + if (length_string_1 > size_string_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_string_1, length_string_1); } - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->string, ndr_get_array_length(ndr, &r->string), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->string, length_string_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_string_0, 0); } if (r->string) { @@ -172,6 +180,7 @@ _PUBLIC_ enum ndr_err_code ndr_push_lsa_Strings(struct ndr_push *ndr, int ndr_fl _PUBLIC_ enum ndr_err_code ndr_pull_lsa_Strings(struct ndr_pull *ndr, int ndr_flags, struct lsa_Strings *r) { uint32_t _ptr_names; + uint32_t size_names_1 = 0; uint32_t cntr_names_1; TALLOC_CTX *_mem_save_names_0; TALLOC_CTX *_mem_save_names_1; @@ -190,13 +199,14 @@ _PUBLIC_ enum ndr_err_code ndr_pull_lsa_Strings(struct ndr_pull *ndr, int ndr_fl _mem_save_names_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->names, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->names)); - NDR_PULL_ALLOC_N(ndr, r->names, ndr_get_array_size(ndr, &r->names)); + size_names_1 = ndr_get_array_size(ndr, &r->names); + NDR_PULL_ALLOC_N(ndr, r->names, size_names_1); _mem_save_names_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->names, 0); - for (cntr_names_1 = 0; cntr_names_1 < r->count; cntr_names_1++) { + for (cntr_names_1 = 0; cntr_names_1 < size_names_1; cntr_names_1++) { NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_SCALARS, &r->names[cntr_names_1])); } - for (cntr_names_1 = 0; cntr_names_1 < r->count; cntr_names_1++) { + for (cntr_names_1 = 0; cntr_names_1 < size_names_1; cntr_names_1++) { NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_BUFFERS, &r->names[cntr_names_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_names_1, 0); @@ -255,6 +265,8 @@ _PUBLIC_ enum ndr_err_code ndr_push_lsa_AsciiString(struct ndr_push *ndr, int nd _PUBLIC_ enum ndr_err_code ndr_pull_lsa_AsciiString(struct ndr_pull *ndr, int ndr_flags, struct lsa_AsciiString *r) { uint32_t _ptr_string; + uint32_t size_string_1 = 0; + uint32_t length_string_1 = 0; TALLOC_CTX *_mem_save_string_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); @@ -273,10 +285,12 @@ _PUBLIC_ enum ndr_err_code ndr_pull_lsa_AsciiString(struct ndr_pull *ndr, int nd NDR_PULL_SET_MEM_CTX(ndr, r->string, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->string)); NDR_CHECK(ndr_pull_array_length(ndr, &r->string)); - if (ndr_get_array_length(ndr, &r->string) > ndr_get_array_size(ndr, &r->string)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->string), ndr_get_array_length(ndr, &r->string)); + size_string_1 = ndr_get_array_size(ndr, &r->string); + length_string_1 = ndr_get_array_length(ndr, &r->string); + if (length_string_1 > size_string_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_string_1, length_string_1); } - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->string, ndr_get_array_length(ndr, &r->string), sizeof(uint8_t), CH_DOS)); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->string, length_string_1, sizeof(uint8_t), CH_DOS)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_string_0, 0); } if (r->string) { @@ -326,6 +340,8 @@ _PUBLIC_ enum ndr_err_code ndr_push_lsa_AsciiStringLarge(struct ndr_push *ndr, i _PUBLIC_ enum ndr_err_code ndr_pull_lsa_AsciiStringLarge(struct ndr_pull *ndr, int ndr_flags, struct lsa_AsciiStringLarge *r) { uint32_t _ptr_string; + uint32_t size_string_1 = 0; + uint32_t length_string_1 = 0; TALLOC_CTX *_mem_save_string_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); @@ -344,10 +360,12 @@ _PUBLIC_ enum ndr_err_code ndr_pull_lsa_AsciiStringLarge(struct ndr_pull *ndr, i NDR_PULL_SET_MEM_CTX(ndr, r->string, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->string)); NDR_CHECK(ndr_pull_array_length(ndr, &r->string)); - if (ndr_get_array_length(ndr, &r->string) > ndr_get_array_size(ndr, &r->string)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->string), ndr_get_array_length(ndr, &r->string)); + size_string_1 = ndr_get_array_size(ndr, &r->string); + length_string_1 = ndr_get_array_length(ndr, &r->string); + if (length_string_1 > size_string_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_string_1, length_string_1); } - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->string, ndr_get_array_length(ndr, &r->string), sizeof(uint8_t), CH_DOS)); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->string, length_string_1, sizeof(uint8_t), CH_DOS)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_string_0, 0); } if (r->string) { @@ -400,6 +418,8 @@ _PUBLIC_ enum ndr_err_code ndr_push_lsa_BinaryString(struct ndr_push *ndr, int n _PUBLIC_ enum ndr_err_code ndr_pull_lsa_BinaryString(struct ndr_pull *ndr, int ndr_flags, struct lsa_BinaryString *r) { uint32_t _ptr_array; + uint32_t size_array_1 = 0; + uint32_t length_array_1 = 0; uint32_t cntr_array_1; TALLOC_CTX *_mem_save_array_0; TALLOC_CTX *_mem_save_array_1; @@ -420,13 +440,15 @@ _PUBLIC_ enum ndr_err_code ndr_pull_lsa_BinaryString(struct ndr_pull *ndr, int n NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->array)); NDR_CHECK(ndr_pull_array_length(ndr, &r->array)); - if (ndr_get_array_length(ndr, &r->array) > ndr_get_array_size(ndr, &r->array)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->array), ndr_get_array_length(ndr, &r->array)); + size_array_1 = ndr_get_array_size(ndr, &r->array); + length_array_1 = ndr_get_array_length(ndr, &r->array); + if (length_array_1 > size_array_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_array_1, length_array_1); } - NDR_PULL_ALLOC_N(ndr, r->array, ndr_get_array_size(ndr, &r->array)); + NDR_PULL_ALLOC_N(ndr, r->array, size_array_1); _mem_save_array_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); - for (cntr_array_1 = 0; cntr_array_1 < r->length / 2; cntr_array_1++) { + for (cntr_array_1 = 0; cntr_array_1 < length_array_1; cntr_array_1++) { NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, &r->array[cntr_array_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_array_1, 0); @@ -560,6 +582,7 @@ static enum ndr_err_code ndr_push_lsa_PrivArray(struct ndr_push *ndr, int ndr_fl static enum ndr_err_code ndr_pull_lsa_PrivArray(struct ndr_pull *ndr, int ndr_flags, struct lsa_PrivArray *r) { uint32_t _ptr_privs; + uint32_t size_privs_1 = 0; uint32_t cntr_privs_1; TALLOC_CTX *_mem_save_privs_0; TALLOC_CTX *_mem_save_privs_1; @@ -578,13 +601,14 @@ static enum ndr_err_code ndr_pull_lsa_PrivArray(struct ndr_pull *ndr, int ndr_fl _mem_save_privs_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->privs, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->privs)); - NDR_PULL_ALLOC_N(ndr, r->privs, ndr_get_array_size(ndr, &r->privs)); + size_privs_1 = ndr_get_array_size(ndr, &r->privs); + NDR_PULL_ALLOC_N(ndr, r->privs, size_privs_1); _mem_save_privs_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->privs, 0); - for (cntr_privs_1 = 0; cntr_privs_1 < r->count; cntr_privs_1++) { + for (cntr_privs_1 = 0; cntr_privs_1 < size_privs_1; cntr_privs_1++) { NDR_CHECK(ndr_pull_lsa_PrivEntry(ndr, NDR_SCALARS, &r->privs[cntr_privs_1])); } - for (cntr_privs_1 = 0; cntr_privs_1 < r->count; cntr_privs_1++) { + for (cntr_privs_1 = 0; cntr_privs_1 < size_privs_1; cntr_privs_1++) { NDR_CHECK(ndr_pull_lsa_PrivEntry(ndr, NDR_BUFFERS, &r->privs[cntr_privs_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_privs_1, 0); @@ -696,6 +720,8 @@ static enum ndr_err_code ndr_pull_lsa_ObjectAttribute(struct ndr_pull *ndr, int uint32_t _ptr_root_dir; TALLOC_CTX *_mem_save_root_dir_0; uint32_t _ptr_object_name; + uint32_t size_object_name_1 = 0; + uint32_t length_object_name_1 = 0; TALLOC_CTX *_mem_save_object_name_0; uint32_t _ptr_sec_desc; TALLOC_CTX *_mem_save_sec_desc_0; @@ -742,11 +768,13 @@ static enum ndr_err_code ndr_pull_lsa_ObjectAttribute(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->object_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->object_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->object_name)); - if (ndr_get_array_length(ndr, &r->object_name) > ndr_get_array_size(ndr, &r->object_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->object_name), ndr_get_array_length(ndr, &r->object_name)); + size_object_name_1 = ndr_get_array_size(ndr, &r->object_name); + length_object_name_1 = ndr_get_array_length(ndr, &r->object_name); + if (length_object_name_1 > size_object_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_object_name_1, length_object_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->object_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->object_name, ndr_get_array_length(ndr, &r->object_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_object_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->object_name, length_object_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_object_name_0, 0); } if (r->sec_desc) { @@ -1004,6 +1032,7 @@ static enum ndr_err_code ndr_push_lsa_AuditEventsInfo(struct ndr_push *ndr, int static enum ndr_err_code ndr_pull_lsa_AuditEventsInfo(struct ndr_pull *ndr, int ndr_flags, struct lsa_AuditEventsInfo *r) { uint32_t _ptr_settings; + uint32_t size_settings_1 = 0; uint32_t cntr_settings_1; TALLOC_CTX *_mem_save_settings_0; TALLOC_CTX *_mem_save_settings_1; @@ -1023,10 +1052,11 @@ static enum ndr_err_code ndr_pull_lsa_AuditEventsInfo(struct ndr_pull *ndr, int _mem_save_settings_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->settings, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->settings)); - NDR_PULL_ALLOC_N(ndr, r->settings, ndr_get_array_size(ndr, &r->settings)); + size_settings_1 = ndr_get_array_size(ndr, &r->settings); + NDR_PULL_ALLOC_N(ndr, r->settings, size_settings_1); _mem_save_settings_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->settings, 0); - for (cntr_settings_1 = 0; cntr_settings_1 < r->count; cntr_settings_1++) { + for (cntr_settings_1 = 0; cntr_settings_1 < size_settings_1; cntr_settings_1++) { NDR_CHECK(ndr_pull_lsa_PolicyAuditPolicy(ndr, NDR_SCALARS, &r->settings[cntr_settings_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_settings_1, 0); @@ -1890,6 +1920,7 @@ _PUBLIC_ enum ndr_err_code ndr_push_lsa_SidArray(struct ndr_push *ndr, int ndr_f _PUBLIC_ enum ndr_err_code ndr_pull_lsa_SidArray(struct ndr_pull *ndr, int ndr_flags, struct lsa_SidArray *r) { uint32_t _ptr_sids; + uint32_t size_sids_1 = 0; uint32_t cntr_sids_1; TALLOC_CTX *_mem_save_sids_0; TALLOC_CTX *_mem_save_sids_1; @@ -1911,13 +1942,14 @@ _PUBLIC_ enum ndr_err_code ndr_pull_lsa_SidArray(struct ndr_pull *ndr, int ndr_f _mem_save_sids_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->sids, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->sids)); - NDR_PULL_ALLOC_N(ndr, r->sids, ndr_get_array_size(ndr, &r->sids)); + size_sids_1 = ndr_get_array_size(ndr, &r->sids); + NDR_PULL_ALLOC_N(ndr, r->sids, size_sids_1); _mem_save_sids_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->sids, 0); - for (cntr_sids_1 = 0; cntr_sids_1 < r->num_sids; cntr_sids_1++) { + for (cntr_sids_1 = 0; cntr_sids_1 < size_sids_1; cntr_sids_1++) { NDR_CHECK(ndr_pull_lsa_SidPtr(ndr, NDR_SCALARS, &r->sids[cntr_sids_1])); } - for (cntr_sids_1 = 0; cntr_sids_1 < r->num_sids; cntr_sids_1++) { + for (cntr_sids_1 = 0; cntr_sids_1 < size_sids_1; cntr_sids_1++) { NDR_CHECK(ndr_pull_lsa_SidPtr(ndr, NDR_BUFFERS, &r->sids[cntr_sids_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_sids_1, 0); @@ -1979,6 +2011,7 @@ static enum ndr_err_code ndr_push_lsa_DomainList(struct ndr_push *ndr, int ndr_f static enum ndr_err_code ndr_pull_lsa_DomainList(struct ndr_pull *ndr, int ndr_flags, struct lsa_DomainList *r) { uint32_t _ptr_domains; + uint32_t size_domains_1 = 0; uint32_t cntr_domains_1; TALLOC_CTX *_mem_save_domains_0; TALLOC_CTX *_mem_save_domains_1; @@ -1997,13 +2030,14 @@ static enum ndr_err_code ndr_pull_lsa_DomainList(struct ndr_pull *ndr, int ndr_f _mem_save_domains_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->domains, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->domains)); - NDR_PULL_ALLOC_N(ndr, r->domains, ndr_get_array_size(ndr, &r->domains)); + size_domains_1 = ndr_get_array_size(ndr, &r->domains); + NDR_PULL_ALLOC_N(ndr, r->domains, size_domains_1); _mem_save_domains_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->domains, 0); - for (cntr_domains_1 = 0; cntr_domains_1 < r->count; cntr_domains_1++) { + for (cntr_domains_1 = 0; cntr_domains_1 < size_domains_1; cntr_domains_1++) { NDR_CHECK(ndr_pull_lsa_DomainInfo(ndr, NDR_SCALARS, &r->domains[cntr_domains_1])); } - for (cntr_domains_1 = 0; cntr_domains_1 < r->count; cntr_domains_1++) { + for (cntr_domains_1 = 0; cntr_domains_1 < size_domains_1; cntr_domains_1++) { NDR_CHECK(ndr_pull_lsa_DomainInfo(ndr, NDR_BUFFERS, &r->domains[cntr_domains_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_domains_1, 0); @@ -2131,6 +2165,7 @@ static enum ndr_err_code ndr_push_lsa_TransSidArray(struct ndr_push *ndr, int nd static enum ndr_err_code ndr_pull_lsa_TransSidArray(struct ndr_pull *ndr, int ndr_flags, struct lsa_TransSidArray *r) { uint32_t _ptr_sids; + uint32_t size_sids_1 = 0; uint32_t cntr_sids_1; TALLOC_CTX *_mem_save_sids_0; TALLOC_CTX *_mem_save_sids_1; @@ -2152,10 +2187,11 @@ static enum ndr_err_code ndr_pull_lsa_TransSidArray(struct ndr_pull *ndr, int nd _mem_save_sids_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->sids, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->sids)); - NDR_PULL_ALLOC_N(ndr, r->sids, ndr_get_array_size(ndr, &r->sids)); + size_sids_1 = ndr_get_array_size(ndr, &r->sids); + NDR_PULL_ALLOC_N(ndr, r->sids, size_sids_1); _mem_save_sids_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->sids, 0); - for (cntr_sids_1 = 0; cntr_sids_1 < r->count; cntr_sids_1++) { + for (cntr_sids_1 = 0; cntr_sids_1 < size_sids_1; cntr_sids_1++) { NDR_CHECK(ndr_pull_lsa_TranslatedSid(ndr, NDR_SCALARS, &r->sids[cntr_sids_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_sids_1, 0); @@ -2218,6 +2254,7 @@ static enum ndr_err_code ndr_push_lsa_RefDomainList(struct ndr_push *ndr, int nd static enum ndr_err_code ndr_pull_lsa_RefDomainList(struct ndr_pull *ndr, int ndr_flags, struct lsa_RefDomainList *r) { uint32_t _ptr_domains; + uint32_t size_domains_1 = 0; uint32_t cntr_domains_1; TALLOC_CTX *_mem_save_domains_0; TALLOC_CTX *_mem_save_domains_1; @@ -2240,13 +2277,14 @@ static enum ndr_err_code ndr_pull_lsa_RefDomainList(struct ndr_pull *ndr, int nd _mem_save_domains_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->domains, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->domains)); - NDR_PULL_ALLOC_N(ndr, r->domains, ndr_get_array_size(ndr, &r->domains)); + size_domains_1 = ndr_get_array_size(ndr, &r->domains); + NDR_PULL_ALLOC_N(ndr, r->domains, size_domains_1); _mem_save_domains_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->domains, 0); - for (cntr_domains_1 = 0; cntr_domains_1 < r->count; cntr_domains_1++) { + for (cntr_domains_1 = 0; cntr_domains_1 < size_domains_1; cntr_domains_1++) { NDR_CHECK(ndr_pull_lsa_DomainInfo(ndr, NDR_SCALARS, &r->domains[cntr_domains_1])); } - for (cntr_domains_1 = 0; cntr_domains_1 < r->count; cntr_domains_1++) { + for (cntr_domains_1 = 0; cntr_domains_1 < size_domains_1; cntr_domains_1++) { NDR_CHECK(ndr_pull_lsa_DomainInfo(ndr, NDR_BUFFERS, &r->domains[cntr_domains_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_domains_1, 0); @@ -2377,6 +2415,7 @@ static enum ndr_err_code ndr_push_lsa_TransNameArray(struct ndr_push *ndr, int n static enum ndr_err_code ndr_pull_lsa_TransNameArray(struct ndr_pull *ndr, int ndr_flags, struct lsa_TransNameArray *r) { uint32_t _ptr_names; + uint32_t size_names_1 = 0; uint32_t cntr_names_1; TALLOC_CTX *_mem_save_names_0; TALLOC_CTX *_mem_save_names_1; @@ -2398,13 +2437,14 @@ static enum ndr_err_code ndr_pull_lsa_TransNameArray(struct ndr_pull *ndr, int n _mem_save_names_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->names, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->names)); - NDR_PULL_ALLOC_N(ndr, r->names, ndr_get_array_size(ndr, &r->names)); + size_names_1 = ndr_get_array_size(ndr, &r->names); + NDR_PULL_ALLOC_N(ndr, r->names, size_names_1); _mem_save_names_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->names, 0); - for (cntr_names_1 = 0; cntr_names_1 < r->count; cntr_names_1++) { + for (cntr_names_1 = 0; cntr_names_1 < size_names_1; cntr_names_1++) { NDR_CHECK(ndr_pull_lsa_TranslatedName(ndr, NDR_SCALARS, &r->names[cntr_names_1])); } - for (cntr_names_1 = 0; cntr_names_1 < r->count; cntr_names_1++) { + for (cntr_names_1 = 0; cntr_names_1 < size_names_1; cntr_names_1++) { NDR_CHECK(ndr_pull_lsa_TranslatedName(ndr, NDR_BUFFERS, &r->names[cntr_names_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_names_1, 0); @@ -2493,6 +2533,7 @@ static enum ndr_err_code ndr_push_lsa_PrivilegeSet(struct ndr_push *ndr, int ndr static enum ndr_err_code ndr_pull_lsa_PrivilegeSet(struct ndr_pull *ndr, int ndr_flags, struct lsa_PrivilegeSet *r) { + uint32_t size_set_0 = 0; uint32_t cntr_set_0; TALLOC_CTX *_mem_save_set_0; if (ndr_flags & NDR_SCALARS) { @@ -2503,10 +2544,11 @@ static enum ndr_err_code ndr_pull_lsa_PrivilegeSet(struct ndr_pull *ndr, int ndr return ndr_pull_error(ndr, NDR_ERR_RANGE, "value out of range"); } NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->unknown)); - NDR_PULL_ALLOC_N(ndr, r->set, ndr_get_array_size(ndr, &r->set)); + size_set_0 = ndr_get_array_size(ndr, &r->set); + NDR_PULL_ALLOC_N(ndr, r->set, size_set_0); _mem_save_set_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->set, 0); - for (cntr_set_0 = 0; cntr_set_0 < r->count; cntr_set_0++) { + for (cntr_set_0 = 0; cntr_set_0 < size_set_0; cntr_set_0++) { NDR_CHECK(ndr_pull_lsa_LUIDAttribute(ndr, NDR_SCALARS, &r->set[cntr_set_0])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_set_0, 0); @@ -2566,6 +2608,8 @@ static enum ndr_err_code ndr_push_lsa_DATA_BUF(struct ndr_push *ndr, int ndr_fla static enum ndr_err_code ndr_pull_lsa_DATA_BUF(struct ndr_pull *ndr, int ndr_flags, struct lsa_DATA_BUF *r) { uint32_t _ptr_data; + uint32_t size_data_1 = 0; + uint32_t length_data_1 = 0; TALLOC_CTX *_mem_save_data_0; { uint32_t _flags_save_STRUCT = ndr->flags; @@ -2587,11 +2631,13 @@ static enum ndr_err_code ndr_pull_lsa_DATA_BUF(struct ndr_pull *ndr, int ndr_fla NDR_PULL_SET_MEM_CTX(ndr, r->data, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->data)); NDR_CHECK(ndr_pull_array_length(ndr, &r->data)); - if (ndr_get_array_length(ndr, &r->data) > ndr_get_array_size(ndr, &r->data)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->data), ndr_get_array_length(ndr, &r->data)); + size_data_1 = ndr_get_array_size(ndr, &r->data); + length_data_1 = ndr_get_array_length(ndr, &r->data); + if (length_data_1 > size_data_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_data_1, length_data_1); } - NDR_PULL_ALLOC_N(ndr, r->data, ndr_get_array_size(ndr, &r->data)); - NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->data, ndr_get_array_length(ndr, &r->data))); + NDR_PULL_ALLOC_N(ndr, r->data, size_data_1); + NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->data, length_data_1)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_data_0, 0); } if (r->data) { @@ -2650,6 +2696,7 @@ static enum ndr_err_code ndr_push_lsa_DATA_BUF2(struct ndr_push *ndr, int ndr_fl static enum ndr_err_code ndr_pull_lsa_DATA_BUF2(struct ndr_pull *ndr, int ndr_flags, struct lsa_DATA_BUF2 *r) { uint32_t _ptr_data; + uint32_t size_data_1 = 0; TALLOC_CTX *_mem_save_data_0; { uint32_t _flags_save_STRUCT = ndr->flags; @@ -2672,8 +2719,9 @@ static enum ndr_err_code ndr_pull_lsa_DATA_BUF2(struct ndr_pull *ndr, int ndr_fl _mem_save_data_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->data, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->data)); - NDR_PULL_ALLOC_N(ndr, r->data, ndr_get_array_size(ndr, &r->data)); - NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->data, ndr_get_array_size(ndr, &r->data))); + size_data_1 = ndr_get_array_size(ndr, &r->data); + NDR_PULL_ALLOC_N(ndr, r->data, size_data_1); + NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->data, size_data_1)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_data_0, 0); } if (r->data) { @@ -2875,6 +2923,7 @@ static enum ndr_err_code ndr_push_lsa_TrustDomainInfoControllers(struct ndr_push static enum ndr_err_code ndr_pull_lsa_TrustDomainInfoControllers(struct ndr_pull *ndr, int ndr_flags, struct lsa_TrustDomainInfoControllers *r) { uint32_t _ptr_netbios_names; + uint32_t size_netbios_names_1 = 0; uint32_t cntr_netbios_names_1; TALLOC_CTX *_mem_save_netbios_names_0; TALLOC_CTX *_mem_save_netbios_names_1; @@ -2893,13 +2942,14 @@ static enum ndr_err_code ndr_pull_lsa_TrustDomainInfoControllers(struct ndr_pull _mem_save_netbios_names_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->netbios_names, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->netbios_names)); - NDR_PULL_ALLOC_N(ndr, r->netbios_names, ndr_get_array_size(ndr, &r->netbios_names)); + size_netbios_names_1 = ndr_get_array_size(ndr, &r->netbios_names); + NDR_PULL_ALLOC_N(ndr, r->netbios_names, size_netbios_names_1); _mem_save_netbios_names_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->netbios_names, 0); - for (cntr_netbios_names_1 = 0; cntr_netbios_names_1 < r->entries; cntr_netbios_names_1++) { + for (cntr_netbios_names_1 = 0; cntr_netbios_names_1 < size_netbios_names_1; cntr_netbios_names_1++) { NDR_CHECK(ndr_pull_lsa_StringLarge(ndr, NDR_SCALARS, &r->netbios_names[cntr_netbios_names_1])); } - for (cntr_netbios_names_1 = 0; cntr_netbios_names_1 < r->entries; cntr_netbios_names_1++) { + for (cntr_netbios_names_1 = 0; cntr_netbios_names_1 < size_netbios_names_1; cntr_netbios_names_1++) { NDR_CHECK(ndr_pull_lsa_StringLarge(ndr, NDR_BUFFERS, &r->netbios_names[cntr_netbios_names_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_netbios_names_1, 0); @@ -3494,6 +3544,7 @@ static enum ndr_err_code ndr_push_lsa_TrustDomainInfoInfoEx2Internal(struct ndr_ static enum ndr_err_code ndr_pull_lsa_TrustDomainInfoInfoEx2Internal(struct ndr_pull *ndr, int ndr_flags, struct lsa_TrustDomainInfoInfoEx2Internal *r) { uint32_t _ptr_forest_trust_data; + uint32_t size_forest_trust_data_1 = 0; TALLOC_CTX *_mem_save_forest_trust_data_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); @@ -3512,8 +3563,9 @@ static enum ndr_err_code ndr_pull_lsa_TrustDomainInfoInfoEx2Internal(struct ndr_ _mem_save_forest_trust_data_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->forest_trust_data, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->forest_trust_data)); - NDR_PULL_ALLOC_N(ndr, r->forest_trust_data, ndr_get_array_size(ndr, &r->forest_trust_data)); - NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->forest_trust_data, ndr_get_array_size(ndr, &r->forest_trust_data))); + size_forest_trust_data_1 = ndr_get_array_size(ndr, &r->forest_trust_data); + NDR_PULL_ALLOC_N(ndr, r->forest_trust_data, size_forest_trust_data_1); + NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->forest_trust_data, size_forest_trust_data_1)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_forest_trust_data_0, 0); } if (r->forest_trust_data) { @@ -3995,6 +4047,7 @@ static enum ndr_err_code ndr_push_lsa_RightSet(struct ndr_push *ndr, int ndr_fla static enum ndr_err_code ndr_pull_lsa_RightSet(struct ndr_pull *ndr, int ndr_flags, struct lsa_RightSet *r) { uint32_t _ptr_names; + uint32_t size_names_1 = 0; uint32_t cntr_names_1; TALLOC_CTX *_mem_save_names_0; TALLOC_CTX *_mem_save_names_1; @@ -4016,13 +4069,14 @@ static enum ndr_err_code ndr_pull_lsa_RightSet(struct ndr_pull *ndr, int ndr_fla _mem_save_names_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->names, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->names)); - NDR_PULL_ALLOC_N(ndr, r->names, ndr_get_array_size(ndr, &r->names)); + size_names_1 = ndr_get_array_size(ndr, &r->names); + NDR_PULL_ALLOC_N(ndr, r->names, size_names_1); _mem_save_names_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->names, 0); - for (cntr_names_1 = 0; cntr_names_1 < r->count; cntr_names_1++) { + for (cntr_names_1 = 0; cntr_names_1 < size_names_1; cntr_names_1++) { NDR_CHECK(ndr_pull_lsa_StringLarge(ndr, NDR_SCALARS, &r->names[cntr_names_1])); } - for (cntr_names_1 = 0; cntr_names_1 < r->count; cntr_names_1++) { + for (cntr_names_1 = 0; cntr_names_1 < size_names_1; cntr_names_1++) { NDR_CHECK(ndr_pull_lsa_StringLarge(ndr, NDR_BUFFERS, &r->names[cntr_names_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_names_1, 0); @@ -4084,6 +4138,7 @@ static enum ndr_err_code ndr_push_lsa_DomainListEx(struct ndr_push *ndr, int ndr static enum ndr_err_code ndr_pull_lsa_DomainListEx(struct ndr_pull *ndr, int ndr_flags, struct lsa_DomainListEx *r) { uint32_t _ptr_domains; + uint32_t size_domains_1 = 0; uint32_t cntr_domains_1; TALLOC_CTX *_mem_save_domains_0; TALLOC_CTX *_mem_save_domains_1; @@ -4102,13 +4157,14 @@ static enum ndr_err_code ndr_pull_lsa_DomainListEx(struct ndr_pull *ndr, int ndr _mem_save_domains_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->domains, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->domains)); - NDR_PULL_ALLOC_N(ndr, r->domains, ndr_get_array_size(ndr, &r->domains)); + size_domains_1 = ndr_get_array_size(ndr, &r->domains); + NDR_PULL_ALLOC_N(ndr, r->domains, size_domains_1); _mem_save_domains_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->domains, 0); - for (cntr_domains_1 = 0; cntr_domains_1 < r->count; cntr_domains_1++) { + for (cntr_domains_1 = 0; cntr_domains_1 < size_domains_1; cntr_domains_1++) { NDR_CHECK(ndr_pull_lsa_TrustDomainInfoInfoEx(ndr, NDR_SCALARS, &r->domains[cntr_domains_1])); } - for (cntr_domains_1 = 0; cntr_domains_1 < r->count; cntr_domains_1++) { + for (cntr_domains_1 = 0; cntr_domains_1 < size_domains_1; cntr_domains_1++) { NDR_CHECK(ndr_pull_lsa_TrustDomainInfoInfoEx(ndr, NDR_BUFFERS, &r->domains[cntr_domains_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_domains_1, 0); @@ -4209,6 +4265,7 @@ static enum ndr_err_code ndr_push_lsa_DomainInfoEfs(struct ndr_push *ndr, int nd static enum ndr_err_code ndr_pull_lsa_DomainInfoEfs(struct ndr_pull *ndr, int ndr_flags, struct lsa_DomainInfoEfs *r) { uint32_t _ptr_efs_blob; + uint32_t size_efs_blob_1 = 0; TALLOC_CTX *_mem_save_efs_blob_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); @@ -4225,8 +4282,9 @@ static enum ndr_err_code ndr_pull_lsa_DomainInfoEfs(struct ndr_pull *ndr, int nd _mem_save_efs_blob_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->efs_blob, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->efs_blob)); - NDR_PULL_ALLOC_N(ndr, r->efs_blob, ndr_get_array_size(ndr, &r->efs_blob)); - NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->efs_blob, ndr_get_array_size(ndr, &r->efs_blob))); + size_efs_blob_1 = ndr_get_array_size(ndr, &r->efs_blob); + NDR_PULL_ALLOC_N(ndr, r->efs_blob, size_efs_blob_1); + NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->efs_blob, size_efs_blob_1)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_efs_blob_0, 0); } if (r->efs_blob) { @@ -4409,6 +4467,7 @@ static enum ndr_err_code ndr_push_lsa_TransNameArray2(struct ndr_push *ndr, int static enum ndr_err_code ndr_pull_lsa_TransNameArray2(struct ndr_pull *ndr, int ndr_flags, struct lsa_TransNameArray2 *r) { uint32_t _ptr_names; + uint32_t size_names_1 = 0; uint32_t cntr_names_1; TALLOC_CTX *_mem_save_names_0; TALLOC_CTX *_mem_save_names_1; @@ -4430,13 +4489,14 @@ static enum ndr_err_code ndr_pull_lsa_TransNameArray2(struct ndr_pull *ndr, int _mem_save_names_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->names, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->names)); - NDR_PULL_ALLOC_N(ndr, r->names, ndr_get_array_size(ndr, &r->names)); + size_names_1 = ndr_get_array_size(ndr, &r->names); + NDR_PULL_ALLOC_N(ndr, r->names, size_names_1); _mem_save_names_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->names, 0); - for (cntr_names_1 = 0; cntr_names_1 < r->count; cntr_names_1++) { + for (cntr_names_1 = 0; cntr_names_1 < size_names_1; cntr_names_1++) { NDR_CHECK(ndr_pull_lsa_TranslatedName2(ndr, NDR_SCALARS, &r->names[cntr_names_1])); } - for (cntr_names_1 = 0; cntr_names_1 < r->count; cntr_names_1++) { + for (cntr_names_1 = 0; cntr_names_1 < size_names_1; cntr_names_1++) { NDR_CHECK(ndr_pull_lsa_TranslatedName2(ndr, NDR_BUFFERS, &r->names[cntr_names_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_names_1, 0); @@ -4534,6 +4594,7 @@ static enum ndr_err_code ndr_push_lsa_TransSidArray2(struct ndr_push *ndr, int n static enum ndr_err_code ndr_pull_lsa_TransSidArray2(struct ndr_pull *ndr, int ndr_flags, struct lsa_TransSidArray2 *r) { uint32_t _ptr_sids; + uint32_t size_sids_1 = 0; uint32_t cntr_sids_1; TALLOC_CTX *_mem_save_sids_0; TALLOC_CTX *_mem_save_sids_1; @@ -4555,10 +4616,11 @@ static enum ndr_err_code ndr_pull_lsa_TransSidArray2(struct ndr_pull *ndr, int n _mem_save_sids_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->sids, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->sids)); - NDR_PULL_ALLOC_N(ndr, r->sids, ndr_get_array_size(ndr, &r->sids)); + size_sids_1 = ndr_get_array_size(ndr, &r->sids); + NDR_PULL_ALLOC_N(ndr, r->sids, size_sids_1); _mem_save_sids_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->sids, 0); - for (cntr_sids_1 = 0; cntr_sids_1 < r->count; cntr_sids_1++) { + for (cntr_sids_1 = 0; cntr_sids_1 < size_sids_1; cntr_sids_1++) { NDR_CHECK(ndr_pull_lsa_TranslatedSid2(ndr, NDR_SCALARS, &r->sids[cntr_sids_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_sids_1, 0); @@ -4680,6 +4742,7 @@ static enum ndr_err_code ndr_push_lsa_TransSidArray3(struct ndr_push *ndr, int n static enum ndr_err_code ndr_pull_lsa_TransSidArray3(struct ndr_pull *ndr, int ndr_flags, struct lsa_TransSidArray3 *r) { uint32_t _ptr_sids; + uint32_t size_sids_1 = 0; uint32_t cntr_sids_1; TALLOC_CTX *_mem_save_sids_0; TALLOC_CTX *_mem_save_sids_1; @@ -4701,13 +4764,14 @@ static enum ndr_err_code ndr_pull_lsa_TransSidArray3(struct ndr_pull *ndr, int n _mem_save_sids_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->sids, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->sids)); - NDR_PULL_ALLOC_N(ndr, r->sids, ndr_get_array_size(ndr, &r->sids)); + size_sids_1 = ndr_get_array_size(ndr, &r->sids); + NDR_PULL_ALLOC_N(ndr, r->sids, size_sids_1); _mem_save_sids_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->sids, 0); - for (cntr_sids_1 = 0; cntr_sids_1 < r->count; cntr_sids_1++) { + for (cntr_sids_1 = 0; cntr_sids_1 < size_sids_1; cntr_sids_1++) { NDR_CHECK(ndr_pull_lsa_TranslatedSid3(ndr, NDR_SCALARS, &r->sids[cntr_sids_1])); } - for (cntr_sids_1 = 0; cntr_sids_1 < r->count; cntr_sids_1++) { + for (cntr_sids_1 = 0; cntr_sids_1 < size_sids_1; cntr_sids_1++) { NDR_CHECK(ndr_pull_lsa_TranslatedSid3(ndr, NDR_BUFFERS, &r->sids[cntr_sids_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_sids_1, 0); @@ -4763,6 +4827,7 @@ static enum ndr_err_code ndr_push_lsa_ForestTrustBinaryData(struct ndr_push *ndr static enum ndr_err_code ndr_pull_lsa_ForestTrustBinaryData(struct ndr_pull *ndr, int ndr_flags, struct lsa_ForestTrustBinaryData *r) { uint32_t _ptr_data; + uint32_t size_data_1 = 0; TALLOC_CTX *_mem_save_data_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); @@ -4782,8 +4847,9 @@ static enum ndr_err_code ndr_pull_lsa_ForestTrustBinaryData(struct ndr_pull *ndr _mem_save_data_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->data, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->data)); - NDR_PULL_ALLOC_N(ndr, r->data, ndr_get_array_size(ndr, &r->data)); - NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->data, ndr_get_array_size(ndr, &r->data))); + size_data_1 = ndr_get_array_size(ndr, &r->data); + NDR_PULL_ALLOC_N(ndr, r->data, size_data_1); + NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->data, size_data_1)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_data_0, 0); } if (r->data) { @@ -5091,6 +5157,7 @@ _PUBLIC_ enum ndr_err_code ndr_push_lsa_ForestTrustInformation(struct ndr_push * _PUBLIC_ enum ndr_err_code ndr_pull_lsa_ForestTrustInformation(struct ndr_pull *ndr, int ndr_flags, struct lsa_ForestTrustInformation *r) { uint32_t _ptr_entries; + uint32_t size_entries_1 = 0; uint32_t cntr_entries_1; TALLOC_CTX *_mem_save_entries_0; TALLOC_CTX *_mem_save_entries_1; @@ -5113,10 +5180,11 @@ _PUBLIC_ enum ndr_err_code ndr_pull_lsa_ForestTrustInformation(struct ndr_pull * _mem_save_entries_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->entries, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->entries)); - NDR_PULL_ALLOC_N(ndr, r->entries, ndr_get_array_size(ndr, &r->entries)); + size_entries_1 = ndr_get_array_size(ndr, &r->entries); + NDR_PULL_ALLOC_N(ndr, r->entries, size_entries_1); _mem_save_entries_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->entries, 0); - for (cntr_entries_1 = 0; cntr_entries_1 < r->count; cntr_entries_1++) { + for (cntr_entries_1 = 0; cntr_entries_1 < size_entries_1; cntr_entries_1++) { NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_entries)); if (_ptr_entries) { NDR_PULL_ALLOC(ndr, r->entries[cntr_entries_1]); @@ -5124,7 +5192,7 @@ _PUBLIC_ enum ndr_err_code ndr_pull_lsa_ForestTrustInformation(struct ndr_pull * r->entries[cntr_entries_1] = NULL; } } - for (cntr_entries_1 = 0; cntr_entries_1 < r->count; cntr_entries_1++) { + for (cntr_entries_1 = 0; cntr_entries_1 < size_entries_1; cntr_entries_1++) { if (r->entries[cntr_entries_1]) { _mem_save_entries_2 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->entries[cntr_entries_1], 0); @@ -6433,6 +6501,7 @@ _PUBLIC_ enum ndr_err_code ndr_push_lsa_LookupNames(struct ndr_push *ndr, int fl _PUBLIC_ enum ndr_err_code ndr_pull_lsa_LookupNames(struct ndr_pull *ndr, int flags, struct lsa_LookupNames *r) { + uint32_t size_names_0 = 0; uint32_t cntr_names_0; uint32_t _ptr_domains; TALLOC_CTX *_mem_save_handle_0; @@ -6456,13 +6525,14 @@ _PUBLIC_ enum ndr_err_code ndr_pull_lsa_LookupNames(struct ndr_pull *ndr, int fl return ndr_pull_error(ndr, NDR_ERR_RANGE, "value out of range"); } NDR_CHECK(ndr_pull_array_size(ndr, &r->in.names)); - NDR_PULL_ALLOC_N(ndr, r->in.names, ndr_get_array_size(ndr, &r->in.names)); + size_names_0 = ndr_get_array_size(ndr, &r->in.names); + NDR_PULL_ALLOC_N(ndr, r->in.names, size_names_0); _mem_save_names_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->in.names, 0); - for (cntr_names_0 = 0; cntr_names_0 < r->in.num_names; cntr_names_0++) { + for (cntr_names_0 = 0; cntr_names_0 < size_names_0; cntr_names_0++) { NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_SCALARS, &r->in.names[cntr_names_0])); } - for (cntr_names_0 = 0; cntr_names_0 < r->in.num_names; cntr_names_0++) { + for (cntr_names_0 = 0; cntr_names_0 < size_names_0; cntr_names_0++) { NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_BUFFERS, &r->in.names[cntr_names_0])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_names_0, 0); @@ -9333,6 +9403,8 @@ _PUBLIC_ enum ndr_err_code ndr_push_lsa_OpenPolicy2(struct ndr_push *ndr, int fl _PUBLIC_ enum ndr_err_code ndr_pull_lsa_OpenPolicy2(struct ndr_pull *ndr, int flags, struct lsa_OpenPolicy2 *r) { uint32_t _ptr_system_name; + uint32_t size_system_name_1 = 0; + uint32_t length_system_name_1 = 0; TALLOC_CTX *_mem_save_system_name_0; TALLOC_CTX *_mem_save_attr_0; TALLOC_CTX *_mem_save_handle_0; @@ -9350,11 +9422,13 @@ _PUBLIC_ enum ndr_err_code ndr_pull_lsa_OpenPolicy2(struct ndr_pull *ndr, int fl NDR_PULL_SET_MEM_CTX(ndr, r->in.system_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.system_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.system_name)); - if (ndr_get_array_length(ndr, &r->in.system_name) > ndr_get_array_size(ndr, &r->in.system_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.system_name), ndr_get_array_length(ndr, &r->in.system_name)); + size_system_name_1 = ndr_get_array_size(ndr, &r->in.system_name); + length_system_name_1 = ndr_get_array_length(ndr, &r->in.system_name); + if (length_system_name_1 > size_system_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_system_name_1, length_system_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.system_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.system_name, ndr_get_array_length(ndr, &r->in.system_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_system_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.system_name, length_system_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_system_name_0, 0); } if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) { @@ -9465,6 +9539,8 @@ static enum ndr_err_code ndr_push_lsa_GetUserName(struct ndr_push *ndr, int flag static enum ndr_err_code ndr_pull_lsa_GetUserName(struct ndr_pull *ndr, int flags, struct lsa_GetUserName *r) { uint32_t _ptr_system_name; + uint32_t size_system_name_1 = 0; + uint32_t length_system_name_1 = 0; uint32_t _ptr_account_name; uint32_t _ptr_authority_name; TALLOC_CTX *_mem_save_system_name_0; @@ -9486,11 +9562,13 @@ static enum ndr_err_code ndr_pull_lsa_GetUserName(struct ndr_pull *ndr, int flag NDR_PULL_SET_MEM_CTX(ndr, r->in.system_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.system_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.system_name)); - if (ndr_get_array_length(ndr, &r->in.system_name) > ndr_get_array_size(ndr, &r->in.system_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.system_name), ndr_get_array_length(ndr, &r->in.system_name)); + size_system_name_1 = ndr_get_array_size(ndr, &r->in.system_name); + length_system_name_1 = ndr_get_array_length(ndr, &r->in.system_name); + if (length_system_name_1 > size_system_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_system_name_1, length_system_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.system_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.system_name, ndr_get_array_length(ndr, &r->in.system_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_system_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.system_name, length_system_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_system_name_0, 0); } if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) { @@ -10900,6 +10978,7 @@ _PUBLIC_ enum ndr_err_code ndr_push_lsa_LookupNames2(struct ndr_push *ndr, int f _PUBLIC_ enum ndr_err_code ndr_pull_lsa_LookupNames2(struct ndr_pull *ndr, int flags, struct lsa_LookupNames2 *r) { + uint32_t size_names_0 = 0; uint32_t cntr_names_0; uint32_t _ptr_domains; TALLOC_CTX *_mem_save_handle_0; @@ -10923,13 +11002,14 @@ _PUBLIC_ enum ndr_err_code ndr_pull_lsa_LookupNames2(struct ndr_pull *ndr, int f return ndr_pull_error(ndr, NDR_ERR_RANGE, "value out of range"); } NDR_CHECK(ndr_pull_array_size(ndr, &r->in.names)); - NDR_PULL_ALLOC_N(ndr, r->in.names, ndr_get_array_size(ndr, &r->in.names)); + size_names_0 = ndr_get_array_size(ndr, &r->in.names); + NDR_PULL_ALLOC_N(ndr, r->in.names, size_names_0); _mem_save_names_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->in.names, 0); - for (cntr_names_0 = 0; cntr_names_0 < r->in.num_names; cntr_names_0++) { + for (cntr_names_0 = 0; cntr_names_0 < size_names_0; cntr_names_0++) { NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_SCALARS, &r->in.names[cntr_names_0])); } - for (cntr_names_0 = 0; cntr_names_0 < r->in.num_names; cntr_names_0++) { + for (cntr_names_0 = 0; cntr_names_0 < size_names_0; cntr_names_0++) { NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_BUFFERS, &r->in.names[cntr_names_0])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_names_0, 0); @@ -11554,6 +11634,7 @@ _PUBLIC_ enum ndr_err_code ndr_push_lsa_LookupNames3(struct ndr_push *ndr, int f _PUBLIC_ enum ndr_err_code ndr_pull_lsa_LookupNames3(struct ndr_pull *ndr, int flags, struct lsa_LookupNames3 *r) { + uint32_t size_names_0 = 0; uint32_t cntr_names_0; uint32_t _ptr_domains; TALLOC_CTX *_mem_save_handle_0; @@ -11577,13 +11658,14 @@ _PUBLIC_ enum ndr_err_code ndr_pull_lsa_LookupNames3(struct ndr_pull *ndr, int f return ndr_pull_error(ndr, NDR_ERR_RANGE, "value out of range"); } NDR_CHECK(ndr_pull_array_size(ndr, &r->in.names)); - NDR_PULL_ALLOC_N(ndr, r->in.names, ndr_get_array_size(ndr, &r->in.names)); + size_names_0 = ndr_get_array_size(ndr, &r->in.names); + NDR_PULL_ALLOC_N(ndr, r->in.names, size_names_0); _mem_save_names_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->in.names, 0); - for (cntr_names_0 = 0; cntr_names_0 < r->in.num_names; cntr_names_0++) { + for (cntr_names_0 = 0; cntr_names_0 < size_names_0; cntr_names_0++) { NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_SCALARS, &r->in.names[cntr_names_0])); } - for (cntr_names_0 = 0; cntr_names_0 < r->in.num_names; cntr_names_0++) { + for (cntr_names_0 = 0; cntr_names_0 < size_names_0; cntr_names_0++) { NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_BUFFERS, &r->in.names[cntr_names_0])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_names_0, 0); @@ -12300,6 +12382,7 @@ static enum ndr_err_code ndr_push_lsa_LookupNames4(struct ndr_push *ndr, int fla static enum ndr_err_code ndr_pull_lsa_LookupNames4(struct ndr_pull *ndr, int flags, struct lsa_LookupNames4 *r) { + uint32_t size_names_0 = 0; uint32_t cntr_names_0; uint32_t _ptr_domains; TALLOC_CTX *_mem_save_names_0; @@ -12315,13 +12398,14 @@ static enum ndr_err_code ndr_pull_lsa_LookupNames4(struct ndr_pull *ndr, int fla return ndr_pull_error(ndr, NDR_ERR_RANGE, "value out of range"); } NDR_CHECK(ndr_pull_array_size(ndr, &r->in.names)); - NDR_PULL_ALLOC_N(ndr, r->in.names, ndr_get_array_size(ndr, &r->in.names)); + size_names_0 = ndr_get_array_size(ndr, &r->in.names); + NDR_PULL_ALLOC_N(ndr, r->in.names, size_names_0); _mem_save_names_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->in.names, 0); - for (cntr_names_0 = 0; cntr_names_0 < r->in.num_names; cntr_names_0++) { + for (cntr_names_0 = 0; cntr_names_0 < size_names_0; cntr_names_0++) { NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_SCALARS, &r->in.names[cntr_names_0])); } - for (cntr_names_0 = 0; cntr_names_0 < r->in.num_names; cntr_names_0++) { + for (cntr_names_0 = 0; cntr_names_0 < size_names_0; cntr_names_0++) { NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_BUFFERS, &r->in.names[cntr_names_0])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_names_0, 0); diff --git a/librpc/gen_ndr/ndr_misc.c b/librpc/gen_ndr/ndr_misc.c index 45872d6..02ef363 100644 --- a/librpc/gen_ndr/ndr_misc.c +++ b/librpc/gen_ndr/ndr_misc.c @@ -20,13 +20,17 @@ _PUBLIC_ enum ndr_err_code ndr_push_GUID(struct ndr_push *ndr, int ndr_flags, co _PUBLIC_ enum ndr_err_code ndr_pull_GUID(struct ndr_pull *ndr, int ndr_flags, struct GUID *r) { + uint32_t size_clock_seq_0 = 0; + uint32_t size_node_0 = 0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->time_low)); NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, &r->time_mid)); NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, &r->time_hi_and_version)); - NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->clock_seq, 2)); - NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->node, 6)); + size_clock_seq_0 = 2; + NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->clock_seq, size_clock_seq_0)); + size_node_0 = 6; + NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->node, size_node_0)); } if (ndr_flags & NDR_BUFFERS) { } diff --git a/librpc/gen_ndr/ndr_named_pipe_auth.c b/librpc/gen_ndr/ndr_named_pipe_auth.c index 88ad449..717421c 100644 --- a/librpc/gen_ndr/ndr_named_pipe_auth.c +++ b/librpc/gen_ndr/ndr_named_pipe_auth.c @@ -117,6 +117,7 @@ _PUBLIC_ enum ndr_err_code ndr_push_named_pipe_auth_req(struct ndr_push *ndr, in _PUBLIC_ enum ndr_err_code ndr_pull_named_pipe_auth_req(struct ndr_pull *ndr, int ndr_flags, struct named_pipe_auth_req *r) { + uint32_t size_magic_0 = 0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); { @@ -125,7 +126,8 @@ _PUBLIC_ enum ndr_err_code ndr_pull_named_pipe_auth_req(struct ndr_pull *ndr, in NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->length)); ndr->flags = _flags_save_uint32; } - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->magic, 4, sizeof(uint8_t), CH_DOS)); + size_magic_0 = 4; + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->magic, size_magic_0, sizeof(uint8_t), CH_DOS)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->level)); NDR_CHECK(ndr_pull_set_switch_value(ndr, &r->info, r->level)); NDR_CHECK(ndr_pull_named_pipe_auth_req_info(ndr, NDR_SCALARS, &r->info)); @@ -262,6 +264,7 @@ _PUBLIC_ enum ndr_err_code ndr_push_named_pipe_auth_rep(struct ndr_push *ndr, in _PUBLIC_ enum ndr_err_code ndr_pull_named_pipe_auth_rep(struct ndr_pull *ndr, int ndr_flags, struct named_pipe_auth_rep *r) { + uint32_t size_magic_0 = 0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); { @@ -270,7 +273,8 @@ _PUBLIC_ enum ndr_err_code ndr_pull_named_pipe_auth_rep(struct ndr_pull *ndr, in NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->length)); ndr->flags = _flags_save_uint32; } - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->magic, 4, sizeof(uint8_t), CH_DOS)); + size_magic_0 = 4; + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->magic, size_magic_0, sizeof(uint8_t), CH_DOS)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->level)); NDR_CHECK(ndr_pull_set_switch_value(ndr, &r->info, r->level)); NDR_CHECK(ndr_pull_named_pipe_auth_rep_info(ndr, NDR_SCALARS, &r->info)); diff --git a/librpc/gen_ndr/ndr_nbt.c b/librpc/gen_ndr/ndr_nbt.c index 8fcd94c..3604f1d 100644 --- a/librpc/gen_ndr/ndr_nbt.c +++ b/librpc/gen_ndr/ndr_nbt.c @@ -242,15 +242,17 @@ static enum ndr_err_code ndr_push_nbt_rdata_netbios(struct ndr_push *ndr, int nd static enum ndr_err_code ndr_pull_nbt_rdata_netbios(struct ndr_pull *ndr, int ndr_flags, struct nbt_rdata_netbios *r) { + uint32_t size_addresses_0 = 0; uint32_t cntr_addresses_0; TALLOC_CTX *_mem_save_addresses_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, &r->length)); - NDR_PULL_ALLOC_N(ndr, r->addresses, r->length / 6); + size_addresses_0 = r->length / 6; + NDR_PULL_ALLOC_N(ndr, r->addresses, size_addresses_0); _mem_save_addresses_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->addresses, 0); - for (cntr_addresses_0 = 0; cntr_addresses_0 < r->length / 6; cntr_addresses_0++) { + for (cntr_addresses_0 = 0; cntr_addresses_0 < size_addresses_0; cntr_addresses_0++) { NDR_CHECK(ndr_pull_nbt_rdata_address(ndr, NDR_SCALARS, &r->addresses[cntr_addresses_0])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_addresses_0, 0); @@ -311,9 +313,11 @@ static enum ndr_err_code ndr_push_nbt_statistics(struct ndr_push *ndr, int ndr_f static enum ndr_err_code ndr_pull_nbt_statistics(struct ndr_pull *ndr, int ndr_flags, struct nbt_statistics *r) { + uint32_t size_unit_id_0 = 0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); - NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->unit_id, 6)); + size_unit_id_0 = 6; + NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->unit_id, size_unit_id_0)); NDR_CHECK(ndr_pull_uint8(ndr, NDR_SCALARS, &r->jumpers)); NDR_CHECK(ndr_pull_uint8(ndr, NDR_SCALARS, &r->test_result)); NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, &r->version_number)); @@ -381,9 +385,11 @@ static enum ndr_err_code ndr_push_nbt_status_name(struct ndr_push *ndr, int ndr_ static enum ndr_err_code ndr_pull_nbt_status_name(struct ndr_pull *ndr, int ndr_flags, struct nbt_status_name *r) { + uint32_t size_name_0 = 0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 2)); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->name, 15, sizeof(uint8_t), CH_DOS)); + size_name_0 = 15; + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->name, size_name_0, sizeof(uint8_t), CH_DOS)); NDR_CHECK(ndr_pull_nbt_name_type(ndr, NDR_SCALARS, &r->type)); NDR_CHECK(ndr_pull_nb_flags(ndr, NDR_SCALARS, &r->nb_flags)); } @@ -421,16 +427,18 @@ static enum ndr_err_code ndr_push_nbt_rdata_status(struct ndr_push *ndr, int ndr static enum ndr_err_code ndr_pull_nbt_rdata_status(struct ndr_pull *ndr, int ndr_flags, struct nbt_rdata_status *r) { + uint32_t size_names_0 = 0; uint32_t cntr_names_0; TALLOC_CTX *_mem_save_names_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, &r->length)); NDR_CHECK(ndr_pull_uint8(ndr, NDR_SCALARS, &r->num_names)); - NDR_PULL_ALLOC_N(ndr, r->names, r->num_names); + size_names_0 = r->num_names; + NDR_PULL_ALLOC_N(ndr, r->names, size_names_0); _mem_save_names_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->names, 0); - for (cntr_names_0 = 0; cntr_names_0 < r->num_names; cntr_names_0++) { + for (cntr_names_0 = 0; cntr_names_0 < size_names_0; cntr_names_0++) { NDR_CHECK(ndr_pull_nbt_status_name(ndr, NDR_SCALARS, &r->names[cntr_names_0])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_names_0, 0); @@ -476,11 +484,13 @@ static enum ndr_err_code ndr_push_nbt_rdata_data(struct ndr_push *ndr, int ndr_f static enum ndr_err_code ndr_pull_nbt_rdata_data(struct ndr_pull *ndr, int ndr_flags, struct nbt_rdata_data *r) { + uint32_t size_data_0 = 0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 2)); NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, &r->length)); - NDR_PULL_ALLOC_N(ndr, r->data, r->length); - NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->data, r->length)); + size_data_0 = r->length; + NDR_PULL_ALLOC_N(ndr, r->data, size_data_0); + NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->data, size_data_0)); } if (ndr_flags & NDR_BUFFERS) { } @@ -673,12 +683,16 @@ _PUBLIC_ enum ndr_err_code ndr_push_nbt_name_packet(struct ndr_push *ndr, int nd _PUBLIC_ enum ndr_err_code ndr_pull_nbt_name_packet(struct ndr_pull *ndr, int ndr_flags, struct nbt_name_packet *r) { + uint32_t size_questions_0 = 0; uint32_t cntr_questions_0; TALLOC_CTX *_mem_save_questions_0; + uint32_t size_answers_0 = 0; uint32_t cntr_answers_0; TALLOC_CTX *_mem_save_answers_0; + uint32_t size_nsrecs_0 = 0; uint32_t cntr_nsrecs_0; TALLOC_CTX *_mem_save_nsrecs_0; + uint32_t size_additional_0 = 0; uint32_t cntr_additional_0; TALLOC_CTX *_mem_save_additional_0; { @@ -692,31 +706,35 @@ _PUBLIC_ enum ndr_err_code ndr_pull_nbt_name_packet(struct ndr_pull *ndr, int nd NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, &r->ancount)); NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, &r->nscount)); NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, &r->arcount)); - NDR_PULL_ALLOC_N(ndr, r->questions, r->qdcount); + size_questions_0 = r->qdcount; + NDR_PULL_ALLOC_N(ndr, r->questions, size_questions_0); _mem_save_questions_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->questions, 0); - for (cntr_questions_0 = 0; cntr_questions_0 < r->qdcount; cntr_questions_0++) { + for (cntr_questions_0 = 0; cntr_questions_0 < size_questions_0; cntr_questions_0++) { NDR_CHECK(ndr_pull_nbt_name_question(ndr, NDR_SCALARS, &r->questions[cntr_questions_0])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_questions_0, 0); - NDR_PULL_ALLOC_N(ndr, r->answers, r->ancount); + size_answers_0 = r->ancount; + NDR_PULL_ALLOC_N(ndr, r->answers, size_answers_0); _mem_save_answers_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->answers, 0); - for (cntr_answers_0 = 0; cntr_answers_0 < r->ancount; cntr_answers_0++) { + for (cntr_answers_0 = 0; cntr_answers_0 < size_answers_0; cntr_answers_0++) { NDR_CHECK(ndr_pull_nbt_res_rec(ndr, NDR_SCALARS, &r->answers[cntr_answers_0])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_answers_0, 0); - NDR_PULL_ALLOC_N(ndr, r->nsrecs, r->nscount); + size_nsrecs_0 = r->nscount; + NDR_PULL_ALLOC_N(ndr, r->nsrecs, size_nsrecs_0); _mem_save_nsrecs_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->nsrecs, 0); - for (cntr_nsrecs_0 = 0; cntr_nsrecs_0 < r->nscount; cntr_nsrecs_0++) { + for (cntr_nsrecs_0 = 0; cntr_nsrecs_0 < size_nsrecs_0; cntr_nsrecs_0++) { NDR_CHECK(ndr_pull_nbt_res_rec(ndr, NDR_SCALARS, &r->nsrecs[cntr_nsrecs_0])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_nsrecs_0, 0); - NDR_PULL_ALLOC_N(ndr, r->additional, r->arcount); + size_additional_0 = r->arcount; + NDR_PULL_ALLOC_N(ndr, r->additional, size_additional_0); _mem_save_additional_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->additional, 0); - for (cntr_additional_0 = 0; cntr_additional_0 < r->arcount; cntr_additional_0++) { + for (cntr_additional_0 = 0; cntr_additional_0 < size_additional_0; cntr_additional_0++) { NDR_CHECK(ndr_pull_nbt_res_rec(ndr, NDR_SCALARS, &r->additional[cntr_additional_0])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_additional_0, 0); @@ -1093,6 +1111,7 @@ _PUBLIC_ enum ndr_err_code ndr_push_dgram_smb_packet(struct ndr_push *ndr, int n _PUBLIC_ enum ndr_err_code ndr_pull_dgram_smb_packet(struct ndr_pull *ndr, int ndr_flags, struct dgram_smb_packet *r) { + uint32_t size_signature_0 = 0; { uint32_t _flags_save_STRUCT = ndr->flags; ndr_set_flags(&ndr->flags, LIBNDR_FLAG_NOALIGN|LIBNDR_FLAG_LITTLE_ENDIAN|LIBNDR_PRINT_ARRAY_HEX); @@ -1105,7 +1124,8 @@ _PUBLIC_ enum ndr_err_code ndr_pull_dgram_smb_packet(struct ndr_pull *ndr, int n NDR_CHECK(ndr_pull_uint8(ndr, NDR_SCALARS, &r->flags)); NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, &r->flags2)); NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, &r->pid_high)); - NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->signature, 8)); + size_signature_0 = 8; + NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->signature, size_signature_0)); NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, &r->reserved)); NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, &r->tid)); NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, &r->pid)); @@ -2306,6 +2326,7 @@ static enum ndr_err_code ndr_push_NETLOGON_DB_CHANGE(struct ndr_push *ndr, int n static enum ndr_err_code ndr_pull_NETLOGON_DB_CHANGE(struct ndr_pull *ndr, int ndr_flags, struct NETLOGON_DB_CHANGE *r) { + uint32_t size_dbchange_0 = 0; uint32_t cntr_dbchange_0; TALLOC_CTX *_mem_save_dbchange_0; if (ndr_flags & NDR_SCALARS) { @@ -2345,10 +2366,11 @@ static enum ndr_err_code ndr_pull_NETLOGON_DB_CHANGE(struct ndr_pull *ndr, int n ndr->flags = _flags_save_string; } NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->db_count)); - NDR_PULL_ALLOC_N(ndr, r->dbchange, r->db_count); + size_dbchange_0 = r->db_count; + NDR_PULL_ALLOC_N(ndr, r->dbchange, size_dbchange_0); _mem_save_dbchange_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->dbchange, 0); - for (cntr_dbchange_0 = 0; cntr_dbchange_0 < r->db_count; cntr_dbchange_0++) { + for (cntr_dbchange_0 = 0; cntr_dbchange_0 < size_dbchange_0; cntr_dbchange_0++) { NDR_CHECK(ndr_pull_nbt_db_change_info(ndr, NDR_SCALARS, &r->dbchange[cntr_dbchange_0])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_dbchange_0, 0); @@ -2619,11 +2641,13 @@ static enum ndr_err_code ndr_push_nbt_browse_host_announcement(struct ndr_push * static enum ndr_err_code ndr_pull_nbt_browse_host_announcement(struct ndr_pull *ndr, int ndr_flags, struct nbt_browse_host_announcement *r) { + uint32_t size_ServerName_0 = 0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); NDR_CHECK(ndr_pull_uint8(ndr, NDR_SCALARS, &r->UpdateCount)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->Periodicity)); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->ServerName, 16, sizeof(uint8_t), CH_DOS)); + size_ServerName_0 = 16; + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->ServerName, size_ServerName_0, sizeof(uint8_t), CH_DOS)); NDR_CHECK(ndr_pull_uint8(ndr, NDR_SCALARS, &r->OSMajor)); NDR_CHECK(ndr_pull_uint8(ndr, NDR_SCALARS, &r->OSMinor)); NDR_CHECK(ndr_pull_svcctl_ServerType(ndr, NDR_SCALARS, &r->ServerType)); @@ -2805,16 +2829,18 @@ static enum ndr_err_code ndr_push_nbt_browse_backup_list_response(struct ndr_pus static enum ndr_err_code ndr_pull_nbt_browse_backup_list_response(struct ndr_pull *ndr, int ndr_flags, struct nbt_browse_backup_list_response *r) { + uint32_t size_BackupServerList_0 = 0; uint32_t cntr_BackupServerList_0; TALLOC_CTX *_mem_save_BackupServerList_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); NDR_CHECK(ndr_pull_uint8(ndr, NDR_SCALARS, &r->BackupCount)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->Token)); - NDR_PULL_ALLOC_N(ndr, r->BackupServerList, r->BackupCount); + size_BackupServerList_0 = r->BackupCount; + NDR_PULL_ALLOC_N(ndr, r->BackupServerList, size_BackupServerList_0); _mem_save_BackupServerList_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->BackupServerList, 0); - for (cntr_BackupServerList_0 = 0; cntr_BackupServerList_0 < r->BackupCount; cntr_BackupServerList_0++) { + for (cntr_BackupServerList_0 = 0; cntr_BackupServerList_0 < size_BackupServerList_0; cntr_BackupServerList_0++) { NDR_CHECK(ndr_pull_nbt_name(ndr, NDR_SCALARS, &r->BackupServerList[cntr_BackupServerList_0])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_BackupServerList_0, 0); @@ -2909,11 +2935,13 @@ static enum ndr_err_code ndr_push_nbt_browse_domain_announcement(struct ndr_push static enum ndr_err_code ndr_pull_nbt_browse_domain_announcement(struct ndr_pull *ndr, int ndr_flags, struct nbt_browse_domain_announcement *r) { + uint32_t size_ServerName_0 = 0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); NDR_CHECK(ndr_pull_uint8(ndr, NDR_SCALARS, &r->UpdateCount)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->Periodicity)); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->ServerName, 16, sizeof(uint8_t), CH_DOS)); + size_ServerName_0 = 16; + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->ServerName, size_ServerName_0, sizeof(uint8_t), CH_DOS)); NDR_CHECK(ndr_pull_uint8(ndr, NDR_SCALARS, &r->OSMajor)); NDR_CHECK(ndr_pull_uint8(ndr, NDR_SCALARS, &r->OSMinor)); NDR_CHECK(ndr_pull_svcctl_ServerType(ndr, NDR_SCALARS, &r->ServerType)); @@ -3042,11 +3070,13 @@ static enum ndr_err_code ndr_push_nbt_browse_local_master_announcement(struct nd static enum ndr_err_code ndr_pull_nbt_browse_local_master_announcement(struct ndr_pull *ndr, int ndr_flags, struct nbt_browse_local_master_announcement *r) { + uint32_t size_ServerName_0 = 0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); NDR_CHECK(ndr_pull_uint8(ndr, NDR_SCALARS, &r->UpdateCount)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->Periodicity)); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->ServerName, 16, sizeof(uint8_t), CH_DOS)); + size_ServerName_0 = 16; + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->ServerName, size_ServerName_0, sizeof(uint8_t), CH_DOS)); NDR_CHECK(ndr_pull_uint8(ndr, NDR_SCALARS, &r->OSMajor)); NDR_CHECK(ndr_pull_uint8(ndr, NDR_SCALARS, &r->OSMinor)); NDR_CHECK(ndr_pull_svcctl_ServerType(ndr, NDR_SCALARS, &r->ServerType)); diff --git a/librpc/gen_ndr/ndr_netlogon.c b/librpc/gen_ndr/ndr_netlogon.c index c1bdce4..c3ab81a 100644 --- a/librpc/gen_ndr/ndr_netlogon.c +++ b/librpc/gen_ndr/ndr_netlogon.c @@ -61,12 +61,20 @@ static enum ndr_err_code ndr_push_netr_UasInfo(struct ndr_push *ndr, int ndr_fla static enum ndr_err_code ndr_pull_netr_UasInfo(struct ndr_pull *ndr, int ndr_flags, struct netr_UasInfo *r) { uint32_t _ptr_account_name; + uint32_t size_account_name_1 = 0; + uint32_t length_account_name_1 = 0; TALLOC_CTX *_mem_save_account_name_0; uint32_t _ptr_computer; + uint32_t size_computer_1 = 0; + uint32_t length_computer_1 = 0; TALLOC_CTX *_mem_save_computer_0; uint32_t _ptr_domain; + uint32_t size_domain_1 = 0; + uint32_t length_domain_1 = 0; TALLOC_CTX *_mem_save_domain_0; uint32_t _ptr_script_path; + uint32_t size_script_path_1 = 0; + uint32_t length_script_path_1 = 0; TALLOC_CTX *_mem_save_script_path_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); @@ -113,11 +121,13 @@ static enum ndr_err_code ndr_pull_netr_UasInfo(struct ndr_pull *ndr, int ndr_fla NDR_PULL_SET_MEM_CTX(ndr, r->account_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->account_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->account_name)); - if (ndr_get_array_length(ndr, &r->account_name) > ndr_get_array_size(ndr, &r->account_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->account_name), ndr_get_array_length(ndr, &r->account_name)); + size_account_name_1 = ndr_get_array_size(ndr, &r->account_name); + length_account_name_1 = ndr_get_array_length(ndr, &r->account_name); + if (length_account_name_1 > size_account_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_account_name_1, length_account_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->account_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->account_name, ndr_get_array_length(ndr, &r->account_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_account_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->account_name, length_account_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_account_name_0, 0); } if (r->computer) { @@ -125,11 +135,13 @@ static enum ndr_err_code ndr_pull_netr_UasInfo(struct ndr_pull *ndr, int ndr_fla NDR_PULL_SET_MEM_CTX(ndr, r->computer, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->computer)); NDR_CHECK(ndr_pull_array_length(ndr, &r->computer)); - if (ndr_get_array_length(ndr, &r->computer) > ndr_get_array_size(ndr, &r->computer)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->computer), ndr_get_array_length(ndr, &r->computer)); + size_computer_1 = ndr_get_array_size(ndr, &r->computer); + length_computer_1 = ndr_get_array_length(ndr, &r->computer); + if (length_computer_1 > size_computer_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_computer_1, length_computer_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->computer), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->computer, ndr_get_array_length(ndr, &r->computer), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_computer_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->computer, length_computer_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_computer_0, 0); } if (r->domain) { @@ -137,11 +149,13 @@ static enum ndr_err_code ndr_pull_netr_UasInfo(struct ndr_pull *ndr, int ndr_fla NDR_PULL_SET_MEM_CTX(ndr, r->domain, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->domain)); NDR_CHECK(ndr_pull_array_length(ndr, &r->domain)); - if (ndr_get_array_length(ndr, &r->domain) > ndr_get_array_size(ndr, &r->domain)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->domain), ndr_get_array_length(ndr, &r->domain)); + size_domain_1 = ndr_get_array_size(ndr, &r->domain); + length_domain_1 = ndr_get_array_length(ndr, &r->domain); + if (length_domain_1 > size_domain_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_domain_1, length_domain_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->domain), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->domain, ndr_get_array_length(ndr, &r->domain), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_domain_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->domain, length_domain_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_domain_0, 0); } if (r->script_path) { @@ -149,11 +163,13 @@ static enum ndr_err_code ndr_pull_netr_UasInfo(struct ndr_pull *ndr, int ndr_fla NDR_PULL_SET_MEM_CTX(ndr, r->script_path, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->script_path)); NDR_CHECK(ndr_pull_array_length(ndr, &r->script_path)); - if (ndr_get_array_length(ndr, &r->script_path) > ndr_get_array_size(ndr, &r->script_path)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->script_path), ndr_get_array_length(ndr, &r->script_path)); + size_script_path_1 = ndr_get_array_size(ndr, &r->script_path); + length_script_path_1 = ndr_get_array_length(ndr, &r->script_path); + if (length_script_path_1 > size_script_path_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_script_path_1, length_script_path_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->script_path), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->script_path, ndr_get_array_length(ndr, &r->script_path), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_script_path_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->script_path, length_script_path_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_script_path_0, 0); } } @@ -418,6 +434,8 @@ static enum ndr_err_code ndr_push_netr_ChallengeResponse(struct ndr_push *ndr, i static enum ndr_err_code ndr_pull_netr_ChallengeResponse(struct ndr_pull *ndr, int ndr_flags, struct netr_ChallengeResponse *r) { uint32_t _ptr_data; + uint32_t size_data_1 = 0; + uint32_t length_data_1 = 0; TALLOC_CTX *_mem_save_data_0; { uint32_t _flags_save_STRUCT = ndr->flags; @@ -439,11 +457,13 @@ static enum ndr_err_code ndr_pull_netr_ChallengeResponse(struct ndr_pull *ndr, i NDR_PULL_SET_MEM_CTX(ndr, r->data, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->data)); NDR_CHECK(ndr_pull_array_length(ndr, &r->data)); - if (ndr_get_array_length(ndr, &r->data) > ndr_get_array_size(ndr, &r->data)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->data), ndr_get_array_length(ndr, &r->data)); + size_data_1 = ndr_get_array_size(ndr, &r->data); + length_data_1 = ndr_get_array_length(ndr, &r->data); + if (length_data_1 > size_data_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_data_1, length_data_1); } - NDR_PULL_ALLOC_N(ndr, r->data, ndr_get_array_size(ndr, &r->data)); - NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->data, ndr_get_array_length(ndr, &r->data))); + NDR_PULL_ALLOC_N(ndr, r->data, size_data_1); + NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->data, length_data_1)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_data_0, 0); } if (r->data) { @@ -502,13 +522,15 @@ static enum ndr_err_code ndr_push_netr_NetworkInfo(struct ndr_push *ndr, int ndr static enum ndr_err_code ndr_pull_netr_NetworkInfo(struct ndr_pull *ndr, int ndr_flags, struct netr_NetworkInfo *r) { + uint32_t size_challenge_0 = 0; { uint32_t _flags_save_STRUCT = ndr->flags; ndr_set_flags(&ndr->flags, LIBNDR_PRINT_ARRAY_HEX); if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); NDR_CHECK(ndr_pull_netr_IdentityInfo(ndr, NDR_SCALARS, &r->identity_info)); - NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->challenge, 8)); + size_challenge_0 = 8; + NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->challenge, size_challenge_0)); NDR_CHECK(ndr_pull_netr_ChallengeResponse(ndr, NDR_SCALARS, &r->nt)); NDR_CHECK(ndr_pull_netr_ChallengeResponse(ndr, NDR_SCALARS, &r->lm)); } @@ -566,6 +588,7 @@ static enum ndr_err_code ndr_push_netr_GenericInfo(struct ndr_push *ndr, int ndr static enum ndr_err_code ndr_pull_netr_GenericInfo(struct ndr_pull *ndr, int ndr_flags, struct netr_GenericInfo *r) { uint32_t _ptr_data; + uint32_t size_data_1 = 0; TALLOC_CTX *_mem_save_data_0; { uint32_t _flags_save_STRUCT = ndr->flags; @@ -589,8 +612,9 @@ static enum ndr_err_code ndr_pull_netr_GenericInfo(struct ndr_pull *ndr, int ndr _mem_save_data_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->data, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->data)); - NDR_PULL_ALLOC_N(ndr, r->data, ndr_get_array_size(ndr, &r->data)); - NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->data, ndr_get_array_size(ndr, &r->data))); + size_data_1 = ndr_get_array_size(ndr, &r->data); + NDR_PULL_ALLOC_N(ndr, r->data, size_data_1); + NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->data, size_data_1)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_data_0, 0); } if (r->data) { @@ -748,8 +772,11 @@ _PUBLIC_ enum ndr_err_code ndr_pull_netr_LogonLevel(struct ndr_pull *ndr, int nd int level; uint16_t _level; TALLOC_CTX *_mem_save_password_0; + uint32_t _ptr_password; TALLOC_CTX *_mem_save_network_0; + uint32_t _ptr_network; TALLOC_CTX *_mem_save_generic_0; + uint32_t _ptr_generic; level = ndr_pull_get_switch_value(ndr, r); if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, &_level)); @@ -758,7 +785,6 @@ _PUBLIC_ enum ndr_err_code ndr_pull_netr_LogonLevel(struct ndr_pull *ndr, int nd } switch (level) { case NetlogonInteractiveInformation: { - uint32_t _ptr_password; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_password)); if (_ptr_password) { NDR_PULL_ALLOC(ndr, r->password); @@ -768,7 +794,6 @@ _PUBLIC_ enum ndr_err_code ndr_pull_netr_LogonLevel(struct ndr_pull *ndr, int nd break; } case NetlogonNetworkInformation: { - uint32_t _ptr_network; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_network)); if (_ptr_network) { NDR_PULL_ALLOC(ndr, r->network); @@ -778,7 +803,6 @@ _PUBLIC_ enum ndr_err_code ndr_pull_netr_LogonLevel(struct ndr_pull *ndr, int nd break; } case NetlogonServiceInformation: { - uint32_t _ptr_password; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_password)); if (_ptr_password) { NDR_PULL_ALLOC(ndr, r->password); @@ -788,7 +812,6 @@ _PUBLIC_ enum ndr_err_code ndr_pull_netr_LogonLevel(struct ndr_pull *ndr, int nd break; } case NetlogonGenericInformation: { - uint32_t _ptr_generic; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_generic)); if (_ptr_generic) { NDR_PULL_ALLOC(ndr, r->generic); @@ -798,7 +821,6 @@ _PUBLIC_ enum ndr_err_code ndr_pull_netr_LogonLevel(struct ndr_pull *ndr, int nd break; } case NetlogonInteractiveTransitiveInformation: { - uint32_t _ptr_password; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_password)); if (_ptr_password) { NDR_PULL_ALLOC(ndr, r->password); @@ -808,7 +830,6 @@ _PUBLIC_ enum ndr_err_code ndr_pull_netr_LogonLevel(struct ndr_pull *ndr, int nd break; } case NetlogonNetworkTransitiveInformation: { - uint32_t _ptr_network; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_network)); if (_ptr_network) { NDR_PULL_ALLOC(ndr, r->network); @@ -818,7 +839,6 @@ _PUBLIC_ enum ndr_err_code ndr_pull_netr_LogonLevel(struct ndr_pull *ndr, int nd break; } case NetlogonServiceTransitiveInformation: { - uint32_t _ptr_password; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_password)); if (_ptr_password) { NDR_PULL_ALLOC(ndr, r->password); @@ -995,12 +1015,14 @@ _PUBLIC_ enum ndr_err_code ndr_push_netr_UserSessionKey(struct ndr_push *ndr, in _PUBLIC_ enum ndr_err_code ndr_pull_netr_UserSessionKey(struct ndr_pull *ndr, int ndr_flags, struct netr_UserSessionKey *r) { + uint32_t size_key_0 = 0; { uint32_t _flags_save_STRUCT = ndr->flags; ndr_set_flags(&ndr->flags, LIBNDR_PRINT_ARRAY_HEX); if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 1)); - NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->key, 16)); + size_key_0 = 16; + NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->key, size_key_0)); } if (ndr_flags & NDR_BUFFERS) { } @@ -1040,12 +1062,14 @@ _PUBLIC_ enum ndr_err_code ndr_push_netr_LMSessionKey(struct ndr_push *ndr, int _PUBLIC_ enum ndr_err_code ndr_pull_netr_LMSessionKey(struct ndr_pull *ndr, int ndr_flags, struct netr_LMSessionKey *r) { + uint32_t size_key_0 = 0; { uint32_t _flags_save_STRUCT = ndr->flags; ndr_set_flags(&ndr->flags, LIBNDR_PRINT_ARRAY_HEX); if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 1)); - NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->key, 8)); + size_key_0 = 8; + NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->key, size_key_0)); } if (ndr_flags & NDR_BUFFERS) { } @@ -1153,6 +1177,7 @@ static enum ndr_err_code ndr_pull_netr_SamBaseInfo(struct ndr_pull *ndr, int ndr { uint32_t _ptr_domain_sid; TALLOC_CTX *_mem_save_domain_sid_0; + uint32_t size_unknown_0 = 0; uint32_t cntr_unknown_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); @@ -1185,7 +1210,8 @@ static enum ndr_err_code ndr_pull_netr_SamBaseInfo(struct ndr_pull *ndr, int ndr } NDR_CHECK(ndr_pull_netr_LMSessionKey(ndr, NDR_SCALARS, &r->LMSessKey)); NDR_CHECK(ndr_pull_samr_AcctFlags(ndr, NDR_SCALARS, &r->acct_flags)); - for (cntr_unknown_0 = 0; cntr_unknown_0 < 7; cntr_unknown_0++) { + size_unknown_0 = 7; + for (cntr_unknown_0 = 0; cntr_unknown_0 < size_unknown_0; cntr_unknown_0++) { NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->unknown[cntr_unknown_0])); } } @@ -1369,6 +1395,7 @@ _PUBLIC_ enum ndr_err_code ndr_push_netr_SamInfo3(struct ndr_push *ndr, int ndr_ _PUBLIC_ enum ndr_err_code ndr_pull_netr_SamInfo3(struct ndr_pull *ndr, int ndr_flags, struct netr_SamInfo3 *r) { uint32_t _ptr_sids; + uint32_t size_sids_1 = 0; uint32_t cntr_sids_1; TALLOC_CTX *_mem_save_sids_0; TALLOC_CTX *_mem_save_sids_1; @@ -1389,13 +1416,14 @@ _PUBLIC_ enum ndr_err_code ndr_pull_netr_SamInfo3(struct ndr_pull *ndr, int ndr_ _mem_save_sids_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->sids, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->sids)); - NDR_PULL_ALLOC_N(ndr, r->sids, ndr_get_array_size(ndr, &r->sids)); + size_sids_1 = ndr_get_array_size(ndr, &r->sids); + NDR_PULL_ALLOC_N(ndr, r->sids, size_sids_1); _mem_save_sids_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->sids, 0); - for (cntr_sids_1 = 0; cntr_sids_1 < r->sidcount; cntr_sids_1++) { + for (cntr_sids_1 = 0; cntr_sids_1 < size_sids_1; cntr_sids_1++) { NDR_CHECK(ndr_pull_netr_SidAttr(ndr, NDR_SCALARS, &r->sids[cntr_sids_1])); } - for (cntr_sids_1 = 0; cntr_sids_1 < r->sidcount; cntr_sids_1++) { + for (cntr_sids_1 = 0; cntr_sids_1 < size_sids_1; cntr_sids_1++) { NDR_CHECK(ndr_pull_netr_SidAttr(ndr, NDR_BUFFERS, &r->sids[cntr_sids_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_sids_1, 0); @@ -1468,9 +1496,11 @@ static enum ndr_err_code ndr_push_netr_SamInfo6(struct ndr_push *ndr, int ndr_fl static enum ndr_err_code ndr_pull_netr_SamInfo6(struct ndr_pull *ndr, int ndr_flags, struct netr_SamInfo6 *r) { uint32_t _ptr_sids; + uint32_t size_sids_1 = 0; uint32_t cntr_sids_1; TALLOC_CTX *_mem_save_sids_0; TALLOC_CTX *_mem_save_sids_1; + uint32_t size_unknown4_0 = 0; uint32_t cntr_unknown4_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); @@ -1484,7 +1514,8 @@ static enum ndr_err_code ndr_pull_netr_SamInfo6(struct ndr_pull *ndr, int ndr_fl } NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_SCALARS, &r->forest)); NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_SCALARS, &r->principle)); - for (cntr_unknown4_0 = 0; cntr_unknown4_0 < 20; cntr_unknown4_0++) { + size_unknown4_0 = 20; + for (cntr_unknown4_0 = 0; cntr_unknown4_0 < size_unknown4_0; cntr_unknown4_0++) { NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->unknown4[cntr_unknown4_0])); } } @@ -1494,13 +1525,14 @@ static enum ndr_err_code ndr_pull_netr_SamInfo6(struct ndr_pull *ndr, int ndr_fl _mem_save_sids_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->sids, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->sids)); - NDR_PULL_ALLOC_N(ndr, r->sids, ndr_get_array_size(ndr, &r->sids)); + size_sids_1 = ndr_get_array_size(ndr, &r->sids); + NDR_PULL_ALLOC_N(ndr, r->sids, size_sids_1); _mem_save_sids_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->sids, 0); - for (cntr_sids_1 = 0; cntr_sids_1 < r->sidcount; cntr_sids_1++) { + for (cntr_sids_1 = 0; cntr_sids_1 < size_sids_1; cntr_sids_1++) { NDR_CHECK(ndr_pull_netr_SidAttr(ndr, NDR_SCALARS, &r->sids[cntr_sids_1])); } - for (cntr_sids_1 = 0; cntr_sids_1 < r->sidcount; cntr_sids_1++) { + for (cntr_sids_1 = 0; cntr_sids_1 < size_sids_1; cntr_sids_1++) { NDR_CHECK(ndr_pull_netr_SidAttr(ndr, NDR_BUFFERS, &r->sids[cntr_sids_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_sids_1, 0); @@ -1597,9 +1629,12 @@ static enum ndr_err_code ndr_push_netr_PacInfo(struct ndr_push *ndr, int ndr_fla static enum ndr_err_code ndr_pull_netr_PacInfo(struct ndr_pull *ndr, int ndr_flags, struct netr_PacInfo *r) { uint32_t _ptr_pac; + uint32_t size_pac_1 = 0; TALLOC_CTX *_mem_save_pac_0; uint32_t _ptr_auth; + uint32_t size_auth_1 = 0; TALLOC_CTX *_mem_save_auth_0; + uint32_t size_expansionroom_0 = 0; uint32_t cntr_expansionroom_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); @@ -1621,7 +1656,8 @@ static enum ndr_err_code ndr_pull_netr_PacInfo(struct ndr_pull *ndr, int ndr_fla r->auth = NULL; } NDR_CHECK(ndr_pull_netr_UserSessionKey(ndr, NDR_SCALARS, &r->user_session_key)); - for (cntr_expansionroom_0 = 0; cntr_expansionroom_0 < 10; cntr_expansionroom_0++) { + size_expansionroom_0 = 10; + for (cntr_expansionroom_0 = 0; cntr_expansionroom_0 < size_expansionroom_0; cntr_expansionroom_0++) { NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->expansionroom[cntr_expansionroom_0])); } NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_SCALARS, &r->unknown1)); @@ -1634,8 +1670,9 @@ static enum ndr_err_code ndr_pull_netr_PacInfo(struct ndr_pull *ndr, int ndr_fla _mem_save_pac_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->pac, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->pac)); - NDR_PULL_ALLOC_N(ndr, r->pac, ndr_get_array_size(ndr, &r->pac)); - NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->pac, ndr_get_array_size(ndr, &r->pac))); + size_pac_1 = ndr_get_array_size(ndr, &r->pac); + NDR_PULL_ALLOC_N(ndr, r->pac, size_pac_1); + NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->pac, size_pac_1)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_pac_0, 0); } NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_BUFFERS, &r->logon_domain)); @@ -1645,8 +1682,9 @@ static enum ndr_err_code ndr_pull_netr_PacInfo(struct ndr_pull *ndr, int ndr_fla _mem_save_auth_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->auth, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->auth)); - NDR_PULL_ALLOC_N(ndr, r->auth, ndr_get_array_size(ndr, &r->auth)); - NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->auth, ndr_get_array_size(ndr, &r->auth))); + size_auth_1 = ndr_get_array_size(ndr, &r->auth); + NDR_PULL_ALLOC_N(ndr, r->auth, size_auth_1); + NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->auth, size_auth_1)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_auth_0, 0); } NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_BUFFERS, &r->unknown1)); @@ -1727,6 +1765,7 @@ static enum ndr_err_code ndr_push_netr_GenericInfo2(struct ndr_push *ndr, int nd static enum ndr_err_code ndr_pull_netr_GenericInfo2(struct ndr_pull *ndr, int ndr_flags, struct netr_GenericInfo2 *r) { uint32_t _ptr_data; + uint32_t size_data_1 = 0; TALLOC_CTX *_mem_save_data_0; { uint32_t _flags_save_STRUCT = ndr->flags; @@ -1746,8 +1785,9 @@ static enum ndr_err_code ndr_pull_netr_GenericInfo2(struct ndr_pull *ndr, int nd _mem_save_data_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->data, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->data)); - NDR_PULL_ALLOC_N(ndr, r->data, ndr_get_array_size(ndr, &r->data)); - NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->data, ndr_get_array_size(ndr, &r->data))); + size_data_1 = ndr_get_array_size(ndr, &r->data); + NDR_PULL_ALLOC_N(ndr, r->data, size_data_1); + NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->data, size_data_1)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_data_0, 0); } if (r->data) { @@ -1853,10 +1893,15 @@ _PUBLIC_ enum ndr_err_code ndr_pull_netr_Validation(struct ndr_pull *ndr, int nd int level; uint16_t _level; TALLOC_CTX *_mem_save_sam2_0; + uint32_t _ptr_sam2; TALLOC_CTX *_mem_save_sam3_0; + uint32_t _ptr_sam3; TALLOC_CTX *_mem_save_pac_0; + uint32_t _ptr_pac; TALLOC_CTX *_mem_save_generic_0; + uint32_t _ptr_generic; TALLOC_CTX *_mem_save_sam6_0; + uint32_t _ptr_sam6; level = ndr_pull_get_switch_value(ndr, r); if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, &_level)); @@ -1865,7 +1910,6 @@ _PUBLIC_ enum ndr_err_code ndr_pull_netr_Validation(struct ndr_pull *ndr, int nd } switch (level) { case NetlogonValidationSamInfo: { - uint32_t _ptr_sam2; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_sam2)); if (_ptr_sam2) { NDR_PULL_ALLOC(ndr, r->sam2); @@ -1875,7 +1919,6 @@ _PUBLIC_ enum ndr_err_code ndr_pull_netr_Validation(struct ndr_pull *ndr, int nd break; } case NetlogonValidationSamInfo2: { - uint32_t _ptr_sam3; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_sam3)); if (_ptr_sam3) { NDR_PULL_ALLOC(ndr, r->sam3); @@ -1885,7 +1928,6 @@ _PUBLIC_ enum ndr_err_code ndr_pull_netr_Validation(struct ndr_pull *ndr, int nd break; } case 4: { - uint32_t _ptr_pac; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_pac)); if (_ptr_pac) { NDR_PULL_ALLOC(ndr, r->pac); @@ -1895,7 +1937,6 @@ _PUBLIC_ enum ndr_err_code ndr_pull_netr_Validation(struct ndr_pull *ndr, int nd break; } case NetlogonValidationGenericInfo2: { - uint32_t _ptr_generic; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_generic)); if (_ptr_generic) { NDR_PULL_ALLOC(ndr, r->generic); @@ -1905,7 +1946,6 @@ _PUBLIC_ enum ndr_err_code ndr_pull_netr_Validation(struct ndr_pull *ndr, int nd break; } case NetlogonValidationSamInfo4: { - uint32_t _ptr_sam6; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_sam6)); if (_ptr_sam6) { NDR_PULL_ALLOC(ndr, r->sam6); @@ -2046,12 +2086,14 @@ _PUBLIC_ enum ndr_err_code ndr_push_netr_Credential(struct ndr_push *ndr, int nd _PUBLIC_ enum ndr_err_code ndr_pull_netr_Credential(struct ndr_pull *ndr, int ndr_flags, struct netr_Credential *r) { + uint32_t size_data_0 = 0; { uint32_t _flags_save_STRUCT = ndr->flags; ndr_set_flags(&ndr->flags, LIBNDR_PRINT_ARRAY_HEX); if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 1)); - NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->data, 8)); + size_data_0 = 8; + NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->data, size_data_0)); } if (ndr_flags & NDR_BUFFERS) { } @@ -2138,6 +2180,8 @@ static enum ndr_err_code ndr_push_netr_DELTA_DELETE_USER(struct ndr_push *ndr, i static enum ndr_err_code ndr_pull_netr_DELTA_DELETE_USER(struct ndr_pull *ndr, int ndr_flags, struct netr_DELTA_DELETE_USER *r) { uint32_t _ptr_account_name; + uint32_t size_account_name_1 = 0; + uint32_t length_account_name_1 = 0; TALLOC_CTX *_mem_save_account_name_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); @@ -2162,11 +2206,13 @@ static enum ndr_err_code ndr_pull_netr_DELTA_DELETE_USER(struct ndr_pull *ndr, i NDR_PULL_SET_MEM_CTX(ndr, r->account_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->account_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->account_name)); - if (ndr_get_array_length(ndr, &r->account_name) > ndr_get_array_size(ndr, &r->account_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->account_name), ndr_get_array_length(ndr, &r->account_name)); + size_account_name_1 = ndr_get_array_size(ndr, &r->account_name); + length_account_name_1 = ndr_get_array_length(ndr, &r->account_name); + if (length_account_name_1 > size_account_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_account_name_1, length_account_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->account_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->account_name, ndr_get_array_length(ndr, &r->account_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_account_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->account_name, length_account_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_account_name_0, 0); } NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_BUFFERS, &r->unknown1)); @@ -2257,6 +2303,8 @@ static enum ndr_err_code ndr_push_netr_PasswordHistory(struct ndr_push *ndr, int static enum ndr_err_code ndr_pull_netr_PasswordHistory(struct ndr_pull *ndr, int ndr_flags, struct netr_PasswordHistory *r) { + uint32_t size_nt_history_0 = 0; + uint32_t size_lm_history_0 = 0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, &r->nt_length)); @@ -2265,10 +2313,12 @@ static enum ndr_err_code ndr_pull_netr_PasswordHistory(struct ndr_pull *ndr, int NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, &r->lm_length)); NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, &r->lm_size)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->lm_flags)); - NDR_PULL_ALLOC_N(ndr, r->nt_history, r->nt_length); - NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->nt_history, r->nt_length)); - NDR_PULL_ALLOC_N(ndr, r->lm_history, r->lm_length); - NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->lm_history, r->lm_length)); + size_nt_history_0 = r->nt_length; + NDR_PULL_ALLOC_N(ndr, r->nt_history, size_nt_history_0); + NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->nt_history, size_nt_history_0)); + size_lm_history_0 = r->lm_length; + NDR_PULL_ALLOC_N(ndr, r->lm_history, size_lm_history_0); + NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->lm_history, size_lm_history_0)); } if (ndr_flags & NDR_BUFFERS) { } @@ -2419,6 +2469,7 @@ static enum ndr_err_code ndr_push_netr_USER_PRIVATE_INFO(struct ndr_push *ndr, i static enum ndr_err_code ndr_pull_netr_USER_PRIVATE_INFO(struct ndr_pull *ndr, int ndr_flags, struct netr_USER_PRIVATE_INFO *r) { uint32_t _ptr_SensitiveData; + uint32_t size_SensitiveData_1 = 0; TALLOC_CTX *_mem_save_SensitiveData_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); @@ -2444,8 +2495,9 @@ static enum ndr_err_code ndr_pull_netr_USER_PRIVATE_INFO(struct ndr_pull *ndr, i _mem_save_SensitiveData_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->SensitiveData, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->SensitiveData)); - NDR_PULL_ALLOC_N(ndr, r->SensitiveData, ndr_get_array_size(ndr, &r->SensitiveData)); - NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->SensitiveData, ndr_get_array_size(ndr, &r->SensitiveData))); + size_SensitiveData_1 = ndr_get_array_size(ndr, &r->SensitiveData); + NDR_PULL_ALLOC_N(ndr, r->SensitiveData, size_SensitiveData_1); + NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->SensitiveData, size_SensitiveData_1)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_SensitiveData_0, 0); } ndr->flags = _flags_save_uint8; @@ -2926,10 +2978,12 @@ static enum ndr_err_code ndr_push_netr_DELTA_GROUP_MEMBER(struct ndr_push *ndr, static enum ndr_err_code ndr_pull_netr_DELTA_GROUP_MEMBER(struct ndr_pull *ndr, int ndr_flags, struct netr_DELTA_GROUP_MEMBER *r) { uint32_t _ptr_rids; + uint32_t size_rids_1 = 0; uint32_t cntr_rids_1; TALLOC_CTX *_mem_save_rids_0; TALLOC_CTX *_mem_save_rids_1; uint32_t _ptr_attribs; + uint32_t size_attribs_1 = 0; uint32_t cntr_attribs_1; TALLOC_CTX *_mem_save_attribs_0; TALLOC_CTX *_mem_save_attribs_1; @@ -2958,10 +3012,11 @@ static enum ndr_err_code ndr_pull_netr_DELTA_GROUP_MEMBER(struct ndr_pull *ndr, _mem_save_rids_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->rids, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->rids)); - NDR_PULL_ALLOC_N(ndr, r->rids, ndr_get_array_size(ndr, &r->rids)); + size_rids_1 = ndr_get_array_size(ndr, &r->rids); + NDR_PULL_ALLOC_N(ndr, r->rids, size_rids_1); _mem_save_rids_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->rids, 0); - for (cntr_rids_1 = 0; cntr_rids_1 < r->num_rids; cntr_rids_1++) { + for (cntr_rids_1 = 0; cntr_rids_1 < size_rids_1; cntr_rids_1++) { NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->rids[cntr_rids_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_rids_1, 0); @@ -2971,10 +3026,11 @@ static enum ndr_err_code ndr_pull_netr_DELTA_GROUP_MEMBER(struct ndr_pull *ndr, _mem_save_attribs_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->attribs, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->attribs)); - NDR_PULL_ALLOC_N(ndr, r->attribs, ndr_get_array_size(ndr, &r->attribs)); + size_attribs_1 = ndr_get_array_size(ndr, &r->attribs); + NDR_PULL_ALLOC_N(ndr, r->attribs, size_attribs_1); _mem_save_attribs_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->attribs, 0); - for (cntr_attribs_1 = 0; cntr_attribs_1 < r->num_rids; cntr_attribs_1++) { + for (cntr_attribs_1 = 0; cntr_attribs_1 < size_attribs_1; cntr_attribs_1++) { NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->attribs[cntr_attribs_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_attribs_1, 0); @@ -3247,6 +3303,7 @@ static enum ndr_err_code ndr_push_netr_DELTA_POLICY(struct ndr_push *ndr, int nd static enum ndr_err_code ndr_pull_netr_DELTA_POLICY(struct ndr_pull *ndr, int ndr_flags, struct netr_DELTA_POLICY *r) { uint32_t _ptr_eventauditoptions; + uint32_t size_eventauditoptions_1 = 0; uint32_t cntr_eventauditoptions_1; TALLOC_CTX *_mem_save_eventauditoptions_0; TALLOC_CTX *_mem_save_eventauditoptions_1; @@ -3290,10 +3347,11 @@ static enum ndr_err_code ndr_pull_netr_DELTA_POLICY(struct ndr_pull *ndr, int nd _mem_save_eventauditoptions_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->eventauditoptions, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->eventauditoptions)); - NDR_PULL_ALLOC_N(ndr, r->eventauditoptions, ndr_get_array_size(ndr, &r->eventauditoptions)); + size_eventauditoptions_1 = ndr_get_array_size(ndr, &r->eventauditoptions); + NDR_PULL_ALLOC_N(ndr, r->eventauditoptions, size_eventauditoptions_1); _mem_save_eventauditoptions_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->eventauditoptions, 0); - for (cntr_eventauditoptions_1 = 0; cntr_eventauditoptions_1 < r->maxauditeventcount + 1; cntr_eventauditoptions_1++) { + for (cntr_eventauditoptions_1 = 0; cntr_eventauditoptions_1 < size_eventauditoptions_1; cntr_eventauditoptions_1++) { NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->eventauditoptions[cntr_eventauditoptions_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_eventauditoptions_1, 0); @@ -3407,6 +3465,7 @@ static enum ndr_err_code ndr_push_netr_DELTA_TRUSTED_DOMAIN(struct ndr_push *ndr static enum ndr_err_code ndr_pull_netr_DELTA_TRUSTED_DOMAIN(struct ndr_pull *ndr, int ndr_flags, struct netr_DELTA_TRUSTED_DOMAIN *r) { uint32_t _ptr_controller_names; + uint32_t size_controller_names_1 = 0; uint32_t cntr_controller_names_1; TALLOC_CTX *_mem_save_controller_names_0; TALLOC_CTX *_mem_save_controller_names_1; @@ -3437,13 +3496,14 @@ static enum ndr_err_code ndr_pull_netr_DELTA_TRUSTED_DOMAIN(struct ndr_pull *ndr _mem_save_controller_names_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->controller_names, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->controller_names)); - NDR_PULL_ALLOC_N(ndr, r->controller_names, ndr_get_array_size(ndr, &r->controller_names)); + size_controller_names_1 = ndr_get_array_size(ndr, &r->controller_names); + NDR_PULL_ALLOC_N(ndr, r->controller_names, size_controller_names_1); _mem_save_controller_names_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->controller_names, 0); - for (cntr_controller_names_1 = 0; cntr_controller_names_1 < r->num_controllers; cntr_controller_names_1++) { + for (cntr_controller_names_1 = 0; cntr_controller_names_1 < size_controller_names_1; cntr_controller_names_1++) { NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_SCALARS, &r->controller_names[cntr_controller_names_1])); } - for (cntr_controller_names_1 = 0; cntr_controller_names_1 < r->num_controllers; cntr_controller_names_1++) { + for (cntr_controller_names_1 = 0; cntr_controller_names_1 < size_controller_names_1; cntr_controller_names_1++) { NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_BUFFERS, &r->controller_names[cntr_controller_names_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_controller_names_1, 0); @@ -3577,10 +3637,12 @@ static enum ndr_err_code ndr_push_netr_DELTA_ACCOUNT(struct ndr_push *ndr, int n static enum ndr_err_code ndr_pull_netr_DELTA_ACCOUNT(struct ndr_pull *ndr, int ndr_flags, struct netr_DELTA_ACCOUNT *r) { uint32_t _ptr_privilege_attrib; + uint32_t size_privilege_attrib_1 = 0; uint32_t cntr_privilege_attrib_1; TALLOC_CTX *_mem_save_privilege_attrib_0; TALLOC_CTX *_mem_save_privilege_attrib_1; uint32_t _ptr_privilege_name; + uint32_t size_privilege_name_1 = 0; uint32_t cntr_privilege_name_1; TALLOC_CTX *_mem_save_privilege_name_0; TALLOC_CTX *_mem_save_privilege_name_1; @@ -3618,10 +3680,11 @@ static enum ndr_err_code ndr_pull_netr_DELTA_ACCOUNT(struct ndr_pull *ndr, int n _mem_save_privilege_attrib_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->privilege_attrib, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->privilege_attrib)); - NDR_PULL_ALLOC_N(ndr, r->privilege_attrib, ndr_get_array_size(ndr, &r->privilege_attrib)); + size_privilege_attrib_1 = ndr_get_array_size(ndr, &r->privilege_attrib); + NDR_PULL_ALLOC_N(ndr, r->privilege_attrib, size_privilege_attrib_1); _mem_save_privilege_attrib_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->privilege_attrib, 0); - for (cntr_privilege_attrib_1 = 0; cntr_privilege_attrib_1 < r->privilege_entries; cntr_privilege_attrib_1++) { + for (cntr_privilege_attrib_1 = 0; cntr_privilege_attrib_1 < size_privilege_attrib_1; cntr_privilege_attrib_1++) { NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->privilege_attrib[cntr_privilege_attrib_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_privilege_attrib_1, 0); @@ -3631,13 +3694,14 @@ static enum ndr_err_code ndr_pull_netr_DELTA_ACCOUNT(struct ndr_pull *ndr, int n _mem_save_privilege_name_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->privilege_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->privilege_name)); - NDR_PULL_ALLOC_N(ndr, r->privilege_name, ndr_get_array_size(ndr, &r->privilege_name)); + size_privilege_name_1 = ndr_get_array_size(ndr, &r->privilege_name); + NDR_PULL_ALLOC_N(ndr, r->privilege_name, size_privilege_name_1); _mem_save_privilege_name_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->privilege_name, 0); - for (cntr_privilege_name_1 = 0; cntr_privilege_name_1 < r->privilege_entries; cntr_privilege_name_1++) { + for (cntr_privilege_name_1 = 0; cntr_privilege_name_1 < size_privilege_name_1; cntr_privilege_name_1++) { NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_SCALARS, &r->privilege_name[cntr_privilege_name_1])); } - for (cntr_privilege_name_1 = 0; cntr_privilege_name_1 < r->privilege_entries; cntr_privilege_name_1++) { + for (cntr_privilege_name_1 = 0; cntr_privilege_name_1 < size_privilege_name_1; cntr_privilege_name_1++) { NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_BUFFERS, &r->privilege_name[cntr_privilege_name_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_privilege_name_1, 0); @@ -3793,6 +3857,8 @@ static enum ndr_err_code ndr_push_netr_CIPHER_VALUE(struct ndr_push *ndr, int nd static enum ndr_err_code ndr_pull_netr_CIPHER_VALUE(struct ndr_pull *ndr, int ndr_flags, struct netr_CIPHER_VALUE *r) { uint32_t _ptr_cipher_data; + uint32_t size_cipher_data_1 = 0; + uint32_t length_cipher_data_1 = 0; TALLOC_CTX *_mem_save_cipher_data_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); @@ -3811,11 +3877,13 @@ static enum ndr_err_code ndr_pull_netr_CIPHER_VALUE(struct ndr_pull *ndr, int nd NDR_PULL_SET_MEM_CTX(ndr, r->cipher_data, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->cipher_data)); NDR_CHECK(ndr_pull_array_length(ndr, &r->cipher_data)); - if (ndr_get_array_length(ndr, &r->cipher_data) > ndr_get_array_size(ndr, &r->cipher_data)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->cipher_data), ndr_get_array_length(ndr, &r->cipher_data)); + size_cipher_data_1 = ndr_get_array_size(ndr, &r->cipher_data); + length_cipher_data_1 = ndr_get_array_length(ndr, &r->cipher_data); + if (length_cipher_data_1 > size_cipher_data_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_cipher_data_1, length_cipher_data_1); } - NDR_PULL_ALLOC_N(ndr, r->cipher_data, ndr_get_array_size(ndr, &r->cipher_data)); - NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->cipher_data, ndr_get_array_length(ndr, &r->cipher_data))); + NDR_PULL_ALLOC_N(ndr, r->cipher_data, size_cipher_data_1); + NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->cipher_data, length_cipher_data_1)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_cipher_data_0, 0); } if (r->cipher_data) { @@ -4195,21 +4263,37 @@ static enum ndr_err_code ndr_pull_netr_DELTA_UNION(struct ndr_pull *ndr, int ndr int level; uint16_t _level; TALLOC_CTX *_mem_save_domain_0; + uint32_t _ptr_domain; TALLOC_CTX *_mem_save_group_0; + uint32_t _ptr_group; TALLOC_CTX *_mem_save_rename_group_0; + uint32_t _ptr_rename_group; TALLOC_CTX *_mem_save_user_0; + uint32_t _ptr_user; TALLOC_CTX *_mem_save_rename_user_0; + uint32_t _ptr_rename_user; TALLOC_CTX *_mem_save_group_member_0; + uint32_t _ptr_group_member; TALLOC_CTX *_mem_save_alias_0; + uint32_t _ptr_alias; TALLOC_CTX *_mem_save_rename_alias_0; + uint32_t _ptr_rename_alias; TALLOC_CTX *_mem_save_alias_member_0; + uint32_t _ptr_alias_member; TALLOC_CTX *_mem_save_policy_0; + uint32_t _ptr_policy; TALLOC_CTX *_mem_save_trusted_domain_0; + uint32_t _ptr_trusted_domain; TALLOC_CTX *_mem_save_account_0; + uint32_t _ptr_account; TALLOC_CTX *_mem_save_secret_0; + uint32_t _ptr_secret; TALLOC_CTX *_mem_save_delete_group_0; + uint32_t _ptr_delete_group; TALLOC_CTX *_mem_save_delete_user_0; + uint32_t _ptr_delete_user; TALLOC_CTX *_mem_save_modified_count_0; + uint32_t _ptr_modified_count; level = ndr_pull_get_switch_value(ndr, r); if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, &_level)); @@ -4218,7 +4302,6 @@ static enum ndr_err_code ndr_pull_netr_DELTA_UNION(struct ndr_pull *ndr, int ndr } switch (level) { case NETR_DELTA_DOMAIN: { - uint32_t _ptr_domain; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_domain)); if (_ptr_domain) { NDR_PULL_ALLOC(ndr, r->domain); @@ -4228,7 +4311,6 @@ static enum ndr_err_code ndr_pull_netr_DELTA_UNION(struct ndr_pull *ndr, int ndr break; } case NETR_DELTA_GROUP: { - uint32_t _ptr_group; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_group)); if (_ptr_group) { NDR_PULL_ALLOC(ndr, r->group); @@ -4241,7 +4323,6 @@ static enum ndr_err_code ndr_pull_netr_DELTA_UNION(struct ndr_pull *ndr, int ndr break; } case NETR_DELTA_RENAME_GROUP: { - uint32_t _ptr_rename_group; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_rename_group)); if (_ptr_rename_group) { NDR_PULL_ALLOC(ndr, r->rename_group); @@ -4251,7 +4332,6 @@ static enum ndr_err_code ndr_pull_netr_DELTA_UNION(struct ndr_pull *ndr, int ndr break; } case NETR_DELTA_USER: { - uint32_t _ptr_user; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_user)); if (_ptr_user) { NDR_PULL_ALLOC(ndr, r->user); @@ -4264,7 +4344,6 @@ static enum ndr_err_code ndr_pull_netr_DELTA_UNION(struct ndr_pull *ndr, int ndr break; } case NETR_DELTA_RENAME_USER: { - uint32_t _ptr_rename_user; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_rename_user)); if (_ptr_rename_user) { NDR_PULL_ALLOC(ndr, r->rename_user); @@ -4274,7 +4353,6 @@ static enum ndr_err_code ndr_pull_netr_DELTA_UNION(struct ndr_pull *ndr, int ndr break; } case NETR_DELTA_GROUP_MEMBER: { - uint32_t _ptr_group_member; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_group_member)); if (_ptr_group_member) { NDR_PULL_ALLOC(ndr, r->group_member); @@ -4284,7 +4362,6 @@ static enum ndr_err_code ndr_pull_netr_DELTA_UNION(struct ndr_pull *ndr, int ndr break; } case NETR_DELTA_ALIAS: { - uint32_t _ptr_alias; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_alias)); if (_ptr_alias) { NDR_PULL_ALLOC(ndr, r->alias); @@ -4297,7 +4374,6 @@ static enum ndr_err_code ndr_pull_netr_DELTA_UNION(struct ndr_pull *ndr, int ndr break; } case NETR_DELTA_RENAME_ALIAS: { - uint32_t _ptr_rename_alias; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_rename_alias)); if (_ptr_rename_alias) { NDR_PULL_ALLOC(ndr, r->rename_alias); @@ -4307,7 +4383,6 @@ static enum ndr_err_code ndr_pull_netr_DELTA_UNION(struct ndr_pull *ndr, int ndr break; } case NETR_DELTA_ALIAS_MEMBER: { - uint32_t _ptr_alias_member; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_alias_member)); if (_ptr_alias_member) { NDR_PULL_ALLOC(ndr, r->alias_member); @@ -4317,7 +4392,6 @@ static enum ndr_err_code ndr_pull_netr_DELTA_UNION(struct ndr_pull *ndr, int ndr break; } case NETR_DELTA_POLICY: { - uint32_t _ptr_policy; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_policy)); if (_ptr_policy) { NDR_PULL_ALLOC(ndr, r->policy); @@ -4327,7 +4401,6 @@ static enum ndr_err_code ndr_pull_netr_DELTA_UNION(struct ndr_pull *ndr, int ndr break; } case NETR_DELTA_TRUSTED_DOMAIN: { - uint32_t _ptr_trusted_domain; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_trusted_domain)); if (_ptr_trusted_domain) { NDR_PULL_ALLOC(ndr, r->trusted_domain); @@ -4341,7 +4414,6 @@ static enum ndr_err_code ndr_pull_netr_DELTA_UNION(struct ndr_pull *ndr, int ndr break; } case NETR_DELTA_ACCOUNT: { - uint32_t _ptr_account; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_account)); if (_ptr_account) { NDR_PULL_ALLOC(ndr, r->account); @@ -4355,7 +4427,6 @@ static enum ndr_err_code ndr_pull_netr_DELTA_UNION(struct ndr_pull *ndr, int ndr break; } case NETR_DELTA_SECRET: { - uint32_t _ptr_secret; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_secret)); if (_ptr_secret) { NDR_PULL_ALLOC(ndr, r->secret); @@ -4369,7 +4440,6 @@ static enum ndr_err_code ndr_pull_netr_DELTA_UNION(struct ndr_pull *ndr, int ndr break; } case NETR_DELTA_DELETE_GROUP2: { - uint32_t _ptr_delete_group; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_delete_group)); if (_ptr_delete_group) { NDR_PULL_ALLOC(ndr, r->delete_group); @@ -4379,7 +4449,6 @@ static enum ndr_err_code ndr_pull_netr_DELTA_UNION(struct ndr_pull *ndr, int ndr break; } case NETR_DELTA_DELETE_USER2: { - uint32_t _ptr_delete_user; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_delete_user)); if (_ptr_delete_user) { NDR_PULL_ALLOC(ndr, r->delete_user); @@ -4389,7 +4458,6 @@ static enum ndr_err_code ndr_pull_netr_DELTA_UNION(struct ndr_pull *ndr, int ndr break; } case NETR_DELTA_MODIFY_COUNT: { - uint32_t _ptr_modified_count; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_modified_count)); if (_ptr_modified_count) { NDR_PULL_ALLOC(ndr, r->modified_count); @@ -4954,7 +5022,11 @@ static enum ndr_err_code ndr_pull_netr_DELTA_ID_UNION(struct ndr_pull *ndr, int int level; uint16_t _level; TALLOC_CTX *_mem_save_sid_0; + uint32_t _ptr_sid; TALLOC_CTX *_mem_save_name_0; + uint32_t _ptr_name; + uint32_t size_name_1 = 0; + uint32_t length_name_1 = 0; level = ndr_pull_get_switch_value(ndr, r); if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, &_level)); @@ -5011,7 +5083,6 @@ static enum ndr_err_code ndr_pull_netr_DELTA_ID_UNION(struct ndr_pull *ndr, int break; } case NETR_DELTA_POLICY: { - uint32_t _ptr_sid; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_sid)); if (_ptr_sid) { NDR_PULL_ALLOC(ndr, r->sid); @@ -5021,7 +5092,6 @@ static enum ndr_err_code ndr_pull_netr_DELTA_ID_UNION(struct ndr_pull *ndr, int break; } case NETR_DELTA_TRUSTED_DOMAIN: { - uint32_t _ptr_sid; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_sid)); if (_ptr_sid) { NDR_PULL_ALLOC(ndr, r->sid); @@ -5031,7 +5101,6 @@ static enum ndr_err_code ndr_pull_netr_DELTA_ID_UNION(struct ndr_pull *ndr, int break; } case NETR_DELTA_DELETE_TRUST: { - uint32_t _ptr_sid; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_sid)); if (_ptr_sid) { NDR_PULL_ALLOC(ndr, r->sid); @@ -5041,7 +5110,6 @@ static enum ndr_err_code ndr_pull_netr_DELTA_ID_UNION(struct ndr_pull *ndr, int break; } case NETR_DELTA_ACCOUNT: { - uint32_t _ptr_sid; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_sid)); if (_ptr_sid) { NDR_PULL_ALLOC(ndr, r->sid); @@ -5051,7 +5119,6 @@ static enum ndr_err_code ndr_pull_netr_DELTA_ID_UNION(struct ndr_pull *ndr, int break; } case NETR_DELTA_DELETE_ACCOUNT: { - uint32_t _ptr_sid; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_sid)); if (_ptr_sid) { NDR_PULL_ALLOC(ndr, r->sid); @@ -5061,7 +5128,6 @@ static enum ndr_err_code ndr_pull_netr_DELTA_ID_UNION(struct ndr_pull *ndr, int break; } case NETR_DELTA_SECRET: { - uint32_t _ptr_name; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_name)); if (_ptr_name) { NDR_PULL_ALLOC(ndr, r->name); @@ -5071,7 +5137,6 @@ static enum ndr_err_code ndr_pull_netr_DELTA_ID_UNION(struct ndr_pull *ndr, int break; } case NETR_DELTA_DELETE_SECRET: { - uint32_t _ptr_name; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_name)); if (_ptr_name) { NDR_PULL_ALLOC(ndr, r->name); @@ -5184,11 +5249,13 @@ static enum ndr_err_code ndr_pull_netr_DELTA_ID_UNION(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->name)); - if (ndr_get_array_length(ndr, &r->name) > ndr_get_array_size(ndr, &r->name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->name), ndr_get_array_length(ndr, &r->name)); + size_name_1 = ndr_get_array_size(ndr, &r->name); + length_name_1 = ndr_get_array_length(ndr, &r->name); + if (length_name_1 > size_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_name_1, length_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->name, ndr_get_array_length(ndr, &r->name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->name, length_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_name_0, 0); } break; @@ -5199,11 +5266,13 @@ static enum ndr_err_code ndr_pull_netr_DELTA_ID_UNION(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->name)); - if (ndr_get_array_length(ndr, &r->name) > ndr_get_array_size(ndr, &r->name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->name), ndr_get_array_length(ndr, &r->name)); + size_name_1 = ndr_get_array_size(ndr, &r->name); + length_name_1 = ndr_get_array_length(ndr, &r->name); + if (length_name_1 > size_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_name_1, length_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->name, ndr_get_array_length(ndr, &r->name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->name, length_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_name_0, 0); } break; @@ -5428,6 +5497,7 @@ static enum ndr_err_code ndr_push_netr_DELTA_ENUM_ARRAY(struct ndr_push *ndr, in static enum ndr_err_code ndr_pull_netr_DELTA_ENUM_ARRAY(struct ndr_pull *ndr, int ndr_flags, struct netr_DELTA_ENUM_ARRAY *r) { uint32_t _ptr_delta_enum; + uint32_t size_delta_enum_1 = 0; uint32_t cntr_delta_enum_1; TALLOC_CTX *_mem_save_delta_enum_0; TALLOC_CTX *_mem_save_delta_enum_1; @@ -5446,13 +5516,14 @@ static enum ndr_err_code ndr_pull_netr_DELTA_ENUM_ARRAY(struct ndr_pull *ndr, in _mem_save_delta_enum_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->delta_enum, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->delta_enum)); - NDR_PULL_ALLOC_N(ndr, r->delta_enum, ndr_get_array_size(ndr, &r->delta_enum)); + size_delta_enum_1 = ndr_get_array_size(ndr, &r->delta_enum); + NDR_PULL_ALLOC_N(ndr, r->delta_enum, size_delta_enum_1); _mem_save_delta_enum_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->delta_enum, 0); - for (cntr_delta_enum_1 = 0; cntr_delta_enum_1 < r->num_deltas; cntr_delta_enum_1++) { + for (cntr_delta_enum_1 = 0; cntr_delta_enum_1 < size_delta_enum_1; cntr_delta_enum_1++) { NDR_CHECK(ndr_pull_netr_DELTA_ENUM(ndr, NDR_SCALARS, &r->delta_enum[cntr_delta_enum_1])); } - for (cntr_delta_enum_1 = 0; cntr_delta_enum_1 < r->num_deltas; cntr_delta_enum_1++) { + for (cntr_delta_enum_1 = 0; cntr_delta_enum_1 < size_delta_enum_1; cntr_delta_enum_1++) { NDR_CHECK(ndr_pull_netr_DELTA_ENUM(ndr, NDR_BUFFERS, &r->delta_enum[cntr_delta_enum_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_delta_enum_1, 0); @@ -5509,12 +5580,14 @@ static enum ndr_err_code ndr_push_netr_UAS_INFO_0(struct ndr_push *ndr, int ndr_ static enum ndr_err_code ndr_pull_netr_UAS_INFO_0(struct ndr_pull *ndr, int ndr_flags, struct netr_UAS_INFO_0 *r) { + uint32_t size_computer_name_0 = 0; { uint32_t _flags_save_STRUCT = ndr->flags; ndr_set_flags(&ndr->flags, LIBNDR_PRINT_ARRAY_HEX); if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); - NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->computer_name, 16)); + size_computer_name_0 = 16; + NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->computer_name, size_computer_name_0)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->timecreated)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->serial_number)); } @@ -5660,6 +5733,8 @@ static enum ndr_err_code ndr_push_netr_NETLOGON_INFO_2(struct ndr_push *ndr, int static enum ndr_err_code ndr_pull_netr_NETLOGON_INFO_2(struct ndr_pull *ndr, int ndr_flags, struct netr_NETLOGON_INFO_2 *r) { uint32_t _ptr_trusted_dc_name; + uint32_t size_trusted_dc_name_1 = 0; + uint32_t length_trusted_dc_name_1 = 0; TALLOC_CTX *_mem_save_trusted_dc_name_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); @@ -5679,11 +5754,13 @@ static enum ndr_err_code ndr_pull_netr_NETLOGON_INFO_2(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->trusted_dc_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->trusted_dc_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->trusted_dc_name)); - if (ndr_get_array_length(ndr, &r->trusted_dc_name) > ndr_get_array_size(ndr, &r->trusted_dc_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->trusted_dc_name), ndr_get_array_length(ndr, &r->trusted_dc_name)); + size_trusted_dc_name_1 = ndr_get_array_size(ndr, &r->trusted_dc_name); + length_trusted_dc_name_1 = ndr_get_array_length(ndr, &r->trusted_dc_name); + if (length_trusted_dc_name_1 > size_trusted_dc_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_trusted_dc_name_1, length_trusted_dc_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->trusted_dc_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->trusted_dc_name, ndr_get_array_length(ndr, &r->trusted_dc_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_trusted_dc_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->trusted_dc_name, length_trusted_dc_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_trusted_dc_name_0, 0); } } @@ -5781,8 +5858,12 @@ static enum ndr_err_code ndr_push_netr_NETLOGON_INFO_4(struct ndr_push *ndr, int static enum ndr_err_code ndr_pull_netr_NETLOGON_INFO_4(struct ndr_pull *ndr, int ndr_flags, struct netr_NETLOGON_INFO_4 *r) { uint32_t _ptr_trusted_dc_name; + uint32_t size_trusted_dc_name_1 = 0; + uint32_t length_trusted_dc_name_1 = 0; TALLOC_CTX *_mem_save_trusted_dc_name_0; uint32_t _ptr_trusted_domain_name; + uint32_t size_trusted_domain_name_1 = 0; + uint32_t length_trusted_domain_name_1 = 0; TALLOC_CTX *_mem_save_trusted_domain_name_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); @@ -5805,11 +5886,13 @@ static enum ndr_err_code ndr_pull_netr_NETLOGON_INFO_4(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->trusted_dc_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->trusted_dc_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->trusted_dc_name)); - if (ndr_get_array_length(ndr, &r->trusted_dc_name) > ndr_get_array_size(ndr, &r->trusted_dc_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->trusted_dc_name), ndr_get_array_length(ndr, &r->trusted_dc_name)); + size_trusted_dc_name_1 = ndr_get_array_size(ndr, &r->trusted_dc_name); + length_trusted_dc_name_1 = ndr_get_array_length(ndr, &r->trusted_dc_name); + if (length_trusted_dc_name_1 > size_trusted_dc_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_trusted_dc_name_1, length_trusted_dc_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->trusted_dc_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->trusted_dc_name, ndr_get_array_length(ndr, &r->trusted_dc_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_trusted_dc_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->trusted_dc_name, length_trusted_dc_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_trusted_dc_name_0, 0); } if (r->trusted_domain_name) { @@ -5817,11 +5900,13 @@ static enum ndr_err_code ndr_pull_netr_NETLOGON_INFO_4(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->trusted_domain_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->trusted_domain_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->trusted_domain_name)); - if (ndr_get_array_length(ndr, &r->trusted_domain_name) > ndr_get_array_size(ndr, &r->trusted_domain_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->trusted_domain_name), ndr_get_array_length(ndr, &r->trusted_domain_name)); + size_trusted_domain_name_1 = ndr_get_array_size(ndr, &r->trusted_domain_name); + length_trusted_domain_name_1 = ndr_get_array_length(ndr, &r->trusted_domain_name); + if (length_trusted_domain_name_1 > size_trusted_domain_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_trusted_domain_name_1, length_trusted_domain_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->trusted_domain_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->trusted_domain_name, ndr_get_array_length(ndr, &r->trusted_domain_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_trusted_domain_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->trusted_domain_name, length_trusted_domain_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_trusted_domain_name_0, 0); } } @@ -5912,9 +5997,13 @@ static enum ndr_err_code ndr_pull_netr_CONTROL_QUERY_INFORMATION(struct ndr_pull int level; uint32_t _level; TALLOC_CTX *_mem_save_info1_0; + uint32_t _ptr_info1; TALLOC_CTX *_mem_save_info2_0; + uint32_t _ptr_info2; TALLOC_CTX *_mem_save_info3_0; + uint32_t _ptr_info3; TALLOC_CTX *_mem_save_info4_0; + uint32_t _ptr_info4; level = ndr_pull_get_switch_value(ndr, r); if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &_level)); @@ -5923,7 +6012,6 @@ static enum ndr_err_code ndr_pull_netr_CONTROL_QUERY_INFORMATION(struct ndr_pull } switch (level) { case 1: { - uint32_t _ptr_info1; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info1)); if (_ptr_info1) { NDR_PULL_ALLOC(ndr, r->info1); @@ -5933,7 +6021,6 @@ static enum ndr_err_code ndr_pull_netr_CONTROL_QUERY_INFORMATION(struct ndr_pull break; } case 2: { - uint32_t _ptr_info2; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info2)); if (_ptr_info2) { NDR_PULL_ALLOC(ndr, r->info2); @@ -5943,7 +6030,6 @@ static enum ndr_err_code ndr_pull_netr_CONTROL_QUERY_INFORMATION(struct ndr_pull break; } case 3: { - uint32_t _ptr_info3; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info3)); if (_ptr_info3) { NDR_PULL_ALLOC(ndr, r->info3); @@ -5953,7 +6039,6 @@ static enum ndr_err_code ndr_pull_netr_CONTROL_QUERY_INFORMATION(struct ndr_pull break; } case 4: { - uint32_t _ptr_info4; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info4)); if (_ptr_info4) { NDR_PULL_ALLOC(ndr, r->info4); @@ -6207,7 +6292,13 @@ static enum ndr_err_code ndr_pull_netr_CONTROL_DATA_INFORMATION(struct ndr_pull int level; uint32_t _level; TALLOC_CTX *_mem_save_domain_0; + uint32_t _ptr_domain; + uint32_t size_domain_1 = 0; + uint32_t length_domain_1 = 0; TALLOC_CTX *_mem_save_user_0; + uint32_t _ptr_user; + uint32_t size_user_1 = 0; + uint32_t length_user_1 = 0; level = ndr_pull_get_switch_value(ndr, r); if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &_level)); @@ -6216,7 +6307,6 @@ static enum ndr_err_code ndr_pull_netr_CONTROL_DATA_INFORMATION(struct ndr_pull } switch (level) { case NETLOGON_CONTROL_REDISCOVER: { - uint32_t _ptr_domain; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_domain)); if (_ptr_domain) { NDR_PULL_ALLOC(ndr, r->domain); @@ -6226,7 +6316,6 @@ static enum ndr_err_code ndr_pull_netr_CONTROL_DATA_INFORMATION(struct ndr_pull break; } case NETLOGON_CONTROL_TC_QUERY: { - uint32_t _ptr_domain; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_domain)); if (_ptr_domain) { NDR_PULL_ALLOC(ndr, r->domain); @@ -6236,7 +6325,6 @@ static enum ndr_err_code ndr_pull_netr_CONTROL_DATA_INFORMATION(struct ndr_pull break; } case NETLOGON_CONTROL_TRANSPORT_NOTIFY: { - uint32_t _ptr_domain; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_domain)); if (_ptr_domain) { NDR_PULL_ALLOC(ndr, r->domain); @@ -6246,7 +6334,6 @@ static enum ndr_err_code ndr_pull_netr_CONTROL_DATA_INFORMATION(struct ndr_pull break; } case NETLOGON_CONTROL_CHANGE_PASSWORD: { - uint32_t _ptr_domain; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_domain)); if (_ptr_domain) { NDR_PULL_ALLOC(ndr, r->domain); @@ -6256,7 +6343,6 @@ static enum ndr_err_code ndr_pull_netr_CONTROL_DATA_INFORMATION(struct ndr_pull break; } case NETLOGON_CONTROL_TC_VERIFY: { - uint32_t _ptr_domain; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_domain)); if (_ptr_domain) { NDR_PULL_ALLOC(ndr, r->domain); @@ -6266,7 +6352,6 @@ static enum ndr_err_code ndr_pull_netr_CONTROL_DATA_INFORMATION(struct ndr_pull break; } case NETLOGON_CONTROL_FIND_USER: { - uint32_t _ptr_user; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_user)); if (_ptr_user) { NDR_PULL_ALLOC(ndr, r->user); @@ -6291,11 +6376,13 @@ static enum ndr_err_code ndr_pull_netr_CONTROL_DATA_INFORMATION(struct ndr_pull NDR_PULL_SET_MEM_CTX(ndr, r->domain, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->domain)); NDR_CHECK(ndr_pull_array_length(ndr, &r->domain)); - if (ndr_get_array_length(ndr, &r->domain) > ndr_get_array_size(ndr, &r->domain)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->domain), ndr_get_array_length(ndr, &r->domain)); + size_domain_1 = ndr_get_array_size(ndr, &r->domain); + length_domain_1 = ndr_get_array_length(ndr, &r->domain); + if (length_domain_1 > size_domain_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_domain_1, length_domain_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->domain), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->domain, ndr_get_array_length(ndr, &r->domain), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_domain_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->domain, length_domain_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_domain_0, 0); } break; @@ -6306,11 +6393,13 @@ static enum ndr_err_code ndr_pull_netr_CONTROL_DATA_INFORMATION(struct ndr_pull NDR_PULL_SET_MEM_CTX(ndr, r->domain, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->domain)); NDR_CHECK(ndr_pull_array_length(ndr, &r->domain)); - if (ndr_get_array_length(ndr, &r->domain) > ndr_get_array_size(ndr, &r->domain)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->domain), ndr_get_array_length(ndr, &r->domain)); + size_domain_1 = ndr_get_array_size(ndr, &r->domain); + length_domain_1 = ndr_get_array_length(ndr, &r->domain); + if (length_domain_1 > size_domain_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_domain_1, length_domain_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->domain), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->domain, ndr_get_array_length(ndr, &r->domain), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_domain_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->domain, length_domain_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_domain_0, 0); } break; @@ -6321,11 +6410,13 @@ static enum ndr_err_code ndr_pull_netr_CONTROL_DATA_INFORMATION(struct ndr_pull NDR_PULL_SET_MEM_CTX(ndr, r->domain, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->domain)); NDR_CHECK(ndr_pull_array_length(ndr, &r->domain)); - if (ndr_get_array_length(ndr, &r->domain) > ndr_get_array_size(ndr, &r->domain)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->domain), ndr_get_array_length(ndr, &r->domain)); + size_domain_1 = ndr_get_array_size(ndr, &r->domain); + length_domain_1 = ndr_get_array_length(ndr, &r->domain); + if (length_domain_1 > size_domain_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_domain_1, length_domain_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->domain), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->domain, ndr_get_array_length(ndr, &r->domain), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_domain_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->domain, length_domain_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_domain_0, 0); } break; @@ -6336,11 +6427,13 @@ static enum ndr_err_code ndr_pull_netr_CONTROL_DATA_INFORMATION(struct ndr_pull NDR_PULL_SET_MEM_CTX(ndr, r->domain, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->domain)); NDR_CHECK(ndr_pull_array_length(ndr, &r->domain)); - if (ndr_get_array_length(ndr, &r->domain) > ndr_get_array_size(ndr, &r->domain)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->domain), ndr_get_array_length(ndr, &r->domain)); + size_domain_1 = ndr_get_array_size(ndr, &r->domain); + length_domain_1 = ndr_get_array_length(ndr, &r->domain); + if (length_domain_1 > size_domain_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_domain_1, length_domain_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->domain), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->domain, ndr_get_array_length(ndr, &r->domain), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_domain_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->domain, length_domain_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_domain_0, 0); } break; @@ -6351,11 +6444,13 @@ static enum ndr_err_code ndr_pull_netr_CONTROL_DATA_INFORMATION(struct ndr_pull NDR_PULL_SET_MEM_CTX(ndr, r->domain, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->domain)); NDR_CHECK(ndr_pull_array_length(ndr, &r->domain)); - if (ndr_get_array_length(ndr, &r->domain) > ndr_get_array_size(ndr, &r->domain)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->domain), ndr_get_array_length(ndr, &r->domain)); + size_domain_1 = ndr_get_array_size(ndr, &r->domain); + length_domain_1 = ndr_get_array_length(ndr, &r->domain); + if (length_domain_1 > size_domain_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_domain_1, length_domain_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->domain), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->domain, ndr_get_array_length(ndr, &r->domain), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_domain_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->domain, length_domain_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_domain_0, 0); } break; @@ -6366,11 +6461,13 @@ static enum ndr_err_code ndr_pull_netr_CONTROL_DATA_INFORMATION(struct ndr_pull NDR_PULL_SET_MEM_CTX(ndr, r->user, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->user)); NDR_CHECK(ndr_pull_array_length(ndr, &r->user)); - if (ndr_get_array_length(ndr, &r->user) > ndr_get_array_size(ndr, &r->user)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->user), ndr_get_array_length(ndr, &r->user)); + size_user_1 = ndr_get_array_size(ndr, &r->user); + length_user_1 = ndr_get_array_length(ndr, &r->user); + if (length_user_1 > size_user_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_user_1, length_user_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->user), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->user, ndr_get_array_length(ndr, &r->user), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_user_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->user, length_user_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_user_0, 0); } break; @@ -6703,6 +6800,7 @@ static enum ndr_err_code ndr_push_netr_Blob(struct ndr_push *ndr, int ndr_flags, static enum ndr_err_code ndr_pull_netr_Blob(struct ndr_pull *ndr, int ndr_flags, struct netr_Blob *r) { uint32_t _ptr_data; + uint32_t size_data_1 = 0; TALLOC_CTX *_mem_save_data_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); @@ -6719,8 +6817,9 @@ static enum ndr_err_code ndr_pull_netr_Blob(struct ndr_pull *ndr, int ndr_flags, _mem_save_data_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->data, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->data)); - NDR_PULL_ALLOC_N(ndr, r->data, ndr_get_array_size(ndr, &r->data)); - NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->data, ndr_get_array_size(ndr, &r->data))); + size_data_1 = ndr_get_array_size(ndr, &r->data); + NDR_PULL_ALLOC_N(ndr, r->data, size_data_1); + NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->data, size_data_1)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_data_0, 0); } if (r->data) { @@ -6903,16 +7002,28 @@ _PUBLIC_ enum ndr_err_code ndr_push_netr_DsRGetDCNameInfo(struct ndr_push *ndr, _PUBLIC_ enum ndr_err_code ndr_pull_netr_DsRGetDCNameInfo(struct ndr_pull *ndr, int ndr_flags, struct netr_DsRGetDCNameInfo *r) { uint32_t _ptr_dc_unc; + uint32_t size_dc_unc_1 = 0; + uint32_t length_dc_unc_1 = 0; TALLOC_CTX *_mem_save_dc_unc_0; uint32_t _ptr_dc_address; + uint32_t size_dc_address_1 = 0; + uint32_t length_dc_address_1 = 0; TALLOC_CTX *_mem_save_dc_address_0; uint32_t _ptr_domain_name; + uint32_t size_domain_name_1 = 0; + uint32_t length_domain_name_1 = 0; TALLOC_CTX *_mem_save_domain_name_0; uint32_t _ptr_forest_name; + uint32_t size_forest_name_1 = 0; + uint32_t length_forest_name_1 = 0; TALLOC_CTX *_mem_save_forest_name_0; uint32_t _ptr_dc_site_name; + uint32_t size_dc_site_name_1 = 0; + uint32_t length_dc_site_name_1 = 0; TALLOC_CTX *_mem_save_dc_site_name_0; uint32_t _ptr_client_site_name; + uint32_t size_client_site_name_1 = 0; + uint32_t length_client_site_name_1 = 0; TALLOC_CTX *_mem_save_client_site_name_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); @@ -6962,11 +7073,13 @@ _PUBLIC_ enum ndr_err_code ndr_pull_netr_DsRGetDCNameInfo(struct ndr_pull *ndr, NDR_PULL_SET_MEM_CTX(ndr, r->dc_unc, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->dc_unc)); NDR_CHECK(ndr_pull_array_length(ndr, &r->dc_unc)); - if (ndr_get_array_length(ndr, &r->dc_unc) > ndr_get_array_size(ndr, &r->dc_unc)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->dc_unc), ndr_get_array_length(ndr, &r->dc_unc)); + size_dc_unc_1 = ndr_get_array_size(ndr, &r->dc_unc); + length_dc_unc_1 = ndr_get_array_length(ndr, &r->dc_unc); + if (length_dc_unc_1 > size_dc_unc_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_dc_unc_1, length_dc_unc_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->dc_unc), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->dc_unc, ndr_get_array_length(ndr, &r->dc_unc), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_dc_unc_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->dc_unc, length_dc_unc_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_dc_unc_0, 0); } if (r->dc_address) { @@ -6974,11 +7087,13 @@ _PUBLIC_ enum ndr_err_code ndr_pull_netr_DsRGetDCNameInfo(struct ndr_pull *ndr, NDR_PULL_SET_MEM_CTX(ndr, r->dc_address, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->dc_address)); NDR_CHECK(ndr_pull_array_length(ndr, &r->dc_address)); - if (ndr_get_array_length(ndr, &r->dc_address) > ndr_get_array_size(ndr, &r->dc_address)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->dc_address), ndr_get_array_length(ndr, &r->dc_address)); + size_dc_address_1 = ndr_get_array_size(ndr, &r->dc_address); + length_dc_address_1 = ndr_get_array_length(ndr, &r->dc_address); + if (length_dc_address_1 > size_dc_address_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_dc_address_1, length_dc_address_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->dc_address), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->dc_address, ndr_get_array_length(ndr, &r->dc_address), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_dc_address_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->dc_address, length_dc_address_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_dc_address_0, 0); } if (r->domain_name) { @@ -6986,11 +7101,13 @@ _PUBLIC_ enum ndr_err_code ndr_pull_netr_DsRGetDCNameInfo(struct ndr_pull *ndr, NDR_PULL_SET_MEM_CTX(ndr, r->domain_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->domain_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->domain_name)); - if (ndr_get_array_length(ndr, &r->domain_name) > ndr_get_array_size(ndr, &r->domain_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->domain_name), ndr_get_array_length(ndr, &r->domain_name)); + size_domain_name_1 = ndr_get_array_size(ndr, &r->domain_name); + length_domain_name_1 = ndr_get_array_length(ndr, &r->domain_name); + if (length_domain_name_1 > size_domain_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_domain_name_1, length_domain_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->domain_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->domain_name, ndr_get_array_length(ndr, &r->domain_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_domain_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->domain_name, length_domain_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_domain_name_0, 0); } if (r->forest_name) { @@ -6998,11 +7115,13 @@ _PUBLIC_ enum ndr_err_code ndr_pull_netr_DsRGetDCNameInfo(struct ndr_pull *ndr, NDR_PULL_SET_MEM_CTX(ndr, r->forest_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->forest_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->forest_name)); - if (ndr_get_array_length(ndr, &r->forest_name) > ndr_get_array_size(ndr, &r->forest_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->forest_name), ndr_get_array_length(ndr, &r->forest_name)); + size_forest_name_1 = ndr_get_array_size(ndr, &r->forest_name); + length_forest_name_1 = ndr_get_array_length(ndr, &r->forest_name); + if (length_forest_name_1 > size_forest_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_forest_name_1, length_forest_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->forest_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->forest_name, ndr_get_array_length(ndr, &r->forest_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_forest_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->forest_name, length_forest_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_forest_name_0, 0); } if (r->dc_site_name) { @@ -7010,11 +7129,13 @@ _PUBLIC_ enum ndr_err_code ndr_pull_netr_DsRGetDCNameInfo(struct ndr_pull *ndr, NDR_PULL_SET_MEM_CTX(ndr, r->dc_site_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->dc_site_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->dc_site_name)); - if (ndr_get_array_length(ndr, &r->dc_site_name) > ndr_get_array_size(ndr, &r->dc_site_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->dc_site_name), ndr_get_array_length(ndr, &r->dc_site_name)); + size_dc_site_name_1 = ndr_get_array_size(ndr, &r->dc_site_name); + length_dc_site_name_1 = ndr_get_array_length(ndr, &r->dc_site_name); + if (length_dc_site_name_1 > size_dc_site_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_dc_site_name_1, length_dc_site_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->dc_site_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->dc_site_name, ndr_get_array_length(ndr, &r->dc_site_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_dc_site_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->dc_site_name, length_dc_site_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_dc_site_name_0, 0); } if (r->client_site_name) { @@ -7022,11 +7143,13 @@ _PUBLIC_ enum ndr_err_code ndr_pull_netr_DsRGetDCNameInfo(struct ndr_pull *ndr, NDR_PULL_SET_MEM_CTX(ndr, r->client_site_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->client_site_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->client_site_name)); - if (ndr_get_array_length(ndr, &r->client_site_name) > ndr_get_array_size(ndr, &r->client_site_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->client_site_name), ndr_get_array_length(ndr, &r->client_site_name)); + size_client_site_name_1 = ndr_get_array_size(ndr, &r->client_site_name); + length_client_site_name_1 = ndr_get_array_length(ndr, &r->client_site_name); + if (length_client_site_name_1 > size_client_site_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_client_site_name_1, length_client_site_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->client_site_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->client_site_name, ndr_get_array_length(ndr, &r->client_site_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_client_site_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->client_site_name, length_client_site_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_client_site_name_0, 0); } } @@ -7250,17 +7373,30 @@ static enum ndr_err_code ndr_push_netr_DomainQuery1(struct ndr_push *ndr, int nd static enum ndr_err_code ndr_pull_netr_DomainQuery1(struct ndr_pull *ndr, int ndr_flags, struct netr_DomainQuery1 *r) { uint32_t _ptr_workstation_domain; + uint32_t size_workstation_domain_1 = 0; + uint32_t length_workstation_domain_1 = 0; TALLOC_CTX *_mem_save_workstation_domain_0; uint32_t _ptr_workstation_site; + uint32_t size_workstation_site_1 = 0; + uint32_t length_workstation_site_1 = 0; TALLOC_CTX *_mem_save_workstation_site_0; uint32_t _ptr_unknown1; + uint32_t size_unknown1_1 = 0; + uint32_t length_unknown1_1 = 0; TALLOC_CTX *_mem_save_unknown1_0; uint32_t _ptr_unknown2; + uint32_t size_unknown2_1 = 0; + uint32_t length_unknown2_1 = 0; TALLOC_CTX *_mem_save_unknown2_0; uint32_t _ptr_unknown3; + uint32_t size_unknown3_1 = 0; + uint32_t length_unknown3_1 = 0; TALLOC_CTX *_mem_save_unknown3_0; uint32_t _ptr_unknown4; + uint32_t size_unknown4_1 = 0; + uint32_t length_unknown4_1 = 0; TALLOC_CTX *_mem_save_unknown4_0; + uint32_t size_unknown7_0 = 0; uint32_t cntr_unknown7_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); @@ -7305,7 +7441,8 @@ static enum ndr_err_code ndr_pull_netr_DomainQuery1(struct ndr_pull *ndr, int nd NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_SCALARS, &r->product)); NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_SCALARS, &r->unknown5)); NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_SCALARS, &r->unknown6)); - for (cntr_unknown7_0 = 0; cntr_unknown7_0 < 4; cntr_unknown7_0++) { + size_unknown7_0 = 4; + for (cntr_unknown7_0 = 0; cntr_unknown7_0 < size_unknown7_0; cntr_unknown7_0++) { NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->unknown7[cntr_unknown7_0])); } } @@ -7316,11 +7453,13 @@ static enum ndr_err_code ndr_pull_netr_DomainQuery1(struct ndr_pull *ndr, int nd NDR_PULL_SET_MEM_CTX(ndr, r->workstation_domain, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->workstation_domain)); NDR_CHECK(ndr_pull_array_length(ndr, &r->workstation_domain)); - if (ndr_get_array_length(ndr, &r->workstation_domain) > ndr_get_array_size(ndr, &r->workstation_domain)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->workstation_domain), ndr_get_array_length(ndr, &r->workstation_domain)); + size_workstation_domain_1 = ndr_get_array_size(ndr, &r->workstation_domain); + length_workstation_domain_1 = ndr_get_array_length(ndr, &r->workstation_domain); + if (length_workstation_domain_1 > size_workstation_domain_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_workstation_domain_1, length_workstation_domain_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->workstation_domain), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->workstation_domain, ndr_get_array_length(ndr, &r->workstation_domain), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_workstation_domain_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->workstation_domain, length_workstation_domain_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_workstation_domain_0, 0); } if (r->workstation_site) { @@ -7328,11 +7467,13 @@ static enum ndr_err_code ndr_pull_netr_DomainQuery1(struct ndr_pull *ndr, int nd NDR_PULL_SET_MEM_CTX(ndr, r->workstation_site, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->workstation_site)); NDR_CHECK(ndr_pull_array_length(ndr, &r->workstation_site)); - if (ndr_get_array_length(ndr, &r->workstation_site) > ndr_get_array_size(ndr, &r->workstation_site)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->workstation_site), ndr_get_array_length(ndr, &r->workstation_site)); + size_workstation_site_1 = ndr_get_array_size(ndr, &r->workstation_site); + length_workstation_site_1 = ndr_get_array_length(ndr, &r->workstation_site); + if (length_workstation_site_1 > size_workstation_site_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_workstation_site_1, length_workstation_site_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->workstation_site), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->workstation_site, ndr_get_array_length(ndr, &r->workstation_site), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_workstation_site_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->workstation_site, length_workstation_site_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_workstation_site_0, 0); } if (r->unknown1) { @@ -7340,11 +7481,13 @@ static enum ndr_err_code ndr_pull_netr_DomainQuery1(struct ndr_pull *ndr, int nd NDR_PULL_SET_MEM_CTX(ndr, r->unknown1, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->unknown1)); NDR_CHECK(ndr_pull_array_length(ndr, &r->unknown1)); - if (ndr_get_array_length(ndr, &r->unknown1) > ndr_get_array_size(ndr, &r->unknown1)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->unknown1), ndr_get_array_length(ndr, &r->unknown1)); + size_unknown1_1 = ndr_get_array_size(ndr, &r->unknown1); + length_unknown1_1 = ndr_get_array_length(ndr, &r->unknown1); + if (length_unknown1_1 > size_unknown1_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_unknown1_1, length_unknown1_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->unknown1), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->unknown1, ndr_get_array_length(ndr, &r->unknown1), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_unknown1_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->unknown1, length_unknown1_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_unknown1_0, 0); } if (r->unknown2) { @@ -7352,11 +7495,13 @@ static enum ndr_err_code ndr_pull_netr_DomainQuery1(struct ndr_pull *ndr, int nd NDR_PULL_SET_MEM_CTX(ndr, r->unknown2, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->unknown2)); NDR_CHECK(ndr_pull_array_length(ndr, &r->unknown2)); - if (ndr_get_array_length(ndr, &r->unknown2) > ndr_get_array_size(ndr, &r->unknown2)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->unknown2), ndr_get_array_length(ndr, &r->unknown2)); + size_unknown2_1 = ndr_get_array_size(ndr, &r->unknown2); + length_unknown2_1 = ndr_get_array_length(ndr, &r->unknown2); + if (length_unknown2_1 > size_unknown2_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_unknown2_1, length_unknown2_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->unknown2), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->unknown2, ndr_get_array_length(ndr, &r->unknown2), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_unknown2_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->unknown2, length_unknown2_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_unknown2_0, 0); } if (r->unknown3) { @@ -7364,11 +7509,13 @@ static enum ndr_err_code ndr_pull_netr_DomainQuery1(struct ndr_pull *ndr, int nd NDR_PULL_SET_MEM_CTX(ndr, r->unknown3, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->unknown3)); NDR_CHECK(ndr_pull_array_length(ndr, &r->unknown3)); - if (ndr_get_array_length(ndr, &r->unknown3) > ndr_get_array_size(ndr, &r->unknown3)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->unknown3), ndr_get_array_length(ndr, &r->unknown3)); + size_unknown3_1 = ndr_get_array_size(ndr, &r->unknown3); + length_unknown3_1 = ndr_get_array_length(ndr, &r->unknown3); + if (length_unknown3_1 > size_unknown3_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_unknown3_1, length_unknown3_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->unknown3), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->unknown3, ndr_get_array_length(ndr, &r->unknown3), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_unknown3_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->unknown3, length_unknown3_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_unknown3_0, 0); } if (r->unknown4) { @@ -7376,11 +7523,13 @@ static enum ndr_err_code ndr_pull_netr_DomainQuery1(struct ndr_pull *ndr, int nd NDR_PULL_SET_MEM_CTX(ndr, r->unknown4, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->unknown4)); NDR_CHECK(ndr_pull_array_length(ndr, &r->unknown4)); - if (ndr_get_array_length(ndr, &r->unknown4) > ndr_get_array_size(ndr, &r->unknown4)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->unknown4), ndr_get_array_length(ndr, &r->unknown4)); + size_unknown4_1 = ndr_get_array_size(ndr, &r->unknown4); + length_unknown4_1 = ndr_get_array_length(ndr, &r->unknown4); + if (length_unknown4_1 > size_unknown4_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_unknown4_1, length_unknown4_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->unknown4), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->unknown4, ndr_get_array_length(ndr, &r->unknown4), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_unknown4_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->unknown4, length_unknown4_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_unknown4_0, 0); } NDR_CHECK(ndr_pull_lsa_BinaryString(ndr, NDR_BUFFERS, &r->blob2)); @@ -7495,6 +7644,7 @@ static enum ndr_err_code ndr_pull_netr_DomainQuery(struct ndr_pull *ndr, int ndr int level; uint32_t _level; TALLOC_CTX *_mem_save_query1_0; + uint32_t _ptr_query1; level = ndr_pull_get_switch_value(ndr, r); if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &_level)); @@ -7503,7 +7653,6 @@ static enum ndr_err_code ndr_pull_netr_DomainQuery(struct ndr_pull *ndr, int ndr } switch (level) { case 1: { - uint32_t _ptr_query1; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_query1)); if (_ptr_query1) { NDR_PULL_ALLOC(ndr, r->query1); @@ -7513,7 +7662,6 @@ static enum ndr_err_code ndr_pull_netr_DomainQuery(struct ndr_pull *ndr, int ndr break; } case 2: { - uint32_t _ptr_query1; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_query1)); if (_ptr_query1) { NDR_PULL_ALLOC(ndr, r->query1); @@ -7725,7 +7873,9 @@ static enum ndr_err_code ndr_pull_netr_DomainTrustInfo(struct ndr_pull *ndr, int { uint32_t _ptr_sid; TALLOC_CTX *_mem_save_sid_0; + uint32_t size_dummystring_0 = 0; uint32_t cntr_dummystring_0; + uint32_t size_dummy_0 = 0; uint32_t cntr_dummy_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); @@ -7740,10 +7890,12 @@ static enum ndr_err_code ndr_pull_netr_DomainTrustInfo(struct ndr_pull *ndr, int r->sid = NULL; } NDR_CHECK(ndr_pull_netr_trust_extension_container(ndr, NDR_SCALARS, &r->trust_extension)); - for (cntr_dummystring_0 = 0; cntr_dummystring_0 < 3; cntr_dummystring_0++) { + size_dummystring_0 = 3; + for (cntr_dummystring_0 = 0; cntr_dummystring_0 < size_dummystring_0; cntr_dummystring_0++) { NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_SCALARS, &r->dummystring[cntr_dummystring_0])); } - for (cntr_dummy_0 = 0; cntr_dummy_0 < 4; cntr_dummy_0++) { + size_dummy_0 = 4; + for (cntr_dummy_0 = 0; cntr_dummy_0 < size_dummy_0; cntr_dummy_0++) { NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->dummy[cntr_dummy_0])); } } @@ -7758,7 +7910,8 @@ static enum ndr_err_code ndr_pull_netr_DomainTrustInfo(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, _mem_save_sid_0, 0); } NDR_CHECK(ndr_pull_netr_trust_extension_container(ndr, NDR_BUFFERS, &r->trust_extension)); - for (cntr_dummystring_0 = 0; cntr_dummystring_0 < 3; cntr_dummystring_0++) { + size_dummystring_0 = 3; + for (cntr_dummystring_0 = 0; cntr_dummystring_0 < size_dummystring_0; cntr_dummystring_0++) { NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_BUFFERS, &r->dummystring[cntr_dummystring_0])); } } @@ -7824,6 +7977,7 @@ static enum ndr_err_code ndr_push_netr_LsaPolicyInfo(struct ndr_push *ndr, int n static enum ndr_err_code ndr_pull_netr_LsaPolicyInfo(struct ndr_pull *ndr, int ndr_flags, struct netr_LsaPolicyInfo *r) { uint32_t _ptr_policy; + uint32_t size_policy_1 = 0; TALLOC_CTX *_mem_save_policy_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); @@ -7840,8 +7994,9 @@ static enum ndr_err_code ndr_pull_netr_LsaPolicyInfo(struct ndr_pull *ndr, int n _mem_save_policy_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->policy, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->policy)); - NDR_PULL_ALLOC_N(ndr, r->policy, ndr_get_array_size(ndr, &r->policy)); - NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->policy, ndr_get_array_size(ndr, &r->policy))); + size_policy_1 = ndr_get_array_size(ndr, &r->policy); + NDR_PULL_ALLOC_N(ndr, r->policy, size_policy_1); + NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->policy, size_policy_1)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_policy_0, 0); } if (r->policy) { @@ -7932,10 +8087,13 @@ static enum ndr_err_code ndr_push_netr_DomainInfo1(struct ndr_push *ndr, int ndr static enum ndr_err_code ndr_pull_netr_DomainInfo1(struct ndr_pull *ndr, int ndr_flags, struct netr_DomainInfo1 *r) { uint32_t _ptr_trusts; + uint32_t size_trusts_1 = 0; uint32_t cntr_trusts_1; TALLOC_CTX *_mem_save_trusts_0; TALLOC_CTX *_mem_save_trusts_1; + uint32_t size_dummystring_0 = 0; uint32_t cntr_dummystring_0; + uint32_t size_dummy_0 = 0; uint32_t cntr_dummy_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); @@ -7949,12 +8107,14 @@ static enum ndr_err_code ndr_pull_netr_DomainInfo1(struct ndr_pull *ndr, int ndr } NDR_CHECK(ndr_pull_netr_LsaPolicyInfo(ndr, NDR_SCALARS, &r->lsa_policy)); NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_SCALARS, &r->dns_hostname)); - for (cntr_dummystring_0 = 0; cntr_dummystring_0 < 3; cntr_dummystring_0++) { + size_dummystring_0 = 3; + for (cntr_dummystring_0 = 0; cntr_dummystring_0 < size_dummystring_0; cntr_dummystring_0++) { NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_SCALARS, &r->dummystring[cntr_dummystring_0])); } NDR_CHECK(ndr_pull_netr_WorkstationFlags(ndr, NDR_SCALARS, &r->workstation_flags)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->supported_enc_types)); - for (cntr_dummy_0 = 0; cntr_dummy_0 < 2; cntr_dummy_0++) { + size_dummy_0 = 2; + for (cntr_dummy_0 = 0; cntr_dummy_0 < size_dummy_0; cntr_dummy_0++) { NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->dummy[cntr_dummy_0])); } } @@ -7964,13 +8124,14 @@ static enum ndr_err_code ndr_pull_netr_DomainInfo1(struct ndr_pull *ndr, int ndr _mem_save_trusts_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->trusts, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->trusts)); - NDR_PULL_ALLOC_N(ndr, r->trusts, ndr_get_array_size(ndr, &r->trusts)); + size_trusts_1 = ndr_get_array_size(ndr, &r->trusts); + NDR_PULL_ALLOC_N(ndr, r->trusts, size_trusts_1); _mem_save_trusts_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->trusts, 0); - for (cntr_trusts_1 = 0; cntr_trusts_1 < r->num_trusts; cntr_trusts_1++) { + for (cntr_trusts_1 = 0; cntr_trusts_1 < size_trusts_1; cntr_trusts_1++) { NDR_CHECK(ndr_pull_netr_DomainTrustInfo(ndr, NDR_SCALARS, &r->trusts[cntr_trusts_1])); } - for (cntr_trusts_1 = 0; cntr_trusts_1 < r->num_trusts; cntr_trusts_1++) { + for (cntr_trusts_1 = 0; cntr_trusts_1 < size_trusts_1; cntr_trusts_1++) { NDR_CHECK(ndr_pull_netr_DomainTrustInfo(ndr, NDR_BUFFERS, &r->trusts[cntr_trusts_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_trusts_1, 0); @@ -7978,7 +8139,8 @@ static enum ndr_err_code ndr_pull_netr_DomainInfo1(struct ndr_pull *ndr, int ndr } NDR_CHECK(ndr_pull_netr_LsaPolicyInfo(ndr, NDR_BUFFERS, &r->lsa_policy)); NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_BUFFERS, &r->dns_hostname)); - for (cntr_dummystring_0 = 0; cntr_dummystring_0 < 3; cntr_dummystring_0++) { + size_dummystring_0 = 3; + for (cntr_dummystring_0 = 0; cntr_dummystring_0 < size_dummystring_0; cntr_dummystring_0++) { NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_BUFFERS, &r->dummystring[cntr_dummystring_0])); } if (r->trusts) { @@ -8084,7 +8246,9 @@ static enum ndr_err_code ndr_pull_netr_DomainInfo(struct ndr_pull *ndr, int ndr_ int level; uint32_t _level; TALLOC_CTX *_mem_save_info1_0; + uint32_t _ptr_info1; TALLOC_CTX *_mem_save_info2_0; + uint32_t _ptr_info2; level = ndr_pull_get_switch_value(ndr, r); if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &_level)); @@ -8093,7 +8257,6 @@ static enum ndr_err_code ndr_pull_netr_DomainInfo(struct ndr_pull *ndr, int ndr_ } switch (level) { case 1: { - uint32_t _ptr_info1; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info1)); if (_ptr_info1) { NDR_PULL_ALLOC(ndr, r->info1); @@ -8103,7 +8266,6 @@ static enum ndr_err_code ndr_pull_netr_DomainInfo(struct ndr_pull *ndr, int ndr_ break; } case 2: { - uint32_t _ptr_info2; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info2)); if (_ptr_info2) { NDR_PULL_ALLOC(ndr, r->info2); @@ -8191,12 +8353,14 @@ static enum ndr_err_code ndr_push_netr_CryptPassword(struct ndr_push *ndr, int n static enum ndr_err_code ndr_pull_netr_CryptPassword(struct ndr_pull *ndr, int ndr_flags, struct netr_CryptPassword *r) { + uint32_t size_data_0 = 0; { uint32_t _flags_save_STRUCT = ndr->flags; ndr_set_flags(&ndr->flags, LIBNDR_PRINT_ARRAY_HEX); if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); - NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->data, 512)); + size_data_0 = 512; + NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->data, size_data_0)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->length)); } if (ndr_flags & NDR_BUFFERS) { @@ -8245,6 +8409,7 @@ static enum ndr_err_code ndr_push_netr_DsRAddressToSitenamesWCtr(struct ndr_push static enum ndr_err_code ndr_pull_netr_DsRAddressToSitenamesWCtr(struct ndr_pull *ndr, int ndr_flags, struct netr_DsRAddressToSitenamesWCtr *r) { uint32_t _ptr_sitename; + uint32_t size_sitename_1 = 0; uint32_t cntr_sitename_1; TALLOC_CTX *_mem_save_sitename_0; TALLOC_CTX *_mem_save_sitename_1; @@ -8263,13 +8428,14 @@ static enum ndr_err_code ndr_pull_netr_DsRAddressToSitenamesWCtr(struct ndr_pull _mem_save_sitename_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->sitename, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->sitename)); - NDR_PULL_ALLOC_N(ndr, r->sitename, ndr_get_array_size(ndr, &r->sitename)); + size_sitename_1 = ndr_get_array_size(ndr, &r->sitename); + NDR_PULL_ALLOC_N(ndr, r->sitename, size_sitename_1); _mem_save_sitename_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->sitename, 0); - for (cntr_sitename_1 = 0; cntr_sitename_1 < r->count; cntr_sitename_1++) { + for (cntr_sitename_1 = 0; cntr_sitename_1 < size_sitename_1; cntr_sitename_1++) { NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_SCALARS, &r->sitename[cntr_sitename_1])); } - for (cntr_sitename_1 = 0; cntr_sitename_1 < r->count; cntr_sitename_1++) { + for (cntr_sitename_1 = 0; cntr_sitename_1 < size_sitename_1; cntr_sitename_1++) { NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_BUFFERS, &r->sitename[cntr_sitename_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_sitename_1, 0); @@ -8325,6 +8491,7 @@ static enum ndr_err_code ndr_push_netr_DsRAddress(struct ndr_push *ndr, int ndr_ static enum ndr_err_code ndr_pull_netr_DsRAddress(struct ndr_pull *ndr, int ndr_flags, struct netr_DsRAddress *r) { uint32_t _ptr_buffer; + uint32_t size_buffer_1 = 0; TALLOC_CTX *_mem_save_buffer_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); @@ -8341,8 +8508,9 @@ static enum ndr_err_code ndr_pull_netr_DsRAddress(struct ndr_pull *ndr, int ndr_ _mem_save_buffer_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->buffer, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->buffer)); - NDR_PULL_ALLOC_N(ndr, r->buffer, ndr_get_array_size(ndr, &r->buffer)); - NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->buffer, ndr_get_array_size(ndr, &r->buffer))); + size_buffer_1 = ndr_get_array_size(ndr, &r->buffer); + NDR_PULL_ALLOC_N(ndr, r->buffer, size_buffer_1); + NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->buffer, size_buffer_1)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_buffer_0, 0); } if (r->buffer) { @@ -8457,8 +8625,12 @@ static enum ndr_err_code ndr_push_netr_DomainTrust(struct ndr_push *ndr, int ndr static enum ndr_err_code ndr_pull_netr_DomainTrust(struct ndr_pull *ndr, int ndr_flags, struct netr_DomainTrust *r) { uint32_t _ptr_netbios_name; + uint32_t size_netbios_name_1 = 0; + uint32_t length_netbios_name_1 = 0; TALLOC_CTX *_mem_save_netbios_name_0; uint32_t _ptr_dns_name; + uint32_t size_dns_name_1 = 0; + uint32_t length_dns_name_1 = 0; TALLOC_CTX *_mem_save_dns_name_0; uint32_t _ptr_sid; TALLOC_CTX *_mem_save_sid_0; @@ -8494,11 +8666,13 @@ static enum ndr_err_code ndr_pull_netr_DomainTrust(struct ndr_pull *ndr, int ndr NDR_PULL_SET_MEM_CTX(ndr, r->netbios_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->netbios_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->netbios_name)); - if (ndr_get_array_length(ndr, &r->netbios_name) > ndr_get_array_size(ndr, &r->netbios_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->netbios_name), ndr_get_array_length(ndr, &r->netbios_name)); + size_netbios_name_1 = ndr_get_array_size(ndr, &r->netbios_name); + length_netbios_name_1 = ndr_get_array_length(ndr, &r->netbios_name); + if (length_netbios_name_1 > size_netbios_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_netbios_name_1, length_netbios_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->netbios_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->netbios_name, ndr_get_array_length(ndr, &r->netbios_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_netbios_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->netbios_name, length_netbios_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_netbios_name_0, 0); } if (r->dns_name) { @@ -8506,11 +8680,13 @@ static enum ndr_err_code ndr_pull_netr_DomainTrust(struct ndr_pull *ndr, int ndr NDR_PULL_SET_MEM_CTX(ndr, r->dns_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->dns_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->dns_name)); - if (ndr_get_array_length(ndr, &r->dns_name) > ndr_get_array_size(ndr, &r->dns_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->dns_name), ndr_get_array_length(ndr, &r->dns_name)); + size_dns_name_1 = ndr_get_array_size(ndr, &r->dns_name); + length_dns_name_1 = ndr_get_array_length(ndr, &r->dns_name); + if (length_dns_name_1 > size_dns_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_dns_name_1, length_dns_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->dns_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->dns_name, ndr_get_array_length(ndr, &r->dns_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_dns_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->dns_name, length_dns_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_dns_name_0, 0); } if (r->sid) { @@ -8578,6 +8754,7 @@ static enum ndr_err_code ndr_push_netr_DomainTrustList(struct ndr_push *ndr, int static enum ndr_err_code ndr_pull_netr_DomainTrustList(struct ndr_pull *ndr, int ndr_flags, struct netr_DomainTrustList *r) { uint32_t _ptr_array; + uint32_t size_array_1 = 0; uint32_t cntr_array_1; TALLOC_CTX *_mem_save_array_0; TALLOC_CTX *_mem_save_array_1; @@ -8596,13 +8773,14 @@ static enum ndr_err_code ndr_pull_netr_DomainTrustList(struct ndr_pull *ndr, int _mem_save_array_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->array)); - NDR_PULL_ALLOC_N(ndr, r->array, ndr_get_array_size(ndr, &r->array)); + size_array_1 = ndr_get_array_size(ndr, &r->array); + NDR_PULL_ALLOC_N(ndr, r->array, size_array_1); _mem_save_array_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); - for (cntr_array_1 = 0; cntr_array_1 < r->count; cntr_array_1++) { + for (cntr_array_1 = 0; cntr_array_1 < size_array_1; cntr_array_1++) { NDR_CHECK(ndr_pull_netr_DomainTrust(ndr, NDR_SCALARS, &r->array[cntr_array_1])); } - for (cntr_array_1 = 0; cntr_array_1 < r->count; cntr_array_1++) { + for (cntr_array_1 = 0; cntr_array_1 < size_array_1; cntr_array_1++) { NDR_CHECK(ndr_pull_netr_DomainTrust(ndr, NDR_BUFFERS, &r->array[cntr_array_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_array_1, 0); @@ -8675,10 +8853,12 @@ static enum ndr_err_code ndr_push_netr_DsRAddressToSitenamesExWCtr(struct ndr_pu static enum ndr_err_code ndr_pull_netr_DsRAddressToSitenamesExWCtr(struct ndr_pull *ndr, int ndr_flags, struct netr_DsRAddressToSitenamesExWCtr *r) { uint32_t _ptr_sitename; + uint32_t size_sitename_1 = 0; uint32_t cntr_sitename_1; TALLOC_CTX *_mem_save_sitename_0; TALLOC_CTX *_mem_save_sitename_1; uint32_t _ptr_subnetname; + uint32_t size_subnetname_1 = 0; uint32_t cntr_subnetname_1; TALLOC_CTX *_mem_save_subnetname_0; TALLOC_CTX *_mem_save_subnetname_1; @@ -8703,13 +8883,14 @@ static enum ndr_err_code ndr_pull_netr_DsRAddressToSitenamesExWCtr(struct ndr_pu _mem_save_sitename_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->sitename, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->sitename)); - NDR_PULL_ALLOC_N(ndr, r->sitename, ndr_get_array_size(ndr, &r->sitename)); + size_sitename_1 = ndr_get_array_size(ndr, &r->sitename); + NDR_PULL_ALLOC_N(ndr, r->sitename, size_sitename_1); _mem_save_sitename_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->sitename, 0); - for (cntr_sitename_1 = 0; cntr_sitename_1 < r->count; cntr_sitename_1++) { + for (cntr_sitename_1 = 0; cntr_sitename_1 < size_sitename_1; cntr_sitename_1++) { NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_SCALARS, &r->sitename[cntr_sitename_1])); } - for (cntr_sitename_1 = 0; cntr_sitename_1 < r->count; cntr_sitename_1++) { + for (cntr_sitename_1 = 0; cntr_sitename_1 < size_sitename_1; cntr_sitename_1++) { NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_BUFFERS, &r->sitename[cntr_sitename_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_sitename_1, 0); @@ -8719,13 +8900,14 @@ static enum ndr_err_code ndr_pull_netr_DsRAddressToSitenamesExWCtr(struct ndr_pu _mem_save_subnetname_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->subnetname, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->subnetname)); - NDR_PULL_ALLOC_N(ndr, r->subnetname, ndr_get_array_size(ndr, &r->subnetname)); + size_subnetname_1 = ndr_get_array_size(ndr, &r->subnetname); + NDR_PULL_ALLOC_N(ndr, r->subnetname, size_subnetname_1); _mem_save_subnetname_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->subnetname, 0); - for (cntr_subnetname_1 = 0; cntr_subnetname_1 < r->count; cntr_subnetname_1++) { + for (cntr_subnetname_1 = 0; cntr_subnetname_1 < size_subnetname_1; cntr_subnetname_1++) { NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_SCALARS, &r->subnetname[cntr_subnetname_1])); } - for (cntr_subnetname_1 = 0; cntr_subnetname_1 < r->count; cntr_subnetname_1++) { + for (cntr_subnetname_1 = 0; cntr_subnetname_1 < size_subnetname_1; cntr_subnetname_1++) { NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_BUFFERS, &r->subnetname[cntr_subnetname_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_subnetname_1, 0); @@ -8806,6 +8988,7 @@ static enum ndr_err_code ndr_push_DcSitesCtr(struct ndr_push *ndr, int ndr_flags static enum ndr_err_code ndr_pull_DcSitesCtr(struct ndr_pull *ndr, int ndr_flags, struct DcSitesCtr *r) { uint32_t _ptr_sites; + uint32_t size_sites_1 = 0; uint32_t cntr_sites_1; TALLOC_CTX *_mem_save_sites_0; TALLOC_CTX *_mem_save_sites_1; @@ -8824,13 +9007,14 @@ static enum ndr_err_code ndr_pull_DcSitesCtr(struct ndr_pull *ndr, int ndr_flags _mem_save_sites_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->sites, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->sites)); - NDR_PULL_ALLOC_N(ndr, r->sites, ndr_get_array_size(ndr, &r->sites)); + size_sites_1 = ndr_get_array_size(ndr, &r->sites); + NDR_PULL_ALLOC_N(ndr, r->sites, size_sites_1); _mem_save_sites_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->sites, 0); - for (cntr_sites_1 = 0; cntr_sites_1 < r->num_sites; cntr_sites_1++) { + for (cntr_sites_1 = 0; cntr_sites_1 < size_sites_1; cntr_sites_1++) { NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_SCALARS, &r->sites[cntr_sites_1])); } - for (cntr_sites_1 = 0; cntr_sites_1 < r->num_sites; cntr_sites_1++) { + for (cntr_sites_1 = 0; cntr_sites_1 < size_sites_1; cntr_sites_1++) { NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_BUFFERS, &r->sites[cntr_sites_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_sites_1, 0); @@ -8901,10 +9085,12 @@ static enum ndr_err_code ndr_push_netr_TrustInfo(struct ndr_push *ndr, int ndr_f static enum ndr_err_code ndr_pull_netr_TrustInfo(struct ndr_pull *ndr, int ndr_flags, struct netr_TrustInfo *r) { uint32_t _ptr_data; + uint32_t size_data_1 = 0; uint32_t cntr_data_1; TALLOC_CTX *_mem_save_data_0; TALLOC_CTX *_mem_save_data_1; uint32_t _ptr_entries; + uint32_t size_entries_1 = 0; uint32_t cntr_entries_1; TALLOC_CTX *_mem_save_entries_0; TALLOC_CTX *_mem_save_entries_1; @@ -8930,10 +9116,11 @@ static enum ndr_err_code ndr_pull_netr_TrustInfo(struct ndr_pull *ndr, int ndr_f _mem_save_data_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->data, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->data)); - NDR_PULL_ALLOC_N(ndr, r->data, ndr_get_array_size(ndr, &r->data)); + size_data_1 = ndr_get_array_size(ndr, &r->data); + NDR_PULL_ALLOC_N(ndr, r->data, size_data_1); _mem_save_data_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->data, 0); - for (cntr_data_1 = 0; cntr_data_1 < r->count; cntr_data_1++) { + for (cntr_data_1 = 0; cntr_data_1 < size_data_1; cntr_data_1++) { NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->data[cntr_data_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_data_1, 0); @@ -8943,13 +9130,14 @@ static enum ndr_err_code ndr_pull_netr_TrustInfo(struct ndr_pull *ndr, int ndr_f _mem_save_entries_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->entries, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->entries)); - NDR_PULL_ALLOC_N(ndr, r->entries, ndr_get_array_size(ndr, &r->entries)); + size_entries_1 = ndr_get_array_size(ndr, &r->entries); + NDR_PULL_ALLOC_N(ndr, r->entries, size_entries_1); _mem_save_entries_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->entries, 0); - for (cntr_entries_1 = 0; cntr_entries_1 < r->count; cntr_entries_1++) { + for (cntr_entries_1 = 0; cntr_entries_1 < size_entries_1; cntr_entries_1++) { NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_SCALARS, &r->entries[cntr_entries_1])); } - for (cntr_entries_1 = 0; cntr_entries_1 < r->count; cntr_entries_1++) { + for (cntr_entries_1 = 0; cntr_entries_1 < size_entries_1; cntr_entries_1++) { NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_BUFFERS, &r->entries[cntr_entries_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_entries_1, 0); @@ -9041,6 +9229,12 @@ static enum ndr_err_code ndr_push_netr_LogonUasLogon(struct ndr_push *ndr, int f static enum ndr_err_code ndr_pull_netr_LogonUasLogon(struct ndr_pull *ndr, int flags, struct netr_LogonUasLogon *r) { uint32_t _ptr_server_name; + uint32_t size_server_name_1 = 0; + uint32_t length_server_name_1 = 0; + uint32_t size_account_name_0 = 0; + uint32_t length_account_name_0 = 0; + uint32_t size_workstation_0 = 0; + uint32_t length_workstation_0 = 0; uint32_t _ptr_info; TALLOC_CTX *_mem_save_server_name_0; TALLOC_CTX *_mem_save_info_0; @@ -9059,27 +9253,33 @@ static enum ndr_err_code ndr_pull_netr_LogonUasLogon(struct ndr_pull *ndr, int f NDR_PULL_SET_MEM_CTX(ndr, r->in.server_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.server_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.server_name)); - if (ndr_get_array_length(ndr, &r->in.server_name) > ndr_get_array_size(ndr, &r->in.server_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.server_name), ndr_get_array_length(ndr, &r->in.server_name)); + size_server_name_1 = ndr_get_array_size(ndr, &r->in.server_name); + length_server_name_1 = ndr_get_array_length(ndr, &r->in.server_name); + if (length_server_name_1 > size_server_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_name_1, length_server_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.server_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_name, ndr_get_array_length(ndr, &r->in.server_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_name, length_server_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_name_0, 0); } NDR_CHECK(ndr_pull_array_size(ndr, &r->in.account_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.account_name)); - if (ndr_get_array_length(ndr, &r->in.account_name) > ndr_get_array_size(ndr, &r->in.account_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.account_name), ndr_get_array_length(ndr, &r->in.account_name)); + size_account_name_0 = ndr_get_array_size(ndr, &r->in.account_name); + length_account_name_0 = ndr_get_array_length(ndr, &r->in.account_name); + if (length_account_name_0 > size_account_name_0) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_account_name_0, length_account_name_0); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.account_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.account_name, ndr_get_array_length(ndr, &r->in.account_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_account_name_0, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.account_name, length_account_name_0, sizeof(uint16_t), CH_UTF16)); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.workstation)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.workstation)); - if (ndr_get_array_length(ndr, &r->in.workstation) > ndr_get_array_size(ndr, &r->in.workstation)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.workstation), ndr_get_array_length(ndr, &r->in.workstation)); + size_workstation_0 = ndr_get_array_size(ndr, &r->in.workstation); + length_workstation_0 = ndr_get_array_length(ndr, &r->in.workstation); + if (length_workstation_0 > size_workstation_0) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_workstation_0, length_workstation_0); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.workstation), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.workstation, ndr_get_array_length(ndr, &r->in.workstation), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_workstation_0, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.workstation, length_workstation_0, sizeof(uint16_t), CH_UTF16)); NDR_PULL_ALLOC(ndr, r->out.info); ZERO_STRUCTP(r->out.info); } @@ -9177,6 +9377,12 @@ static enum ndr_err_code ndr_push_netr_LogonUasLogoff(struct ndr_push *ndr, int static enum ndr_err_code ndr_pull_netr_LogonUasLogoff(struct ndr_pull *ndr, int flags, struct netr_LogonUasLogoff *r) { uint32_t _ptr_server_name; + uint32_t size_server_name_1 = 0; + uint32_t length_server_name_1 = 0; + uint32_t size_account_name_0 = 0; + uint32_t length_account_name_0 = 0; + uint32_t size_workstation_0 = 0; + uint32_t length_workstation_0 = 0; TALLOC_CTX *_mem_save_server_name_0; TALLOC_CTX *_mem_save_info_0; if (flags & NDR_IN) { @@ -9193,27 +9399,33 @@ static enum ndr_err_code ndr_pull_netr_LogonUasLogoff(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->in.server_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.server_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.server_name)); - if (ndr_get_array_length(ndr, &r->in.server_name) > ndr_get_array_size(ndr, &r->in.server_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.server_name), ndr_get_array_length(ndr, &r->in.server_name)); + size_server_name_1 = ndr_get_array_size(ndr, &r->in.server_name); + length_server_name_1 = ndr_get_array_length(ndr, &r->in.server_name); + if (length_server_name_1 > size_server_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_name_1, length_server_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.server_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_name, ndr_get_array_length(ndr, &r->in.server_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_name, length_server_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_name_0, 0); } NDR_CHECK(ndr_pull_array_size(ndr, &r->in.account_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.account_name)); - if (ndr_get_array_length(ndr, &r->in.account_name) > ndr_get_array_size(ndr, &r->in.account_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.account_name), ndr_get_array_length(ndr, &r->in.account_name)); + size_account_name_0 = ndr_get_array_size(ndr, &r->in.account_name); + length_account_name_0 = ndr_get_array_length(ndr, &r->in.account_name); + if (length_account_name_0 > size_account_name_0) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_account_name_0, length_account_name_0); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.account_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.account_name, ndr_get_array_length(ndr, &r->in.account_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_account_name_0, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.account_name, length_account_name_0, sizeof(uint16_t), CH_UTF16)); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.workstation)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.workstation)); - if (ndr_get_array_length(ndr, &r->in.workstation) > ndr_get_array_size(ndr, &r->in.workstation)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.workstation), ndr_get_array_length(ndr, &r->in.workstation)); + size_workstation_0 = ndr_get_array_size(ndr, &r->in.workstation); + length_workstation_0 = ndr_get_array_length(ndr, &r->in.workstation); + if (length_workstation_0 > size_workstation_0) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_workstation_0, length_workstation_0); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.workstation), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.workstation, ndr_get_array_length(ndr, &r->in.workstation), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_workstation_0, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.workstation, length_workstation_0, sizeof(uint16_t), CH_UTF16)); NDR_PULL_ALLOC(ndr, r->out.info); ZERO_STRUCTP(r->out.info); } @@ -9318,7 +9530,11 @@ static enum ndr_err_code ndr_push_netr_LogonSamLogon(struct ndr_push *ndr, int f static enum ndr_err_code ndr_pull_netr_LogonSamLogon(struct ndr_pull *ndr, int flags, struct netr_LogonSamLogon *r) { uint32_t _ptr_server_name; + uint32_t size_server_name_1 = 0; + uint32_t length_server_name_1 = 0; uint32_t _ptr_computer_name; + uint32_t size_computer_name_1 = 0; + uint32_t length_computer_name_1 = 0; uint32_t _ptr_credential; uint32_t _ptr_return_authenticator; TALLOC_CTX *_mem_save_server_name_0; @@ -9342,11 +9558,13 @@ static enum ndr_err_code ndr_pull_netr_LogonSamLogon(struct ndr_pull *ndr, int f NDR_PULL_SET_MEM_CTX(ndr, r->in.server_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.server_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.server_name)); - if (ndr_get_array_length(ndr, &r->in.server_name) > ndr_get_array_size(ndr, &r->in.server_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.server_name), ndr_get_array_length(ndr, &r->in.server_name)); + size_server_name_1 = ndr_get_array_size(ndr, &r->in.server_name); + length_server_name_1 = ndr_get_array_length(ndr, &r->in.server_name); + if (length_server_name_1 > size_server_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_name_1, length_server_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.server_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_name, ndr_get_array_length(ndr, &r->in.server_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_name, length_server_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_name_0, 0); } NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_computer_name)); @@ -9360,11 +9578,13 @@ static enum ndr_err_code ndr_pull_netr_LogonSamLogon(struct ndr_pull *ndr, int f NDR_PULL_SET_MEM_CTX(ndr, r->in.computer_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.computer_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.computer_name)); - if (ndr_get_array_length(ndr, &r->in.computer_name) > ndr_get_array_size(ndr, &r->in.computer_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.computer_name), ndr_get_array_length(ndr, &r->in.computer_name)); + size_computer_name_1 = ndr_get_array_size(ndr, &r->in.computer_name); + length_computer_name_1 = ndr_get_array_length(ndr, &r->in.computer_name); + if (length_computer_name_1 > size_computer_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_computer_name_1, length_computer_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.computer_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.computer_name, ndr_get_array_length(ndr, &r->in.computer_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_computer_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.computer_name, length_computer_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_computer_name_0, 0); } NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_credential)); @@ -9548,7 +9768,11 @@ static enum ndr_err_code ndr_push_netr_LogonSamLogoff(struct ndr_push *ndr, int static enum ndr_err_code ndr_pull_netr_LogonSamLogoff(struct ndr_pull *ndr, int flags, struct netr_LogonSamLogoff *r) { uint32_t _ptr_server_name; + uint32_t size_server_name_1 = 0; + uint32_t length_server_name_1 = 0; uint32_t _ptr_computer_name; + uint32_t size_computer_name_1 = 0; + uint32_t length_computer_name_1 = 0; uint32_t _ptr_credential; uint32_t _ptr_return_authenticator; TALLOC_CTX *_mem_save_server_name_0; @@ -9569,11 +9793,13 @@ static enum ndr_err_code ndr_pull_netr_LogonSamLogoff(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->in.server_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.server_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.server_name)); - if (ndr_get_array_length(ndr, &r->in.server_name) > ndr_get_array_size(ndr, &r->in.server_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.server_name), ndr_get_array_length(ndr, &r->in.server_name)); + size_server_name_1 = ndr_get_array_size(ndr, &r->in.server_name); + length_server_name_1 = ndr_get_array_length(ndr, &r->in.server_name); + if (length_server_name_1 > size_server_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_name_1, length_server_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.server_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_name, ndr_get_array_length(ndr, &r->in.server_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_name, length_server_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_name_0, 0); } NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_computer_name)); @@ -9587,11 +9813,13 @@ static enum ndr_err_code ndr_pull_netr_LogonSamLogoff(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->in.computer_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.computer_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.computer_name)); - if (ndr_get_array_length(ndr, &r->in.computer_name) > ndr_get_array_size(ndr, &r->in.computer_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.computer_name), ndr_get_array_length(ndr, &r->in.computer_name)); + size_computer_name_1 = ndr_get_array_size(ndr, &r->in.computer_name); + length_computer_name_1 = ndr_get_array_length(ndr, &r->in.computer_name); + if (length_computer_name_1 > size_computer_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_computer_name_1, length_computer_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.computer_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.computer_name, ndr_get_array_length(ndr, &r->in.computer_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_computer_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.computer_name, length_computer_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_computer_name_0, 0); } NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_credential)); @@ -9726,6 +9954,10 @@ _PUBLIC_ enum ndr_err_code ndr_push_netr_ServerReqChallenge(struct ndr_push *ndr _PUBLIC_ enum ndr_err_code ndr_pull_netr_ServerReqChallenge(struct ndr_pull *ndr, int flags, struct netr_ServerReqChallenge *r) { uint32_t _ptr_server_name; + uint32_t size_server_name_1 = 0; + uint32_t length_server_name_1 = 0; + uint32_t size_computer_name_0 = 0; + uint32_t length_computer_name_0 = 0; TALLOC_CTX *_mem_save_server_name_0; TALLOC_CTX *_mem_save_credentials_0; TALLOC_CTX *_mem_save_return_credentials_0; @@ -9743,20 +9975,24 @@ _PUBLIC_ enum ndr_err_code ndr_pull_netr_ServerReqChallenge(struct ndr_pull *ndr NDR_PULL_SET_MEM_CTX(ndr, r->in.server_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.server_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.server_name)); - if (ndr_get_array_length(ndr, &r->in.server_name) > ndr_get_array_size(ndr, &r->in.server_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.server_name), ndr_get_array_length(ndr, &r->in.server_name)); + size_server_name_1 = ndr_get_array_size(ndr, &r->in.server_name); + length_server_name_1 = ndr_get_array_length(ndr, &r->in.server_name); + if (length_server_name_1 > size_server_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_name_1, length_server_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.server_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_name, ndr_get_array_length(ndr, &r->in.server_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_name, length_server_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_name_0, 0); } NDR_CHECK(ndr_pull_array_size(ndr, &r->in.computer_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.computer_name)); - if (ndr_get_array_length(ndr, &r->in.computer_name) > ndr_get_array_size(ndr, &r->in.computer_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.computer_name), ndr_get_array_length(ndr, &r->in.computer_name)); + size_computer_name_0 = ndr_get_array_size(ndr, &r->in.computer_name); + length_computer_name_0 = ndr_get_array_length(ndr, &r->in.computer_name); + if (length_computer_name_0 > size_computer_name_0) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_computer_name_0, length_computer_name_0); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.computer_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.computer_name, ndr_get_array_length(ndr, &r->in.computer_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_computer_name_0, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.computer_name, length_computer_name_0, sizeof(uint16_t), CH_UTF16)); if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) { NDR_PULL_ALLOC(ndr, r->in.credentials); } @@ -9853,6 +10089,12 @@ static enum ndr_err_code ndr_push_netr_ServerAuthenticate(struct ndr_push *ndr, static enum ndr_err_code ndr_pull_netr_ServerAuthenticate(struct ndr_pull *ndr, int flags, struct netr_ServerAuthenticate *r) { uint32_t _ptr_server_name; + uint32_t size_server_name_1 = 0; + uint32_t length_server_name_1 = 0; + uint32_t size_account_name_0 = 0; + uint32_t length_account_name_0 = 0; + uint32_t size_computer_name_0 = 0; + uint32_t length_computer_name_0 = 0; TALLOC_CTX *_mem_save_server_name_0; TALLOC_CTX *_mem_save_credentials_0; TALLOC_CTX *_mem_save_return_credentials_0; @@ -9870,28 +10112,34 @@ static enum ndr_err_code ndr_pull_netr_ServerAuthenticate(struct ndr_pull *ndr, NDR_PULL_SET_MEM_CTX(ndr, r->in.server_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.server_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.server_name)); - if (ndr_get_array_length(ndr, &r->in.server_name) > ndr_get_array_size(ndr, &r->in.server_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.server_name), ndr_get_array_length(ndr, &r->in.server_name)); + size_server_name_1 = ndr_get_array_size(ndr, &r->in.server_name); + length_server_name_1 = ndr_get_array_length(ndr, &r->in.server_name); + if (length_server_name_1 > size_server_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_name_1, length_server_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.server_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_name, ndr_get_array_length(ndr, &r->in.server_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_name, length_server_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_name_0, 0); } NDR_CHECK(ndr_pull_array_size(ndr, &r->in.account_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.account_name)); - if (ndr_get_array_length(ndr, &r->in.account_name) > ndr_get_array_size(ndr, &r->in.account_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.account_name), ndr_get_array_length(ndr, &r->in.account_name)); + size_account_name_0 = ndr_get_array_size(ndr, &r->in.account_name); + length_account_name_0 = ndr_get_array_length(ndr, &r->in.account_name); + if (length_account_name_0 > size_account_name_0) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_account_name_0, length_account_name_0); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.account_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.account_name, ndr_get_array_length(ndr, &r->in.account_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_account_name_0, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.account_name, length_account_name_0, sizeof(uint16_t), CH_UTF16)); NDR_CHECK(ndr_pull_netr_SchannelType(ndr, NDR_SCALARS, &r->in.secure_channel_type)); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.computer_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.computer_name)); - if (ndr_get_array_length(ndr, &r->in.computer_name) > ndr_get_array_size(ndr, &r->in.computer_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.computer_name), ndr_get_array_length(ndr, &r->in.computer_name)); + size_computer_name_0 = ndr_get_array_size(ndr, &r->in.computer_name); + length_computer_name_0 = ndr_get_array_length(ndr, &r->in.computer_name); + if (length_computer_name_0 > size_computer_name_0) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_computer_name_0, length_computer_name_0); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.computer_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.computer_name, ndr_get_array_length(ndr, &r->in.computer_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_computer_name_0, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.computer_name, length_computer_name_0, sizeof(uint16_t), CH_UTF16)); if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) { NDR_PULL_ALLOC(ndr, r->in.credentials); } @@ -9994,6 +10242,12 @@ static enum ndr_err_code ndr_push_netr_ServerPasswordSet(struct ndr_push *ndr, i static enum ndr_err_code ndr_pull_netr_ServerPasswordSet(struct ndr_pull *ndr, int flags, struct netr_ServerPasswordSet *r) { uint32_t _ptr_server_name; + uint32_t size_server_name_1 = 0; + uint32_t length_server_name_1 = 0; + uint32_t size_account_name_0 = 0; + uint32_t length_account_name_0 = 0; + uint32_t size_computer_name_0 = 0; + uint32_t length_computer_name_0 = 0; TALLOC_CTX *_mem_save_server_name_0; TALLOC_CTX *_mem_save_credential_0; TALLOC_CTX *_mem_save_return_authenticator_0; @@ -10012,28 +10266,34 @@ static enum ndr_err_code ndr_pull_netr_ServerPasswordSet(struct ndr_pull *ndr, i NDR_PULL_SET_MEM_CTX(ndr, r->in.server_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.server_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.server_name)); - if (ndr_get_array_length(ndr, &r->in.server_name) > ndr_get_array_size(ndr, &r->in.server_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.server_name), ndr_get_array_length(ndr, &r->in.server_name)); + size_server_name_1 = ndr_get_array_size(ndr, &r->in.server_name); + length_server_name_1 = ndr_get_array_length(ndr, &r->in.server_name); + if (length_server_name_1 > size_server_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_name_1, length_server_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.server_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_name, ndr_get_array_length(ndr, &r->in.server_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_name, length_server_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_name_0, 0); } NDR_CHECK(ndr_pull_array_size(ndr, &r->in.account_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.account_name)); - if (ndr_get_array_length(ndr, &r->in.account_name) > ndr_get_array_size(ndr, &r->in.account_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.account_name), ndr_get_array_length(ndr, &r->in.account_name)); + size_account_name_0 = ndr_get_array_size(ndr, &r->in.account_name); + length_account_name_0 = ndr_get_array_length(ndr, &r->in.account_name); + if (length_account_name_0 > size_account_name_0) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_account_name_0, length_account_name_0); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.account_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.account_name, ndr_get_array_length(ndr, &r->in.account_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_account_name_0, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.account_name, length_account_name_0, sizeof(uint16_t), CH_UTF16)); NDR_CHECK(ndr_pull_netr_SchannelType(ndr, NDR_SCALARS, &r->in.secure_channel_type)); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.computer_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.computer_name)); - if (ndr_get_array_length(ndr, &r->in.computer_name) > ndr_get_array_size(ndr, &r->in.computer_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.computer_name), ndr_get_array_length(ndr, &r->in.computer_name)); + size_computer_name_0 = ndr_get_array_size(ndr, &r->in.computer_name); + length_computer_name_0 = ndr_get_array_length(ndr, &r->in.computer_name); + if (length_computer_name_0 > size_computer_name_0) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_computer_name_0, length_computer_name_0); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.computer_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.computer_name, ndr_get_array_length(ndr, &r->in.computer_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_computer_name_0, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.computer_name, length_computer_name_0, sizeof(uint16_t), CH_UTF16)); if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) { NDR_PULL_ALLOC(ndr, r->in.credential); } @@ -10155,6 +10415,10 @@ static enum ndr_err_code ndr_push_netr_DatabaseDeltas(struct ndr_push *ndr, int static enum ndr_err_code ndr_pull_netr_DatabaseDeltas(struct ndr_pull *ndr, int flags, struct netr_DatabaseDeltas *r) { + uint32_t size_logon_server_0 = 0; + uint32_t length_logon_server_0 = 0; + uint32_t size_computername_0 = 0; + uint32_t length_computername_0 = 0; uint32_t _ptr_delta_enum_array; TALLOC_CTX *_mem_save_credential_0; TALLOC_CTX *_mem_save_return_authenticator_0; @@ -10166,18 +10430,22 @@ static enum ndr_err_code ndr_pull_netr_DatabaseDeltas(struct ndr_pull *ndr, int NDR_CHECK(ndr_pull_array_size(ndr, &r->in.logon_server)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.logon_server)); - if (ndr_get_array_length(ndr, &r->in.logon_server) > ndr_get_array_size(ndr, &r->in.logon_server)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.logon_server), ndr_get_array_length(ndr, &r->in.logon_server)); + size_logon_server_0 = ndr_get_array_size(ndr, &r->in.logon_server); + length_logon_server_0 = ndr_get_array_length(ndr, &r->in.logon_server); + if (length_logon_server_0 > size_logon_server_0) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_logon_server_0, length_logon_server_0); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.logon_server), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.logon_server, ndr_get_array_length(ndr, &r->in.logon_server), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_logon_server_0, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.logon_server, length_logon_server_0, sizeof(uint16_t), CH_UTF16)); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.computername)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.computername)); - if (ndr_get_array_length(ndr, &r->in.computername) > ndr_get_array_size(ndr, &r->in.computername)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.computername), ndr_get_array_length(ndr, &r->in.computername)); + size_computername_0 = ndr_get_array_size(ndr, &r->in.computername); + length_computername_0 = ndr_get_array_length(ndr, &r->in.computername); + if (length_computername_0 > size_computername_0) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_computername_0, length_computername_0); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.computername), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.computername, ndr_get_array_length(ndr, &r->in.computername), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_computername_0, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.computername, length_computername_0, sizeof(uint16_t), CH_UTF16)); if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) { NDR_PULL_ALLOC(ndr, r->in.credential); } @@ -10349,6 +10617,10 @@ static enum ndr_err_code ndr_push_netr_DatabaseSync(struct ndr_push *ndr, int fl static enum ndr_err_code ndr_pull_netr_DatabaseSync(struct ndr_pull *ndr, int flags, struct netr_DatabaseSync *r) { + uint32_t size_logon_server_0 = 0; + uint32_t length_logon_server_0 = 0; + uint32_t size_computername_0 = 0; + uint32_t length_computername_0 = 0; uint32_t _ptr_delta_enum_array; TALLOC_CTX *_mem_save_credential_0; TALLOC_CTX *_mem_save_return_authenticator_0; @@ -10360,18 +10632,22 @@ static enum ndr_err_code ndr_pull_netr_DatabaseSync(struct ndr_pull *ndr, int fl NDR_CHECK(ndr_pull_array_size(ndr, &r->in.logon_server)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.logon_server)); - if (ndr_get_array_length(ndr, &r->in.logon_server) > ndr_get_array_size(ndr, &r->in.logon_server)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.logon_server), ndr_get_array_length(ndr, &r->in.logon_server)); + size_logon_server_0 = ndr_get_array_size(ndr, &r->in.logon_server); + length_logon_server_0 = ndr_get_array_length(ndr, &r->in.logon_server); + if (length_logon_server_0 > size_logon_server_0) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_logon_server_0, length_logon_server_0); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.logon_server), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.logon_server, ndr_get_array_length(ndr, &r->in.logon_server), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_logon_server_0, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.logon_server, length_logon_server_0, sizeof(uint16_t), CH_UTF16)); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.computername)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.computername)); - if (ndr_get_array_length(ndr, &r->in.computername) > ndr_get_array_size(ndr, &r->in.computername)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.computername), ndr_get_array_length(ndr, &r->in.computername)); + size_computername_0 = ndr_get_array_size(ndr, &r->in.computername); + length_computername_0 = ndr_get_array_length(ndr, &r->in.computername); + if (length_computername_0 > size_computername_0) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_computername_0, length_computername_0); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.computername), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.computername, ndr_get_array_length(ndr, &r->in.computername), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_computername_0, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.computername, length_computername_0, sizeof(uint16_t), CH_UTF16)); if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) { NDR_PULL_ALLOC(ndr, r->in.credential); } @@ -10552,6 +10828,10 @@ static enum ndr_err_code ndr_push_netr_AccountDeltas(struct ndr_push *ndr, int f static enum ndr_err_code ndr_pull_netr_AccountDeltas(struct ndr_pull *ndr, int flags, struct netr_AccountDeltas *r) { uint32_t _ptr_logon_server; + uint32_t size_logon_server_1 = 0; + uint32_t length_logon_server_1 = 0; + uint32_t size_computername_0 = 0; + uint32_t length_computername_0 = 0; TALLOC_CTX *_mem_save_logon_server_0; TALLOC_CTX *_mem_save_return_authenticator_0; TALLOC_CTX *_mem_save_buffer_0; @@ -10572,20 +10852,24 @@ static enum ndr_err_code ndr_pull_netr_AccountDeltas(struct ndr_pull *ndr, int f NDR_PULL_SET_MEM_CTX(ndr, r->in.logon_server, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.logon_server)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.logon_server)); - if (ndr_get_array_length(ndr, &r->in.logon_server) > ndr_get_array_size(ndr, &r->in.logon_server)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.logon_server), ndr_get_array_length(ndr, &r->in.logon_server)); + size_logon_server_1 = ndr_get_array_size(ndr, &r->in.logon_server); + length_logon_server_1 = ndr_get_array_length(ndr, &r->in.logon_server); + if (length_logon_server_1 > size_logon_server_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_logon_server_1, length_logon_server_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.logon_server), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.logon_server, ndr_get_array_length(ndr, &r->in.logon_server), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_logon_server_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.logon_server, length_logon_server_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_logon_server_0, 0); } NDR_CHECK(ndr_pull_array_size(ndr, &r->in.computername)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.computername)); - if (ndr_get_array_length(ndr, &r->in.computername) > ndr_get_array_size(ndr, &r->in.computername)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.computername), ndr_get_array_length(ndr, &r->in.computername)); + size_computername_0 = ndr_get_array_size(ndr, &r->in.computername); + length_computername_0 = ndr_get_array_length(ndr, &r->in.computername); + if (length_computername_0 > size_computername_0) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_computername_0, length_computername_0); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.computername), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.computername, ndr_get_array_length(ndr, &r->in.computername), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_computername_0, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.computername, length_computername_0, sizeof(uint16_t), CH_UTF16)); NDR_CHECK(ndr_pull_netr_Authenticator(ndr, NDR_SCALARS, &r->in.credential)); if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) { NDR_PULL_ALLOC(ndr, r->in.return_authenticator); @@ -10777,6 +11061,10 @@ static enum ndr_err_code ndr_push_netr_AccountSync(struct ndr_push *ndr, int fla static enum ndr_err_code ndr_pull_netr_AccountSync(struct ndr_pull *ndr, int flags, struct netr_AccountSync *r) { uint32_t _ptr_logon_server; + uint32_t size_logon_server_1 = 0; + uint32_t length_logon_server_1 = 0; + uint32_t size_computername_0 = 0; + uint32_t length_computername_0 = 0; TALLOC_CTX *_mem_save_logon_server_0; TALLOC_CTX *_mem_save_return_authenticator_0; TALLOC_CTX *_mem_save_buffer_0; @@ -10798,20 +11086,24 @@ static enum ndr_err_code ndr_pull_netr_AccountSync(struct ndr_pull *ndr, int fla NDR_PULL_SET_MEM_CTX(ndr, r->in.logon_server, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.logon_server)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.logon_server)); - if (ndr_get_array_length(ndr, &r->in.logon_server) > ndr_get_array_size(ndr, &r->in.logon_server)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.logon_server), ndr_get_array_length(ndr, &r->in.logon_server)); + size_logon_server_1 = ndr_get_array_size(ndr, &r->in.logon_server); + length_logon_server_1 = ndr_get_array_length(ndr, &r->in.logon_server); + if (length_logon_server_1 > size_logon_server_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_logon_server_1, length_logon_server_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.logon_server), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.logon_server, ndr_get_array_length(ndr, &r->in.logon_server), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_logon_server_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.logon_server, length_logon_server_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_logon_server_0, 0); } NDR_CHECK(ndr_pull_array_size(ndr, &r->in.computername)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.computername)); - if (ndr_get_array_length(ndr, &r->in.computername) > ndr_get_array_size(ndr, &r->in.computername)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.computername), ndr_get_array_length(ndr, &r->in.computername)); + size_computername_0 = ndr_get_array_size(ndr, &r->in.computername); + length_computername_0 = ndr_get_array_length(ndr, &r->in.computername); + if (length_computername_0 > size_computername_0) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_computername_0, length_computername_0); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.computername), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.computername, ndr_get_array_length(ndr, &r->in.computername), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_computername_0, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.computername, length_computername_0, sizeof(uint16_t), CH_UTF16)); NDR_CHECK(ndr_pull_netr_Authenticator(ndr, NDR_SCALARS, &r->in.credential)); if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) { NDR_PULL_ALLOC(ndr, r->in.return_authenticator); @@ -10993,8 +11285,14 @@ static enum ndr_err_code ndr_push_netr_GetDcName(struct ndr_push *ndr, int flags static enum ndr_err_code ndr_pull_netr_GetDcName(struct ndr_pull *ndr, int flags, struct netr_GetDcName *r) { + uint32_t size_logon_server_0 = 0; + uint32_t length_logon_server_0 = 0; uint32_t _ptr_domainname; + uint32_t size_domainname_1 = 0; + uint32_t length_domainname_1 = 0; uint32_t _ptr_dcname; + uint32_t size_dcname_2 = 0; + uint32_t length_dcname_2 = 0; TALLOC_CTX *_mem_save_domainname_0; TALLOC_CTX *_mem_save_dcname_0; TALLOC_CTX *_mem_save_dcname_1; @@ -11003,11 +11301,13 @@ static enum ndr_err_code ndr_pull_netr_GetDcName(struct ndr_pull *ndr, int flags NDR_CHECK(ndr_pull_array_size(ndr, &r->in.logon_server)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.logon_server)); - if (ndr_get_array_length(ndr, &r->in.logon_server) > ndr_get_array_size(ndr, &r->in.logon_server)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.logon_server), ndr_get_array_length(ndr, &r->in.logon_server)); + size_logon_server_0 = ndr_get_array_size(ndr, &r->in.logon_server); + length_logon_server_0 = ndr_get_array_length(ndr, &r->in.logon_server); + if (length_logon_server_0 > size_logon_server_0) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_logon_server_0, length_logon_server_0); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.logon_server), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.logon_server, ndr_get_array_length(ndr, &r->in.logon_server), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_logon_server_0, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.logon_server, length_logon_server_0, sizeof(uint16_t), CH_UTF16)); NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_domainname)); if (_ptr_domainname) { NDR_PULL_ALLOC(ndr, r->in.domainname); @@ -11019,11 +11319,13 @@ static enum ndr_err_code ndr_pull_netr_GetDcName(struct ndr_pull *ndr, int flags NDR_PULL_SET_MEM_CTX(ndr, r->in.domainname, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.domainname)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.domainname)); - if (ndr_get_array_length(ndr, &r->in.domainname) > ndr_get_array_size(ndr, &r->in.domainname)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.domainname), ndr_get_array_length(ndr, &r->in.domainname)); + size_domainname_1 = ndr_get_array_size(ndr, &r->in.domainname); + length_domainname_1 = ndr_get_array_length(ndr, &r->in.domainname); + if (length_domainname_1 > size_domainname_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_domainname_1, length_domainname_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.domainname), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.domainname, ndr_get_array_length(ndr, &r->in.domainname), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_domainname_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.domainname, length_domainname_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_domainname_0, 0); } NDR_PULL_ALLOC(ndr, r->out.dcname); @@ -11046,11 +11348,13 @@ static enum ndr_err_code ndr_pull_netr_GetDcName(struct ndr_pull *ndr, int flags NDR_PULL_SET_MEM_CTX(ndr, *r->out.dcname, 0); NDR_CHECK(ndr_pull_array_size(ndr, r->out.dcname)); NDR_CHECK(ndr_pull_array_length(ndr, r->out.dcname)); - if (ndr_get_array_length(ndr, r->out.dcname) > ndr_get_array_size(ndr, r->out.dcname)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, r->out.dcname), ndr_get_array_length(ndr, r->out.dcname)); + size_dcname_2 = ndr_get_array_size(ndr, r->out.dcname); + length_dcname_2 = ndr_get_array_length(ndr, r->out.dcname); + if (length_dcname_2 > size_dcname_2) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_dcname_2, length_dcname_2); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, r->out.dcname), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, r->out.dcname, ndr_get_array_length(ndr, r->out.dcname), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_dcname_2, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, r->out.dcname, length_dcname_2, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_dcname_1, 0); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_dcname_0, LIBNDR_FLAG_REF_ALLOC); @@ -11123,6 +11427,8 @@ static enum ndr_err_code ndr_push_netr_LogonControl(struct ndr_push *ndr, int fl static enum ndr_err_code ndr_pull_netr_LogonControl(struct ndr_pull *ndr, int flags, struct netr_LogonControl *r) { uint32_t _ptr_logon_server; + uint32_t size_logon_server_1 = 0; + uint32_t length_logon_server_1 = 0; TALLOC_CTX *_mem_save_logon_server_0; TALLOC_CTX *_mem_save_info_0; if (flags & NDR_IN) { @@ -11139,11 +11445,13 @@ static enum ndr_err_code ndr_pull_netr_LogonControl(struct ndr_pull *ndr, int fl NDR_PULL_SET_MEM_CTX(ndr, r->in.logon_server, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.logon_server)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.logon_server)); - if (ndr_get_array_length(ndr, &r->in.logon_server) > ndr_get_array_size(ndr, &r->in.logon_server)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.logon_server), ndr_get_array_length(ndr, &r->in.logon_server)); + size_logon_server_1 = ndr_get_array_size(ndr, &r->in.logon_server); + length_logon_server_1 = ndr_get_array_length(ndr, &r->in.logon_server); + if (length_logon_server_1 > size_logon_server_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_logon_server_1, length_logon_server_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.logon_server), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.logon_server, ndr_get_array_length(ndr, &r->in.logon_server), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_logon_server_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.logon_server, length_logon_server_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_logon_server_0, 0); } NDR_CHECK(ndr_pull_netr_LogonControlCode(ndr, NDR_SCALARS, &r->in.function_code)); @@ -11236,8 +11544,14 @@ static enum ndr_err_code ndr_push_netr_GetAnyDCName(struct ndr_push *ndr, int fl static enum ndr_err_code ndr_pull_netr_GetAnyDCName(struct ndr_pull *ndr, int flags, struct netr_GetAnyDCName *r) { uint32_t _ptr_logon_server; + uint32_t size_logon_server_1 = 0; + uint32_t length_logon_server_1 = 0; uint32_t _ptr_domainname; + uint32_t size_domainname_1 = 0; + uint32_t length_domainname_1 = 0; uint32_t _ptr_dcname; + uint32_t size_dcname_2 = 0; + uint32_t length_dcname_2 = 0; TALLOC_CTX *_mem_save_logon_server_0; TALLOC_CTX *_mem_save_domainname_0; TALLOC_CTX *_mem_save_dcname_0; @@ -11256,11 +11570,13 @@ static enum ndr_err_code ndr_pull_netr_GetAnyDCName(struct ndr_pull *ndr, int fl NDR_PULL_SET_MEM_CTX(ndr, r->in.logon_server, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.logon_server)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.logon_server)); - if (ndr_get_array_length(ndr, &r->in.logon_server) > ndr_get_array_size(ndr, &r->in.logon_server)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.logon_server), ndr_get_array_length(ndr, &r->in.logon_server)); + size_logon_server_1 = ndr_get_array_size(ndr, &r->in.logon_server); + length_logon_server_1 = ndr_get_array_length(ndr, &r->in.logon_server); + if (length_logon_server_1 > size_logon_server_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_logon_server_1, length_logon_server_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.logon_server), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.logon_server, ndr_get_array_length(ndr, &r->in.logon_server), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_logon_server_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.logon_server, length_logon_server_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_logon_server_0, 0); } NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_domainname)); @@ -11274,11 +11590,13 @@ static enum ndr_err_code ndr_pull_netr_GetAnyDCName(struct ndr_pull *ndr, int fl NDR_PULL_SET_MEM_CTX(ndr, r->in.domainname, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.domainname)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.domainname)); - if (ndr_get_array_length(ndr, &r->in.domainname) > ndr_get_array_size(ndr, &r->in.domainname)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.domainname), ndr_get_array_length(ndr, &r->in.domainname)); + size_domainname_1 = ndr_get_array_size(ndr, &r->in.domainname); + length_domainname_1 = ndr_get_array_length(ndr, &r->in.domainname); + if (length_domainname_1 > size_domainname_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_domainname_1, length_domainname_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.domainname), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.domainname, ndr_get_array_length(ndr, &r->in.domainname), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_domainname_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.domainname, length_domainname_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_domainname_0, 0); } NDR_PULL_ALLOC(ndr, r->out.dcname); @@ -11301,11 +11619,13 @@ static enum ndr_err_code ndr_pull_netr_GetAnyDCName(struct ndr_pull *ndr, int fl NDR_PULL_SET_MEM_CTX(ndr, *r->out.dcname, 0); NDR_CHECK(ndr_pull_array_size(ndr, r->out.dcname)); NDR_CHECK(ndr_pull_array_length(ndr, r->out.dcname)); - if (ndr_get_array_length(ndr, r->out.dcname) > ndr_get_array_size(ndr, r->out.dcname)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, r->out.dcname), ndr_get_array_length(ndr, r->out.dcname)); + size_dcname_2 = ndr_get_array_size(ndr, r->out.dcname); + length_dcname_2 = ndr_get_array_length(ndr, r->out.dcname); + if (length_dcname_2 > size_dcname_2) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_dcname_2, length_dcname_2); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, r->out.dcname), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, r->out.dcname, ndr_get_array_length(ndr, r->out.dcname), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_dcname_2, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, r->out.dcname, length_dcname_2, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_dcname_1, 0); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_dcname_0, LIBNDR_FLAG_REF_ALLOC); @@ -11388,6 +11708,8 @@ static enum ndr_err_code ndr_push_netr_LogonControl2(struct ndr_push *ndr, int f static enum ndr_err_code ndr_pull_netr_LogonControl2(struct ndr_pull *ndr, int flags, struct netr_LogonControl2 *r) { uint32_t _ptr_logon_server; + uint32_t size_logon_server_1 = 0; + uint32_t length_logon_server_1 = 0; TALLOC_CTX *_mem_save_logon_server_0; TALLOC_CTX *_mem_save_data_0; TALLOC_CTX *_mem_save_query_0; @@ -11405,11 +11727,13 @@ static enum ndr_err_code ndr_pull_netr_LogonControl2(struct ndr_pull *ndr, int f NDR_PULL_SET_MEM_CTX(ndr, r->in.logon_server, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.logon_server)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.logon_server)); - if (ndr_get_array_length(ndr, &r->in.logon_server) > ndr_get_array_size(ndr, &r->in.logon_server)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.logon_server), ndr_get_array_length(ndr, &r->in.logon_server)); + size_logon_server_1 = ndr_get_array_size(ndr, &r->in.logon_server); + length_logon_server_1 = ndr_get_array_length(ndr, &r->in.logon_server); + if (length_logon_server_1 > size_logon_server_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_logon_server_1, length_logon_server_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.logon_server), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.logon_server, ndr_get_array_length(ndr, &r->in.logon_server), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_logon_server_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.logon_server, length_logon_server_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_logon_server_0, 0); } NDR_CHECK(ndr_pull_netr_LogonControlCode(ndr, NDR_SCALARS, &r->in.function_code)); @@ -11523,6 +11847,12 @@ static enum ndr_err_code ndr_push_netr_ServerAuthenticate2(struct ndr_push *ndr, static enum ndr_err_code ndr_pull_netr_ServerAuthenticate2(struct ndr_pull *ndr, int flags, struct netr_ServerAuthenticate2 *r) { uint32_t _ptr_server_name; + uint32_t size_server_name_1 = 0; + uint32_t length_server_name_1 = 0; + uint32_t size_account_name_0 = 0; + uint32_t length_account_name_0 = 0; + uint32_t size_computer_name_0 = 0; + uint32_t length_computer_name_0 = 0; TALLOC_CTX *_mem_save_server_name_0; TALLOC_CTX *_mem_save_credentials_0; TALLOC_CTX *_mem_save_return_credentials_0; @@ -11541,28 +11871,34 @@ static enum ndr_err_code ndr_pull_netr_ServerAuthenticate2(struct ndr_pull *ndr, NDR_PULL_SET_MEM_CTX(ndr, r->in.server_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.server_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.server_name)); - if (ndr_get_array_length(ndr, &r->in.server_name) > ndr_get_array_size(ndr, &r->in.server_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.server_name), ndr_get_array_length(ndr, &r->in.server_name)); + size_server_name_1 = ndr_get_array_size(ndr, &r->in.server_name); + length_server_name_1 = ndr_get_array_length(ndr, &r->in.server_name); + if (length_server_name_1 > size_server_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_name_1, length_server_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.server_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_name, ndr_get_array_length(ndr, &r->in.server_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_name, length_server_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_name_0, 0); } NDR_CHECK(ndr_pull_array_size(ndr, &r->in.account_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.account_name)); - if (ndr_get_array_length(ndr, &r->in.account_name) > ndr_get_array_size(ndr, &r->in.account_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.account_name), ndr_get_array_length(ndr, &r->in.account_name)); + size_account_name_0 = ndr_get_array_size(ndr, &r->in.account_name); + length_account_name_0 = ndr_get_array_length(ndr, &r->in.account_name); + if (length_account_name_0 > size_account_name_0) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_account_name_0, length_account_name_0); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.account_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.account_name, ndr_get_array_length(ndr, &r->in.account_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_account_name_0, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.account_name, length_account_name_0, sizeof(uint16_t), CH_UTF16)); NDR_CHECK(ndr_pull_netr_SchannelType(ndr, NDR_SCALARS, &r->in.secure_channel_type)); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.computer_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.computer_name)); - if (ndr_get_array_length(ndr, &r->in.computer_name) > ndr_get_array_size(ndr, &r->in.computer_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.computer_name), ndr_get_array_length(ndr, &r->in.computer_name)); + size_computer_name_0 = ndr_get_array_size(ndr, &r->in.computer_name); + length_computer_name_0 = ndr_get_array_length(ndr, &r->in.computer_name); + if (length_computer_name_0 > size_computer_name_0) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_computer_name_0, length_computer_name_0); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.computer_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.computer_name, ndr_get_array_length(ndr, &r->in.computer_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_computer_name_0, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.computer_name, length_computer_name_0, sizeof(uint16_t), CH_UTF16)); if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) { NDR_PULL_ALLOC(ndr, r->in.credentials); } @@ -11698,6 +12034,10 @@ static enum ndr_err_code ndr_push_netr_DatabaseSync2(struct ndr_push *ndr, int f static enum ndr_err_code ndr_pull_netr_DatabaseSync2(struct ndr_pull *ndr, int flags, struct netr_DatabaseSync2 *r) { + uint32_t size_logon_server_0 = 0; + uint32_t length_logon_server_0 = 0; + uint32_t size_computername_0 = 0; + uint32_t length_computername_0 = 0; uint32_t _ptr_delta_enum_array; TALLOC_CTX *_mem_save_credential_0; TALLOC_CTX *_mem_save_return_authenticator_0; @@ -11709,18 +12049,22 @@ static enum ndr_err_code ndr_pull_netr_DatabaseSync2(struct ndr_pull *ndr, int f NDR_CHECK(ndr_pull_array_size(ndr, &r->in.logon_server)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.logon_server)); - if (ndr_get_array_length(ndr, &r->in.logon_server) > ndr_get_array_size(ndr, &r->in.logon_server)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.logon_server), ndr_get_array_length(ndr, &r->in.logon_server)); + size_logon_server_0 = ndr_get_array_size(ndr, &r->in.logon_server); + length_logon_server_0 = ndr_get_array_length(ndr, &r->in.logon_server); + if (length_logon_server_0 > size_logon_server_0) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_logon_server_0, length_logon_server_0); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.logon_server), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.logon_server, ndr_get_array_length(ndr, &r->in.logon_server), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_logon_server_0, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.logon_server, length_logon_server_0, sizeof(uint16_t), CH_UTF16)); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.computername)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.computername)); - if (ndr_get_array_length(ndr, &r->in.computername) > ndr_get_array_size(ndr, &r->in.computername)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.computername), ndr_get_array_length(ndr, &r->in.computername)); + size_computername_0 = ndr_get_array_size(ndr, &r->in.computername); + length_computername_0 = ndr_get_array_length(ndr, &r->in.computername); + if (length_computername_0 > size_computername_0) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_computername_0, length_computername_0); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.computername), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.computername, ndr_get_array_length(ndr, &r->in.computername), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_computername_0, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.computername, length_computername_0, sizeof(uint16_t), CH_UTF16)); if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) { NDR_PULL_ALLOC(ndr, r->in.credential); } @@ -11891,6 +12235,10 @@ static enum ndr_err_code ndr_push_netr_DatabaseRedo(struct ndr_push *ndr, int fl static enum ndr_err_code ndr_pull_netr_DatabaseRedo(struct ndr_pull *ndr, int flags, struct netr_DatabaseRedo *r) { + uint32_t size_logon_server_0 = 0; + uint32_t length_logon_server_0 = 0; + uint32_t size_computername_0 = 0; + uint32_t length_computername_0 = 0; uint32_t _ptr_delta_enum_array; TALLOC_CTX *_mem_save_credential_0; TALLOC_CTX *_mem_save_return_authenticator_0; @@ -11901,18 +12249,22 @@ static enum ndr_err_code ndr_pull_netr_DatabaseRedo(struct ndr_pull *ndr, int fl NDR_CHECK(ndr_pull_array_size(ndr, &r->in.logon_server)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.logon_server)); - if (ndr_get_array_length(ndr, &r->in.logon_server) > ndr_get_array_size(ndr, &r->in.logon_server)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.logon_server), ndr_get_array_length(ndr, &r->in.logon_server)); + size_logon_server_0 = ndr_get_array_size(ndr, &r->in.logon_server); + length_logon_server_0 = ndr_get_array_length(ndr, &r->in.logon_server); + if (length_logon_server_0 > size_logon_server_0) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_logon_server_0, length_logon_server_0); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.logon_server), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.logon_server, ndr_get_array_length(ndr, &r->in.logon_server), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_logon_server_0, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.logon_server, length_logon_server_0, sizeof(uint16_t), CH_UTF16)); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.computername)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.computername)); - if (ndr_get_array_length(ndr, &r->in.computername) > ndr_get_array_size(ndr, &r->in.computername)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.computername), ndr_get_array_length(ndr, &r->in.computername)); + size_computername_0 = ndr_get_array_size(ndr, &r->in.computername); + length_computername_0 = ndr_get_array_length(ndr, &r->in.computername); + if (length_computername_0 > size_computername_0) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_computername_0, length_computername_0); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.computername), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.computername, ndr_get_array_length(ndr, &r->in.computername), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_computername_0, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.computername, length_computername_0, sizeof(uint16_t), CH_UTF16)); if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) { NDR_PULL_ALLOC(ndr, r->in.credential); } @@ -12048,6 +12400,8 @@ static enum ndr_err_code ndr_push_netr_LogonControl2Ex(struct ndr_push *ndr, int static enum ndr_err_code ndr_pull_netr_LogonControl2Ex(struct ndr_pull *ndr, int flags, struct netr_LogonControl2Ex *r) { uint32_t _ptr_logon_server; + uint32_t size_logon_server_1 = 0; + uint32_t length_logon_server_1 = 0; TALLOC_CTX *_mem_save_logon_server_0; TALLOC_CTX *_mem_save_data_0; TALLOC_CTX *_mem_save_query_0; @@ -12065,11 +12419,13 @@ static enum ndr_err_code ndr_pull_netr_LogonControl2Ex(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->in.logon_server, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.logon_server)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.logon_server)); - if (ndr_get_array_length(ndr, &r->in.logon_server) > ndr_get_array_size(ndr, &r->in.logon_server)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.logon_server), ndr_get_array_length(ndr, &r->in.logon_server)); + size_logon_server_1 = ndr_get_array_size(ndr, &r->in.logon_server); + length_logon_server_1 = ndr_get_array_length(ndr, &r->in.logon_server); + if (length_logon_server_1 > size_logon_server_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_logon_server_1, length_logon_server_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.logon_server), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.logon_server, ndr_get_array_length(ndr, &r->in.logon_server), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_logon_server_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.logon_server, length_logon_server_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_logon_server_0, 0); } NDR_CHECK(ndr_pull_netr_LogonControlCode(ndr, NDR_SCALARS, &r->in.function_code)); @@ -12162,6 +12518,8 @@ static enum ndr_err_code ndr_push_netr_NetrEnumerateTrustedDomains(struct ndr_pu static enum ndr_err_code ndr_pull_netr_NetrEnumerateTrustedDomains(struct ndr_pull *ndr, int flags, struct netr_NetrEnumerateTrustedDomains *r) { uint32_t _ptr_server_name; + uint32_t size_server_name_1 = 0; + uint32_t length_server_name_1 = 0; TALLOC_CTX *_mem_save_server_name_0; TALLOC_CTX *_mem_save_trusted_domains_blob_0; if (flags & NDR_IN) { @@ -12178,11 +12536,13 @@ static enum ndr_err_code ndr_pull_netr_NetrEnumerateTrustedDomains(struct ndr_pu NDR_PULL_SET_MEM_CTX(ndr, r->in.server_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.server_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.server_name)); - if (ndr_get_array_length(ndr, &r->in.server_name) > ndr_get_array_size(ndr, &r->in.server_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.server_name), ndr_get_array_length(ndr, &r->in.server_name)); + size_server_name_1 = ndr_get_array_size(ndr, &r->in.server_name); + length_server_name_1 = ndr_get_array_length(ndr, &r->in.server_name); + if (length_server_name_1 > size_server_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_name_1, length_server_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.server_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_name, ndr_get_array_length(ndr, &r->in.server_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_name, length_server_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_name_0, 0); } NDR_PULL_ALLOC(ndr, r->out.trusted_domains_blob); @@ -12275,7 +12635,11 @@ static enum ndr_err_code ndr_push_netr_DsRGetDCName(struct ndr_push *ndr, int fl static enum ndr_err_code ndr_pull_netr_DsRGetDCName(struct ndr_pull *ndr, int flags, struct netr_DsRGetDCName *r) { uint32_t _ptr_server_unc; + uint32_t size_server_unc_1 = 0; + uint32_t length_server_unc_1 = 0; uint32_t _ptr_domain_name; + uint32_t size_domain_name_1 = 0; + uint32_t length_domain_name_1 = 0; uint32_t _ptr_domain_guid; uint32_t _ptr_site_guid; uint32_t _ptr_info; @@ -12299,11 +12663,13 @@ static enum ndr_err_code ndr_pull_netr_DsRGetDCName(struct ndr_pull *ndr, int fl NDR_PULL_SET_MEM_CTX(ndr, r->in.server_unc, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.server_unc)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.server_unc)); - if (ndr_get_array_length(ndr, &r->in.server_unc) > ndr_get_array_size(ndr, &r->in.server_unc)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.server_unc), ndr_get_array_length(ndr, &r->in.server_unc)); + size_server_unc_1 = ndr_get_array_size(ndr, &r->in.server_unc); + length_server_unc_1 = ndr_get_array_length(ndr, &r->in.server_unc); + if (length_server_unc_1 > size_server_unc_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_unc_1, length_server_unc_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.server_unc), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_unc, ndr_get_array_length(ndr, &r->in.server_unc), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_unc_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_unc, length_server_unc_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_unc_0, 0); } NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_domain_name)); @@ -12317,11 +12683,13 @@ static enum ndr_err_code ndr_pull_netr_DsRGetDCName(struct ndr_pull *ndr, int fl NDR_PULL_SET_MEM_CTX(ndr, r->in.domain_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.domain_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.domain_name)); - if (ndr_get_array_length(ndr, &r->in.domain_name) > ndr_get_array_size(ndr, &r->in.domain_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.domain_name), ndr_get_array_length(ndr, &r->in.domain_name)); + size_domain_name_1 = ndr_get_array_size(ndr, &r->in.domain_name); + length_domain_name_1 = ndr_get_array_length(ndr, &r->in.domain_name); + if (length_domain_name_1 > size_domain_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_domain_name_1, length_domain_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.domain_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.domain_name, ndr_get_array_length(ndr, &r->in.domain_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_domain_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.domain_name, length_domain_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_domain_name_0, 0); } NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_domain_guid)); @@ -12472,7 +12840,11 @@ static enum ndr_err_code ndr_push_netr_LogonGetCapabilities(struct ndr_push *ndr static enum ndr_err_code ndr_pull_netr_LogonGetCapabilities(struct ndr_pull *ndr, int flags, struct netr_LogonGetCapabilities *r) { + uint32_t size_server_name_0 = 0; + uint32_t length_server_name_0 = 0; uint32_t _ptr_computer_name; + uint32_t size_computer_name_1 = 0; + uint32_t length_computer_name_1 = 0; TALLOC_CTX *_mem_save_computer_name_0; TALLOC_CTX *_mem_save_credential_0; TALLOC_CTX *_mem_save_return_authenticator_0; @@ -12482,11 +12854,13 @@ static enum ndr_err_code ndr_pull_netr_LogonGetCapabilities(struct ndr_pull *ndr NDR_CHECK(ndr_pull_array_size(ndr, &r->in.server_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.server_name)); - if (ndr_get_array_length(ndr, &r->in.server_name) > ndr_get_array_size(ndr, &r->in.server_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.server_name), ndr_get_array_length(ndr, &r->in.server_name)); + size_server_name_0 = ndr_get_array_size(ndr, &r->in.server_name); + length_server_name_0 = ndr_get_array_length(ndr, &r->in.server_name); + if (length_server_name_0 > size_server_name_0) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_name_0, length_server_name_0); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.server_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_name, ndr_get_array_length(ndr, &r->in.server_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_name_0, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_name, length_server_name_0, sizeof(uint16_t), CH_UTF16)); NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_computer_name)); if (_ptr_computer_name) { NDR_PULL_ALLOC(ndr, r->in.computer_name); @@ -12498,11 +12872,13 @@ static enum ndr_err_code ndr_pull_netr_LogonGetCapabilities(struct ndr_pull *ndr NDR_PULL_SET_MEM_CTX(ndr, r->in.computer_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.computer_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.computer_name)); - if (ndr_get_array_length(ndr, &r->in.computer_name) > ndr_get_array_size(ndr, &r->in.computer_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.computer_name), ndr_get_array_length(ndr, &r->in.computer_name)); + size_computer_name_1 = ndr_get_array_size(ndr, &r->in.computer_name); + length_computer_name_1 = ndr_get_array_length(ndr, &r->in.computer_name); + if (length_computer_name_1 > size_computer_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_computer_name_1, length_computer_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.computer_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.computer_name, ndr_get_array_length(ndr, &r->in.computer_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_computer_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.computer_name, length_computer_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_computer_name_0, 0); } if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) { @@ -12664,7 +13040,11 @@ static enum ndr_err_code ndr_push_netr_LogonGetTrustRid(struct ndr_push *ndr, in static enum ndr_err_code ndr_pull_netr_LogonGetTrustRid(struct ndr_pull *ndr, int flags, struct netr_LogonGetTrustRid *r) { uint32_t _ptr_server_name; + uint32_t size_server_name_1 = 0; + uint32_t length_server_name_1 = 0; uint32_t _ptr_domain_name; + uint32_t size_domain_name_1 = 0; + uint32_t length_domain_name_1 = 0; TALLOC_CTX *_mem_save_server_name_0; TALLOC_CTX *_mem_save_domain_name_0; TALLOC_CTX *_mem_save_rid_0; @@ -12682,11 +13062,13 @@ static enum ndr_err_code ndr_pull_netr_LogonGetTrustRid(struct ndr_pull *ndr, in NDR_PULL_SET_MEM_CTX(ndr, r->in.server_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.server_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.server_name)); - if (ndr_get_array_length(ndr, &r->in.server_name) > ndr_get_array_size(ndr, &r->in.server_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.server_name), ndr_get_array_length(ndr, &r->in.server_name)); + size_server_name_1 = ndr_get_array_size(ndr, &r->in.server_name); + length_server_name_1 = ndr_get_array_length(ndr, &r->in.server_name); + if (length_server_name_1 > size_server_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_name_1, length_server_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.server_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_name, ndr_get_array_length(ndr, &r->in.server_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_name, length_server_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_name_0, 0); } NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_domain_name)); @@ -12700,11 +13082,13 @@ static enum ndr_err_code ndr_pull_netr_LogonGetTrustRid(struct ndr_pull *ndr, in NDR_PULL_SET_MEM_CTX(ndr, r->in.domain_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.domain_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.domain_name)); - if (ndr_get_array_length(ndr, &r->in.domain_name) > ndr_get_array_size(ndr, &r->in.domain_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.domain_name), ndr_get_array_length(ndr, &r->in.domain_name)); + size_domain_name_1 = ndr_get_array_size(ndr, &r->in.domain_name); + length_domain_name_1 = ndr_get_array_length(ndr, &r->in.domain_name); + if (length_domain_name_1 > size_domain_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_domain_name_1, length_domain_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.domain_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.domain_name, ndr_get_array_length(ndr, &r->in.domain_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_domain_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.domain_name, length_domain_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_domain_name_0, 0); } NDR_PULL_ALLOC(ndr, r->out.rid); @@ -12891,6 +13275,12 @@ _PUBLIC_ enum ndr_err_code ndr_push_netr_ServerAuthenticate3(struct ndr_push *nd _PUBLIC_ enum ndr_err_code ndr_pull_netr_ServerAuthenticate3(struct ndr_pull *ndr, int flags, struct netr_ServerAuthenticate3 *r) { uint32_t _ptr_server_name; + uint32_t size_server_name_1 = 0; + uint32_t length_server_name_1 = 0; + uint32_t size_account_name_0 = 0; + uint32_t length_account_name_0 = 0; + uint32_t size_computer_name_0 = 0; + uint32_t length_computer_name_0 = 0; TALLOC_CTX *_mem_save_server_name_0; TALLOC_CTX *_mem_save_credentials_0; TALLOC_CTX *_mem_save_return_credentials_0; @@ -12910,28 +13300,34 @@ _PUBLIC_ enum ndr_err_code ndr_pull_netr_ServerAuthenticate3(struct ndr_pull *nd NDR_PULL_SET_MEM_CTX(ndr, r->in.server_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.server_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.server_name)); - if (ndr_get_array_length(ndr, &r->in.server_name) > ndr_get_array_size(ndr, &r->in.server_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.server_name), ndr_get_array_length(ndr, &r->in.server_name)); + size_server_name_1 = ndr_get_array_size(ndr, &r->in.server_name); + length_server_name_1 = ndr_get_array_length(ndr, &r->in.server_name); + if (length_server_name_1 > size_server_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_name_1, length_server_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.server_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_name, ndr_get_array_length(ndr, &r->in.server_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_name, length_server_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_name_0, 0); } NDR_CHECK(ndr_pull_array_size(ndr, &r->in.account_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.account_name)); - if (ndr_get_array_length(ndr, &r->in.account_name) > ndr_get_array_size(ndr, &r->in.account_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.account_name), ndr_get_array_length(ndr, &r->in.account_name)); + size_account_name_0 = ndr_get_array_size(ndr, &r->in.account_name); + length_account_name_0 = ndr_get_array_length(ndr, &r->in.account_name); + if (length_account_name_0 > size_account_name_0) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_account_name_0, length_account_name_0); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.account_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.account_name, ndr_get_array_length(ndr, &r->in.account_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_account_name_0, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.account_name, length_account_name_0, sizeof(uint16_t), CH_UTF16)); NDR_CHECK(ndr_pull_netr_SchannelType(ndr, NDR_SCALARS, &r->in.secure_channel_type)); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.computer_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.computer_name)); - if (ndr_get_array_length(ndr, &r->in.computer_name) > ndr_get_array_size(ndr, &r->in.computer_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.computer_name), ndr_get_array_length(ndr, &r->in.computer_name)); + size_computer_name_0 = ndr_get_array_size(ndr, &r->in.computer_name); + length_computer_name_0 = ndr_get_array_length(ndr, &r->in.computer_name); + if (length_computer_name_0 > size_computer_name_0) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_computer_name_0, length_computer_name_0); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.computer_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.computer_name, ndr_get_array_length(ndr, &r->in.computer_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_computer_name_0, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.computer_name, length_computer_name_0, sizeof(uint16_t), CH_UTF16)); if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) { NDR_PULL_ALLOC(ndr, r->in.credentials); } @@ -13076,9 +13472,15 @@ static enum ndr_err_code ndr_push_netr_DsRGetDCNameEx(struct ndr_push *ndr, int static enum ndr_err_code ndr_pull_netr_DsRGetDCNameEx(struct ndr_pull *ndr, int flags, struct netr_DsRGetDCNameEx *r) { uint32_t _ptr_server_unc; + uint32_t size_server_unc_1 = 0; + uint32_t length_server_unc_1 = 0; uint32_t _ptr_domain_name; + uint32_t size_domain_name_1 = 0; + uint32_t length_domain_name_1 = 0; uint32_t _ptr_domain_guid; uint32_t _ptr_site_name; + uint32_t size_site_name_1 = 0; + uint32_t length_site_name_1 = 0; uint32_t _ptr_info; TALLOC_CTX *_mem_save_server_unc_0; TALLOC_CTX *_mem_save_domain_name_0; @@ -13100,11 +13502,13 @@ static enum ndr_err_code ndr_pull_netr_DsRGetDCNameEx(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->in.server_unc, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.server_unc)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.server_unc)); - if (ndr_get_array_length(ndr, &r->in.server_unc) > ndr_get_array_size(ndr, &r->in.server_unc)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.server_unc), ndr_get_array_length(ndr, &r->in.server_unc)); + size_server_unc_1 = ndr_get_array_size(ndr, &r->in.server_unc); + length_server_unc_1 = ndr_get_array_length(ndr, &r->in.server_unc); + if (length_server_unc_1 > size_server_unc_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_unc_1, length_server_unc_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.server_unc), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_unc, ndr_get_array_length(ndr, &r->in.server_unc), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_unc_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_unc, length_server_unc_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_unc_0, 0); } NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_domain_name)); @@ -13118,11 +13522,13 @@ static enum ndr_err_code ndr_pull_netr_DsRGetDCNameEx(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->in.domain_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.domain_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.domain_name)); - if (ndr_get_array_length(ndr, &r->in.domain_name) > ndr_get_array_size(ndr, &r->in.domain_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.domain_name), ndr_get_array_length(ndr, &r->in.domain_name)); + size_domain_name_1 = ndr_get_array_size(ndr, &r->in.domain_name); + length_domain_name_1 = ndr_get_array_length(ndr, &r->in.domain_name); + if (length_domain_name_1 > size_domain_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_domain_name_1, length_domain_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.domain_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.domain_name, ndr_get_array_length(ndr, &r->in.domain_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_domain_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.domain_name, length_domain_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_domain_name_0, 0); } NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_domain_guid)); @@ -13148,11 +13554,13 @@ static enum ndr_err_code ndr_pull_netr_DsRGetDCNameEx(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->in.site_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.site_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.site_name)); - if (ndr_get_array_length(ndr, &r->in.site_name) > ndr_get_array_size(ndr, &r->in.site_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.site_name), ndr_get_array_length(ndr, &r->in.site_name)); + size_site_name_1 = ndr_get_array_size(ndr, &r->in.site_name); + length_site_name_1 = ndr_get_array_length(ndr, &r->in.site_name); + if (length_site_name_1 > size_site_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_site_name_1, length_site_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.site_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.site_name, ndr_get_array_length(ndr, &r->in.site_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_site_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.site_name, length_site_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_site_name_0, 0); } NDR_CHECK(ndr_pull_netr_DsRGetDCName_flags(ndr, NDR_SCALARS, &r->in.flags)); @@ -13268,7 +13676,11 @@ static enum ndr_err_code ndr_push_netr_DsRGetSiteName(struct ndr_push *ndr, int static enum ndr_err_code ndr_pull_netr_DsRGetSiteName(struct ndr_pull *ndr, int flags, struct netr_DsRGetSiteName *r) { uint32_t _ptr_computer_name; + uint32_t size_computer_name_1 = 0; + uint32_t length_computer_name_1 = 0; uint32_t _ptr_site; + uint32_t size_site_2 = 0; + uint32_t length_site_2 = 0; TALLOC_CTX *_mem_save_computer_name_0; TALLOC_CTX *_mem_save_site_0; TALLOC_CTX *_mem_save_site_1; @@ -13286,11 +13698,13 @@ static enum ndr_err_code ndr_pull_netr_DsRGetSiteName(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->in.computer_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.computer_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.computer_name)); - if (ndr_get_array_length(ndr, &r->in.computer_name) > ndr_get_array_size(ndr, &r->in.computer_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.computer_name), ndr_get_array_length(ndr, &r->in.computer_name)); + size_computer_name_1 = ndr_get_array_size(ndr, &r->in.computer_name); + length_computer_name_1 = ndr_get_array_length(ndr, &r->in.computer_name); + if (length_computer_name_1 > size_computer_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_computer_name_1, length_computer_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.computer_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.computer_name, ndr_get_array_length(ndr, &r->in.computer_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_computer_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.computer_name, length_computer_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_computer_name_0, 0); } NDR_PULL_ALLOC(ndr, r->out.site); @@ -13313,11 +13727,13 @@ static enum ndr_err_code ndr_pull_netr_DsRGetSiteName(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, *r->out.site, 0); NDR_CHECK(ndr_pull_array_size(ndr, r->out.site)); NDR_CHECK(ndr_pull_array_length(ndr, r->out.site)); - if (ndr_get_array_length(ndr, r->out.site) > ndr_get_array_size(ndr, r->out.site)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, r->out.site), ndr_get_array_length(ndr, r->out.site)); + size_site_2 = ndr_get_array_size(ndr, r->out.site); + length_site_2 = ndr_get_array_length(ndr, r->out.site); + if (length_site_2 > size_site_2) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_site_2, length_site_2); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, r->out.site), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, r->out.site, ndr_get_array_length(ndr, r->out.site), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_site_2, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, r->out.site, length_site_2, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_site_1, 0); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_site_0, LIBNDR_FLAG_REF_ALLOC); @@ -13405,7 +13821,11 @@ static enum ndr_err_code ndr_push_netr_LogonGetDomainInfo(struct ndr_push *ndr, static enum ndr_err_code ndr_pull_netr_LogonGetDomainInfo(struct ndr_pull *ndr, int flags, struct netr_LogonGetDomainInfo *r) { + uint32_t size_server_name_0 = 0; + uint32_t length_server_name_0 = 0; uint32_t _ptr_computer_name; + uint32_t size_computer_name_1 = 0; + uint32_t length_computer_name_1 = 0; TALLOC_CTX *_mem_save_computer_name_0; TALLOC_CTX *_mem_save_credential_0; TALLOC_CTX *_mem_save_return_authenticator_0; @@ -13415,11 +13835,13 @@ static enum ndr_err_code ndr_pull_netr_LogonGetDomainInfo(struct ndr_pull *ndr, NDR_CHECK(ndr_pull_array_size(ndr, &r->in.server_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.server_name)); - if (ndr_get_array_length(ndr, &r->in.server_name) > ndr_get_array_size(ndr, &r->in.server_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.server_name), ndr_get_array_length(ndr, &r->in.server_name)); + size_server_name_0 = ndr_get_array_size(ndr, &r->in.server_name); + length_server_name_0 = ndr_get_array_length(ndr, &r->in.server_name); + if (length_server_name_0 > size_server_name_0) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_name_0, length_server_name_0); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.server_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_name, ndr_get_array_length(ndr, &r->in.server_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_name_0, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_name, length_server_name_0, sizeof(uint16_t), CH_UTF16)); NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_computer_name)); if (_ptr_computer_name) { NDR_PULL_ALLOC(ndr, r->in.computer_name); @@ -13431,11 +13853,13 @@ static enum ndr_err_code ndr_pull_netr_LogonGetDomainInfo(struct ndr_pull *ndr, NDR_PULL_SET_MEM_CTX(ndr, r->in.computer_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.computer_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.computer_name)); - if (ndr_get_array_length(ndr, &r->in.computer_name) > ndr_get_array_size(ndr, &r->in.computer_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.computer_name), ndr_get_array_length(ndr, &r->in.computer_name)); + size_computer_name_1 = ndr_get_array_size(ndr, &r->in.computer_name); + length_computer_name_1 = ndr_get_array_length(ndr, &r->in.computer_name); + if (length_computer_name_1 > size_computer_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_computer_name_1, length_computer_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.computer_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.computer_name, ndr_get_array_length(ndr, &r->in.computer_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_computer_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.computer_name, length_computer_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_computer_name_0, 0); } if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) { @@ -13570,6 +13994,12 @@ static enum ndr_err_code ndr_push_netr_ServerPasswordSet2(struct ndr_push *ndr, static enum ndr_err_code ndr_pull_netr_ServerPasswordSet2(struct ndr_pull *ndr, int flags, struct netr_ServerPasswordSet2 *r) { uint32_t _ptr_server_name; + uint32_t size_server_name_1 = 0; + uint32_t length_server_name_1 = 0; + uint32_t size_account_name_0 = 0; + uint32_t length_account_name_0 = 0; + uint32_t size_computer_name_0 = 0; + uint32_t length_computer_name_0 = 0; TALLOC_CTX *_mem_save_server_name_0; TALLOC_CTX *_mem_save_credential_0; TALLOC_CTX *_mem_save_return_authenticator_0; @@ -13588,28 +14018,34 @@ static enum ndr_err_code ndr_pull_netr_ServerPasswordSet2(struct ndr_pull *ndr, NDR_PULL_SET_MEM_CTX(ndr, r->in.server_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.server_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.server_name)); - if (ndr_get_array_length(ndr, &r->in.server_name) > ndr_get_array_size(ndr, &r->in.server_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.server_name), ndr_get_array_length(ndr, &r->in.server_name)); + size_server_name_1 = ndr_get_array_size(ndr, &r->in.server_name); + length_server_name_1 = ndr_get_array_length(ndr, &r->in.server_name); + if (length_server_name_1 > size_server_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_name_1, length_server_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.server_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_name, ndr_get_array_length(ndr, &r->in.server_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_name, length_server_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_name_0, 0); } NDR_CHECK(ndr_pull_array_size(ndr, &r->in.account_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.account_name)); - if (ndr_get_array_length(ndr, &r->in.account_name) > ndr_get_array_size(ndr, &r->in.account_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.account_name), ndr_get_array_length(ndr, &r->in.account_name)); + size_account_name_0 = ndr_get_array_size(ndr, &r->in.account_name); + length_account_name_0 = ndr_get_array_length(ndr, &r->in.account_name); + if (length_account_name_0 > size_account_name_0) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_account_name_0, length_account_name_0); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.account_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.account_name, ndr_get_array_length(ndr, &r->in.account_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_account_name_0, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.account_name, length_account_name_0, sizeof(uint16_t), CH_UTF16)); NDR_CHECK(ndr_pull_netr_SchannelType(ndr, NDR_SCALARS, &r->in.secure_channel_type)); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.computer_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.computer_name)); - if (ndr_get_array_length(ndr, &r->in.computer_name) > ndr_get_array_size(ndr, &r->in.computer_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.computer_name), ndr_get_array_length(ndr, &r->in.computer_name)); + size_computer_name_0 = ndr_get_array_size(ndr, &r->in.computer_name); + length_computer_name_0 = ndr_get_array_length(ndr, &r->in.computer_name); + if (length_computer_name_0 > size_computer_name_0) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_computer_name_0, length_computer_name_0); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.computer_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.computer_name, ndr_get_array_length(ndr, &r->in.computer_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_computer_name_0, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.computer_name, length_computer_name_0, sizeof(uint16_t), CH_UTF16)); if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) { NDR_PULL_ALLOC(ndr, r->in.credential); } @@ -13723,6 +14159,12 @@ static enum ndr_err_code ndr_push_netr_ServerPasswordGet(struct ndr_push *ndr, i static enum ndr_err_code ndr_pull_netr_ServerPasswordGet(struct ndr_pull *ndr, int flags, struct netr_ServerPasswordGet *r) { uint32_t _ptr_server_name; + uint32_t size_server_name_1 = 0; + uint32_t length_server_name_1 = 0; + uint32_t size_account_name_0 = 0; + uint32_t length_account_name_0 = 0; + uint32_t size_computer_name_0 = 0; + uint32_t length_computer_name_0 = 0; TALLOC_CTX *_mem_save_server_name_0; TALLOC_CTX *_mem_save_credential_0; TALLOC_CTX *_mem_save_return_authenticator_0; @@ -13741,28 +14183,34 @@ static enum ndr_err_code ndr_pull_netr_ServerPasswordGet(struct ndr_pull *ndr, i NDR_PULL_SET_MEM_CTX(ndr, r->in.server_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.server_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.server_name)); - if (ndr_get_array_length(ndr, &r->in.server_name) > ndr_get_array_size(ndr, &r->in.server_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.server_name), ndr_get_array_length(ndr, &r->in.server_name)); + size_server_name_1 = ndr_get_array_size(ndr, &r->in.server_name); + length_server_name_1 = ndr_get_array_length(ndr, &r->in.server_name); + if (length_server_name_1 > size_server_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_name_1, length_server_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.server_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_name, ndr_get_array_length(ndr, &r->in.server_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_name, length_server_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_name_0, 0); } NDR_CHECK(ndr_pull_array_size(ndr, &r->in.account_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.account_name)); - if (ndr_get_array_length(ndr, &r->in.account_name) > ndr_get_array_size(ndr, &r->in.account_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.account_name), ndr_get_array_length(ndr, &r->in.account_name)); + size_account_name_0 = ndr_get_array_size(ndr, &r->in.account_name); + length_account_name_0 = ndr_get_array_length(ndr, &r->in.account_name); + if (length_account_name_0 > size_account_name_0) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_account_name_0, length_account_name_0); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.account_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.account_name, ndr_get_array_length(ndr, &r->in.account_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_account_name_0, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.account_name, length_account_name_0, sizeof(uint16_t), CH_UTF16)); NDR_CHECK(ndr_pull_netr_SchannelType(ndr, NDR_SCALARS, &r->in.secure_channel_type)); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.computer_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.computer_name)); - if (ndr_get_array_length(ndr, &r->in.computer_name) > ndr_get_array_size(ndr, &r->in.computer_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.computer_name), ndr_get_array_length(ndr, &r->in.computer_name)); + size_computer_name_0 = ndr_get_array_size(ndr, &r->in.computer_name); + length_computer_name_0 = ndr_get_array_length(ndr, &r->in.computer_name); + if (length_computer_name_0 > size_computer_name_0) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_computer_name_0, length_computer_name_0); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.computer_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.computer_name, ndr_get_array_length(ndr, &r->in.computer_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_computer_name_0, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.computer_name, length_computer_name_0, sizeof(uint16_t), CH_UTF16)); if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) { NDR_PULL_ALLOC(ndr, r->in.credential); } @@ -13917,6 +14365,9 @@ static enum ndr_err_code ndr_push_netr_DsRAddressToSitenamesW(struct ndr_push *n static enum ndr_err_code ndr_pull_netr_DsRAddressToSitenamesW(struct ndr_pull *ndr, int flags, struct netr_DsRAddressToSitenamesW *r) { uint32_t _ptr_server_name; + uint32_t size_server_name_1 = 0; + uint32_t length_server_name_1 = 0; + uint32_t size_addresses_1 = 0; uint32_t cntr_addresses_1; uint32_t _ptr_ctr; TALLOC_CTX *_mem_save_server_name_0; @@ -13937,11 +14388,13 @@ static enum ndr_err_code ndr_pull_netr_DsRAddressToSitenamesW(struct ndr_pull *n NDR_PULL_SET_MEM_CTX(ndr, r->in.server_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.server_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.server_name)); - if (ndr_get_array_length(ndr, &r->in.server_name) > ndr_get_array_size(ndr, &r->in.server_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.server_name), ndr_get_array_length(ndr, &r->in.server_name)); + size_server_name_1 = ndr_get_array_size(ndr, &r->in.server_name); + length_server_name_1 = ndr_get_array_length(ndr, &r->in.server_name); + if (length_server_name_1 > size_server_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_name_1, length_server_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.server_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_name, ndr_get_array_length(ndr, &r->in.server_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_name, length_server_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_name_0, 0); } NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.count)); @@ -13949,15 +14402,16 @@ static enum ndr_err_code ndr_pull_netr_DsRAddressToSitenamesW(struct ndr_pull *n return ndr_pull_error(ndr, NDR_ERR_RANGE, "value out of range"); } NDR_CHECK(ndr_pull_array_size(ndr, &r->in.addresses)); + size_addresses_1 = ndr_get_array_size(ndr, &r->in.addresses); if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) { - NDR_PULL_ALLOC_N(ndr, r->in.addresses, ndr_get_array_size(ndr, &r->in.addresses)); + NDR_PULL_ALLOC_N(ndr, r->in.addresses, size_addresses_1); } _mem_save_addresses_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->in.addresses, 0); - for (cntr_addresses_1 = 0; cntr_addresses_1 < r->in.count; cntr_addresses_1++) { + for (cntr_addresses_1 = 0; cntr_addresses_1 < size_addresses_1; cntr_addresses_1++) { NDR_CHECK(ndr_pull_netr_DsRAddress(ndr, NDR_SCALARS, &r->in.addresses[cntr_addresses_1])); } - for (cntr_addresses_1 = 0; cntr_addresses_1 < r->in.count; cntr_addresses_1++) { + for (cntr_addresses_1 = 0; cntr_addresses_1 < size_addresses_1; cntr_addresses_1++) { NDR_CHECK(ndr_pull_netr_DsRAddress(ndr, NDR_BUFFERS, &r->in.addresses[cntr_addresses_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_addresses_1, 0); @@ -14096,10 +14550,18 @@ static enum ndr_err_code ndr_push_netr_DsRGetDCNameEx2(struct ndr_push *ndr, int static enum ndr_err_code ndr_pull_netr_DsRGetDCNameEx2(struct ndr_pull *ndr, int flags, struct netr_DsRGetDCNameEx2 *r) { uint32_t _ptr_server_unc; + uint32_t size_server_unc_1 = 0; + uint32_t length_server_unc_1 = 0; uint32_t _ptr_client_account; + uint32_t size_client_account_1 = 0; + uint32_t length_client_account_1 = 0; uint32_t _ptr_domain_name; + uint32_t size_domain_name_1 = 0; + uint32_t length_domain_name_1 = 0; uint32_t _ptr_domain_guid; uint32_t _ptr_site_name; + uint32_t size_site_name_1 = 0; + uint32_t length_site_name_1 = 0; uint32_t _ptr_info; TALLOC_CTX *_mem_save_server_unc_0; TALLOC_CTX *_mem_save_client_account_0; @@ -14122,11 +14584,13 @@ static enum ndr_err_code ndr_pull_netr_DsRGetDCNameEx2(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->in.server_unc, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.server_unc)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.server_unc)); - if (ndr_get_array_length(ndr, &r->in.server_unc) > ndr_get_array_size(ndr, &r->in.server_unc)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.server_unc), ndr_get_array_length(ndr, &r->in.server_unc)); + size_server_unc_1 = ndr_get_array_size(ndr, &r->in.server_unc); + length_server_unc_1 = ndr_get_array_length(ndr, &r->in.server_unc); + if (length_server_unc_1 > size_server_unc_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_unc_1, length_server_unc_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.server_unc), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_unc, ndr_get_array_length(ndr, &r->in.server_unc), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_unc_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_unc, length_server_unc_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_unc_0, 0); } NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_client_account)); @@ -14140,11 +14604,13 @@ static enum ndr_err_code ndr_pull_netr_DsRGetDCNameEx2(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->in.client_account, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.client_account)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.client_account)); - if (ndr_get_array_length(ndr, &r->in.client_account) > ndr_get_array_size(ndr, &r->in.client_account)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.client_account), ndr_get_array_length(ndr, &r->in.client_account)); + size_client_account_1 = ndr_get_array_size(ndr, &r->in.client_account); + length_client_account_1 = ndr_get_array_length(ndr, &r->in.client_account); + if (length_client_account_1 > size_client_account_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_client_account_1, length_client_account_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.client_account), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.client_account, ndr_get_array_length(ndr, &r->in.client_account), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_client_account_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.client_account, length_client_account_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_client_account_0, 0); } NDR_CHECK(ndr_pull_samr_AcctFlags(ndr, NDR_SCALARS, &r->in.mask)); @@ -14159,11 +14625,13 @@ static enum ndr_err_code ndr_pull_netr_DsRGetDCNameEx2(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->in.domain_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.domain_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.domain_name)); - if (ndr_get_array_length(ndr, &r->in.domain_name) > ndr_get_array_size(ndr, &r->in.domain_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.domain_name), ndr_get_array_length(ndr, &r->in.domain_name)); + size_domain_name_1 = ndr_get_array_size(ndr, &r->in.domain_name); + length_domain_name_1 = ndr_get_array_length(ndr, &r->in.domain_name); + if (length_domain_name_1 > size_domain_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_domain_name_1, length_domain_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.domain_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.domain_name, ndr_get_array_length(ndr, &r->in.domain_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_domain_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.domain_name, length_domain_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_domain_name_0, 0); } NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_domain_guid)); @@ -14189,11 +14657,13 @@ static enum ndr_err_code ndr_pull_netr_DsRGetDCNameEx2(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->in.site_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.site_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.site_name)); - if (ndr_get_array_length(ndr, &r->in.site_name) > ndr_get_array_size(ndr, &r->in.site_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.site_name), ndr_get_array_length(ndr, &r->in.site_name)); + size_site_name_1 = ndr_get_array_size(ndr, &r->in.site_name); + length_site_name_1 = ndr_get_array_length(ndr, &r->in.site_name); + if (length_site_name_1 > size_site_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_site_name_1, length_site_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.site_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.site_name, ndr_get_array_length(ndr, &r->in.site_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_site_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.site_name, length_site_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_site_name_0, 0); } NDR_CHECK(ndr_pull_netr_DsRGetDCName_flags(ndr, NDR_SCALARS, &r->in.flags)); @@ -14351,6 +14821,8 @@ static enum ndr_err_code ndr_push_netr_NetrEnumerateTrustedDomainsEx(struct ndr_ static enum ndr_err_code ndr_pull_netr_NetrEnumerateTrustedDomainsEx(struct ndr_pull *ndr, int flags, struct netr_NetrEnumerateTrustedDomainsEx *r) { uint32_t _ptr_server_name; + uint32_t size_server_name_1 = 0; + uint32_t length_server_name_1 = 0; TALLOC_CTX *_mem_save_server_name_0; TALLOC_CTX *_mem_save_dom_trust_list_0; if (flags & NDR_IN) { @@ -14367,11 +14839,13 @@ static enum ndr_err_code ndr_pull_netr_NetrEnumerateTrustedDomainsEx(struct ndr_ NDR_PULL_SET_MEM_CTX(ndr, r->in.server_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.server_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.server_name)); - if (ndr_get_array_length(ndr, &r->in.server_name) > ndr_get_array_size(ndr, &r->in.server_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.server_name), ndr_get_array_length(ndr, &r->in.server_name)); + size_server_name_1 = ndr_get_array_size(ndr, &r->in.server_name); + length_server_name_1 = ndr_get_array_length(ndr, &r->in.server_name); + if (length_server_name_1 > size_server_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_name_1, length_server_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.server_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_name, ndr_get_array_length(ndr, &r->in.server_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_name, length_server_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_name_0, 0); } NDR_PULL_ALLOC(ndr, r->out.dom_trust_list); @@ -14460,6 +14934,9 @@ static enum ndr_err_code ndr_push_netr_DsRAddressToSitenamesExW(struct ndr_push static enum ndr_err_code ndr_pull_netr_DsRAddressToSitenamesExW(struct ndr_pull *ndr, int flags, struct netr_DsRAddressToSitenamesExW *r) { uint32_t _ptr_server_name; + uint32_t size_server_name_1 = 0; + uint32_t length_server_name_1 = 0; + uint32_t size_addresses_1 = 0; uint32_t cntr_addresses_1; uint32_t _ptr_ctr; TALLOC_CTX *_mem_save_server_name_0; @@ -14480,11 +14957,13 @@ static enum ndr_err_code ndr_pull_netr_DsRAddressToSitenamesExW(struct ndr_pull NDR_PULL_SET_MEM_CTX(ndr, r->in.server_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.server_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.server_name)); - if (ndr_get_array_length(ndr, &r->in.server_name) > ndr_get_array_size(ndr, &r->in.server_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.server_name), ndr_get_array_length(ndr, &r->in.server_name)); + size_server_name_1 = ndr_get_array_size(ndr, &r->in.server_name); + length_server_name_1 = ndr_get_array_length(ndr, &r->in.server_name); + if (length_server_name_1 > size_server_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_name_1, length_server_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.server_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_name, ndr_get_array_length(ndr, &r->in.server_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_name, length_server_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_name_0, 0); } NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.count)); @@ -14492,15 +14971,16 @@ static enum ndr_err_code ndr_pull_netr_DsRAddressToSitenamesExW(struct ndr_pull return ndr_pull_error(ndr, NDR_ERR_RANGE, "value out of range"); } NDR_CHECK(ndr_pull_array_size(ndr, &r->in.addresses)); + size_addresses_1 = ndr_get_array_size(ndr, &r->in.addresses); if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) { - NDR_PULL_ALLOC_N(ndr, r->in.addresses, ndr_get_array_size(ndr, &r->in.addresses)); + NDR_PULL_ALLOC_N(ndr, r->in.addresses, size_addresses_1); } _mem_save_addresses_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->in.addresses, 0); - for (cntr_addresses_1 = 0; cntr_addresses_1 < r->in.count; cntr_addresses_1++) { + for (cntr_addresses_1 = 0; cntr_addresses_1 < size_addresses_1; cntr_addresses_1++) { NDR_CHECK(ndr_pull_netr_DsRAddress(ndr, NDR_SCALARS, &r->in.addresses[cntr_addresses_1])); } - for (cntr_addresses_1 = 0; cntr_addresses_1 < r->in.count; cntr_addresses_1++) { + for (cntr_addresses_1 = 0; cntr_addresses_1 < size_addresses_1; cntr_addresses_1++) { NDR_CHECK(ndr_pull_netr_DsRAddress(ndr, NDR_BUFFERS, &r->in.addresses[cntr_addresses_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_addresses_1, 0); @@ -14612,6 +15092,8 @@ static enum ndr_err_code ndr_push_netr_DsrGetDcSiteCoverageW(struct ndr_push *nd static enum ndr_err_code ndr_pull_netr_DsrGetDcSiteCoverageW(struct ndr_pull *ndr, int flags, struct netr_DsrGetDcSiteCoverageW *r) { uint32_t _ptr_server_name; + uint32_t size_server_name_1 = 0; + uint32_t length_server_name_1 = 0; uint32_t _ptr_ctr; TALLOC_CTX *_mem_save_server_name_0; TALLOC_CTX *_mem_save_ctr_0; @@ -14630,11 +15112,13 @@ static enum ndr_err_code ndr_pull_netr_DsrGetDcSiteCoverageW(struct ndr_pull *nd NDR_PULL_SET_MEM_CTX(ndr, r->in.server_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.server_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.server_name)); - if (ndr_get_array_length(ndr, &r->in.server_name) > ndr_get_array_size(ndr, &r->in.server_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.server_name), ndr_get_array_length(ndr, &r->in.server_name)); + size_server_name_1 = ndr_get_array_size(ndr, &r->in.server_name); + length_server_name_1 = ndr_get_array_length(ndr, &r->in.server_name); + if (length_server_name_1 > size_server_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_name_1, length_server_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.server_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_name, ndr_get_array_length(ndr, &r->in.server_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_name, length_server_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_name_0, 0); } NDR_PULL_ALLOC(ndr, r->out.ctr); @@ -14751,7 +15235,11 @@ static enum ndr_err_code ndr_push_netr_LogonSamLogonEx(struct ndr_push *ndr, int static enum ndr_err_code ndr_pull_netr_LogonSamLogonEx(struct ndr_pull *ndr, int flags, struct netr_LogonSamLogonEx *r) { uint32_t _ptr_server_name; + uint32_t size_server_name_1 = 0; + uint32_t length_server_name_1 = 0; uint32_t _ptr_computer_name; + uint32_t size_computer_name_1 = 0; + uint32_t length_computer_name_1 = 0; TALLOC_CTX *_mem_save_server_name_0; TALLOC_CTX *_mem_save_computer_name_0; TALLOC_CTX *_mem_save_logon_0; @@ -14772,11 +15260,13 @@ static enum ndr_err_code ndr_pull_netr_LogonSamLogonEx(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->in.server_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.server_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.server_name)); - if (ndr_get_array_length(ndr, &r->in.server_name) > ndr_get_array_size(ndr, &r->in.server_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.server_name), ndr_get_array_length(ndr, &r->in.server_name)); + size_server_name_1 = ndr_get_array_size(ndr, &r->in.server_name); + length_server_name_1 = ndr_get_array_length(ndr, &r->in.server_name); + if (length_server_name_1 > size_server_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_name_1, length_server_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.server_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_name, ndr_get_array_length(ndr, &r->in.server_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_name, length_server_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_name_0, 0); } NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_computer_name)); @@ -14790,11 +15280,13 @@ static enum ndr_err_code ndr_pull_netr_LogonSamLogonEx(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->in.computer_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.computer_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.computer_name)); - if (ndr_get_array_length(ndr, &r->in.computer_name) > ndr_get_array_size(ndr, &r->in.computer_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.computer_name), ndr_get_array_length(ndr, &r->in.computer_name)); + size_computer_name_1 = ndr_get_array_size(ndr, &r->in.computer_name); + length_computer_name_1 = ndr_get_array_length(ndr, &r->in.computer_name); + if (length_computer_name_1 > size_computer_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_computer_name_1, length_computer_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.computer_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.computer_name, ndr_get_array_length(ndr, &r->in.computer_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_computer_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.computer_name, length_computer_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_computer_name_0, 0); } NDR_CHECK(ndr_pull_netr_LogonInfoClass(ndr, NDR_SCALARS, &r->in.logon_level)); @@ -14931,6 +15423,8 @@ static enum ndr_err_code ndr_push_netr_DsrEnumerateDomainTrusts(struct ndr_push static enum ndr_err_code ndr_pull_netr_DsrEnumerateDomainTrusts(struct ndr_pull *ndr, int flags, struct netr_DsrEnumerateDomainTrusts *r) { uint32_t _ptr_server_name; + uint32_t size_server_name_1 = 0; + uint32_t length_server_name_1 = 0; TALLOC_CTX *_mem_save_server_name_0; TALLOC_CTX *_mem_save_trusts_0; if (flags & NDR_IN) { @@ -14947,11 +15441,13 @@ static enum ndr_err_code ndr_pull_netr_DsrEnumerateDomainTrusts(struct ndr_pull NDR_PULL_SET_MEM_CTX(ndr, r->in.server_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.server_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.server_name)); - if (ndr_get_array_length(ndr, &r->in.server_name) > ndr_get_array_size(ndr, &r->in.server_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.server_name), ndr_get_array_length(ndr, &r->in.server_name)); + size_server_name_1 = ndr_get_array_size(ndr, &r->in.server_name); + length_server_name_1 = ndr_get_array_length(ndr, &r->in.server_name); + if (length_server_name_1 > size_server_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_name_1, length_server_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.server_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_name, ndr_get_array_length(ndr, &r->in.server_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_name, length_server_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_name_0, 0); } NDR_CHECK(ndr_pull_netr_TrustFlags(ndr, NDR_SCALARS, &r->in.trust_flags)); @@ -15045,9 +15541,15 @@ static enum ndr_err_code ndr_push_netr_DsrDeregisterDNSHostRecords(struct ndr_pu static enum ndr_err_code ndr_pull_netr_DsrDeregisterDNSHostRecords(struct ndr_pull *ndr, int flags, struct netr_DsrDeregisterDNSHostRecords *r) { uint32_t _ptr_server_name; + uint32_t size_server_name_1 = 0; + uint32_t length_server_name_1 = 0; uint32_t _ptr_domain; + uint32_t size_domain_1 = 0; + uint32_t length_domain_1 = 0; uint32_t _ptr_domain_guid; uint32_t _ptr_dsa_guid; + uint32_t size_dns_host_1 = 0; + uint32_t length_dns_host_1 = 0; TALLOC_CTX *_mem_save_server_name_0; TALLOC_CTX *_mem_save_domain_0; TALLOC_CTX *_mem_save_domain_guid_0; @@ -15064,11 +15566,13 @@ static enum ndr_err_code ndr_pull_netr_DsrDeregisterDNSHostRecords(struct ndr_pu NDR_PULL_SET_MEM_CTX(ndr, r->in.server_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.server_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.server_name)); - if (ndr_get_array_length(ndr, &r->in.server_name) > ndr_get_array_size(ndr, &r->in.server_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.server_name), ndr_get_array_length(ndr, &r->in.server_name)); + size_server_name_1 = ndr_get_array_size(ndr, &r->in.server_name); + length_server_name_1 = ndr_get_array_length(ndr, &r->in.server_name); + if (length_server_name_1 > size_server_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_name_1, length_server_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.server_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_name, ndr_get_array_length(ndr, &r->in.server_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_name, length_server_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_name_0, 0); } NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_domain)); @@ -15082,11 +15586,13 @@ static enum ndr_err_code ndr_pull_netr_DsrDeregisterDNSHostRecords(struct ndr_pu NDR_PULL_SET_MEM_CTX(ndr, r->in.domain, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.domain)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.domain)); - if (ndr_get_array_length(ndr, &r->in.domain) > ndr_get_array_size(ndr, &r->in.domain)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.domain), ndr_get_array_length(ndr, &r->in.domain)); + size_domain_1 = ndr_get_array_size(ndr, &r->in.domain); + length_domain_1 = ndr_get_array_length(ndr, &r->in.domain); + if (length_domain_1 > size_domain_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_domain_1, length_domain_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.domain), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.domain, ndr_get_array_length(ndr, &r->in.domain), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_domain_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.domain, length_domain_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_domain_0, 0); } NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_domain_guid)); @@ -15115,11 +15621,13 @@ static enum ndr_err_code ndr_pull_netr_DsrDeregisterDNSHostRecords(struct ndr_pu } NDR_CHECK(ndr_pull_array_size(ndr, &r->in.dns_host)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.dns_host)); - if (ndr_get_array_length(ndr, &r->in.dns_host) > ndr_get_array_size(ndr, &r->in.dns_host)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.dns_host), ndr_get_array_length(ndr, &r->in.dns_host)); + size_dns_host_1 = ndr_get_array_size(ndr, &r->in.dns_host); + length_dns_host_1 = ndr_get_array_length(ndr, &r->in.dns_host); + if (length_dns_host_1 > size_dns_host_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_dns_host_1, length_dns_host_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.dns_host), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.dns_host, ndr_get_array_length(ndr, &r->in.dns_host), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_dns_host_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.dns_host, length_dns_host_1, sizeof(uint16_t), CH_UTF16)); } if (flags & NDR_OUT) { NDR_CHECK(ndr_pull_WERROR(ndr, NDR_SCALARS, &r->out.result)); @@ -15221,6 +15729,12 @@ static enum ndr_err_code ndr_push_netr_ServerTrustPasswordsGet(struct ndr_push * static enum ndr_err_code ndr_pull_netr_ServerTrustPasswordsGet(struct ndr_pull *ndr, int flags, struct netr_ServerTrustPasswordsGet *r) { uint32_t _ptr_server_name; + uint32_t size_server_name_1 = 0; + uint32_t length_server_name_1 = 0; + uint32_t size_account_name_0 = 0; + uint32_t length_account_name_0 = 0; + uint32_t size_computer_name_0 = 0; + uint32_t length_computer_name_0 = 0; TALLOC_CTX *_mem_save_server_name_0; TALLOC_CTX *_mem_save_credential_0; TALLOC_CTX *_mem_save_return_authenticator_0; @@ -15240,28 +15754,34 @@ static enum ndr_err_code ndr_pull_netr_ServerTrustPasswordsGet(struct ndr_pull * NDR_PULL_SET_MEM_CTX(ndr, r->in.server_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.server_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.server_name)); - if (ndr_get_array_length(ndr, &r->in.server_name) > ndr_get_array_size(ndr, &r->in.server_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.server_name), ndr_get_array_length(ndr, &r->in.server_name)); + size_server_name_1 = ndr_get_array_size(ndr, &r->in.server_name); + length_server_name_1 = ndr_get_array_length(ndr, &r->in.server_name); + if (length_server_name_1 > size_server_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_name_1, length_server_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.server_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_name, ndr_get_array_length(ndr, &r->in.server_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_name, length_server_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_name_0, 0); } NDR_CHECK(ndr_pull_array_size(ndr, &r->in.account_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.account_name)); - if (ndr_get_array_length(ndr, &r->in.account_name) > ndr_get_array_size(ndr, &r->in.account_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.account_name), ndr_get_array_length(ndr, &r->in.account_name)); + size_account_name_0 = ndr_get_array_size(ndr, &r->in.account_name); + length_account_name_0 = ndr_get_array_length(ndr, &r->in.account_name); + if (length_account_name_0 > size_account_name_0) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_account_name_0, length_account_name_0); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.account_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.account_name, ndr_get_array_length(ndr, &r->in.account_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_account_name_0, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.account_name, length_account_name_0, sizeof(uint16_t), CH_UTF16)); NDR_CHECK(ndr_pull_netr_SchannelType(ndr, NDR_SCALARS, &r->in.secure_channel_type)); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.computer_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.computer_name)); - if (ndr_get_array_length(ndr, &r->in.computer_name) > ndr_get_array_size(ndr, &r->in.computer_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.computer_name), ndr_get_array_length(ndr, &r->in.computer_name)); + size_computer_name_0 = ndr_get_array_size(ndr, &r->in.computer_name); + length_computer_name_0 = ndr_get_array_length(ndr, &r->in.computer_name); + if (length_computer_name_0 > size_computer_name_0) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_computer_name_0, length_computer_name_0); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.computer_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.computer_name, ndr_get_array_length(ndr, &r->in.computer_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_computer_name_0, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.computer_name, length_computer_name_0, sizeof(uint16_t), CH_UTF16)); if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) { NDR_PULL_ALLOC(ndr, r->in.credential); } @@ -15384,7 +15904,11 @@ static enum ndr_err_code ndr_push_netr_DsRGetForestTrustInformation(struct ndr_p static enum ndr_err_code ndr_pull_netr_DsRGetForestTrustInformation(struct ndr_pull *ndr, int flags, struct netr_DsRGetForestTrustInformation *r) { uint32_t _ptr_server_name; + uint32_t size_server_name_1 = 0; + uint32_t length_server_name_1 = 0; uint32_t _ptr_trusted_domain_name; + uint32_t size_trusted_domain_name_1 = 0; + uint32_t length_trusted_domain_name_1 = 0; uint32_t _ptr_forest_trust_info; TALLOC_CTX *_mem_save_server_name_0; TALLOC_CTX *_mem_save_trusted_domain_name_0; @@ -15404,11 +15928,13 @@ static enum ndr_err_code ndr_pull_netr_DsRGetForestTrustInformation(struct ndr_p NDR_PULL_SET_MEM_CTX(ndr, r->in.server_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.server_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.server_name)); - if (ndr_get_array_length(ndr, &r->in.server_name) > ndr_get_array_size(ndr, &r->in.server_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.server_name), ndr_get_array_length(ndr, &r->in.server_name)); + size_server_name_1 = ndr_get_array_size(ndr, &r->in.server_name); + length_server_name_1 = ndr_get_array_length(ndr, &r->in.server_name); + if (length_server_name_1 > size_server_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_name_1, length_server_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.server_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_name, ndr_get_array_length(ndr, &r->in.server_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_name, length_server_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_name_0, 0); } NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_trusted_domain_name)); @@ -15422,11 +15948,13 @@ static enum ndr_err_code ndr_pull_netr_DsRGetForestTrustInformation(struct ndr_p NDR_PULL_SET_MEM_CTX(ndr, r->in.trusted_domain_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.trusted_domain_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.trusted_domain_name)); - if (ndr_get_array_length(ndr, &r->in.trusted_domain_name) > ndr_get_array_size(ndr, &r->in.trusted_domain_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.trusted_domain_name), ndr_get_array_length(ndr, &r->in.trusted_domain_name)); + size_trusted_domain_name_1 = ndr_get_array_size(ndr, &r->in.trusted_domain_name); + length_trusted_domain_name_1 = ndr_get_array_length(ndr, &r->in.trusted_domain_name); + if (length_trusted_domain_name_1 > size_trusted_domain_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_trusted_domain_name_1, length_trusted_domain_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.trusted_domain_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.trusted_domain_name, ndr_get_array_length(ndr, &r->in.trusted_domain_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_trusted_domain_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.trusted_domain_name, length_trusted_domain_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_trusted_domain_name_0, 0); } NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.flags)); @@ -15543,6 +16071,10 @@ static enum ndr_err_code ndr_push_netr_GetForestTrustInformation(struct ndr_push static enum ndr_err_code ndr_pull_netr_GetForestTrustInformation(struct ndr_pull *ndr, int flags, struct netr_GetForestTrustInformation *r) { uint32_t _ptr_server_name; + uint32_t size_server_name_1 = 0; + uint32_t length_server_name_1 = 0; + uint32_t size_trusted_domain_name_1 = 0; + uint32_t length_trusted_domain_name_1 = 0; uint32_t _ptr_forest_trust_info; TALLOC_CTX *_mem_save_server_name_0; TALLOC_CTX *_mem_save_credential_0; @@ -15563,20 +16095,24 @@ static enum ndr_err_code ndr_pull_netr_GetForestTrustInformation(struct ndr_pull NDR_PULL_SET_MEM_CTX(ndr, r->in.server_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.server_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.server_name)); - if (ndr_get_array_length(ndr, &r->in.server_name) > ndr_get_array_size(ndr, &r->in.server_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.server_name), ndr_get_array_length(ndr, &r->in.server_name)); + size_server_name_1 = ndr_get_array_size(ndr, &r->in.server_name); + length_server_name_1 = ndr_get_array_length(ndr, &r->in.server_name); + if (length_server_name_1 > size_server_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_name_1, length_server_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.server_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_name, ndr_get_array_length(ndr, &r->in.server_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_name, length_server_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_name_0, 0); } NDR_CHECK(ndr_pull_array_size(ndr, &r->in.trusted_domain_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.trusted_domain_name)); - if (ndr_get_array_length(ndr, &r->in.trusted_domain_name) > ndr_get_array_size(ndr, &r->in.trusted_domain_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.trusted_domain_name), ndr_get_array_length(ndr, &r->in.trusted_domain_name)); + size_trusted_domain_name_1 = ndr_get_array_size(ndr, &r->in.trusted_domain_name); + length_trusted_domain_name_1 = ndr_get_array_length(ndr, &r->in.trusted_domain_name); + if (length_trusted_domain_name_1 > size_trusted_domain_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_trusted_domain_name_1, length_trusted_domain_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.trusted_domain_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.trusted_domain_name, ndr_get_array_length(ndr, &r->in.trusted_domain_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_trusted_domain_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.trusted_domain_name, length_trusted_domain_name_1, sizeof(uint16_t), CH_UTF16)); if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) { NDR_PULL_ALLOC(ndr, r->in.credential); } @@ -15733,7 +16269,11 @@ static enum ndr_err_code ndr_push_netr_LogonSamLogonWithFlags(struct ndr_push *n static enum ndr_err_code ndr_pull_netr_LogonSamLogonWithFlags(struct ndr_pull *ndr, int flags, struct netr_LogonSamLogonWithFlags *r) { uint32_t _ptr_server_name; + uint32_t size_server_name_1 = 0; + uint32_t length_server_name_1 = 0; uint32_t _ptr_computer_name; + uint32_t size_computer_name_1 = 0; + uint32_t length_computer_name_1 = 0; uint32_t _ptr_credential; uint32_t _ptr_return_authenticator; TALLOC_CTX *_mem_save_server_name_0; @@ -15758,11 +16298,13 @@ static enum ndr_err_code ndr_pull_netr_LogonSamLogonWithFlags(struct ndr_pull *n NDR_PULL_SET_MEM_CTX(ndr, r->in.server_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.server_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.server_name)); - if (ndr_get_array_length(ndr, &r->in.server_name) > ndr_get_array_size(ndr, &r->in.server_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.server_name), ndr_get_array_length(ndr, &r->in.server_name)); + size_server_name_1 = ndr_get_array_size(ndr, &r->in.server_name); + length_server_name_1 = ndr_get_array_length(ndr, &r->in.server_name); + if (length_server_name_1 > size_server_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_name_1, length_server_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.server_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_name, ndr_get_array_length(ndr, &r->in.server_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_name, length_server_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_name_0, 0); } NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_computer_name)); @@ -15776,11 +16318,13 @@ static enum ndr_err_code ndr_pull_netr_LogonSamLogonWithFlags(struct ndr_pull *n NDR_PULL_SET_MEM_CTX(ndr, r->in.computer_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.computer_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.computer_name)); - if (ndr_get_array_length(ndr, &r->in.computer_name) > ndr_get_array_size(ndr, &r->in.computer_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.computer_name), ndr_get_array_length(ndr, &r->in.computer_name)); + size_computer_name_1 = ndr_get_array_size(ndr, &r->in.computer_name); + length_computer_name_1 = ndr_get_array_length(ndr, &r->in.computer_name); + if (length_computer_name_1 > size_computer_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_computer_name_1, length_computer_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.computer_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.computer_name, ndr_get_array_length(ndr, &r->in.computer_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_computer_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.computer_name, length_computer_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_computer_name_0, 0); } NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_credential)); @@ -16004,6 +16548,12 @@ static enum ndr_err_code ndr_push_netr_ServerGetTrustInfo(struct ndr_push *ndr, static enum ndr_err_code ndr_pull_netr_ServerGetTrustInfo(struct ndr_pull *ndr, int flags, struct netr_ServerGetTrustInfo *r) { uint32_t _ptr_server_name; + uint32_t size_server_name_1 = 0; + uint32_t length_server_name_1 = 0; + uint32_t size_account_name_1 = 0; + uint32_t length_account_name_1 = 0; + uint32_t size_computer_name_1 = 0; + uint32_t length_computer_name_1 = 0; uint32_t _ptr_trust_info; TALLOC_CTX *_mem_save_server_name_0; TALLOC_CTX *_mem_save_credential_0; @@ -16026,28 +16576,34 @@ static enum ndr_err_code ndr_pull_netr_ServerGetTrustInfo(struct ndr_pull *ndr, NDR_PULL_SET_MEM_CTX(ndr, r->in.server_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.server_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.server_name)); - if (ndr_get_array_length(ndr, &r->in.server_name) > ndr_get_array_size(ndr, &r->in.server_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.server_name), ndr_get_array_length(ndr, &r->in.server_name)); + size_server_name_1 = ndr_get_array_size(ndr, &r->in.server_name); + length_server_name_1 = ndr_get_array_length(ndr, &r->in.server_name); + if (length_server_name_1 > size_server_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_name_1, length_server_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.server_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_name, ndr_get_array_length(ndr, &r->in.server_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_name, length_server_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_name_0, 0); } NDR_CHECK(ndr_pull_array_size(ndr, &r->in.account_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.account_name)); - if (ndr_get_array_length(ndr, &r->in.account_name) > ndr_get_array_size(ndr, &r->in.account_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.account_name), ndr_get_array_length(ndr, &r->in.account_name)); + size_account_name_1 = ndr_get_array_size(ndr, &r->in.account_name); + length_account_name_1 = ndr_get_array_length(ndr, &r->in.account_name); + if (length_account_name_1 > size_account_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_account_name_1, length_account_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.account_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.account_name, ndr_get_array_length(ndr, &r->in.account_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_account_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.account_name, length_account_name_1, sizeof(uint16_t), CH_UTF16)); NDR_CHECK(ndr_pull_netr_SchannelType(ndr, NDR_SCALARS, &r->in.secure_channel_type)); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.computer_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.computer_name)); - if (ndr_get_array_length(ndr, &r->in.computer_name) > ndr_get_array_size(ndr, &r->in.computer_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.computer_name), ndr_get_array_length(ndr, &r->in.computer_name)); + size_computer_name_1 = ndr_get_array_size(ndr, &r->in.computer_name); + length_computer_name_1 = ndr_get_array_length(ndr, &r->in.computer_name); + if (length_computer_name_1 > size_computer_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_computer_name_1, length_computer_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.computer_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.computer_name, ndr_get_array_length(ndr, &r->in.computer_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_computer_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.computer_name, length_computer_name_1, sizeof(uint16_t), CH_UTF16)); if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) { NDR_PULL_ALLOC(ndr, r->in.credential); } diff --git a/librpc/gen_ndr/ndr_ntsvcs.c b/librpc/gen_ndr/ndr_ntsvcs.c index d317c9f..de3ac1a 100644 --- a/librpc/gen_ndr/ndr_ntsvcs.c +++ b/librpc/gen_ndr/ndr_ntsvcs.c @@ -53,11 +53,13 @@ static enum ndr_err_code ndr_push_PNP_HwProfInfo(struct ndr_push *ndr, int ndr_f static enum ndr_err_code ndr_pull_PNP_HwProfInfo(struct ndr_pull *ndr, int ndr_flags, struct PNP_HwProfInfo *r) { + uint32_t size_friendly_name_0 = 0; uint32_t cntr_friendly_name_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->profile_handle)); - for (cntr_friendly_name_0 = 0; cntr_friendly_name_0 < 80; cntr_friendly_name_0++) { + size_friendly_name_0 = 80; + for (cntr_friendly_name_0 = 0; cntr_friendly_name_0 < size_friendly_name_0; cntr_friendly_name_0++) { NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, &r->friendly_name[cntr_friendly_name_0])); } NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->flags)); @@ -373,14 +375,18 @@ static enum ndr_err_code ndr_push_PNP_ValidateDeviceInstance(struct ndr_push *nd static enum ndr_err_code ndr_pull_PNP_ValidateDeviceInstance(struct ndr_pull *ndr, int flags, struct PNP_ValidateDeviceInstance *r) { + uint32_t size_devicepath_1 = 0; + uint32_t length_devicepath_1 = 0; if (flags & NDR_IN) { NDR_CHECK(ndr_pull_array_size(ndr, &r->in.devicepath)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.devicepath)); - if (ndr_get_array_length(ndr, &r->in.devicepath) > ndr_get_array_size(ndr, &r->in.devicepath)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.devicepath), ndr_get_array_length(ndr, &r->in.devicepath)); + size_devicepath_1 = ndr_get_array_size(ndr, &r->in.devicepath); + length_devicepath_1 = ndr_get_array_length(ndr, &r->in.devicepath); + if (length_devicepath_1 > size_devicepath_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_devicepath_1, length_devicepath_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.devicepath), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.devicepath, ndr_get_array_length(ndr, &r->in.devicepath), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_devicepath_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.devicepath, length_devicepath_1, sizeof(uint16_t), CH_UTF16)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.flags)); } if (flags & NDR_OUT) { @@ -577,6 +583,10 @@ static enum ndr_err_code ndr_push_PNP_GetDeviceList(struct ndr_push *ndr, int fl static enum ndr_err_code ndr_pull_PNP_GetDeviceList(struct ndr_pull *ndr, int flags, struct PNP_GetDeviceList *r) { uint32_t _ptr_filter; + uint32_t size_filter_1 = 0; + uint32_t length_filter_1 = 0; + uint32_t size_buffer_1 = 0; + uint32_t length_buffer_1 = 0; uint32_t cntr_buffer_1; TALLOC_CTX *_mem_save_filter_0; TALLOC_CTX *_mem_save_buffer_1; @@ -595,11 +605,13 @@ static enum ndr_err_code ndr_pull_PNP_GetDeviceList(struct ndr_pull *ndr, int fl NDR_PULL_SET_MEM_CTX(ndr, r->in.filter, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.filter)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.filter)); - if (ndr_get_array_length(ndr, &r->in.filter) > ndr_get_array_size(ndr, &r->in.filter)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.filter), ndr_get_array_length(ndr, &r->in.filter)); + size_filter_1 = ndr_get_array_size(ndr, &r->in.filter); + length_filter_1 = ndr_get_array_length(ndr, &r->in.filter); + if (length_filter_1 > size_filter_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_filter_1, length_filter_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.filter), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.filter, ndr_get_array_length(ndr, &r->in.filter), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_filter_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.filter, length_filter_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_filter_0, 0); } if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) { @@ -618,15 +630,17 @@ static enum ndr_err_code ndr_pull_PNP_GetDeviceList(struct ndr_pull *ndr, int fl if (flags & NDR_OUT) { NDR_CHECK(ndr_pull_array_size(ndr, &r->out.buffer)); NDR_CHECK(ndr_pull_array_length(ndr, &r->out.buffer)); - if (ndr_get_array_length(ndr, &r->out.buffer) > ndr_get_array_size(ndr, &r->out.buffer)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->out.buffer), ndr_get_array_length(ndr, &r->out.buffer)); + size_buffer_1 = ndr_get_array_size(ndr, &r->out.buffer); + length_buffer_1 = ndr_get_array_length(ndr, &r->out.buffer); + if (length_buffer_1 > size_buffer_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_buffer_1, length_buffer_1); } if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) { - NDR_PULL_ALLOC_N(ndr, r->out.buffer, ndr_get_array_size(ndr, &r->out.buffer)); + NDR_PULL_ALLOC_N(ndr, r->out.buffer, size_buffer_1); } _mem_save_buffer_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->out.buffer, 0); - for (cntr_buffer_1 = 0; cntr_buffer_1 < *r->out.length; cntr_buffer_1++) { + for (cntr_buffer_1 = 0; cntr_buffer_1 < length_buffer_1; cntr_buffer_1++) { NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, &r->out.buffer[cntr_buffer_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_buffer_1, 0); @@ -723,6 +737,8 @@ static enum ndr_err_code ndr_push_PNP_GetDeviceListSize(struct ndr_push *ndr, in static enum ndr_err_code ndr_pull_PNP_GetDeviceListSize(struct ndr_pull *ndr, int flags, struct PNP_GetDeviceListSize *r) { uint32_t _ptr_devicename; + uint32_t size_devicename_1 = 0; + uint32_t length_devicename_1 = 0; TALLOC_CTX *_mem_save_devicename_0; TALLOC_CTX *_mem_save_size_0; if (flags & NDR_IN) { @@ -739,11 +755,13 @@ static enum ndr_err_code ndr_pull_PNP_GetDeviceListSize(struct ndr_pull *ndr, in NDR_PULL_SET_MEM_CTX(ndr, r->in.devicename, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.devicename)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.devicename)); - if (ndr_get_array_length(ndr, &r->in.devicename) > ndr_get_array_size(ndr, &r->in.devicename)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.devicename), ndr_get_array_length(ndr, &r->in.devicename)); + size_devicename_1 = ndr_get_array_size(ndr, &r->in.devicename); + length_devicename_1 = ndr_get_array_length(ndr, &r->in.devicename); + if (length_devicename_1 > size_devicename_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_devicename_1, length_devicename_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.devicename), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.devicename, ndr_get_array_length(ndr, &r->in.devicename), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_devicename_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.devicename, length_devicename_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_devicename_0, 0); } NDR_CHECK(ndr_pull_PNP_GetIdListFlags(ndr, NDR_SCALARS, &r->in.flags)); @@ -888,6 +906,10 @@ static enum ndr_err_code ndr_push_PNP_GetDeviceRegProp(struct ndr_push *ndr, int static enum ndr_err_code ndr_pull_PNP_GetDeviceRegProp(struct ndr_pull *ndr, int flags, struct PNP_GetDeviceRegProp *r) { + uint32_t size_devicepath_1 = 0; + uint32_t length_devicepath_1 = 0; + uint32_t size_buffer_1 = 0; + uint32_t length_buffer_1 = 0; TALLOC_CTX *_mem_save_reg_data_type_0; TALLOC_CTX *_mem_save_buffer_size_0; TALLOC_CTX *_mem_save_needed_0; @@ -896,11 +918,13 @@ static enum ndr_err_code ndr_pull_PNP_GetDeviceRegProp(struct ndr_pull *ndr, int NDR_CHECK(ndr_pull_array_size(ndr, &r->in.devicepath)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.devicepath)); - if (ndr_get_array_length(ndr, &r->in.devicepath) > ndr_get_array_size(ndr, &r->in.devicepath)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.devicepath), ndr_get_array_length(ndr, &r->in.devicepath)); + size_devicepath_1 = ndr_get_array_size(ndr, &r->in.devicepath); + length_devicepath_1 = ndr_get_array_length(ndr, &r->in.devicepath); + if (length_devicepath_1 > size_devicepath_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_devicepath_1, length_devicepath_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.devicepath), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.devicepath, ndr_get_array_length(ndr, &r->in.devicepath), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_devicepath_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.devicepath, length_devicepath_1, sizeof(uint16_t), CH_UTF16)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.property)); if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) { NDR_PULL_ALLOC(ndr, r->in.reg_data_type); @@ -943,13 +967,15 @@ static enum ndr_err_code ndr_pull_PNP_GetDeviceRegProp(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, _mem_save_reg_data_type_0, LIBNDR_FLAG_REF_ALLOC); NDR_CHECK(ndr_pull_array_size(ndr, &r->out.buffer)); NDR_CHECK(ndr_pull_array_length(ndr, &r->out.buffer)); - if (ndr_get_array_length(ndr, &r->out.buffer) > ndr_get_array_size(ndr, &r->out.buffer)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->out.buffer), ndr_get_array_length(ndr, &r->out.buffer)); + size_buffer_1 = ndr_get_array_size(ndr, &r->out.buffer); + length_buffer_1 = ndr_get_array_length(ndr, &r->out.buffer); + if (length_buffer_1 > size_buffer_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_buffer_1, length_buffer_1); } if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) { - NDR_PULL_ALLOC_N(ndr, r->out.buffer, ndr_get_array_size(ndr, &r->out.buffer)); + NDR_PULL_ALLOC_N(ndr, r->out.buffer, size_buffer_1); } - NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->out.buffer, ndr_get_array_length(ndr, &r->out.buffer))); + NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->out.buffer, length_buffer_1)); if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) { NDR_PULL_ALLOC(ndr, r->out.buffer_size); } @@ -2152,9 +2178,15 @@ static enum ndr_err_code ndr_push_PNP_HwProfFlags(struct ndr_push *ndr, int flag static enum ndr_err_code ndr_pull_PNP_HwProfFlags(struct ndr_pull *ndr, int flags, struct PNP_HwProfFlags *r) { + uint32_t size_devicepath_1 = 0; + uint32_t length_devicepath_1 = 0; uint32_t _ptr_veto_type; uint32_t _ptr_unknown5; + uint32_t size_unknown5_1 = 0; + uint32_t length_unknown5_1 = 0; uint32_t _ptr_unknown5a; + uint32_t size_unknown5a_2 = 0; + uint32_t length_unknown5a_2 = 0; TALLOC_CTX *_mem_save_profile_flags_0; TALLOC_CTX *_mem_save_veto_type_0; TALLOC_CTX *_mem_save_unknown5_0; @@ -2166,11 +2198,13 @@ static enum ndr_err_code ndr_pull_PNP_HwProfFlags(struct ndr_pull *ndr, int flag NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.action)); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.devicepath)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.devicepath)); - if (ndr_get_array_length(ndr, &r->in.devicepath) > ndr_get_array_size(ndr, &r->in.devicepath)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.devicepath), ndr_get_array_length(ndr, &r->in.devicepath)); + size_devicepath_1 = ndr_get_array_size(ndr, &r->in.devicepath); + length_devicepath_1 = ndr_get_array_length(ndr, &r->in.devicepath); + if (length_devicepath_1 > size_devicepath_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_devicepath_1, length_devicepath_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.devicepath), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.devicepath, ndr_get_array_length(ndr, &r->in.devicepath), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_devicepath_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.devicepath, length_devicepath_1, sizeof(uint16_t), CH_UTF16)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.config)); if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) { NDR_PULL_ALLOC(ndr, r->in.profile_flags); @@ -2202,11 +2236,13 @@ static enum ndr_err_code ndr_pull_PNP_HwProfFlags(struct ndr_pull *ndr, int flag NDR_PULL_SET_MEM_CTX(ndr, r->in.unknown5, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.unknown5)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.unknown5)); - if (ndr_get_array_length(ndr, &r->in.unknown5) > ndr_get_array_size(ndr, &r->in.unknown5)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.unknown5), ndr_get_array_length(ndr, &r->in.unknown5)); + size_unknown5_1 = ndr_get_array_size(ndr, &r->in.unknown5); + length_unknown5_1 = ndr_get_array_length(ndr, &r->in.unknown5); + if (length_unknown5_1 > size_unknown5_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_unknown5_1, length_unknown5_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.unknown5), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.unknown5, ndr_get_array_length(ndr, &r->in.unknown5), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_unknown5_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.unknown5, length_unknown5_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_unknown5_0, 0); } NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.name_length)); @@ -2254,11 +2290,13 @@ static enum ndr_err_code ndr_pull_PNP_HwProfFlags(struct ndr_pull *ndr, int flag NDR_PULL_SET_MEM_CTX(ndr, *r->out.unknown5a, 0); NDR_CHECK(ndr_pull_array_size(ndr, r->out.unknown5a)); NDR_CHECK(ndr_pull_array_length(ndr, r->out.unknown5a)); - if (ndr_get_array_length(ndr, r->out.unknown5a) > ndr_get_array_size(ndr, r->out.unknown5a)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, r->out.unknown5a), ndr_get_array_length(ndr, r->out.unknown5a)); + size_unknown5a_2 = ndr_get_array_size(ndr, r->out.unknown5a); + length_unknown5a_2 = ndr_get_array_length(ndr, r->out.unknown5a); + if (length_unknown5a_2 > size_unknown5a_2) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_unknown5a_2, length_unknown5a_2); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, r->out.unknown5a), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, r->out.unknown5a, ndr_get_array_length(ndr, r->out.unknown5a), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_unknown5a_2, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, r->out.unknown5a, length_unknown5a_2, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_unknown5a_1, 0); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_unknown5a_0, 0); diff --git a/librpc/gen_ndr/ndr_samr.c b/librpc/gen_ndr/ndr_samr.c index ab76f5a..2b93a89 100644 --- a/librpc/gen_ndr/ndr_samr.c +++ b/librpc/gen_ndr/ndr_samr.c @@ -302,6 +302,7 @@ static enum ndr_err_code ndr_push_samr_SamArray(struct ndr_push *ndr, int ndr_fl static enum ndr_err_code ndr_pull_samr_SamArray(struct ndr_pull *ndr, int ndr_flags, struct samr_SamArray *r) { uint32_t _ptr_entries; + uint32_t size_entries_1 = 0; uint32_t cntr_entries_1; TALLOC_CTX *_mem_save_entries_0; TALLOC_CTX *_mem_save_entries_1; @@ -320,13 +321,14 @@ static enum ndr_err_code ndr_pull_samr_SamArray(struct ndr_pull *ndr, int ndr_fl _mem_save_entries_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->entries, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->entries)); - NDR_PULL_ALLOC_N(ndr, r->entries, ndr_get_array_size(ndr, &r->entries)); + size_entries_1 = ndr_get_array_size(ndr, &r->entries); + NDR_PULL_ALLOC_N(ndr, r->entries, size_entries_1); _mem_save_entries_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->entries, 0); - for (cntr_entries_1 = 0; cntr_entries_1 < r->count; cntr_entries_1++) { + for (cntr_entries_1 = 0; cntr_entries_1 < size_entries_1; cntr_entries_1++) { NDR_CHECK(ndr_pull_samr_SamEntry(ndr, NDR_SCALARS, &r->entries[cntr_entries_1])); } - for (cntr_entries_1 = 0; cntr_entries_1 < r->count; cntr_entries_1++) { + for (cntr_entries_1 = 0; cntr_entries_1 < size_entries_1; cntr_entries_1++) { NDR_CHECK(ndr_pull_samr_SamEntry(ndr, NDR_BUFFERS, &r->entries[cntr_entries_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_entries_1, 0); @@ -1185,6 +1187,7 @@ static enum ndr_err_code ndr_push_samr_Ids(struct ndr_push *ndr, int ndr_flags, static enum ndr_err_code ndr_pull_samr_Ids(struct ndr_pull *ndr, int ndr_flags, struct samr_Ids *r) { uint32_t _ptr_ids; + uint32_t size_ids_1 = 0; uint32_t cntr_ids_1; TALLOC_CTX *_mem_save_ids_0; TALLOC_CTX *_mem_save_ids_1; @@ -1206,10 +1209,11 @@ static enum ndr_err_code ndr_pull_samr_Ids(struct ndr_pull *ndr, int ndr_flags, _mem_save_ids_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->ids, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->ids)); - NDR_PULL_ALLOC_N(ndr, r->ids, ndr_get_array_size(ndr, &r->ids)); + size_ids_1 = ndr_get_array_size(ndr, &r->ids); + NDR_PULL_ALLOC_N(ndr, r->ids, size_ids_1); _mem_save_ids_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->ids, 0); - for (cntr_ids_1 = 0; cntr_ids_1 < r->count; cntr_ids_1++) { + for (cntr_ids_1 = 0; cntr_ids_1 < size_ids_1; cntr_ids_1++) { NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->ids[cntr_ids_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_ids_1, 0); @@ -1558,10 +1562,12 @@ static enum ndr_err_code ndr_push_samr_RidTypeArray(struct ndr_push *ndr, int nd static enum ndr_err_code ndr_pull_samr_RidTypeArray(struct ndr_pull *ndr, int ndr_flags, struct samr_RidTypeArray *r) { uint32_t _ptr_rids; + uint32_t size_rids_1 = 0; uint32_t cntr_rids_1; TALLOC_CTX *_mem_save_rids_0; TALLOC_CTX *_mem_save_rids_1; uint32_t _ptr_types; + uint32_t size_types_1 = 0; uint32_t cntr_types_1; TALLOC_CTX *_mem_save_types_0; TALLOC_CTX *_mem_save_types_1; @@ -1586,10 +1592,11 @@ static enum ndr_err_code ndr_pull_samr_RidTypeArray(struct ndr_pull *ndr, int nd _mem_save_rids_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->rids, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->rids)); - NDR_PULL_ALLOC_N(ndr, r->rids, ndr_get_array_size(ndr, &r->rids)); + size_rids_1 = ndr_get_array_size(ndr, &r->rids); + NDR_PULL_ALLOC_N(ndr, r->rids, size_rids_1); _mem_save_rids_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->rids, 0); - for (cntr_rids_1 = 0; cntr_rids_1 < r->count; cntr_rids_1++) { + for (cntr_rids_1 = 0; cntr_rids_1 < size_rids_1; cntr_rids_1++) { NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->rids[cntr_rids_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_rids_1, 0); @@ -1599,10 +1606,11 @@ static enum ndr_err_code ndr_pull_samr_RidTypeArray(struct ndr_pull *ndr, int nd _mem_save_types_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->types, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->types)); - NDR_PULL_ALLOC_N(ndr, r->types, ndr_get_array_size(ndr, &r->types)); + size_types_1 = ndr_get_array_size(ndr, &r->types); + NDR_PULL_ALLOC_N(ndr, r->types, size_types_1); _mem_save_types_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->types, 0); - for (cntr_types_1 = 0; cntr_types_1 < r->count; cntr_types_1++) { + for (cntr_types_1 = 0; cntr_types_1 < size_types_1; cntr_types_1++) { NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->types[cntr_types_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_types_1, 0); @@ -1958,6 +1966,8 @@ _PUBLIC_ enum ndr_err_code ndr_push_samr_LogonHours(struct ndr_push *ndr, int nd _PUBLIC_ enum ndr_err_code ndr_pull_samr_LogonHours(struct ndr_pull *ndr, int ndr_flags, struct samr_LogonHours *r) { uint32_t _ptr_bits; + uint32_t size_bits_1 = 0; + uint32_t length_bits_1 = 0; TALLOC_CTX *_mem_save_bits_0; { uint32_t _flags_save_STRUCT = ndr->flags; @@ -1978,11 +1988,13 @@ _PUBLIC_ enum ndr_err_code ndr_pull_samr_LogonHours(struct ndr_pull *ndr, int nd NDR_PULL_SET_MEM_CTX(ndr, r->bits, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->bits)); NDR_CHECK(ndr_pull_array_length(ndr, &r->bits)); - if (ndr_get_array_length(ndr, &r->bits) > ndr_get_array_size(ndr, &r->bits)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->bits), ndr_get_array_length(ndr, &r->bits)); + size_bits_1 = ndr_get_array_size(ndr, &r->bits); + length_bits_1 = ndr_get_array_length(ndr, &r->bits); + if (length_bits_1 > size_bits_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_bits_1, length_bits_1); } - NDR_PULL_ALLOC_N(ndr, r->bits, ndr_get_array_size(ndr, &r->bits)); - NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->bits, ndr_get_array_length(ndr, &r->bits))); + NDR_PULL_ALLOC_N(ndr, r->bits, size_bits_1); + NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->bits, length_bits_1)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_bits_0, 0); } if (r->bits) { @@ -2618,12 +2630,14 @@ _PUBLIC_ enum ndr_err_code ndr_push_samr_Password(struct ndr_push *ndr, int ndr_ _PUBLIC_ enum ndr_err_code ndr_pull_samr_Password(struct ndr_pull *ndr, int ndr_flags, struct samr_Password *r) { + uint32_t size_hash_0 = 0; { uint32_t _flags_save_STRUCT = ndr->flags; ndr_set_flags(&ndr->flags, LIBNDR_PRINT_ARRAY_HEX); if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 1)); - NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->hash, 16)); + size_hash_0 = 16; + NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->hash, size_hash_0)); } if (ndr_flags & NDR_BUFFERS) { } @@ -2835,6 +2849,7 @@ static enum ndr_err_code ndr_push_samr_UserInfo21(struct ndr_push *ndr, int ndr_ static enum ndr_err_code ndr_pull_samr_UserInfo21(struct ndr_pull *ndr, int ndr_flags, struct samr_UserInfo21 *r) { uint32_t _ptr_buffer; + uint32_t size_buffer_1 = 0; TALLOC_CTX *_mem_save_buffer_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); @@ -2896,8 +2911,9 @@ static enum ndr_err_code ndr_pull_samr_UserInfo21(struct ndr_pull *ndr, int ndr_ _mem_save_buffer_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->buffer, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->buffer)); - NDR_PULL_ALLOC_N(ndr, r->buffer, ndr_get_array_size(ndr, &r->buffer)); - NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->buffer, ndr_get_array_size(ndr, &r->buffer))); + size_buffer_1 = ndr_get_array_size(ndr, &r->buffer); + NDR_PULL_ALLOC_N(ndr, r->buffer, size_buffer_1); + NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->buffer, size_buffer_1)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_buffer_0, 0); } NDR_CHECK(ndr_pull_samr_LogonHours(ndr, NDR_BUFFERS, &r->logon_hours)); @@ -2972,12 +2988,14 @@ _PUBLIC_ enum ndr_err_code ndr_push_samr_CryptPassword(struct ndr_push *ndr, int _PUBLIC_ enum ndr_err_code ndr_pull_samr_CryptPassword(struct ndr_pull *ndr, int ndr_flags, struct samr_CryptPassword *r) { + uint32_t size_data_0 = 0; { uint32_t _flags_save_STRUCT = ndr->flags; ndr_set_flags(&ndr->flags, LIBNDR_PRINT_ARRAY_HEX); if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 1)); - NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->data, 516)); + size_data_0 = 516; + NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->data, size_data_0)); } if (ndr_flags & NDR_BUFFERS) { } @@ -3085,12 +3103,14 @@ static enum ndr_err_code ndr_push_samr_CryptPasswordEx(struct ndr_push *ndr, int static enum ndr_err_code ndr_pull_samr_CryptPasswordEx(struct ndr_pull *ndr, int ndr_flags, struct samr_CryptPasswordEx *r) { + uint32_t size_data_0 = 0; { uint32_t _flags_save_STRUCT = ndr->flags; ndr_set_flags(&ndr->flags, LIBNDR_PRINT_ARRAY_HEX); if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 1)); - NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->data, 532)); + size_data_0 = 532; + NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->data, size_data_0)); } if (ndr_flags & NDR_BUFFERS) { } @@ -3738,6 +3758,7 @@ _PUBLIC_ enum ndr_err_code ndr_push_samr_RidWithAttributeArray(struct ndr_push * _PUBLIC_ enum ndr_err_code ndr_pull_samr_RidWithAttributeArray(struct ndr_pull *ndr, int ndr_flags, struct samr_RidWithAttributeArray *r) { uint32_t _ptr_rids; + uint32_t size_rids_1 = 0; uint32_t cntr_rids_1; TALLOC_CTX *_mem_save_rids_0; TALLOC_CTX *_mem_save_rids_1; @@ -3756,10 +3777,11 @@ _PUBLIC_ enum ndr_err_code ndr_pull_samr_RidWithAttributeArray(struct ndr_pull * _mem_save_rids_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->rids, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->rids)); - NDR_PULL_ALLOC_N(ndr, r->rids, ndr_get_array_size(ndr, &r->rids)); + size_rids_1 = ndr_get_array_size(ndr, &r->rids); + NDR_PULL_ALLOC_N(ndr, r->rids, size_rids_1); _mem_save_rids_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->rids, 0); - for (cntr_rids_1 = 0; cntr_rids_1 < r->count; cntr_rids_1++) { + for (cntr_rids_1 = 0; cntr_rids_1 < size_rids_1; cntr_rids_1++) { NDR_CHECK(ndr_pull_samr_RidWithAttribute(ndr, NDR_SCALARS, &r->rids[cntr_rids_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_rids_1, 0); @@ -3872,6 +3894,7 @@ static enum ndr_err_code ndr_push_samr_DispInfoGeneral(struct ndr_push *ndr, int static enum ndr_err_code ndr_pull_samr_DispInfoGeneral(struct ndr_pull *ndr, int ndr_flags, struct samr_DispInfoGeneral *r) { uint32_t _ptr_entries; + uint32_t size_entries_1 = 0; uint32_t cntr_entries_1; TALLOC_CTX *_mem_save_entries_0; TALLOC_CTX *_mem_save_entries_1; @@ -3890,13 +3913,14 @@ static enum ndr_err_code ndr_pull_samr_DispInfoGeneral(struct ndr_pull *ndr, int _mem_save_entries_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->entries, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->entries)); - NDR_PULL_ALLOC_N(ndr, r->entries, ndr_get_array_size(ndr, &r->entries)); + size_entries_1 = ndr_get_array_size(ndr, &r->entries); + NDR_PULL_ALLOC_N(ndr, r->entries, size_entries_1); _mem_save_entries_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->entries, 0); - for (cntr_entries_1 = 0; cntr_entries_1 < r->count; cntr_entries_1++) { + for (cntr_entries_1 = 0; cntr_entries_1 < size_entries_1; cntr_entries_1++) { NDR_CHECK(ndr_pull_samr_DispEntryGeneral(ndr, NDR_SCALARS, &r->entries[cntr_entries_1])); } - for (cntr_entries_1 = 0; cntr_entries_1 < r->count; cntr_entries_1++) { + for (cntr_entries_1 = 0; cntr_entries_1 < size_entries_1; cntr_entries_1++) { NDR_CHECK(ndr_pull_samr_DispEntryGeneral(ndr, NDR_BUFFERS, &r->entries[cntr_entries_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_entries_1, 0); @@ -4004,6 +4028,7 @@ static enum ndr_err_code ndr_push_samr_DispInfoFull(struct ndr_push *ndr, int nd static enum ndr_err_code ndr_pull_samr_DispInfoFull(struct ndr_pull *ndr, int ndr_flags, struct samr_DispInfoFull *r) { uint32_t _ptr_entries; + uint32_t size_entries_1 = 0; uint32_t cntr_entries_1; TALLOC_CTX *_mem_save_entries_0; TALLOC_CTX *_mem_save_entries_1; @@ -4022,13 +4047,14 @@ static enum ndr_err_code ndr_pull_samr_DispInfoFull(struct ndr_pull *ndr, int nd _mem_save_entries_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->entries, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->entries)); - NDR_PULL_ALLOC_N(ndr, r->entries, ndr_get_array_size(ndr, &r->entries)); + size_entries_1 = ndr_get_array_size(ndr, &r->entries); + NDR_PULL_ALLOC_N(ndr, r->entries, size_entries_1); _mem_save_entries_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->entries, 0); - for (cntr_entries_1 = 0; cntr_entries_1 < r->count; cntr_entries_1++) { + for (cntr_entries_1 = 0; cntr_entries_1 < size_entries_1; cntr_entries_1++) { NDR_CHECK(ndr_pull_samr_DispEntryFull(ndr, NDR_SCALARS, &r->entries[cntr_entries_1])); } - for (cntr_entries_1 = 0; cntr_entries_1 < r->count; cntr_entries_1++) { + for (cntr_entries_1 = 0; cntr_entries_1 < size_entries_1; cntr_entries_1++) { NDR_CHECK(ndr_pull_samr_DispEntryFull(ndr, NDR_BUFFERS, &r->entries[cntr_entries_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_entries_1, 0); @@ -4136,6 +4162,7 @@ static enum ndr_err_code ndr_push_samr_DispInfoFullGroups(struct ndr_push *ndr, static enum ndr_err_code ndr_pull_samr_DispInfoFullGroups(struct ndr_pull *ndr, int ndr_flags, struct samr_DispInfoFullGroups *r) { uint32_t _ptr_entries; + uint32_t size_entries_1 = 0; uint32_t cntr_entries_1; TALLOC_CTX *_mem_save_entries_0; TALLOC_CTX *_mem_save_entries_1; @@ -4154,13 +4181,14 @@ static enum ndr_err_code ndr_pull_samr_DispInfoFullGroups(struct ndr_pull *ndr, _mem_save_entries_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->entries, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->entries)); - NDR_PULL_ALLOC_N(ndr, r->entries, ndr_get_array_size(ndr, &r->entries)); + size_entries_1 = ndr_get_array_size(ndr, &r->entries); + NDR_PULL_ALLOC_N(ndr, r->entries, size_entries_1); _mem_save_entries_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->entries, 0); - for (cntr_entries_1 = 0; cntr_entries_1 < r->count; cntr_entries_1++) { + for (cntr_entries_1 = 0; cntr_entries_1 < size_entries_1; cntr_entries_1++) { NDR_CHECK(ndr_pull_samr_DispEntryFullGroup(ndr, NDR_SCALARS, &r->entries[cntr_entries_1])); } - for (cntr_entries_1 = 0; cntr_entries_1 < r->count; cntr_entries_1++) { + for (cntr_entries_1 = 0; cntr_entries_1 < size_entries_1; cntr_entries_1++) { NDR_CHECK(ndr_pull_samr_DispEntryFullGroup(ndr, NDR_BUFFERS, &r->entries[cntr_entries_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_entries_1, 0); @@ -4257,6 +4285,7 @@ static enum ndr_err_code ndr_push_samr_DispInfoAscii(struct ndr_push *ndr, int n static enum ndr_err_code ndr_pull_samr_DispInfoAscii(struct ndr_pull *ndr, int ndr_flags, struct samr_DispInfoAscii *r) { uint32_t _ptr_entries; + uint32_t size_entries_1 = 0; uint32_t cntr_entries_1; TALLOC_CTX *_mem_save_entries_0; TALLOC_CTX *_mem_save_entries_1; @@ -4275,13 +4304,14 @@ static enum ndr_err_code ndr_pull_samr_DispInfoAscii(struct ndr_pull *ndr, int n _mem_save_entries_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->entries, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->entries)); - NDR_PULL_ALLOC_N(ndr, r->entries, ndr_get_array_size(ndr, &r->entries)); + size_entries_1 = ndr_get_array_size(ndr, &r->entries); + NDR_PULL_ALLOC_N(ndr, r->entries, size_entries_1); _mem_save_entries_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->entries, 0); - for (cntr_entries_1 = 0; cntr_entries_1 < r->count; cntr_entries_1++) { + for (cntr_entries_1 = 0; cntr_entries_1 < size_entries_1; cntr_entries_1++) { NDR_CHECK(ndr_pull_samr_DispEntryAscii(ndr, NDR_SCALARS, &r->entries[cntr_entries_1])); } - for (cntr_entries_1 = 0; cntr_entries_1 < r->count; cntr_entries_1++) { + for (cntr_entries_1 = 0; cntr_entries_1 < size_entries_1; cntr_entries_1++) { NDR_CHECK(ndr_pull_samr_DispEntryAscii(ndr, NDR_BUFFERS, &r->entries[cntr_entries_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_entries_1, 0); @@ -4778,6 +4808,7 @@ static enum ndr_err_code ndr_push_samr_ValidationBlob(struct ndr_push *ndr, int static enum ndr_err_code ndr_pull_samr_ValidationBlob(struct ndr_pull *ndr, int ndr_flags, struct samr_ValidationBlob *r) { uint32_t _ptr_data; + uint32_t size_data_1 = 0; TALLOC_CTX *_mem_save_data_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); @@ -4794,8 +4825,9 @@ static enum ndr_err_code ndr_pull_samr_ValidationBlob(struct ndr_pull *ndr, int _mem_save_data_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->data, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->data)); - NDR_PULL_ALLOC_N(ndr, r->data, ndr_get_array_size(ndr, &r->data)); - NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->data, ndr_get_array_size(ndr, &r->data))); + size_data_1 = ndr_get_array_size(ndr, &r->data); + NDR_PULL_ALLOC_N(ndr, r->data, size_data_1); + NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->data, size_data_1)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_data_0, 0); } if (r->data) { @@ -4849,6 +4881,7 @@ static enum ndr_err_code ndr_push_samr_ValidatePasswordInfo(struct ndr_push *ndr static enum ndr_err_code ndr_pull_samr_ValidatePasswordInfo(struct ndr_pull *ndr, int ndr_flags, struct samr_ValidatePasswordInfo *r) { uint32_t _ptr_pwd_history; + uint32_t size_pwd_history_1 = 0; uint32_t cntr_pwd_history_1; TALLOC_CTX *_mem_save_pwd_history_0; TALLOC_CTX *_mem_save_pwd_history_1; @@ -4872,13 +4905,14 @@ static enum ndr_err_code ndr_pull_samr_ValidatePasswordInfo(struct ndr_pull *ndr _mem_save_pwd_history_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->pwd_history, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->pwd_history)); - NDR_PULL_ALLOC_N(ndr, r->pwd_history, ndr_get_array_size(ndr, &r->pwd_history)); + size_pwd_history_1 = ndr_get_array_size(ndr, &r->pwd_history); + NDR_PULL_ALLOC_N(ndr, r->pwd_history, size_pwd_history_1); _mem_save_pwd_history_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->pwd_history, 0); - for (cntr_pwd_history_1 = 0; cntr_pwd_history_1 < r->pwd_history_len; cntr_pwd_history_1++) { + for (cntr_pwd_history_1 = 0; cntr_pwd_history_1 < size_pwd_history_1; cntr_pwd_history_1++) { NDR_CHECK(ndr_pull_samr_ValidationBlob(ndr, NDR_SCALARS, &r->pwd_history[cntr_pwd_history_1])); } - for (cntr_pwd_history_1 = 0; cntr_pwd_history_1 < r->pwd_history_len; cntr_pwd_history_1++) { + for (cntr_pwd_history_1 = 0; cntr_pwd_history_1 < size_pwd_history_1; cntr_pwd_history_1++) { NDR_CHECK(ndr_pull_samr_ValidationBlob(ndr, NDR_BUFFERS, &r->pwd_history[cntr_pwd_history_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_pwd_history_1, 0); @@ -7195,6 +7229,8 @@ _PUBLIC_ enum ndr_err_code ndr_push_samr_LookupNames(struct ndr_push *ndr, int f _PUBLIC_ enum ndr_err_code ndr_pull_samr_LookupNames(struct ndr_pull *ndr, int flags, struct samr_LookupNames *r) { + uint32_t size_names_0 = 0; + uint32_t length_names_0 = 0; uint32_t cntr_names_0; TALLOC_CTX *_mem_save_domain_handle_0; TALLOC_CTX *_mem_save_names_0; @@ -7216,16 +7252,18 @@ _PUBLIC_ enum ndr_err_code ndr_pull_samr_LookupNames(struct ndr_pull *ndr, int f } NDR_CHECK(ndr_pull_array_size(ndr, &r->in.names)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.names)); - if (ndr_get_array_length(ndr, &r->in.names) > ndr_get_array_size(ndr, &r->in.names)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.names), ndr_get_array_length(ndr, &r->in.names)); + size_names_0 = ndr_get_array_size(ndr, &r->in.names); + length_names_0 = ndr_get_array_length(ndr, &r->in.names); + if (length_names_0 > size_names_0) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_names_0, length_names_0); } - NDR_PULL_ALLOC_N(ndr, r->in.names, ndr_get_array_size(ndr, &r->in.names)); + NDR_PULL_ALLOC_N(ndr, r->in.names, size_names_0); _mem_save_names_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->in.names, 0); - for (cntr_names_0 = 0; cntr_names_0 < r->in.num_names; cntr_names_0++) { + for (cntr_names_0 = 0; cntr_names_0 < length_names_0; cntr_names_0++) { NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_SCALARS, &r->in.names[cntr_names_0])); } - for (cntr_names_0 = 0; cntr_names_0 < r->in.num_names; cntr_names_0++) { + for (cntr_names_0 = 0; cntr_names_0 < length_names_0; cntr_names_0++) { NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_BUFFERS, &r->in.names[cntr_names_0])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_names_0, 0); @@ -7337,6 +7375,8 @@ static enum ndr_err_code ndr_push_samr_LookupRids(struct ndr_push *ndr, int flag static enum ndr_err_code ndr_pull_samr_LookupRids(struct ndr_pull *ndr, int flags, struct samr_LookupRids *r) { + uint32_t size_rids_0 = 0; + uint32_t length_rids_0 = 0; uint32_t cntr_rids_0; TALLOC_CTX *_mem_save_domain_handle_0; TALLOC_CTX *_mem_save_rids_0; @@ -7358,13 +7398,15 @@ static enum ndr_err_code ndr_pull_samr_LookupRids(struct ndr_pull *ndr, int flag } NDR_CHECK(ndr_pull_array_size(ndr, &r->in.rids)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.rids)); - if (ndr_get_array_length(ndr, &r->in.rids) > ndr_get_array_size(ndr, &r->in.rids)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.rids), ndr_get_array_length(ndr, &r->in.rids)); + size_rids_0 = ndr_get_array_size(ndr, &r->in.rids); + length_rids_0 = ndr_get_array_length(ndr, &r->in.rids); + if (length_rids_0 > size_rids_0) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_rids_0, length_rids_0); } - NDR_PULL_ALLOC_N(ndr, r->in.rids, ndr_get_array_size(ndr, &r->in.rids)); + NDR_PULL_ALLOC_N(ndr, r->in.rids, size_rids_0); _mem_save_rids_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->in.rids, 0); - for (cntr_rids_0 = 0; cntr_rids_0 < r->in.num_rids; cntr_rids_0++) { + for (cntr_rids_0 = 0; cntr_rids_0 < length_rids_0; cntr_rids_0++) { NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.rids[cntr_rids_0])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_rids_0, 0); @@ -11036,6 +11078,8 @@ static enum ndr_err_code ndr_push_samr_Connect2(struct ndr_push *ndr, int flags, static enum ndr_err_code ndr_pull_samr_Connect2(struct ndr_pull *ndr, int flags, struct samr_Connect2 *r) { uint32_t _ptr_system_name; + uint32_t size_system_name_1 = 0; + uint32_t length_system_name_1 = 0; TALLOC_CTX *_mem_save_system_name_0; TALLOC_CTX *_mem_save_connect_handle_0; if (flags & NDR_IN) { @@ -11052,11 +11096,13 @@ static enum ndr_err_code ndr_pull_samr_Connect2(struct ndr_pull *ndr, int flags, NDR_PULL_SET_MEM_CTX(ndr, r->in.system_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.system_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.system_name)); - if (ndr_get_array_length(ndr, &r->in.system_name) > ndr_get_array_size(ndr, &r->in.system_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.system_name), ndr_get_array_length(ndr, &r->in.system_name)); + size_system_name_1 = ndr_get_array_size(ndr, &r->in.system_name); + length_system_name_1 = ndr_get_array_length(ndr, &r->in.system_name); + if (length_system_name_1 > size_system_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_system_name_1, length_system_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.system_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.system_name, ndr_get_array_length(ndr, &r->in.system_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_system_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.system_name, length_system_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_system_name_0, 0); } NDR_CHECK(ndr_pull_samr_ConnectAccessMask(ndr, NDR_SCALARS, &r->in.access_mask)); @@ -11356,6 +11402,8 @@ static enum ndr_err_code ndr_push_samr_Connect3(struct ndr_push *ndr, int flags, static enum ndr_err_code ndr_pull_samr_Connect3(struct ndr_pull *ndr, int flags, struct samr_Connect3 *r) { uint32_t _ptr_system_name; + uint32_t size_system_name_1 = 0; + uint32_t length_system_name_1 = 0; TALLOC_CTX *_mem_save_system_name_0; TALLOC_CTX *_mem_save_connect_handle_0; if (flags & NDR_IN) { @@ -11372,11 +11420,13 @@ static enum ndr_err_code ndr_pull_samr_Connect3(struct ndr_pull *ndr, int flags, NDR_PULL_SET_MEM_CTX(ndr, r->in.system_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.system_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.system_name)); - if (ndr_get_array_length(ndr, &r->in.system_name) > ndr_get_array_size(ndr, &r->in.system_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.system_name), ndr_get_array_length(ndr, &r->in.system_name)); + size_system_name_1 = ndr_get_array_size(ndr, &r->in.system_name); + length_system_name_1 = ndr_get_array_length(ndr, &r->in.system_name); + if (length_system_name_1 > size_system_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_system_name_1, length_system_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.system_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.system_name, ndr_get_array_length(ndr, &r->in.system_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_system_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.system_name, length_system_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_system_name_0, 0); } NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.unknown)); @@ -11456,6 +11506,8 @@ static enum ndr_err_code ndr_push_samr_Connect4(struct ndr_push *ndr, int flags, static enum ndr_err_code ndr_pull_samr_Connect4(struct ndr_pull *ndr, int flags, struct samr_Connect4 *r) { uint32_t _ptr_system_name; + uint32_t size_system_name_1 = 0; + uint32_t length_system_name_1 = 0; TALLOC_CTX *_mem_save_system_name_0; TALLOC_CTX *_mem_save_connect_handle_0; if (flags & NDR_IN) { @@ -11472,11 +11524,13 @@ static enum ndr_err_code ndr_pull_samr_Connect4(struct ndr_pull *ndr, int flags, NDR_PULL_SET_MEM_CTX(ndr, r->in.system_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.system_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.system_name)); - if (ndr_get_array_length(ndr, &r->in.system_name) > ndr_get_array_size(ndr, &r->in.system_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.system_name), ndr_get_array_length(ndr, &r->in.system_name)); + size_system_name_1 = ndr_get_array_size(ndr, &r->in.system_name); + length_system_name_1 = ndr_get_array_length(ndr, &r->in.system_name); + if (length_system_name_1 > size_system_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_system_name_1, length_system_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.system_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.system_name, ndr_get_array_length(ndr, &r->in.system_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_system_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.system_name, length_system_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_system_name_0, 0); } NDR_CHECK(ndr_pull_samr_ConnectVersion(ndr, NDR_SCALARS, &r->in.client_version)); @@ -11854,6 +11908,8 @@ _PUBLIC_ enum ndr_err_code ndr_push_samr_Connect5(struct ndr_push *ndr, int flag _PUBLIC_ enum ndr_err_code ndr_pull_samr_Connect5(struct ndr_pull *ndr, int flags, struct samr_Connect5 *r) { uint32_t _ptr_system_name; + uint32_t size_system_name_1 = 0; + uint32_t length_system_name_1 = 0; TALLOC_CTX *_mem_save_system_name_0; TALLOC_CTX *_mem_save_info_in_0; TALLOC_CTX *_mem_save_level_out_0; @@ -11873,11 +11929,13 @@ _PUBLIC_ enum ndr_err_code ndr_pull_samr_Connect5(struct ndr_pull *ndr, int flag NDR_PULL_SET_MEM_CTX(ndr, r->in.system_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.system_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.system_name)); - if (ndr_get_array_length(ndr, &r->in.system_name) > ndr_get_array_size(ndr, &r->in.system_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.system_name), ndr_get_array_length(ndr, &r->in.system_name)); + size_system_name_1 = ndr_get_array_size(ndr, &r->in.system_name); + length_system_name_1 = ndr_get_array_length(ndr, &r->in.system_name); + if (length_system_name_1 > size_system_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_system_name_1, length_system_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.system_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.system_name, ndr_get_array_length(ndr, &r->in.system_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_system_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.system_name, length_system_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_system_name_0, 0); } NDR_CHECK(ndr_pull_samr_ConnectAccessMask(ndr, NDR_SCALARS, &r->in.access_mask)); diff --git a/librpc/gen_ndr/ndr_security.c b/librpc/gen_ndr/ndr_security.c index 3ae6ec3..824f24b 100644 --- a/librpc/gen_ndr/ndr_security.c +++ b/librpc/gen_ndr/ndr_security.c @@ -491,6 +491,7 @@ _PUBLIC_ enum ndr_err_code ndr_push_security_acl(struct ndr_push *ndr, int ndr_f _PUBLIC_ enum ndr_err_code ndr_pull_security_acl(struct ndr_pull *ndr, int ndr_flags, struct security_acl *r) { + uint32_t size_aces_0 = 0; uint32_t cntr_aces_0; TALLOC_CTX *_mem_save_aces_0; if (ndr_flags & NDR_SCALARS) { @@ -501,18 +502,20 @@ _PUBLIC_ enum ndr_err_code ndr_pull_security_acl(struct ndr_pull *ndr, int ndr_f if (r->num_aces > 1000) { return ndr_pull_error(ndr, NDR_ERR_RANGE, "value out of range"); } - NDR_PULL_ALLOC_N(ndr, r->aces, r->num_aces); + size_aces_0 = r->num_aces; + NDR_PULL_ALLOC_N(ndr, r->aces, size_aces_0); _mem_save_aces_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->aces, 0); - for (cntr_aces_0 = 0; cntr_aces_0 < r->num_aces; cntr_aces_0++) { + for (cntr_aces_0 = 0; cntr_aces_0 < size_aces_0; cntr_aces_0++) { NDR_CHECK(ndr_pull_security_ace(ndr, NDR_SCALARS, &r->aces[cntr_aces_0])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_aces_0, 0); } if (ndr_flags & NDR_BUFFERS) { + size_aces_0 = r->num_aces; _mem_save_aces_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->aces, 0); - for (cntr_aces_0 = 0; cntr_aces_0 < r->num_aces; cntr_aces_0++) { + for (cntr_aces_0 = 0; cntr_aces_0 < size_aces_0; cntr_aces_0++) { NDR_CHECK(ndr_pull_security_ace(ndr, NDR_BUFFERS, &r->aces[cntr_aces_0])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_aces_0, 0); @@ -878,6 +881,7 @@ _PUBLIC_ enum ndr_err_code ndr_pull_security_token(struct ndr_pull *ndr, int ndr uint32_t _ptr_group_sid; TALLOC_CTX *_mem_save_group_sid_0; uint32_t _ptr_sids; + uint32_t size_sids_0 = 0; uint32_t cntr_sids_0; TALLOC_CTX *_mem_save_sids_0; TALLOC_CTX *_mem_save_sids_1; @@ -897,10 +901,11 @@ _PUBLIC_ enum ndr_err_code ndr_pull_security_token(struct ndr_pull *ndr, int ndr } NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->num_sids)); NDR_CHECK(ndr_pull_array_size(ndr, &r->sids)); - NDR_PULL_ALLOC_N(ndr, r->sids, ndr_get_array_size(ndr, &r->sids)); + size_sids_0 = ndr_get_array_size(ndr, &r->sids); + NDR_PULL_ALLOC_N(ndr, r->sids, size_sids_0); _mem_save_sids_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->sids, 0); - for (cntr_sids_0 = 0; cntr_sids_0 < r->num_sids; cntr_sids_0++) { + for (cntr_sids_0 = 0; cntr_sids_0 < size_sids_0; cntr_sids_0++) { NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_sids)); if (_ptr_sids) { NDR_PULL_ALLOC(ndr, r->sids[cntr_sids_0]); @@ -927,9 +932,10 @@ _PUBLIC_ enum ndr_err_code ndr_pull_security_token(struct ndr_pull *ndr, int ndr NDR_CHECK(ndr_pull_dom_sid(ndr, NDR_SCALARS, r->group_sid)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_group_sid_0, 0); } + size_sids_0 = ndr_get_array_size(ndr, &r->sids); _mem_save_sids_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->sids, 0); - for (cntr_sids_0 = 0; cntr_sids_0 < r->num_sids; cntr_sids_0++) { + for (cntr_sids_0 = 0; cntr_sids_0 < size_sids_0; cntr_sids_0++) { if (r->sids[cntr_sids_0]) { _mem_save_sids_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->sids[cntr_sids_0], 0); diff --git a/librpc/gen_ndr/ndr_spoolss.c b/librpc/gen_ndr/ndr_spoolss.c index ef3fd3d..8cd1f5d 100644 --- a/librpc/gen_ndr/ndr_spoolss.c +++ b/librpc/gen_ndr/ndr_spoolss.c @@ -625,9 +625,12 @@ _PUBLIC_ enum ndr_err_code ndr_push_spoolss_DeviceMode(struct ndr_push *ndr, int _PUBLIC_ enum ndr_err_code ndr_pull_spoolss_DeviceMode(struct ndr_pull *ndr, int ndr_flags, struct spoolss_DeviceMode *r) { + uint32_t size_devicename_0 = 0; + uint32_t size_formname_0 = 0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->devicename, 32, sizeof(uint16_t), CH_UTF16)); + size_devicename_0 = 32; + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->devicename, size_devicename_0, sizeof(uint16_t), CH_UTF16)); NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, &r->specversion)); NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, &r->driverversion)); NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, &r->size)); @@ -646,7 +649,8 @@ _PUBLIC_ enum ndr_err_code ndr_pull_spoolss_DeviceMode(struct ndr_pull *ndr, int NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, &r->yresolution)); NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, &r->ttoption)); NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, &r->collate)); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->formname, 32, sizeof(uint16_t), CH_UTF16)); + size_formname_0 = 32; + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->formname, size_formname_0, sizeof(uint16_t), CH_UTF16)); NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, &r->logpixels)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->bitsperpel)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->pelswidth)); @@ -4530,16 +4534,28 @@ static enum ndr_err_code ndr_push_spoolss_SetJobInfo1(struct ndr_push *ndr, int static enum ndr_err_code ndr_pull_spoolss_SetJobInfo1(struct ndr_pull *ndr, int ndr_flags, struct spoolss_SetJobInfo1 *r) { uint32_t _ptr_printer_name; + uint32_t size_printer_name_1 = 0; + uint32_t length_printer_name_1 = 0; TALLOC_CTX *_mem_save_printer_name_0; uint32_t _ptr_server_name; + uint32_t size_server_name_1 = 0; + uint32_t length_server_name_1 = 0; TALLOC_CTX *_mem_save_server_name_0; uint32_t _ptr_user_name; + uint32_t size_user_name_1 = 0; + uint32_t length_user_name_1 = 0; TALLOC_CTX *_mem_save_user_name_0; uint32_t _ptr_document_name; + uint32_t size_document_name_1 = 0; + uint32_t length_document_name_1 = 0; TALLOC_CTX *_mem_save_document_name_0; uint32_t _ptr_data_type; + uint32_t size_data_type_1 = 0; + uint32_t length_data_type_1 = 0; TALLOC_CTX *_mem_save_data_type_0; uint32_t _ptr_text_status; + uint32_t size_text_status_1 = 0; + uint32_t length_text_status_1 = 0; TALLOC_CTX *_mem_save_text_status_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); @@ -4596,11 +4612,13 @@ static enum ndr_err_code ndr_pull_spoolss_SetJobInfo1(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->printer_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->printer_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->printer_name)); - if (ndr_get_array_length(ndr, &r->printer_name) > ndr_get_array_size(ndr, &r->printer_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->printer_name), ndr_get_array_length(ndr, &r->printer_name)); + size_printer_name_1 = ndr_get_array_size(ndr, &r->printer_name); + length_printer_name_1 = ndr_get_array_length(ndr, &r->printer_name); + if (length_printer_name_1 > size_printer_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_printer_name_1, length_printer_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->printer_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->printer_name, ndr_get_array_length(ndr, &r->printer_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_printer_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->printer_name, length_printer_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_printer_name_0, 0); } if (r->server_name) { @@ -4608,11 +4626,13 @@ static enum ndr_err_code ndr_pull_spoolss_SetJobInfo1(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->server_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->server_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->server_name)); - if (ndr_get_array_length(ndr, &r->server_name) > ndr_get_array_size(ndr, &r->server_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->server_name), ndr_get_array_length(ndr, &r->server_name)); + size_server_name_1 = ndr_get_array_size(ndr, &r->server_name); + length_server_name_1 = ndr_get_array_length(ndr, &r->server_name); + if (length_server_name_1 > size_server_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_name_1, length_server_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->server_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->server_name, ndr_get_array_length(ndr, &r->server_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->server_name, length_server_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_name_0, 0); } if (r->user_name) { @@ -4620,11 +4640,13 @@ static enum ndr_err_code ndr_pull_spoolss_SetJobInfo1(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->user_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->user_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->user_name)); - if (ndr_get_array_length(ndr, &r->user_name) > ndr_get_array_size(ndr, &r->user_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->user_name), ndr_get_array_length(ndr, &r->user_name)); + size_user_name_1 = ndr_get_array_size(ndr, &r->user_name); + length_user_name_1 = ndr_get_array_length(ndr, &r->user_name); + if (length_user_name_1 > size_user_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_user_name_1, length_user_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->user_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->user_name, ndr_get_array_length(ndr, &r->user_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_user_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->user_name, length_user_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_user_name_0, 0); } if (r->document_name) { @@ -4632,11 +4654,13 @@ static enum ndr_err_code ndr_pull_spoolss_SetJobInfo1(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->document_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->document_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->document_name)); - if (ndr_get_array_length(ndr, &r->document_name) > ndr_get_array_size(ndr, &r->document_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->document_name), ndr_get_array_length(ndr, &r->document_name)); + size_document_name_1 = ndr_get_array_size(ndr, &r->document_name); + length_document_name_1 = ndr_get_array_length(ndr, &r->document_name); + if (length_document_name_1 > size_document_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_document_name_1, length_document_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->document_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->document_name, ndr_get_array_length(ndr, &r->document_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_document_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->document_name, length_document_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_document_name_0, 0); } if (r->data_type) { @@ -4644,11 +4668,13 @@ static enum ndr_err_code ndr_pull_spoolss_SetJobInfo1(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->data_type, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->data_type)); NDR_CHECK(ndr_pull_array_length(ndr, &r->data_type)); - if (ndr_get_array_length(ndr, &r->data_type) > ndr_get_array_size(ndr, &r->data_type)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->data_type), ndr_get_array_length(ndr, &r->data_type)); + size_data_type_1 = ndr_get_array_size(ndr, &r->data_type); + length_data_type_1 = ndr_get_array_length(ndr, &r->data_type); + if (length_data_type_1 > size_data_type_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_data_type_1, length_data_type_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->data_type), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->data_type, ndr_get_array_length(ndr, &r->data_type), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_data_type_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->data_type, length_data_type_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_data_type_0, 0); } if (r->text_status) { @@ -4656,11 +4682,13 @@ static enum ndr_err_code ndr_pull_spoolss_SetJobInfo1(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->text_status, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->text_status)); NDR_CHECK(ndr_pull_array_length(ndr, &r->text_status)); - if (ndr_get_array_length(ndr, &r->text_status) > ndr_get_array_size(ndr, &r->text_status)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->text_status), ndr_get_array_length(ndr, &r->text_status)); + size_text_status_1 = ndr_get_array_size(ndr, &r->text_status); + length_text_status_1 = ndr_get_array_length(ndr, &r->text_status); + if (length_text_status_1 > size_text_status_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_text_status_1, length_text_status_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->text_status), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->text_status, ndr_get_array_length(ndr, &r->text_status), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_text_status_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->text_status, length_text_status_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_text_status_0, 0); } } @@ -4813,24 +4841,44 @@ static enum ndr_err_code ndr_push_spoolss_SetJobInfo2(struct ndr_push *ndr, int static enum ndr_err_code ndr_pull_spoolss_SetJobInfo2(struct ndr_pull *ndr, int ndr_flags, struct spoolss_SetJobInfo2 *r) { uint32_t _ptr_printer_name; + uint32_t size_printer_name_1 = 0; + uint32_t length_printer_name_1 = 0; TALLOC_CTX *_mem_save_printer_name_0; uint32_t _ptr_server_name; + uint32_t size_server_name_1 = 0; + uint32_t length_server_name_1 = 0; TALLOC_CTX *_mem_save_server_name_0; uint32_t _ptr_user_name; + uint32_t size_user_name_1 = 0; + uint32_t length_user_name_1 = 0; TALLOC_CTX *_mem_save_user_name_0; uint32_t _ptr_document_name; + uint32_t size_document_name_1 = 0; + uint32_t length_document_name_1 = 0; TALLOC_CTX *_mem_save_document_name_0; uint32_t _ptr_notify_name; + uint32_t size_notify_name_1 = 0; + uint32_t length_notify_name_1 = 0; TALLOC_CTX *_mem_save_notify_name_0; uint32_t _ptr_data_type; + uint32_t size_data_type_1 = 0; + uint32_t length_data_type_1 = 0; TALLOC_CTX *_mem_save_data_type_0; uint32_t _ptr_print_processor; + uint32_t size_print_processor_1 = 0; + uint32_t length_print_processor_1 = 0; TALLOC_CTX *_mem_save_print_processor_0; uint32_t _ptr_parameters; + uint32_t size_parameters_1 = 0; + uint32_t length_parameters_1 = 0; TALLOC_CTX *_mem_save_parameters_0; uint32_t _ptr_driver_name; + uint32_t size_driver_name_1 = 0; + uint32_t length_driver_name_1 = 0; TALLOC_CTX *_mem_save_driver_name_0; uint32_t _ptr_text_status; + uint32_t size_text_status_1 = 0; + uint32_t length_text_status_1 = 0; TALLOC_CTX *_mem_save_text_status_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); @@ -4917,11 +4965,13 @@ static enum ndr_err_code ndr_pull_spoolss_SetJobInfo2(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->printer_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->printer_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->printer_name)); - if (ndr_get_array_length(ndr, &r->printer_name) > ndr_get_array_size(ndr, &r->printer_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->printer_name), ndr_get_array_length(ndr, &r->printer_name)); + size_printer_name_1 = ndr_get_array_size(ndr, &r->printer_name); + length_printer_name_1 = ndr_get_array_length(ndr, &r->printer_name); + if (length_printer_name_1 > size_printer_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_printer_name_1, length_printer_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->printer_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->printer_name, ndr_get_array_length(ndr, &r->printer_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_printer_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->printer_name, length_printer_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_printer_name_0, 0); } if (r->server_name) { @@ -4929,11 +4979,13 @@ static enum ndr_err_code ndr_pull_spoolss_SetJobInfo2(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->server_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->server_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->server_name)); - if (ndr_get_array_length(ndr, &r->server_name) > ndr_get_array_size(ndr, &r->server_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->server_name), ndr_get_array_length(ndr, &r->server_name)); + size_server_name_1 = ndr_get_array_size(ndr, &r->server_name); + length_server_name_1 = ndr_get_array_length(ndr, &r->server_name); + if (length_server_name_1 > size_server_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_name_1, length_server_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->server_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->server_name, ndr_get_array_length(ndr, &r->server_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->server_name, length_server_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_name_0, 0); } if (r->user_name) { @@ -4941,11 +4993,13 @@ static enum ndr_err_code ndr_pull_spoolss_SetJobInfo2(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->user_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->user_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->user_name)); - if (ndr_get_array_length(ndr, &r->user_name) > ndr_get_array_size(ndr, &r->user_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->user_name), ndr_get_array_length(ndr, &r->user_name)); + size_user_name_1 = ndr_get_array_size(ndr, &r->user_name); + length_user_name_1 = ndr_get_array_length(ndr, &r->user_name); + if (length_user_name_1 > size_user_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_user_name_1, length_user_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->user_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->user_name, ndr_get_array_length(ndr, &r->user_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_user_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->user_name, length_user_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_user_name_0, 0); } if (r->document_name) { @@ -4953,11 +5007,13 @@ static enum ndr_err_code ndr_pull_spoolss_SetJobInfo2(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->document_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->document_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->document_name)); - if (ndr_get_array_length(ndr, &r->document_name) > ndr_get_array_size(ndr, &r->document_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->document_name), ndr_get_array_length(ndr, &r->document_name)); + size_document_name_1 = ndr_get_array_size(ndr, &r->document_name); + length_document_name_1 = ndr_get_array_length(ndr, &r->document_name); + if (length_document_name_1 > size_document_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_document_name_1, length_document_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->document_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->document_name, ndr_get_array_length(ndr, &r->document_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_document_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->document_name, length_document_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_document_name_0, 0); } if (r->notify_name) { @@ -4965,11 +5021,13 @@ static enum ndr_err_code ndr_pull_spoolss_SetJobInfo2(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->notify_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->notify_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->notify_name)); - if (ndr_get_array_length(ndr, &r->notify_name) > ndr_get_array_size(ndr, &r->notify_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->notify_name), ndr_get_array_length(ndr, &r->notify_name)); + size_notify_name_1 = ndr_get_array_size(ndr, &r->notify_name); + length_notify_name_1 = ndr_get_array_length(ndr, &r->notify_name); + if (length_notify_name_1 > size_notify_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_notify_name_1, length_notify_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->notify_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->notify_name, ndr_get_array_length(ndr, &r->notify_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_notify_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->notify_name, length_notify_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_notify_name_0, 0); } if (r->data_type) { @@ -4977,11 +5035,13 @@ static enum ndr_err_code ndr_pull_spoolss_SetJobInfo2(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->data_type, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->data_type)); NDR_CHECK(ndr_pull_array_length(ndr, &r->data_type)); - if (ndr_get_array_length(ndr, &r->data_type) > ndr_get_array_size(ndr, &r->data_type)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->data_type), ndr_get_array_length(ndr, &r->data_type)); + size_data_type_1 = ndr_get_array_size(ndr, &r->data_type); + length_data_type_1 = ndr_get_array_length(ndr, &r->data_type); + if (length_data_type_1 > size_data_type_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_data_type_1, length_data_type_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->data_type), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->data_type, ndr_get_array_length(ndr, &r->data_type), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_data_type_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->data_type, length_data_type_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_data_type_0, 0); } if (r->print_processor) { @@ -4989,11 +5049,13 @@ static enum ndr_err_code ndr_pull_spoolss_SetJobInfo2(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->print_processor, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->print_processor)); NDR_CHECK(ndr_pull_array_length(ndr, &r->print_processor)); - if (ndr_get_array_length(ndr, &r->print_processor) > ndr_get_array_size(ndr, &r->print_processor)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->print_processor), ndr_get_array_length(ndr, &r->print_processor)); + size_print_processor_1 = ndr_get_array_size(ndr, &r->print_processor); + length_print_processor_1 = ndr_get_array_length(ndr, &r->print_processor); + if (length_print_processor_1 > size_print_processor_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_print_processor_1, length_print_processor_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->print_processor), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->print_processor, ndr_get_array_length(ndr, &r->print_processor), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_print_processor_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->print_processor, length_print_processor_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_print_processor_0, 0); } if (r->parameters) { @@ -5001,11 +5063,13 @@ static enum ndr_err_code ndr_pull_spoolss_SetJobInfo2(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->parameters, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->parameters)); NDR_CHECK(ndr_pull_array_length(ndr, &r->parameters)); - if (ndr_get_array_length(ndr, &r->parameters) > ndr_get_array_size(ndr, &r->parameters)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->parameters), ndr_get_array_length(ndr, &r->parameters)); + size_parameters_1 = ndr_get_array_size(ndr, &r->parameters); + length_parameters_1 = ndr_get_array_length(ndr, &r->parameters); + if (length_parameters_1 > size_parameters_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_parameters_1, length_parameters_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->parameters), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->parameters, ndr_get_array_length(ndr, &r->parameters), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_parameters_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->parameters, length_parameters_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_parameters_0, 0); } if (r->driver_name) { @@ -5013,11 +5077,13 @@ static enum ndr_err_code ndr_pull_spoolss_SetJobInfo2(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->driver_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->driver_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->driver_name)); - if (ndr_get_array_length(ndr, &r->driver_name) > ndr_get_array_size(ndr, &r->driver_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->driver_name), ndr_get_array_length(ndr, &r->driver_name)); + size_driver_name_1 = ndr_get_array_size(ndr, &r->driver_name); + length_driver_name_1 = ndr_get_array_length(ndr, &r->driver_name); + if (length_driver_name_1 > size_driver_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_driver_name_1, length_driver_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->driver_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->driver_name, ndr_get_array_length(ndr, &r->driver_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_driver_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->driver_name, length_driver_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_driver_name_0, 0); } if (r->text_status) { @@ -5025,11 +5091,13 @@ static enum ndr_err_code ndr_pull_spoolss_SetJobInfo2(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->text_status, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->text_status)); NDR_CHECK(ndr_pull_array_length(ndr, &r->text_status)); - if (ndr_get_array_length(ndr, &r->text_status) > ndr_get_array_size(ndr, &r->text_status)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->text_status), ndr_get_array_length(ndr, &r->text_status)); + size_text_status_1 = ndr_get_array_size(ndr, &r->text_status); + length_text_status_1 = ndr_get_array_length(ndr, &r->text_status); + if (length_text_status_1 > size_text_status_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_text_status_1, length_text_status_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->text_status), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->text_status, ndr_get_array_length(ndr, &r->text_status), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_text_status_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->text_status, length_text_status_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_text_status_0, 0); } } @@ -5213,24 +5281,44 @@ static enum ndr_err_code ndr_push_spoolss_SetJobInfo4(struct ndr_push *ndr, int static enum ndr_err_code ndr_pull_spoolss_SetJobInfo4(struct ndr_pull *ndr, int ndr_flags, struct spoolss_SetJobInfo4 *r) { uint32_t _ptr_printer_name; + uint32_t size_printer_name_1 = 0; + uint32_t length_printer_name_1 = 0; TALLOC_CTX *_mem_save_printer_name_0; uint32_t _ptr_server_name; + uint32_t size_server_name_1 = 0; + uint32_t length_server_name_1 = 0; TALLOC_CTX *_mem_save_server_name_0; uint32_t _ptr_user_name; + uint32_t size_user_name_1 = 0; + uint32_t length_user_name_1 = 0; TALLOC_CTX *_mem_save_user_name_0; uint32_t _ptr_document_name; + uint32_t size_document_name_1 = 0; + uint32_t length_document_name_1 = 0; TALLOC_CTX *_mem_save_document_name_0; uint32_t _ptr_notify_name; + uint32_t size_notify_name_1 = 0; + uint32_t length_notify_name_1 = 0; TALLOC_CTX *_mem_save_notify_name_0; uint32_t _ptr_data_type; + uint32_t size_data_type_1 = 0; + uint32_t length_data_type_1 = 0; TALLOC_CTX *_mem_save_data_type_0; uint32_t _ptr_print_processor; + uint32_t size_print_processor_1 = 0; + uint32_t length_print_processor_1 = 0; TALLOC_CTX *_mem_save_print_processor_0; uint32_t _ptr_parameters; + uint32_t size_parameters_1 = 0; + uint32_t length_parameters_1 = 0; TALLOC_CTX *_mem_save_parameters_0; uint32_t _ptr_driver_name; + uint32_t size_driver_name_1 = 0; + uint32_t length_driver_name_1 = 0; TALLOC_CTX *_mem_save_driver_name_0; uint32_t _ptr_text_status; + uint32_t size_text_status_1 = 0; + uint32_t length_text_status_1 = 0; TALLOC_CTX *_mem_save_text_status_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); @@ -5318,11 +5406,13 @@ static enum ndr_err_code ndr_pull_spoolss_SetJobInfo4(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->printer_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->printer_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->printer_name)); - if (ndr_get_array_length(ndr, &r->printer_name) > ndr_get_array_size(ndr, &r->printer_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->printer_name), ndr_get_array_length(ndr, &r->printer_name)); + size_printer_name_1 = ndr_get_array_size(ndr, &r->printer_name); + length_printer_name_1 = ndr_get_array_length(ndr, &r->printer_name); + if (length_printer_name_1 > size_printer_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_printer_name_1, length_printer_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->printer_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->printer_name, ndr_get_array_length(ndr, &r->printer_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_printer_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->printer_name, length_printer_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_printer_name_0, 0); } if (r->server_name) { @@ -5330,11 +5420,13 @@ static enum ndr_err_code ndr_pull_spoolss_SetJobInfo4(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->server_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->server_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->server_name)); - if (ndr_get_array_length(ndr, &r->server_name) > ndr_get_array_size(ndr, &r->server_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->server_name), ndr_get_array_length(ndr, &r->server_name)); + size_server_name_1 = ndr_get_array_size(ndr, &r->server_name); + length_server_name_1 = ndr_get_array_length(ndr, &r->server_name); + if (length_server_name_1 > size_server_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_name_1, length_server_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->server_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->server_name, ndr_get_array_length(ndr, &r->server_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->server_name, length_server_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_name_0, 0); } if (r->user_name) { @@ -5342,11 +5434,13 @@ static enum ndr_err_code ndr_pull_spoolss_SetJobInfo4(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->user_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->user_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->user_name)); - if (ndr_get_array_length(ndr, &r->user_name) > ndr_get_array_size(ndr, &r->user_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->user_name), ndr_get_array_length(ndr, &r->user_name)); + size_user_name_1 = ndr_get_array_size(ndr, &r->user_name); + length_user_name_1 = ndr_get_array_length(ndr, &r->user_name); + if (length_user_name_1 > size_user_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_user_name_1, length_user_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->user_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->user_name, ndr_get_array_length(ndr, &r->user_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_user_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->user_name, length_user_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_user_name_0, 0); } if (r->document_name) { @@ -5354,11 +5448,13 @@ static enum ndr_err_code ndr_pull_spoolss_SetJobInfo4(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->document_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->document_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->document_name)); - if (ndr_get_array_length(ndr, &r->document_name) > ndr_get_array_size(ndr, &r->document_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->document_name), ndr_get_array_length(ndr, &r->document_name)); + size_document_name_1 = ndr_get_array_size(ndr, &r->document_name); + length_document_name_1 = ndr_get_array_length(ndr, &r->document_name); + if (length_document_name_1 > size_document_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_document_name_1, length_document_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->document_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->document_name, ndr_get_array_length(ndr, &r->document_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_document_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->document_name, length_document_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_document_name_0, 0); } if (r->notify_name) { @@ -5366,11 +5462,13 @@ static enum ndr_err_code ndr_pull_spoolss_SetJobInfo4(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->notify_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->notify_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->notify_name)); - if (ndr_get_array_length(ndr, &r->notify_name) > ndr_get_array_size(ndr, &r->notify_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->notify_name), ndr_get_array_length(ndr, &r->notify_name)); + size_notify_name_1 = ndr_get_array_size(ndr, &r->notify_name); + length_notify_name_1 = ndr_get_array_length(ndr, &r->notify_name); + if (length_notify_name_1 > size_notify_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_notify_name_1, length_notify_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->notify_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->notify_name, ndr_get_array_length(ndr, &r->notify_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_notify_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->notify_name, length_notify_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_notify_name_0, 0); } if (r->data_type) { @@ -5378,11 +5476,13 @@ static enum ndr_err_code ndr_pull_spoolss_SetJobInfo4(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->data_type, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->data_type)); NDR_CHECK(ndr_pull_array_length(ndr, &r->data_type)); - if (ndr_get_array_length(ndr, &r->data_type) > ndr_get_array_size(ndr, &r->data_type)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->data_type), ndr_get_array_length(ndr, &r->data_type)); + size_data_type_1 = ndr_get_array_size(ndr, &r->data_type); + length_data_type_1 = ndr_get_array_length(ndr, &r->data_type); + if (length_data_type_1 > size_data_type_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_data_type_1, length_data_type_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->data_type), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->data_type, ndr_get_array_length(ndr, &r->data_type), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_data_type_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->data_type, length_data_type_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_data_type_0, 0); } if (r->print_processor) { @@ -5390,11 +5490,13 @@ static enum ndr_err_code ndr_pull_spoolss_SetJobInfo4(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->print_processor, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->print_processor)); NDR_CHECK(ndr_pull_array_length(ndr, &r->print_processor)); - if (ndr_get_array_length(ndr, &r->print_processor) > ndr_get_array_size(ndr, &r->print_processor)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->print_processor), ndr_get_array_length(ndr, &r->print_processor)); + size_print_processor_1 = ndr_get_array_size(ndr, &r->print_processor); + length_print_processor_1 = ndr_get_array_length(ndr, &r->print_processor); + if (length_print_processor_1 > size_print_processor_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_print_processor_1, length_print_processor_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->print_processor), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->print_processor, ndr_get_array_length(ndr, &r->print_processor), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_print_processor_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->print_processor, length_print_processor_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_print_processor_0, 0); } if (r->parameters) { @@ -5402,11 +5504,13 @@ static enum ndr_err_code ndr_pull_spoolss_SetJobInfo4(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->parameters, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->parameters)); NDR_CHECK(ndr_pull_array_length(ndr, &r->parameters)); - if (ndr_get_array_length(ndr, &r->parameters) > ndr_get_array_size(ndr, &r->parameters)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->parameters), ndr_get_array_length(ndr, &r->parameters)); + size_parameters_1 = ndr_get_array_size(ndr, &r->parameters); + length_parameters_1 = ndr_get_array_length(ndr, &r->parameters); + if (length_parameters_1 > size_parameters_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_parameters_1, length_parameters_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->parameters), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->parameters, ndr_get_array_length(ndr, &r->parameters), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_parameters_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->parameters, length_parameters_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_parameters_0, 0); } if (r->driver_name) { @@ -5414,11 +5518,13 @@ static enum ndr_err_code ndr_pull_spoolss_SetJobInfo4(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->driver_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->driver_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->driver_name)); - if (ndr_get_array_length(ndr, &r->driver_name) > ndr_get_array_size(ndr, &r->driver_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->driver_name), ndr_get_array_length(ndr, &r->driver_name)); + size_driver_name_1 = ndr_get_array_size(ndr, &r->driver_name); + length_driver_name_1 = ndr_get_array_length(ndr, &r->driver_name); + if (length_driver_name_1 > size_driver_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_driver_name_1, length_driver_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->driver_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->driver_name, ndr_get_array_length(ndr, &r->driver_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_driver_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->driver_name, length_driver_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_driver_name_0, 0); } if (r->text_status) { @@ -5426,11 +5532,13 @@ static enum ndr_err_code ndr_pull_spoolss_SetJobInfo4(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->text_status, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->text_status)); NDR_CHECK(ndr_pull_array_length(ndr, &r->text_status)); - if (ndr_get_array_length(ndr, &r->text_status) > ndr_get_array_size(ndr, &r->text_status)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->text_status), ndr_get_array_length(ndr, &r->text_status)); + size_text_status_1 = ndr_get_array_size(ndr, &r->text_status); + length_text_status_1 = ndr_get_array_length(ndr, &r->text_status); + if (length_text_status_1 > size_text_status_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_text_status_1, length_text_status_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->text_status), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->text_status, ndr_get_array_length(ndr, &r->text_status), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_text_status_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->text_status, length_text_status_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_text_status_0, 0); } } @@ -5585,9 +5693,13 @@ _PUBLIC_ enum ndr_err_code ndr_pull_spoolss_SetJobInfo(struct ndr_pull *ndr, int int level; uint32_t _level; TALLOC_CTX *_mem_save_info1_0; + uint32_t _ptr_info1; TALLOC_CTX *_mem_save_info2_0; + uint32_t _ptr_info2; TALLOC_CTX *_mem_save_info3_0; + uint32_t _ptr_info3; TALLOC_CTX *_mem_save_info4_0; + uint32_t _ptr_info4; level = ndr_pull_get_switch_value(ndr, r); if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &_level)); @@ -5596,7 +5708,6 @@ _PUBLIC_ enum ndr_err_code ndr_pull_spoolss_SetJobInfo(struct ndr_pull *ndr, int } switch (level) { case 1: { - uint32_t _ptr_info1; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info1)); if (_ptr_info1) { NDR_PULL_ALLOC(ndr, r->info1); @@ -5606,7 +5717,6 @@ _PUBLIC_ enum ndr_err_code ndr_pull_spoolss_SetJobInfo(struct ndr_pull *ndr, int break; } case 2: { - uint32_t _ptr_info2; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info2)); if (_ptr_info2) { NDR_PULL_ALLOC(ndr, r->info2); @@ -5616,7 +5726,6 @@ _PUBLIC_ enum ndr_err_code ndr_pull_spoolss_SetJobInfo(struct ndr_pull *ndr, int break; } case 3: { - uint32_t _ptr_info3; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info3)); if (_ptr_info3) { NDR_PULL_ALLOC(ndr, r->info3); @@ -5626,7 +5735,6 @@ _PUBLIC_ enum ndr_err_code ndr_pull_spoolss_SetJobInfo(struct ndr_pull *ndr, int break; } case 4: { - uint32_t _ptr_info4; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info4)); if (_ptr_info4) { NDR_PULL_ALLOC(ndr, r->info4); @@ -5886,8 +5994,12 @@ static enum ndr_err_code ndr_push_spoolss_SetPrinterInfo0(struct ndr_push *ndr, static enum ndr_err_code ndr_pull_spoolss_SetPrinterInfo0(struct ndr_pull *ndr, int ndr_flags, struct spoolss_SetPrinterInfo0 *r) { uint32_t _ptr_servername; + uint32_t size_servername_1 = 0; + uint32_t length_servername_1 = 0; TALLOC_CTX *_mem_save_servername_0; uint32_t _ptr_printername; + uint32_t size_printername_1 = 0; + uint32_t length_printername_1 = 0; TALLOC_CTX *_mem_save_printername_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); @@ -5937,11 +6049,13 @@ static enum ndr_err_code ndr_pull_spoolss_SetPrinterInfo0(struct ndr_pull *ndr, NDR_PULL_SET_MEM_CTX(ndr, r->servername, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->servername)); NDR_CHECK(ndr_pull_array_length(ndr, &r->servername)); - if (ndr_get_array_length(ndr, &r->servername) > ndr_get_array_size(ndr, &r->servername)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->servername), ndr_get_array_length(ndr, &r->servername)); + size_servername_1 = ndr_get_array_size(ndr, &r->servername); + length_servername_1 = ndr_get_array_length(ndr, &r->servername); + if (length_servername_1 > size_servername_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_servername_1, length_servername_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->servername), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->servername, ndr_get_array_length(ndr, &r->servername), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_servername_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->servername, length_servername_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_servername_0, 0); } if (r->printername) { @@ -5949,11 +6063,13 @@ static enum ndr_err_code ndr_pull_spoolss_SetPrinterInfo0(struct ndr_pull *ndr, NDR_PULL_SET_MEM_CTX(ndr, r->printername, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->printername)); NDR_CHECK(ndr_pull_array_length(ndr, &r->printername)); - if (ndr_get_array_length(ndr, &r->printername) > ndr_get_array_size(ndr, &r->printername)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->printername), ndr_get_array_length(ndr, &r->printername)); + size_printername_1 = ndr_get_array_size(ndr, &r->printername); + length_printername_1 = ndr_get_array_length(ndr, &r->printername); + if (length_printername_1 > size_printername_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_printername_1, length_printername_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->printername), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->printername, ndr_get_array_length(ndr, &r->printername), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_printername_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->printername, length_printername_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_printername_0, 0); } } @@ -6041,10 +6157,16 @@ static enum ndr_err_code ndr_push_spoolss_SetPrinterInfo1(struct ndr_push *ndr, static enum ndr_err_code ndr_pull_spoolss_SetPrinterInfo1(struct ndr_pull *ndr, int ndr_flags, struct spoolss_SetPrinterInfo1 *r) { uint32_t _ptr_description; + uint32_t size_description_1 = 0; + uint32_t length_description_1 = 0; TALLOC_CTX *_mem_save_description_0; uint32_t _ptr_name; + uint32_t size_name_1 = 0; + uint32_t length_name_1 = 0; TALLOC_CTX *_mem_save_name_0; uint32_t _ptr_comment; + uint32_t size_comment_1 = 0; + uint32_t length_comment_1 = 0; TALLOC_CTX *_mem_save_comment_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); @@ -6074,11 +6196,13 @@ static enum ndr_err_code ndr_pull_spoolss_SetPrinterInfo1(struct ndr_pull *ndr, NDR_PULL_SET_MEM_CTX(ndr, r->description, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->description)); NDR_CHECK(ndr_pull_array_length(ndr, &r->description)); - if (ndr_get_array_length(ndr, &r->description) > ndr_get_array_size(ndr, &r->description)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->description), ndr_get_array_length(ndr, &r->description)); + size_description_1 = ndr_get_array_size(ndr, &r->description); + length_description_1 = ndr_get_array_length(ndr, &r->description); + if (length_description_1 > size_description_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_description_1, length_description_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->description), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->description, ndr_get_array_length(ndr, &r->description), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_description_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->description, length_description_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_description_0, 0); } if (r->name) { @@ -6086,11 +6210,13 @@ static enum ndr_err_code ndr_pull_spoolss_SetPrinterInfo1(struct ndr_pull *ndr, NDR_PULL_SET_MEM_CTX(ndr, r->name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->name)); - if (ndr_get_array_length(ndr, &r->name) > ndr_get_array_size(ndr, &r->name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->name), ndr_get_array_length(ndr, &r->name)); + size_name_1 = ndr_get_array_size(ndr, &r->name); + length_name_1 = ndr_get_array_length(ndr, &r->name); + if (length_name_1 > size_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_name_1, length_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->name, ndr_get_array_length(ndr, &r->name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->name, length_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_name_0, 0); } if (r->comment) { @@ -6098,11 +6224,13 @@ static enum ndr_err_code ndr_pull_spoolss_SetPrinterInfo1(struct ndr_pull *ndr, NDR_PULL_SET_MEM_CTX(ndr, r->comment, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->comment)); NDR_CHECK(ndr_pull_array_length(ndr, &r->comment)); - if (ndr_get_array_length(ndr, &r->comment) > ndr_get_array_size(ndr, &r->comment)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->comment), ndr_get_array_length(ndr, &r->comment)); + size_comment_1 = ndr_get_array_size(ndr, &r->comment); + length_comment_1 = ndr_get_array_length(ndr, &r->comment); + if (length_comment_1 > size_comment_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_comment_1, length_comment_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->comment), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->comment, ndr_get_array_length(ndr, &r->comment), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_comment_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->comment, length_comment_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_comment_0, 0); } } @@ -6235,26 +6363,48 @@ static enum ndr_err_code ndr_push_spoolss_SetPrinterInfo2(struct ndr_push *ndr, static enum ndr_err_code ndr_pull_spoolss_SetPrinterInfo2(struct ndr_pull *ndr, int ndr_flags, struct spoolss_SetPrinterInfo2 *r) { uint32_t _ptr_servername; + uint32_t size_servername_1 = 0; + uint32_t length_servername_1 = 0; TALLOC_CTX *_mem_save_servername_0; uint32_t _ptr_printername; + uint32_t size_printername_1 = 0; + uint32_t length_printername_1 = 0; TALLOC_CTX *_mem_save_printername_0; uint32_t _ptr_sharename; + uint32_t size_sharename_1 = 0; + uint32_t length_sharename_1 = 0; TALLOC_CTX *_mem_save_sharename_0; uint32_t _ptr_portname; + uint32_t size_portname_1 = 0; + uint32_t length_portname_1 = 0; TALLOC_CTX *_mem_save_portname_0; uint32_t _ptr_drivername; + uint32_t size_drivername_1 = 0; + uint32_t length_drivername_1 = 0; TALLOC_CTX *_mem_save_drivername_0; uint32_t _ptr_comment; + uint32_t size_comment_1 = 0; + uint32_t length_comment_1 = 0; TALLOC_CTX *_mem_save_comment_0; uint32_t _ptr_location; + uint32_t size_location_1 = 0; + uint32_t length_location_1 = 0; TALLOC_CTX *_mem_save_location_0; uint32_t _ptr_sepfile; + uint32_t size_sepfile_1 = 0; + uint32_t length_sepfile_1 = 0; TALLOC_CTX *_mem_save_sepfile_0; uint32_t _ptr_printprocessor; + uint32_t size_printprocessor_1 = 0; + uint32_t length_printprocessor_1 = 0; TALLOC_CTX *_mem_save_printprocessor_0; uint32_t _ptr_datatype; + uint32_t size_datatype_1 = 0; + uint32_t length_datatype_1 = 0; TALLOC_CTX *_mem_save_datatype_0; uint32_t _ptr_parameters; + uint32_t size_parameters_1 = 0; + uint32_t length_parameters_1 = 0; TALLOC_CTX *_mem_save_parameters_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); @@ -6344,11 +6494,13 @@ static enum ndr_err_code ndr_pull_spoolss_SetPrinterInfo2(struct ndr_pull *ndr, NDR_PULL_SET_MEM_CTX(ndr, r->servername, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->servername)); NDR_CHECK(ndr_pull_array_length(ndr, &r->servername)); - if (ndr_get_array_length(ndr, &r->servername) > ndr_get_array_size(ndr, &r->servername)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->servername), ndr_get_array_length(ndr, &r->servername)); + size_servername_1 = ndr_get_array_size(ndr, &r->servername); + length_servername_1 = ndr_get_array_length(ndr, &r->servername); + if (length_servername_1 > size_servername_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_servername_1, length_servername_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->servername), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->servername, ndr_get_array_length(ndr, &r->servername), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_servername_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->servername, length_servername_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_servername_0, 0); } if (r->printername) { @@ -6356,11 +6508,13 @@ static enum ndr_err_code ndr_pull_spoolss_SetPrinterInfo2(struct ndr_pull *ndr, NDR_PULL_SET_MEM_CTX(ndr, r->printername, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->printername)); NDR_CHECK(ndr_pull_array_length(ndr, &r->printername)); - if (ndr_get_array_length(ndr, &r->printername) > ndr_get_array_size(ndr, &r->printername)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->printername), ndr_get_array_length(ndr, &r->printername)); + size_printername_1 = ndr_get_array_size(ndr, &r->printername); + length_printername_1 = ndr_get_array_length(ndr, &r->printername); + if (length_printername_1 > size_printername_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_printername_1, length_printername_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->printername), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->printername, ndr_get_array_length(ndr, &r->printername), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_printername_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->printername, length_printername_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_printername_0, 0); } if (r->sharename) { @@ -6368,11 +6522,13 @@ static enum ndr_err_code ndr_pull_spoolss_SetPrinterInfo2(struct ndr_pull *ndr, NDR_PULL_SET_MEM_CTX(ndr, r->sharename, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->sharename)); NDR_CHECK(ndr_pull_array_length(ndr, &r->sharename)); - if (ndr_get_array_length(ndr, &r->sharename) > ndr_get_array_size(ndr, &r->sharename)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->sharename), ndr_get_array_length(ndr, &r->sharename)); + size_sharename_1 = ndr_get_array_size(ndr, &r->sharename); + length_sharename_1 = ndr_get_array_length(ndr, &r->sharename); + if (length_sharename_1 > size_sharename_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_sharename_1, length_sharename_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->sharename), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->sharename, ndr_get_array_length(ndr, &r->sharename), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_sharename_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->sharename, length_sharename_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_sharename_0, 0); } if (r->portname) { @@ -6380,11 +6536,13 @@ static enum ndr_err_code ndr_pull_spoolss_SetPrinterInfo2(struct ndr_pull *ndr, NDR_PULL_SET_MEM_CTX(ndr, r->portname, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->portname)); NDR_CHECK(ndr_pull_array_length(ndr, &r->portname)); - if (ndr_get_array_length(ndr, &r->portname) > ndr_get_array_size(ndr, &r->portname)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->portname), ndr_get_array_length(ndr, &r->portname)); + size_portname_1 = ndr_get_array_size(ndr, &r->portname); + length_portname_1 = ndr_get_array_length(ndr, &r->portname); + if (length_portname_1 > size_portname_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_portname_1, length_portname_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->portname), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->portname, ndr_get_array_length(ndr, &r->portname), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_portname_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->portname, length_portname_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_portname_0, 0); } if (r->drivername) { @@ -6392,11 +6550,13 @@ static enum ndr_err_code ndr_pull_spoolss_SetPrinterInfo2(struct ndr_pull *ndr, NDR_PULL_SET_MEM_CTX(ndr, r->drivername, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->drivername)); NDR_CHECK(ndr_pull_array_length(ndr, &r->drivername)); - if (ndr_get_array_length(ndr, &r->drivername) > ndr_get_array_size(ndr, &r->drivername)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->drivername), ndr_get_array_length(ndr, &r->drivername)); + size_drivername_1 = ndr_get_array_size(ndr, &r->drivername); + length_drivername_1 = ndr_get_array_length(ndr, &r->drivername); + if (length_drivername_1 > size_drivername_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_drivername_1, length_drivername_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->drivername), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->drivername, ndr_get_array_length(ndr, &r->drivername), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_drivername_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->drivername, length_drivername_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_drivername_0, 0); } if (r->comment) { @@ -6404,11 +6564,13 @@ static enum ndr_err_code ndr_pull_spoolss_SetPrinterInfo2(struct ndr_pull *ndr, NDR_PULL_SET_MEM_CTX(ndr, r->comment, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->comment)); NDR_CHECK(ndr_pull_array_length(ndr, &r->comment)); - if (ndr_get_array_length(ndr, &r->comment) > ndr_get_array_size(ndr, &r->comment)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->comment), ndr_get_array_length(ndr, &r->comment)); + size_comment_1 = ndr_get_array_size(ndr, &r->comment); + length_comment_1 = ndr_get_array_length(ndr, &r->comment); + if (length_comment_1 > size_comment_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_comment_1, length_comment_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->comment), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->comment, ndr_get_array_length(ndr, &r->comment), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_comment_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->comment, length_comment_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_comment_0, 0); } if (r->location) { @@ -6416,11 +6578,13 @@ static enum ndr_err_code ndr_pull_spoolss_SetPrinterInfo2(struct ndr_pull *ndr, NDR_PULL_SET_MEM_CTX(ndr, r->location, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->location)); NDR_CHECK(ndr_pull_array_length(ndr, &r->location)); - if (ndr_get_array_length(ndr, &r->location) > ndr_get_array_size(ndr, &r->location)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->location), ndr_get_array_length(ndr, &r->location)); + size_location_1 = ndr_get_array_size(ndr, &r->location); + length_location_1 = ndr_get_array_length(ndr, &r->location); + if (length_location_1 > size_location_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_location_1, length_location_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->location), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->location, ndr_get_array_length(ndr, &r->location), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_location_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->location, length_location_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_location_0, 0); } if (r->sepfile) { @@ -6428,11 +6592,13 @@ static enum ndr_err_code ndr_pull_spoolss_SetPrinterInfo2(struct ndr_pull *ndr, NDR_PULL_SET_MEM_CTX(ndr, r->sepfile, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->sepfile)); NDR_CHECK(ndr_pull_array_length(ndr, &r->sepfile)); - if (ndr_get_array_length(ndr, &r->sepfile) > ndr_get_array_size(ndr, &r->sepfile)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->sepfile), ndr_get_array_length(ndr, &r->sepfile)); + size_sepfile_1 = ndr_get_array_size(ndr, &r->sepfile); + length_sepfile_1 = ndr_get_array_length(ndr, &r->sepfile); + if (length_sepfile_1 > size_sepfile_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_sepfile_1, length_sepfile_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->sepfile), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->sepfile, ndr_get_array_length(ndr, &r->sepfile), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_sepfile_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->sepfile, length_sepfile_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_sepfile_0, 0); } if (r->printprocessor) { @@ -6440,11 +6606,13 @@ static enum ndr_err_code ndr_pull_spoolss_SetPrinterInfo2(struct ndr_pull *ndr, NDR_PULL_SET_MEM_CTX(ndr, r->printprocessor, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->printprocessor)); NDR_CHECK(ndr_pull_array_length(ndr, &r->printprocessor)); - if (ndr_get_array_length(ndr, &r->printprocessor) > ndr_get_array_size(ndr, &r->printprocessor)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->printprocessor), ndr_get_array_length(ndr, &r->printprocessor)); + size_printprocessor_1 = ndr_get_array_size(ndr, &r->printprocessor); + length_printprocessor_1 = ndr_get_array_length(ndr, &r->printprocessor); + if (length_printprocessor_1 > size_printprocessor_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_printprocessor_1, length_printprocessor_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->printprocessor), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->printprocessor, ndr_get_array_length(ndr, &r->printprocessor), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_printprocessor_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->printprocessor, length_printprocessor_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_printprocessor_0, 0); } if (r->datatype) { @@ -6452,11 +6620,13 @@ static enum ndr_err_code ndr_pull_spoolss_SetPrinterInfo2(struct ndr_pull *ndr, NDR_PULL_SET_MEM_CTX(ndr, r->datatype, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->datatype)); NDR_CHECK(ndr_pull_array_length(ndr, &r->datatype)); - if (ndr_get_array_length(ndr, &r->datatype) > ndr_get_array_size(ndr, &r->datatype)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->datatype), ndr_get_array_length(ndr, &r->datatype)); + size_datatype_1 = ndr_get_array_size(ndr, &r->datatype); + length_datatype_1 = ndr_get_array_length(ndr, &r->datatype); + if (length_datatype_1 > size_datatype_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_datatype_1, length_datatype_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->datatype), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->datatype, ndr_get_array_length(ndr, &r->datatype), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_datatype_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->datatype, length_datatype_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_datatype_0, 0); } if (r->parameters) { @@ -6464,11 +6634,13 @@ static enum ndr_err_code ndr_pull_spoolss_SetPrinterInfo2(struct ndr_pull *ndr, NDR_PULL_SET_MEM_CTX(ndr, r->parameters, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->parameters)); NDR_CHECK(ndr_pull_array_length(ndr, &r->parameters)); - if (ndr_get_array_length(ndr, &r->parameters) > ndr_get_array_size(ndr, &r->parameters)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->parameters), ndr_get_array_length(ndr, &r->parameters)); + size_parameters_1 = ndr_get_array_size(ndr, &r->parameters); + length_parameters_1 = ndr_get_array_length(ndr, &r->parameters); + if (length_parameters_1 > size_parameters_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_parameters_1, length_parameters_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->parameters), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->parameters, ndr_get_array_length(ndr, &r->parameters), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_parameters_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->parameters, length_parameters_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_parameters_0, 0); } } @@ -6616,8 +6788,12 @@ static enum ndr_err_code ndr_push_spoolss_SetPrinterInfo4(struct ndr_push *ndr, static enum ndr_err_code ndr_pull_spoolss_SetPrinterInfo4(struct ndr_pull *ndr, int ndr_flags, struct spoolss_SetPrinterInfo4 *r) { uint32_t _ptr_printername; + uint32_t size_printername_1 = 0; + uint32_t length_printername_1 = 0; TALLOC_CTX *_mem_save_printername_0; uint32_t _ptr_servername; + uint32_t size_servername_1 = 0; + uint32_t length_servername_1 = 0; TALLOC_CTX *_mem_save_servername_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); @@ -6641,11 +6817,13 @@ static enum ndr_err_code ndr_pull_spoolss_SetPrinterInfo4(struct ndr_pull *ndr, NDR_PULL_SET_MEM_CTX(ndr, r->printername, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->printername)); NDR_CHECK(ndr_pull_array_length(ndr, &r->printername)); - if (ndr_get_array_length(ndr, &r->printername) > ndr_get_array_size(ndr, &r->printername)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->printername), ndr_get_array_length(ndr, &r->printername)); + size_printername_1 = ndr_get_array_size(ndr, &r->printername); + length_printername_1 = ndr_get_array_length(ndr, &r->printername); + if (length_printername_1 > size_printername_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_printername_1, length_printername_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->printername), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->printername, ndr_get_array_length(ndr, &r->printername), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_printername_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->printername, length_printername_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_printername_0, 0); } if (r->servername) { @@ -6653,11 +6831,13 @@ static enum ndr_err_code ndr_pull_spoolss_SetPrinterInfo4(struct ndr_pull *ndr, NDR_PULL_SET_MEM_CTX(ndr, r->servername, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->servername)); NDR_CHECK(ndr_pull_array_length(ndr, &r->servername)); - if (ndr_get_array_length(ndr, &r->servername) > ndr_get_array_size(ndr, &r->servername)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->servername), ndr_get_array_length(ndr, &r->servername)); + size_servername_1 = ndr_get_array_size(ndr, &r->servername); + length_servername_1 = ndr_get_array_length(ndr, &r->servername); + if (length_servername_1 > size_servername_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_servername_1, length_servername_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->servername), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->servername, ndr_get_array_length(ndr, &r->servername), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_servername_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->servername, length_servername_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_servername_0, 0); } } @@ -6714,8 +6894,12 @@ static enum ndr_err_code ndr_push_spoolss_SetPrinterInfo5(struct ndr_push *ndr, static enum ndr_err_code ndr_pull_spoolss_SetPrinterInfo5(struct ndr_pull *ndr, int ndr_flags, struct spoolss_SetPrinterInfo5 *r) { uint32_t _ptr_printername; + uint32_t size_printername_1 = 0; + uint32_t length_printername_1 = 0; TALLOC_CTX *_mem_save_printername_0; uint32_t _ptr_portname; + uint32_t size_portname_1 = 0; + uint32_t length_portname_1 = 0; TALLOC_CTX *_mem_save_portname_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); @@ -6741,11 +6925,13 @@ static enum ndr_err_code ndr_pull_spoolss_SetPrinterInfo5(struct ndr_pull *ndr, NDR_PULL_SET_MEM_CTX(ndr, r->printername, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->printername)); NDR_CHECK(ndr_pull_array_length(ndr, &r->printername)); - if (ndr_get_array_length(ndr, &r->printername) > ndr_get_array_size(ndr, &r->printername)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->printername), ndr_get_array_length(ndr, &r->printername)); + size_printername_1 = ndr_get_array_size(ndr, &r->printername); + length_printername_1 = ndr_get_array_length(ndr, &r->printername); + if (length_printername_1 > size_printername_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_printername_1, length_printername_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->printername), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->printername, ndr_get_array_length(ndr, &r->printername), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_printername_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->printername, length_printername_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_printername_0, 0); } if (r->portname) { @@ -6753,11 +6939,13 @@ static enum ndr_err_code ndr_pull_spoolss_SetPrinterInfo5(struct ndr_pull *ndr, NDR_PULL_SET_MEM_CTX(ndr, r->portname, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->portname)); NDR_CHECK(ndr_pull_array_length(ndr, &r->portname)); - if (ndr_get_array_length(ndr, &r->portname) > ndr_get_array_size(ndr, &r->portname)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->portname), ndr_get_array_length(ndr, &r->portname)); + size_portname_1 = ndr_get_array_size(ndr, &r->portname); + length_portname_1 = ndr_get_array_length(ndr, &r->portname); + if (length_portname_1 > size_portname_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_portname_1, length_portname_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->portname), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->portname, ndr_get_array_length(ndr, &r->portname), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_portname_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->portname, length_portname_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_portname_0, 0); } } @@ -6837,6 +7025,8 @@ static enum ndr_err_code ndr_push_spoolss_SetPrinterInfo7(struct ndr_push *ndr, static enum ndr_err_code ndr_pull_spoolss_SetPrinterInfo7(struct ndr_pull *ndr, int ndr_flags, struct spoolss_SetPrinterInfo7 *r) { uint32_t _ptr_guid; + uint32_t size_guid_1 = 0; + uint32_t length_guid_1 = 0; TALLOC_CTX *_mem_save_guid_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); @@ -6854,11 +7044,13 @@ static enum ndr_err_code ndr_pull_spoolss_SetPrinterInfo7(struct ndr_pull *ndr, NDR_PULL_SET_MEM_CTX(ndr, r->guid, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->guid)); NDR_CHECK(ndr_pull_array_length(ndr, &r->guid)); - if (ndr_get_array_length(ndr, &r->guid) > ndr_get_array_size(ndr, &r->guid)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->guid), ndr_get_array_length(ndr, &r->guid)); + size_guid_1 = ndr_get_array_size(ndr, &r->guid); + length_guid_1 = ndr_get_array_length(ndr, &r->guid); + if (length_guid_1 > size_guid_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_guid_1, length_guid_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->guid), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->guid, ndr_get_array_length(ndr, &r->guid), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_guid_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->guid, length_guid_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_guid_0, 0); } } @@ -7066,15 +7258,25 @@ static enum ndr_err_code ndr_pull_spoolss_SetPrinterInfo(struct ndr_pull *ndr, i int level; uint32_t _level; TALLOC_CTX *_mem_save_info0_0; + uint32_t _ptr_info0; TALLOC_CTX *_mem_save_info1_0; + uint32_t _ptr_info1; TALLOC_CTX *_mem_save_info2_0; + uint32_t _ptr_info2; TALLOC_CTX *_mem_save_info3_0; + uint32_t _ptr_info3; TALLOC_CTX *_mem_save_info4_0; + uint32_t _ptr_info4; TALLOC_CTX *_mem_save_info5_0; + uint32_t _ptr_info5; TALLOC_CTX *_mem_save_info6_0; + uint32_t _ptr_info6; TALLOC_CTX *_mem_save_info7_0; + uint32_t _ptr_info7; TALLOC_CTX *_mem_save_info8_0; + uint32_t _ptr_info8; TALLOC_CTX *_mem_save_info9_0; + uint32_t _ptr_info9; level = ndr_pull_get_switch_value(ndr, r); if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &_level)); @@ -7083,7 +7285,6 @@ static enum ndr_err_code ndr_pull_spoolss_SetPrinterInfo(struct ndr_pull *ndr, i } switch (level) { case 0: { - uint32_t _ptr_info0; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info0)); if (_ptr_info0) { NDR_PULL_ALLOC(ndr, r->info0); @@ -7093,7 +7294,6 @@ static enum ndr_err_code ndr_pull_spoolss_SetPrinterInfo(struct ndr_pull *ndr, i break; } case 1: { - uint32_t _ptr_info1; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info1)); if (_ptr_info1) { NDR_PULL_ALLOC(ndr, r->info1); @@ -7103,7 +7303,6 @@ static enum ndr_err_code ndr_pull_spoolss_SetPrinterInfo(struct ndr_pull *ndr, i break; } case 2: { - uint32_t _ptr_info2; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info2)); if (_ptr_info2) { NDR_PULL_ALLOC(ndr, r->info2); @@ -7113,7 +7312,6 @@ static enum ndr_err_code ndr_pull_spoolss_SetPrinterInfo(struct ndr_pull *ndr, i break; } case 3: { - uint32_t _ptr_info3; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info3)); if (_ptr_info3) { NDR_PULL_ALLOC(ndr, r->info3); @@ -7123,7 +7321,6 @@ static enum ndr_err_code ndr_pull_spoolss_SetPrinterInfo(struct ndr_pull *ndr, i break; } case 4: { - uint32_t _ptr_info4; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info4)); if (_ptr_info4) { NDR_PULL_ALLOC(ndr, r->info4); @@ -7133,7 +7330,6 @@ static enum ndr_err_code ndr_pull_spoolss_SetPrinterInfo(struct ndr_pull *ndr, i break; } case 5: { - uint32_t _ptr_info5; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info5)); if (_ptr_info5) { NDR_PULL_ALLOC(ndr, r->info5); @@ -7143,7 +7339,6 @@ static enum ndr_err_code ndr_pull_spoolss_SetPrinterInfo(struct ndr_pull *ndr, i break; } case 6: { - uint32_t _ptr_info6; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info6)); if (_ptr_info6) { NDR_PULL_ALLOC(ndr, r->info6); @@ -7153,7 +7348,6 @@ static enum ndr_err_code ndr_pull_spoolss_SetPrinterInfo(struct ndr_pull *ndr, i break; } case 7: { - uint32_t _ptr_info7; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info7)); if (_ptr_info7) { NDR_PULL_ALLOC(ndr, r->info7); @@ -7163,7 +7357,6 @@ static enum ndr_err_code ndr_pull_spoolss_SetPrinterInfo(struct ndr_pull *ndr, i break; } case 8: { - uint32_t _ptr_info8; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info8)); if (_ptr_info8) { NDR_PULL_ALLOC(ndr, r->info8); @@ -7173,7 +7366,6 @@ static enum ndr_err_code ndr_pull_spoolss_SetPrinterInfo(struct ndr_pull *ndr, i break; } case 9: { - uint32_t _ptr_info9; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info9)); if (_ptr_info9) { NDR_PULL_ALLOC(ndr, r->info9); @@ -7490,6 +7682,8 @@ static enum ndr_err_code ndr_push_spoolss_AddDriverInfo1(struct ndr_push *ndr, i static enum ndr_err_code ndr_pull_spoolss_AddDriverInfo1(struct ndr_pull *ndr, int ndr_flags, struct spoolss_AddDriverInfo1 *r) { uint32_t _ptr_driver_name; + uint32_t size_driver_name_1 = 0; + uint32_t length_driver_name_1 = 0; TALLOC_CTX *_mem_save_driver_name_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); @@ -7506,11 +7700,13 @@ static enum ndr_err_code ndr_pull_spoolss_AddDriverInfo1(struct ndr_pull *ndr, i NDR_PULL_SET_MEM_CTX(ndr, r->driver_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->driver_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->driver_name)); - if (ndr_get_array_length(ndr, &r->driver_name) > ndr_get_array_size(ndr, &r->driver_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->driver_name), ndr_get_array_length(ndr, &r->driver_name)); + size_driver_name_1 = ndr_get_array_size(ndr, &r->driver_name); + length_driver_name_1 = ndr_get_array_length(ndr, &r->driver_name); + if (length_driver_name_1 > size_driver_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_driver_name_1, length_driver_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->driver_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->driver_name, ndr_get_array_length(ndr, &r->driver_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_driver_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->driver_name, length_driver_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_driver_name_0, 0); } } @@ -7606,14 +7802,24 @@ static enum ndr_err_code ndr_push_spoolss_AddDriverInfo2(struct ndr_push *ndr, i static enum ndr_err_code ndr_pull_spoolss_AddDriverInfo2(struct ndr_pull *ndr, int ndr_flags, struct spoolss_AddDriverInfo2 *r) { uint32_t _ptr_driver_name; + uint32_t size_driver_name_1 = 0; + uint32_t length_driver_name_1 = 0; TALLOC_CTX *_mem_save_driver_name_0; uint32_t _ptr_architecture; + uint32_t size_architecture_1 = 0; + uint32_t length_architecture_1 = 0; TALLOC_CTX *_mem_save_architecture_0; uint32_t _ptr_driver_path; + uint32_t size_driver_path_1 = 0; + uint32_t length_driver_path_1 = 0; TALLOC_CTX *_mem_save_driver_path_0; uint32_t _ptr_data_file; + uint32_t size_data_file_1 = 0; + uint32_t length_data_file_1 = 0; TALLOC_CTX *_mem_save_data_file_0; uint32_t _ptr_config_file; + uint32_t size_config_file_1 = 0; + uint32_t length_config_file_1 = 0; TALLOC_CTX *_mem_save_config_file_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); @@ -7655,11 +7861,13 @@ static enum ndr_err_code ndr_pull_spoolss_AddDriverInfo2(struct ndr_pull *ndr, i NDR_PULL_SET_MEM_CTX(ndr, r->driver_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->driver_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->driver_name)); - if (ndr_get_array_length(ndr, &r->driver_name) > ndr_get_array_size(ndr, &r->driver_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->driver_name), ndr_get_array_length(ndr, &r->driver_name)); + size_driver_name_1 = ndr_get_array_size(ndr, &r->driver_name); + length_driver_name_1 = ndr_get_array_length(ndr, &r->driver_name); + if (length_driver_name_1 > size_driver_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_driver_name_1, length_driver_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->driver_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->driver_name, ndr_get_array_length(ndr, &r->driver_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_driver_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->driver_name, length_driver_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_driver_name_0, 0); } if (r->architecture) { @@ -7667,11 +7875,13 @@ static enum ndr_err_code ndr_pull_spoolss_AddDriverInfo2(struct ndr_pull *ndr, i NDR_PULL_SET_MEM_CTX(ndr, r->architecture, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->architecture)); NDR_CHECK(ndr_pull_array_length(ndr, &r->architecture)); - if (ndr_get_array_length(ndr, &r->architecture) > ndr_get_array_size(ndr, &r->architecture)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->architecture), ndr_get_array_length(ndr, &r->architecture)); + size_architecture_1 = ndr_get_array_size(ndr, &r->architecture); + length_architecture_1 = ndr_get_array_length(ndr, &r->architecture); + if (length_architecture_1 > size_architecture_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_architecture_1, length_architecture_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->architecture), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->architecture, ndr_get_array_length(ndr, &r->architecture), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_architecture_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->architecture, length_architecture_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_architecture_0, 0); } if (r->driver_path) { @@ -7679,11 +7889,13 @@ static enum ndr_err_code ndr_pull_spoolss_AddDriverInfo2(struct ndr_pull *ndr, i NDR_PULL_SET_MEM_CTX(ndr, r->driver_path, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->driver_path)); NDR_CHECK(ndr_pull_array_length(ndr, &r->driver_path)); - if (ndr_get_array_length(ndr, &r->driver_path) > ndr_get_array_size(ndr, &r->driver_path)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->driver_path), ndr_get_array_length(ndr, &r->driver_path)); + size_driver_path_1 = ndr_get_array_size(ndr, &r->driver_path); + length_driver_path_1 = ndr_get_array_length(ndr, &r->driver_path); + if (length_driver_path_1 > size_driver_path_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_driver_path_1, length_driver_path_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->driver_path), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->driver_path, ndr_get_array_length(ndr, &r->driver_path), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_driver_path_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->driver_path, length_driver_path_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_driver_path_0, 0); } if (r->data_file) { @@ -7691,11 +7903,13 @@ static enum ndr_err_code ndr_pull_spoolss_AddDriverInfo2(struct ndr_pull *ndr, i NDR_PULL_SET_MEM_CTX(ndr, r->data_file, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->data_file)); NDR_CHECK(ndr_pull_array_length(ndr, &r->data_file)); - if (ndr_get_array_length(ndr, &r->data_file) > ndr_get_array_size(ndr, &r->data_file)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->data_file), ndr_get_array_length(ndr, &r->data_file)); + size_data_file_1 = ndr_get_array_size(ndr, &r->data_file); + length_data_file_1 = ndr_get_array_length(ndr, &r->data_file); + if (length_data_file_1 > size_data_file_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_data_file_1, length_data_file_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->data_file), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->data_file, ndr_get_array_length(ndr, &r->data_file), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_data_file_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->data_file, length_data_file_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_data_file_0, 0); } if (r->config_file) { @@ -7703,11 +7917,13 @@ static enum ndr_err_code ndr_pull_spoolss_AddDriverInfo2(struct ndr_pull *ndr, i NDR_PULL_SET_MEM_CTX(ndr, r->config_file, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->config_file)); NDR_CHECK(ndr_pull_array_length(ndr, &r->config_file)); - if (ndr_get_array_length(ndr, &r->config_file) > ndr_get_array_size(ndr, &r->config_file)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->config_file), ndr_get_array_length(ndr, &r->config_file)); + size_config_file_1 = ndr_get_array_size(ndr, &r->config_file); + length_config_file_1 = ndr_get_array_length(ndr, &r->config_file); + if (length_config_file_1 > size_config_file_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_config_file_1, length_config_file_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->config_file), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->config_file, ndr_get_array_length(ndr, &r->config_file), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_config_file_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->config_file, length_config_file_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_config_file_0, 0); } } @@ -7827,20 +8043,36 @@ static enum ndr_err_code ndr_push_spoolss_AddDriverInfo3(struct ndr_push *ndr, i static enum ndr_err_code ndr_pull_spoolss_AddDriverInfo3(struct ndr_pull *ndr, int ndr_flags, struct spoolss_AddDriverInfo3 *r) { uint32_t _ptr_driver_name; + uint32_t size_driver_name_1 = 0; + uint32_t length_driver_name_1 = 0; TALLOC_CTX *_mem_save_driver_name_0; uint32_t _ptr_architecture; + uint32_t size_architecture_1 = 0; + uint32_t length_architecture_1 = 0; TALLOC_CTX *_mem_save_architecture_0; uint32_t _ptr_driver_path; + uint32_t size_driver_path_1 = 0; + uint32_t length_driver_path_1 = 0; TALLOC_CTX *_mem_save_driver_path_0; uint32_t _ptr_data_file; + uint32_t size_data_file_1 = 0; + uint32_t length_data_file_1 = 0; TALLOC_CTX *_mem_save_data_file_0; uint32_t _ptr_config_file; + uint32_t size_config_file_1 = 0; + uint32_t length_config_file_1 = 0; TALLOC_CTX *_mem_save_config_file_0; uint32_t _ptr_help_file; + uint32_t size_help_file_1 = 0; + uint32_t length_help_file_1 = 0; TALLOC_CTX *_mem_save_help_file_0; uint32_t _ptr_monitor_name; + uint32_t size_monitor_name_1 = 0; + uint32_t length_monitor_name_1 = 0; TALLOC_CTX *_mem_save_monitor_name_0; uint32_t _ptr_default_datatype; + uint32_t size_default_datatype_1 = 0; + uint32_t length_default_datatype_1 = 0; TALLOC_CTX *_mem_save_default_datatype_0; uint32_t _ptr_dependent_files; TALLOC_CTX *_mem_save_dependent_files_0; @@ -7909,11 +8141,13 @@ static enum ndr_err_code ndr_pull_spoolss_AddDriverInfo3(struct ndr_pull *ndr, i NDR_PULL_SET_MEM_CTX(ndr, r->driver_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->driver_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->driver_name)); - if (ndr_get_array_length(ndr, &r->driver_name) > ndr_get_array_size(ndr, &r->driver_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->driver_name), ndr_get_array_length(ndr, &r->driver_name)); + size_driver_name_1 = ndr_get_array_size(ndr, &r->driver_name); + length_driver_name_1 = ndr_get_array_length(ndr, &r->driver_name); + if (length_driver_name_1 > size_driver_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_driver_name_1, length_driver_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->driver_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->driver_name, ndr_get_array_length(ndr, &r->driver_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_driver_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->driver_name, length_driver_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_driver_name_0, 0); } if (r->architecture) { @@ -7921,11 +8155,13 @@ static enum ndr_err_code ndr_pull_spoolss_AddDriverInfo3(struct ndr_pull *ndr, i NDR_PULL_SET_MEM_CTX(ndr, r->architecture, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->architecture)); NDR_CHECK(ndr_pull_array_length(ndr, &r->architecture)); - if (ndr_get_array_length(ndr, &r->architecture) > ndr_get_array_size(ndr, &r->architecture)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->architecture), ndr_get_array_length(ndr, &r->architecture)); + size_architecture_1 = ndr_get_array_size(ndr, &r->architecture); + length_architecture_1 = ndr_get_array_length(ndr, &r->architecture); + if (length_architecture_1 > size_architecture_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_architecture_1, length_architecture_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->architecture), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->architecture, ndr_get_array_length(ndr, &r->architecture), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_architecture_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->architecture, length_architecture_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_architecture_0, 0); } if (r->driver_path) { @@ -7933,11 +8169,13 @@ static enum ndr_err_code ndr_pull_spoolss_AddDriverInfo3(struct ndr_pull *ndr, i NDR_PULL_SET_MEM_CTX(ndr, r->driver_path, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->driver_path)); NDR_CHECK(ndr_pull_array_length(ndr, &r->driver_path)); - if (ndr_get_array_length(ndr, &r->driver_path) > ndr_get_array_size(ndr, &r->driver_path)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->driver_path), ndr_get_array_length(ndr, &r->driver_path)); + size_driver_path_1 = ndr_get_array_size(ndr, &r->driver_path); + length_driver_path_1 = ndr_get_array_length(ndr, &r->driver_path); + if (length_driver_path_1 > size_driver_path_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_driver_path_1, length_driver_path_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->driver_path), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->driver_path, ndr_get_array_length(ndr, &r->driver_path), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_driver_path_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->driver_path, length_driver_path_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_driver_path_0, 0); } if (r->data_file) { @@ -7945,11 +8183,13 @@ static enum ndr_err_code ndr_pull_spoolss_AddDriverInfo3(struct ndr_pull *ndr, i NDR_PULL_SET_MEM_CTX(ndr, r->data_file, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->data_file)); NDR_CHECK(ndr_pull_array_length(ndr, &r->data_file)); - if (ndr_get_array_length(ndr, &r->data_file) > ndr_get_array_size(ndr, &r->data_file)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->data_file), ndr_get_array_length(ndr, &r->data_file)); + size_data_file_1 = ndr_get_array_size(ndr, &r->data_file); + length_data_file_1 = ndr_get_array_length(ndr, &r->data_file); + if (length_data_file_1 > size_data_file_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_data_file_1, length_data_file_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->data_file), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->data_file, ndr_get_array_length(ndr, &r->data_file), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_data_file_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->data_file, length_data_file_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_data_file_0, 0); } if (r->config_file) { @@ -7957,11 +8197,13 @@ static enum ndr_err_code ndr_pull_spoolss_AddDriverInfo3(struct ndr_pull *ndr, i NDR_PULL_SET_MEM_CTX(ndr, r->config_file, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->config_file)); NDR_CHECK(ndr_pull_array_length(ndr, &r->config_file)); - if (ndr_get_array_length(ndr, &r->config_file) > ndr_get_array_size(ndr, &r->config_file)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->config_file), ndr_get_array_length(ndr, &r->config_file)); + size_config_file_1 = ndr_get_array_size(ndr, &r->config_file); + length_config_file_1 = ndr_get_array_length(ndr, &r->config_file); + if (length_config_file_1 > size_config_file_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_config_file_1, length_config_file_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->config_file), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->config_file, ndr_get_array_length(ndr, &r->config_file), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_config_file_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->config_file, length_config_file_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_config_file_0, 0); } if (r->help_file) { @@ -7969,11 +8211,13 @@ static enum ndr_err_code ndr_pull_spoolss_AddDriverInfo3(struct ndr_pull *ndr, i NDR_PULL_SET_MEM_CTX(ndr, r->help_file, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->help_file)); NDR_CHECK(ndr_pull_array_length(ndr, &r->help_file)); - if (ndr_get_array_length(ndr, &r->help_file) > ndr_get_array_size(ndr, &r->help_file)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->help_file), ndr_get_array_length(ndr, &r->help_file)); + size_help_file_1 = ndr_get_array_size(ndr, &r->help_file); + length_help_file_1 = ndr_get_array_length(ndr, &r->help_file); + if (length_help_file_1 > size_help_file_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_help_file_1, length_help_file_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->help_file), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->help_file, ndr_get_array_length(ndr, &r->help_file), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_help_file_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->help_file, length_help_file_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_help_file_0, 0); } if (r->monitor_name) { @@ -7981,11 +8225,13 @@ static enum ndr_err_code ndr_pull_spoolss_AddDriverInfo3(struct ndr_pull *ndr, i NDR_PULL_SET_MEM_CTX(ndr, r->monitor_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->monitor_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->monitor_name)); - if (ndr_get_array_length(ndr, &r->monitor_name) > ndr_get_array_size(ndr, &r->monitor_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->monitor_name), ndr_get_array_length(ndr, &r->monitor_name)); + size_monitor_name_1 = ndr_get_array_size(ndr, &r->monitor_name); + length_monitor_name_1 = ndr_get_array_length(ndr, &r->monitor_name); + if (length_monitor_name_1 > size_monitor_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_monitor_name_1, length_monitor_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->monitor_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->monitor_name, ndr_get_array_length(ndr, &r->monitor_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_monitor_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->monitor_name, length_monitor_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_monitor_name_0, 0); } if (r->default_datatype) { @@ -7993,11 +8239,13 @@ static enum ndr_err_code ndr_pull_spoolss_AddDriverInfo3(struct ndr_pull *ndr, i NDR_PULL_SET_MEM_CTX(ndr, r->default_datatype, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->default_datatype)); NDR_CHECK(ndr_pull_array_length(ndr, &r->default_datatype)); - if (ndr_get_array_length(ndr, &r->default_datatype) > ndr_get_array_size(ndr, &r->default_datatype)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->default_datatype), ndr_get_array_length(ndr, &r->default_datatype)); + size_default_datatype_1 = ndr_get_array_size(ndr, &r->default_datatype); + length_default_datatype_1 = ndr_get_array_length(ndr, &r->default_datatype); + if (length_default_datatype_1 > size_default_datatype_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_default_datatype_1, length_default_datatype_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->default_datatype), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->default_datatype, ndr_get_array_length(ndr, &r->default_datatype), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_default_datatype_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->default_datatype, length_default_datatype_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_default_datatype_0, 0); } if (r->dependent_files) { @@ -8153,20 +8401,36 @@ static enum ndr_err_code ndr_push_spoolss_AddDriverInfo4(struct ndr_push *ndr, i static enum ndr_err_code ndr_pull_spoolss_AddDriverInfo4(struct ndr_pull *ndr, int ndr_flags, struct spoolss_AddDriverInfo4 *r) { uint32_t _ptr_driver_name; + uint32_t size_driver_name_1 = 0; + uint32_t length_driver_name_1 = 0; TALLOC_CTX *_mem_save_driver_name_0; uint32_t _ptr_architecture; + uint32_t size_architecture_1 = 0; + uint32_t length_architecture_1 = 0; TALLOC_CTX *_mem_save_architecture_0; uint32_t _ptr_driver_path; + uint32_t size_driver_path_1 = 0; + uint32_t length_driver_path_1 = 0; TALLOC_CTX *_mem_save_driver_path_0; uint32_t _ptr_data_file; + uint32_t size_data_file_1 = 0; + uint32_t length_data_file_1 = 0; TALLOC_CTX *_mem_save_data_file_0; uint32_t _ptr_config_file; + uint32_t size_config_file_1 = 0; + uint32_t length_config_file_1 = 0; TALLOC_CTX *_mem_save_config_file_0; uint32_t _ptr_help_file; + uint32_t size_help_file_1 = 0; + uint32_t length_help_file_1 = 0; TALLOC_CTX *_mem_save_help_file_0; uint32_t _ptr_monitor_name; + uint32_t size_monitor_name_1 = 0; + uint32_t length_monitor_name_1 = 0; TALLOC_CTX *_mem_save_monitor_name_0; uint32_t _ptr_default_datatype; + uint32_t size_default_datatype_1 = 0; + uint32_t length_default_datatype_1 = 0; TALLOC_CTX *_mem_save_default_datatype_0; uint32_t _ptr_dependent_files; TALLOC_CTX *_mem_save_dependent_files_0; @@ -8244,11 +8508,13 @@ static enum ndr_err_code ndr_pull_spoolss_AddDriverInfo4(struct ndr_pull *ndr, i NDR_PULL_SET_MEM_CTX(ndr, r->driver_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->driver_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->driver_name)); - if (ndr_get_array_length(ndr, &r->driver_name) > ndr_get_array_size(ndr, &r->driver_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->driver_name), ndr_get_array_length(ndr, &r->driver_name)); + size_driver_name_1 = ndr_get_array_size(ndr, &r->driver_name); + length_driver_name_1 = ndr_get_array_length(ndr, &r->driver_name); + if (length_driver_name_1 > size_driver_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_driver_name_1, length_driver_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->driver_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->driver_name, ndr_get_array_length(ndr, &r->driver_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_driver_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->driver_name, length_driver_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_driver_name_0, 0); } if (r->architecture) { @@ -8256,11 +8522,13 @@ static enum ndr_err_code ndr_pull_spoolss_AddDriverInfo4(struct ndr_pull *ndr, i NDR_PULL_SET_MEM_CTX(ndr, r->architecture, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->architecture)); NDR_CHECK(ndr_pull_array_length(ndr, &r->architecture)); - if (ndr_get_array_length(ndr, &r->architecture) > ndr_get_array_size(ndr, &r->architecture)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->architecture), ndr_get_array_length(ndr, &r->architecture)); + size_architecture_1 = ndr_get_array_size(ndr, &r->architecture); + length_architecture_1 = ndr_get_array_length(ndr, &r->architecture); + if (length_architecture_1 > size_architecture_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_architecture_1, length_architecture_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->architecture), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->architecture, ndr_get_array_length(ndr, &r->architecture), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_architecture_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->architecture, length_architecture_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_architecture_0, 0); } if (r->driver_path) { @@ -8268,11 +8536,13 @@ static enum ndr_err_code ndr_pull_spoolss_AddDriverInfo4(struct ndr_pull *ndr, i NDR_PULL_SET_MEM_CTX(ndr, r->driver_path, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->driver_path)); NDR_CHECK(ndr_pull_array_length(ndr, &r->driver_path)); - if (ndr_get_array_length(ndr, &r->driver_path) > ndr_get_array_size(ndr, &r->driver_path)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->driver_path), ndr_get_array_length(ndr, &r->driver_path)); + size_driver_path_1 = ndr_get_array_size(ndr, &r->driver_path); + length_driver_path_1 = ndr_get_array_length(ndr, &r->driver_path); + if (length_driver_path_1 > size_driver_path_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_driver_path_1, length_driver_path_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->driver_path), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->driver_path, ndr_get_array_length(ndr, &r->driver_path), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_driver_path_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->driver_path, length_driver_path_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_driver_path_0, 0); } if (r->data_file) { @@ -8280,11 +8550,13 @@ static enum ndr_err_code ndr_pull_spoolss_AddDriverInfo4(struct ndr_pull *ndr, i NDR_PULL_SET_MEM_CTX(ndr, r->data_file, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->data_file)); NDR_CHECK(ndr_pull_array_length(ndr, &r->data_file)); - if (ndr_get_array_length(ndr, &r->data_file) > ndr_get_array_size(ndr, &r->data_file)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->data_file), ndr_get_array_length(ndr, &r->data_file)); + size_data_file_1 = ndr_get_array_size(ndr, &r->data_file); + length_data_file_1 = ndr_get_array_length(ndr, &r->data_file); + if (length_data_file_1 > size_data_file_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_data_file_1, length_data_file_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->data_file), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->data_file, ndr_get_array_length(ndr, &r->data_file), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_data_file_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->data_file, length_data_file_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_data_file_0, 0); } if (r->config_file) { @@ -8292,11 +8564,13 @@ static enum ndr_err_code ndr_pull_spoolss_AddDriverInfo4(struct ndr_pull *ndr, i NDR_PULL_SET_MEM_CTX(ndr, r->config_file, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->config_file)); NDR_CHECK(ndr_pull_array_length(ndr, &r->config_file)); - if (ndr_get_array_length(ndr, &r->config_file) > ndr_get_array_size(ndr, &r->config_file)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->config_file), ndr_get_array_length(ndr, &r->config_file)); + size_config_file_1 = ndr_get_array_size(ndr, &r->config_file); + length_config_file_1 = ndr_get_array_length(ndr, &r->config_file); + if (length_config_file_1 > size_config_file_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_config_file_1, length_config_file_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->config_file), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->config_file, ndr_get_array_length(ndr, &r->config_file), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_config_file_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->config_file, length_config_file_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_config_file_0, 0); } if (r->help_file) { @@ -8304,11 +8578,13 @@ static enum ndr_err_code ndr_pull_spoolss_AddDriverInfo4(struct ndr_pull *ndr, i NDR_PULL_SET_MEM_CTX(ndr, r->help_file, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->help_file)); NDR_CHECK(ndr_pull_array_length(ndr, &r->help_file)); - if (ndr_get_array_length(ndr, &r->help_file) > ndr_get_array_size(ndr, &r->help_file)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->help_file), ndr_get_array_length(ndr, &r->help_file)); + size_help_file_1 = ndr_get_array_size(ndr, &r->help_file); + length_help_file_1 = ndr_get_array_length(ndr, &r->help_file); + if (length_help_file_1 > size_help_file_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_help_file_1, length_help_file_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->help_file), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->help_file, ndr_get_array_length(ndr, &r->help_file), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_help_file_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->help_file, length_help_file_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_help_file_0, 0); } if (r->monitor_name) { @@ -8316,11 +8592,13 @@ static enum ndr_err_code ndr_pull_spoolss_AddDriverInfo4(struct ndr_pull *ndr, i NDR_PULL_SET_MEM_CTX(ndr, r->monitor_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->monitor_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->monitor_name)); - if (ndr_get_array_length(ndr, &r->monitor_name) > ndr_get_array_size(ndr, &r->monitor_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->monitor_name), ndr_get_array_length(ndr, &r->monitor_name)); + size_monitor_name_1 = ndr_get_array_size(ndr, &r->monitor_name); + length_monitor_name_1 = ndr_get_array_length(ndr, &r->monitor_name); + if (length_monitor_name_1 > size_monitor_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_monitor_name_1, length_monitor_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->monitor_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->monitor_name, ndr_get_array_length(ndr, &r->monitor_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_monitor_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->monitor_name, length_monitor_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_monitor_name_0, 0); } if (r->default_datatype) { @@ -8328,11 +8606,13 @@ static enum ndr_err_code ndr_pull_spoolss_AddDriverInfo4(struct ndr_pull *ndr, i NDR_PULL_SET_MEM_CTX(ndr, r->default_datatype, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->default_datatype)); NDR_CHECK(ndr_pull_array_length(ndr, &r->default_datatype)); - if (ndr_get_array_length(ndr, &r->default_datatype) > ndr_get_array_size(ndr, &r->default_datatype)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->default_datatype), ndr_get_array_length(ndr, &r->default_datatype)); + size_default_datatype_1 = ndr_get_array_size(ndr, &r->default_datatype); + length_default_datatype_1 = ndr_get_array_length(ndr, &r->default_datatype); + if (length_default_datatype_1 > size_default_datatype_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_default_datatype_1, length_default_datatype_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->default_datatype), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->default_datatype, ndr_get_array_length(ndr, &r->default_datatype), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_default_datatype_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->default_datatype, length_default_datatype_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_default_datatype_0, 0); } if (r->dependent_files) { @@ -8553,32 +8833,56 @@ static enum ndr_err_code ndr_push_spoolss_AddDriverInfo6(struct ndr_push *ndr, i static enum ndr_err_code ndr_pull_spoolss_AddDriverInfo6(struct ndr_pull *ndr, int ndr_flags, struct spoolss_AddDriverInfo6 *r) { uint32_t _ptr_driver_name; + uint32_t size_driver_name_1 = 0; + uint32_t length_driver_name_1 = 0; TALLOC_CTX *_mem_save_driver_name_0; uint32_t _ptr_architecture; + uint32_t size_architecture_1 = 0; + uint32_t length_architecture_1 = 0; TALLOC_CTX *_mem_save_architecture_0; uint32_t _ptr_driver_path; + uint32_t size_driver_path_1 = 0; + uint32_t length_driver_path_1 = 0; TALLOC_CTX *_mem_save_driver_path_0; uint32_t _ptr_data_file; + uint32_t size_data_file_1 = 0; + uint32_t length_data_file_1 = 0; TALLOC_CTX *_mem_save_data_file_0; uint32_t _ptr_config_file; + uint32_t size_config_file_1 = 0; + uint32_t length_config_file_1 = 0; TALLOC_CTX *_mem_save_config_file_0; uint32_t _ptr_help_file; + uint32_t size_help_file_1 = 0; + uint32_t length_help_file_1 = 0; TALLOC_CTX *_mem_save_help_file_0; uint32_t _ptr_monitor_name; + uint32_t size_monitor_name_1 = 0; + uint32_t length_monitor_name_1 = 0; TALLOC_CTX *_mem_save_monitor_name_0; uint32_t _ptr_default_datatype; + uint32_t size_default_datatype_1 = 0; + uint32_t length_default_datatype_1 = 0; TALLOC_CTX *_mem_save_default_datatype_0; uint32_t _ptr_dependent_files; TALLOC_CTX *_mem_save_dependent_files_0; uint32_t _ptr_previous_names; TALLOC_CTX *_mem_save_previous_names_0; uint32_t _ptr_manufacturer_name; + uint32_t size_manufacturer_name_1 = 0; + uint32_t length_manufacturer_name_1 = 0; TALLOC_CTX *_mem_save_manufacturer_name_0; uint32_t _ptr_manufacturer_url; + uint32_t size_manufacturer_url_1 = 0; + uint32_t length_manufacturer_url_1 = 0; TALLOC_CTX *_mem_save_manufacturer_url_0; uint32_t _ptr_hardware_id; + uint32_t size_hardware_id_1 = 0; + uint32_t length_hardware_id_1 = 0; TALLOC_CTX *_mem_save_hardware_id_0; uint32_t _ptr_provider; + uint32_t size_provider_1 = 0; + uint32_t length_provider_1 = 0; TALLOC_CTX *_mem_save_provider_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 8)); @@ -8678,11 +8982,13 @@ static enum ndr_err_code ndr_pull_spoolss_AddDriverInfo6(struct ndr_pull *ndr, i NDR_PULL_SET_MEM_CTX(ndr, r->driver_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->driver_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->driver_name)); - if (ndr_get_array_length(ndr, &r->driver_name) > ndr_get_array_size(ndr, &r->driver_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->driver_name), ndr_get_array_length(ndr, &r->driver_name)); + size_driver_name_1 = ndr_get_array_size(ndr, &r->driver_name); + length_driver_name_1 = ndr_get_array_length(ndr, &r->driver_name); + if (length_driver_name_1 > size_driver_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_driver_name_1, length_driver_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->driver_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->driver_name, ndr_get_array_length(ndr, &r->driver_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_driver_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->driver_name, length_driver_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_driver_name_0, 0); } if (r->architecture) { @@ -8690,11 +8996,13 @@ static enum ndr_err_code ndr_pull_spoolss_AddDriverInfo6(struct ndr_pull *ndr, i NDR_PULL_SET_MEM_CTX(ndr, r->architecture, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->architecture)); NDR_CHECK(ndr_pull_array_length(ndr, &r->architecture)); - if (ndr_get_array_length(ndr, &r->architecture) > ndr_get_array_size(ndr, &r->architecture)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->architecture), ndr_get_array_length(ndr, &r->architecture)); + size_architecture_1 = ndr_get_array_size(ndr, &r->architecture); + length_architecture_1 = ndr_get_array_length(ndr, &r->architecture); + if (length_architecture_1 > size_architecture_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_architecture_1, length_architecture_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->architecture), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->architecture, ndr_get_array_length(ndr, &r->architecture), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_architecture_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->architecture, length_architecture_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_architecture_0, 0); } if (r->driver_path) { @@ -8702,11 +9010,13 @@ static enum ndr_err_code ndr_pull_spoolss_AddDriverInfo6(struct ndr_pull *ndr, i NDR_PULL_SET_MEM_CTX(ndr, r->driver_path, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->driver_path)); NDR_CHECK(ndr_pull_array_length(ndr, &r->driver_path)); - if (ndr_get_array_length(ndr, &r->driver_path) > ndr_get_array_size(ndr, &r->driver_path)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->driver_path), ndr_get_array_length(ndr, &r->driver_path)); + size_driver_path_1 = ndr_get_array_size(ndr, &r->driver_path); + length_driver_path_1 = ndr_get_array_length(ndr, &r->driver_path); + if (length_driver_path_1 > size_driver_path_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_driver_path_1, length_driver_path_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->driver_path), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->driver_path, ndr_get_array_length(ndr, &r->driver_path), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_driver_path_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->driver_path, length_driver_path_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_driver_path_0, 0); } if (r->data_file) { @@ -8714,11 +9024,13 @@ static enum ndr_err_code ndr_pull_spoolss_AddDriverInfo6(struct ndr_pull *ndr, i NDR_PULL_SET_MEM_CTX(ndr, r->data_file, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->data_file)); NDR_CHECK(ndr_pull_array_length(ndr, &r->data_file)); - if (ndr_get_array_length(ndr, &r->data_file) > ndr_get_array_size(ndr, &r->data_file)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->data_file), ndr_get_array_length(ndr, &r->data_file)); + size_data_file_1 = ndr_get_array_size(ndr, &r->data_file); + length_data_file_1 = ndr_get_array_length(ndr, &r->data_file); + if (length_data_file_1 > size_data_file_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_data_file_1, length_data_file_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->data_file), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->data_file, ndr_get_array_length(ndr, &r->data_file), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_data_file_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->data_file, length_data_file_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_data_file_0, 0); } if (r->config_file) { @@ -8726,11 +9038,13 @@ static enum ndr_err_code ndr_pull_spoolss_AddDriverInfo6(struct ndr_pull *ndr, i NDR_PULL_SET_MEM_CTX(ndr, r->config_file, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->config_file)); NDR_CHECK(ndr_pull_array_length(ndr, &r->config_file)); - if (ndr_get_array_length(ndr, &r->config_file) > ndr_get_array_size(ndr, &r->config_file)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->config_file), ndr_get_array_length(ndr, &r->config_file)); + size_config_file_1 = ndr_get_array_size(ndr, &r->config_file); + length_config_file_1 = ndr_get_array_length(ndr, &r->config_file); + if (length_config_file_1 > size_config_file_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_config_file_1, length_config_file_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->config_file), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->config_file, ndr_get_array_length(ndr, &r->config_file), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_config_file_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->config_file, length_config_file_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_config_file_0, 0); } if (r->help_file) { @@ -8738,11 +9052,13 @@ static enum ndr_err_code ndr_pull_spoolss_AddDriverInfo6(struct ndr_pull *ndr, i NDR_PULL_SET_MEM_CTX(ndr, r->help_file, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->help_file)); NDR_CHECK(ndr_pull_array_length(ndr, &r->help_file)); - if (ndr_get_array_length(ndr, &r->help_file) > ndr_get_array_size(ndr, &r->help_file)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->help_file), ndr_get_array_length(ndr, &r->help_file)); + size_help_file_1 = ndr_get_array_size(ndr, &r->help_file); + length_help_file_1 = ndr_get_array_length(ndr, &r->help_file); + if (length_help_file_1 > size_help_file_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_help_file_1, length_help_file_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->help_file), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->help_file, ndr_get_array_length(ndr, &r->help_file), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_help_file_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->help_file, length_help_file_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_help_file_0, 0); } if (r->monitor_name) { @@ -8750,11 +9066,13 @@ static enum ndr_err_code ndr_pull_spoolss_AddDriverInfo6(struct ndr_pull *ndr, i NDR_PULL_SET_MEM_CTX(ndr, r->monitor_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->monitor_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->monitor_name)); - if (ndr_get_array_length(ndr, &r->monitor_name) > ndr_get_array_size(ndr, &r->monitor_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->monitor_name), ndr_get_array_length(ndr, &r->monitor_name)); + size_monitor_name_1 = ndr_get_array_size(ndr, &r->monitor_name); + length_monitor_name_1 = ndr_get_array_length(ndr, &r->monitor_name); + if (length_monitor_name_1 > size_monitor_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_monitor_name_1, length_monitor_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->monitor_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->monitor_name, ndr_get_array_length(ndr, &r->monitor_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_monitor_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->monitor_name, length_monitor_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_monitor_name_0, 0); } if (r->default_datatype) { @@ -8762,11 +9080,13 @@ static enum ndr_err_code ndr_pull_spoolss_AddDriverInfo6(struct ndr_pull *ndr, i NDR_PULL_SET_MEM_CTX(ndr, r->default_datatype, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->default_datatype)); NDR_CHECK(ndr_pull_array_length(ndr, &r->default_datatype)); - if (ndr_get_array_length(ndr, &r->default_datatype) > ndr_get_array_size(ndr, &r->default_datatype)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->default_datatype), ndr_get_array_length(ndr, &r->default_datatype)); + size_default_datatype_1 = ndr_get_array_size(ndr, &r->default_datatype); + length_default_datatype_1 = ndr_get_array_length(ndr, &r->default_datatype); + if (length_default_datatype_1 > size_default_datatype_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_default_datatype_1, length_default_datatype_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->default_datatype), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->default_datatype, ndr_get_array_length(ndr, &r->default_datatype), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_default_datatype_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->default_datatype, length_default_datatype_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_default_datatype_0, 0); } if (r->dependent_files) { @@ -8786,11 +9106,13 @@ static enum ndr_err_code ndr_pull_spoolss_AddDriverInfo6(struct ndr_pull *ndr, i NDR_PULL_SET_MEM_CTX(ndr, r->manufacturer_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->manufacturer_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->manufacturer_name)); - if (ndr_get_array_length(ndr, &r->manufacturer_name) > ndr_get_array_size(ndr, &r->manufacturer_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->manufacturer_name), ndr_get_array_length(ndr, &r->manufacturer_name)); + size_manufacturer_name_1 = ndr_get_array_size(ndr, &r->manufacturer_name); + length_manufacturer_name_1 = ndr_get_array_length(ndr, &r->manufacturer_name); + if (length_manufacturer_name_1 > size_manufacturer_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_manufacturer_name_1, length_manufacturer_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->manufacturer_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->manufacturer_name, ndr_get_array_length(ndr, &r->manufacturer_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_manufacturer_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->manufacturer_name, length_manufacturer_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_manufacturer_name_0, 0); } if (r->manufacturer_url) { @@ -8798,11 +9120,13 @@ static enum ndr_err_code ndr_pull_spoolss_AddDriverInfo6(struct ndr_pull *ndr, i NDR_PULL_SET_MEM_CTX(ndr, r->manufacturer_url, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->manufacturer_url)); NDR_CHECK(ndr_pull_array_length(ndr, &r->manufacturer_url)); - if (ndr_get_array_length(ndr, &r->manufacturer_url) > ndr_get_array_size(ndr, &r->manufacturer_url)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->manufacturer_url), ndr_get_array_length(ndr, &r->manufacturer_url)); + size_manufacturer_url_1 = ndr_get_array_size(ndr, &r->manufacturer_url); + length_manufacturer_url_1 = ndr_get_array_length(ndr, &r->manufacturer_url); + if (length_manufacturer_url_1 > size_manufacturer_url_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_manufacturer_url_1, length_manufacturer_url_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->manufacturer_url), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->manufacturer_url, ndr_get_array_length(ndr, &r->manufacturer_url), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_manufacturer_url_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->manufacturer_url, length_manufacturer_url_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_manufacturer_url_0, 0); } if (r->hardware_id) { @@ -8810,11 +9134,13 @@ static enum ndr_err_code ndr_pull_spoolss_AddDriverInfo6(struct ndr_pull *ndr, i NDR_PULL_SET_MEM_CTX(ndr, r->hardware_id, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->hardware_id)); NDR_CHECK(ndr_pull_array_length(ndr, &r->hardware_id)); - if (ndr_get_array_length(ndr, &r->hardware_id) > ndr_get_array_size(ndr, &r->hardware_id)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->hardware_id), ndr_get_array_length(ndr, &r->hardware_id)); + size_hardware_id_1 = ndr_get_array_size(ndr, &r->hardware_id); + length_hardware_id_1 = ndr_get_array_length(ndr, &r->hardware_id); + if (length_hardware_id_1 > size_hardware_id_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_hardware_id_1, length_hardware_id_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->hardware_id), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->hardware_id, ndr_get_array_length(ndr, &r->hardware_id), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_hardware_id_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->hardware_id, length_hardware_id_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_hardware_id_0, 0); } if (r->provider) { @@ -8822,11 +9148,13 @@ static enum ndr_err_code ndr_pull_spoolss_AddDriverInfo6(struct ndr_pull *ndr, i NDR_PULL_SET_MEM_CTX(ndr, r->provider, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->provider)); NDR_CHECK(ndr_pull_array_length(ndr, &r->provider)); - if (ndr_get_array_length(ndr, &r->provider) > ndr_get_array_size(ndr, &r->provider)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->provider), ndr_get_array_length(ndr, &r->provider)); + size_provider_1 = ndr_get_array_size(ndr, &r->provider); + length_provider_1 = ndr_get_array_length(ndr, &r->provider); + if (length_provider_1 > size_provider_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_provider_1, length_provider_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->provider), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->provider, ndr_get_array_length(ndr, &r->provider), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_provider_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->provider, length_provider_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_provider_0, 0); } } @@ -9073,40 +9401,70 @@ static enum ndr_err_code ndr_push_spoolss_AddDriverInfo8(struct ndr_push *ndr, i static enum ndr_err_code ndr_pull_spoolss_AddDriverInfo8(struct ndr_pull *ndr, int ndr_flags, struct spoolss_AddDriverInfo8 *r) { uint32_t _ptr_driver_name; + uint32_t size_driver_name_1 = 0; + uint32_t length_driver_name_1 = 0; TALLOC_CTX *_mem_save_driver_name_0; uint32_t _ptr_architecture; + uint32_t size_architecture_1 = 0; + uint32_t length_architecture_1 = 0; TALLOC_CTX *_mem_save_architecture_0; uint32_t _ptr_driver_path; + uint32_t size_driver_path_1 = 0; + uint32_t length_driver_path_1 = 0; TALLOC_CTX *_mem_save_driver_path_0; uint32_t _ptr_data_file; + uint32_t size_data_file_1 = 0; + uint32_t length_data_file_1 = 0; TALLOC_CTX *_mem_save_data_file_0; uint32_t _ptr_config_file; + uint32_t size_config_file_1 = 0; + uint32_t length_config_file_1 = 0; TALLOC_CTX *_mem_save_config_file_0; uint32_t _ptr_help_file; + uint32_t size_help_file_1 = 0; + uint32_t length_help_file_1 = 0; TALLOC_CTX *_mem_save_help_file_0; uint32_t _ptr_monitor_name; + uint32_t size_monitor_name_1 = 0; + uint32_t length_monitor_name_1 = 0; TALLOC_CTX *_mem_save_monitor_name_0; uint32_t _ptr_default_datatype; + uint32_t size_default_datatype_1 = 0; + uint32_t length_default_datatype_1 = 0; TALLOC_CTX *_mem_save_default_datatype_0; uint32_t _ptr_dependent_files; TALLOC_CTX *_mem_save_dependent_files_0; uint32_t _ptr_previous_names; TALLOC_CTX *_mem_save_previous_names_0; uint32_t _ptr_manufacturer_name; + uint32_t size_manufacturer_name_1 = 0; + uint32_t length_manufacturer_name_1 = 0; TALLOC_CTX *_mem_save_manufacturer_name_0; uint32_t _ptr_manufacturer_url; + uint32_t size_manufacturer_url_1 = 0; + uint32_t length_manufacturer_url_1 = 0; TALLOC_CTX *_mem_save_manufacturer_url_0; uint32_t _ptr_hardware_id; + uint32_t size_hardware_id_1 = 0; + uint32_t length_hardware_id_1 = 0; TALLOC_CTX *_mem_save_hardware_id_0; uint32_t _ptr_provider; + uint32_t size_provider_1 = 0; + uint32_t length_provider_1 = 0; TALLOC_CTX *_mem_save_provider_0; uint32_t _ptr_print_processor; + uint32_t size_print_processor_1 = 0; + uint32_t length_print_processor_1 = 0; TALLOC_CTX *_mem_save_print_processor_0; uint32_t _ptr_vendor_setup; + uint32_t size_vendor_setup_1 = 0; + uint32_t length_vendor_setup_1 = 0; TALLOC_CTX *_mem_save_vendor_setup_0; uint32_t _ptr_color_profiles; TALLOC_CTX *_mem_save_color_profiles_0; uint32_t _ptr_inf_path; + uint32_t size_inf_path_1 = 0; + uint32_t length_inf_path_1 = 0; TALLOC_CTX *_mem_save_inf_path_0; uint32_t _ptr_core_driver_dependencies; TALLOC_CTX *_mem_save_core_driver_dependencies_0; @@ -9243,11 +9601,13 @@ static enum ndr_err_code ndr_pull_spoolss_AddDriverInfo8(struct ndr_pull *ndr, i NDR_PULL_SET_MEM_CTX(ndr, r->driver_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->driver_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->driver_name)); - if (ndr_get_array_length(ndr, &r->driver_name) > ndr_get_array_size(ndr, &r->driver_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->driver_name), ndr_get_array_length(ndr, &r->driver_name)); + size_driver_name_1 = ndr_get_array_size(ndr, &r->driver_name); + length_driver_name_1 = ndr_get_array_length(ndr, &r->driver_name); + if (length_driver_name_1 > size_driver_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_driver_name_1, length_driver_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->driver_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->driver_name, ndr_get_array_length(ndr, &r->driver_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_driver_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->driver_name, length_driver_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_driver_name_0, 0); } if (r->architecture) { @@ -9255,11 +9615,13 @@ static enum ndr_err_code ndr_pull_spoolss_AddDriverInfo8(struct ndr_pull *ndr, i NDR_PULL_SET_MEM_CTX(ndr, r->architecture, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->architecture)); NDR_CHECK(ndr_pull_array_length(ndr, &r->architecture)); - if (ndr_get_array_length(ndr, &r->architecture) > ndr_get_array_size(ndr, &r->architecture)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->architecture), ndr_get_array_length(ndr, &r->architecture)); + size_architecture_1 = ndr_get_array_size(ndr, &r->architecture); + length_architecture_1 = ndr_get_array_length(ndr, &r->architecture); + if (length_architecture_1 > size_architecture_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_architecture_1, length_architecture_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->architecture), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->architecture, ndr_get_array_length(ndr, &r->architecture), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_architecture_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->architecture, length_architecture_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_architecture_0, 0); } if (r->driver_path) { @@ -9267,11 +9629,13 @@ static enum ndr_err_code ndr_pull_spoolss_AddDriverInfo8(struct ndr_pull *ndr, i NDR_PULL_SET_MEM_CTX(ndr, r->driver_path, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->driver_path)); NDR_CHECK(ndr_pull_array_length(ndr, &r->driver_path)); - if (ndr_get_array_length(ndr, &r->driver_path) > ndr_get_array_size(ndr, &r->driver_path)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->driver_path), ndr_get_array_length(ndr, &r->driver_path)); + size_driver_path_1 = ndr_get_array_size(ndr, &r->driver_path); + length_driver_path_1 = ndr_get_array_length(ndr, &r->driver_path); + if (length_driver_path_1 > size_driver_path_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_driver_path_1, length_driver_path_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->driver_path), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->driver_path, ndr_get_array_length(ndr, &r->driver_path), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_driver_path_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->driver_path, length_driver_path_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_driver_path_0, 0); } if (r->data_file) { @@ -9279,11 +9643,13 @@ static enum ndr_err_code ndr_pull_spoolss_AddDriverInfo8(struct ndr_pull *ndr, i NDR_PULL_SET_MEM_CTX(ndr, r->data_file, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->data_file)); NDR_CHECK(ndr_pull_array_length(ndr, &r->data_file)); - if (ndr_get_array_length(ndr, &r->data_file) > ndr_get_array_size(ndr, &r->data_file)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->data_file), ndr_get_array_length(ndr, &r->data_file)); + size_data_file_1 = ndr_get_array_size(ndr, &r->data_file); + length_data_file_1 = ndr_get_array_length(ndr, &r->data_file); + if (length_data_file_1 > size_data_file_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_data_file_1, length_data_file_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->data_file), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->data_file, ndr_get_array_length(ndr, &r->data_file), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_data_file_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->data_file, length_data_file_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_data_file_0, 0); } if (r->config_file) { @@ -9291,11 +9657,13 @@ static enum ndr_err_code ndr_pull_spoolss_AddDriverInfo8(struct ndr_pull *ndr, i NDR_PULL_SET_MEM_CTX(ndr, r->config_file, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->config_file)); NDR_CHECK(ndr_pull_array_length(ndr, &r->config_file)); - if (ndr_get_array_length(ndr, &r->config_file) > ndr_get_array_size(ndr, &r->config_file)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->config_file), ndr_get_array_length(ndr, &r->config_file)); + size_config_file_1 = ndr_get_array_size(ndr, &r->config_file); + length_config_file_1 = ndr_get_array_length(ndr, &r->config_file); + if (length_config_file_1 > size_config_file_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_config_file_1, length_config_file_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->config_file), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->config_file, ndr_get_array_length(ndr, &r->config_file), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_config_file_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->config_file, length_config_file_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_config_file_0, 0); } if (r->help_file) { @@ -9303,11 +9671,13 @@ static enum ndr_err_code ndr_pull_spoolss_AddDriverInfo8(struct ndr_pull *ndr, i NDR_PULL_SET_MEM_CTX(ndr, r->help_file, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->help_file)); NDR_CHECK(ndr_pull_array_length(ndr, &r->help_file)); - if (ndr_get_array_length(ndr, &r->help_file) > ndr_get_array_size(ndr, &r->help_file)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->help_file), ndr_get_array_length(ndr, &r->help_file)); + size_help_file_1 = ndr_get_array_size(ndr, &r->help_file); + length_help_file_1 = ndr_get_array_length(ndr, &r->help_file); + if (length_help_file_1 > size_help_file_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_help_file_1, length_help_file_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->help_file), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->help_file, ndr_get_array_length(ndr, &r->help_file), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_help_file_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->help_file, length_help_file_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_help_file_0, 0); } if (r->monitor_name) { @@ -9315,11 +9685,13 @@ static enum ndr_err_code ndr_pull_spoolss_AddDriverInfo8(struct ndr_pull *ndr, i NDR_PULL_SET_MEM_CTX(ndr, r->monitor_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->monitor_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->monitor_name)); - if (ndr_get_array_length(ndr, &r->monitor_name) > ndr_get_array_size(ndr, &r->monitor_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->monitor_name), ndr_get_array_length(ndr, &r->monitor_name)); + size_monitor_name_1 = ndr_get_array_size(ndr, &r->monitor_name); + length_monitor_name_1 = ndr_get_array_length(ndr, &r->monitor_name); + if (length_monitor_name_1 > size_monitor_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_monitor_name_1, length_monitor_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->monitor_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->monitor_name, ndr_get_array_length(ndr, &r->monitor_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_monitor_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->monitor_name, length_monitor_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_monitor_name_0, 0); } if (r->default_datatype) { @@ -9327,11 +9699,13 @@ static enum ndr_err_code ndr_pull_spoolss_AddDriverInfo8(struct ndr_pull *ndr, i NDR_PULL_SET_MEM_CTX(ndr, r->default_datatype, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->default_datatype)); NDR_CHECK(ndr_pull_array_length(ndr, &r->default_datatype)); - if (ndr_get_array_length(ndr, &r->default_datatype) > ndr_get_array_size(ndr, &r->default_datatype)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->default_datatype), ndr_get_array_length(ndr, &r->default_datatype)); + size_default_datatype_1 = ndr_get_array_size(ndr, &r->default_datatype); + length_default_datatype_1 = ndr_get_array_length(ndr, &r->default_datatype); + if (length_default_datatype_1 > size_default_datatype_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_default_datatype_1, length_default_datatype_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->default_datatype), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->default_datatype, ndr_get_array_length(ndr, &r->default_datatype), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_default_datatype_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->default_datatype, length_default_datatype_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_default_datatype_0, 0); } if (r->dependent_files) { @@ -9351,11 +9725,13 @@ static enum ndr_err_code ndr_pull_spoolss_AddDriverInfo8(struct ndr_pull *ndr, i NDR_PULL_SET_MEM_CTX(ndr, r->manufacturer_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->manufacturer_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->manufacturer_name)); - if (ndr_get_array_length(ndr, &r->manufacturer_name) > ndr_get_array_size(ndr, &r->manufacturer_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->manufacturer_name), ndr_get_array_length(ndr, &r->manufacturer_name)); + size_manufacturer_name_1 = ndr_get_array_size(ndr, &r->manufacturer_name); + length_manufacturer_name_1 = ndr_get_array_length(ndr, &r->manufacturer_name); + if (length_manufacturer_name_1 > size_manufacturer_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_manufacturer_name_1, length_manufacturer_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->manufacturer_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->manufacturer_name, ndr_get_array_length(ndr, &r->manufacturer_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_manufacturer_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->manufacturer_name, length_manufacturer_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_manufacturer_name_0, 0); } if (r->manufacturer_url) { @@ -9363,11 +9739,13 @@ static enum ndr_err_code ndr_pull_spoolss_AddDriverInfo8(struct ndr_pull *ndr, i NDR_PULL_SET_MEM_CTX(ndr, r->manufacturer_url, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->manufacturer_url)); NDR_CHECK(ndr_pull_array_length(ndr, &r->manufacturer_url)); - if (ndr_get_array_length(ndr, &r->manufacturer_url) > ndr_get_array_size(ndr, &r->manufacturer_url)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->manufacturer_url), ndr_get_array_length(ndr, &r->manufacturer_url)); + size_manufacturer_url_1 = ndr_get_array_size(ndr, &r->manufacturer_url); + length_manufacturer_url_1 = ndr_get_array_length(ndr, &r->manufacturer_url); + if (length_manufacturer_url_1 > size_manufacturer_url_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_manufacturer_url_1, length_manufacturer_url_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->manufacturer_url), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->manufacturer_url, ndr_get_array_length(ndr, &r->manufacturer_url), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_manufacturer_url_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->manufacturer_url, length_manufacturer_url_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_manufacturer_url_0, 0); } if (r->hardware_id) { @@ -9375,11 +9753,13 @@ static enum ndr_err_code ndr_pull_spoolss_AddDriverInfo8(struct ndr_pull *ndr, i NDR_PULL_SET_MEM_CTX(ndr, r->hardware_id, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->hardware_id)); NDR_CHECK(ndr_pull_array_length(ndr, &r->hardware_id)); - if (ndr_get_array_length(ndr, &r->hardware_id) > ndr_get_array_size(ndr, &r->hardware_id)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->hardware_id), ndr_get_array_length(ndr, &r->hardware_id)); + size_hardware_id_1 = ndr_get_array_size(ndr, &r->hardware_id); + length_hardware_id_1 = ndr_get_array_length(ndr, &r->hardware_id); + if (length_hardware_id_1 > size_hardware_id_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_hardware_id_1, length_hardware_id_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->hardware_id), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->hardware_id, ndr_get_array_length(ndr, &r->hardware_id), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_hardware_id_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->hardware_id, length_hardware_id_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_hardware_id_0, 0); } if (r->provider) { @@ -9387,11 +9767,13 @@ static enum ndr_err_code ndr_pull_spoolss_AddDriverInfo8(struct ndr_pull *ndr, i NDR_PULL_SET_MEM_CTX(ndr, r->provider, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->provider)); NDR_CHECK(ndr_pull_array_length(ndr, &r->provider)); - if (ndr_get_array_length(ndr, &r->provider) > ndr_get_array_size(ndr, &r->provider)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->provider), ndr_get_array_length(ndr, &r->provider)); + size_provider_1 = ndr_get_array_size(ndr, &r->provider); + length_provider_1 = ndr_get_array_length(ndr, &r->provider); + if (length_provider_1 > size_provider_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_provider_1, length_provider_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->provider), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->provider, ndr_get_array_length(ndr, &r->provider), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_provider_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->provider, length_provider_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_provider_0, 0); } if (r->print_processor) { @@ -9399,11 +9781,13 @@ static enum ndr_err_code ndr_pull_spoolss_AddDriverInfo8(struct ndr_pull *ndr, i NDR_PULL_SET_MEM_CTX(ndr, r->print_processor, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->print_processor)); NDR_CHECK(ndr_pull_array_length(ndr, &r->print_processor)); - if (ndr_get_array_length(ndr, &r->print_processor) > ndr_get_array_size(ndr, &r->print_processor)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->print_processor), ndr_get_array_length(ndr, &r->print_processor)); + size_print_processor_1 = ndr_get_array_size(ndr, &r->print_processor); + length_print_processor_1 = ndr_get_array_length(ndr, &r->print_processor); + if (length_print_processor_1 > size_print_processor_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_print_processor_1, length_print_processor_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->print_processor), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->print_processor, ndr_get_array_length(ndr, &r->print_processor), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_print_processor_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->print_processor, length_print_processor_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_print_processor_0, 0); } if (r->vendor_setup) { @@ -9411,11 +9795,13 @@ static enum ndr_err_code ndr_pull_spoolss_AddDriverInfo8(struct ndr_pull *ndr, i NDR_PULL_SET_MEM_CTX(ndr, r->vendor_setup, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->vendor_setup)); NDR_CHECK(ndr_pull_array_length(ndr, &r->vendor_setup)); - if (ndr_get_array_length(ndr, &r->vendor_setup) > ndr_get_array_size(ndr, &r->vendor_setup)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->vendor_setup), ndr_get_array_length(ndr, &r->vendor_setup)); + size_vendor_setup_1 = ndr_get_array_size(ndr, &r->vendor_setup); + length_vendor_setup_1 = ndr_get_array_length(ndr, &r->vendor_setup); + if (length_vendor_setup_1 > size_vendor_setup_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_vendor_setup_1, length_vendor_setup_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->vendor_setup), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->vendor_setup, ndr_get_array_length(ndr, &r->vendor_setup), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_vendor_setup_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->vendor_setup, length_vendor_setup_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_vendor_setup_0, 0); } if (r->color_profiles) { @@ -9429,11 +9815,13 @@ static enum ndr_err_code ndr_pull_spoolss_AddDriverInfo8(struct ndr_pull *ndr, i NDR_PULL_SET_MEM_CTX(ndr, r->inf_path, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->inf_path)); NDR_CHECK(ndr_pull_array_length(ndr, &r->inf_path)); - if (ndr_get_array_length(ndr, &r->inf_path) > ndr_get_array_size(ndr, &r->inf_path)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->inf_path), ndr_get_array_length(ndr, &r->inf_path)); + size_inf_path_1 = ndr_get_array_size(ndr, &r->inf_path); + length_inf_path_1 = ndr_get_array_length(ndr, &r->inf_path); + if (length_inf_path_1 > size_inf_path_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_inf_path_1, length_inf_path_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->inf_path), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->inf_path, ndr_get_array_length(ndr, &r->inf_path), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_inf_path_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->inf_path, length_inf_path_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_inf_path_0, 0); } if (r->core_driver_dependencies) { @@ -9662,11 +10050,17 @@ static enum ndr_err_code ndr_pull_spoolss_AddDriverInfo(struct ndr_pull *ndr, in int level; uint32_t _level; TALLOC_CTX *_mem_save_info1_0; + uint32_t _ptr_info1; TALLOC_CTX *_mem_save_info2_0; + uint32_t _ptr_info2; TALLOC_CTX *_mem_save_info3_0; + uint32_t _ptr_info3; TALLOC_CTX *_mem_save_info4_0; + uint32_t _ptr_info4; TALLOC_CTX *_mem_save_info6_0; + uint32_t _ptr_info6; TALLOC_CTX *_mem_save_info8_0; + uint32_t _ptr_info8; level = ndr_pull_get_switch_value(ndr, r); if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &_level)); @@ -9675,7 +10069,6 @@ static enum ndr_err_code ndr_pull_spoolss_AddDriverInfo(struct ndr_pull *ndr, in } switch (level) { case 1: { - uint32_t _ptr_info1; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info1)); if (_ptr_info1) { NDR_PULL_ALLOC(ndr, r->info1); @@ -9685,7 +10078,6 @@ static enum ndr_err_code ndr_pull_spoolss_AddDriverInfo(struct ndr_pull *ndr, in break; } case 2: { - uint32_t _ptr_info2; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info2)); if (_ptr_info2) { NDR_PULL_ALLOC(ndr, r->info2); @@ -9695,7 +10087,6 @@ static enum ndr_err_code ndr_pull_spoolss_AddDriverInfo(struct ndr_pull *ndr, in break; } case 3: { - uint32_t _ptr_info3; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info3)); if (_ptr_info3) { NDR_PULL_ALLOC(ndr, r->info3); @@ -9705,7 +10096,6 @@ static enum ndr_err_code ndr_pull_spoolss_AddDriverInfo(struct ndr_pull *ndr, in break; } case 4: { - uint32_t _ptr_info4; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info4)); if (_ptr_info4) { NDR_PULL_ALLOC(ndr, r->info4); @@ -9715,7 +10105,6 @@ static enum ndr_err_code ndr_pull_spoolss_AddDriverInfo(struct ndr_pull *ndr, in break; } case 6: { - uint32_t _ptr_info6; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info6)); if (_ptr_info6) { NDR_PULL_ALLOC(ndr, r->info6); @@ -9725,7 +10114,6 @@ static enum ndr_err_code ndr_pull_spoolss_AddDriverInfo(struct ndr_pull *ndr, in break; } case 8: { - uint32_t _ptr_info8; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info8)); if (_ptr_info8) { NDR_PULL_ALLOC(ndr, r->info8); @@ -14386,10 +14774,16 @@ static enum ndr_err_code ndr_push_spoolss_DocumentInfo1(struct ndr_push *ndr, in static enum ndr_err_code ndr_pull_spoolss_DocumentInfo1(struct ndr_pull *ndr, int ndr_flags, struct spoolss_DocumentInfo1 *r) { uint32_t _ptr_document_name; + uint32_t size_document_name_1 = 0; + uint32_t length_document_name_1 = 0; TALLOC_CTX *_mem_save_document_name_0; uint32_t _ptr_output_file; + uint32_t size_output_file_1 = 0; + uint32_t length_output_file_1 = 0; TALLOC_CTX *_mem_save_output_file_0; uint32_t _ptr_datatype; + uint32_t size_datatype_1 = 0; + uint32_t length_datatype_1 = 0; TALLOC_CTX *_mem_save_datatype_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); @@ -14418,11 +14812,13 @@ static enum ndr_err_code ndr_pull_spoolss_DocumentInfo1(struct ndr_pull *ndr, in NDR_PULL_SET_MEM_CTX(ndr, r->document_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->document_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->document_name)); - if (ndr_get_array_length(ndr, &r->document_name) > ndr_get_array_size(ndr, &r->document_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->document_name), ndr_get_array_length(ndr, &r->document_name)); + size_document_name_1 = ndr_get_array_size(ndr, &r->document_name); + length_document_name_1 = ndr_get_array_length(ndr, &r->document_name); + if (length_document_name_1 > size_document_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_document_name_1, length_document_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->document_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->document_name, ndr_get_array_length(ndr, &r->document_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_document_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->document_name, length_document_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_document_name_0, 0); } if (r->output_file) { @@ -14430,11 +14826,13 @@ static enum ndr_err_code ndr_pull_spoolss_DocumentInfo1(struct ndr_pull *ndr, in NDR_PULL_SET_MEM_CTX(ndr, r->output_file, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->output_file)); NDR_CHECK(ndr_pull_array_length(ndr, &r->output_file)); - if (ndr_get_array_length(ndr, &r->output_file) > ndr_get_array_size(ndr, &r->output_file)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->output_file), ndr_get_array_length(ndr, &r->output_file)); + size_output_file_1 = ndr_get_array_size(ndr, &r->output_file); + length_output_file_1 = ndr_get_array_length(ndr, &r->output_file); + if (length_output_file_1 > size_output_file_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_output_file_1, length_output_file_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->output_file), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->output_file, ndr_get_array_length(ndr, &r->output_file), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_output_file_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->output_file, length_output_file_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_output_file_0, 0); } if (r->datatype) { @@ -14442,11 +14840,13 @@ static enum ndr_err_code ndr_pull_spoolss_DocumentInfo1(struct ndr_pull *ndr, in NDR_PULL_SET_MEM_CTX(ndr, r->datatype, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->datatype)); NDR_CHECK(ndr_pull_array_length(ndr, &r->datatype)); - if (ndr_get_array_length(ndr, &r->datatype) > ndr_get_array_size(ndr, &r->datatype)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->datatype), ndr_get_array_length(ndr, &r->datatype)); + size_datatype_1 = ndr_get_array_size(ndr, &r->datatype); + length_datatype_1 = ndr_get_array_length(ndr, &r->datatype); + if (length_datatype_1 > size_datatype_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_datatype_1, length_datatype_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->datatype), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->datatype, ndr_get_array_length(ndr, &r->datatype), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_datatype_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->datatype, length_datatype_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_datatype_0, 0); } } @@ -14527,6 +14927,7 @@ static enum ndr_err_code ndr_pull_spoolss_DocumentInfo(struct ndr_pull *ndr, int int level; uint32_t _level; TALLOC_CTX *_mem_save_info1_0; + uint32_t _ptr_info1; level = ndr_pull_get_switch_value(ndr, r); if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &_level)); @@ -14535,7 +14936,6 @@ static enum ndr_err_code ndr_pull_spoolss_DocumentInfo(struct ndr_pull *ndr, int } switch (level) { case 1: { - uint32_t _ptr_info1; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info1)); if (_ptr_info1) { NDR_PULL_ALLOC(ndr, r->info1); @@ -15562,6 +15962,8 @@ static enum ndr_err_code ndr_push_spoolss_AddFormInfo1(struct ndr_push *ndr, int static enum ndr_err_code ndr_pull_spoolss_AddFormInfo1(struct ndr_pull *ndr, int ndr_flags, struct spoolss_AddFormInfo1 *r) { uint32_t _ptr_form_name; + uint32_t size_form_name_1 = 0; + uint32_t length_form_name_1 = 0; TALLOC_CTX *_mem_save_form_name_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); @@ -15581,11 +15983,13 @@ static enum ndr_err_code ndr_pull_spoolss_AddFormInfo1(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->form_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->form_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->form_name)); - if (ndr_get_array_length(ndr, &r->form_name) > ndr_get_array_size(ndr, &r->form_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->form_name), ndr_get_array_length(ndr, &r->form_name)); + size_form_name_1 = ndr_get_array_size(ndr, &r->form_name); + length_form_name_1 = ndr_get_array_length(ndr, &r->form_name); + if (length_form_name_1 > size_form_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_form_name_1, length_form_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->form_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->form_name, ndr_get_array_length(ndr, &r->form_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_form_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->form_name, length_form_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_form_name_0, 0); } } @@ -15655,12 +16059,20 @@ static enum ndr_err_code ndr_push_spoolss_AddFormInfo2(struct ndr_push *ndr, int static enum ndr_err_code ndr_pull_spoolss_AddFormInfo2(struct ndr_pull *ndr, int ndr_flags, struct spoolss_AddFormInfo2 *r) { uint32_t _ptr_form_name; + uint32_t size_form_name_1 = 0; + uint32_t length_form_name_1 = 0; TALLOC_CTX *_mem_save_form_name_0; uint32_t _ptr_keyword; + uint32_t size_keyword_1 = 0; + uint32_t length_keyword_1 = 0; TALLOC_CTX *_mem_save_keyword_0; uint32_t _ptr_mui_dll; + uint32_t size_mui_dll_1 = 0; + uint32_t length_mui_dll_1 = 0; TALLOC_CTX *_mem_save_mui_dll_0; uint32_t _ptr_display_name; + uint32_t size_display_name_1 = 0; + uint32_t length_display_name_1 = 0; TALLOC_CTX *_mem_save_display_name_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); @@ -15701,11 +16113,13 @@ static enum ndr_err_code ndr_pull_spoolss_AddFormInfo2(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->form_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->form_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->form_name)); - if (ndr_get_array_length(ndr, &r->form_name) > ndr_get_array_size(ndr, &r->form_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->form_name), ndr_get_array_length(ndr, &r->form_name)); + size_form_name_1 = ndr_get_array_size(ndr, &r->form_name); + length_form_name_1 = ndr_get_array_length(ndr, &r->form_name); + if (length_form_name_1 > size_form_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_form_name_1, length_form_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->form_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->form_name, ndr_get_array_length(ndr, &r->form_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_form_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->form_name, length_form_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_form_name_0, 0); } if (r->keyword) { @@ -15713,11 +16127,13 @@ static enum ndr_err_code ndr_pull_spoolss_AddFormInfo2(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->keyword, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->keyword)); NDR_CHECK(ndr_pull_array_length(ndr, &r->keyword)); - if (ndr_get_array_length(ndr, &r->keyword) > ndr_get_array_size(ndr, &r->keyword)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->keyword), ndr_get_array_length(ndr, &r->keyword)); + size_keyword_1 = ndr_get_array_size(ndr, &r->keyword); + length_keyword_1 = ndr_get_array_length(ndr, &r->keyword); + if (length_keyword_1 > size_keyword_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_keyword_1, length_keyword_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->keyword), sizeof(uint8_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->keyword, ndr_get_array_length(ndr, &r->keyword), sizeof(uint8_t), CH_DOS)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_keyword_1, sizeof(uint8_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->keyword, length_keyword_1, sizeof(uint8_t), CH_DOS)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_keyword_0, 0); } if (r->mui_dll) { @@ -15725,11 +16141,13 @@ static enum ndr_err_code ndr_pull_spoolss_AddFormInfo2(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->mui_dll, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->mui_dll)); NDR_CHECK(ndr_pull_array_length(ndr, &r->mui_dll)); - if (ndr_get_array_length(ndr, &r->mui_dll) > ndr_get_array_size(ndr, &r->mui_dll)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->mui_dll), ndr_get_array_length(ndr, &r->mui_dll)); + size_mui_dll_1 = ndr_get_array_size(ndr, &r->mui_dll); + length_mui_dll_1 = ndr_get_array_length(ndr, &r->mui_dll); + if (length_mui_dll_1 > size_mui_dll_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_mui_dll_1, length_mui_dll_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->mui_dll), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->mui_dll, ndr_get_array_length(ndr, &r->mui_dll), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_mui_dll_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->mui_dll, length_mui_dll_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_mui_dll_0, 0); } if (r->display_name) { @@ -15737,11 +16155,13 @@ static enum ndr_err_code ndr_pull_spoolss_AddFormInfo2(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->display_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->display_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->display_name)); - if (ndr_get_array_length(ndr, &r->display_name) > ndr_get_array_size(ndr, &r->display_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->display_name), ndr_get_array_length(ndr, &r->display_name)); + size_display_name_1 = ndr_get_array_size(ndr, &r->display_name); + length_display_name_1 = ndr_get_array_length(ndr, &r->display_name); + if (length_display_name_1 > size_display_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_display_name_1, length_display_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->display_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->display_name, ndr_get_array_length(ndr, &r->display_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_display_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->display_name, length_display_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_display_name_0, 0); } } @@ -15830,7 +16250,9 @@ static enum ndr_err_code ndr_pull_spoolss_AddFormInfo(struct ndr_pull *ndr, int int level; uint32_t _level; TALLOC_CTX *_mem_save_info1_0; + uint32_t _ptr_info1; TALLOC_CTX *_mem_save_info2_0; + uint32_t _ptr_info2; level = ndr_pull_get_switch_value(ndr, r); if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &_level)); @@ -15839,7 +16261,6 @@ static enum ndr_err_code ndr_pull_spoolss_AddFormInfo(struct ndr_pull *ndr, int } switch (level) { case 1: { - uint32_t _ptr_info1; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info1)); if (_ptr_info1) { NDR_PULL_ALLOC(ndr, r->info1); @@ -15849,7 +16270,6 @@ static enum ndr_err_code ndr_pull_spoolss_AddFormInfo(struct ndr_pull *ndr, int break; } case 2: { - uint32_t _ptr_info2; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info2)); if (_ptr_info2) { NDR_PULL_ALLOC(ndr, r->info2); @@ -17462,6 +17882,7 @@ static enum ndr_err_code ndr_push_spoolss_NotifyOptionType(struct ndr_push *ndr, static enum ndr_err_code ndr_pull_spoolss_NotifyOptionType(struct ndr_pull *ndr, int ndr_flags, struct spoolss_NotifyOptionType *r) { uint32_t _ptr_fields; + uint32_t size_fields_1 = 0; uint32_t cntr_fields_1; TALLOC_CTX *_mem_save_fields_0; TALLOC_CTX *_mem_save_fields_1; @@ -17484,10 +17905,11 @@ static enum ndr_err_code ndr_pull_spoolss_NotifyOptionType(struct ndr_pull *ndr, _mem_save_fields_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->fields, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->fields)); - NDR_PULL_ALLOC_N(ndr, r->fields, ndr_get_array_size(ndr, &r->fields)); + size_fields_1 = ndr_get_array_size(ndr, &r->fields); + NDR_PULL_ALLOC_N(ndr, r->fields, size_fields_1); _mem_save_fields_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->fields, 0); - for (cntr_fields_1 = 0; cntr_fields_1 < r->count; cntr_fields_1++) { + for (cntr_fields_1 = 0; cntr_fields_1 < size_fields_1; cntr_fields_1++) { NDR_CHECK(ndr_pull_set_switch_value(ndr, &r->fields[cntr_fields_1], r->type)); NDR_CHECK(ndr_pull_spoolss_Field(ndr, NDR_SCALARS, &r->fields[cntr_fields_1])); } @@ -17579,6 +18001,7 @@ static enum ndr_err_code ndr_push_spoolss_NotifyOption(struct ndr_push *ndr, int static enum ndr_err_code ndr_pull_spoolss_NotifyOption(struct ndr_pull *ndr, int ndr_flags, struct spoolss_NotifyOption *r) { uint32_t _ptr_types; + uint32_t size_types_1 = 0; uint32_t cntr_types_1; TALLOC_CTX *_mem_save_types_0; TALLOC_CTX *_mem_save_types_1; @@ -17599,13 +18022,14 @@ static enum ndr_err_code ndr_pull_spoolss_NotifyOption(struct ndr_pull *ndr, int _mem_save_types_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->types, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->types)); - NDR_PULL_ALLOC_N(ndr, r->types, ndr_get_array_size(ndr, &r->types)); + size_types_1 = ndr_get_array_size(ndr, &r->types); + NDR_PULL_ALLOC_N(ndr, r->types, size_types_1); _mem_save_types_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->types, 0); - for (cntr_types_1 = 0; cntr_types_1 < r->count; cntr_types_1++) { + for (cntr_types_1 = 0; cntr_types_1 < size_types_1; cntr_types_1++) { NDR_CHECK(ndr_pull_spoolss_NotifyOptionType(ndr, NDR_SCALARS, &r->types[cntr_types_1])); } - for (cntr_types_1 = 0; cntr_types_1 < r->count; cntr_types_1++) { + for (cntr_types_1 = 0; cntr_types_1 < size_types_1; cntr_types_1++) { NDR_CHECK(ndr_pull_spoolss_NotifyOptionType(ndr, NDR_BUFFERS, &r->types[cntr_types_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_types_1, 0); @@ -17663,6 +18087,7 @@ static enum ndr_err_code ndr_push_spoolss_NotifyString(struct ndr_push *ndr, int static enum ndr_err_code ndr_pull_spoolss_NotifyString(struct ndr_pull *ndr, int ndr_flags, struct spoolss_NotifyString *r) { uint32_t _ptr_string; + uint32_t size_string_1 = 0; TALLOC_CTX *_mem_save_string_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); @@ -17679,7 +18104,8 @@ static enum ndr_err_code ndr_pull_spoolss_NotifyString(struct ndr_pull *ndr, int _mem_save_string_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->string, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->string)); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->string, ndr_get_array_size(ndr, &r->string), sizeof(uint16_t), CH_UTF16)); + size_string_1 = ndr_get_array_size(ndr, &r->string); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->string, size_string_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_string_0, 0); } if (r->string) { @@ -17797,6 +18223,8 @@ static enum ndr_err_code ndr_pull_spoolss_NotifyData(struct ndr_pull *ndr, int n { int level; uint32_t _level; + uint32_t size_integer_0 = 0; + uint32_t cntr_integer_0; level = ndr_pull_get_switch_value(ndr, r); if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &_level)); @@ -17805,8 +18233,8 @@ static enum ndr_err_code ndr_pull_spoolss_NotifyData(struct ndr_pull *ndr, int n } switch (level) { case 1: { - uint32_t cntr_integer_0; - for (cntr_integer_0 = 0; cntr_integer_0 < 2; cntr_integer_0++) { + size_integer_0 = 2; + for (cntr_integer_0 = 0; cntr_integer_0 < size_integer_0; cntr_integer_0++) { NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->integer[cntr_integer_0])); } break; } @@ -17973,6 +18401,7 @@ static enum ndr_err_code ndr_push_spoolss_NotifyInfo(struct ndr_push *ndr, int n static enum ndr_err_code ndr_pull_spoolss_NotifyInfo(struct ndr_pull *ndr, int ndr_flags, struct spoolss_NotifyInfo *r) { + uint32_t size_notifies_0 = 0; uint32_t cntr_notifies_0; TALLOC_CTX *_mem_save_notifies_0; if (ndr_flags & NDR_SCALARS) { @@ -17981,10 +18410,11 @@ static enum ndr_err_code ndr_pull_spoolss_NotifyInfo(struct ndr_pull *ndr, int n NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->version)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->flags)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->count)); - NDR_PULL_ALLOC_N(ndr, r->notifies, ndr_get_array_size(ndr, &r->notifies)); + size_notifies_0 = ndr_get_array_size(ndr, &r->notifies); + NDR_PULL_ALLOC_N(ndr, r->notifies, size_notifies_0); _mem_save_notifies_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->notifies, 0); - for (cntr_notifies_0 = 0; cntr_notifies_0 < r->count; cntr_notifies_0++) { + for (cntr_notifies_0 = 0; cntr_notifies_0 < size_notifies_0; cntr_notifies_0++) { NDR_CHECK(ndr_pull_spoolss_Notify(ndr, NDR_SCALARS, &r->notifies[cntr_notifies_0])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_notifies_0, 0); @@ -17993,9 +18423,10 @@ static enum ndr_err_code ndr_pull_spoolss_NotifyInfo(struct ndr_pull *ndr, int n } } if (ndr_flags & NDR_BUFFERS) { + size_notifies_0 = ndr_get_array_size(ndr, &r->notifies); _mem_save_notifies_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->notifies, 0); - for (cntr_notifies_0 = 0; cntr_notifies_0 < r->count; cntr_notifies_0++) { + for (cntr_notifies_0 = 0; cntr_notifies_0 < size_notifies_0; cntr_notifies_0++) { NDR_CHECK(ndr_pull_spoolss_Notify(ndr, NDR_BUFFERS, &r->notifies[cntr_notifies_0])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_notifies_0, 0); @@ -18059,6 +18490,7 @@ static enum ndr_err_code ndr_pull_spoolss_ReplyPrinterInfo(struct ndr_pull *ndr, int level; uint32_t _level; TALLOC_CTX *_mem_save_info0_0; + uint32_t _ptr_info0; level = ndr_pull_get_switch_value(ndr, r); if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &_level)); @@ -18067,7 +18499,6 @@ static enum ndr_err_code ndr_pull_spoolss_ReplyPrinterInfo(struct ndr_pull *ndr, } switch (level) { case 0: { - uint32_t _ptr_info0; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info0)); if (_ptr_info0) { NDR_PULL_ALLOC(ndr, r->info0); @@ -18174,8 +18605,12 @@ static enum ndr_err_code ndr_push_spoolss_UserLevel1(struct ndr_push *ndr, int n static enum ndr_err_code ndr_pull_spoolss_UserLevel1(struct ndr_pull *ndr, int ndr_flags, struct spoolss_UserLevel1 *r) { uint32_t _ptr_client; + uint32_t size_client_1 = 0; + uint32_t length_client_1 = 0; TALLOC_CTX *_mem_save_client_0; uint32_t _ptr_user; + uint32_t size_user_1 = 0; + uint32_t length_user_1 = 0; TALLOC_CTX *_mem_save_user_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); @@ -18203,11 +18638,13 @@ static enum ndr_err_code ndr_pull_spoolss_UserLevel1(struct ndr_pull *ndr, int n NDR_PULL_SET_MEM_CTX(ndr, r->client, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->client)); NDR_CHECK(ndr_pull_array_length(ndr, &r->client)); - if (ndr_get_array_length(ndr, &r->client) > ndr_get_array_size(ndr, &r->client)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->client), ndr_get_array_length(ndr, &r->client)); + size_client_1 = ndr_get_array_size(ndr, &r->client); + length_client_1 = ndr_get_array_length(ndr, &r->client); + if (length_client_1 > size_client_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_client_1, length_client_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->client), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->client, ndr_get_array_length(ndr, &r->client), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_client_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->client, length_client_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_client_0, 0); } if (r->user) { @@ -18215,11 +18652,13 @@ static enum ndr_err_code ndr_pull_spoolss_UserLevel1(struct ndr_pull *ndr, int n NDR_PULL_SET_MEM_CTX(ndr, r->user, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->user)); NDR_CHECK(ndr_pull_array_length(ndr, &r->user)); - if (ndr_get_array_length(ndr, &r->user) > ndr_get_array_size(ndr, &r->user)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->user), ndr_get_array_length(ndr, &r->user)); + size_user_1 = ndr_get_array_size(ndr, &r->user); + length_user_1 = ndr_get_array_length(ndr, &r->user); + if (length_user_1 > size_user_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_user_1, length_user_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->user), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->user, ndr_get_array_length(ndr, &r->user), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_user_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->user, length_user_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_user_0, 0); } } @@ -18315,8 +18754,12 @@ static enum ndr_err_code ndr_push_spoolss_UserLevel3(struct ndr_push *ndr, int n static enum ndr_err_code ndr_pull_spoolss_UserLevel3(struct ndr_pull *ndr, int ndr_flags, struct spoolss_UserLevel3 *r) { uint32_t _ptr_client; + uint32_t size_client_1 = 0; + uint32_t length_client_1 = 0; TALLOC_CTX *_mem_save_client_0; uint32_t _ptr_user; + uint32_t size_user_1 = 0; + uint32_t length_user_1 = 0; TALLOC_CTX *_mem_save_user_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); @@ -18347,11 +18790,13 @@ static enum ndr_err_code ndr_pull_spoolss_UserLevel3(struct ndr_pull *ndr, int n NDR_PULL_SET_MEM_CTX(ndr, r->client, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->client)); NDR_CHECK(ndr_pull_array_length(ndr, &r->client)); - if (ndr_get_array_length(ndr, &r->client) > ndr_get_array_size(ndr, &r->client)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->client), ndr_get_array_length(ndr, &r->client)); + size_client_1 = ndr_get_array_size(ndr, &r->client); + length_client_1 = ndr_get_array_length(ndr, &r->client); + if (length_client_1 > size_client_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_client_1, length_client_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->client), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->client, ndr_get_array_length(ndr, &r->client), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_client_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->client, length_client_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_client_0, 0); } if (r->user) { @@ -18359,11 +18804,13 @@ static enum ndr_err_code ndr_pull_spoolss_UserLevel3(struct ndr_pull *ndr, int n NDR_PULL_SET_MEM_CTX(ndr, r->user, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->user)); NDR_CHECK(ndr_pull_array_length(ndr, &r->user)); - if (ndr_get_array_length(ndr, &r->user) > ndr_get_array_size(ndr, &r->user)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->user), ndr_get_array_length(ndr, &r->user)); + size_user_1 = ndr_get_array_size(ndr, &r->user); + length_user_1 = ndr_get_array_length(ndr, &r->user); + if (length_user_1 > size_user_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_user_1, length_user_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->user), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->user, ndr_get_array_length(ndr, &r->user), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_user_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->user, length_user_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_user_0, 0); } } @@ -18452,8 +18899,11 @@ static enum ndr_err_code ndr_pull_spoolss_UserLevel(struct ndr_pull *ndr, int nd int level; uint32_t _level; TALLOC_CTX *_mem_save_level1_0; + uint32_t _ptr_level1; TALLOC_CTX *_mem_save_level2_0; + uint32_t _ptr_level2; TALLOC_CTX *_mem_save_level3_0; + uint32_t _ptr_level3; level = ndr_pull_get_switch_value(ndr, r); if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &_level)); @@ -18462,7 +18912,6 @@ static enum ndr_err_code ndr_pull_spoolss_UserLevel(struct ndr_pull *ndr, int nd } switch (level) { case 1: { - uint32_t _ptr_level1; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_level1)); if (_ptr_level1) { NDR_PULL_ALLOC(ndr, r->level1); @@ -18472,7 +18921,6 @@ static enum ndr_err_code ndr_pull_spoolss_UserLevel(struct ndr_pull *ndr, int nd break; } case 2: { - uint32_t _ptr_level2; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_level2)); if (_ptr_level2) { NDR_PULL_ALLOC(ndr, r->level2); @@ -18482,7 +18930,6 @@ static enum ndr_err_code ndr_pull_spoolss_UserLevel(struct ndr_pull *ndr, int nd break; } case 3: { - uint32_t _ptr_level3; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_level3)); if (_ptr_level3) { NDR_PULL_ALLOC(ndr, r->level3); @@ -18968,20 +19415,34 @@ _PUBLIC_ enum ndr_err_code ndr_push_spoolss_PortData1(struct ndr_push *ndr, int _PUBLIC_ enum ndr_err_code ndr_pull_spoolss_PortData1(struct ndr_pull *ndr, int ndr_flags, struct spoolss_PortData1 *r) { + uint32_t size_portname_0 = 0; + uint32_t size_hostaddress_0 = 0; + uint32_t size_snmpcommunity_0 = 0; + uint32_t size_queue_0 = 0; + uint32_t size_ip_address_0 = 0; + uint32_t size_hardware_address_0 = 0; + uint32_t size_device_type_0 = 0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->portname, 64, sizeof(uint16_t), CH_UTF16)); + size_portname_0 = 64; + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->portname, size_portname_0, sizeof(uint16_t), CH_UTF16)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->version)); NDR_CHECK(ndr_pull_spoolss_PortProtocol(ndr, NDR_SCALARS, &r->protocol)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->size)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->reserved)); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->hostaddress, 49, sizeof(uint16_t), CH_UTF16)); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->snmpcommunity, 33, sizeof(uint16_t), CH_UTF16)); + size_hostaddress_0 = 49; + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->hostaddress, size_hostaddress_0, sizeof(uint16_t), CH_UTF16)); + size_snmpcommunity_0 = 33; + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->snmpcommunity, size_snmpcommunity_0, sizeof(uint16_t), CH_UTF16)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->dblspool)); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->queue, 33, sizeof(uint16_t), CH_UTF16)); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->ip_address, 16, sizeof(uint16_t), CH_UTF16)); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->hardware_address, 13, sizeof(uint16_t), CH_UTF16)); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->device_type, 257, sizeof(uint16_t), CH_UTF16)); + size_queue_0 = 33; + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->queue, size_queue_0, sizeof(uint16_t), CH_UTF16)); + size_ip_address_0 = 16; + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->ip_address, size_ip_address_0, sizeof(uint16_t), CH_UTF16)); + size_hardware_address_0 = 13; + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->hardware_address, size_hardware_address_0, sizeof(uint16_t), CH_UTF16)); + size_device_type_0 = 257; + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->device_type, size_device_type_0, sizeof(uint16_t), CH_UTF16)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->port_number)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->snmp_enabled)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->snmp_dev_index)); @@ -19039,18 +19500,28 @@ _PUBLIC_ enum ndr_err_code ndr_push_spoolss_PortData2(struct ndr_push *ndr, int _PUBLIC_ enum ndr_err_code ndr_pull_spoolss_PortData2(struct ndr_pull *ndr, int ndr_flags, struct spoolss_PortData2 *r) { + uint32_t size_portname_0 = 0; + uint32_t size_hostaddress_0 = 0; + uint32_t size_snmpcommunity_0 = 0; + uint32_t size_queue_0 = 0; + uint32_t size_device_type_0 = 0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->portname, 64, sizeof(uint16_t), CH_UTF16)); + size_portname_0 = 64; + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->portname, size_portname_0, sizeof(uint16_t), CH_UTF16)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->version)); NDR_CHECK(ndr_pull_spoolss_PortProtocol(ndr, NDR_SCALARS, &r->protocol)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->size)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->reserved)); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->hostaddress, 128, sizeof(uint16_t), CH_UTF16)); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->snmpcommunity, 33, sizeof(uint16_t), CH_UTF16)); + size_hostaddress_0 = 128; + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->hostaddress, size_hostaddress_0, sizeof(uint16_t), CH_UTF16)); + size_snmpcommunity_0 = 33; + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->snmpcommunity, size_snmpcommunity_0, sizeof(uint16_t), CH_UTF16)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->dblspool)); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->queue, 33, sizeof(uint16_t), CH_UTF16)); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->device_type, 257, sizeof(uint16_t), CH_UTF16)); + size_queue_0 = 33; + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->queue, size_queue_0, sizeof(uint16_t), CH_UTF16)); + size_device_type_0 = 257; + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->device_type, size_device_type_0, sizeof(uint16_t), CH_UTF16)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->port_number)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->snmp_enabled)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->snmp_dev_index)); @@ -19190,6 +19661,8 @@ _PUBLIC_ enum ndr_err_code ndr_push__spoolss_EnumPrinters(struct ndr_push *ndr, _PUBLIC_ enum ndr_err_code ndr_pull__spoolss_EnumPrinters(struct ndr_pull *ndr, int flags, struct _spoolss_EnumPrinters *r) { uint32_t _ptr_server; + uint32_t size_server_1 = 0; + uint32_t length_server_1 = 0; uint32_t _ptr_buffer; uint32_t _ptr_info; TALLOC_CTX *_mem_save_server_0; @@ -19212,11 +19685,13 @@ _PUBLIC_ enum ndr_err_code ndr_pull__spoolss_EnumPrinters(struct ndr_pull *ndr, NDR_PULL_SET_MEM_CTX(ndr, r->in.server, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.server)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.server)); - if (ndr_get_array_length(ndr, &r->in.server) > ndr_get_array_size(ndr, &r->in.server)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.server), ndr_get_array_length(ndr, &r->in.server)); + size_server_1 = ndr_get_array_size(ndr, &r->in.server); + length_server_1 = ndr_get_array_length(ndr, &r->in.server); + if (length_server_1 > size_server_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_1, length_server_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.server), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server, ndr_get_array_length(ndr, &r->in.server), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server, length_server_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_0, 0); } NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.level)); @@ -19291,6 +19766,7 @@ _PUBLIC_ enum ndr_err_code ndr_push___spoolss_EnumPrinters(struct ndr_push *ndr, _PUBLIC_ enum ndr_err_code ndr_pull___spoolss_EnumPrinters(struct ndr_pull *ndr, int flags, struct __spoolss_EnumPrinters *r) { + uint32_t size_info_0 = 0; uint32_t cntr_info_0; TALLOC_CTX *_mem_save_info_0; if (flags & NDR_IN) { @@ -19300,14 +19776,15 @@ _PUBLIC_ enum ndr_err_code ndr_pull___spoolss_EnumPrinters(struct ndr_pull *ndr, NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.count)); } if (flags & NDR_OUT) { - NDR_PULL_ALLOC_N(ndr, r->out.info, r->in.count); + size_info_0 = r->in.count; + NDR_PULL_ALLOC_N(ndr, r->out.info, size_info_0); _mem_save_info_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->out.info, 0); - for (cntr_info_0 = 0; cntr_info_0 < r->in.count; cntr_info_0++) { + for (cntr_info_0 = 0; cntr_info_0 < size_info_0; cntr_info_0++) { NDR_CHECK(ndr_pull_set_switch_value(ndr, &r->out.info[cntr_info_0], r->in.level)); NDR_CHECK(ndr_pull_spoolss_PrinterInfo(ndr, NDR_SCALARS, &r->out.info[cntr_info_0])); } - for (cntr_info_0 = 0; cntr_info_0 < r->in.count; cntr_info_0++) { + for (cntr_info_0 = 0; cntr_info_0 < size_info_0; cntr_info_0++) { NDR_CHECK(ndr_pull_spoolss_PrinterInfo(ndr, NDR_BUFFERS, &r->out.info[cntr_info_0])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_info_0, 0); @@ -19412,7 +19889,11 @@ _PUBLIC_ enum ndr_err_code ndr_push_spoolss_OpenPrinter(struct ndr_push *ndr, in _PUBLIC_ enum ndr_err_code ndr_pull_spoolss_OpenPrinter(struct ndr_pull *ndr, int flags, struct spoolss_OpenPrinter *r) { uint32_t _ptr_printername; + uint32_t size_printername_1 = 0; + uint32_t length_printername_1 = 0; uint32_t _ptr_datatype; + uint32_t size_datatype_1 = 0; + uint32_t length_datatype_1 = 0; TALLOC_CTX *_mem_save_printername_0; TALLOC_CTX *_mem_save_datatype_0; TALLOC_CTX *_mem_save_handle_0; @@ -19430,11 +19911,13 @@ _PUBLIC_ enum ndr_err_code ndr_pull_spoolss_OpenPrinter(struct ndr_pull *ndr, in NDR_PULL_SET_MEM_CTX(ndr, r->in.printername, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.printername)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.printername)); - if (ndr_get_array_length(ndr, &r->in.printername) > ndr_get_array_size(ndr, &r->in.printername)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.printername), ndr_get_array_length(ndr, &r->in.printername)); + size_printername_1 = ndr_get_array_size(ndr, &r->in.printername); + length_printername_1 = ndr_get_array_length(ndr, &r->in.printername); + if (length_printername_1 > size_printername_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_printername_1, length_printername_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.printername), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.printername, ndr_get_array_length(ndr, &r->in.printername), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_printername_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.printername, length_printername_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_printername_0, 0); } NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_datatype)); @@ -19448,11 +19931,13 @@ _PUBLIC_ enum ndr_err_code ndr_pull_spoolss_OpenPrinter(struct ndr_pull *ndr, in NDR_PULL_SET_MEM_CTX(ndr, r->in.datatype, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.datatype)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.datatype)); - if (ndr_get_array_length(ndr, &r->in.datatype) > ndr_get_array_size(ndr, &r->in.datatype)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.datatype), ndr_get_array_length(ndr, &r->in.datatype)); + size_datatype_1 = ndr_get_array_size(ndr, &r->in.datatype); + length_datatype_1 = ndr_get_array_length(ndr, &r->in.datatype); + if (length_datatype_1 > size_datatype_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_datatype_1, length_datatype_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.datatype), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.datatype, ndr_get_array_length(ndr, &r->in.datatype), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_datatype_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.datatype, length_datatype_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_datatype_0, 0); } NDR_CHECK(ndr_pull_spoolss_DevmodeContainer(ndr, NDR_SCALARS|NDR_BUFFERS, &r->in.devmode_ctr)); @@ -19873,6 +20358,7 @@ _PUBLIC_ enum ndr_err_code ndr_push___spoolss_EnumJobs(struct ndr_push *ndr, int _PUBLIC_ enum ndr_err_code ndr_pull___spoolss_EnumJobs(struct ndr_pull *ndr, int flags, struct __spoolss_EnumJobs *r) { + uint32_t size_info_0 = 0; uint32_t cntr_info_0; TALLOC_CTX *_mem_save_info_0; if (flags & NDR_IN) { @@ -19882,14 +20368,15 @@ _PUBLIC_ enum ndr_err_code ndr_pull___spoolss_EnumJobs(struct ndr_pull *ndr, int NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.count)); } if (flags & NDR_OUT) { - NDR_PULL_ALLOC_N(ndr, r->out.info, r->in.count); + size_info_0 = r->in.count; + NDR_PULL_ALLOC_N(ndr, r->out.info, size_info_0); _mem_save_info_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->out.info, 0); - for (cntr_info_0 = 0; cntr_info_0 < r->in.count; cntr_info_0++) { + for (cntr_info_0 = 0; cntr_info_0 < size_info_0; cntr_info_0++) { NDR_CHECK(ndr_pull_set_switch_value(ndr, &r->out.info[cntr_info_0], r->in.level)); NDR_CHECK(ndr_pull_spoolss_JobInfo(ndr, NDR_SCALARS, &r->out.info[cntr_info_0])); } - for (cntr_info_0 = 0; cntr_info_0 < r->in.count; cntr_info_0++) { + for (cntr_info_0 = 0; cntr_info_0 < size_info_0; cntr_info_0++) { NDR_CHECK(ndr_pull_spoolss_JobInfo(ndr, NDR_BUFFERS, &r->out.info[cntr_info_0])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_info_0, 0); @@ -20334,6 +20821,8 @@ static enum ndr_err_code ndr_push_spoolss_AddPrinterDriver(struct ndr_push *ndr, static enum ndr_err_code ndr_pull_spoolss_AddPrinterDriver(struct ndr_pull *ndr, int flags, struct spoolss_AddPrinterDriver *r) { uint32_t _ptr_servername; + uint32_t size_servername_1 = 0; + uint32_t length_servername_1 = 0; TALLOC_CTX *_mem_save_servername_0; TALLOC_CTX *_mem_save_info_ctr_0; if (flags & NDR_IN) { @@ -20348,11 +20837,13 @@ static enum ndr_err_code ndr_pull_spoolss_AddPrinterDriver(struct ndr_pull *ndr, NDR_PULL_SET_MEM_CTX(ndr, r->in.servername, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.servername)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.servername)); - if (ndr_get_array_length(ndr, &r->in.servername) > ndr_get_array_size(ndr, &r->in.servername)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.servername), ndr_get_array_length(ndr, &r->in.servername)); + size_servername_1 = ndr_get_array_size(ndr, &r->in.servername); + length_servername_1 = ndr_get_array_length(ndr, &r->in.servername); + if (length_servername_1 > size_servername_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_servername_1, length_servername_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.servername), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.servername, ndr_get_array_length(ndr, &r->in.servername), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_servername_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.servername, length_servername_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_servername_0, 0); } if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) { @@ -20445,7 +20936,11 @@ _PUBLIC_ enum ndr_err_code ndr_push__spoolss_EnumPrinterDrivers(struct ndr_push _PUBLIC_ enum ndr_err_code ndr_pull__spoolss_EnumPrinterDrivers(struct ndr_pull *ndr, int flags, struct _spoolss_EnumPrinterDrivers *r) { uint32_t _ptr_server; + uint32_t size_server_1 = 0; + uint32_t length_server_1 = 0; uint32_t _ptr_environment; + uint32_t size_environment_1 = 0; + uint32_t length_environment_1 = 0; uint32_t _ptr_buffer; uint32_t _ptr_info; TALLOC_CTX *_mem_save_server_0; @@ -20468,11 +20963,13 @@ _PUBLIC_ enum ndr_err_code ndr_pull__spoolss_EnumPrinterDrivers(struct ndr_pull NDR_PULL_SET_MEM_CTX(ndr, r->in.server, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.server)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.server)); - if (ndr_get_array_length(ndr, &r->in.server) > ndr_get_array_size(ndr, &r->in.server)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.server), ndr_get_array_length(ndr, &r->in.server)); + size_server_1 = ndr_get_array_size(ndr, &r->in.server); + length_server_1 = ndr_get_array_length(ndr, &r->in.server); + if (length_server_1 > size_server_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_1, length_server_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.server), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server, ndr_get_array_length(ndr, &r->in.server), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server, length_server_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_0, 0); } NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_environment)); @@ -20486,11 +20983,13 @@ _PUBLIC_ enum ndr_err_code ndr_pull__spoolss_EnumPrinterDrivers(struct ndr_pull NDR_PULL_SET_MEM_CTX(ndr, r->in.environment, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.environment)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.environment)); - if (ndr_get_array_length(ndr, &r->in.environment) > ndr_get_array_size(ndr, &r->in.environment)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.environment), ndr_get_array_length(ndr, &r->in.environment)); + size_environment_1 = ndr_get_array_size(ndr, &r->in.environment); + length_environment_1 = ndr_get_array_length(ndr, &r->in.environment); + if (length_environment_1 > size_environment_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_environment_1, length_environment_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.environment), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.environment, ndr_get_array_length(ndr, &r->in.environment), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_environment_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.environment, length_environment_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_environment_0, 0); } NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.level)); @@ -20565,6 +21064,7 @@ _PUBLIC_ enum ndr_err_code ndr_push___spoolss_EnumPrinterDrivers(struct ndr_push _PUBLIC_ enum ndr_err_code ndr_pull___spoolss_EnumPrinterDrivers(struct ndr_pull *ndr, int flags, struct __spoolss_EnumPrinterDrivers *r) { + uint32_t size_info_0 = 0; uint32_t cntr_info_0; TALLOC_CTX *_mem_save_info_0; if (flags & NDR_IN) { @@ -20574,14 +21074,15 @@ _PUBLIC_ enum ndr_err_code ndr_pull___spoolss_EnumPrinterDrivers(struct ndr_pull NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.count)); } if (flags & NDR_OUT) { - NDR_PULL_ALLOC_N(ndr, r->out.info, r->in.count); + size_info_0 = r->in.count; + NDR_PULL_ALLOC_N(ndr, r->out.info, size_info_0); _mem_save_info_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->out.info, 0); - for (cntr_info_0 = 0; cntr_info_0 < r->in.count; cntr_info_0++) { + for (cntr_info_0 = 0; cntr_info_0 < size_info_0; cntr_info_0++) { NDR_CHECK(ndr_pull_set_switch_value(ndr, &r->out.info[cntr_info_0], r->in.level)); NDR_CHECK(ndr_pull_spoolss_DriverInfo(ndr, NDR_SCALARS, &r->out.info[cntr_info_0])); } - for (cntr_info_0 = 0; cntr_info_0 < r->in.count; cntr_info_0++) { + for (cntr_info_0 = 0; cntr_info_0 < size_info_0; cntr_info_0++) { NDR_CHECK(ndr_pull_spoolss_DriverInfo(ndr, NDR_BUFFERS, &r->out.info[cntr_info_0])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_info_0, 0); @@ -20746,7 +21247,11 @@ _PUBLIC_ enum ndr_err_code ndr_push_spoolss_GetPrinterDriverDirectory(struct ndr _PUBLIC_ enum ndr_err_code ndr_pull_spoolss_GetPrinterDriverDirectory(struct ndr_pull *ndr, int flags, struct spoolss_GetPrinterDriverDirectory *r) { uint32_t _ptr_server; + uint32_t size_server_1 = 0; + uint32_t length_server_1 = 0; uint32_t _ptr_environment; + uint32_t size_environment_1 = 0; + uint32_t length_environment_1 = 0; uint32_t _ptr_buffer; uint32_t _ptr_info; TALLOC_CTX *_mem_save_server_0; @@ -20768,11 +21273,13 @@ _PUBLIC_ enum ndr_err_code ndr_pull_spoolss_GetPrinterDriverDirectory(struct ndr NDR_PULL_SET_MEM_CTX(ndr, r->in.server, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.server)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.server)); - if (ndr_get_array_length(ndr, &r->in.server) > ndr_get_array_size(ndr, &r->in.server)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.server), ndr_get_array_length(ndr, &r->in.server)); + size_server_1 = ndr_get_array_size(ndr, &r->in.server); + length_server_1 = ndr_get_array_length(ndr, &r->in.server); + if (length_server_1 > size_server_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_1, length_server_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.server), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server, ndr_get_array_length(ndr, &r->in.server), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server, length_server_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_0, 0); } NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_environment)); @@ -20786,11 +21293,13 @@ _PUBLIC_ enum ndr_err_code ndr_pull_spoolss_GetPrinterDriverDirectory(struct ndr NDR_PULL_SET_MEM_CTX(ndr, r->in.environment, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.environment)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.environment)); - if (ndr_get_array_length(ndr, &r->in.environment) > ndr_get_array_size(ndr, &r->in.environment)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.environment), ndr_get_array_length(ndr, &r->in.environment)); + size_environment_1 = ndr_get_array_size(ndr, &r->in.environment); + length_environment_1 = ndr_get_array_length(ndr, &r->in.environment); + if (length_environment_1 > size_environment_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_environment_1, length_environment_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.environment), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.environment, ndr_get_array_length(ndr, &r->in.environment), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_environment_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.environment, length_environment_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_environment_0, 0); } NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.level)); @@ -20921,6 +21430,12 @@ static enum ndr_err_code ndr_push_spoolss_DeletePrinterDriver(struct ndr_push *n static enum ndr_err_code ndr_pull_spoolss_DeletePrinterDriver(struct ndr_pull *ndr, int flags, struct spoolss_DeletePrinterDriver *r) { uint32_t _ptr_server; + uint32_t size_server_1 = 0; + uint32_t length_server_1 = 0; + uint32_t size_architecture_0 = 0; + uint32_t length_architecture_0 = 0; + uint32_t size_driver_0 = 0; + uint32_t length_driver_0 = 0; TALLOC_CTX *_mem_save_server_0; if (flags & NDR_IN) { NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_server)); @@ -20934,27 +21449,33 @@ static enum ndr_err_code ndr_pull_spoolss_DeletePrinterDriver(struct ndr_pull *n NDR_PULL_SET_MEM_CTX(ndr, r->in.server, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.server)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.server)); - if (ndr_get_array_length(ndr, &r->in.server) > ndr_get_array_size(ndr, &r->in.server)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.server), ndr_get_array_length(ndr, &r->in.server)); + size_server_1 = ndr_get_array_size(ndr, &r->in.server); + length_server_1 = ndr_get_array_length(ndr, &r->in.server); + if (length_server_1 > size_server_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_1, length_server_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.server), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server, ndr_get_array_length(ndr, &r->in.server), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server, length_server_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_0, 0); } NDR_CHECK(ndr_pull_array_size(ndr, &r->in.architecture)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.architecture)); - if (ndr_get_array_length(ndr, &r->in.architecture) > ndr_get_array_size(ndr, &r->in.architecture)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.architecture), ndr_get_array_length(ndr, &r->in.architecture)); + size_architecture_0 = ndr_get_array_size(ndr, &r->in.architecture); + length_architecture_0 = ndr_get_array_length(ndr, &r->in.architecture); + if (length_architecture_0 > size_architecture_0) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_architecture_0, length_architecture_0); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.architecture), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.architecture, ndr_get_array_length(ndr, &r->in.architecture), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_architecture_0, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.architecture, length_architecture_0, sizeof(uint16_t), CH_UTF16)); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.driver)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.driver)); - if (ndr_get_array_length(ndr, &r->in.driver) > ndr_get_array_size(ndr, &r->in.driver)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.driver), ndr_get_array_length(ndr, &r->in.driver)); + size_driver_0 = ndr_get_array_size(ndr, &r->in.driver); + length_driver_0 = ndr_get_array_length(ndr, &r->in.driver); + if (length_driver_0 > size_driver_0) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_driver_0, length_driver_0); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.driver), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.driver, ndr_get_array_length(ndr, &r->in.driver), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_driver_0, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.driver, length_driver_0, sizeof(uint16_t), CH_UTF16)); } if (flags & NDR_OUT) { NDR_CHECK(ndr_pull_WERROR(ndr, NDR_SCALARS, &r->out.result)); @@ -21023,6 +21544,14 @@ static enum ndr_err_code ndr_push_spoolss_AddPrintProcessor(struct ndr_push *ndr static enum ndr_err_code ndr_pull_spoolss_AddPrintProcessor(struct ndr_pull *ndr, int flags, struct spoolss_AddPrintProcessor *r) { uint32_t _ptr_server; + uint32_t size_server_1 = 0; + uint32_t length_server_1 = 0; + uint32_t size_architecture_0 = 0; + uint32_t length_architecture_0 = 0; + uint32_t size_path_name_0 = 0; + uint32_t length_path_name_0 = 0; + uint32_t size_print_processor_name_0 = 0; + uint32_t length_print_processor_name_0 = 0; TALLOC_CTX *_mem_save_server_0; if (flags & NDR_IN) { NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_server)); @@ -21036,34 +21565,42 @@ static enum ndr_err_code ndr_pull_spoolss_AddPrintProcessor(struct ndr_pull *ndr NDR_PULL_SET_MEM_CTX(ndr, r->in.server, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.server)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.server)); - if (ndr_get_array_length(ndr, &r->in.server) > ndr_get_array_size(ndr, &r->in.server)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.server), ndr_get_array_length(ndr, &r->in.server)); + size_server_1 = ndr_get_array_size(ndr, &r->in.server); + length_server_1 = ndr_get_array_length(ndr, &r->in.server); + if (length_server_1 > size_server_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_1, length_server_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.server), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server, ndr_get_array_length(ndr, &r->in.server), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server, length_server_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_0, 0); } NDR_CHECK(ndr_pull_array_size(ndr, &r->in.architecture)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.architecture)); - if (ndr_get_array_length(ndr, &r->in.architecture) > ndr_get_array_size(ndr, &r->in.architecture)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.architecture), ndr_get_array_length(ndr, &r->in.architecture)); + size_architecture_0 = ndr_get_array_size(ndr, &r->in.architecture); + length_architecture_0 = ndr_get_array_length(ndr, &r->in.architecture); + if (length_architecture_0 > size_architecture_0) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_architecture_0, length_architecture_0); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.architecture), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.architecture, ndr_get_array_length(ndr, &r->in.architecture), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_architecture_0, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.architecture, length_architecture_0, sizeof(uint16_t), CH_UTF16)); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.path_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.path_name)); - if (ndr_get_array_length(ndr, &r->in.path_name) > ndr_get_array_size(ndr, &r->in.path_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.path_name), ndr_get_array_length(ndr, &r->in.path_name)); + size_path_name_0 = ndr_get_array_size(ndr, &r->in.path_name); + length_path_name_0 = ndr_get_array_length(ndr, &r->in.path_name); + if (length_path_name_0 > size_path_name_0) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_path_name_0, length_path_name_0); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.path_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.path_name, ndr_get_array_length(ndr, &r->in.path_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_path_name_0, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.path_name, length_path_name_0, sizeof(uint16_t), CH_UTF16)); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.print_processor_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.print_processor_name)); - if (ndr_get_array_length(ndr, &r->in.print_processor_name) > ndr_get_array_size(ndr, &r->in.print_processor_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.print_processor_name), ndr_get_array_length(ndr, &r->in.print_processor_name)); + size_print_processor_name_0 = ndr_get_array_size(ndr, &r->in.print_processor_name); + length_print_processor_name_0 = ndr_get_array_length(ndr, &r->in.print_processor_name); + if (length_print_processor_name_0 > size_print_processor_name_0) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_print_processor_name_0, length_print_processor_name_0); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.print_processor_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.print_processor_name, ndr_get_array_length(ndr, &r->in.print_processor_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_print_processor_name_0, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.print_processor_name, length_print_processor_name_0, sizeof(uint16_t), CH_UTF16)); } if (flags & NDR_OUT) { NDR_CHECK(ndr_pull_WERROR(ndr, NDR_SCALARS, &r->out.result)); @@ -21146,7 +21683,11 @@ _PUBLIC_ enum ndr_err_code ndr_push__spoolss_EnumPrintProcessors(struct ndr_push _PUBLIC_ enum ndr_err_code ndr_pull__spoolss_EnumPrintProcessors(struct ndr_pull *ndr, int flags, struct _spoolss_EnumPrintProcessors *r) { uint32_t _ptr_servername; + uint32_t size_servername_1 = 0; + uint32_t length_servername_1 = 0; uint32_t _ptr_environment; + uint32_t size_environment_1 = 0; + uint32_t length_environment_1 = 0; uint32_t _ptr_buffer; uint32_t _ptr_info; TALLOC_CTX *_mem_save_servername_0; @@ -21169,11 +21710,13 @@ _PUBLIC_ enum ndr_err_code ndr_pull__spoolss_EnumPrintProcessors(struct ndr_pull NDR_PULL_SET_MEM_CTX(ndr, r->in.servername, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.servername)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.servername)); - if (ndr_get_array_length(ndr, &r->in.servername) > ndr_get_array_size(ndr, &r->in.servername)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.servername), ndr_get_array_length(ndr, &r->in.servername)); + size_servername_1 = ndr_get_array_size(ndr, &r->in.servername); + length_servername_1 = ndr_get_array_length(ndr, &r->in.servername); + if (length_servername_1 > size_servername_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_servername_1, length_servername_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.servername), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.servername, ndr_get_array_length(ndr, &r->in.servername), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_servername_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.servername, length_servername_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_servername_0, 0); } NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_environment)); @@ -21187,11 +21730,13 @@ _PUBLIC_ enum ndr_err_code ndr_pull__spoolss_EnumPrintProcessors(struct ndr_pull NDR_PULL_SET_MEM_CTX(ndr, r->in.environment, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.environment)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.environment)); - if (ndr_get_array_length(ndr, &r->in.environment) > ndr_get_array_size(ndr, &r->in.environment)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.environment), ndr_get_array_length(ndr, &r->in.environment)); + size_environment_1 = ndr_get_array_size(ndr, &r->in.environment); + length_environment_1 = ndr_get_array_length(ndr, &r->in.environment); + if (length_environment_1 > size_environment_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_environment_1, length_environment_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.environment), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.environment, ndr_get_array_length(ndr, &r->in.environment), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_environment_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.environment, length_environment_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_environment_0, 0); } NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.level)); @@ -21266,6 +21811,7 @@ _PUBLIC_ enum ndr_err_code ndr_push___spoolss_EnumPrintProcessors(struct ndr_pus _PUBLIC_ enum ndr_err_code ndr_pull___spoolss_EnumPrintProcessors(struct ndr_pull *ndr, int flags, struct __spoolss_EnumPrintProcessors *r) { + uint32_t size_info_0 = 0; uint32_t cntr_info_0; TALLOC_CTX *_mem_save_info_0; if (flags & NDR_IN) { @@ -21275,14 +21821,15 @@ _PUBLIC_ enum ndr_err_code ndr_pull___spoolss_EnumPrintProcessors(struct ndr_pul NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.count)); } if (flags & NDR_OUT) { - NDR_PULL_ALLOC_N(ndr, r->out.info, r->in.count); + size_info_0 = r->in.count; + NDR_PULL_ALLOC_N(ndr, r->out.info, size_info_0); _mem_save_info_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->out.info, 0); - for (cntr_info_0 = 0; cntr_info_0 < r->in.count; cntr_info_0++) { + for (cntr_info_0 = 0; cntr_info_0 < size_info_0; cntr_info_0++) { NDR_CHECK(ndr_pull_set_switch_value(ndr, &r->out.info[cntr_info_0], r->in.level)); NDR_CHECK(ndr_pull_spoolss_PrintProcessorInfo(ndr, NDR_SCALARS, &r->out.info[cntr_info_0])); } - for (cntr_info_0 = 0; cntr_info_0 < r->in.count; cntr_info_0++) { + for (cntr_info_0 = 0; cntr_info_0 < size_info_0; cntr_info_0++) { NDR_CHECK(ndr_pull_spoolss_PrintProcessorInfo(ndr, NDR_BUFFERS, &r->out.info[cntr_info_0])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_info_0, 0); @@ -21406,7 +21953,11 @@ static enum ndr_err_code ndr_push_spoolss_GetPrintProcessorDirectory(struct ndr_ static enum ndr_err_code ndr_pull_spoolss_GetPrintProcessorDirectory(struct ndr_pull *ndr, int flags, struct spoolss_GetPrintProcessorDirectory *r) { uint32_t _ptr_server; + uint32_t size_server_1 = 0; + uint32_t length_server_1 = 0; uint32_t _ptr_environment; + uint32_t size_environment_1 = 0; + uint32_t length_environment_1 = 0; uint32_t _ptr_buffer; uint32_t _ptr_info; TALLOC_CTX *_mem_save_server_0; @@ -21428,11 +21979,13 @@ static enum ndr_err_code ndr_pull_spoolss_GetPrintProcessorDirectory(struct ndr_ NDR_PULL_SET_MEM_CTX(ndr, r->in.server, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.server)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.server)); - if (ndr_get_array_length(ndr, &r->in.server) > ndr_get_array_size(ndr, &r->in.server)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.server), ndr_get_array_length(ndr, &r->in.server)); + size_server_1 = ndr_get_array_size(ndr, &r->in.server); + length_server_1 = ndr_get_array_length(ndr, &r->in.server); + if (length_server_1 > size_server_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_1, length_server_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.server), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server, ndr_get_array_length(ndr, &r->in.server), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server, length_server_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_0, 0); } NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_environment)); @@ -21446,11 +21999,13 @@ static enum ndr_err_code ndr_pull_spoolss_GetPrintProcessorDirectory(struct ndr_ NDR_PULL_SET_MEM_CTX(ndr, r->in.environment, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.environment)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.environment)); - if (ndr_get_array_length(ndr, &r->in.environment) > ndr_get_array_size(ndr, &r->in.environment)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.environment), ndr_get_array_length(ndr, &r->in.environment)); + size_environment_1 = ndr_get_array_size(ndr, &r->in.environment); + length_environment_1 = ndr_get_array_length(ndr, &r->in.environment); + if (length_environment_1 > size_environment_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_environment_1, length_environment_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.environment), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.environment, ndr_get_array_length(ndr, &r->in.environment), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_environment_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.environment, length_environment_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_environment_0, 0); } NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.level)); @@ -21919,6 +22474,7 @@ static enum ndr_err_code ndr_push_spoolss_ReadPrinter(struct ndr_push *ndr, int static enum ndr_err_code ndr_pull_spoolss_ReadPrinter(struct ndr_pull *ndr, int flags, struct spoolss_ReadPrinter *r) { + uint32_t size_data_1 = 0; TALLOC_CTX *_mem_save_handle_0; TALLOC_CTX *_mem_save__data_size_0; if (flags & NDR_IN) { @@ -21939,10 +22495,11 @@ static enum ndr_err_code ndr_pull_spoolss_ReadPrinter(struct ndr_pull *ndr, int } if (flags & NDR_OUT) { NDR_CHECK(ndr_pull_array_size(ndr, &r->out.data)); + size_data_1 = ndr_get_array_size(ndr, &r->out.data); if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) { - NDR_PULL_ALLOC_N(ndr, r->out.data, ndr_get_array_size(ndr, &r->out.data)); + NDR_PULL_ALLOC_N(ndr, r->out.data, size_data_1); } - NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->out.data, ndr_get_array_size(ndr, &r->out.data))); + NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->out.data, size_data_1)); if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) { NDR_PULL_ALLOC(ndr, r->out._data_size); } @@ -22082,6 +22639,7 @@ static enum ndr_err_code ndr_push_spoolss_AddJob(struct ndr_push *ndr, int flags static enum ndr_err_code ndr_pull_spoolss_AddJob(struct ndr_pull *ndr, int flags, struct spoolss_AddJob *r) { uint32_t _ptr_buffer; + uint32_t size_buffer_1 = 0; TALLOC_CTX *_mem_save_handle_0; TALLOC_CTX *_mem_save_buffer_0; TALLOC_CTX *_mem_save_needed_0; @@ -22106,8 +22664,9 @@ static enum ndr_err_code ndr_pull_spoolss_AddJob(struct ndr_pull *ndr, int flags _mem_save_buffer_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->in.buffer, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.buffer)); - NDR_PULL_ALLOC_N(ndr, r->in.buffer, ndr_get_array_size(ndr, &r->in.buffer)); - NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->in.buffer, ndr_get_array_size(ndr, &r->in.buffer))); + size_buffer_1 = ndr_get_array_size(ndr, &r->in.buffer); + NDR_PULL_ALLOC_N(ndr, r->in.buffer, size_buffer_1); + NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->in.buffer, size_buffer_1)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_buffer_0, 0); } NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.offered)); @@ -22128,8 +22687,9 @@ static enum ndr_err_code ndr_pull_spoolss_AddJob(struct ndr_pull *ndr, int flags _mem_save_buffer_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->out.buffer, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->out.buffer)); - NDR_PULL_ALLOC_N(ndr, r->out.buffer, ndr_get_array_size(ndr, &r->out.buffer)); - NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->out.buffer, ndr_get_array_size(ndr, &r->out.buffer))); + size_buffer_1 = ndr_get_array_size(ndr, &r->out.buffer); + NDR_PULL_ALLOC_N(ndr, r->out.buffer, size_buffer_1); + NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->out.buffer, size_buffer_1)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_buffer_0, 0); } if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) { @@ -22284,6 +22844,9 @@ static enum ndr_err_code ndr_push_spoolss_GetPrinterData(struct ndr_push *ndr, i static enum ndr_err_code ndr_pull_spoolss_GetPrinterData(struct ndr_pull *ndr, int flags, struct spoolss_GetPrinterData *r) { + uint32_t size_value_name_0 = 0; + uint32_t length_value_name_0 = 0; + uint32_t size_data_1 = 0; TALLOC_CTX *_mem_save_handle_0; TALLOC_CTX *_mem_save_type_0; TALLOC_CTX *_mem_save_needed_0; @@ -22299,11 +22862,13 @@ static enum ndr_err_code ndr_pull_spoolss_GetPrinterData(struct ndr_pull *ndr, i NDR_PULL_SET_MEM_CTX(ndr, _mem_save_handle_0, LIBNDR_FLAG_REF_ALLOC); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.value_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.value_name)); - if (ndr_get_array_length(ndr, &r->in.value_name) > ndr_get_array_size(ndr, &r->in.value_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.value_name), ndr_get_array_length(ndr, &r->in.value_name)); + size_value_name_0 = ndr_get_array_size(ndr, &r->in.value_name); + length_value_name_0 = ndr_get_array_length(ndr, &r->in.value_name); + if (length_value_name_0 > size_value_name_0) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_value_name_0, length_value_name_0); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.value_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.value_name, ndr_get_array_length(ndr, &r->in.value_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_value_name_0, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.value_name, length_value_name_0, sizeof(uint16_t), CH_UTF16)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.offered)); NDR_PULL_ALLOC(ndr, r->out.type); ZERO_STRUCTP(r->out.type); @@ -22321,10 +22886,11 @@ static enum ndr_err_code ndr_pull_spoolss_GetPrinterData(struct ndr_pull *ndr, i NDR_CHECK(ndr_pull_winreg_Type(ndr, NDR_SCALARS, r->out.type)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_type_0, LIBNDR_FLAG_REF_ALLOC); NDR_CHECK(ndr_pull_array_size(ndr, &r->out.data)); + size_data_1 = ndr_get_array_size(ndr, &r->out.data); if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) { - NDR_PULL_ALLOC_N(ndr, r->out.data, ndr_get_array_size(ndr, &r->out.data)); + NDR_PULL_ALLOC_N(ndr, r->out.data, size_data_1); } - NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->out.data, ndr_get_array_size(ndr, &r->out.data))); + NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->out.data, size_data_1)); if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) { NDR_PULL_ALLOC(ndr, r->out.needed); } @@ -22406,6 +22972,9 @@ static enum ndr_err_code ndr_push_spoolss_SetPrinterData(struct ndr_push *ndr, i static enum ndr_err_code ndr_pull_spoolss_SetPrinterData(struct ndr_pull *ndr, int flags, struct spoolss_SetPrinterData *r) { + uint32_t size_value_name_0 = 0; + uint32_t length_value_name_0 = 0; + uint32_t size_data_1 = 0; TALLOC_CTX *_mem_save_handle_0; if (flags & NDR_IN) { if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) { @@ -22417,17 +22986,20 @@ static enum ndr_err_code ndr_pull_spoolss_SetPrinterData(struct ndr_pull *ndr, i NDR_PULL_SET_MEM_CTX(ndr, _mem_save_handle_0, LIBNDR_FLAG_REF_ALLOC); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.value_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.value_name)); - if (ndr_get_array_length(ndr, &r->in.value_name) > ndr_get_array_size(ndr, &r->in.value_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.value_name), ndr_get_array_length(ndr, &r->in.value_name)); + size_value_name_0 = ndr_get_array_size(ndr, &r->in.value_name); + length_value_name_0 = ndr_get_array_length(ndr, &r->in.value_name); + if (length_value_name_0 > size_value_name_0) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_value_name_0, length_value_name_0); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.value_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.value_name, ndr_get_array_length(ndr, &r->in.value_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_value_name_0, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.value_name, length_value_name_0, sizeof(uint16_t), CH_UTF16)); NDR_CHECK(ndr_pull_winreg_Type(ndr, NDR_SCALARS, &r->in.type)); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.data)); + size_data_1 = ndr_get_array_size(ndr, &r->in.data); if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) { - NDR_PULL_ALLOC_N(ndr, r->in.data, ndr_get_array_size(ndr, &r->in.data)); + NDR_PULL_ALLOC_N(ndr, r->in.data, size_data_1); } - NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->in.data, ndr_get_array_size(ndr, &r->in.data))); + NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->in.data, size_data_1)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.offered)); if (r->in.data) { NDR_CHECK(ndr_check_array_size(ndr, (void*)&r->in.data, r->in.offered)); @@ -22674,6 +23246,8 @@ static enum ndr_err_code ndr_push_spoolss_DeleteForm(struct ndr_push *ndr, int f static enum ndr_err_code ndr_pull_spoolss_DeleteForm(struct ndr_pull *ndr, int flags, struct spoolss_DeleteForm *r) { + uint32_t size_form_name_0 = 0; + uint32_t length_form_name_0 = 0; TALLOC_CTX *_mem_save_handle_0; if (flags & NDR_IN) { if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) { @@ -22685,11 +23259,13 @@ static enum ndr_err_code ndr_pull_spoolss_DeleteForm(struct ndr_pull *ndr, int f NDR_PULL_SET_MEM_CTX(ndr, _mem_save_handle_0, LIBNDR_FLAG_REF_ALLOC); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.form_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.form_name)); - if (ndr_get_array_length(ndr, &r->in.form_name) > ndr_get_array_size(ndr, &r->in.form_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.form_name), ndr_get_array_length(ndr, &r->in.form_name)); + size_form_name_0 = ndr_get_array_size(ndr, &r->in.form_name); + length_form_name_0 = ndr_get_array_length(ndr, &r->in.form_name); + if (length_form_name_0 > size_form_name_0) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_form_name_0, length_form_name_0); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.form_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.form_name, ndr_get_array_length(ndr, &r->in.form_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_form_name_0, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.form_name, length_form_name_0, sizeof(uint16_t), CH_UTF16)); } if (flags & NDR_OUT) { NDR_CHECK(ndr_pull_WERROR(ndr, NDR_SCALARS, &r->out.result)); @@ -22763,6 +23339,8 @@ static enum ndr_err_code ndr_push_spoolss_GetForm(struct ndr_push *ndr, int flag static enum ndr_err_code ndr_pull_spoolss_GetForm(struct ndr_pull *ndr, int flags, struct spoolss_GetForm *r) { + uint32_t size_form_name_0 = 0; + uint32_t length_form_name_0 = 0; uint32_t _ptr_buffer; uint32_t _ptr_info; TALLOC_CTX *_mem_save_handle_0; @@ -22781,11 +23359,13 @@ static enum ndr_err_code ndr_pull_spoolss_GetForm(struct ndr_pull *ndr, int flag NDR_PULL_SET_MEM_CTX(ndr, _mem_save_handle_0, LIBNDR_FLAG_REF_ALLOC); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.form_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.form_name)); - if (ndr_get_array_length(ndr, &r->in.form_name) > ndr_get_array_size(ndr, &r->in.form_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.form_name), ndr_get_array_length(ndr, &r->in.form_name)); + size_form_name_0 = ndr_get_array_size(ndr, &r->in.form_name); + length_form_name_0 = ndr_get_array_length(ndr, &r->in.form_name); + if (length_form_name_0 > size_form_name_0) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_form_name_0, length_form_name_0); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.form_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.form_name, ndr_get_array_length(ndr, &r->in.form_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_form_name_0, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.form_name, length_form_name_0, sizeof(uint16_t), CH_UTF16)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.level)); NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_buffer)); if (_ptr_buffer) { @@ -22902,6 +23482,8 @@ static enum ndr_err_code ndr_push_spoolss_SetForm(struct ndr_push *ndr, int flag static enum ndr_err_code ndr_pull_spoolss_SetForm(struct ndr_pull *ndr, int flags, struct spoolss_SetForm *r) { + uint32_t size_form_name_0 = 0; + uint32_t length_form_name_0 = 0; TALLOC_CTX *_mem_save_handle_0; if (flags & NDR_IN) { if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) { @@ -22913,11 +23495,13 @@ static enum ndr_err_code ndr_pull_spoolss_SetForm(struct ndr_pull *ndr, int flag NDR_PULL_SET_MEM_CTX(ndr, _mem_save_handle_0, LIBNDR_FLAG_REF_ALLOC); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.form_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.form_name)); - if (ndr_get_array_length(ndr, &r->in.form_name) > ndr_get_array_size(ndr, &r->in.form_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.form_name), ndr_get_array_length(ndr, &r->in.form_name)); + size_form_name_0 = ndr_get_array_size(ndr, &r->in.form_name); + length_form_name_0 = ndr_get_array_length(ndr, &r->in.form_name); + if (length_form_name_0 > size_form_name_0) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_form_name_0, length_form_name_0); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.form_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.form_name, ndr_get_array_length(ndr, &r->in.form_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_form_name_0, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.form_name, length_form_name_0, sizeof(uint16_t), CH_UTF16)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.level)); NDR_CHECK(ndr_pull_set_switch_value(ndr, &r->in.info, r->in.level)); NDR_CHECK(ndr_pull_spoolss_AddFormInfo(ndr, NDR_SCALARS|NDR_BUFFERS, &r->in.info)); @@ -23080,6 +23664,7 @@ _PUBLIC_ enum ndr_err_code ndr_push___spoolss_EnumForms(struct ndr_push *ndr, in _PUBLIC_ enum ndr_err_code ndr_pull___spoolss_EnumForms(struct ndr_pull *ndr, int flags, struct __spoolss_EnumForms *r) { + uint32_t size_info_0 = 0; uint32_t cntr_info_0; TALLOC_CTX *_mem_save_info_0; if (flags & NDR_IN) { @@ -23089,14 +23674,15 @@ _PUBLIC_ enum ndr_err_code ndr_pull___spoolss_EnumForms(struct ndr_pull *ndr, in NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.count)); } if (flags & NDR_OUT) { - NDR_PULL_ALLOC_N(ndr, r->out.info, r->in.count); + size_info_0 = r->in.count; + NDR_PULL_ALLOC_N(ndr, r->out.info, size_info_0); _mem_save_info_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->out.info, 0); - for (cntr_info_0 = 0; cntr_info_0 < r->in.count; cntr_info_0++) { + for (cntr_info_0 = 0; cntr_info_0 < size_info_0; cntr_info_0++) { NDR_CHECK(ndr_pull_set_switch_value(ndr, &r->out.info[cntr_info_0], r->in.level)); NDR_CHECK(ndr_pull_spoolss_FormInfo(ndr, NDR_SCALARS, &r->out.info[cntr_info_0])); } - for (cntr_info_0 = 0; cntr_info_0 < r->in.count; cntr_info_0++) { + for (cntr_info_0 = 0; cntr_info_0 < size_info_0; cntr_info_0++) { NDR_CHECK(ndr_pull_spoolss_FormInfo(ndr, NDR_BUFFERS, &r->out.info[cntr_info_0])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_info_0, 0); @@ -23203,6 +23789,8 @@ _PUBLIC_ enum ndr_err_code ndr_push__spoolss_EnumPorts(struct ndr_push *ndr, int _PUBLIC_ enum ndr_err_code ndr_pull__spoolss_EnumPorts(struct ndr_pull *ndr, int flags, struct _spoolss_EnumPorts *r) { uint32_t _ptr_servername; + uint32_t size_servername_1 = 0; + uint32_t length_servername_1 = 0; uint32_t _ptr_buffer; uint32_t _ptr_info; TALLOC_CTX *_mem_save_servername_0; @@ -23224,11 +23812,13 @@ _PUBLIC_ enum ndr_err_code ndr_pull__spoolss_EnumPorts(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->in.servername, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.servername)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.servername)); - if (ndr_get_array_length(ndr, &r->in.servername) > ndr_get_array_size(ndr, &r->in.servername)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.servername), ndr_get_array_length(ndr, &r->in.servername)); + size_servername_1 = ndr_get_array_size(ndr, &r->in.servername); + length_servername_1 = ndr_get_array_length(ndr, &r->in.servername); + if (length_servername_1 > size_servername_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_servername_1, length_servername_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.servername), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.servername, ndr_get_array_length(ndr, &r->in.servername), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_servername_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.servername, length_servername_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_servername_0, 0); } NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.level)); @@ -23303,6 +23893,7 @@ _PUBLIC_ enum ndr_err_code ndr_push___spoolss_EnumPorts(struct ndr_push *ndr, in _PUBLIC_ enum ndr_err_code ndr_pull___spoolss_EnumPorts(struct ndr_pull *ndr, int flags, struct __spoolss_EnumPorts *r) { + uint32_t size_info_0 = 0; uint32_t cntr_info_0; TALLOC_CTX *_mem_save_info_0; if (flags & NDR_IN) { @@ -23312,14 +23903,15 @@ _PUBLIC_ enum ndr_err_code ndr_pull___spoolss_EnumPorts(struct ndr_pull *ndr, in NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.count)); } if (flags & NDR_OUT) { - NDR_PULL_ALLOC_N(ndr, r->out.info, r->in.count); + size_info_0 = r->in.count; + NDR_PULL_ALLOC_N(ndr, r->out.info, size_info_0); _mem_save_info_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->out.info, 0); - for (cntr_info_0 = 0; cntr_info_0 < r->in.count; cntr_info_0++) { + for (cntr_info_0 = 0; cntr_info_0 < size_info_0; cntr_info_0++) { NDR_CHECK(ndr_pull_set_switch_value(ndr, &r->out.info[cntr_info_0], r->in.level)); NDR_CHECK(ndr_pull_spoolss_PortInfo(ndr, NDR_SCALARS, &r->out.info[cntr_info_0])); } - for (cntr_info_0 = 0; cntr_info_0 < r->in.count; cntr_info_0++) { + for (cntr_info_0 = 0; cntr_info_0 < size_info_0; cntr_info_0++) { NDR_CHECK(ndr_pull_spoolss_PortInfo(ndr, NDR_BUFFERS, &r->out.info[cntr_info_0])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_info_0, 0); @@ -23428,6 +24020,8 @@ _PUBLIC_ enum ndr_err_code ndr_push__spoolss_EnumMonitors(struct ndr_push *ndr, _PUBLIC_ enum ndr_err_code ndr_pull__spoolss_EnumMonitors(struct ndr_pull *ndr, int flags, struct _spoolss_EnumMonitors *r) { uint32_t _ptr_servername; + uint32_t size_servername_1 = 0; + uint32_t length_servername_1 = 0; uint32_t _ptr_buffer; uint32_t _ptr_info; TALLOC_CTX *_mem_save_servername_0; @@ -23449,11 +24043,13 @@ _PUBLIC_ enum ndr_err_code ndr_pull__spoolss_EnumMonitors(struct ndr_pull *ndr, NDR_PULL_SET_MEM_CTX(ndr, r->in.servername, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.servername)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.servername)); - if (ndr_get_array_length(ndr, &r->in.servername) > ndr_get_array_size(ndr, &r->in.servername)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.servername), ndr_get_array_length(ndr, &r->in.servername)); + size_servername_1 = ndr_get_array_size(ndr, &r->in.servername); + length_servername_1 = ndr_get_array_length(ndr, &r->in.servername); + if (length_servername_1 > size_servername_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_servername_1, length_servername_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.servername), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.servername, ndr_get_array_length(ndr, &r->in.servername), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_servername_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.servername, length_servername_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_servername_0, 0); } NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.level)); @@ -23528,6 +24124,7 @@ _PUBLIC_ enum ndr_err_code ndr_push___spoolss_EnumMonitors(struct ndr_push *ndr, _PUBLIC_ enum ndr_err_code ndr_pull___spoolss_EnumMonitors(struct ndr_pull *ndr, int flags, struct __spoolss_EnumMonitors *r) { + uint32_t size_info_0 = 0; uint32_t cntr_info_0; TALLOC_CTX *_mem_save_info_0; if (flags & NDR_IN) { @@ -23537,14 +24134,15 @@ _PUBLIC_ enum ndr_err_code ndr_pull___spoolss_EnumMonitors(struct ndr_pull *ndr, NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.count)); } if (flags & NDR_OUT) { - NDR_PULL_ALLOC_N(ndr, r->out.info, r->in.count); + size_info_0 = r->in.count; + NDR_PULL_ALLOC_N(ndr, r->out.info, size_info_0); _mem_save_info_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->out.info, 0); - for (cntr_info_0 = 0; cntr_info_0 < r->in.count; cntr_info_0++) { + for (cntr_info_0 = 0; cntr_info_0 < size_info_0; cntr_info_0++) { NDR_CHECK(ndr_pull_set_switch_value(ndr, &r->out.info[cntr_info_0], r->in.level)); NDR_CHECK(ndr_pull_spoolss_MonitorInfo(ndr, NDR_SCALARS, &r->out.info[cntr_info_0])); } - for (cntr_info_0 = 0; cntr_info_0 < r->in.count; cntr_info_0++) { + for (cntr_info_0 = 0; cntr_info_0 < size_info_0; cntr_info_0++) { NDR_CHECK(ndr_pull_spoolss_MonitorInfo(ndr, NDR_BUFFERS, &r->out.info[cntr_info_0])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_info_0, 0); @@ -23640,6 +24238,10 @@ static enum ndr_err_code ndr_push_spoolss_AddPort(struct ndr_push *ndr, int flag static enum ndr_err_code ndr_pull_spoolss_AddPort(struct ndr_pull *ndr, int flags, struct spoolss_AddPort *r) { uint32_t _ptr_server_name; + uint32_t size_server_name_1 = 0; + uint32_t length_server_name_1 = 0; + uint32_t size_monitor_name_0 = 0; + uint32_t length_monitor_name_0 = 0; TALLOC_CTX *_mem_save_server_name_0; if (flags & NDR_IN) { NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_server_name)); @@ -23653,21 +24255,25 @@ static enum ndr_err_code ndr_pull_spoolss_AddPort(struct ndr_pull *ndr, int flag NDR_PULL_SET_MEM_CTX(ndr, r->in.server_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.server_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.server_name)); - if (ndr_get_array_length(ndr, &r->in.server_name) > ndr_get_array_size(ndr, &r->in.server_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.server_name), ndr_get_array_length(ndr, &r->in.server_name)); + size_server_name_1 = ndr_get_array_size(ndr, &r->in.server_name); + length_server_name_1 = ndr_get_array_length(ndr, &r->in.server_name); + if (length_server_name_1 > size_server_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_name_1, length_server_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.server_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_name, ndr_get_array_length(ndr, &r->in.server_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_name, length_server_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_name_0, 0); } NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.unknown)); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.monitor_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.monitor_name)); - if (ndr_get_array_length(ndr, &r->in.monitor_name) > ndr_get_array_size(ndr, &r->in.monitor_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.monitor_name), ndr_get_array_length(ndr, &r->in.monitor_name)); + size_monitor_name_0 = ndr_get_array_size(ndr, &r->in.monitor_name); + length_monitor_name_0 = ndr_get_array_length(ndr, &r->in.monitor_name); + if (length_monitor_name_0 > size_monitor_name_0) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_monitor_name_0, length_monitor_name_0); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.monitor_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.monitor_name, ndr_get_array_length(ndr, &r->in.monitor_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_monitor_name_0, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.monitor_name, length_monitor_name_0, sizeof(uint16_t), CH_UTF16)); } if (flags & NDR_OUT) { NDR_CHECK(ndr_pull_WERROR(ndr, NDR_SCALARS, &r->out.result)); @@ -24282,7 +24888,11 @@ _PUBLIC_ enum ndr_err_code ndr_push__spoolss_EnumPrintProcDataTypes(struct ndr_p _PUBLIC_ enum ndr_err_code ndr_pull__spoolss_EnumPrintProcDataTypes(struct ndr_pull *ndr, int flags, struct _spoolss_EnumPrintProcDataTypes *r) { uint32_t _ptr_servername; + uint32_t size_servername_1 = 0; + uint32_t length_servername_1 = 0; uint32_t _ptr_print_processor_name; + uint32_t size_print_processor_name_1 = 0; + uint32_t length_print_processor_name_1 = 0; uint32_t _ptr_buffer; uint32_t _ptr_info; TALLOC_CTX *_mem_save_servername_0; @@ -24305,11 +24915,13 @@ _PUBLIC_ enum ndr_err_code ndr_pull__spoolss_EnumPrintProcDataTypes(struct ndr_p NDR_PULL_SET_MEM_CTX(ndr, r->in.servername, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.servername)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.servername)); - if (ndr_get_array_length(ndr, &r->in.servername) > ndr_get_array_size(ndr, &r->in.servername)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.servername), ndr_get_array_length(ndr, &r->in.servername)); + size_servername_1 = ndr_get_array_size(ndr, &r->in.servername); + length_servername_1 = ndr_get_array_length(ndr, &r->in.servername); + if (length_servername_1 > size_servername_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_servername_1, length_servername_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.servername), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.servername, ndr_get_array_length(ndr, &r->in.servername), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_servername_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.servername, length_servername_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_servername_0, 0); } NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_print_processor_name)); @@ -24323,11 +24935,13 @@ _PUBLIC_ enum ndr_err_code ndr_pull__spoolss_EnumPrintProcDataTypes(struct ndr_p NDR_PULL_SET_MEM_CTX(ndr, r->in.print_processor_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.print_processor_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.print_processor_name)); - if (ndr_get_array_length(ndr, &r->in.print_processor_name) > ndr_get_array_size(ndr, &r->in.print_processor_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.print_processor_name), ndr_get_array_length(ndr, &r->in.print_processor_name)); + size_print_processor_name_1 = ndr_get_array_size(ndr, &r->in.print_processor_name); + length_print_processor_name_1 = ndr_get_array_length(ndr, &r->in.print_processor_name); + if (length_print_processor_name_1 > size_print_processor_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_print_processor_name_1, length_print_processor_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.print_processor_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.print_processor_name, ndr_get_array_length(ndr, &r->in.print_processor_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_print_processor_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.print_processor_name, length_print_processor_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_print_processor_name_0, 0); } NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.level)); @@ -24402,6 +25016,7 @@ _PUBLIC_ enum ndr_err_code ndr_push___spoolss_EnumPrintProcDataTypes(struct ndr_ _PUBLIC_ enum ndr_err_code ndr_pull___spoolss_EnumPrintProcDataTypes(struct ndr_pull *ndr, int flags, struct __spoolss_EnumPrintProcDataTypes *r) { + uint32_t size_info_0 = 0; uint32_t cntr_info_0; TALLOC_CTX *_mem_save_info_0; if (flags & NDR_IN) { @@ -24411,14 +25026,15 @@ _PUBLIC_ enum ndr_err_code ndr_pull___spoolss_EnumPrintProcDataTypes(struct ndr_ NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.count)); } if (flags & NDR_OUT) { - NDR_PULL_ALLOC_N(ndr, r->out.info, r->in.count); + size_info_0 = r->in.count; + NDR_PULL_ALLOC_N(ndr, r->out.info, size_info_0); _mem_save_info_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->out.info, 0); - for (cntr_info_0 = 0; cntr_info_0 < r->in.count; cntr_info_0++) { + for (cntr_info_0 = 0; cntr_info_0 < size_info_0; cntr_info_0++) { NDR_CHECK(ndr_pull_set_switch_value(ndr, &r->out.info[cntr_info_0], r->in.level)); NDR_CHECK(ndr_pull_spoolss_PrintProcDataTypesInfo(ndr, NDR_SCALARS, &r->out.info[cntr_info_0])); } - for (cntr_info_0 = 0; cntr_info_0 < r->in.count; cntr_info_0++) { + for (cntr_info_0 = 0; cntr_info_0 < size_info_0; cntr_info_0++) { NDR_CHECK(ndr_pull_spoolss_PrintProcDataTypesInfo(ndr, NDR_BUFFERS, &r->out.info[cntr_info_0])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_info_0, 0); @@ -24523,6 +25139,8 @@ static enum ndr_err_code ndr_push_spoolss_ResetPrinter(struct ndr_push *ndr, int static enum ndr_err_code ndr_pull_spoolss_ResetPrinter(struct ndr_pull *ndr, int flags, struct spoolss_ResetPrinter *r) { uint32_t _ptr_data_type; + uint32_t size_data_type_1 = 0; + uint32_t length_data_type_1 = 0; TALLOC_CTX *_mem_save_handle_0; TALLOC_CTX *_mem_save_data_type_0; TALLOC_CTX *_mem_save_devmode_ctr_0; @@ -24545,11 +25163,13 @@ static enum ndr_err_code ndr_pull_spoolss_ResetPrinter(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->in.data_type, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.data_type)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.data_type)); - if (ndr_get_array_length(ndr, &r->in.data_type) > ndr_get_array_size(ndr, &r->in.data_type)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.data_type), ndr_get_array_length(ndr, &r->in.data_type)); + size_data_type_1 = ndr_get_array_size(ndr, &r->in.data_type); + length_data_type_1 = ndr_get_array_length(ndr, &r->in.data_type); + if (length_data_type_1 > size_data_type_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_data_type_1, length_data_type_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.data_type), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.data_type, ndr_get_array_length(ndr, &r->in.data_type), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_data_type_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.data_type, length_data_type_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_data_type_0, 0); } if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) { @@ -24655,6 +25275,8 @@ static enum ndr_err_code ndr_push_spoolss_GetPrinterDriver2(struct ndr_push *ndr static enum ndr_err_code ndr_pull_spoolss_GetPrinterDriver2(struct ndr_pull *ndr, int flags, struct spoolss_GetPrinterDriver2 *r) { uint32_t _ptr_architecture; + uint32_t size_architecture_1 = 0; + uint32_t length_architecture_1 = 0; uint32_t _ptr_buffer; uint32_t _ptr_info; TALLOC_CTX *_mem_save_handle_0; @@ -24685,11 +25307,13 @@ static enum ndr_err_code ndr_pull_spoolss_GetPrinterDriver2(struct ndr_pull *ndr NDR_PULL_SET_MEM_CTX(ndr, r->in.architecture, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.architecture)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.architecture)); - if (ndr_get_array_length(ndr, &r->in.architecture) > ndr_get_array_size(ndr, &r->in.architecture)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.architecture), ndr_get_array_length(ndr, &r->in.architecture)); + size_architecture_1 = ndr_get_array_size(ndr, &r->in.architecture); + length_architecture_1 = ndr_get_array_length(ndr, &r->in.architecture); + if (length_architecture_1 > size_architecture_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_architecture_1, length_architecture_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.architecture), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.architecture, ndr_get_array_length(ndr, &r->in.architecture), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_architecture_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.architecture, length_architecture_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_architecture_0, 0); } NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.level)); @@ -25028,7 +25652,10 @@ _PUBLIC_ enum ndr_err_code ndr_push_spoolss_ReplyOpenPrinter(struct ndr_push *nd _PUBLIC_ enum ndr_err_code ndr_pull_spoolss_ReplyOpenPrinter(struct ndr_pull *ndr, int flags, struct spoolss_ReplyOpenPrinter *r) { + uint32_t size_server_name_0 = 0; + uint32_t length_server_name_0 = 0; uint32_t _ptr_buffer; + uint32_t size_buffer_1 = 0; TALLOC_CTX *_mem_save_buffer_0; TALLOC_CTX *_mem_save_handle_0; if (flags & NDR_IN) { @@ -25036,11 +25663,13 @@ _PUBLIC_ enum ndr_err_code ndr_pull_spoolss_ReplyOpenPrinter(struct ndr_pull *nd NDR_CHECK(ndr_pull_array_size(ndr, &r->in.server_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.server_name)); - if (ndr_get_array_length(ndr, &r->in.server_name) > ndr_get_array_size(ndr, &r->in.server_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.server_name), ndr_get_array_length(ndr, &r->in.server_name)); + size_server_name_0 = ndr_get_array_size(ndr, &r->in.server_name); + length_server_name_0 = ndr_get_array_length(ndr, &r->in.server_name); + if (length_server_name_0 > size_server_name_0) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_name_0, length_server_name_0); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.server_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_name, ndr_get_array_length(ndr, &r->in.server_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_name_0, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_name, length_server_name_0, sizeof(uint16_t), CH_UTF16)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.printer_local)); NDR_CHECK(ndr_pull_winreg_Type(ndr, NDR_SCALARS, &r->in.type)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.bufsize)); @@ -25057,8 +25686,9 @@ _PUBLIC_ enum ndr_err_code ndr_pull_spoolss_ReplyOpenPrinter(struct ndr_pull *nd _mem_save_buffer_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->in.buffer, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.buffer)); - NDR_PULL_ALLOC_N(ndr, r->in.buffer, ndr_get_array_size(ndr, &r->in.buffer)); - NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->in.buffer, ndr_get_array_size(ndr, &r->in.buffer))); + size_buffer_1 = ndr_get_array_size(ndr, &r->in.buffer); + NDR_PULL_ALLOC_N(ndr, r->in.buffer, size_buffer_1); + NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->in.buffer, size_buffer_1)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_buffer_0, 0); } NDR_PULL_ALLOC(ndr, r->out.handle); @@ -25139,6 +25769,7 @@ static enum ndr_err_code ndr_push_spoolss_RouterReplyPrinter(struct ndr_push *nd static enum ndr_err_code ndr_pull_spoolss_RouterReplyPrinter(struct ndr_pull *ndr, int flags, struct spoolss_RouterReplyPrinter *r) { uint32_t _ptr_buffer; + uint32_t size_buffer_1 = 0; TALLOC_CTX *_mem_save_handle_0; TALLOC_CTX *_mem_save_buffer_0; if (flags & NDR_IN) { @@ -25164,8 +25795,9 @@ static enum ndr_err_code ndr_pull_spoolss_RouterReplyPrinter(struct ndr_pull *nd _mem_save_buffer_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->in.buffer, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.buffer)); - NDR_PULL_ALLOC_N(ndr, r->in.buffer, ndr_get_array_size(ndr, &r->in.buffer)); - NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->in.buffer, ndr_get_array_size(ndr, &r->in.buffer))); + size_buffer_1 = ndr_get_array_size(ndr, &r->in.buffer); + NDR_PULL_ALLOC_N(ndr, r->in.buffer, size_buffer_1); + NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->in.buffer, size_buffer_1)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_buffer_0, 0); } if (r->in.buffer) { @@ -25482,6 +26114,8 @@ _PUBLIC_ enum ndr_err_code ndr_push_spoolss_RemoteFindFirstPrinterChangeNotifyEx _PUBLIC_ enum ndr_err_code ndr_pull_spoolss_RemoteFindFirstPrinterChangeNotifyEx(struct ndr_pull *ndr, int flags, struct spoolss_RemoteFindFirstPrinterChangeNotifyEx *r) { uint32_t _ptr_local_machine; + uint32_t size_local_machine_1 = 0; + uint32_t length_local_machine_1 = 0; uint32_t _ptr_notify_options; TALLOC_CTX *_mem_save_handle_0; TALLOC_CTX *_mem_save_local_machine_0; @@ -25507,11 +26141,13 @@ _PUBLIC_ enum ndr_err_code ndr_pull_spoolss_RemoteFindFirstPrinterChangeNotifyEx NDR_PULL_SET_MEM_CTX(ndr, r->in.local_machine, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.local_machine)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.local_machine)); - if (ndr_get_array_length(ndr, &r->in.local_machine) > ndr_get_array_size(ndr, &r->in.local_machine)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.local_machine), ndr_get_array_length(ndr, &r->in.local_machine)); + size_local_machine_1 = ndr_get_array_size(ndr, &r->in.local_machine); + length_local_machine_1 = ndr_get_array_length(ndr, &r->in.local_machine); + if (length_local_machine_1 > size_local_machine_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_local_machine_1, length_local_machine_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.local_machine), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.local_machine, ndr_get_array_length(ndr, &r->in.local_machine), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_local_machine_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.local_machine, length_local_machine_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_local_machine_0, 0); } NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.printer_local)); @@ -25868,7 +26504,11 @@ _PUBLIC_ enum ndr_err_code ndr_push_spoolss_OpenPrinterEx(struct ndr_push *ndr, _PUBLIC_ enum ndr_err_code ndr_pull_spoolss_OpenPrinterEx(struct ndr_pull *ndr, int flags, struct spoolss_OpenPrinterEx *r) { uint32_t _ptr_printername; + uint32_t size_printername_1 = 0; + uint32_t length_printername_1 = 0; uint32_t _ptr_datatype; + uint32_t size_datatype_1 = 0; + uint32_t length_datatype_1 = 0; TALLOC_CTX *_mem_save_printername_0; TALLOC_CTX *_mem_save_datatype_0; TALLOC_CTX *_mem_save_handle_0; @@ -25886,11 +26526,13 @@ _PUBLIC_ enum ndr_err_code ndr_pull_spoolss_OpenPrinterEx(struct ndr_pull *ndr, NDR_PULL_SET_MEM_CTX(ndr, r->in.printername, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.printername)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.printername)); - if (ndr_get_array_length(ndr, &r->in.printername) > ndr_get_array_size(ndr, &r->in.printername)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.printername), ndr_get_array_length(ndr, &r->in.printername)); + size_printername_1 = ndr_get_array_size(ndr, &r->in.printername); + length_printername_1 = ndr_get_array_length(ndr, &r->in.printername); + if (length_printername_1 > size_printername_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_printername_1, length_printername_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.printername), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.printername, ndr_get_array_length(ndr, &r->in.printername), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_printername_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.printername, length_printername_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_printername_0, 0); } NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_datatype)); @@ -25904,11 +26546,13 @@ _PUBLIC_ enum ndr_err_code ndr_pull_spoolss_OpenPrinterEx(struct ndr_pull *ndr, NDR_PULL_SET_MEM_CTX(ndr, r->in.datatype, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.datatype)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.datatype)); - if (ndr_get_array_length(ndr, &r->in.datatype) > ndr_get_array_size(ndr, &r->in.datatype)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.datatype), ndr_get_array_length(ndr, &r->in.datatype)); + size_datatype_1 = ndr_get_array_size(ndr, &r->in.datatype); + length_datatype_1 = ndr_get_array_length(ndr, &r->in.datatype); + if (length_datatype_1 > size_datatype_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_datatype_1, length_datatype_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.datatype), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.datatype, ndr_get_array_length(ndr, &r->in.datatype), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_datatype_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.datatype, length_datatype_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_datatype_0, 0); } NDR_CHECK(ndr_pull_spoolss_DevmodeContainer(ndr, NDR_SCALARS|NDR_BUFFERS, &r->in.devmode_ctr)); @@ -26014,6 +26658,8 @@ static enum ndr_err_code ndr_push_spoolss_AddPrinterEx(struct ndr_push *ndr, int static enum ndr_err_code ndr_pull_spoolss_AddPrinterEx(struct ndr_pull *ndr, int flags, struct spoolss_AddPrinterEx *r) { uint32_t _ptr_server; + uint32_t size_server_1 = 0; + uint32_t length_server_1 = 0; TALLOC_CTX *_mem_save_server_0; TALLOC_CTX *_mem_save_info_ctr_0; TALLOC_CTX *_mem_save_devmode_ctr_0; @@ -26034,11 +26680,13 @@ static enum ndr_err_code ndr_pull_spoolss_AddPrinterEx(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->in.server, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.server)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.server)); - if (ndr_get_array_length(ndr, &r->in.server) > ndr_get_array_size(ndr, &r->in.server)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.server), ndr_get_array_length(ndr, &r->in.server)); + size_server_1 = ndr_get_array_size(ndr, &r->in.server); + length_server_1 = ndr_get_array_length(ndr, &r->in.server); + if (length_server_1 > size_server_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_1, length_server_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.server), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server, ndr_get_array_length(ndr, &r->in.server), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server, length_server_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_0, 0); } if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) { @@ -26216,6 +26864,8 @@ static enum ndr_err_code ndr_push_spoolss_EnumPrinterData(struct ndr_push *ndr, static enum ndr_err_code ndr_pull_spoolss_EnumPrinterData(struct ndr_pull *ndr, int flags, struct spoolss_EnumPrinterData *r) { + uint32_t size_value_name_0 = 0; + uint32_t size_data_1 = 0; TALLOC_CTX *_mem_save_handle_0; TALLOC_CTX *_mem_save_value_needed_0; TALLOC_CTX *_mem_save_type_0; @@ -26244,7 +26894,8 @@ static enum ndr_err_code ndr_pull_spoolss_EnumPrinterData(struct ndr_pull *ndr, } if (flags & NDR_OUT) { NDR_CHECK(ndr_pull_array_size(ndr, &r->out.value_name)); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->out.value_name, ndr_get_array_size(ndr, &r->out.value_name), sizeof(uint16_t), CH_UTF16)); + size_value_name_0 = ndr_get_array_size(ndr, &r->out.value_name); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->out.value_name, size_value_name_0, sizeof(uint16_t), CH_UTF16)); if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) { NDR_PULL_ALLOC(ndr, r->out.value_needed); } @@ -26263,10 +26914,11 @@ static enum ndr_err_code ndr_pull_spoolss_EnumPrinterData(struct ndr_pull *ndr, uint32_t _flags_save_uint8 = ndr->flags; ndr_set_flags(&ndr->flags, LIBNDR_PRINT_ARRAY_HEX); NDR_CHECK(ndr_pull_array_size(ndr, &r->out.data)); + size_data_1 = ndr_get_array_size(ndr, &r->out.data); if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) { - NDR_PULL_ALLOC_N(ndr, r->out.data, ndr_get_array_size(ndr, &r->out.data)); + NDR_PULL_ALLOC_N(ndr, r->out.data, size_data_1); } - NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->out.data, ndr_get_array_size(ndr, &r->out.data))); + NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->out.data, size_data_1)); ndr->flags = _flags_save_uint8; } if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) { @@ -26352,6 +27004,8 @@ static enum ndr_err_code ndr_push_spoolss_DeletePrinterData(struct ndr_push *ndr static enum ndr_err_code ndr_pull_spoolss_DeletePrinterData(struct ndr_pull *ndr, int flags, struct spoolss_DeletePrinterData *r) { + uint32_t size_value_name_0 = 0; + uint32_t length_value_name_0 = 0; TALLOC_CTX *_mem_save_handle_0; if (flags & NDR_IN) { if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) { @@ -26363,11 +27017,13 @@ static enum ndr_err_code ndr_pull_spoolss_DeletePrinterData(struct ndr_pull *ndr NDR_PULL_SET_MEM_CTX(ndr, _mem_save_handle_0, LIBNDR_FLAG_REF_ALLOC); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.value_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.value_name)); - if (ndr_get_array_length(ndr, &r->in.value_name) > ndr_get_array_size(ndr, &r->in.value_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.value_name), ndr_get_array_length(ndr, &r->in.value_name)); + size_value_name_0 = ndr_get_array_size(ndr, &r->in.value_name); + length_value_name_0 = ndr_get_array_length(ndr, &r->in.value_name); + if (length_value_name_0 > size_value_name_0) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_value_name_0, length_value_name_0); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.value_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.value_name, ndr_get_array_length(ndr, &r->in.value_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_value_name_0, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.value_name, length_value_name_0, sizeof(uint16_t), CH_UTF16)); } if (flags & NDR_OUT) { NDR_CHECK(ndr_pull_WERROR(ndr, NDR_SCALARS, &r->out.result)); @@ -26555,6 +27211,11 @@ static enum ndr_err_code ndr_push_spoolss_SetPrinterDataEx(struct ndr_push *ndr, static enum ndr_err_code ndr_pull_spoolss_SetPrinterDataEx(struct ndr_pull *ndr, int flags, struct spoolss_SetPrinterDataEx *r) { + uint32_t size_key_name_0 = 0; + uint32_t length_key_name_0 = 0; + uint32_t size_value_name_0 = 0; + uint32_t length_value_name_0 = 0; + uint32_t size_data_1 = 0; TALLOC_CTX *_mem_save_handle_0; if (flags & NDR_IN) { if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) { @@ -26566,24 +27227,29 @@ static enum ndr_err_code ndr_pull_spoolss_SetPrinterDataEx(struct ndr_pull *ndr, NDR_PULL_SET_MEM_CTX(ndr, _mem_save_handle_0, LIBNDR_FLAG_REF_ALLOC); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.key_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.key_name)); - if (ndr_get_array_length(ndr, &r->in.key_name) > ndr_get_array_size(ndr, &r->in.key_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.key_name), ndr_get_array_length(ndr, &r->in.key_name)); + size_key_name_0 = ndr_get_array_size(ndr, &r->in.key_name); + length_key_name_0 = ndr_get_array_length(ndr, &r->in.key_name); + if (length_key_name_0 > size_key_name_0) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_key_name_0, length_key_name_0); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.key_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.key_name, ndr_get_array_length(ndr, &r->in.key_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_key_name_0, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.key_name, length_key_name_0, sizeof(uint16_t), CH_UTF16)); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.value_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.value_name)); - if (ndr_get_array_length(ndr, &r->in.value_name) > ndr_get_array_size(ndr, &r->in.value_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.value_name), ndr_get_array_length(ndr, &r->in.value_name)); + size_value_name_0 = ndr_get_array_size(ndr, &r->in.value_name); + length_value_name_0 = ndr_get_array_length(ndr, &r->in.value_name); + if (length_value_name_0 > size_value_name_0) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_value_name_0, length_value_name_0); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.value_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.value_name, ndr_get_array_length(ndr, &r->in.value_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_value_name_0, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.value_name, length_value_name_0, sizeof(uint16_t), CH_UTF16)); NDR_CHECK(ndr_pull_winreg_Type(ndr, NDR_SCALARS, &r->in.type)); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.data)); + size_data_1 = ndr_get_array_size(ndr, &r->in.data); if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) { - NDR_PULL_ALLOC_N(ndr, r->in.data, ndr_get_array_size(ndr, &r->in.data)); + NDR_PULL_ALLOC_N(ndr, r->in.data, size_data_1); } - NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->in.data, ndr_get_array_size(ndr, &r->in.data))); + NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->in.data, size_data_1)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.offered)); if (r->in.data) { NDR_CHECK(ndr_check_array_size(ndr, (void*)&r->in.data, r->in.offered)); @@ -26666,6 +27332,11 @@ static enum ndr_err_code ndr_push_spoolss_GetPrinterDataEx(struct ndr_push *ndr, static enum ndr_err_code ndr_pull_spoolss_GetPrinterDataEx(struct ndr_pull *ndr, int flags, struct spoolss_GetPrinterDataEx *r) { + uint32_t size_key_name_0 = 0; + uint32_t length_key_name_0 = 0; + uint32_t size_value_name_0 = 0; + uint32_t length_value_name_0 = 0; + uint32_t size_data_1 = 0; TALLOC_CTX *_mem_save_handle_0; TALLOC_CTX *_mem_save_type_0; TALLOC_CTX *_mem_save_needed_0; @@ -26681,18 +27352,22 @@ static enum ndr_err_code ndr_pull_spoolss_GetPrinterDataEx(struct ndr_pull *ndr, NDR_PULL_SET_MEM_CTX(ndr, _mem_save_handle_0, LIBNDR_FLAG_REF_ALLOC); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.key_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.key_name)); - if (ndr_get_array_length(ndr, &r->in.key_name) > ndr_get_array_size(ndr, &r->in.key_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.key_name), ndr_get_array_length(ndr, &r->in.key_name)); + size_key_name_0 = ndr_get_array_size(ndr, &r->in.key_name); + length_key_name_0 = ndr_get_array_length(ndr, &r->in.key_name); + if (length_key_name_0 > size_key_name_0) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_key_name_0, length_key_name_0); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.key_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.key_name, ndr_get_array_length(ndr, &r->in.key_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_key_name_0, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.key_name, length_key_name_0, sizeof(uint16_t), CH_UTF16)); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.value_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.value_name)); - if (ndr_get_array_length(ndr, &r->in.value_name) > ndr_get_array_size(ndr, &r->in.value_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.value_name), ndr_get_array_length(ndr, &r->in.value_name)); + size_value_name_0 = ndr_get_array_size(ndr, &r->in.value_name); + length_value_name_0 = ndr_get_array_length(ndr, &r->in.value_name); + if (length_value_name_0 > size_value_name_0) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_value_name_0, length_value_name_0); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.value_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.value_name, ndr_get_array_length(ndr, &r->in.value_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_value_name_0, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.value_name, length_value_name_0, sizeof(uint16_t), CH_UTF16)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.offered)); NDR_PULL_ALLOC(ndr, r->out.type); ZERO_STRUCTP(r->out.type); @@ -26710,10 +27385,11 @@ static enum ndr_err_code ndr_pull_spoolss_GetPrinterDataEx(struct ndr_pull *ndr, NDR_CHECK(ndr_pull_winreg_Type(ndr, NDR_SCALARS, r->out.type)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_type_0, LIBNDR_FLAG_REF_ALLOC); NDR_CHECK(ndr_pull_array_size(ndr, &r->out.data)); + size_data_1 = ndr_get_array_size(ndr, &r->out.data); if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) { - NDR_PULL_ALLOC_N(ndr, r->out.data, ndr_get_array_size(ndr, &r->out.data)); + NDR_PULL_ALLOC_N(ndr, r->out.data, size_data_1); } - NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->out.data, ndr_get_array_size(ndr, &r->out.data))); + NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->out.data, size_data_1)); if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) { NDR_PULL_ALLOC(ndr, r->out.needed); } @@ -26799,6 +27475,8 @@ _PUBLIC_ enum ndr_err_code ndr_push__spoolss_EnumPrinterDataEx(struct ndr_push * _PUBLIC_ enum ndr_err_code ndr_pull__spoolss_EnumPrinterDataEx(struct ndr_pull *ndr, int flags, struct _spoolss_EnumPrinterDataEx *r) { + uint32_t size_key_name_0 = 0; + uint32_t length_key_name_0 = 0; TALLOC_CTX *_mem_save_handle_0; TALLOC_CTX *_mem_save_needed_0; TALLOC_CTX *_mem_save_count_0; @@ -26814,11 +27492,13 @@ _PUBLIC_ enum ndr_err_code ndr_pull__spoolss_EnumPrinterDataEx(struct ndr_pull * NDR_PULL_SET_MEM_CTX(ndr, _mem_save_handle_0, LIBNDR_FLAG_REF_ALLOC); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.key_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.key_name)); - if (ndr_get_array_length(ndr, &r->in.key_name) > ndr_get_array_size(ndr, &r->in.key_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.key_name), ndr_get_array_length(ndr, &r->in.key_name)); + size_key_name_0 = ndr_get_array_size(ndr, &r->in.key_name); + length_key_name_0 = ndr_get_array_length(ndr, &r->in.key_name); + if (length_key_name_0 > size_key_name_0) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_key_name_0, length_key_name_0); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.key_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.key_name, ndr_get_array_length(ndr, &r->in.key_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_key_name_0, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.key_name, length_key_name_0, sizeof(uint16_t), CH_UTF16)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.offered)); NDR_PULL_ALLOC(ndr, r->out.needed); ZERO_STRUCTP(r->out.needed); @@ -26865,6 +27545,7 @@ _PUBLIC_ enum ndr_err_code ndr_push___spoolss_EnumPrinterDataEx(struct ndr_push _PUBLIC_ enum ndr_err_code ndr_pull___spoolss_EnumPrinterDataEx(struct ndr_pull *ndr, int flags, struct __spoolss_EnumPrinterDataEx *r) { + uint32_t size_info_0 = 0; uint32_t cntr_info_0; TALLOC_CTX *_mem_save_info_0; if (flags & NDR_IN) { @@ -26873,13 +27554,14 @@ _PUBLIC_ enum ndr_err_code ndr_pull___spoolss_EnumPrinterDataEx(struct ndr_pull NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.count)); } if (flags & NDR_OUT) { - NDR_PULL_ALLOC_N(ndr, r->out.info, r->in.count); + size_info_0 = r->in.count; + NDR_PULL_ALLOC_N(ndr, r->out.info, size_info_0); _mem_save_info_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->out.info, 0); - for (cntr_info_0 = 0; cntr_info_0 < r->in.count; cntr_info_0++) { + for (cntr_info_0 = 0; cntr_info_0 < size_info_0; cntr_info_0++) { NDR_CHECK(ndr_pull_spoolss_PrinterEnumValues(ndr, NDR_SCALARS, &r->out.info[cntr_info_0])); } - for (cntr_info_0 = 0; cntr_info_0 < r->in.count; cntr_info_0++) { + for (cntr_info_0 = 0; cntr_info_0 < size_info_0; cntr_info_0++) { NDR_CHECK(ndr_pull_spoolss_PrinterEnumValues(ndr, NDR_BUFFERS, &r->out.info[cntr_info_0])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_info_0, 0); @@ -26980,6 +27662,8 @@ _PUBLIC_ enum ndr_err_code ndr_push_spoolss_EnumPrinterKey(struct ndr_push *ndr, _PUBLIC_ enum ndr_err_code ndr_pull_spoolss_EnumPrinterKey(struct ndr_pull *ndr, int flags, struct spoolss_EnumPrinterKey *r) { + uint32_t size_key_name_0 = 0; + uint32_t length_key_name_0 = 0; TALLOC_CTX *_mem_save_handle_0; TALLOC_CTX *_mem_save__ndr_size_0; TALLOC_CTX *_mem_save_key_buffer_0; @@ -26996,11 +27680,13 @@ _PUBLIC_ enum ndr_err_code ndr_pull_spoolss_EnumPrinterKey(struct ndr_pull *ndr, NDR_PULL_SET_MEM_CTX(ndr, _mem_save_handle_0, LIBNDR_FLAG_REF_ALLOC); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.key_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.key_name)); - if (ndr_get_array_length(ndr, &r->in.key_name) > ndr_get_array_size(ndr, &r->in.key_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.key_name), ndr_get_array_length(ndr, &r->in.key_name)); + size_key_name_0 = ndr_get_array_size(ndr, &r->in.key_name); + length_key_name_0 = ndr_get_array_length(ndr, &r->in.key_name); + if (length_key_name_0 > size_key_name_0) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_key_name_0, length_key_name_0); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.key_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.key_name, ndr_get_array_length(ndr, &r->in.key_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_key_name_0, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.key_name, length_key_name_0, sizeof(uint16_t), CH_UTF16)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.offered)); NDR_PULL_ALLOC(ndr, r->out._ndr_size); ZERO_STRUCTP(r->out._ndr_size); @@ -27106,6 +27792,10 @@ static enum ndr_err_code ndr_push_spoolss_DeletePrinterDataEx(struct ndr_push *n static enum ndr_err_code ndr_pull_spoolss_DeletePrinterDataEx(struct ndr_pull *ndr, int flags, struct spoolss_DeletePrinterDataEx *r) { + uint32_t size_key_name_0 = 0; + uint32_t length_key_name_0 = 0; + uint32_t size_value_name_0 = 0; + uint32_t length_value_name_0 = 0; TALLOC_CTX *_mem_save_handle_0; if (flags & NDR_IN) { if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) { @@ -27117,18 +27807,22 @@ static enum ndr_err_code ndr_pull_spoolss_DeletePrinterDataEx(struct ndr_pull *n NDR_PULL_SET_MEM_CTX(ndr, _mem_save_handle_0, LIBNDR_FLAG_REF_ALLOC); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.key_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.key_name)); - if (ndr_get_array_length(ndr, &r->in.key_name) > ndr_get_array_size(ndr, &r->in.key_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.key_name), ndr_get_array_length(ndr, &r->in.key_name)); + size_key_name_0 = ndr_get_array_size(ndr, &r->in.key_name); + length_key_name_0 = ndr_get_array_length(ndr, &r->in.key_name); + if (length_key_name_0 > size_key_name_0) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_key_name_0, length_key_name_0); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.key_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.key_name, ndr_get_array_length(ndr, &r->in.key_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_key_name_0, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.key_name, length_key_name_0, sizeof(uint16_t), CH_UTF16)); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.value_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.value_name)); - if (ndr_get_array_length(ndr, &r->in.value_name) > ndr_get_array_size(ndr, &r->in.value_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.value_name), ndr_get_array_length(ndr, &r->in.value_name)); + size_value_name_0 = ndr_get_array_size(ndr, &r->in.value_name); + length_value_name_0 = ndr_get_array_length(ndr, &r->in.value_name); + if (length_value_name_0 > size_value_name_0) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_value_name_0, length_value_name_0); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.value_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.value_name, ndr_get_array_length(ndr, &r->in.value_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_value_name_0, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.value_name, length_value_name_0, sizeof(uint16_t), CH_UTF16)); } if (flags & NDR_OUT) { NDR_CHECK(ndr_pull_WERROR(ndr, NDR_SCALARS, &r->out.result)); @@ -27183,6 +27877,8 @@ static enum ndr_err_code ndr_push_spoolss_DeletePrinterKey(struct ndr_push *ndr, static enum ndr_err_code ndr_pull_spoolss_DeletePrinterKey(struct ndr_pull *ndr, int flags, struct spoolss_DeletePrinterKey *r) { + uint32_t size_key_name_0 = 0; + uint32_t length_key_name_0 = 0; TALLOC_CTX *_mem_save_handle_0; if (flags & NDR_IN) { if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) { @@ -27194,11 +27890,13 @@ static enum ndr_err_code ndr_pull_spoolss_DeletePrinterKey(struct ndr_pull *ndr, NDR_PULL_SET_MEM_CTX(ndr, _mem_save_handle_0, LIBNDR_FLAG_REF_ALLOC); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.key_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.key_name)); - if (ndr_get_array_length(ndr, &r->in.key_name) > ndr_get_array_size(ndr, &r->in.key_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.key_name), ndr_get_array_length(ndr, &r->in.key_name)); + size_key_name_0 = ndr_get_array_size(ndr, &r->in.key_name); + length_key_name_0 = ndr_get_array_length(ndr, &r->in.key_name); + if (length_key_name_0 > size_key_name_0) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_key_name_0, length_key_name_0); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.key_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.key_name, ndr_get_array_length(ndr, &r->in.key_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_key_name_0, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.key_name, length_key_name_0, sizeof(uint16_t), CH_UTF16)); } if (flags & NDR_OUT) { NDR_CHECK(ndr_pull_WERROR(ndr, NDR_SCALARS, &r->out.result)); @@ -27303,6 +28001,12 @@ static enum ndr_err_code ndr_push_spoolss_DeletePrinterDriverEx(struct ndr_push static enum ndr_err_code ndr_pull_spoolss_DeletePrinterDriverEx(struct ndr_pull *ndr, int flags, struct spoolss_DeletePrinterDriverEx *r) { uint32_t _ptr_server; + uint32_t size_server_1 = 0; + uint32_t length_server_1 = 0; + uint32_t size_architecture_0 = 0; + uint32_t length_architecture_0 = 0; + uint32_t size_driver_0 = 0; + uint32_t length_driver_0 = 0; TALLOC_CTX *_mem_save_server_0; if (flags & NDR_IN) { NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_server)); @@ -27316,27 +28020,33 @@ static enum ndr_err_code ndr_pull_spoolss_DeletePrinterDriverEx(struct ndr_pull NDR_PULL_SET_MEM_CTX(ndr, r->in.server, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.server)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.server)); - if (ndr_get_array_length(ndr, &r->in.server) > ndr_get_array_size(ndr, &r->in.server)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.server), ndr_get_array_length(ndr, &r->in.server)); + size_server_1 = ndr_get_array_size(ndr, &r->in.server); + length_server_1 = ndr_get_array_length(ndr, &r->in.server); + if (length_server_1 > size_server_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_1, length_server_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.server), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server, ndr_get_array_length(ndr, &r->in.server), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server, length_server_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_0, 0); } NDR_CHECK(ndr_pull_array_size(ndr, &r->in.architecture)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.architecture)); - if (ndr_get_array_length(ndr, &r->in.architecture) > ndr_get_array_size(ndr, &r->in.architecture)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.architecture), ndr_get_array_length(ndr, &r->in.architecture)); + size_architecture_0 = ndr_get_array_size(ndr, &r->in.architecture); + length_architecture_0 = ndr_get_array_length(ndr, &r->in.architecture); + if (length_architecture_0 > size_architecture_0) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_architecture_0, length_architecture_0); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.architecture), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.architecture, ndr_get_array_length(ndr, &r->in.architecture), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_architecture_0, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.architecture, length_architecture_0, sizeof(uint16_t), CH_UTF16)); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.driver)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.driver)); - if (ndr_get_array_length(ndr, &r->in.driver) > ndr_get_array_size(ndr, &r->in.driver)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.driver), ndr_get_array_length(ndr, &r->in.driver)); + size_driver_0 = ndr_get_array_size(ndr, &r->in.driver); + length_driver_0 = ndr_get_array_length(ndr, &r->in.driver); + if (length_driver_0 > size_driver_0) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_driver_0, length_driver_0); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.driver), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.driver, ndr_get_array_length(ndr, &r->in.driver), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_driver_0, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.driver, length_driver_0, sizeof(uint16_t), CH_UTF16)); NDR_CHECK(ndr_pull_spoolss_DeleteDriverFlags(ndr, NDR_SCALARS, &r->in.delete_flags)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.version)); } @@ -27540,6 +28250,9 @@ static enum ndr_err_code ndr_push_spoolss_XcvData(struct ndr_push *ndr, int flag static enum ndr_err_code ndr_pull_spoolss_XcvData(struct ndr_pull *ndr, int flags, struct spoolss_XcvData *r) { + uint32_t size_function_name_0 = 0; + uint32_t length_function_name_0 = 0; + uint32_t size_out_data_1 = 0; TALLOC_CTX *_mem_save_handle_0; TALLOC_CTX *_mem_save_needed_0; TALLOC_CTX *_mem_save_status_code_0; @@ -27555,11 +28268,13 @@ static enum ndr_err_code ndr_pull_spoolss_XcvData(struct ndr_pull *ndr, int flag NDR_PULL_SET_MEM_CTX(ndr, _mem_save_handle_0, LIBNDR_FLAG_REF_ALLOC); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.function_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.function_name)); - if (ndr_get_array_length(ndr, &r->in.function_name) > ndr_get_array_size(ndr, &r->in.function_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.function_name), ndr_get_array_length(ndr, &r->in.function_name)); + size_function_name_0 = ndr_get_array_size(ndr, &r->in.function_name); + length_function_name_0 = ndr_get_array_length(ndr, &r->in.function_name); + if (length_function_name_0 > size_function_name_0) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_function_name_0, length_function_name_0); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.function_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.function_name, ndr_get_array_length(ndr, &r->in.function_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_function_name_0, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.function_name, length_function_name_0, sizeof(uint16_t), CH_UTF16)); NDR_CHECK(ndr_pull_DATA_BLOB(ndr, NDR_SCALARS, &r->in.in_data)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in._in_data_length)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.out_data_size)); @@ -27579,10 +28294,11 @@ static enum ndr_err_code ndr_pull_spoolss_XcvData(struct ndr_pull *ndr, int flag } if (flags & NDR_OUT) { NDR_CHECK(ndr_pull_array_size(ndr, &r->out.out_data)); + size_out_data_1 = ndr_get_array_size(ndr, &r->out.out_data); if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) { - NDR_PULL_ALLOC_N(ndr, r->out.out_data, ndr_get_array_size(ndr, &r->out.out_data)); + NDR_PULL_ALLOC_N(ndr, r->out.out_data, size_out_data_1); } - NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->out.out_data, ndr_get_array_size(ndr, &r->out.out_data))); + NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->out.out_data, size_out_data_1)); if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) { NDR_PULL_ALLOC(ndr, r->out.needed); } @@ -27675,6 +28391,8 @@ _PUBLIC_ enum ndr_err_code ndr_push_spoolss_AddPrinterDriverEx(struct ndr_push * _PUBLIC_ enum ndr_err_code ndr_pull_spoolss_AddPrinterDriverEx(struct ndr_pull *ndr, int flags, struct spoolss_AddPrinterDriverEx *r) { uint32_t _ptr_servername; + uint32_t size_servername_1 = 0; + uint32_t length_servername_1 = 0; TALLOC_CTX *_mem_save_servername_0; TALLOC_CTX *_mem_save_info_ctr_0; if (flags & NDR_IN) { @@ -27689,11 +28407,13 @@ _PUBLIC_ enum ndr_err_code ndr_pull_spoolss_AddPrinterDriverEx(struct ndr_pull * NDR_PULL_SET_MEM_CTX(ndr, r->in.servername, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.servername)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.servername)); - if (ndr_get_array_length(ndr, &r->in.servername) > ndr_get_array_size(ndr, &r->in.servername)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.servername), ndr_get_array_length(ndr, &r->in.servername)); + size_servername_1 = ndr_get_array_size(ndr, &r->in.servername); + length_servername_1 = ndr_get_array_length(ndr, &r->in.servername); + if (length_servername_1 > size_servername_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_servername_1, length_servername_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.servername), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.servername, ndr_get_array_length(ndr, &r->in.servername), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_servername_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.servername, length_servername_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_servername_0, 0); } if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) { diff --git a/librpc/gen_ndr/ndr_srvsvc.c b/librpc/gen_ndr/ndr_srvsvc.c index 31d2fe2..987faf1 100644 --- a/librpc/gen_ndr/ndr_srvsvc.c +++ b/librpc/gen_ndr/ndr_srvsvc.c @@ -25,6 +25,8 @@ static enum ndr_err_code ndr_push_srvsvc_NetCharDevInfo0(struct ndr_push *ndr, i static enum ndr_err_code ndr_pull_srvsvc_NetCharDevInfo0(struct ndr_pull *ndr, int ndr_flags, struct srvsvc_NetCharDevInfo0 *r) { uint32_t _ptr_device; + uint32_t size_device_1 = 0; + uint32_t length_device_1 = 0; TALLOC_CTX *_mem_save_device_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); @@ -41,11 +43,13 @@ static enum ndr_err_code ndr_pull_srvsvc_NetCharDevInfo0(struct ndr_pull *ndr, i NDR_PULL_SET_MEM_CTX(ndr, r->device, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->device)); NDR_CHECK(ndr_pull_array_length(ndr, &r->device)); - if (ndr_get_array_length(ndr, &r->device) > ndr_get_array_size(ndr, &r->device)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->device), ndr_get_array_length(ndr, &r->device)); + size_device_1 = ndr_get_array_size(ndr, &r->device); + length_device_1 = ndr_get_array_length(ndr, &r->device); + if (length_device_1 > size_device_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_device_1, length_device_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->device), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->device, ndr_get_array_length(ndr, &r->device), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_device_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->device, length_device_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_device_0, 0); } } @@ -90,6 +94,7 @@ static enum ndr_err_code ndr_push_srvsvc_NetCharDevCtr0(struct ndr_push *ndr, in static enum ndr_err_code ndr_pull_srvsvc_NetCharDevCtr0(struct ndr_pull *ndr, int ndr_flags, struct srvsvc_NetCharDevCtr0 *r) { uint32_t _ptr_array; + uint32_t size_array_1 = 0; uint32_t cntr_array_1; TALLOC_CTX *_mem_save_array_0; TALLOC_CTX *_mem_save_array_1; @@ -108,13 +113,14 @@ static enum ndr_err_code ndr_pull_srvsvc_NetCharDevCtr0(struct ndr_pull *ndr, in _mem_save_array_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->array)); - NDR_PULL_ALLOC_N(ndr, r->array, ndr_get_array_size(ndr, &r->array)); + size_array_1 = ndr_get_array_size(ndr, &r->array); + NDR_PULL_ALLOC_N(ndr, r->array, size_array_1); _mem_save_array_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); - for (cntr_array_1 = 0; cntr_array_1 < r->count; cntr_array_1++) { + for (cntr_array_1 = 0; cntr_array_1 < size_array_1; cntr_array_1++) { NDR_CHECK(ndr_pull_srvsvc_NetCharDevInfo0(ndr, NDR_SCALARS, &r->array[cntr_array_1])); } - for (cntr_array_1 = 0; cntr_array_1 < r->count; cntr_array_1++) { + for (cntr_array_1 = 0; cntr_array_1 < size_array_1; cntr_array_1++) { NDR_CHECK(ndr_pull_srvsvc_NetCharDevInfo0(ndr, NDR_BUFFERS, &r->array[cntr_array_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_array_1, 0); @@ -180,8 +186,12 @@ static enum ndr_err_code ndr_push_srvsvc_NetCharDevInfo1(struct ndr_push *ndr, i static enum ndr_err_code ndr_pull_srvsvc_NetCharDevInfo1(struct ndr_pull *ndr, int ndr_flags, struct srvsvc_NetCharDevInfo1 *r) { uint32_t _ptr_device; + uint32_t size_device_1 = 0; + uint32_t length_device_1 = 0; TALLOC_CTX *_mem_save_device_0; uint32_t _ptr_user; + uint32_t size_user_1 = 0; + uint32_t length_user_1 = 0; TALLOC_CTX *_mem_save_user_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); @@ -206,11 +216,13 @@ static enum ndr_err_code ndr_pull_srvsvc_NetCharDevInfo1(struct ndr_pull *ndr, i NDR_PULL_SET_MEM_CTX(ndr, r->device, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->device)); NDR_CHECK(ndr_pull_array_length(ndr, &r->device)); - if (ndr_get_array_length(ndr, &r->device) > ndr_get_array_size(ndr, &r->device)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->device), ndr_get_array_length(ndr, &r->device)); + size_device_1 = ndr_get_array_size(ndr, &r->device); + length_device_1 = ndr_get_array_length(ndr, &r->device); + if (length_device_1 > size_device_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_device_1, length_device_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->device), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->device, ndr_get_array_length(ndr, &r->device), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_device_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->device, length_device_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_device_0, 0); } if (r->user) { @@ -218,11 +230,13 @@ static enum ndr_err_code ndr_pull_srvsvc_NetCharDevInfo1(struct ndr_pull *ndr, i NDR_PULL_SET_MEM_CTX(ndr, r->user, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->user)); NDR_CHECK(ndr_pull_array_length(ndr, &r->user)); - if (ndr_get_array_length(ndr, &r->user) > ndr_get_array_size(ndr, &r->user)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->user), ndr_get_array_length(ndr, &r->user)); + size_user_1 = ndr_get_array_size(ndr, &r->user); + length_user_1 = ndr_get_array_length(ndr, &r->user); + if (length_user_1 > size_user_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_user_1, length_user_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->user), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->user, ndr_get_array_length(ndr, &r->user), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_user_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->user, length_user_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_user_0, 0); } } @@ -275,6 +289,7 @@ static enum ndr_err_code ndr_push_srvsvc_NetCharDevCtr1(struct ndr_push *ndr, in static enum ndr_err_code ndr_pull_srvsvc_NetCharDevCtr1(struct ndr_pull *ndr, int ndr_flags, struct srvsvc_NetCharDevCtr1 *r) { uint32_t _ptr_array; + uint32_t size_array_1 = 0; uint32_t cntr_array_1; TALLOC_CTX *_mem_save_array_0; TALLOC_CTX *_mem_save_array_1; @@ -293,13 +308,14 @@ static enum ndr_err_code ndr_pull_srvsvc_NetCharDevCtr1(struct ndr_pull *ndr, in _mem_save_array_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->array)); - NDR_PULL_ALLOC_N(ndr, r->array, ndr_get_array_size(ndr, &r->array)); + size_array_1 = ndr_get_array_size(ndr, &r->array); + NDR_PULL_ALLOC_N(ndr, r->array, size_array_1); _mem_save_array_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); - for (cntr_array_1 = 0; cntr_array_1 < r->count; cntr_array_1++) { + for (cntr_array_1 = 0; cntr_array_1 < size_array_1; cntr_array_1++) { NDR_CHECK(ndr_pull_srvsvc_NetCharDevInfo1(ndr, NDR_SCALARS, &r->array[cntr_array_1])); } - for (cntr_array_1 = 0; cntr_array_1 < r->count; cntr_array_1++) { + for (cntr_array_1 = 0; cntr_array_1 < size_array_1; cntr_array_1++) { NDR_CHECK(ndr_pull_srvsvc_NetCharDevInfo1(ndr, NDR_BUFFERS, &r->array[cntr_array_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_array_1, 0); @@ -383,7 +399,9 @@ static enum ndr_err_code ndr_pull_srvsvc_NetCharDevInfo(struct ndr_pull *ndr, in int level; uint32_t _level; TALLOC_CTX *_mem_save_info0_0; + uint32_t _ptr_info0; TALLOC_CTX *_mem_save_info1_0; + uint32_t _ptr_info1; level = ndr_pull_get_switch_value(ndr, r); if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &_level)); @@ -392,7 +410,6 @@ static enum ndr_err_code ndr_pull_srvsvc_NetCharDevInfo(struct ndr_pull *ndr, in } switch (level) { case 0: { - uint32_t _ptr_info0; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info0)); if (_ptr_info0) { NDR_PULL_ALLOC(ndr, r->info0); @@ -402,7 +419,6 @@ static enum ndr_err_code ndr_pull_srvsvc_NetCharDevInfo(struct ndr_pull *ndr, in break; } case 1: { - uint32_t _ptr_info1; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info1)); if (_ptr_info1) { NDR_PULL_ALLOC(ndr, r->info1); @@ -521,7 +537,9 @@ static enum ndr_err_code ndr_pull_srvsvc_NetCharDevCtr(struct ndr_pull *ndr, int int level; uint32_t _level; TALLOC_CTX *_mem_save_ctr0_0; + uint32_t _ptr_ctr0; TALLOC_CTX *_mem_save_ctr1_0; + uint32_t _ptr_ctr1; level = ndr_pull_get_switch_value(ndr, r); if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &_level)); @@ -530,7 +548,6 @@ static enum ndr_err_code ndr_pull_srvsvc_NetCharDevCtr(struct ndr_pull *ndr, int } switch (level) { case 0: { - uint32_t _ptr_ctr0; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_ctr0)); if (_ptr_ctr0) { NDR_PULL_ALLOC(ndr, r->ctr0); @@ -540,7 +557,6 @@ static enum ndr_err_code ndr_pull_srvsvc_NetCharDevCtr(struct ndr_pull *ndr, int break; } case 1: { - uint32_t _ptr_ctr1; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_ctr1)); if (_ptr_ctr1) { NDR_PULL_ALLOC(ndr, r->ctr1); @@ -670,6 +686,8 @@ static enum ndr_err_code ndr_push_srvsvc_NetCharDevQInfo0(struct ndr_push *ndr, static enum ndr_err_code ndr_pull_srvsvc_NetCharDevQInfo0(struct ndr_pull *ndr, int ndr_flags, struct srvsvc_NetCharDevQInfo0 *r) { uint32_t _ptr_device; + uint32_t size_device_1 = 0; + uint32_t length_device_1 = 0; TALLOC_CTX *_mem_save_device_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); @@ -686,11 +704,13 @@ static enum ndr_err_code ndr_pull_srvsvc_NetCharDevQInfo0(struct ndr_pull *ndr, NDR_PULL_SET_MEM_CTX(ndr, r->device, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->device)); NDR_CHECK(ndr_pull_array_length(ndr, &r->device)); - if (ndr_get_array_length(ndr, &r->device) > ndr_get_array_size(ndr, &r->device)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->device), ndr_get_array_length(ndr, &r->device)); + size_device_1 = ndr_get_array_size(ndr, &r->device); + length_device_1 = ndr_get_array_length(ndr, &r->device); + if (length_device_1 > size_device_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_device_1, length_device_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->device), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->device, ndr_get_array_length(ndr, &r->device), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_device_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->device, length_device_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_device_0, 0); } } @@ -735,6 +755,7 @@ static enum ndr_err_code ndr_push_srvsvc_NetCharDevQCtr0(struct ndr_push *ndr, i static enum ndr_err_code ndr_pull_srvsvc_NetCharDevQCtr0(struct ndr_pull *ndr, int ndr_flags, struct srvsvc_NetCharDevQCtr0 *r) { uint32_t _ptr_array; + uint32_t size_array_1 = 0; uint32_t cntr_array_1; TALLOC_CTX *_mem_save_array_0; TALLOC_CTX *_mem_save_array_1; @@ -753,13 +774,14 @@ static enum ndr_err_code ndr_pull_srvsvc_NetCharDevQCtr0(struct ndr_pull *ndr, i _mem_save_array_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->array)); - NDR_PULL_ALLOC_N(ndr, r->array, ndr_get_array_size(ndr, &r->array)); + size_array_1 = ndr_get_array_size(ndr, &r->array); + NDR_PULL_ALLOC_N(ndr, r->array, size_array_1); _mem_save_array_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); - for (cntr_array_1 = 0; cntr_array_1 < r->count; cntr_array_1++) { + for (cntr_array_1 = 0; cntr_array_1 < size_array_1; cntr_array_1++) { NDR_CHECK(ndr_pull_srvsvc_NetCharDevQInfo0(ndr, NDR_SCALARS, &r->array[cntr_array_1])); } - for (cntr_array_1 = 0; cntr_array_1 < r->count; cntr_array_1++) { + for (cntr_array_1 = 0; cntr_array_1 < size_array_1; cntr_array_1++) { NDR_CHECK(ndr_pull_srvsvc_NetCharDevQInfo0(ndr, NDR_BUFFERS, &r->array[cntr_array_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_array_1, 0); @@ -826,8 +848,12 @@ static enum ndr_err_code ndr_push_srvsvc_NetCharDevQInfo1(struct ndr_push *ndr, static enum ndr_err_code ndr_pull_srvsvc_NetCharDevQInfo1(struct ndr_pull *ndr, int ndr_flags, struct srvsvc_NetCharDevQInfo1 *r) { uint32_t _ptr_device; + uint32_t size_device_1 = 0; + uint32_t length_device_1 = 0; TALLOC_CTX *_mem_save_device_0; uint32_t _ptr_devices; + uint32_t size_devices_1 = 0; + uint32_t length_devices_1 = 0; TALLOC_CTX *_mem_save_devices_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); @@ -853,11 +879,13 @@ static enum ndr_err_code ndr_pull_srvsvc_NetCharDevQInfo1(struct ndr_pull *ndr, NDR_PULL_SET_MEM_CTX(ndr, r->device, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->device)); NDR_CHECK(ndr_pull_array_length(ndr, &r->device)); - if (ndr_get_array_length(ndr, &r->device) > ndr_get_array_size(ndr, &r->device)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->device), ndr_get_array_length(ndr, &r->device)); + size_device_1 = ndr_get_array_size(ndr, &r->device); + length_device_1 = ndr_get_array_length(ndr, &r->device); + if (length_device_1 > size_device_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_device_1, length_device_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->device), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->device, ndr_get_array_length(ndr, &r->device), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_device_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->device, length_device_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_device_0, 0); } if (r->devices) { @@ -865,11 +893,13 @@ static enum ndr_err_code ndr_pull_srvsvc_NetCharDevQInfo1(struct ndr_pull *ndr, NDR_PULL_SET_MEM_CTX(ndr, r->devices, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->devices)); NDR_CHECK(ndr_pull_array_length(ndr, &r->devices)); - if (ndr_get_array_length(ndr, &r->devices) > ndr_get_array_size(ndr, &r->devices)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->devices), ndr_get_array_length(ndr, &r->devices)); + size_devices_1 = ndr_get_array_size(ndr, &r->devices); + length_devices_1 = ndr_get_array_length(ndr, &r->devices); + if (length_devices_1 > size_devices_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_devices_1, length_devices_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->devices), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->devices, ndr_get_array_length(ndr, &r->devices), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_devices_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->devices, length_devices_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_devices_0, 0); } } @@ -923,6 +953,7 @@ static enum ndr_err_code ndr_push_srvsvc_NetCharDevQCtr1(struct ndr_push *ndr, i static enum ndr_err_code ndr_pull_srvsvc_NetCharDevQCtr1(struct ndr_pull *ndr, int ndr_flags, struct srvsvc_NetCharDevQCtr1 *r) { uint32_t _ptr_array; + uint32_t size_array_1 = 0; uint32_t cntr_array_1; TALLOC_CTX *_mem_save_array_0; TALLOC_CTX *_mem_save_array_1; @@ -941,13 +972,14 @@ static enum ndr_err_code ndr_pull_srvsvc_NetCharDevQCtr1(struct ndr_pull *ndr, i _mem_save_array_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->array)); - NDR_PULL_ALLOC_N(ndr, r->array, ndr_get_array_size(ndr, &r->array)); + size_array_1 = ndr_get_array_size(ndr, &r->array); + NDR_PULL_ALLOC_N(ndr, r->array, size_array_1); _mem_save_array_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); - for (cntr_array_1 = 0; cntr_array_1 < r->count; cntr_array_1++) { + for (cntr_array_1 = 0; cntr_array_1 < size_array_1; cntr_array_1++) { NDR_CHECK(ndr_pull_srvsvc_NetCharDevQInfo1(ndr, NDR_SCALARS, &r->array[cntr_array_1])); } - for (cntr_array_1 = 0; cntr_array_1 < r->count; cntr_array_1++) { + for (cntr_array_1 = 0; cntr_array_1 < size_array_1; cntr_array_1++) { NDR_CHECK(ndr_pull_srvsvc_NetCharDevQInfo1(ndr, NDR_BUFFERS, &r->array[cntr_array_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_array_1, 0); @@ -1031,7 +1063,9 @@ static enum ndr_err_code ndr_pull_srvsvc_NetCharDevQInfo(struct ndr_pull *ndr, i int level; uint32_t _level; TALLOC_CTX *_mem_save_info0_0; + uint32_t _ptr_info0; TALLOC_CTX *_mem_save_info1_0; + uint32_t _ptr_info1; level = ndr_pull_get_switch_value(ndr, r); if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &_level)); @@ -1040,7 +1074,6 @@ static enum ndr_err_code ndr_pull_srvsvc_NetCharDevQInfo(struct ndr_pull *ndr, i } switch (level) { case 0: { - uint32_t _ptr_info0; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info0)); if (_ptr_info0) { NDR_PULL_ALLOC(ndr, r->info0); @@ -1050,7 +1083,6 @@ static enum ndr_err_code ndr_pull_srvsvc_NetCharDevQInfo(struct ndr_pull *ndr, i break; } case 1: { - uint32_t _ptr_info1; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info1)); if (_ptr_info1) { NDR_PULL_ALLOC(ndr, r->info1); @@ -1169,7 +1201,9 @@ static enum ndr_err_code ndr_pull_srvsvc_NetCharDevQCtr(struct ndr_pull *ndr, in int level; uint32_t _level; TALLOC_CTX *_mem_save_ctr0_0; + uint32_t _ptr_ctr0; TALLOC_CTX *_mem_save_ctr1_0; + uint32_t _ptr_ctr1; level = ndr_pull_get_switch_value(ndr, r); if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &_level)); @@ -1178,7 +1212,6 @@ static enum ndr_err_code ndr_pull_srvsvc_NetCharDevQCtr(struct ndr_pull *ndr, in } switch (level) { case 0: { - uint32_t _ptr_ctr0; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_ctr0)); if (_ptr_ctr0) { NDR_PULL_ALLOC(ndr, r->ctr0); @@ -1188,7 +1221,6 @@ static enum ndr_err_code ndr_pull_srvsvc_NetCharDevQCtr(struct ndr_pull *ndr, in break; } case 1: { - uint32_t _ptr_ctr1; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_ctr1)); if (_ptr_ctr1) { NDR_PULL_ALLOC(ndr, r->ctr1); @@ -1350,6 +1382,7 @@ static enum ndr_err_code ndr_push_srvsvc_NetConnCtr0(struct ndr_push *ndr, int n static enum ndr_err_code ndr_pull_srvsvc_NetConnCtr0(struct ndr_pull *ndr, int ndr_flags, struct srvsvc_NetConnCtr0 *r) { uint32_t _ptr_array; + uint32_t size_array_1 = 0; uint32_t cntr_array_1; TALLOC_CTX *_mem_save_array_0; TALLOC_CTX *_mem_save_array_1; @@ -1368,10 +1401,11 @@ static enum ndr_err_code ndr_pull_srvsvc_NetConnCtr0(struct ndr_pull *ndr, int n _mem_save_array_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->array)); - NDR_PULL_ALLOC_N(ndr, r->array, ndr_get_array_size(ndr, &r->array)); + size_array_1 = ndr_get_array_size(ndr, &r->array); + NDR_PULL_ALLOC_N(ndr, r->array, size_array_1); _mem_save_array_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); - for (cntr_array_1 = 0; cntr_array_1 < r->count; cntr_array_1++) { + for (cntr_array_1 = 0; cntr_array_1 < size_array_1; cntr_array_1++) { NDR_CHECK(ndr_pull_srvsvc_NetConnInfo0(ndr, NDR_SCALARS, &r->array[cntr_array_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_array_1, 0); @@ -1440,8 +1474,12 @@ static enum ndr_err_code ndr_push_srvsvc_NetConnInfo1(struct ndr_push *ndr, int static enum ndr_err_code ndr_pull_srvsvc_NetConnInfo1(struct ndr_pull *ndr, int ndr_flags, struct srvsvc_NetConnInfo1 *r) { uint32_t _ptr_user; + uint32_t size_user_1 = 0; + uint32_t length_user_1 = 0; TALLOC_CTX *_mem_save_user_0; uint32_t _ptr_share; + uint32_t size_share_1 = 0; + uint32_t length_share_1 = 0; TALLOC_CTX *_mem_save_share_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); @@ -1469,11 +1507,13 @@ static enum ndr_err_code ndr_pull_srvsvc_NetConnInfo1(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->user, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->user)); NDR_CHECK(ndr_pull_array_length(ndr, &r->user)); - if (ndr_get_array_length(ndr, &r->user) > ndr_get_array_size(ndr, &r->user)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->user), ndr_get_array_length(ndr, &r->user)); + size_user_1 = ndr_get_array_size(ndr, &r->user); + length_user_1 = ndr_get_array_length(ndr, &r->user); + if (length_user_1 > size_user_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_user_1, length_user_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->user), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->user, ndr_get_array_length(ndr, &r->user), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_user_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->user, length_user_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_user_0, 0); } if (r->share) { @@ -1481,11 +1521,13 @@ static enum ndr_err_code ndr_pull_srvsvc_NetConnInfo1(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->share, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->share)); NDR_CHECK(ndr_pull_array_length(ndr, &r->share)); - if (ndr_get_array_length(ndr, &r->share) > ndr_get_array_size(ndr, &r->share)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->share), ndr_get_array_length(ndr, &r->share)); + size_share_1 = ndr_get_array_size(ndr, &r->share); + length_share_1 = ndr_get_array_length(ndr, &r->share); + if (length_share_1 > size_share_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_share_1, length_share_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->share), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->share, ndr_get_array_length(ndr, &r->share), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_share_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->share, length_share_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_share_0, 0); } } @@ -1541,6 +1583,7 @@ static enum ndr_err_code ndr_push_srvsvc_NetConnCtr1(struct ndr_push *ndr, int n static enum ndr_err_code ndr_pull_srvsvc_NetConnCtr1(struct ndr_pull *ndr, int ndr_flags, struct srvsvc_NetConnCtr1 *r) { uint32_t _ptr_array; + uint32_t size_array_1 = 0; uint32_t cntr_array_1; TALLOC_CTX *_mem_save_array_0; TALLOC_CTX *_mem_save_array_1; @@ -1559,13 +1602,14 @@ static enum ndr_err_code ndr_pull_srvsvc_NetConnCtr1(struct ndr_pull *ndr, int n _mem_save_array_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->array)); - NDR_PULL_ALLOC_N(ndr, r->array, ndr_get_array_size(ndr, &r->array)); + size_array_1 = ndr_get_array_size(ndr, &r->array); + NDR_PULL_ALLOC_N(ndr, r->array, size_array_1); _mem_save_array_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); - for (cntr_array_1 = 0; cntr_array_1 < r->count; cntr_array_1++) { + for (cntr_array_1 = 0; cntr_array_1 < size_array_1; cntr_array_1++) { NDR_CHECK(ndr_pull_srvsvc_NetConnInfo1(ndr, NDR_SCALARS, &r->array[cntr_array_1])); } - for (cntr_array_1 = 0; cntr_array_1 < r->count; cntr_array_1++) { + for (cntr_array_1 = 0; cntr_array_1 < size_array_1; cntr_array_1++) { NDR_CHECK(ndr_pull_srvsvc_NetConnInfo1(ndr, NDR_BUFFERS, &r->array[cntr_array_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_array_1, 0); @@ -1649,7 +1693,9 @@ static enum ndr_err_code ndr_pull_srvsvc_NetConnCtr(struct ndr_pull *ndr, int nd int level; uint32_t _level; TALLOC_CTX *_mem_save_ctr0_0; + uint32_t _ptr_ctr0; TALLOC_CTX *_mem_save_ctr1_0; + uint32_t _ptr_ctr1; level = ndr_pull_get_switch_value(ndr, r); if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &_level)); @@ -1658,7 +1704,6 @@ static enum ndr_err_code ndr_pull_srvsvc_NetConnCtr(struct ndr_pull *ndr, int nd } switch (level) { case 0: { - uint32_t _ptr_ctr0; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_ctr0)); if (_ptr_ctr0) { NDR_PULL_ALLOC(ndr, r->ctr0); @@ -1668,7 +1713,6 @@ static enum ndr_err_code ndr_pull_srvsvc_NetConnCtr(struct ndr_pull *ndr, int nd break; } case 1: { - uint32_t _ptr_ctr1; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_ctr1)); if (_ptr_ctr1) { NDR_PULL_ALLOC(ndr, r->ctr1); @@ -1830,6 +1874,7 @@ static enum ndr_err_code ndr_push_srvsvc_NetFileCtr2(struct ndr_push *ndr, int n static enum ndr_err_code ndr_pull_srvsvc_NetFileCtr2(struct ndr_pull *ndr, int ndr_flags, struct srvsvc_NetFileCtr2 *r) { uint32_t _ptr_array; + uint32_t size_array_1 = 0; uint32_t cntr_array_1; TALLOC_CTX *_mem_save_array_0; TALLOC_CTX *_mem_save_array_1; @@ -1848,10 +1893,11 @@ static enum ndr_err_code ndr_pull_srvsvc_NetFileCtr2(struct ndr_pull *ndr, int n _mem_save_array_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->array)); - NDR_PULL_ALLOC_N(ndr, r->array, ndr_get_array_size(ndr, &r->array)); + size_array_1 = ndr_get_array_size(ndr, &r->array); + NDR_PULL_ALLOC_N(ndr, r->array, size_array_1); _mem_save_array_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); - for (cntr_array_1 = 0; cntr_array_1 < r->count; cntr_array_1++) { + for (cntr_array_1 = 0; cntr_array_1 < size_array_1; cntr_array_1++) { NDR_CHECK(ndr_pull_srvsvc_NetFileInfo2(ndr, NDR_SCALARS, &r->array[cntr_array_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_array_1, 0); @@ -1918,8 +1964,12 @@ static enum ndr_err_code ndr_push_srvsvc_NetFileInfo3(struct ndr_push *ndr, int static enum ndr_err_code ndr_pull_srvsvc_NetFileInfo3(struct ndr_pull *ndr, int ndr_flags, struct srvsvc_NetFileInfo3 *r) { uint32_t _ptr_path; + uint32_t size_path_1 = 0; + uint32_t length_path_1 = 0; TALLOC_CTX *_mem_save_path_0; uint32_t _ptr_user; + uint32_t size_user_1 = 0; + uint32_t length_user_1 = 0; TALLOC_CTX *_mem_save_user_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); @@ -1945,11 +1995,13 @@ static enum ndr_err_code ndr_pull_srvsvc_NetFileInfo3(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->path, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->path)); NDR_CHECK(ndr_pull_array_length(ndr, &r->path)); - if (ndr_get_array_length(ndr, &r->path) > ndr_get_array_size(ndr, &r->path)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->path), ndr_get_array_length(ndr, &r->path)); + size_path_1 = ndr_get_array_size(ndr, &r->path); + length_path_1 = ndr_get_array_length(ndr, &r->path); + if (length_path_1 > size_path_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_path_1, length_path_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->path), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->path, ndr_get_array_length(ndr, &r->path), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_path_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->path, length_path_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_path_0, 0); } if (r->user) { @@ -1957,11 +2009,13 @@ static enum ndr_err_code ndr_pull_srvsvc_NetFileInfo3(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->user, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->user)); NDR_CHECK(ndr_pull_array_length(ndr, &r->user)); - if (ndr_get_array_length(ndr, &r->user) > ndr_get_array_size(ndr, &r->user)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->user), ndr_get_array_length(ndr, &r->user)); + size_user_1 = ndr_get_array_size(ndr, &r->user); + length_user_1 = ndr_get_array_length(ndr, &r->user); + if (length_user_1 > size_user_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_user_1, length_user_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->user), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->user, ndr_get_array_length(ndr, &r->user), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_user_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->user, length_user_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_user_0, 0); } } @@ -2015,6 +2069,7 @@ static enum ndr_err_code ndr_push_srvsvc_NetFileCtr3(struct ndr_push *ndr, int n static enum ndr_err_code ndr_pull_srvsvc_NetFileCtr3(struct ndr_pull *ndr, int ndr_flags, struct srvsvc_NetFileCtr3 *r) { uint32_t _ptr_array; + uint32_t size_array_1 = 0; uint32_t cntr_array_1; TALLOC_CTX *_mem_save_array_0; TALLOC_CTX *_mem_save_array_1; @@ -2033,13 +2088,14 @@ static enum ndr_err_code ndr_pull_srvsvc_NetFileCtr3(struct ndr_pull *ndr, int n _mem_save_array_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->array)); - NDR_PULL_ALLOC_N(ndr, r->array, ndr_get_array_size(ndr, &r->array)); + size_array_1 = ndr_get_array_size(ndr, &r->array); + NDR_PULL_ALLOC_N(ndr, r->array, size_array_1); _mem_save_array_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); - for (cntr_array_1 = 0; cntr_array_1 < r->count; cntr_array_1++) { + for (cntr_array_1 = 0; cntr_array_1 < size_array_1; cntr_array_1++) { NDR_CHECK(ndr_pull_srvsvc_NetFileInfo3(ndr, NDR_SCALARS, &r->array[cntr_array_1])); } - for (cntr_array_1 = 0; cntr_array_1 < r->count; cntr_array_1++) { + for (cntr_array_1 = 0; cntr_array_1 < size_array_1; cntr_array_1++) { NDR_CHECK(ndr_pull_srvsvc_NetFileInfo3(ndr, NDR_BUFFERS, &r->array[cntr_array_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_array_1, 0); @@ -2123,7 +2179,9 @@ static enum ndr_err_code ndr_pull_srvsvc_NetFileInfo(struct ndr_pull *ndr, int n int level; uint32_t _level; TALLOC_CTX *_mem_save_info2_0; + uint32_t _ptr_info2; TALLOC_CTX *_mem_save_info3_0; + uint32_t _ptr_info3; level = ndr_pull_get_switch_value(ndr, r); if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &_level)); @@ -2132,7 +2190,6 @@ static enum ndr_err_code ndr_pull_srvsvc_NetFileInfo(struct ndr_pull *ndr, int n } switch (level) { case 2: { - uint32_t _ptr_info2; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info2)); if (_ptr_info2) { NDR_PULL_ALLOC(ndr, r->info2); @@ -2142,7 +2199,6 @@ static enum ndr_err_code ndr_pull_srvsvc_NetFileInfo(struct ndr_pull *ndr, int n break; } case 3: { - uint32_t _ptr_info3; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info3)); if (_ptr_info3) { NDR_PULL_ALLOC(ndr, r->info3); @@ -2261,7 +2317,9 @@ static enum ndr_err_code ndr_pull_srvsvc_NetFileCtr(struct ndr_pull *ndr, int nd int level; uint32_t _level; TALLOC_CTX *_mem_save_ctr2_0; + uint32_t _ptr_ctr2; TALLOC_CTX *_mem_save_ctr3_0; + uint32_t _ptr_ctr3; level = ndr_pull_get_switch_value(ndr, r); if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &_level)); @@ -2270,7 +2328,6 @@ static enum ndr_err_code ndr_pull_srvsvc_NetFileCtr(struct ndr_pull *ndr, int nd } switch (level) { case 2: { - uint32_t _ptr_ctr2; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_ctr2)); if (_ptr_ctr2) { NDR_PULL_ALLOC(ndr, r->ctr2); @@ -2280,7 +2337,6 @@ static enum ndr_err_code ndr_pull_srvsvc_NetFileCtr(struct ndr_pull *ndr, int nd break; } case 3: { - uint32_t _ptr_ctr3; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_ctr3)); if (_ptr_ctr3) { NDR_PULL_ALLOC(ndr, r->ctr3); @@ -2410,6 +2466,8 @@ static enum ndr_err_code ndr_push_srvsvc_NetSessInfo0(struct ndr_push *ndr, int static enum ndr_err_code ndr_pull_srvsvc_NetSessInfo0(struct ndr_pull *ndr, int ndr_flags, struct srvsvc_NetSessInfo0 *r) { uint32_t _ptr_client; + uint32_t size_client_1 = 0; + uint32_t length_client_1 = 0; TALLOC_CTX *_mem_save_client_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); @@ -2426,11 +2484,13 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSessInfo0(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->client, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->client)); NDR_CHECK(ndr_pull_array_length(ndr, &r->client)); - if (ndr_get_array_length(ndr, &r->client) > ndr_get_array_size(ndr, &r->client)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->client), ndr_get_array_length(ndr, &r->client)); + size_client_1 = ndr_get_array_size(ndr, &r->client); + length_client_1 = ndr_get_array_length(ndr, &r->client); + if (length_client_1 > size_client_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_client_1, length_client_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->client), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->client, ndr_get_array_length(ndr, &r->client), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_client_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->client, length_client_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_client_0, 0); } } @@ -2475,6 +2535,7 @@ static enum ndr_err_code ndr_push_srvsvc_NetSessCtr0(struct ndr_push *ndr, int n static enum ndr_err_code ndr_pull_srvsvc_NetSessCtr0(struct ndr_pull *ndr, int ndr_flags, struct srvsvc_NetSessCtr0 *r) { uint32_t _ptr_array; + uint32_t size_array_1 = 0; uint32_t cntr_array_1; TALLOC_CTX *_mem_save_array_0; TALLOC_CTX *_mem_save_array_1; @@ -2493,13 +2554,14 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSessCtr0(struct ndr_pull *ndr, int n _mem_save_array_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->array)); - NDR_PULL_ALLOC_N(ndr, r->array, ndr_get_array_size(ndr, &r->array)); + size_array_1 = ndr_get_array_size(ndr, &r->array); + NDR_PULL_ALLOC_N(ndr, r->array, size_array_1); _mem_save_array_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); - for (cntr_array_1 = 0; cntr_array_1 < r->count; cntr_array_1++) { + for (cntr_array_1 = 0; cntr_array_1 < size_array_1; cntr_array_1++) { NDR_CHECK(ndr_pull_srvsvc_NetSessInfo0(ndr, NDR_SCALARS, &r->array[cntr_array_1])); } - for (cntr_array_1 = 0; cntr_array_1 < r->count; cntr_array_1++) { + for (cntr_array_1 = 0; cntr_array_1 < size_array_1; cntr_array_1++) { NDR_CHECK(ndr_pull_srvsvc_NetSessInfo0(ndr, NDR_BUFFERS, &r->array[cntr_array_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_array_1, 0); @@ -2567,8 +2629,12 @@ static enum ndr_err_code ndr_push_srvsvc_NetSessInfo1(struct ndr_push *ndr, int static enum ndr_err_code ndr_pull_srvsvc_NetSessInfo1(struct ndr_pull *ndr, int ndr_flags, struct srvsvc_NetSessInfo1 *r) { uint32_t _ptr_client; + uint32_t size_client_1 = 0; + uint32_t length_client_1 = 0; TALLOC_CTX *_mem_save_client_0; uint32_t _ptr_user; + uint32_t size_user_1 = 0; + uint32_t length_user_1 = 0; TALLOC_CTX *_mem_save_user_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); @@ -2595,11 +2661,13 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSessInfo1(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->client, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->client)); NDR_CHECK(ndr_pull_array_length(ndr, &r->client)); - if (ndr_get_array_length(ndr, &r->client) > ndr_get_array_size(ndr, &r->client)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->client), ndr_get_array_length(ndr, &r->client)); + size_client_1 = ndr_get_array_size(ndr, &r->client); + length_client_1 = ndr_get_array_length(ndr, &r->client); + if (length_client_1 > size_client_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_client_1, length_client_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->client), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->client, ndr_get_array_length(ndr, &r->client), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_client_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->client, length_client_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_client_0, 0); } if (r->user) { @@ -2607,11 +2675,13 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSessInfo1(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->user, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->user)); NDR_CHECK(ndr_pull_array_length(ndr, &r->user)); - if (ndr_get_array_length(ndr, &r->user) > ndr_get_array_size(ndr, &r->user)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->user), ndr_get_array_length(ndr, &r->user)); + size_user_1 = ndr_get_array_size(ndr, &r->user); + length_user_1 = ndr_get_array_length(ndr, &r->user); + if (length_user_1 > size_user_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_user_1, length_user_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->user), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->user, ndr_get_array_length(ndr, &r->user), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_user_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->user, length_user_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_user_0, 0); } } @@ -2666,6 +2736,7 @@ static enum ndr_err_code ndr_push_srvsvc_NetSessCtr1(struct ndr_push *ndr, int n static enum ndr_err_code ndr_pull_srvsvc_NetSessCtr1(struct ndr_pull *ndr, int ndr_flags, struct srvsvc_NetSessCtr1 *r) { uint32_t _ptr_array; + uint32_t size_array_1 = 0; uint32_t cntr_array_1; TALLOC_CTX *_mem_save_array_0; TALLOC_CTX *_mem_save_array_1; @@ -2684,13 +2755,14 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSessCtr1(struct ndr_pull *ndr, int n _mem_save_array_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->array)); - NDR_PULL_ALLOC_N(ndr, r->array, ndr_get_array_size(ndr, &r->array)); + size_array_1 = ndr_get_array_size(ndr, &r->array); + NDR_PULL_ALLOC_N(ndr, r->array, size_array_1); _mem_save_array_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); - for (cntr_array_1 = 0; cntr_array_1 < r->count; cntr_array_1++) { + for (cntr_array_1 = 0; cntr_array_1 < size_array_1; cntr_array_1++) { NDR_CHECK(ndr_pull_srvsvc_NetSessInfo1(ndr, NDR_SCALARS, &r->array[cntr_array_1])); } - for (cntr_array_1 = 0; cntr_array_1 < r->count; cntr_array_1++) { + for (cntr_array_1 = 0; cntr_array_1 < size_array_1; cntr_array_1++) { NDR_CHECK(ndr_pull_srvsvc_NetSessInfo1(ndr, NDR_BUFFERS, &r->array[cntr_array_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_array_1, 0); @@ -2765,10 +2837,16 @@ static enum ndr_err_code ndr_push_srvsvc_NetSessInfo2(struct ndr_push *ndr, int static enum ndr_err_code ndr_pull_srvsvc_NetSessInfo2(struct ndr_pull *ndr, int ndr_flags, struct srvsvc_NetSessInfo2 *r) { uint32_t _ptr_client; + uint32_t size_client_1 = 0; + uint32_t length_client_1 = 0; TALLOC_CTX *_mem_save_client_0; uint32_t _ptr_user; + uint32_t size_user_1 = 0; + uint32_t length_user_1 = 0; TALLOC_CTX *_mem_save_user_0; uint32_t _ptr_client_type; + uint32_t size_client_type_1 = 0; + uint32_t length_client_type_1 = 0; TALLOC_CTX *_mem_save_client_type_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); @@ -2801,11 +2879,13 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSessInfo2(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->client, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->client)); NDR_CHECK(ndr_pull_array_length(ndr, &r->client)); - if (ndr_get_array_length(ndr, &r->client) > ndr_get_array_size(ndr, &r->client)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->client), ndr_get_array_length(ndr, &r->client)); + size_client_1 = ndr_get_array_size(ndr, &r->client); + length_client_1 = ndr_get_array_length(ndr, &r->client); + if (length_client_1 > size_client_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_client_1, length_client_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->client), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->client, ndr_get_array_length(ndr, &r->client), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_client_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->client, length_client_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_client_0, 0); } if (r->user) { @@ -2813,11 +2893,13 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSessInfo2(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->user, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->user)); NDR_CHECK(ndr_pull_array_length(ndr, &r->user)); - if (ndr_get_array_length(ndr, &r->user) > ndr_get_array_size(ndr, &r->user)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->user), ndr_get_array_length(ndr, &r->user)); + size_user_1 = ndr_get_array_size(ndr, &r->user); + length_user_1 = ndr_get_array_length(ndr, &r->user); + if (length_user_1 > size_user_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_user_1, length_user_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->user), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->user, ndr_get_array_length(ndr, &r->user), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_user_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->user, length_user_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_user_0, 0); } if (r->client_type) { @@ -2825,11 +2907,13 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSessInfo2(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->client_type, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->client_type)); NDR_CHECK(ndr_pull_array_length(ndr, &r->client_type)); - if (ndr_get_array_length(ndr, &r->client_type) > ndr_get_array_size(ndr, &r->client_type)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->client_type), ndr_get_array_length(ndr, &r->client_type)); + size_client_type_1 = ndr_get_array_size(ndr, &r->client_type); + length_client_type_1 = ndr_get_array_length(ndr, &r->client_type); + if (length_client_type_1 > size_client_type_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_client_type_1, length_client_type_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->client_type), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->client_type, ndr_get_array_length(ndr, &r->client_type), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_client_type_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->client_type, length_client_type_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_client_type_0, 0); } } @@ -2890,6 +2974,7 @@ static enum ndr_err_code ndr_push_srvsvc_NetSessCtr2(struct ndr_push *ndr, int n static enum ndr_err_code ndr_pull_srvsvc_NetSessCtr2(struct ndr_pull *ndr, int ndr_flags, struct srvsvc_NetSessCtr2 *r) { uint32_t _ptr_array; + uint32_t size_array_1 = 0; uint32_t cntr_array_1; TALLOC_CTX *_mem_save_array_0; TALLOC_CTX *_mem_save_array_1; @@ -2908,13 +2993,14 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSessCtr2(struct ndr_pull *ndr, int n _mem_save_array_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->array)); - NDR_PULL_ALLOC_N(ndr, r->array, ndr_get_array_size(ndr, &r->array)); + size_array_1 = ndr_get_array_size(ndr, &r->array); + NDR_PULL_ALLOC_N(ndr, r->array, size_array_1); _mem_save_array_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); - for (cntr_array_1 = 0; cntr_array_1 < r->count; cntr_array_1++) { + for (cntr_array_1 = 0; cntr_array_1 < size_array_1; cntr_array_1++) { NDR_CHECK(ndr_pull_srvsvc_NetSessInfo2(ndr, NDR_SCALARS, &r->array[cntr_array_1])); } - for (cntr_array_1 = 0; cntr_array_1 < r->count; cntr_array_1++) { + for (cntr_array_1 = 0; cntr_array_1 < size_array_1; cntr_array_1++) { NDR_CHECK(ndr_pull_srvsvc_NetSessInfo2(ndr, NDR_BUFFERS, &r->array[cntr_array_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_array_1, 0); @@ -2980,8 +3066,12 @@ static enum ndr_err_code ndr_push_srvsvc_NetSessInfo10(struct ndr_push *ndr, int static enum ndr_err_code ndr_pull_srvsvc_NetSessInfo10(struct ndr_pull *ndr, int ndr_flags, struct srvsvc_NetSessInfo10 *r) { uint32_t _ptr_client; + uint32_t size_client_1 = 0; + uint32_t length_client_1 = 0; TALLOC_CTX *_mem_save_client_0; uint32_t _ptr_user; + uint32_t size_user_1 = 0; + uint32_t length_user_1 = 0; TALLOC_CTX *_mem_save_user_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); @@ -3006,11 +3096,13 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSessInfo10(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->client, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->client)); NDR_CHECK(ndr_pull_array_length(ndr, &r->client)); - if (ndr_get_array_length(ndr, &r->client) > ndr_get_array_size(ndr, &r->client)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->client), ndr_get_array_length(ndr, &r->client)); + size_client_1 = ndr_get_array_size(ndr, &r->client); + length_client_1 = ndr_get_array_length(ndr, &r->client); + if (length_client_1 > size_client_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_client_1, length_client_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->client), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->client, ndr_get_array_length(ndr, &r->client), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_client_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->client, length_client_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_client_0, 0); } if (r->user) { @@ -3018,11 +3110,13 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSessInfo10(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->user, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->user)); NDR_CHECK(ndr_pull_array_length(ndr, &r->user)); - if (ndr_get_array_length(ndr, &r->user) > ndr_get_array_size(ndr, &r->user)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->user), ndr_get_array_length(ndr, &r->user)); + size_user_1 = ndr_get_array_size(ndr, &r->user); + length_user_1 = ndr_get_array_length(ndr, &r->user); + if (length_user_1 > size_user_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_user_1, length_user_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->user), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->user, ndr_get_array_length(ndr, &r->user), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_user_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->user, length_user_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_user_0, 0); } } @@ -3075,6 +3169,7 @@ static enum ndr_err_code ndr_push_srvsvc_NetSessCtr10(struct ndr_push *ndr, int static enum ndr_err_code ndr_pull_srvsvc_NetSessCtr10(struct ndr_pull *ndr, int ndr_flags, struct srvsvc_NetSessCtr10 *r) { uint32_t _ptr_array; + uint32_t size_array_1 = 0; uint32_t cntr_array_1; TALLOC_CTX *_mem_save_array_0; TALLOC_CTX *_mem_save_array_1; @@ -3093,13 +3188,14 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSessCtr10(struct ndr_pull *ndr, int _mem_save_array_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->array)); - NDR_PULL_ALLOC_N(ndr, r->array, ndr_get_array_size(ndr, &r->array)); + size_array_1 = ndr_get_array_size(ndr, &r->array); + NDR_PULL_ALLOC_N(ndr, r->array, size_array_1); _mem_save_array_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); - for (cntr_array_1 = 0; cntr_array_1 < r->count; cntr_array_1++) { + for (cntr_array_1 = 0; cntr_array_1 < size_array_1; cntr_array_1++) { NDR_CHECK(ndr_pull_srvsvc_NetSessInfo10(ndr, NDR_SCALARS, &r->array[cntr_array_1])); } - for (cntr_array_1 = 0; cntr_array_1 < r->count; cntr_array_1++) { + for (cntr_array_1 = 0; cntr_array_1 < size_array_1; cntr_array_1++) { NDR_CHECK(ndr_pull_srvsvc_NetSessInfo10(ndr, NDR_BUFFERS, &r->array[cntr_array_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_array_1, 0); @@ -3181,12 +3277,20 @@ static enum ndr_err_code ndr_push_srvsvc_NetSessInfo502(struct ndr_push *ndr, in static enum ndr_err_code ndr_pull_srvsvc_NetSessInfo502(struct ndr_pull *ndr, int ndr_flags, struct srvsvc_NetSessInfo502 *r) { uint32_t _ptr_client; + uint32_t size_client_1 = 0; + uint32_t length_client_1 = 0; TALLOC_CTX *_mem_save_client_0; uint32_t _ptr_user; + uint32_t size_user_1 = 0; + uint32_t length_user_1 = 0; TALLOC_CTX *_mem_save_user_0; uint32_t _ptr_client_type; + uint32_t size_client_type_1 = 0; + uint32_t length_client_type_1 = 0; TALLOC_CTX *_mem_save_client_type_0; uint32_t _ptr_transport; + uint32_t size_transport_1 = 0; + uint32_t length_transport_1 = 0; TALLOC_CTX *_mem_save_transport_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); @@ -3225,11 +3329,13 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSessInfo502(struct ndr_pull *ndr, in NDR_PULL_SET_MEM_CTX(ndr, r->client, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->client)); NDR_CHECK(ndr_pull_array_length(ndr, &r->client)); - if (ndr_get_array_length(ndr, &r->client) > ndr_get_array_size(ndr, &r->client)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->client), ndr_get_array_length(ndr, &r->client)); + size_client_1 = ndr_get_array_size(ndr, &r->client); + length_client_1 = ndr_get_array_length(ndr, &r->client); + if (length_client_1 > size_client_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_client_1, length_client_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->client), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->client, ndr_get_array_length(ndr, &r->client), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_client_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->client, length_client_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_client_0, 0); } if (r->user) { @@ -3237,11 +3343,13 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSessInfo502(struct ndr_pull *ndr, in NDR_PULL_SET_MEM_CTX(ndr, r->user, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->user)); NDR_CHECK(ndr_pull_array_length(ndr, &r->user)); - if (ndr_get_array_length(ndr, &r->user) > ndr_get_array_size(ndr, &r->user)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->user), ndr_get_array_length(ndr, &r->user)); + size_user_1 = ndr_get_array_size(ndr, &r->user); + length_user_1 = ndr_get_array_length(ndr, &r->user); + if (length_user_1 > size_user_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_user_1, length_user_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->user), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->user, ndr_get_array_length(ndr, &r->user), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_user_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->user, length_user_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_user_0, 0); } if (r->client_type) { @@ -3249,11 +3357,13 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSessInfo502(struct ndr_pull *ndr, in NDR_PULL_SET_MEM_CTX(ndr, r->client_type, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->client_type)); NDR_CHECK(ndr_pull_array_length(ndr, &r->client_type)); - if (ndr_get_array_length(ndr, &r->client_type) > ndr_get_array_size(ndr, &r->client_type)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->client_type), ndr_get_array_length(ndr, &r->client_type)); + size_client_type_1 = ndr_get_array_size(ndr, &r->client_type); + length_client_type_1 = ndr_get_array_length(ndr, &r->client_type); + if (length_client_type_1 > size_client_type_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_client_type_1, length_client_type_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->client_type), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->client_type, ndr_get_array_length(ndr, &r->client_type), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_client_type_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->client_type, length_client_type_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_client_type_0, 0); } if (r->transport) { @@ -3261,11 +3371,13 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSessInfo502(struct ndr_pull *ndr, in NDR_PULL_SET_MEM_CTX(ndr, r->transport, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->transport)); NDR_CHECK(ndr_pull_array_length(ndr, &r->transport)); - if (ndr_get_array_length(ndr, &r->transport) > ndr_get_array_size(ndr, &r->transport)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->transport), ndr_get_array_length(ndr, &r->transport)); + size_transport_1 = ndr_get_array_size(ndr, &r->transport); + length_transport_1 = ndr_get_array_length(ndr, &r->transport); + if (length_transport_1 > size_transport_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_transport_1, length_transport_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->transport), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->transport, ndr_get_array_length(ndr, &r->transport), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_transport_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->transport, length_transport_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_transport_0, 0); } } @@ -3332,6 +3444,7 @@ static enum ndr_err_code ndr_push_srvsvc_NetSessCtr502(struct ndr_push *ndr, int static enum ndr_err_code ndr_pull_srvsvc_NetSessCtr502(struct ndr_pull *ndr, int ndr_flags, struct srvsvc_NetSessCtr502 *r) { uint32_t _ptr_array; + uint32_t size_array_1 = 0; uint32_t cntr_array_1; TALLOC_CTX *_mem_save_array_0; TALLOC_CTX *_mem_save_array_1; @@ -3350,13 +3463,14 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSessCtr502(struct ndr_pull *ndr, int _mem_save_array_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->array)); - NDR_PULL_ALLOC_N(ndr, r->array, ndr_get_array_size(ndr, &r->array)); + size_array_1 = ndr_get_array_size(ndr, &r->array); + NDR_PULL_ALLOC_N(ndr, r->array, size_array_1); _mem_save_array_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); - for (cntr_array_1 = 0; cntr_array_1 < r->count; cntr_array_1++) { + for (cntr_array_1 = 0; cntr_array_1 < size_array_1; cntr_array_1++) { NDR_CHECK(ndr_pull_srvsvc_NetSessInfo502(ndr, NDR_SCALARS, &r->array[cntr_array_1])); } - for (cntr_array_1 = 0; cntr_array_1 < r->count; cntr_array_1++) { + for (cntr_array_1 = 0; cntr_array_1 < size_array_1; cntr_array_1++) { NDR_CHECK(ndr_pull_srvsvc_NetSessInfo502(ndr, NDR_BUFFERS, &r->array[cntr_array_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_array_1, 0); @@ -3470,10 +3584,15 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSessCtr(struct ndr_pull *ndr, int nd int level; uint32_t _level; TALLOC_CTX *_mem_save_ctr0_0; + uint32_t _ptr_ctr0; TALLOC_CTX *_mem_save_ctr1_0; + uint32_t _ptr_ctr1; TALLOC_CTX *_mem_save_ctr2_0; + uint32_t _ptr_ctr2; TALLOC_CTX *_mem_save_ctr10_0; + uint32_t _ptr_ctr10; TALLOC_CTX *_mem_save_ctr502_0; + uint32_t _ptr_ctr502; level = ndr_pull_get_switch_value(ndr, r); if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &_level)); @@ -3482,7 +3601,6 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSessCtr(struct ndr_pull *ndr, int nd } switch (level) { case 0: { - uint32_t _ptr_ctr0; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_ctr0)); if (_ptr_ctr0) { NDR_PULL_ALLOC(ndr, r->ctr0); @@ -3492,7 +3610,6 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSessCtr(struct ndr_pull *ndr, int nd break; } case 1: { - uint32_t _ptr_ctr1; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_ctr1)); if (_ptr_ctr1) { NDR_PULL_ALLOC(ndr, r->ctr1); @@ -3502,7 +3619,6 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSessCtr(struct ndr_pull *ndr, int nd break; } case 2: { - uint32_t _ptr_ctr2; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_ctr2)); if (_ptr_ctr2) { NDR_PULL_ALLOC(ndr, r->ctr2); @@ -3512,7 +3628,6 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSessCtr(struct ndr_pull *ndr, int nd break; } case 10: { - uint32_t _ptr_ctr10; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_ctr10)); if (_ptr_ctr10) { NDR_PULL_ALLOC(ndr, r->ctr10); @@ -3522,7 +3637,6 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSessCtr(struct ndr_pull *ndr, int nd break; } case 502: { - uint32_t _ptr_ctr502; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_ctr502)); if (_ptr_ctr502) { NDR_PULL_ALLOC(ndr, r->ctr502); @@ -3756,6 +3870,8 @@ static enum ndr_err_code ndr_push_srvsvc_NetShareInfo0(struct ndr_push *ndr, int static enum ndr_err_code ndr_pull_srvsvc_NetShareInfo0(struct ndr_pull *ndr, int ndr_flags, struct srvsvc_NetShareInfo0 *r) { uint32_t _ptr_name; + uint32_t size_name_1 = 0; + uint32_t length_name_1 = 0; TALLOC_CTX *_mem_save_name_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); @@ -3772,11 +3888,13 @@ static enum ndr_err_code ndr_pull_srvsvc_NetShareInfo0(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->name)); - if (ndr_get_array_length(ndr, &r->name) > ndr_get_array_size(ndr, &r->name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->name), ndr_get_array_length(ndr, &r->name)); + size_name_1 = ndr_get_array_size(ndr, &r->name); + length_name_1 = ndr_get_array_length(ndr, &r->name); + if (length_name_1 > size_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_name_1, length_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->name, ndr_get_array_length(ndr, &r->name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->name, length_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_name_0, 0); } } @@ -3821,6 +3939,7 @@ static enum ndr_err_code ndr_push_srvsvc_NetShareCtr0(struct ndr_push *ndr, int static enum ndr_err_code ndr_pull_srvsvc_NetShareCtr0(struct ndr_pull *ndr, int ndr_flags, struct srvsvc_NetShareCtr0 *r) { uint32_t _ptr_array; + uint32_t size_array_1 = 0; uint32_t cntr_array_1; TALLOC_CTX *_mem_save_array_0; TALLOC_CTX *_mem_save_array_1; @@ -3839,13 +3958,14 @@ static enum ndr_err_code ndr_pull_srvsvc_NetShareCtr0(struct ndr_pull *ndr, int _mem_save_array_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->array)); - NDR_PULL_ALLOC_N(ndr, r->array, ndr_get_array_size(ndr, &r->array)); + size_array_1 = ndr_get_array_size(ndr, &r->array); + NDR_PULL_ALLOC_N(ndr, r->array, size_array_1); _mem_save_array_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); - for (cntr_array_1 = 0; cntr_array_1 < r->count; cntr_array_1++) { + for (cntr_array_1 = 0; cntr_array_1 < size_array_1; cntr_array_1++) { NDR_CHECK(ndr_pull_srvsvc_NetShareInfo0(ndr, NDR_SCALARS, &r->array[cntr_array_1])); } - for (cntr_array_1 = 0; cntr_array_1 < r->count; cntr_array_1++) { + for (cntr_array_1 = 0; cntr_array_1 < size_array_1; cntr_array_1++) { NDR_CHECK(ndr_pull_srvsvc_NetShareInfo0(ndr, NDR_BUFFERS, &r->array[cntr_array_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_array_1, 0); @@ -3910,8 +4030,12 @@ static enum ndr_err_code ndr_push_srvsvc_NetShareInfo1(struct ndr_push *ndr, int static enum ndr_err_code ndr_pull_srvsvc_NetShareInfo1(struct ndr_pull *ndr, int ndr_flags, struct srvsvc_NetShareInfo1 *r) { uint32_t _ptr_name; + uint32_t size_name_1 = 0; + uint32_t length_name_1 = 0; TALLOC_CTX *_mem_save_name_0; uint32_t _ptr_comment; + uint32_t size_comment_1 = 0; + uint32_t length_comment_1 = 0; TALLOC_CTX *_mem_save_comment_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); @@ -3935,11 +4059,13 @@ static enum ndr_err_code ndr_pull_srvsvc_NetShareInfo1(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->name)); - if (ndr_get_array_length(ndr, &r->name) > ndr_get_array_size(ndr, &r->name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->name), ndr_get_array_length(ndr, &r->name)); + size_name_1 = ndr_get_array_size(ndr, &r->name); + length_name_1 = ndr_get_array_length(ndr, &r->name); + if (length_name_1 > size_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_name_1, length_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->name, ndr_get_array_length(ndr, &r->name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->name, length_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_name_0, 0); } if (r->comment) { @@ -3947,11 +4073,13 @@ static enum ndr_err_code ndr_pull_srvsvc_NetShareInfo1(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->comment, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->comment)); NDR_CHECK(ndr_pull_array_length(ndr, &r->comment)); - if (ndr_get_array_length(ndr, &r->comment) > ndr_get_array_size(ndr, &r->comment)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->comment), ndr_get_array_length(ndr, &r->comment)); + size_comment_1 = ndr_get_array_size(ndr, &r->comment); + length_comment_1 = ndr_get_array_length(ndr, &r->comment); + if (length_comment_1 > size_comment_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_comment_1, length_comment_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->comment), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->comment, ndr_get_array_length(ndr, &r->comment), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_comment_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->comment, length_comment_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_comment_0, 0); } } @@ -4003,6 +4131,7 @@ static enum ndr_err_code ndr_push_srvsvc_NetShareCtr1(struct ndr_push *ndr, int static enum ndr_err_code ndr_pull_srvsvc_NetShareCtr1(struct ndr_pull *ndr, int ndr_flags, struct srvsvc_NetShareCtr1 *r) { uint32_t _ptr_array; + uint32_t size_array_1 = 0; uint32_t cntr_array_1; TALLOC_CTX *_mem_save_array_0; TALLOC_CTX *_mem_save_array_1; @@ -4021,13 +4150,14 @@ static enum ndr_err_code ndr_pull_srvsvc_NetShareCtr1(struct ndr_pull *ndr, int _mem_save_array_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->array)); - NDR_PULL_ALLOC_N(ndr, r->array, ndr_get_array_size(ndr, &r->array)); + size_array_1 = ndr_get_array_size(ndr, &r->array); + NDR_PULL_ALLOC_N(ndr, r->array, size_array_1); _mem_save_array_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); - for (cntr_array_1 = 0; cntr_array_1 < r->count; cntr_array_1++) { + for (cntr_array_1 = 0; cntr_array_1 < size_array_1; cntr_array_1++) { NDR_CHECK(ndr_pull_srvsvc_NetShareInfo1(ndr, NDR_SCALARS, &r->array[cntr_array_1])); } - for (cntr_array_1 = 0; cntr_array_1 < r->count; cntr_array_1++) { + for (cntr_array_1 = 0; cntr_array_1 < size_array_1; cntr_array_1++) { NDR_CHECK(ndr_pull_srvsvc_NetShareInfo1(ndr, NDR_BUFFERS, &r->array[cntr_array_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_array_1, 0); @@ -4109,12 +4239,20 @@ static enum ndr_err_code ndr_push_srvsvc_NetShareInfo2(struct ndr_push *ndr, int static enum ndr_err_code ndr_pull_srvsvc_NetShareInfo2(struct ndr_pull *ndr, int ndr_flags, struct srvsvc_NetShareInfo2 *r) { uint32_t _ptr_name; + uint32_t size_name_1 = 0; + uint32_t length_name_1 = 0; TALLOC_CTX *_mem_save_name_0; uint32_t _ptr_comment; + uint32_t size_comment_1 = 0; + uint32_t length_comment_1 = 0; TALLOC_CTX *_mem_save_comment_0; uint32_t _ptr_path; + uint32_t size_path_1 = 0; + uint32_t length_path_1 = 0; TALLOC_CTX *_mem_save_path_0; uint32_t _ptr_password; + uint32_t size_password_1 = 0; + uint32_t length_password_1 = 0; TALLOC_CTX *_mem_save_password_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); @@ -4153,11 +4291,13 @@ static enum ndr_err_code ndr_pull_srvsvc_NetShareInfo2(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->name)); - if (ndr_get_array_length(ndr, &r->name) > ndr_get_array_size(ndr, &r->name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->name), ndr_get_array_length(ndr, &r->name)); + size_name_1 = ndr_get_array_size(ndr, &r->name); + length_name_1 = ndr_get_array_length(ndr, &r->name); + if (length_name_1 > size_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_name_1, length_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->name, ndr_get_array_length(ndr, &r->name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->name, length_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_name_0, 0); } if (r->comment) { @@ -4165,11 +4305,13 @@ static enum ndr_err_code ndr_pull_srvsvc_NetShareInfo2(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->comment, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->comment)); NDR_CHECK(ndr_pull_array_length(ndr, &r->comment)); - if (ndr_get_array_length(ndr, &r->comment) > ndr_get_array_size(ndr, &r->comment)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->comment), ndr_get_array_length(ndr, &r->comment)); + size_comment_1 = ndr_get_array_size(ndr, &r->comment); + length_comment_1 = ndr_get_array_length(ndr, &r->comment); + if (length_comment_1 > size_comment_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_comment_1, length_comment_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->comment), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->comment, ndr_get_array_length(ndr, &r->comment), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_comment_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->comment, length_comment_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_comment_0, 0); } if (r->path) { @@ -4177,11 +4319,13 @@ static enum ndr_err_code ndr_pull_srvsvc_NetShareInfo2(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->path, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->path)); NDR_CHECK(ndr_pull_array_length(ndr, &r->path)); - if (ndr_get_array_length(ndr, &r->path) > ndr_get_array_size(ndr, &r->path)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->path), ndr_get_array_length(ndr, &r->path)); + size_path_1 = ndr_get_array_size(ndr, &r->path); + length_path_1 = ndr_get_array_length(ndr, &r->path); + if (length_path_1 > size_path_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_path_1, length_path_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->path), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->path, ndr_get_array_length(ndr, &r->path), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_path_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->path, length_path_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_path_0, 0); } if (r->password) { @@ -4189,11 +4333,13 @@ static enum ndr_err_code ndr_pull_srvsvc_NetShareInfo2(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->password, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->password)); NDR_CHECK(ndr_pull_array_length(ndr, &r->password)); - if (ndr_get_array_length(ndr, &r->password) > ndr_get_array_size(ndr, &r->password)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->password), ndr_get_array_length(ndr, &r->password)); + size_password_1 = ndr_get_array_size(ndr, &r->password); + length_password_1 = ndr_get_array_length(ndr, &r->password); + if (length_password_1 > size_password_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_password_1, length_password_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->password), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->password, ndr_get_array_length(ndr, &r->password), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_password_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->password, length_password_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_password_0, 0); } } @@ -4260,6 +4406,7 @@ static enum ndr_err_code ndr_push_srvsvc_NetShareCtr2(struct ndr_push *ndr, int static enum ndr_err_code ndr_pull_srvsvc_NetShareCtr2(struct ndr_pull *ndr, int ndr_flags, struct srvsvc_NetShareCtr2 *r) { uint32_t _ptr_array; + uint32_t size_array_1 = 0; uint32_t cntr_array_1; TALLOC_CTX *_mem_save_array_0; TALLOC_CTX *_mem_save_array_1; @@ -4278,13 +4425,14 @@ static enum ndr_err_code ndr_pull_srvsvc_NetShareCtr2(struct ndr_pull *ndr, int _mem_save_array_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->array)); - NDR_PULL_ALLOC_N(ndr, r->array, ndr_get_array_size(ndr, &r->array)); + size_array_1 = ndr_get_array_size(ndr, &r->array); + NDR_PULL_ALLOC_N(ndr, r->array, size_array_1); _mem_save_array_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); - for (cntr_array_1 = 0; cntr_array_1 < r->count; cntr_array_1++) { + for (cntr_array_1 = 0; cntr_array_1 < size_array_1; cntr_array_1++) { NDR_CHECK(ndr_pull_srvsvc_NetShareInfo2(ndr, NDR_SCALARS, &r->array[cntr_array_1])); } - for (cntr_array_1 = 0; cntr_array_1 < r->count; cntr_array_1++) { + for (cntr_array_1 = 0; cntr_array_1 < size_array_1; cntr_array_1++) { NDR_CHECK(ndr_pull_srvsvc_NetShareInfo2(ndr, NDR_BUFFERS, &r->array[cntr_array_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_array_1, 0); @@ -4350,8 +4498,12 @@ static enum ndr_err_code ndr_push_srvsvc_NetShareInfo501(struct ndr_push *ndr, i static enum ndr_err_code ndr_pull_srvsvc_NetShareInfo501(struct ndr_pull *ndr, int ndr_flags, struct srvsvc_NetShareInfo501 *r) { uint32_t _ptr_name; + uint32_t size_name_1 = 0; + uint32_t length_name_1 = 0; TALLOC_CTX *_mem_save_name_0; uint32_t _ptr_comment; + uint32_t size_comment_1 = 0; + uint32_t length_comment_1 = 0; TALLOC_CTX *_mem_save_comment_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); @@ -4376,11 +4528,13 @@ static enum ndr_err_code ndr_pull_srvsvc_NetShareInfo501(struct ndr_pull *ndr, i NDR_PULL_SET_MEM_CTX(ndr, r->name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->name)); - if (ndr_get_array_length(ndr, &r->name) > ndr_get_array_size(ndr, &r->name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->name), ndr_get_array_length(ndr, &r->name)); + size_name_1 = ndr_get_array_size(ndr, &r->name); + length_name_1 = ndr_get_array_length(ndr, &r->name); + if (length_name_1 > size_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_name_1, length_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->name, ndr_get_array_length(ndr, &r->name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->name, length_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_name_0, 0); } if (r->comment) { @@ -4388,11 +4542,13 @@ static enum ndr_err_code ndr_pull_srvsvc_NetShareInfo501(struct ndr_pull *ndr, i NDR_PULL_SET_MEM_CTX(ndr, r->comment, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->comment)); NDR_CHECK(ndr_pull_array_length(ndr, &r->comment)); - if (ndr_get_array_length(ndr, &r->comment) > ndr_get_array_size(ndr, &r->comment)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->comment), ndr_get_array_length(ndr, &r->comment)); + size_comment_1 = ndr_get_array_size(ndr, &r->comment); + length_comment_1 = ndr_get_array_length(ndr, &r->comment); + if (length_comment_1 > size_comment_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_comment_1, length_comment_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->comment), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->comment, ndr_get_array_length(ndr, &r->comment), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_comment_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->comment, length_comment_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_comment_0, 0); } } @@ -4445,6 +4601,7 @@ static enum ndr_err_code ndr_push_srvsvc_NetShareCtr501(struct ndr_push *ndr, in static enum ndr_err_code ndr_pull_srvsvc_NetShareCtr501(struct ndr_pull *ndr, int ndr_flags, struct srvsvc_NetShareCtr501 *r) { uint32_t _ptr_array; + uint32_t size_array_1 = 0; uint32_t cntr_array_1; TALLOC_CTX *_mem_save_array_0; TALLOC_CTX *_mem_save_array_1; @@ -4463,13 +4620,14 @@ static enum ndr_err_code ndr_pull_srvsvc_NetShareCtr501(struct ndr_pull *ndr, in _mem_save_array_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->array)); - NDR_PULL_ALLOC_N(ndr, r->array, ndr_get_array_size(ndr, &r->array)); + size_array_1 = ndr_get_array_size(ndr, &r->array); + NDR_PULL_ALLOC_N(ndr, r->array, size_array_1); _mem_save_array_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); - for (cntr_array_1 = 0; cntr_array_1 < r->count; cntr_array_1++) { + for (cntr_array_1 = 0; cntr_array_1 < size_array_1; cntr_array_1++) { NDR_CHECK(ndr_pull_srvsvc_NetShareInfo501(ndr, NDR_SCALARS, &r->array[cntr_array_1])); } - for (cntr_array_1 = 0; cntr_array_1 < r->count; cntr_array_1++) { + for (cntr_array_1 = 0; cntr_array_1 < size_array_1; cntr_array_1++) { NDR_CHECK(ndr_pull_srvsvc_NetShareInfo501(ndr, NDR_BUFFERS, &r->array[cntr_array_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_array_1, 0); @@ -4553,12 +4711,20 @@ static enum ndr_err_code ndr_push_srvsvc_NetShareInfo502(struct ndr_push *ndr, i static enum ndr_err_code ndr_pull_srvsvc_NetShareInfo502(struct ndr_pull *ndr, int ndr_flags, struct srvsvc_NetShareInfo502 *r) { uint32_t _ptr_name; + uint32_t size_name_1 = 0; + uint32_t length_name_1 = 0; TALLOC_CTX *_mem_save_name_0; uint32_t _ptr_comment; + uint32_t size_comment_1 = 0; + uint32_t length_comment_1 = 0; TALLOC_CTX *_mem_save_comment_0; uint32_t _ptr_path; + uint32_t size_path_1 = 0; + uint32_t length_path_1 = 0; TALLOC_CTX *_mem_save_path_0; uint32_t _ptr_password; + uint32_t size_password_1 = 0; + uint32_t length_password_1 = 0; TALLOC_CTX *_mem_save_password_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); @@ -4598,11 +4764,13 @@ static enum ndr_err_code ndr_pull_srvsvc_NetShareInfo502(struct ndr_pull *ndr, i NDR_PULL_SET_MEM_CTX(ndr, r->name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->name)); - if (ndr_get_array_length(ndr, &r->name) > ndr_get_array_size(ndr, &r->name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->name), ndr_get_array_length(ndr, &r->name)); + size_name_1 = ndr_get_array_size(ndr, &r->name); + length_name_1 = ndr_get_array_length(ndr, &r->name); + if (length_name_1 > size_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_name_1, length_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->name, ndr_get_array_length(ndr, &r->name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->name, length_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_name_0, 0); } if (r->comment) { @@ -4610,11 +4778,13 @@ static enum ndr_err_code ndr_pull_srvsvc_NetShareInfo502(struct ndr_pull *ndr, i NDR_PULL_SET_MEM_CTX(ndr, r->comment, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->comment)); NDR_CHECK(ndr_pull_array_length(ndr, &r->comment)); - if (ndr_get_array_length(ndr, &r->comment) > ndr_get_array_size(ndr, &r->comment)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->comment), ndr_get_array_length(ndr, &r->comment)); + size_comment_1 = ndr_get_array_size(ndr, &r->comment); + length_comment_1 = ndr_get_array_length(ndr, &r->comment); + if (length_comment_1 > size_comment_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_comment_1, length_comment_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->comment), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->comment, ndr_get_array_length(ndr, &r->comment), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_comment_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->comment, length_comment_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_comment_0, 0); } if (r->path) { @@ -4622,11 +4792,13 @@ static enum ndr_err_code ndr_pull_srvsvc_NetShareInfo502(struct ndr_pull *ndr, i NDR_PULL_SET_MEM_CTX(ndr, r->path, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->path)); NDR_CHECK(ndr_pull_array_length(ndr, &r->path)); - if (ndr_get_array_length(ndr, &r->path) > ndr_get_array_size(ndr, &r->path)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->path), ndr_get_array_length(ndr, &r->path)); + size_path_1 = ndr_get_array_size(ndr, &r->path); + length_path_1 = ndr_get_array_length(ndr, &r->path); + if (length_path_1 > size_path_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_path_1, length_path_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->path), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->path, ndr_get_array_length(ndr, &r->path), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_path_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->path, length_path_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_path_0, 0); } if (r->password) { @@ -4634,11 +4806,13 @@ static enum ndr_err_code ndr_pull_srvsvc_NetShareInfo502(struct ndr_pull *ndr, i NDR_PULL_SET_MEM_CTX(ndr, r->password, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->password)); NDR_CHECK(ndr_pull_array_length(ndr, &r->password)); - if (ndr_get_array_length(ndr, &r->password) > ndr_get_array_size(ndr, &r->password)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->password), ndr_get_array_length(ndr, &r->password)); + size_password_1 = ndr_get_array_size(ndr, &r->password); + length_password_1 = ndr_get_array_length(ndr, &r->password); + if (length_password_1 > size_password_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_password_1, length_password_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->password), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->password, ndr_get_array_length(ndr, &r->password), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_password_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->password, length_password_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_password_0, 0); } NDR_CHECK(ndr_pull_sec_desc_buf(ndr, NDR_BUFFERS, &r->sd_buf)); @@ -4707,6 +4881,7 @@ static enum ndr_err_code ndr_push_srvsvc_NetShareCtr502(struct ndr_push *ndr, in static enum ndr_err_code ndr_pull_srvsvc_NetShareCtr502(struct ndr_pull *ndr, int ndr_flags, struct srvsvc_NetShareCtr502 *r) { uint32_t _ptr_array; + uint32_t size_array_1 = 0; uint32_t cntr_array_1; TALLOC_CTX *_mem_save_array_0; TALLOC_CTX *_mem_save_array_1; @@ -4725,13 +4900,14 @@ static enum ndr_err_code ndr_pull_srvsvc_NetShareCtr502(struct ndr_pull *ndr, in _mem_save_array_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->array)); - NDR_PULL_ALLOC_N(ndr, r->array, ndr_get_array_size(ndr, &r->array)); + size_array_1 = ndr_get_array_size(ndr, &r->array); + NDR_PULL_ALLOC_N(ndr, r->array, size_array_1); _mem_save_array_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); - for (cntr_array_1 = 0; cntr_array_1 < r->count; cntr_array_1++) { + for (cntr_array_1 = 0; cntr_array_1 < size_array_1; cntr_array_1++) { NDR_CHECK(ndr_pull_srvsvc_NetShareInfo502(ndr, NDR_SCALARS, &r->array[cntr_array_1])); } - for (cntr_array_1 = 0; cntr_array_1 < r->count; cntr_array_1++) { + for (cntr_array_1 = 0; cntr_array_1 < size_array_1; cntr_array_1++) { NDR_CHECK(ndr_pull_srvsvc_NetShareInfo502(ndr, NDR_BUFFERS, &r->array[cntr_array_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_array_1, 0); @@ -4788,6 +4964,8 @@ static enum ndr_err_code ndr_push_srvsvc_NetShareInfo1004(struct ndr_push *ndr, static enum ndr_err_code ndr_pull_srvsvc_NetShareInfo1004(struct ndr_pull *ndr, int ndr_flags, struct srvsvc_NetShareInfo1004 *r) { uint32_t _ptr_comment; + uint32_t size_comment_1 = 0; + uint32_t length_comment_1 = 0; TALLOC_CTX *_mem_save_comment_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); @@ -4804,11 +4982,13 @@ static enum ndr_err_code ndr_pull_srvsvc_NetShareInfo1004(struct ndr_pull *ndr, NDR_PULL_SET_MEM_CTX(ndr, r->comment, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->comment)); NDR_CHECK(ndr_pull_array_length(ndr, &r->comment)); - if (ndr_get_array_length(ndr, &r->comment) > ndr_get_array_size(ndr, &r->comment)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->comment), ndr_get_array_length(ndr, &r->comment)); + size_comment_1 = ndr_get_array_size(ndr, &r->comment); + length_comment_1 = ndr_get_array_length(ndr, &r->comment); + if (length_comment_1 > size_comment_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_comment_1, length_comment_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->comment), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->comment, ndr_get_array_length(ndr, &r->comment), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_comment_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->comment, length_comment_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_comment_0, 0); } } @@ -4853,6 +5033,7 @@ static enum ndr_err_code ndr_push_srvsvc_NetShareCtr1004(struct ndr_push *ndr, i static enum ndr_err_code ndr_pull_srvsvc_NetShareCtr1004(struct ndr_pull *ndr, int ndr_flags, struct srvsvc_NetShareCtr1004 *r) { uint32_t _ptr_array; + uint32_t size_array_1 = 0; uint32_t cntr_array_1; TALLOC_CTX *_mem_save_array_0; TALLOC_CTX *_mem_save_array_1; @@ -4871,13 +5052,14 @@ static enum ndr_err_code ndr_pull_srvsvc_NetShareCtr1004(struct ndr_pull *ndr, i _mem_save_array_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->array)); - NDR_PULL_ALLOC_N(ndr, r->array, ndr_get_array_size(ndr, &r->array)); + size_array_1 = ndr_get_array_size(ndr, &r->array); + NDR_PULL_ALLOC_N(ndr, r->array, size_array_1); _mem_save_array_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); - for (cntr_array_1 = 0; cntr_array_1 < r->count; cntr_array_1++) { + for (cntr_array_1 = 0; cntr_array_1 < size_array_1; cntr_array_1++) { NDR_CHECK(ndr_pull_srvsvc_NetShareInfo1004(ndr, NDR_SCALARS, &r->array[cntr_array_1])); } - for (cntr_array_1 = 0; cntr_array_1 < r->count; cntr_array_1++) { + for (cntr_array_1 = 0; cntr_array_1 < size_array_1; cntr_array_1++) { NDR_CHECK(ndr_pull_srvsvc_NetShareInfo1004(ndr, NDR_BUFFERS, &r->array[cntr_array_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_array_1, 0); @@ -4989,6 +5171,7 @@ static enum ndr_err_code ndr_push_srvsvc_NetShareCtr1005(struct ndr_push *ndr, i static enum ndr_err_code ndr_pull_srvsvc_NetShareCtr1005(struct ndr_pull *ndr, int ndr_flags, struct srvsvc_NetShareCtr1005 *r) { uint32_t _ptr_array; + uint32_t size_array_1 = 0; uint32_t cntr_array_1; TALLOC_CTX *_mem_save_array_0; TALLOC_CTX *_mem_save_array_1; @@ -5007,10 +5190,11 @@ static enum ndr_err_code ndr_pull_srvsvc_NetShareCtr1005(struct ndr_pull *ndr, i _mem_save_array_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->array)); - NDR_PULL_ALLOC_N(ndr, r->array, ndr_get_array_size(ndr, &r->array)); + size_array_1 = ndr_get_array_size(ndr, &r->array); + NDR_PULL_ALLOC_N(ndr, r->array, size_array_1); _mem_save_array_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); - for (cntr_array_1 = 0; cntr_array_1 < r->count; cntr_array_1++) { + for (cntr_array_1 = 0; cntr_array_1 < size_array_1; cntr_array_1++) { NDR_CHECK(ndr_pull_srvsvc_NetShareInfo1005(ndr, NDR_SCALARS, &r->array[cntr_array_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_array_1, 0); @@ -5099,6 +5283,7 @@ static enum ndr_err_code ndr_push_srvsvc_NetShareCtr1006(struct ndr_push *ndr, i static enum ndr_err_code ndr_pull_srvsvc_NetShareCtr1006(struct ndr_pull *ndr, int ndr_flags, struct srvsvc_NetShareCtr1006 *r) { uint32_t _ptr_array; + uint32_t size_array_1 = 0; uint32_t cntr_array_1; TALLOC_CTX *_mem_save_array_0; TALLOC_CTX *_mem_save_array_1; @@ -5117,10 +5302,11 @@ static enum ndr_err_code ndr_pull_srvsvc_NetShareCtr1006(struct ndr_pull *ndr, i _mem_save_array_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->array)); - NDR_PULL_ALLOC_N(ndr, r->array, ndr_get_array_size(ndr, &r->array)); + size_array_1 = ndr_get_array_size(ndr, &r->array); + NDR_PULL_ALLOC_N(ndr, r->array, size_array_1); _mem_save_array_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); - for (cntr_array_1 = 0; cntr_array_1 < r->count; cntr_array_1++) { + for (cntr_array_1 = 0; cntr_array_1 < size_array_1; cntr_array_1++) { NDR_CHECK(ndr_pull_srvsvc_NetShareInfo1006(ndr, NDR_SCALARS, &r->array[cntr_array_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_array_1, 0); @@ -5178,6 +5364,8 @@ static enum ndr_err_code ndr_push_srvsvc_NetShareInfo1007(struct ndr_push *ndr, static enum ndr_err_code ndr_pull_srvsvc_NetShareInfo1007(struct ndr_pull *ndr, int ndr_flags, struct srvsvc_NetShareInfo1007 *r) { uint32_t _ptr_alternate_directory_name; + uint32_t size_alternate_directory_name_1 = 0; + uint32_t length_alternate_directory_name_1 = 0; TALLOC_CTX *_mem_save_alternate_directory_name_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); @@ -5195,11 +5383,13 @@ static enum ndr_err_code ndr_pull_srvsvc_NetShareInfo1007(struct ndr_pull *ndr, NDR_PULL_SET_MEM_CTX(ndr, r->alternate_directory_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->alternate_directory_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->alternate_directory_name)); - if (ndr_get_array_length(ndr, &r->alternate_directory_name) > ndr_get_array_size(ndr, &r->alternate_directory_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->alternate_directory_name), ndr_get_array_length(ndr, &r->alternate_directory_name)); + size_alternate_directory_name_1 = ndr_get_array_size(ndr, &r->alternate_directory_name); + length_alternate_directory_name_1 = ndr_get_array_length(ndr, &r->alternate_directory_name); + if (length_alternate_directory_name_1 > size_alternate_directory_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_alternate_directory_name_1, length_alternate_directory_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->alternate_directory_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->alternate_directory_name, ndr_get_array_length(ndr, &r->alternate_directory_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_alternate_directory_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->alternate_directory_name, length_alternate_directory_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_alternate_directory_name_0, 0); } } @@ -5245,6 +5435,7 @@ static enum ndr_err_code ndr_push_srvsvc_NetShareCtr1007(struct ndr_push *ndr, i static enum ndr_err_code ndr_pull_srvsvc_NetShareCtr1007(struct ndr_pull *ndr, int ndr_flags, struct srvsvc_NetShareCtr1007 *r) { uint32_t _ptr_array; + uint32_t size_array_1 = 0; uint32_t cntr_array_1; TALLOC_CTX *_mem_save_array_0; TALLOC_CTX *_mem_save_array_1; @@ -5263,13 +5454,14 @@ static enum ndr_err_code ndr_pull_srvsvc_NetShareCtr1007(struct ndr_pull *ndr, i _mem_save_array_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->array)); - NDR_PULL_ALLOC_N(ndr, r->array, ndr_get_array_size(ndr, &r->array)); + size_array_1 = ndr_get_array_size(ndr, &r->array); + NDR_PULL_ALLOC_N(ndr, r->array, size_array_1); _mem_save_array_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); - for (cntr_array_1 = 0; cntr_array_1 < r->count; cntr_array_1++) { + for (cntr_array_1 = 0; cntr_array_1 < size_array_1; cntr_array_1++) { NDR_CHECK(ndr_pull_srvsvc_NetShareInfo1007(ndr, NDR_SCALARS, &r->array[cntr_array_1])); } - for (cntr_array_1 = 0; cntr_array_1 < r->count; cntr_array_1++) { + for (cntr_array_1 = 0; cntr_array_1 < size_array_1; cntr_array_1++) { NDR_CHECK(ndr_pull_srvsvc_NetShareInfo1007(ndr, NDR_BUFFERS, &r->array[cntr_array_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_array_1, 0); @@ -5331,6 +5523,7 @@ static enum ndr_err_code ndr_push_srvsvc_NetShareCtr1501(struct ndr_push *ndr, i static enum ndr_err_code ndr_pull_srvsvc_NetShareCtr1501(struct ndr_pull *ndr, int ndr_flags, struct srvsvc_NetShareCtr1501 *r) { uint32_t _ptr_array; + uint32_t size_array_1 = 0; uint32_t cntr_array_1; TALLOC_CTX *_mem_save_array_0; TALLOC_CTX *_mem_save_array_1; @@ -5349,13 +5542,14 @@ static enum ndr_err_code ndr_pull_srvsvc_NetShareCtr1501(struct ndr_pull *ndr, i _mem_save_array_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->array)); - NDR_PULL_ALLOC_N(ndr, r->array, ndr_get_array_size(ndr, &r->array)); + size_array_1 = ndr_get_array_size(ndr, &r->array); + NDR_PULL_ALLOC_N(ndr, r->array, size_array_1); _mem_save_array_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); - for (cntr_array_1 = 0; cntr_array_1 < r->count; cntr_array_1++) { + for (cntr_array_1 = 0; cntr_array_1 < size_array_1; cntr_array_1++) { NDR_CHECK(ndr_pull_sec_desc_buf(ndr, NDR_SCALARS, &r->array[cntr_array_1])); } - for (cntr_array_1 = 0; cntr_array_1 < r->count; cntr_array_1++) { + for (cntr_array_1 = 0; cntr_array_1 < size_array_1; cntr_array_1++) { NDR_CHECK(ndr_pull_sec_desc_buf(ndr, NDR_BUFFERS, &r->array[cntr_array_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_array_1, 0); @@ -5519,15 +5713,25 @@ static enum ndr_err_code ndr_pull_srvsvc_NetShareInfo(struct ndr_pull *ndr, int int level; uint32_t _level; TALLOC_CTX *_mem_save_info0_0; + uint32_t _ptr_info0; TALLOC_CTX *_mem_save_info1_0; + uint32_t _ptr_info1; TALLOC_CTX *_mem_save_info2_0; + uint32_t _ptr_info2; TALLOC_CTX *_mem_save_info501_0; + uint32_t _ptr_info501; TALLOC_CTX *_mem_save_info502_0; + uint32_t _ptr_info502; TALLOC_CTX *_mem_save_info1004_0; + uint32_t _ptr_info1004; TALLOC_CTX *_mem_save_info1005_0; + uint32_t _ptr_info1005; TALLOC_CTX *_mem_save_info1006_0; + uint32_t _ptr_info1006; TALLOC_CTX *_mem_save_info1007_0; + uint32_t _ptr_info1007; TALLOC_CTX *_mem_save_info1501_0; + uint32_t _ptr_info1501; level = ndr_pull_get_switch_value(ndr, r); if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &_level)); @@ -5536,7 +5740,6 @@ static enum ndr_err_code ndr_pull_srvsvc_NetShareInfo(struct ndr_pull *ndr, int } switch (level) { case 0: { - uint32_t _ptr_info0; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info0)); if (_ptr_info0) { NDR_PULL_ALLOC(ndr, r->info0); @@ -5546,7 +5749,6 @@ static enum ndr_err_code ndr_pull_srvsvc_NetShareInfo(struct ndr_pull *ndr, int break; } case 1: { - uint32_t _ptr_info1; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info1)); if (_ptr_info1) { NDR_PULL_ALLOC(ndr, r->info1); @@ -5556,7 +5758,6 @@ static enum ndr_err_code ndr_pull_srvsvc_NetShareInfo(struct ndr_pull *ndr, int break; } case 2: { - uint32_t _ptr_info2; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info2)); if (_ptr_info2) { NDR_PULL_ALLOC(ndr, r->info2); @@ -5566,7 +5767,6 @@ static enum ndr_err_code ndr_pull_srvsvc_NetShareInfo(struct ndr_pull *ndr, int break; } case 501: { - uint32_t _ptr_info501; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info501)); if (_ptr_info501) { NDR_PULL_ALLOC(ndr, r->info501); @@ -5576,7 +5776,6 @@ static enum ndr_err_code ndr_pull_srvsvc_NetShareInfo(struct ndr_pull *ndr, int break; } case 502: { - uint32_t _ptr_info502; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info502)); if (_ptr_info502) { NDR_PULL_ALLOC(ndr, r->info502); @@ -5586,7 +5785,6 @@ static enum ndr_err_code ndr_pull_srvsvc_NetShareInfo(struct ndr_pull *ndr, int break; } case 1004: { - uint32_t _ptr_info1004; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info1004)); if (_ptr_info1004) { NDR_PULL_ALLOC(ndr, r->info1004); @@ -5596,7 +5794,6 @@ static enum ndr_err_code ndr_pull_srvsvc_NetShareInfo(struct ndr_pull *ndr, int break; } case 1005: { - uint32_t _ptr_info1005; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info1005)); if (_ptr_info1005) { NDR_PULL_ALLOC(ndr, r->info1005); @@ -5606,7 +5803,6 @@ static enum ndr_err_code ndr_pull_srvsvc_NetShareInfo(struct ndr_pull *ndr, int break; } case 1006: { - uint32_t _ptr_info1006; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info1006)); if (_ptr_info1006) { NDR_PULL_ALLOC(ndr, r->info1006); @@ -5616,7 +5812,6 @@ static enum ndr_err_code ndr_pull_srvsvc_NetShareInfo(struct ndr_pull *ndr, int break; } case 1007: { - uint32_t _ptr_info1007; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info1007)); if (_ptr_info1007) { NDR_PULL_ALLOC(ndr, r->info1007); @@ -5626,7 +5821,6 @@ static enum ndr_err_code ndr_pull_srvsvc_NetShareInfo(struct ndr_pull *ndr, int break; } case 1501: { - uint32_t _ptr_info1501; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info1501)); if (_ptr_info1501) { NDR_PULL_ALLOC(ndr, r->info1501); @@ -5969,15 +6163,25 @@ static enum ndr_err_code ndr_pull_srvsvc_NetShareCtr(struct ndr_pull *ndr, int n int level; uint32_t _level; TALLOC_CTX *_mem_save_ctr0_0; + uint32_t _ptr_ctr0; TALLOC_CTX *_mem_save_ctr1_0; + uint32_t _ptr_ctr1; TALLOC_CTX *_mem_save_ctr2_0; + uint32_t _ptr_ctr2; TALLOC_CTX *_mem_save_ctr501_0; + uint32_t _ptr_ctr501; TALLOC_CTX *_mem_save_ctr502_0; + uint32_t _ptr_ctr502; TALLOC_CTX *_mem_save_ctr1004_0; + uint32_t _ptr_ctr1004; TALLOC_CTX *_mem_save_ctr1005_0; + uint32_t _ptr_ctr1005; TALLOC_CTX *_mem_save_ctr1006_0; + uint32_t _ptr_ctr1006; TALLOC_CTX *_mem_save_ctr1007_0; + uint32_t _ptr_ctr1007; TALLOC_CTX *_mem_save_ctr1501_0; + uint32_t _ptr_ctr1501; level = ndr_pull_get_switch_value(ndr, r); if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &_level)); @@ -5986,7 +6190,6 @@ static enum ndr_err_code ndr_pull_srvsvc_NetShareCtr(struct ndr_pull *ndr, int n } switch (level) { case 0: { - uint32_t _ptr_ctr0; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_ctr0)); if (_ptr_ctr0) { NDR_PULL_ALLOC(ndr, r->ctr0); @@ -5996,7 +6199,6 @@ static enum ndr_err_code ndr_pull_srvsvc_NetShareCtr(struct ndr_pull *ndr, int n break; } case 1: { - uint32_t _ptr_ctr1; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_ctr1)); if (_ptr_ctr1) { NDR_PULL_ALLOC(ndr, r->ctr1); @@ -6006,7 +6208,6 @@ static enum ndr_err_code ndr_pull_srvsvc_NetShareCtr(struct ndr_pull *ndr, int n break; } case 2: { - uint32_t _ptr_ctr2; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_ctr2)); if (_ptr_ctr2) { NDR_PULL_ALLOC(ndr, r->ctr2); @@ -6016,7 +6217,6 @@ static enum ndr_err_code ndr_pull_srvsvc_NetShareCtr(struct ndr_pull *ndr, int n break; } case 501: { - uint32_t _ptr_ctr501; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_ctr501)); if (_ptr_ctr501) { NDR_PULL_ALLOC(ndr, r->ctr501); @@ -6026,7 +6226,6 @@ static enum ndr_err_code ndr_pull_srvsvc_NetShareCtr(struct ndr_pull *ndr, int n break; } case 502: { - uint32_t _ptr_ctr502; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_ctr502)); if (_ptr_ctr502) { NDR_PULL_ALLOC(ndr, r->ctr502); @@ -6036,7 +6235,6 @@ static enum ndr_err_code ndr_pull_srvsvc_NetShareCtr(struct ndr_pull *ndr, int n break; } case 1004: { - uint32_t _ptr_ctr1004; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_ctr1004)); if (_ptr_ctr1004) { NDR_PULL_ALLOC(ndr, r->ctr1004); @@ -6046,7 +6244,6 @@ static enum ndr_err_code ndr_pull_srvsvc_NetShareCtr(struct ndr_pull *ndr, int n break; } case 1005: { - uint32_t _ptr_ctr1005; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_ctr1005)); if (_ptr_ctr1005) { NDR_PULL_ALLOC(ndr, r->ctr1005); @@ -6056,7 +6253,6 @@ static enum ndr_err_code ndr_pull_srvsvc_NetShareCtr(struct ndr_pull *ndr, int n break; } case 1006: { - uint32_t _ptr_ctr1006; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_ctr1006)); if (_ptr_ctr1006) { NDR_PULL_ALLOC(ndr, r->ctr1006); @@ -6066,7 +6262,6 @@ static enum ndr_err_code ndr_pull_srvsvc_NetShareCtr(struct ndr_pull *ndr, int n break; } case 1007: { - uint32_t _ptr_ctr1007; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_ctr1007)); if (_ptr_ctr1007) { NDR_PULL_ALLOC(ndr, r->ctr1007); @@ -6076,7 +6271,6 @@ static enum ndr_err_code ndr_pull_srvsvc_NetShareCtr(struct ndr_pull *ndr, int n break; } case 1501: { - uint32_t _ptr_ctr1501; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_ctr1501)); if (_ptr_ctr1501) { NDR_PULL_ALLOC(ndr, r->ctr1501); @@ -6379,6 +6573,8 @@ _PUBLIC_ enum ndr_err_code ndr_push_srvsvc_NetSrvInfo100(struct ndr_push *ndr, i _PUBLIC_ enum ndr_err_code ndr_pull_srvsvc_NetSrvInfo100(struct ndr_pull *ndr, int ndr_flags, struct srvsvc_NetSrvInfo100 *r) { uint32_t _ptr_server_name; + uint32_t size_server_name_1 = 0; + uint32_t length_server_name_1 = 0; TALLOC_CTX *_mem_save_server_name_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); @@ -6396,11 +6592,13 @@ _PUBLIC_ enum ndr_err_code ndr_pull_srvsvc_NetSrvInfo100(struct ndr_pull *ndr, i NDR_PULL_SET_MEM_CTX(ndr, r->server_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->server_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->server_name)); - if (ndr_get_array_length(ndr, &r->server_name) > ndr_get_array_size(ndr, &r->server_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->server_name), ndr_get_array_length(ndr, &r->server_name)); + size_server_name_1 = ndr_get_array_size(ndr, &r->server_name); + length_server_name_1 = ndr_get_array_length(ndr, &r->server_name); + if (length_server_name_1 > size_server_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_name_1, length_server_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->server_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->server_name, ndr_get_array_length(ndr, &r->server_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->server_name, length_server_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_name_0, 0); } } @@ -6452,8 +6650,12 @@ _PUBLIC_ enum ndr_err_code ndr_push_srvsvc_NetSrvInfo101(struct ndr_push *ndr, i _PUBLIC_ enum ndr_err_code ndr_pull_srvsvc_NetSrvInfo101(struct ndr_pull *ndr, int ndr_flags, struct srvsvc_NetSrvInfo101 *r) { uint32_t _ptr_server_name; + uint32_t size_server_name_1 = 0; + uint32_t length_server_name_1 = 0; TALLOC_CTX *_mem_save_server_name_0; uint32_t _ptr_comment; + uint32_t size_comment_1 = 0; + uint32_t length_comment_1 = 0; TALLOC_CTX *_mem_save_comment_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); @@ -6480,11 +6682,13 @@ _PUBLIC_ enum ndr_err_code ndr_pull_srvsvc_NetSrvInfo101(struct ndr_pull *ndr, i NDR_PULL_SET_MEM_CTX(ndr, r->server_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->server_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->server_name)); - if (ndr_get_array_length(ndr, &r->server_name) > ndr_get_array_size(ndr, &r->server_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->server_name), ndr_get_array_length(ndr, &r->server_name)); + size_server_name_1 = ndr_get_array_size(ndr, &r->server_name); + length_server_name_1 = ndr_get_array_length(ndr, &r->server_name); + if (length_server_name_1 > size_server_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_name_1, length_server_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->server_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->server_name, ndr_get_array_length(ndr, &r->server_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->server_name, length_server_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_name_0, 0); } if (r->comment) { @@ -6492,11 +6696,13 @@ _PUBLIC_ enum ndr_err_code ndr_pull_srvsvc_NetSrvInfo101(struct ndr_pull *ndr, i NDR_PULL_SET_MEM_CTX(ndr, r->comment, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->comment)); NDR_CHECK(ndr_pull_array_length(ndr, &r->comment)); - if (ndr_get_array_length(ndr, &r->comment) > ndr_get_array_size(ndr, &r->comment)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->comment), ndr_get_array_length(ndr, &r->comment)); + size_comment_1 = ndr_get_array_size(ndr, &r->comment); + length_comment_1 = ndr_get_array_length(ndr, &r->comment); + if (length_comment_1 > size_comment_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_comment_1, length_comment_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->comment), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->comment, ndr_get_array_length(ndr, &r->comment), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_comment_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->comment, length_comment_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_comment_0, 0); } } @@ -6570,10 +6776,16 @@ static enum ndr_err_code ndr_push_srvsvc_NetSrvInfo102(struct ndr_push *ndr, int static enum ndr_err_code ndr_pull_srvsvc_NetSrvInfo102(struct ndr_pull *ndr, int ndr_flags, struct srvsvc_NetSrvInfo102 *r) { uint32_t _ptr_server_name; + uint32_t size_server_name_1 = 0; + uint32_t length_server_name_1 = 0; TALLOC_CTX *_mem_save_server_name_0; uint32_t _ptr_comment; + uint32_t size_comment_1 = 0; + uint32_t length_comment_1 = 0; TALLOC_CTX *_mem_save_comment_0; uint32_t _ptr_userpath; + uint32_t size_userpath_1 = 0; + uint32_t length_userpath_1 = 0; TALLOC_CTX *_mem_save_userpath_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); @@ -6612,11 +6824,13 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSrvInfo102(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->server_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->server_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->server_name)); - if (ndr_get_array_length(ndr, &r->server_name) > ndr_get_array_size(ndr, &r->server_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->server_name), ndr_get_array_length(ndr, &r->server_name)); + size_server_name_1 = ndr_get_array_size(ndr, &r->server_name); + length_server_name_1 = ndr_get_array_length(ndr, &r->server_name); + if (length_server_name_1 > size_server_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_name_1, length_server_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->server_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->server_name, ndr_get_array_length(ndr, &r->server_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->server_name, length_server_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_name_0, 0); } if (r->comment) { @@ -6624,11 +6838,13 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSrvInfo102(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->comment, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->comment)); NDR_CHECK(ndr_pull_array_length(ndr, &r->comment)); - if (ndr_get_array_length(ndr, &r->comment) > ndr_get_array_size(ndr, &r->comment)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->comment), ndr_get_array_length(ndr, &r->comment)); + size_comment_1 = ndr_get_array_size(ndr, &r->comment); + length_comment_1 = ndr_get_array_length(ndr, &r->comment); + if (length_comment_1 > size_comment_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_comment_1, length_comment_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->comment), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->comment, ndr_get_array_length(ndr, &r->comment), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_comment_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->comment, length_comment_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_comment_0, 0); } if (r->userpath) { @@ -6636,11 +6852,13 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSrvInfo102(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->userpath, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->userpath)); NDR_CHECK(ndr_pull_array_length(ndr, &r->userpath)); - if (ndr_get_array_length(ndr, &r->userpath) > ndr_get_array_size(ndr, &r->userpath)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->userpath), ndr_get_array_length(ndr, &r->userpath)); + size_userpath_1 = ndr_get_array_size(ndr, &r->userpath); + length_userpath_1 = ndr_get_array_length(ndr, &r->userpath); + if (length_userpath_1 > size_userpath_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_userpath_1, length_userpath_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->userpath), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->userpath, ndr_get_array_length(ndr, &r->userpath), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_userpath_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->userpath, length_userpath_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_userpath_0, 0); } } @@ -6744,10 +6962,16 @@ static enum ndr_err_code ndr_push_srvsvc_NetSrvInfo402(struct ndr_push *ndr, int static enum ndr_err_code ndr_pull_srvsvc_NetSrvInfo402(struct ndr_pull *ndr, int ndr_flags, struct srvsvc_NetSrvInfo402 *r) { uint32_t _ptr_alerts; + uint32_t size_alerts_1 = 0; + uint32_t length_alerts_1 = 0; TALLOC_CTX *_mem_save_alerts_0; uint32_t _ptr_guestaccount; + uint32_t size_guestaccount_1 = 0; + uint32_t length_guestaccount_1 = 0; TALLOC_CTX *_mem_save_guestaccount_0; uint32_t _ptr_srvheuristics; + uint32_t size_srvheuristics_1 = 0; + uint32_t length_srvheuristics_1 = 0; TALLOC_CTX *_mem_save_srvheuristics_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); @@ -6804,11 +7028,13 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSrvInfo402(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->alerts, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->alerts)); NDR_CHECK(ndr_pull_array_length(ndr, &r->alerts)); - if (ndr_get_array_length(ndr, &r->alerts) > ndr_get_array_size(ndr, &r->alerts)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->alerts), ndr_get_array_length(ndr, &r->alerts)); + size_alerts_1 = ndr_get_array_size(ndr, &r->alerts); + length_alerts_1 = ndr_get_array_length(ndr, &r->alerts); + if (length_alerts_1 > size_alerts_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_alerts_1, length_alerts_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->alerts), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->alerts, ndr_get_array_length(ndr, &r->alerts), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_alerts_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->alerts, length_alerts_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_alerts_0, 0); } if (r->guestaccount) { @@ -6816,11 +7042,13 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSrvInfo402(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->guestaccount, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->guestaccount)); NDR_CHECK(ndr_pull_array_length(ndr, &r->guestaccount)); - if (ndr_get_array_length(ndr, &r->guestaccount) > ndr_get_array_size(ndr, &r->guestaccount)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->guestaccount), ndr_get_array_length(ndr, &r->guestaccount)); + size_guestaccount_1 = ndr_get_array_size(ndr, &r->guestaccount); + length_guestaccount_1 = ndr_get_array_length(ndr, &r->guestaccount); + if (length_guestaccount_1 > size_guestaccount_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_guestaccount_1, length_guestaccount_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->guestaccount), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->guestaccount, ndr_get_array_length(ndr, &r->guestaccount), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_guestaccount_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->guestaccount, length_guestaccount_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_guestaccount_0, 0); } if (r->srvheuristics) { @@ -6828,11 +7056,13 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSrvInfo402(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->srvheuristics, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->srvheuristics)); NDR_CHECK(ndr_pull_array_length(ndr, &r->srvheuristics)); - if (ndr_get_array_length(ndr, &r->srvheuristics) > ndr_get_array_size(ndr, &r->srvheuristics)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->srvheuristics), ndr_get_array_length(ndr, &r->srvheuristics)); + size_srvheuristics_1 = ndr_get_array_size(ndr, &r->srvheuristics); + length_srvheuristics_1 = ndr_get_array_length(ndr, &r->srvheuristics); + if (length_srvheuristics_1 > size_srvheuristics_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_srvheuristics_1, length_srvheuristics_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->srvheuristics), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->srvheuristics, ndr_get_array_length(ndr, &r->srvheuristics), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_srvheuristics_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->srvheuristics, length_srvheuristics_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_srvheuristics_0, 0); } } @@ -6963,12 +7193,20 @@ static enum ndr_err_code ndr_push_srvsvc_NetSrvInfo403(struct ndr_push *ndr, int static enum ndr_err_code ndr_pull_srvsvc_NetSrvInfo403(struct ndr_pull *ndr, int ndr_flags, struct srvsvc_NetSrvInfo403 *r) { uint32_t _ptr_alerts; + uint32_t size_alerts_1 = 0; + uint32_t length_alerts_1 = 0; TALLOC_CTX *_mem_save_alerts_0; uint32_t _ptr_guestaccount; + uint32_t size_guestaccount_1 = 0; + uint32_t length_guestaccount_1 = 0; TALLOC_CTX *_mem_save_guestaccount_0; uint32_t _ptr_srvheuristics; + uint32_t size_srvheuristics_1 = 0; + uint32_t length_srvheuristics_1 = 0; TALLOC_CTX *_mem_save_srvheuristics_0; uint32_t _ptr_autopath; + uint32_t size_autopath_1 = 0; + uint32_t length_autopath_1 = 0; TALLOC_CTX *_mem_save_autopath_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); @@ -7033,11 +7271,13 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSrvInfo403(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->alerts, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->alerts)); NDR_CHECK(ndr_pull_array_length(ndr, &r->alerts)); - if (ndr_get_array_length(ndr, &r->alerts) > ndr_get_array_size(ndr, &r->alerts)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->alerts), ndr_get_array_length(ndr, &r->alerts)); + size_alerts_1 = ndr_get_array_size(ndr, &r->alerts); + length_alerts_1 = ndr_get_array_length(ndr, &r->alerts); + if (length_alerts_1 > size_alerts_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_alerts_1, length_alerts_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->alerts), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->alerts, ndr_get_array_length(ndr, &r->alerts), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_alerts_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->alerts, length_alerts_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_alerts_0, 0); } if (r->guestaccount) { @@ -7045,11 +7285,13 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSrvInfo403(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->guestaccount, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->guestaccount)); NDR_CHECK(ndr_pull_array_length(ndr, &r->guestaccount)); - if (ndr_get_array_length(ndr, &r->guestaccount) > ndr_get_array_size(ndr, &r->guestaccount)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->guestaccount), ndr_get_array_length(ndr, &r->guestaccount)); + size_guestaccount_1 = ndr_get_array_size(ndr, &r->guestaccount); + length_guestaccount_1 = ndr_get_array_length(ndr, &r->guestaccount); + if (length_guestaccount_1 > size_guestaccount_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_guestaccount_1, length_guestaccount_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->guestaccount), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->guestaccount, ndr_get_array_length(ndr, &r->guestaccount), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_guestaccount_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->guestaccount, length_guestaccount_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_guestaccount_0, 0); } if (r->srvheuristics) { @@ -7057,11 +7299,13 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSrvInfo403(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->srvheuristics, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->srvheuristics)); NDR_CHECK(ndr_pull_array_length(ndr, &r->srvheuristics)); - if (ndr_get_array_length(ndr, &r->srvheuristics) > ndr_get_array_size(ndr, &r->srvheuristics)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->srvheuristics), ndr_get_array_length(ndr, &r->srvheuristics)); + size_srvheuristics_1 = ndr_get_array_size(ndr, &r->srvheuristics); + length_srvheuristics_1 = ndr_get_array_length(ndr, &r->srvheuristics); + if (length_srvheuristics_1 > size_srvheuristics_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_srvheuristics_1, length_srvheuristics_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->srvheuristics), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->srvheuristics, ndr_get_array_length(ndr, &r->srvheuristics), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_srvheuristics_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->srvheuristics, length_srvheuristics_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_srvheuristics_0, 0); } if (r->autopath) { @@ -7069,11 +7313,13 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSrvInfo403(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->autopath, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->autopath)); NDR_CHECK(ndr_pull_array_length(ndr, &r->autopath)); - if (ndr_get_array_length(ndr, &r->autopath) > ndr_get_array_size(ndr, &r->autopath)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->autopath), ndr_get_array_length(ndr, &r->autopath)); + size_autopath_1 = ndr_get_array_size(ndr, &r->autopath); + length_autopath_1 = ndr_get_array_length(ndr, &r->autopath); + if (length_autopath_1 > size_autopath_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_autopath_1, length_autopath_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->autopath), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->autopath, ndr_get_array_length(ndr, &r->autopath), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_autopath_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->autopath, length_autopath_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_autopath_0, 0); } } @@ -7283,6 +7529,8 @@ static enum ndr_err_code ndr_push_srvsvc_NetSrvInfo503(struct ndr_push *ndr, int static enum ndr_err_code ndr_pull_srvsvc_NetSrvInfo503(struct ndr_pull *ndr, int ndr_flags, struct srvsvc_NetSrvInfo503 *r) { uint32_t _ptr_domain; + uint32_t size_domain_1 = 0; + uint32_t length_domain_1 = 0; TALLOC_CTX *_mem_save_domain_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); @@ -7340,11 +7588,13 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSrvInfo503(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->domain, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->domain)); NDR_CHECK(ndr_pull_array_length(ndr, &r->domain)); - if (ndr_get_array_length(ndr, &r->domain) > ndr_get_array_size(ndr, &r->domain)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->domain), ndr_get_array_length(ndr, &r->domain)); + size_domain_1 = ndr_get_array_size(ndr, &r->domain); + length_domain_1 = ndr_get_array_length(ndr, &r->domain); + if (length_domain_1 > size_domain_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_domain_1, length_domain_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->domain), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->domain, ndr_get_array_length(ndr, &r->domain), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_domain_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->domain, length_domain_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_domain_0, 0); } } @@ -7479,6 +7729,8 @@ static enum ndr_err_code ndr_push_srvsvc_NetSrvInfo599(struct ndr_push *ndr, int static enum ndr_err_code ndr_pull_srvsvc_NetSrvInfo599(struct ndr_pull *ndr, int ndr_flags, struct srvsvc_NetSrvInfo599 *r) { uint32_t _ptr_domain; + uint32_t size_domain_1 = 0; + uint32_t length_domain_1 = 0; TALLOC_CTX *_mem_save_domain_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); @@ -7549,11 +7801,13 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSrvInfo599(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->domain, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->domain)); NDR_CHECK(ndr_pull_array_length(ndr, &r->domain)); - if (ndr_get_array_length(ndr, &r->domain) > ndr_get_array_size(ndr, &r->domain)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->domain), ndr_get_array_length(ndr, &r->domain)); + size_domain_1 = ndr_get_array_size(ndr, &r->domain); + length_domain_1 = ndr_get_array_length(ndr, &r->domain); + if (length_domain_1 > size_domain_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_domain_1, length_domain_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->domain), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->domain, ndr_get_array_length(ndr, &r->domain), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_domain_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->domain, length_domain_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_domain_0, 0); } } @@ -7647,6 +7901,8 @@ static enum ndr_err_code ndr_push_srvsvc_NetSrvInfo1005(struct ndr_push *ndr, in static enum ndr_err_code ndr_pull_srvsvc_NetSrvInfo1005(struct ndr_pull *ndr, int ndr_flags, struct srvsvc_NetSrvInfo1005 *r) { uint32_t _ptr_comment; + uint32_t size_comment_1 = 0; + uint32_t length_comment_1 = 0; TALLOC_CTX *_mem_save_comment_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); @@ -7663,11 +7919,13 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSrvInfo1005(struct ndr_pull *ndr, in NDR_PULL_SET_MEM_CTX(ndr, r->comment, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->comment)); NDR_CHECK(ndr_pull_array_length(ndr, &r->comment)); - if (ndr_get_array_length(ndr, &r->comment) > ndr_get_array_size(ndr, &r->comment)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->comment), ndr_get_array_length(ndr, &r->comment)); + size_comment_1 = ndr_get_array_size(ndr, &r->comment); + length_comment_1 = ndr_get_array_length(ndr, &r->comment); + if (length_comment_1 > size_comment_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_comment_1, length_comment_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->comment), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->comment, ndr_get_array_length(ndr, &r->comment), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_comment_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->comment, length_comment_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_comment_0, 0); } } @@ -9804,64 +10062,123 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSrvInfo(struct ndr_pull *ndr, int nd int level; uint32_t _level; TALLOC_CTX *_mem_save_info100_0; + uint32_t _ptr_info100; TALLOC_CTX *_mem_save_info101_0; + uint32_t _ptr_info101; TALLOC_CTX *_mem_save_info102_0; + uint32_t _ptr_info102; TALLOC_CTX *_mem_save_info402_0; + uint32_t _ptr_info402; TALLOC_CTX *_mem_save_info403_0; + uint32_t _ptr_info403; TALLOC_CTX *_mem_save_info502_0; + uint32_t _ptr_info502; TALLOC_CTX *_mem_save_info503_0; + uint32_t _ptr_info503; TALLOC_CTX *_mem_save_info599_0; + uint32_t _ptr_info599; TALLOC_CTX *_mem_save_info1005_0; + uint32_t _ptr_info1005; TALLOC_CTX *_mem_save_info1010_0; + uint32_t _ptr_info1010; TALLOC_CTX *_mem_save_info1016_0; + uint32_t _ptr_info1016; TALLOC_CTX *_mem_save_info1017_0; + uint32_t _ptr_info1017; TALLOC_CTX *_mem_save_info1018_0; + uint32_t _ptr_info1018; TALLOC_CTX *_mem_save_info1107_0; + uint32_t _ptr_info1107; TALLOC_CTX *_mem_save_info1501_0; + uint32_t _ptr_info1501; TALLOC_CTX *_mem_save_info1502_0; + uint32_t _ptr_info1502; TALLOC_CTX *_mem_save_info1503_0; + uint32_t _ptr_info1503; TALLOC_CTX *_mem_save_info1506_0; + uint32_t _ptr_info1506; TALLOC_CTX *_mem_save_info1509_0; + uint32_t _ptr_info1509; TALLOC_CTX *_mem_save_info1510_0; + uint32_t _ptr_info1510; TALLOC_CTX *_mem_save_info1511_0; + uint32_t _ptr_info1511; TALLOC_CTX *_mem_save_info1512_0; + uint32_t _ptr_info1512; TALLOC_CTX *_mem_save_info1513_0; + uint32_t _ptr_info1513; TALLOC_CTX *_mem_save_info1514_0; + uint32_t _ptr_info1514; TALLOC_CTX *_mem_save_info1515_0; + uint32_t _ptr_info1515; TALLOC_CTX *_mem_save_info1516_0; + uint32_t _ptr_info1516; TALLOC_CTX *_mem_save_info1518_0; + uint32_t _ptr_info1518; TALLOC_CTX *_mem_save_info1520_0; + uint32_t _ptr_info1520; TALLOC_CTX *_mem_save_info1521_0; + uint32_t _ptr_info1521; TALLOC_CTX *_mem_save_info1522_0; + uint32_t _ptr_info1522; TALLOC_CTX *_mem_save_info1523_0; + uint32_t _ptr_info1523; TALLOC_CTX *_mem_save_info1524_0; + uint32_t _ptr_info1524; TALLOC_CTX *_mem_save_info1525_0; + uint32_t _ptr_info1525; TALLOC_CTX *_mem_save_info1528_0; + uint32_t _ptr_info1528; TALLOC_CTX *_mem_save_info1529_0; + uint32_t _ptr_info1529; TALLOC_CTX *_mem_save_info1530_0; + uint32_t _ptr_info1530; TALLOC_CTX *_mem_save_info1533_0; + uint32_t _ptr_info1533; TALLOC_CTX *_mem_save_info1534_0; + uint32_t _ptr_info1534; TALLOC_CTX *_mem_save_info1535_0; + uint32_t _ptr_info1535; TALLOC_CTX *_mem_save_info1536_0; + uint32_t _ptr_info1536; TALLOC_CTX *_mem_save_info1537_0; + uint32_t _ptr_info1537; TALLOC_CTX *_mem_save_info1538_0; + uint32_t _ptr_info1538; TALLOC_CTX *_mem_save_info1539_0; + uint32_t _ptr_info1539; TALLOC_CTX *_mem_save_info1540_0; + uint32_t _ptr_info1540; TALLOC_CTX *_mem_save_info1541_0; + uint32_t _ptr_info1541; TALLOC_CTX *_mem_save_info1542_0; + uint32_t _ptr_info1542; TALLOC_CTX *_mem_save_info1543_0; + uint32_t _ptr_info1543; TALLOC_CTX *_mem_save_info1544_0; + uint32_t _ptr_info1544; TALLOC_CTX *_mem_save_info1545_0; + uint32_t _ptr_info1545; TALLOC_CTX *_mem_save_info1546_0; + uint32_t _ptr_info1546; TALLOC_CTX *_mem_save_info1547_0; + uint32_t _ptr_info1547; TALLOC_CTX *_mem_save_info1548_0; + uint32_t _ptr_info1548; TALLOC_CTX *_mem_save_info1549_0; + uint32_t _ptr_info1549; TALLOC_CTX *_mem_save_info1550_0; + uint32_t _ptr_info1550; TALLOC_CTX *_mem_save_info1552_0; + uint32_t _ptr_info1552; TALLOC_CTX *_mem_save_info1553_0; + uint32_t _ptr_info1553; TALLOC_CTX *_mem_save_info1554_0; + uint32_t _ptr_info1554; TALLOC_CTX *_mem_save_info1555_0; + uint32_t _ptr_info1555; TALLOC_CTX *_mem_save_info1556_0; + uint32_t _ptr_info1556; level = ndr_pull_get_switch_value(ndr, r); if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &_level)); @@ -9870,7 +10187,6 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSrvInfo(struct ndr_pull *ndr, int nd } switch (level) { case 100: { - uint32_t _ptr_info100; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info100)); if (_ptr_info100) { NDR_PULL_ALLOC(ndr, r->info100); @@ -9880,7 +10196,6 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSrvInfo(struct ndr_pull *ndr, int nd break; } case 101: { - uint32_t _ptr_info101; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info101)); if (_ptr_info101) { NDR_PULL_ALLOC(ndr, r->info101); @@ -9890,7 +10205,6 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSrvInfo(struct ndr_pull *ndr, int nd break; } case 102: { - uint32_t _ptr_info102; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info102)); if (_ptr_info102) { NDR_PULL_ALLOC(ndr, r->info102); @@ -9900,7 +10214,6 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSrvInfo(struct ndr_pull *ndr, int nd break; } case 402: { - uint32_t _ptr_info402; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info402)); if (_ptr_info402) { NDR_PULL_ALLOC(ndr, r->info402); @@ -9910,7 +10223,6 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSrvInfo(struct ndr_pull *ndr, int nd break; } case 403: { - uint32_t _ptr_info403; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info403)); if (_ptr_info403) { NDR_PULL_ALLOC(ndr, r->info403); @@ -9920,7 +10232,6 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSrvInfo(struct ndr_pull *ndr, int nd break; } case 502: { - uint32_t _ptr_info502; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info502)); if (_ptr_info502) { NDR_PULL_ALLOC(ndr, r->info502); @@ -9930,7 +10241,6 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSrvInfo(struct ndr_pull *ndr, int nd break; } case 503: { - uint32_t _ptr_info503; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info503)); if (_ptr_info503) { NDR_PULL_ALLOC(ndr, r->info503); @@ -9940,7 +10250,6 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSrvInfo(struct ndr_pull *ndr, int nd break; } case 599: { - uint32_t _ptr_info599; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info599)); if (_ptr_info599) { NDR_PULL_ALLOC(ndr, r->info599); @@ -9950,7 +10259,6 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSrvInfo(struct ndr_pull *ndr, int nd break; } case 1005: { - uint32_t _ptr_info1005; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info1005)); if (_ptr_info1005) { NDR_PULL_ALLOC(ndr, r->info1005); @@ -9960,7 +10268,6 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSrvInfo(struct ndr_pull *ndr, int nd break; } case 1010: { - uint32_t _ptr_info1010; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info1010)); if (_ptr_info1010) { NDR_PULL_ALLOC(ndr, r->info1010); @@ -9970,7 +10277,6 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSrvInfo(struct ndr_pull *ndr, int nd break; } case 1016: { - uint32_t _ptr_info1016; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info1016)); if (_ptr_info1016) { NDR_PULL_ALLOC(ndr, r->info1016); @@ -9980,7 +10286,6 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSrvInfo(struct ndr_pull *ndr, int nd break; } case 1017: { - uint32_t _ptr_info1017; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info1017)); if (_ptr_info1017) { NDR_PULL_ALLOC(ndr, r->info1017); @@ -9990,7 +10295,6 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSrvInfo(struct ndr_pull *ndr, int nd break; } case 1018: { - uint32_t _ptr_info1018; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info1018)); if (_ptr_info1018) { NDR_PULL_ALLOC(ndr, r->info1018); @@ -10000,7 +10304,6 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSrvInfo(struct ndr_pull *ndr, int nd break; } case 1107: { - uint32_t _ptr_info1107; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info1107)); if (_ptr_info1107) { NDR_PULL_ALLOC(ndr, r->info1107); @@ -10010,7 +10313,6 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSrvInfo(struct ndr_pull *ndr, int nd break; } case 1501: { - uint32_t _ptr_info1501; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info1501)); if (_ptr_info1501) { NDR_PULL_ALLOC(ndr, r->info1501); @@ -10020,7 +10322,6 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSrvInfo(struct ndr_pull *ndr, int nd break; } case 1502: { - uint32_t _ptr_info1502; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info1502)); if (_ptr_info1502) { NDR_PULL_ALLOC(ndr, r->info1502); @@ -10030,7 +10331,6 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSrvInfo(struct ndr_pull *ndr, int nd break; } case 1503: { - uint32_t _ptr_info1503; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info1503)); if (_ptr_info1503) { NDR_PULL_ALLOC(ndr, r->info1503); @@ -10040,7 +10340,6 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSrvInfo(struct ndr_pull *ndr, int nd break; } case 1506: { - uint32_t _ptr_info1506; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info1506)); if (_ptr_info1506) { NDR_PULL_ALLOC(ndr, r->info1506); @@ -10050,7 +10349,6 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSrvInfo(struct ndr_pull *ndr, int nd break; } case 1509: { - uint32_t _ptr_info1509; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info1509)); if (_ptr_info1509) { NDR_PULL_ALLOC(ndr, r->info1509); @@ -10060,7 +10358,6 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSrvInfo(struct ndr_pull *ndr, int nd break; } case 1510: { - uint32_t _ptr_info1510; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info1510)); if (_ptr_info1510) { NDR_PULL_ALLOC(ndr, r->info1510); @@ -10070,7 +10367,6 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSrvInfo(struct ndr_pull *ndr, int nd break; } case 1511: { - uint32_t _ptr_info1511; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info1511)); if (_ptr_info1511) { NDR_PULL_ALLOC(ndr, r->info1511); @@ -10080,7 +10376,6 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSrvInfo(struct ndr_pull *ndr, int nd break; } case 1512: { - uint32_t _ptr_info1512; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info1512)); if (_ptr_info1512) { NDR_PULL_ALLOC(ndr, r->info1512); @@ -10090,7 +10385,6 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSrvInfo(struct ndr_pull *ndr, int nd break; } case 1513: { - uint32_t _ptr_info1513; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info1513)); if (_ptr_info1513) { NDR_PULL_ALLOC(ndr, r->info1513); @@ -10100,7 +10394,6 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSrvInfo(struct ndr_pull *ndr, int nd break; } case 1514: { - uint32_t _ptr_info1514; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info1514)); if (_ptr_info1514) { NDR_PULL_ALLOC(ndr, r->info1514); @@ -10110,7 +10403,6 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSrvInfo(struct ndr_pull *ndr, int nd break; } case 1515: { - uint32_t _ptr_info1515; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info1515)); if (_ptr_info1515) { NDR_PULL_ALLOC(ndr, r->info1515); @@ -10120,7 +10412,6 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSrvInfo(struct ndr_pull *ndr, int nd break; } case 1516: { - uint32_t _ptr_info1516; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info1516)); if (_ptr_info1516) { NDR_PULL_ALLOC(ndr, r->info1516); @@ -10130,7 +10421,6 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSrvInfo(struct ndr_pull *ndr, int nd break; } case 1518: { - uint32_t _ptr_info1518; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info1518)); if (_ptr_info1518) { NDR_PULL_ALLOC(ndr, r->info1518); @@ -10140,7 +10430,6 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSrvInfo(struct ndr_pull *ndr, int nd break; } case 1520: { - uint32_t _ptr_info1520; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info1520)); if (_ptr_info1520) { NDR_PULL_ALLOC(ndr, r->info1520); @@ -10150,7 +10439,6 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSrvInfo(struct ndr_pull *ndr, int nd break; } case 1521: { - uint32_t _ptr_info1521; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info1521)); if (_ptr_info1521) { NDR_PULL_ALLOC(ndr, r->info1521); @@ -10160,7 +10448,6 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSrvInfo(struct ndr_pull *ndr, int nd break; } case 1522: { - uint32_t _ptr_info1522; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info1522)); if (_ptr_info1522) { NDR_PULL_ALLOC(ndr, r->info1522); @@ -10170,7 +10457,6 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSrvInfo(struct ndr_pull *ndr, int nd break; } case 1523: { - uint32_t _ptr_info1523; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info1523)); if (_ptr_info1523) { NDR_PULL_ALLOC(ndr, r->info1523); @@ -10180,7 +10466,6 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSrvInfo(struct ndr_pull *ndr, int nd break; } case 1524: { - uint32_t _ptr_info1524; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info1524)); if (_ptr_info1524) { NDR_PULL_ALLOC(ndr, r->info1524); @@ -10190,7 +10475,6 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSrvInfo(struct ndr_pull *ndr, int nd break; } case 1525: { - uint32_t _ptr_info1525; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info1525)); if (_ptr_info1525) { NDR_PULL_ALLOC(ndr, r->info1525); @@ -10200,7 +10484,6 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSrvInfo(struct ndr_pull *ndr, int nd break; } case 1528: { - uint32_t _ptr_info1528; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info1528)); if (_ptr_info1528) { NDR_PULL_ALLOC(ndr, r->info1528); @@ -10210,7 +10493,6 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSrvInfo(struct ndr_pull *ndr, int nd break; } case 1529: { - uint32_t _ptr_info1529; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info1529)); if (_ptr_info1529) { NDR_PULL_ALLOC(ndr, r->info1529); @@ -10220,7 +10502,6 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSrvInfo(struct ndr_pull *ndr, int nd break; } case 1530: { - uint32_t _ptr_info1530; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info1530)); if (_ptr_info1530) { NDR_PULL_ALLOC(ndr, r->info1530); @@ -10230,7 +10511,6 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSrvInfo(struct ndr_pull *ndr, int nd break; } case 1533: { - uint32_t _ptr_info1533; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info1533)); if (_ptr_info1533) { NDR_PULL_ALLOC(ndr, r->info1533); @@ -10240,7 +10520,6 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSrvInfo(struct ndr_pull *ndr, int nd break; } case 1534: { - uint32_t _ptr_info1534; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info1534)); if (_ptr_info1534) { NDR_PULL_ALLOC(ndr, r->info1534); @@ -10250,7 +10529,6 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSrvInfo(struct ndr_pull *ndr, int nd break; } case 1535: { - uint32_t _ptr_info1535; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info1535)); if (_ptr_info1535) { NDR_PULL_ALLOC(ndr, r->info1535); @@ -10260,7 +10538,6 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSrvInfo(struct ndr_pull *ndr, int nd break; } case 1536: { - uint32_t _ptr_info1536; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info1536)); if (_ptr_info1536) { NDR_PULL_ALLOC(ndr, r->info1536); @@ -10270,7 +10547,6 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSrvInfo(struct ndr_pull *ndr, int nd break; } case 1537: { - uint32_t _ptr_info1537; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info1537)); if (_ptr_info1537) { NDR_PULL_ALLOC(ndr, r->info1537); @@ -10280,7 +10556,6 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSrvInfo(struct ndr_pull *ndr, int nd break; } case 1538: { - uint32_t _ptr_info1538; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info1538)); if (_ptr_info1538) { NDR_PULL_ALLOC(ndr, r->info1538); @@ -10290,7 +10565,6 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSrvInfo(struct ndr_pull *ndr, int nd break; } case 1539: { - uint32_t _ptr_info1539; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info1539)); if (_ptr_info1539) { NDR_PULL_ALLOC(ndr, r->info1539); @@ -10300,7 +10574,6 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSrvInfo(struct ndr_pull *ndr, int nd break; } case 1540: { - uint32_t _ptr_info1540; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info1540)); if (_ptr_info1540) { NDR_PULL_ALLOC(ndr, r->info1540); @@ -10310,7 +10583,6 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSrvInfo(struct ndr_pull *ndr, int nd break; } case 1541: { - uint32_t _ptr_info1541; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info1541)); if (_ptr_info1541) { NDR_PULL_ALLOC(ndr, r->info1541); @@ -10320,7 +10592,6 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSrvInfo(struct ndr_pull *ndr, int nd break; } case 1542: { - uint32_t _ptr_info1542; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info1542)); if (_ptr_info1542) { NDR_PULL_ALLOC(ndr, r->info1542); @@ -10330,7 +10601,6 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSrvInfo(struct ndr_pull *ndr, int nd break; } case 1543: { - uint32_t _ptr_info1543; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info1543)); if (_ptr_info1543) { NDR_PULL_ALLOC(ndr, r->info1543); @@ -10340,7 +10610,6 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSrvInfo(struct ndr_pull *ndr, int nd break; } case 1544: { - uint32_t _ptr_info1544; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info1544)); if (_ptr_info1544) { NDR_PULL_ALLOC(ndr, r->info1544); @@ -10350,7 +10619,6 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSrvInfo(struct ndr_pull *ndr, int nd break; } case 1545: { - uint32_t _ptr_info1545; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info1545)); if (_ptr_info1545) { NDR_PULL_ALLOC(ndr, r->info1545); @@ -10360,7 +10628,6 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSrvInfo(struct ndr_pull *ndr, int nd break; } case 1546: { - uint32_t _ptr_info1546; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info1546)); if (_ptr_info1546) { NDR_PULL_ALLOC(ndr, r->info1546); @@ -10370,7 +10637,6 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSrvInfo(struct ndr_pull *ndr, int nd break; } case 1547: { - uint32_t _ptr_info1547; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info1547)); if (_ptr_info1547) { NDR_PULL_ALLOC(ndr, r->info1547); @@ -10380,7 +10646,6 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSrvInfo(struct ndr_pull *ndr, int nd break; } case 1548: { - uint32_t _ptr_info1548; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info1548)); if (_ptr_info1548) { NDR_PULL_ALLOC(ndr, r->info1548); @@ -10390,7 +10655,6 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSrvInfo(struct ndr_pull *ndr, int nd break; } case 1549: { - uint32_t _ptr_info1549; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info1549)); if (_ptr_info1549) { NDR_PULL_ALLOC(ndr, r->info1549); @@ -10400,7 +10664,6 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSrvInfo(struct ndr_pull *ndr, int nd break; } case 1550: { - uint32_t _ptr_info1550; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info1550)); if (_ptr_info1550) { NDR_PULL_ALLOC(ndr, r->info1550); @@ -10410,7 +10673,6 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSrvInfo(struct ndr_pull *ndr, int nd break; } case 1552: { - uint32_t _ptr_info1552; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info1552)); if (_ptr_info1552) { NDR_PULL_ALLOC(ndr, r->info1552); @@ -10420,7 +10682,6 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSrvInfo(struct ndr_pull *ndr, int nd break; } case 1553: { - uint32_t _ptr_info1553; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info1553)); if (_ptr_info1553) { NDR_PULL_ALLOC(ndr, r->info1553); @@ -10430,7 +10691,6 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSrvInfo(struct ndr_pull *ndr, int nd break; } case 1554: { - uint32_t _ptr_info1554; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info1554)); if (_ptr_info1554) { NDR_PULL_ALLOC(ndr, r->info1554); @@ -10440,7 +10700,6 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSrvInfo(struct ndr_pull *ndr, int nd break; } case 1555: { - uint32_t _ptr_info1555; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info1555)); if (_ptr_info1555) { NDR_PULL_ALLOC(ndr, r->info1555); @@ -10450,7 +10709,6 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSrvInfo(struct ndr_pull *ndr, int nd break; } case 1556: { - uint32_t _ptr_info1556; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info1556)); if (_ptr_info1556) { NDR_PULL_ALLOC(ndr, r->info1556); @@ -11563,11 +11821,13 @@ static enum ndr_err_code ndr_push_srvsvc_NetDiskInfo0(struct ndr_push *ndr, int static enum ndr_err_code ndr_pull_srvsvc_NetDiskInfo0(struct ndr_pull *ndr, int ndr_flags, struct srvsvc_NetDiskInfo0 *r) { + uint32_t size_disk_0 = 0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->__disk_offset)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->__disk_length)); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->disk, r->__disk_length, sizeof(uint16_t), CH_UTF16)); + size_disk_0 = r->__disk_length; + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->disk, size_disk_0, sizeof(uint16_t), CH_UTF16)); } if (ndr_flags & NDR_BUFFERS) { } @@ -11608,6 +11868,8 @@ static enum ndr_err_code ndr_push_srvsvc_NetDiskInfo(struct ndr_push *ndr, int n static enum ndr_err_code ndr_pull_srvsvc_NetDiskInfo(struct ndr_pull *ndr, int ndr_flags, struct srvsvc_NetDiskInfo *r) { uint32_t _ptr_disks; + uint32_t size_disks_1 = 0; + uint32_t length_disks_1 = 0; uint32_t cntr_disks_1; TALLOC_CTX *_mem_save_disks_0; TALLOC_CTX *_mem_save_disks_1; @@ -11627,13 +11889,15 @@ static enum ndr_err_code ndr_pull_srvsvc_NetDiskInfo(struct ndr_pull *ndr, int n NDR_PULL_SET_MEM_CTX(ndr, r->disks, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->disks)); NDR_CHECK(ndr_pull_array_length(ndr, &r->disks)); - if (ndr_get_array_length(ndr, &r->disks) > ndr_get_array_size(ndr, &r->disks)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->disks), ndr_get_array_length(ndr, &r->disks)); + size_disks_1 = ndr_get_array_size(ndr, &r->disks); + length_disks_1 = ndr_get_array_length(ndr, &r->disks); + if (length_disks_1 > size_disks_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_disks_1, length_disks_1); } - NDR_PULL_ALLOC_N(ndr, r->disks, ndr_get_array_size(ndr, &r->disks)); + NDR_PULL_ALLOC_N(ndr, r->disks, size_disks_1); _mem_save_disks_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->disks, 0); - for (cntr_disks_1 = 0; cntr_disks_1 < r->count; cntr_disks_1++) { + for (cntr_disks_1 = 0; cntr_disks_1 < length_disks_1; cntr_disks_1++) { NDR_CHECK(ndr_pull_srvsvc_NetDiskInfo0(ndr, NDR_SCALARS, &r->disks[cntr_disks_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_disks_1, 0); @@ -11785,10 +12049,15 @@ static enum ndr_err_code ndr_push_srvsvc_NetTransportInfo0(struct ndr_push *ndr, static enum ndr_err_code ndr_pull_srvsvc_NetTransportInfo0(struct ndr_pull *ndr, int ndr_flags, struct srvsvc_NetTransportInfo0 *r) { uint32_t _ptr_name; + uint32_t size_name_1 = 0; + uint32_t length_name_1 = 0; TALLOC_CTX *_mem_save_name_0; uint32_t _ptr_addr; + uint32_t size_addr_1 = 0; TALLOC_CTX *_mem_save_addr_0; uint32_t _ptr_net_addr; + uint32_t size_net_addr_1 = 0; + uint32_t length_net_addr_1 = 0; TALLOC_CTX *_mem_save_net_addr_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); @@ -11819,19 +12088,22 @@ static enum ndr_err_code ndr_pull_srvsvc_NetTransportInfo0(struct ndr_pull *ndr, NDR_PULL_SET_MEM_CTX(ndr, r->name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->name)); - if (ndr_get_array_length(ndr, &r->name) > ndr_get_array_size(ndr, &r->name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->name), ndr_get_array_length(ndr, &r->name)); + size_name_1 = ndr_get_array_size(ndr, &r->name); + length_name_1 = ndr_get_array_length(ndr, &r->name); + if (length_name_1 > size_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_name_1, length_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->name, ndr_get_array_length(ndr, &r->name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->name, length_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_name_0, 0); } if (r->addr) { _mem_save_addr_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->addr, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->addr)); - NDR_PULL_ALLOC_N(ndr, r->addr, ndr_get_array_size(ndr, &r->addr)); - NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->addr, ndr_get_array_size(ndr, &r->addr))); + size_addr_1 = ndr_get_array_size(ndr, &r->addr); + NDR_PULL_ALLOC_N(ndr, r->addr, size_addr_1); + NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->addr, size_addr_1)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_addr_0, 0); } if (r->net_addr) { @@ -11839,11 +12111,13 @@ static enum ndr_err_code ndr_pull_srvsvc_NetTransportInfo0(struct ndr_pull *ndr, NDR_PULL_SET_MEM_CTX(ndr, r->net_addr, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->net_addr)); NDR_CHECK(ndr_pull_array_length(ndr, &r->net_addr)); - if (ndr_get_array_length(ndr, &r->net_addr) > ndr_get_array_size(ndr, &r->net_addr)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->net_addr), ndr_get_array_length(ndr, &r->net_addr)); + size_net_addr_1 = ndr_get_array_size(ndr, &r->net_addr); + length_net_addr_1 = ndr_get_array_length(ndr, &r->net_addr); + if (length_net_addr_1 > size_net_addr_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_net_addr_1, length_net_addr_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->net_addr), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->net_addr, ndr_get_array_length(ndr, &r->net_addr), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_net_addr_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->net_addr, length_net_addr_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_net_addr_0, 0); } if (r->addr) { @@ -11905,6 +12179,7 @@ static enum ndr_err_code ndr_push_srvsvc_NetTransportCtr0(struct ndr_push *ndr, static enum ndr_err_code ndr_pull_srvsvc_NetTransportCtr0(struct ndr_pull *ndr, int ndr_flags, struct srvsvc_NetTransportCtr0 *r) { uint32_t _ptr_array; + uint32_t size_array_1 = 0; uint32_t cntr_array_1; TALLOC_CTX *_mem_save_array_0; TALLOC_CTX *_mem_save_array_1; @@ -11923,13 +12198,14 @@ static enum ndr_err_code ndr_pull_srvsvc_NetTransportCtr0(struct ndr_pull *ndr, _mem_save_array_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->array)); - NDR_PULL_ALLOC_N(ndr, r->array, ndr_get_array_size(ndr, &r->array)); + size_array_1 = ndr_get_array_size(ndr, &r->array); + NDR_PULL_ALLOC_N(ndr, r->array, size_array_1); _mem_save_array_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); - for (cntr_array_1 = 0; cntr_array_1 < r->count; cntr_array_1++) { + for (cntr_array_1 = 0; cntr_array_1 < size_array_1; cntr_array_1++) { NDR_CHECK(ndr_pull_srvsvc_NetTransportInfo0(ndr, NDR_SCALARS, &r->array[cntr_array_1])); } - for (cntr_array_1 = 0; cntr_array_1 < r->count; cntr_array_1++) { + for (cntr_array_1 = 0; cntr_array_1 < size_array_1; cntr_array_1++) { NDR_CHECK(ndr_pull_srvsvc_NetTransportInfo0(ndr, NDR_BUFFERS, &r->array[cntr_array_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_array_1, 0); @@ -12007,12 +12283,19 @@ static enum ndr_err_code ndr_push_srvsvc_NetTransportInfo1(struct ndr_push *ndr, static enum ndr_err_code ndr_pull_srvsvc_NetTransportInfo1(struct ndr_pull *ndr, int ndr_flags, struct srvsvc_NetTransportInfo1 *r) { uint32_t _ptr_name; + uint32_t size_name_1 = 0; + uint32_t length_name_1 = 0; TALLOC_CTX *_mem_save_name_0; uint32_t _ptr_addr; + uint32_t size_addr_1 = 0; TALLOC_CTX *_mem_save_addr_0; uint32_t _ptr_net_addr; + uint32_t size_net_addr_1 = 0; + uint32_t length_net_addr_1 = 0; TALLOC_CTX *_mem_save_net_addr_0; uint32_t _ptr_domain; + uint32_t size_domain_1 = 0; + uint32_t length_domain_1 = 0; TALLOC_CTX *_mem_save_domain_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); @@ -12049,19 +12332,22 @@ static enum ndr_err_code ndr_pull_srvsvc_NetTransportInfo1(struct ndr_pull *ndr, NDR_PULL_SET_MEM_CTX(ndr, r->name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->name)); - if (ndr_get_array_length(ndr, &r->name) > ndr_get_array_size(ndr, &r->name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->name), ndr_get_array_length(ndr, &r->name)); + size_name_1 = ndr_get_array_size(ndr, &r->name); + length_name_1 = ndr_get_array_length(ndr, &r->name); + if (length_name_1 > size_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_name_1, length_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->name, ndr_get_array_length(ndr, &r->name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->name, length_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_name_0, 0); } if (r->addr) { _mem_save_addr_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->addr, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->addr)); - NDR_PULL_ALLOC_N(ndr, r->addr, ndr_get_array_size(ndr, &r->addr)); - NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->addr, ndr_get_array_size(ndr, &r->addr))); + size_addr_1 = ndr_get_array_size(ndr, &r->addr); + NDR_PULL_ALLOC_N(ndr, r->addr, size_addr_1); + NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->addr, size_addr_1)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_addr_0, 0); } if (r->net_addr) { @@ -12069,11 +12355,13 @@ static enum ndr_err_code ndr_pull_srvsvc_NetTransportInfo1(struct ndr_pull *ndr, NDR_PULL_SET_MEM_CTX(ndr, r->net_addr, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->net_addr)); NDR_CHECK(ndr_pull_array_length(ndr, &r->net_addr)); - if (ndr_get_array_length(ndr, &r->net_addr) > ndr_get_array_size(ndr, &r->net_addr)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->net_addr), ndr_get_array_length(ndr, &r->net_addr)); + size_net_addr_1 = ndr_get_array_size(ndr, &r->net_addr); + length_net_addr_1 = ndr_get_array_length(ndr, &r->net_addr); + if (length_net_addr_1 > size_net_addr_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_net_addr_1, length_net_addr_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->net_addr), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->net_addr, ndr_get_array_length(ndr, &r->net_addr), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_net_addr_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->net_addr, length_net_addr_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_net_addr_0, 0); } if (r->domain) { @@ -12081,11 +12369,13 @@ static enum ndr_err_code ndr_pull_srvsvc_NetTransportInfo1(struct ndr_pull *ndr, NDR_PULL_SET_MEM_CTX(ndr, r->domain, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->domain)); NDR_CHECK(ndr_pull_array_length(ndr, &r->domain)); - if (ndr_get_array_length(ndr, &r->domain) > ndr_get_array_size(ndr, &r->domain)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->domain), ndr_get_array_length(ndr, &r->domain)); + size_domain_1 = ndr_get_array_size(ndr, &r->domain); + length_domain_1 = ndr_get_array_length(ndr, &r->domain); + if (length_domain_1 > size_domain_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_domain_1, length_domain_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->domain), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->domain, ndr_get_array_length(ndr, &r->domain), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_domain_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->domain, length_domain_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_domain_0, 0); } if (r->addr) { @@ -12153,6 +12443,7 @@ static enum ndr_err_code ndr_push_srvsvc_NetTransportCtr1(struct ndr_push *ndr, static enum ndr_err_code ndr_pull_srvsvc_NetTransportCtr1(struct ndr_pull *ndr, int ndr_flags, struct srvsvc_NetTransportCtr1 *r) { uint32_t _ptr_array; + uint32_t size_array_1 = 0; uint32_t cntr_array_1; TALLOC_CTX *_mem_save_array_0; TALLOC_CTX *_mem_save_array_1; @@ -12171,13 +12462,14 @@ static enum ndr_err_code ndr_pull_srvsvc_NetTransportCtr1(struct ndr_pull *ndr, _mem_save_array_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->array)); - NDR_PULL_ALLOC_N(ndr, r->array, ndr_get_array_size(ndr, &r->array)); + size_array_1 = ndr_get_array_size(ndr, &r->array); + NDR_PULL_ALLOC_N(ndr, r->array, size_array_1); _mem_save_array_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); - for (cntr_array_1 = 0; cntr_array_1 < r->count; cntr_array_1++) { + for (cntr_array_1 = 0; cntr_array_1 < size_array_1; cntr_array_1++) { NDR_CHECK(ndr_pull_srvsvc_NetTransportInfo1(ndr, NDR_SCALARS, &r->array[cntr_array_1])); } - for (cntr_array_1 = 0; cntr_array_1 < r->count; cntr_array_1++) { + for (cntr_array_1 = 0; cntr_array_1 < size_array_1; cntr_array_1++) { NDR_CHECK(ndr_pull_srvsvc_NetTransportInfo1(ndr, NDR_BUFFERS, &r->array[cntr_array_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_array_1, 0); @@ -12256,12 +12548,19 @@ static enum ndr_err_code ndr_push_srvsvc_NetTransportInfo2(struct ndr_push *ndr, static enum ndr_err_code ndr_pull_srvsvc_NetTransportInfo2(struct ndr_pull *ndr, int ndr_flags, struct srvsvc_NetTransportInfo2 *r) { uint32_t _ptr_name; + uint32_t size_name_1 = 0; + uint32_t length_name_1 = 0; TALLOC_CTX *_mem_save_name_0; uint32_t _ptr_addr; + uint32_t size_addr_1 = 0; TALLOC_CTX *_mem_save_addr_0; uint32_t _ptr_net_addr; + uint32_t size_net_addr_1 = 0; + uint32_t length_net_addr_1 = 0; TALLOC_CTX *_mem_save_net_addr_0; uint32_t _ptr_domain; + uint32_t size_domain_1 = 0; + uint32_t length_domain_1 = 0; TALLOC_CTX *_mem_save_domain_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); @@ -12299,19 +12598,22 @@ static enum ndr_err_code ndr_pull_srvsvc_NetTransportInfo2(struct ndr_pull *ndr, NDR_PULL_SET_MEM_CTX(ndr, r->name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->name)); - if (ndr_get_array_length(ndr, &r->name) > ndr_get_array_size(ndr, &r->name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->name), ndr_get_array_length(ndr, &r->name)); + size_name_1 = ndr_get_array_size(ndr, &r->name); + length_name_1 = ndr_get_array_length(ndr, &r->name); + if (length_name_1 > size_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_name_1, length_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->name, ndr_get_array_length(ndr, &r->name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->name, length_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_name_0, 0); } if (r->addr) { _mem_save_addr_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->addr, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->addr)); - NDR_PULL_ALLOC_N(ndr, r->addr, ndr_get_array_size(ndr, &r->addr)); - NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->addr, ndr_get_array_size(ndr, &r->addr))); + size_addr_1 = ndr_get_array_size(ndr, &r->addr); + NDR_PULL_ALLOC_N(ndr, r->addr, size_addr_1); + NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->addr, size_addr_1)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_addr_0, 0); } if (r->net_addr) { @@ -12319,11 +12621,13 @@ static enum ndr_err_code ndr_pull_srvsvc_NetTransportInfo2(struct ndr_pull *ndr, NDR_PULL_SET_MEM_CTX(ndr, r->net_addr, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->net_addr)); NDR_CHECK(ndr_pull_array_length(ndr, &r->net_addr)); - if (ndr_get_array_length(ndr, &r->net_addr) > ndr_get_array_size(ndr, &r->net_addr)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->net_addr), ndr_get_array_length(ndr, &r->net_addr)); + size_net_addr_1 = ndr_get_array_size(ndr, &r->net_addr); + length_net_addr_1 = ndr_get_array_length(ndr, &r->net_addr); + if (length_net_addr_1 > size_net_addr_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_net_addr_1, length_net_addr_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->net_addr), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->net_addr, ndr_get_array_length(ndr, &r->net_addr), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_net_addr_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->net_addr, length_net_addr_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_net_addr_0, 0); } if (r->domain) { @@ -12331,11 +12635,13 @@ static enum ndr_err_code ndr_pull_srvsvc_NetTransportInfo2(struct ndr_pull *ndr, NDR_PULL_SET_MEM_CTX(ndr, r->domain, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->domain)); NDR_CHECK(ndr_pull_array_length(ndr, &r->domain)); - if (ndr_get_array_length(ndr, &r->domain) > ndr_get_array_size(ndr, &r->domain)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->domain), ndr_get_array_length(ndr, &r->domain)); + size_domain_1 = ndr_get_array_size(ndr, &r->domain); + length_domain_1 = ndr_get_array_length(ndr, &r->domain); + if (length_domain_1 > size_domain_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_domain_1, length_domain_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->domain), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->domain, ndr_get_array_length(ndr, &r->domain), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_domain_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->domain, length_domain_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_domain_0, 0); } if (r->addr) { @@ -12404,6 +12710,7 @@ static enum ndr_err_code ndr_push_srvsvc_NetTransportCtr2(struct ndr_push *ndr, static enum ndr_err_code ndr_pull_srvsvc_NetTransportCtr2(struct ndr_pull *ndr, int ndr_flags, struct srvsvc_NetTransportCtr2 *r) { uint32_t _ptr_array; + uint32_t size_array_1 = 0; uint32_t cntr_array_1; TALLOC_CTX *_mem_save_array_0; TALLOC_CTX *_mem_save_array_1; @@ -12422,13 +12729,14 @@ static enum ndr_err_code ndr_pull_srvsvc_NetTransportCtr2(struct ndr_pull *ndr, _mem_save_array_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->array)); - NDR_PULL_ALLOC_N(ndr, r->array, ndr_get_array_size(ndr, &r->array)); + size_array_1 = ndr_get_array_size(ndr, &r->array); + NDR_PULL_ALLOC_N(ndr, r->array, size_array_1); _mem_save_array_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); - for (cntr_array_1 = 0; cntr_array_1 < r->count; cntr_array_1++) { + for (cntr_array_1 = 0; cntr_array_1 < size_array_1; cntr_array_1++) { NDR_CHECK(ndr_pull_srvsvc_NetTransportInfo2(ndr, NDR_SCALARS, &r->array[cntr_array_1])); } - for (cntr_array_1 = 0; cntr_array_1 < r->count; cntr_array_1++) { + for (cntr_array_1 = 0; cntr_array_1 < size_array_1; cntr_array_1++) { NDR_CHECK(ndr_pull_srvsvc_NetTransportInfo2(ndr, NDR_BUFFERS, &r->array[cntr_array_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_array_1, 0); @@ -12509,13 +12817,21 @@ static enum ndr_err_code ndr_push_srvsvc_NetTransportInfo3(struct ndr_push *ndr, static enum ndr_err_code ndr_pull_srvsvc_NetTransportInfo3(struct ndr_pull *ndr, int ndr_flags, struct srvsvc_NetTransportInfo3 *r) { uint32_t _ptr_name; + uint32_t size_name_1 = 0; + uint32_t length_name_1 = 0; TALLOC_CTX *_mem_save_name_0; uint32_t _ptr_addr; + uint32_t size_addr_1 = 0; TALLOC_CTX *_mem_save_addr_0; uint32_t _ptr_net_addr; + uint32_t size_net_addr_1 = 0; + uint32_t length_net_addr_1 = 0; TALLOC_CTX *_mem_save_net_addr_0; uint32_t _ptr_domain; + uint32_t size_domain_1 = 0; + uint32_t length_domain_1 = 0; TALLOC_CTX *_mem_save_domain_0; + uint32_t size_unknown3_0 = 0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->vcs)); @@ -12546,7 +12862,8 @@ static enum ndr_err_code ndr_pull_srvsvc_NetTransportInfo3(struct ndr_pull *ndr, } NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->unknown1)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->unknown2)); - NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->unknown3, 256)); + size_unknown3_0 = 256; + NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->unknown3, size_unknown3_0)); } if (ndr_flags & NDR_BUFFERS) { if (r->name) { @@ -12554,19 +12871,22 @@ static enum ndr_err_code ndr_pull_srvsvc_NetTransportInfo3(struct ndr_pull *ndr, NDR_PULL_SET_MEM_CTX(ndr, r->name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->name)); - if (ndr_get_array_length(ndr, &r->name) > ndr_get_array_size(ndr, &r->name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->name), ndr_get_array_length(ndr, &r->name)); + size_name_1 = ndr_get_array_size(ndr, &r->name); + length_name_1 = ndr_get_array_length(ndr, &r->name); + if (length_name_1 > size_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_name_1, length_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->name, ndr_get_array_length(ndr, &r->name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->name, length_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_name_0, 0); } if (r->addr) { _mem_save_addr_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->addr, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->addr)); - NDR_PULL_ALLOC_N(ndr, r->addr, ndr_get_array_size(ndr, &r->addr)); - NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->addr, ndr_get_array_size(ndr, &r->addr))); + size_addr_1 = ndr_get_array_size(ndr, &r->addr); + NDR_PULL_ALLOC_N(ndr, r->addr, size_addr_1); + NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->addr, size_addr_1)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_addr_0, 0); } if (r->net_addr) { @@ -12574,11 +12894,13 @@ static enum ndr_err_code ndr_pull_srvsvc_NetTransportInfo3(struct ndr_pull *ndr, NDR_PULL_SET_MEM_CTX(ndr, r->net_addr, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->net_addr)); NDR_CHECK(ndr_pull_array_length(ndr, &r->net_addr)); - if (ndr_get_array_length(ndr, &r->net_addr) > ndr_get_array_size(ndr, &r->net_addr)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->net_addr), ndr_get_array_length(ndr, &r->net_addr)); + size_net_addr_1 = ndr_get_array_size(ndr, &r->net_addr); + length_net_addr_1 = ndr_get_array_length(ndr, &r->net_addr); + if (length_net_addr_1 > size_net_addr_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_net_addr_1, length_net_addr_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->net_addr), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->net_addr, ndr_get_array_length(ndr, &r->net_addr), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_net_addr_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->net_addr, length_net_addr_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_net_addr_0, 0); } if (r->domain) { @@ -12586,11 +12908,13 @@ static enum ndr_err_code ndr_pull_srvsvc_NetTransportInfo3(struct ndr_pull *ndr, NDR_PULL_SET_MEM_CTX(ndr, r->domain, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->domain)); NDR_CHECK(ndr_pull_array_length(ndr, &r->domain)); - if (ndr_get_array_length(ndr, &r->domain) > ndr_get_array_size(ndr, &r->domain)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->domain), ndr_get_array_length(ndr, &r->domain)); + size_domain_1 = ndr_get_array_size(ndr, &r->domain); + length_domain_1 = ndr_get_array_length(ndr, &r->domain); + if (length_domain_1 > size_domain_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_domain_1, length_domain_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->domain), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->domain, ndr_get_array_length(ndr, &r->domain), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_domain_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->domain, length_domain_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_domain_0, 0); } if (r->addr) { @@ -12661,6 +12985,7 @@ static enum ndr_err_code ndr_push_srvsvc_NetTransportCtr3(struct ndr_push *ndr, static enum ndr_err_code ndr_pull_srvsvc_NetTransportCtr3(struct ndr_pull *ndr, int ndr_flags, struct srvsvc_NetTransportCtr3 *r) { uint32_t _ptr_array; + uint32_t size_array_1 = 0; uint32_t cntr_array_1; TALLOC_CTX *_mem_save_array_0; TALLOC_CTX *_mem_save_array_1; @@ -12679,13 +13004,14 @@ static enum ndr_err_code ndr_pull_srvsvc_NetTransportCtr3(struct ndr_pull *ndr, _mem_save_array_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->array)); - NDR_PULL_ALLOC_N(ndr, r->array, ndr_get_array_size(ndr, &r->array)); + size_array_1 = ndr_get_array_size(ndr, &r->array); + NDR_PULL_ALLOC_N(ndr, r->array, size_array_1); _mem_save_array_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); - for (cntr_array_1 = 0; cntr_array_1 < r->count; cntr_array_1++) { + for (cntr_array_1 = 0; cntr_array_1 < size_array_1; cntr_array_1++) { NDR_CHECK(ndr_pull_srvsvc_NetTransportInfo3(ndr, NDR_SCALARS, &r->array[cntr_array_1])); } - for (cntr_array_1 = 0; cntr_array_1 < r->count; cntr_array_1++) { + for (cntr_array_1 = 0; cntr_array_1 < size_array_1; cntr_array_1++) { NDR_CHECK(ndr_pull_srvsvc_NetTransportInfo3(ndr, NDR_BUFFERS, &r->array[cntr_array_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_array_1, 0); @@ -12789,9 +13115,13 @@ static enum ndr_err_code ndr_pull_srvsvc_NetTransportCtr(struct ndr_pull *ndr, i int level; uint32_t _level; TALLOC_CTX *_mem_save_ctr0_0; + uint32_t _ptr_ctr0; TALLOC_CTX *_mem_save_ctr1_0; + uint32_t _ptr_ctr1; TALLOC_CTX *_mem_save_ctr2_0; + uint32_t _ptr_ctr2; TALLOC_CTX *_mem_save_ctr3_0; + uint32_t _ptr_ctr3; level = ndr_pull_get_switch_value(ndr, r); if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &_level)); @@ -12800,7 +13130,6 @@ static enum ndr_err_code ndr_pull_srvsvc_NetTransportCtr(struct ndr_pull *ndr, i } switch (level) { case 0: { - uint32_t _ptr_ctr0; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_ctr0)); if (_ptr_ctr0) { NDR_PULL_ALLOC(ndr, r->ctr0); @@ -12810,7 +13139,6 @@ static enum ndr_err_code ndr_pull_srvsvc_NetTransportCtr(struct ndr_pull *ndr, i break; } case 1: { - uint32_t _ptr_ctr1; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_ctr1)); if (_ptr_ctr1) { NDR_PULL_ALLOC(ndr, r->ctr1); @@ -12820,7 +13148,6 @@ static enum ndr_err_code ndr_pull_srvsvc_NetTransportCtr(struct ndr_pull *ndr, i break; } case 2: { - uint32_t _ptr_ctr2; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_ctr2)); if (_ptr_ctr2) { NDR_PULL_ALLOC(ndr, r->ctr2); @@ -12830,7 +13157,6 @@ static enum ndr_err_code ndr_pull_srvsvc_NetTransportCtr(struct ndr_pull *ndr, i break; } case 3: { - uint32_t _ptr_ctr3; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_ctr3)); if (_ptr_ctr3) { NDR_PULL_ALLOC(ndr, r->ctr3); @@ -13215,6 +13541,8 @@ static enum ndr_err_code ndr_push_srvsvc_NetCharDevEnum(struct ndr_push *ndr, in static enum ndr_err_code ndr_pull_srvsvc_NetCharDevEnum(struct ndr_pull *ndr, int flags, struct srvsvc_NetCharDevEnum *r) { uint32_t _ptr_server_unc; + uint32_t size_server_unc_1 = 0; + uint32_t length_server_unc_1 = 0; uint32_t _ptr_resume_handle; TALLOC_CTX *_mem_save_server_unc_0; TALLOC_CTX *_mem_save_info_ctr_0; @@ -13234,11 +13562,13 @@ static enum ndr_err_code ndr_pull_srvsvc_NetCharDevEnum(struct ndr_pull *ndr, in NDR_PULL_SET_MEM_CTX(ndr, r->in.server_unc, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.server_unc)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.server_unc)); - if (ndr_get_array_length(ndr, &r->in.server_unc) > ndr_get_array_size(ndr, &r->in.server_unc)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.server_unc), ndr_get_array_length(ndr, &r->in.server_unc)); + size_server_unc_1 = ndr_get_array_size(ndr, &r->in.server_unc); + length_server_unc_1 = ndr_get_array_length(ndr, &r->in.server_unc); + if (length_server_unc_1 > size_server_unc_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_unc_1, length_server_unc_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.server_unc), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_unc, ndr_get_array_length(ndr, &r->in.server_unc), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_unc_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_unc, length_server_unc_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_unc_0, 0); } if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) { @@ -13380,6 +13710,10 @@ static enum ndr_err_code ndr_push_srvsvc_NetCharDevGetInfo(struct ndr_push *ndr, static enum ndr_err_code ndr_pull_srvsvc_NetCharDevGetInfo(struct ndr_pull *ndr, int flags, struct srvsvc_NetCharDevGetInfo *r) { uint32_t _ptr_server_unc; + uint32_t size_server_unc_1 = 0; + uint32_t length_server_unc_1 = 0; + uint32_t size_device_name_0 = 0; + uint32_t length_device_name_0 = 0; TALLOC_CTX *_mem_save_server_unc_0; TALLOC_CTX *_mem_save_info_0; if (flags & NDR_IN) { @@ -13396,20 +13730,24 @@ static enum ndr_err_code ndr_pull_srvsvc_NetCharDevGetInfo(struct ndr_pull *ndr, NDR_PULL_SET_MEM_CTX(ndr, r->in.server_unc, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.server_unc)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.server_unc)); - if (ndr_get_array_length(ndr, &r->in.server_unc) > ndr_get_array_size(ndr, &r->in.server_unc)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.server_unc), ndr_get_array_length(ndr, &r->in.server_unc)); + size_server_unc_1 = ndr_get_array_size(ndr, &r->in.server_unc); + length_server_unc_1 = ndr_get_array_length(ndr, &r->in.server_unc); + if (length_server_unc_1 > size_server_unc_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_unc_1, length_server_unc_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.server_unc), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_unc, ndr_get_array_length(ndr, &r->in.server_unc), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_unc_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_unc, length_server_unc_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_unc_0, 0); } NDR_CHECK(ndr_pull_array_size(ndr, &r->in.device_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.device_name)); - if (ndr_get_array_length(ndr, &r->in.device_name) > ndr_get_array_size(ndr, &r->in.device_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.device_name), ndr_get_array_length(ndr, &r->in.device_name)); + size_device_name_0 = ndr_get_array_size(ndr, &r->in.device_name); + length_device_name_0 = ndr_get_array_length(ndr, &r->in.device_name); + if (length_device_name_0 > size_device_name_0) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_device_name_0, length_device_name_0); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.device_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.device_name, ndr_get_array_length(ndr, &r->in.device_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_device_name_0, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.device_name, length_device_name_0, sizeof(uint16_t), CH_UTF16)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.level)); NDR_PULL_ALLOC(ndr, r->out.info); ZERO_STRUCTP(r->out.info); @@ -13487,6 +13825,10 @@ static enum ndr_err_code ndr_push_srvsvc_NetCharDevControl(struct ndr_push *ndr, static enum ndr_err_code ndr_pull_srvsvc_NetCharDevControl(struct ndr_pull *ndr, int flags, struct srvsvc_NetCharDevControl *r) { uint32_t _ptr_server_unc; + uint32_t size_server_unc_1 = 0; + uint32_t length_server_unc_1 = 0; + uint32_t size_device_name_0 = 0; + uint32_t length_device_name_0 = 0; TALLOC_CTX *_mem_save_server_unc_0; if (flags & NDR_IN) { NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_server_unc)); @@ -13500,20 +13842,24 @@ static enum ndr_err_code ndr_pull_srvsvc_NetCharDevControl(struct ndr_pull *ndr, NDR_PULL_SET_MEM_CTX(ndr, r->in.server_unc, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.server_unc)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.server_unc)); - if (ndr_get_array_length(ndr, &r->in.server_unc) > ndr_get_array_size(ndr, &r->in.server_unc)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.server_unc), ndr_get_array_length(ndr, &r->in.server_unc)); + size_server_unc_1 = ndr_get_array_size(ndr, &r->in.server_unc); + length_server_unc_1 = ndr_get_array_length(ndr, &r->in.server_unc); + if (length_server_unc_1 > size_server_unc_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_unc_1, length_server_unc_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.server_unc), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_unc, ndr_get_array_length(ndr, &r->in.server_unc), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_unc_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_unc, length_server_unc_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_unc_0, 0); } NDR_CHECK(ndr_pull_array_size(ndr, &r->in.device_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.device_name)); - if (ndr_get_array_length(ndr, &r->in.device_name) > ndr_get_array_size(ndr, &r->in.device_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.device_name), ndr_get_array_length(ndr, &r->in.device_name)); + size_device_name_0 = ndr_get_array_size(ndr, &r->in.device_name); + length_device_name_0 = ndr_get_array_length(ndr, &r->in.device_name); + if (length_device_name_0 > size_device_name_0) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_device_name_0, length_device_name_0); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.device_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.device_name, ndr_get_array_length(ndr, &r->in.device_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_device_name_0, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.device_name, length_device_name_0, sizeof(uint16_t), CH_UTF16)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.opcode)); } if (flags & NDR_OUT) { @@ -13599,7 +13945,11 @@ static enum ndr_err_code ndr_push_srvsvc_NetCharDevQEnum(struct ndr_push *ndr, i static enum ndr_err_code ndr_pull_srvsvc_NetCharDevQEnum(struct ndr_pull *ndr, int flags, struct srvsvc_NetCharDevQEnum *r) { uint32_t _ptr_server_unc; + uint32_t size_server_unc_1 = 0; + uint32_t length_server_unc_1 = 0; uint32_t _ptr_user; + uint32_t size_user_1 = 0; + uint32_t length_user_1 = 0; uint32_t _ptr_resume_handle; TALLOC_CTX *_mem_save_server_unc_0; TALLOC_CTX *_mem_save_user_0; @@ -13620,11 +13970,13 @@ static enum ndr_err_code ndr_pull_srvsvc_NetCharDevQEnum(struct ndr_pull *ndr, i NDR_PULL_SET_MEM_CTX(ndr, r->in.server_unc, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.server_unc)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.server_unc)); - if (ndr_get_array_length(ndr, &r->in.server_unc) > ndr_get_array_size(ndr, &r->in.server_unc)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.server_unc), ndr_get_array_length(ndr, &r->in.server_unc)); + size_server_unc_1 = ndr_get_array_size(ndr, &r->in.server_unc); + length_server_unc_1 = ndr_get_array_length(ndr, &r->in.server_unc); + if (length_server_unc_1 > size_server_unc_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_unc_1, length_server_unc_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.server_unc), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_unc, ndr_get_array_length(ndr, &r->in.server_unc), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_unc_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_unc, length_server_unc_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_unc_0, 0); } NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_user)); @@ -13638,11 +13990,13 @@ static enum ndr_err_code ndr_pull_srvsvc_NetCharDevQEnum(struct ndr_pull *ndr, i NDR_PULL_SET_MEM_CTX(ndr, r->in.user, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.user)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.user)); - if (ndr_get_array_length(ndr, &r->in.user) > ndr_get_array_size(ndr, &r->in.user)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.user), ndr_get_array_length(ndr, &r->in.user)); + size_user_1 = ndr_get_array_size(ndr, &r->in.user); + length_user_1 = ndr_get_array_length(ndr, &r->in.user); + if (length_user_1 > size_user_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_user_1, length_user_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.user), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.user, ndr_get_array_length(ndr, &r->in.user), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_user_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.user, length_user_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_user_0, 0); } if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) { @@ -13794,6 +14148,12 @@ static enum ndr_err_code ndr_push_srvsvc_NetCharDevQGetInfo(struct ndr_push *ndr static enum ndr_err_code ndr_pull_srvsvc_NetCharDevQGetInfo(struct ndr_pull *ndr, int flags, struct srvsvc_NetCharDevQGetInfo *r) { uint32_t _ptr_server_unc; + uint32_t size_server_unc_1 = 0; + uint32_t length_server_unc_1 = 0; + uint32_t size_queue_name_0 = 0; + uint32_t length_queue_name_0 = 0; + uint32_t size_user_0 = 0; + uint32_t length_user_0 = 0; TALLOC_CTX *_mem_save_server_unc_0; TALLOC_CTX *_mem_save_info_0; if (flags & NDR_IN) { @@ -13810,27 +14170,33 @@ static enum ndr_err_code ndr_pull_srvsvc_NetCharDevQGetInfo(struct ndr_pull *ndr NDR_PULL_SET_MEM_CTX(ndr, r->in.server_unc, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.server_unc)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.server_unc)); - if (ndr_get_array_length(ndr, &r->in.server_unc) > ndr_get_array_size(ndr, &r->in.server_unc)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.server_unc), ndr_get_array_length(ndr, &r->in.server_unc)); + size_server_unc_1 = ndr_get_array_size(ndr, &r->in.server_unc); + length_server_unc_1 = ndr_get_array_length(ndr, &r->in.server_unc); + if (length_server_unc_1 > size_server_unc_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_unc_1, length_server_unc_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.server_unc), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_unc, ndr_get_array_length(ndr, &r->in.server_unc), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_unc_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_unc, length_server_unc_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_unc_0, 0); } NDR_CHECK(ndr_pull_array_size(ndr, &r->in.queue_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.queue_name)); - if (ndr_get_array_length(ndr, &r->in.queue_name) > ndr_get_array_size(ndr, &r->in.queue_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.queue_name), ndr_get_array_length(ndr, &r->in.queue_name)); + size_queue_name_0 = ndr_get_array_size(ndr, &r->in.queue_name); + length_queue_name_0 = ndr_get_array_length(ndr, &r->in.queue_name); + if (length_queue_name_0 > size_queue_name_0) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_queue_name_0, length_queue_name_0); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.queue_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.queue_name, ndr_get_array_length(ndr, &r->in.queue_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_queue_name_0, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.queue_name, length_queue_name_0, sizeof(uint16_t), CH_UTF16)); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.user)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.user)); - if (ndr_get_array_length(ndr, &r->in.user) > ndr_get_array_size(ndr, &r->in.user)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.user), ndr_get_array_length(ndr, &r->in.user)); + size_user_0 = ndr_get_array_size(ndr, &r->in.user); + length_user_0 = ndr_get_array_length(ndr, &r->in.user); + if (length_user_0 > size_user_0) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_user_0, length_user_0); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.user), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.user, ndr_get_array_length(ndr, &r->in.user), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_user_0, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.user, length_user_0, sizeof(uint16_t), CH_UTF16)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.level)); NDR_PULL_ALLOC(ndr, r->out.info); ZERO_STRUCTP(r->out.info); @@ -13919,6 +14285,10 @@ static enum ndr_err_code ndr_push_srvsvc_NetCharDevQSetInfo(struct ndr_push *ndr static enum ndr_err_code ndr_pull_srvsvc_NetCharDevQSetInfo(struct ndr_pull *ndr, int flags, struct srvsvc_NetCharDevQSetInfo *r) { uint32_t _ptr_server_unc; + uint32_t size_server_unc_1 = 0; + uint32_t length_server_unc_1 = 0; + uint32_t size_queue_name_0 = 0; + uint32_t length_queue_name_0 = 0; uint32_t _ptr_parm_error; TALLOC_CTX *_mem_save_server_unc_0; TALLOC_CTX *_mem_save_parm_error_0; @@ -13936,20 +14306,24 @@ static enum ndr_err_code ndr_pull_srvsvc_NetCharDevQSetInfo(struct ndr_pull *ndr NDR_PULL_SET_MEM_CTX(ndr, r->in.server_unc, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.server_unc)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.server_unc)); - if (ndr_get_array_length(ndr, &r->in.server_unc) > ndr_get_array_size(ndr, &r->in.server_unc)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.server_unc), ndr_get_array_length(ndr, &r->in.server_unc)); + size_server_unc_1 = ndr_get_array_size(ndr, &r->in.server_unc); + length_server_unc_1 = ndr_get_array_length(ndr, &r->in.server_unc); + if (length_server_unc_1 > size_server_unc_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_unc_1, length_server_unc_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.server_unc), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_unc, ndr_get_array_length(ndr, &r->in.server_unc), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_unc_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_unc, length_server_unc_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_unc_0, 0); } NDR_CHECK(ndr_pull_array_size(ndr, &r->in.queue_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.queue_name)); - if (ndr_get_array_length(ndr, &r->in.queue_name) > ndr_get_array_size(ndr, &r->in.queue_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.queue_name), ndr_get_array_length(ndr, &r->in.queue_name)); + size_queue_name_0 = ndr_get_array_size(ndr, &r->in.queue_name); + length_queue_name_0 = ndr_get_array_length(ndr, &r->in.queue_name); + if (length_queue_name_0 > size_queue_name_0) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_queue_name_0, length_queue_name_0); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.queue_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.queue_name, ndr_get_array_length(ndr, &r->in.queue_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_queue_name_0, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.queue_name, length_queue_name_0, sizeof(uint16_t), CH_UTF16)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.level)); NDR_CHECK(ndr_pull_set_switch_value(ndr, &r->in.info, r->in.level)); NDR_CHECK(ndr_pull_srvsvc_NetCharDevQInfo(ndr, NDR_SCALARS|NDR_BUFFERS, &r->in.info)); @@ -14051,6 +14425,10 @@ static enum ndr_err_code ndr_push_srvsvc_NetCharDevQPurge(struct ndr_push *ndr, static enum ndr_err_code ndr_pull_srvsvc_NetCharDevQPurge(struct ndr_pull *ndr, int flags, struct srvsvc_NetCharDevQPurge *r) { uint32_t _ptr_server_unc; + uint32_t size_server_unc_1 = 0; + uint32_t length_server_unc_1 = 0; + uint32_t size_queue_name_0 = 0; + uint32_t length_queue_name_0 = 0; TALLOC_CTX *_mem_save_server_unc_0; if (flags & NDR_IN) { NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_server_unc)); @@ -14064,20 +14442,24 @@ static enum ndr_err_code ndr_pull_srvsvc_NetCharDevQPurge(struct ndr_pull *ndr, NDR_PULL_SET_MEM_CTX(ndr, r->in.server_unc, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.server_unc)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.server_unc)); - if (ndr_get_array_length(ndr, &r->in.server_unc) > ndr_get_array_size(ndr, &r->in.server_unc)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.server_unc), ndr_get_array_length(ndr, &r->in.server_unc)); + size_server_unc_1 = ndr_get_array_size(ndr, &r->in.server_unc); + length_server_unc_1 = ndr_get_array_length(ndr, &r->in.server_unc); + if (length_server_unc_1 > size_server_unc_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_unc_1, length_server_unc_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.server_unc), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_unc, ndr_get_array_length(ndr, &r->in.server_unc), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_unc_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_unc, length_server_unc_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_unc_0, 0); } NDR_CHECK(ndr_pull_array_size(ndr, &r->in.queue_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.queue_name)); - if (ndr_get_array_length(ndr, &r->in.queue_name) > ndr_get_array_size(ndr, &r->in.queue_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.queue_name), ndr_get_array_length(ndr, &r->in.queue_name)); + size_queue_name_0 = ndr_get_array_size(ndr, &r->in.queue_name); + length_queue_name_0 = ndr_get_array_length(ndr, &r->in.queue_name); + if (length_queue_name_0 > size_queue_name_0) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_queue_name_0, length_queue_name_0); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.queue_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.queue_name, ndr_get_array_length(ndr, &r->in.queue_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_queue_name_0, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.queue_name, length_queue_name_0, sizeof(uint16_t), CH_UTF16)); } if (flags & NDR_OUT) { NDR_CHECK(ndr_pull_WERROR(ndr, NDR_SCALARS, &r->out.result)); @@ -14141,6 +14523,12 @@ static enum ndr_err_code ndr_push_srvsvc_NetCharDevQPurgeSelf(struct ndr_push *n static enum ndr_err_code ndr_pull_srvsvc_NetCharDevQPurgeSelf(struct ndr_pull *ndr, int flags, struct srvsvc_NetCharDevQPurgeSelf *r) { uint32_t _ptr_server_unc; + uint32_t size_server_unc_1 = 0; + uint32_t length_server_unc_1 = 0; + uint32_t size_queue_name_0 = 0; + uint32_t length_queue_name_0 = 0; + uint32_t size_computer_name_0 = 0; + uint32_t length_computer_name_0 = 0; TALLOC_CTX *_mem_save_server_unc_0; if (flags & NDR_IN) { NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_server_unc)); @@ -14154,27 +14542,33 @@ static enum ndr_err_code ndr_pull_srvsvc_NetCharDevQPurgeSelf(struct ndr_pull *n NDR_PULL_SET_MEM_CTX(ndr, r->in.server_unc, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.server_unc)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.server_unc)); - if (ndr_get_array_length(ndr, &r->in.server_unc) > ndr_get_array_size(ndr, &r->in.server_unc)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.server_unc), ndr_get_array_length(ndr, &r->in.server_unc)); + size_server_unc_1 = ndr_get_array_size(ndr, &r->in.server_unc); + length_server_unc_1 = ndr_get_array_length(ndr, &r->in.server_unc); + if (length_server_unc_1 > size_server_unc_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_unc_1, length_server_unc_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.server_unc), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_unc, ndr_get_array_length(ndr, &r->in.server_unc), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_unc_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_unc, length_server_unc_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_unc_0, 0); } NDR_CHECK(ndr_pull_array_size(ndr, &r->in.queue_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.queue_name)); - if (ndr_get_array_length(ndr, &r->in.queue_name) > ndr_get_array_size(ndr, &r->in.queue_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.queue_name), ndr_get_array_length(ndr, &r->in.queue_name)); + size_queue_name_0 = ndr_get_array_size(ndr, &r->in.queue_name); + length_queue_name_0 = ndr_get_array_length(ndr, &r->in.queue_name); + if (length_queue_name_0 > size_queue_name_0) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_queue_name_0, length_queue_name_0); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.queue_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.queue_name, ndr_get_array_length(ndr, &r->in.queue_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_queue_name_0, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.queue_name, length_queue_name_0, sizeof(uint16_t), CH_UTF16)); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.computer_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.computer_name)); - if (ndr_get_array_length(ndr, &r->in.computer_name) > ndr_get_array_size(ndr, &r->in.computer_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.computer_name), ndr_get_array_length(ndr, &r->in.computer_name)); + size_computer_name_0 = ndr_get_array_size(ndr, &r->in.computer_name); + length_computer_name_0 = ndr_get_array_length(ndr, &r->in.computer_name); + if (length_computer_name_0 > size_computer_name_0) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_computer_name_0, length_computer_name_0); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.computer_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.computer_name, ndr_get_array_length(ndr, &r->in.computer_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_computer_name_0, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.computer_name, length_computer_name_0, sizeof(uint16_t), CH_UTF16)); } if (flags & NDR_OUT) { NDR_CHECK(ndr_pull_WERROR(ndr, NDR_SCALARS, &r->out.result)); @@ -14259,7 +14653,11 @@ static enum ndr_err_code ndr_push_srvsvc_NetConnEnum(struct ndr_push *ndr, int f static enum ndr_err_code ndr_pull_srvsvc_NetConnEnum(struct ndr_pull *ndr, int flags, struct srvsvc_NetConnEnum *r) { uint32_t _ptr_server_unc; + uint32_t size_server_unc_1 = 0; + uint32_t length_server_unc_1 = 0; uint32_t _ptr_path; + uint32_t size_path_1 = 0; + uint32_t length_path_1 = 0; uint32_t _ptr_resume_handle; TALLOC_CTX *_mem_save_server_unc_0; TALLOC_CTX *_mem_save_path_0; @@ -14280,11 +14678,13 @@ static enum ndr_err_code ndr_pull_srvsvc_NetConnEnum(struct ndr_pull *ndr, int f NDR_PULL_SET_MEM_CTX(ndr, r->in.server_unc, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.server_unc)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.server_unc)); - if (ndr_get_array_length(ndr, &r->in.server_unc) > ndr_get_array_size(ndr, &r->in.server_unc)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.server_unc), ndr_get_array_length(ndr, &r->in.server_unc)); + size_server_unc_1 = ndr_get_array_size(ndr, &r->in.server_unc); + length_server_unc_1 = ndr_get_array_length(ndr, &r->in.server_unc); + if (length_server_unc_1 > size_server_unc_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_unc_1, length_server_unc_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.server_unc), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_unc, ndr_get_array_length(ndr, &r->in.server_unc), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_unc_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_unc, length_server_unc_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_unc_0, 0); } NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_path)); @@ -14298,11 +14698,13 @@ static enum ndr_err_code ndr_pull_srvsvc_NetConnEnum(struct ndr_pull *ndr, int f NDR_PULL_SET_MEM_CTX(ndr, r->in.path, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.path)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.path)); - if (ndr_get_array_length(ndr, &r->in.path) > ndr_get_array_size(ndr, &r->in.path)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.path), ndr_get_array_length(ndr, &r->in.path)); + size_path_1 = ndr_get_array_size(ndr, &r->in.path); + length_path_1 = ndr_get_array_length(ndr, &r->in.path); + if (length_path_1 > size_path_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_path_1, length_path_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.path), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.path, ndr_get_array_length(ndr, &r->in.path), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_path_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.path, length_path_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_path_0, 0); } if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) { @@ -14475,8 +14877,14 @@ static enum ndr_err_code ndr_push_srvsvc_NetFileEnum(struct ndr_push *ndr, int f static enum ndr_err_code ndr_pull_srvsvc_NetFileEnum(struct ndr_pull *ndr, int flags, struct srvsvc_NetFileEnum *r) { uint32_t _ptr_server_unc; + uint32_t size_server_unc_1 = 0; + uint32_t length_server_unc_1 = 0; uint32_t _ptr_path; + uint32_t size_path_1 = 0; + uint32_t length_path_1 = 0; uint32_t _ptr_user; + uint32_t size_user_1 = 0; + uint32_t length_user_1 = 0; uint32_t _ptr_resume_handle; TALLOC_CTX *_mem_save_server_unc_0; TALLOC_CTX *_mem_save_path_0; @@ -14498,11 +14906,13 @@ static enum ndr_err_code ndr_pull_srvsvc_NetFileEnum(struct ndr_pull *ndr, int f NDR_PULL_SET_MEM_CTX(ndr, r->in.server_unc, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.server_unc)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.server_unc)); - if (ndr_get_array_length(ndr, &r->in.server_unc) > ndr_get_array_size(ndr, &r->in.server_unc)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.server_unc), ndr_get_array_length(ndr, &r->in.server_unc)); + size_server_unc_1 = ndr_get_array_size(ndr, &r->in.server_unc); + length_server_unc_1 = ndr_get_array_length(ndr, &r->in.server_unc); + if (length_server_unc_1 > size_server_unc_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_unc_1, length_server_unc_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.server_unc), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_unc, ndr_get_array_length(ndr, &r->in.server_unc), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_unc_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_unc, length_server_unc_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_unc_0, 0); } NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_path)); @@ -14516,11 +14926,13 @@ static enum ndr_err_code ndr_pull_srvsvc_NetFileEnum(struct ndr_pull *ndr, int f NDR_PULL_SET_MEM_CTX(ndr, r->in.path, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.path)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.path)); - if (ndr_get_array_length(ndr, &r->in.path) > ndr_get_array_size(ndr, &r->in.path)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.path), ndr_get_array_length(ndr, &r->in.path)); + size_path_1 = ndr_get_array_size(ndr, &r->in.path); + length_path_1 = ndr_get_array_length(ndr, &r->in.path); + if (length_path_1 > size_path_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_path_1, length_path_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.path), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.path, ndr_get_array_length(ndr, &r->in.path), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_path_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.path, length_path_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_path_0, 0); } NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_user)); @@ -14534,11 +14946,13 @@ static enum ndr_err_code ndr_pull_srvsvc_NetFileEnum(struct ndr_pull *ndr, int f NDR_PULL_SET_MEM_CTX(ndr, r->in.user, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.user)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.user)); - if (ndr_get_array_length(ndr, &r->in.user) > ndr_get_array_size(ndr, &r->in.user)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.user), ndr_get_array_length(ndr, &r->in.user)); + size_user_1 = ndr_get_array_size(ndr, &r->in.user); + length_user_1 = ndr_get_array_length(ndr, &r->in.user); + if (length_user_1 > size_user_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_user_1, length_user_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.user), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.user, ndr_get_array_length(ndr, &r->in.user), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_user_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.user, length_user_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_user_0, 0); } if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) { @@ -14689,6 +15103,8 @@ static enum ndr_err_code ndr_push_srvsvc_NetFileGetInfo(struct ndr_push *ndr, in static enum ndr_err_code ndr_pull_srvsvc_NetFileGetInfo(struct ndr_pull *ndr, int flags, struct srvsvc_NetFileGetInfo *r) { uint32_t _ptr_server_unc; + uint32_t size_server_unc_1 = 0; + uint32_t length_server_unc_1 = 0; TALLOC_CTX *_mem_save_server_unc_0; TALLOC_CTX *_mem_save_info_0; if (flags & NDR_IN) { @@ -14705,11 +15121,13 @@ static enum ndr_err_code ndr_pull_srvsvc_NetFileGetInfo(struct ndr_pull *ndr, in NDR_PULL_SET_MEM_CTX(ndr, r->in.server_unc, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.server_unc)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.server_unc)); - if (ndr_get_array_length(ndr, &r->in.server_unc) > ndr_get_array_size(ndr, &r->in.server_unc)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.server_unc), ndr_get_array_length(ndr, &r->in.server_unc)); + size_server_unc_1 = ndr_get_array_size(ndr, &r->in.server_unc); + length_server_unc_1 = ndr_get_array_length(ndr, &r->in.server_unc); + if (length_server_unc_1 > size_server_unc_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_unc_1, length_server_unc_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.server_unc), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_unc, ndr_get_array_length(ndr, &r->in.server_unc), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_unc_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_unc, length_server_unc_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_unc_0, 0); } NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.fid)); @@ -14786,6 +15204,8 @@ static enum ndr_err_code ndr_push_srvsvc_NetFileClose(struct ndr_push *ndr, int static enum ndr_err_code ndr_pull_srvsvc_NetFileClose(struct ndr_pull *ndr, int flags, struct srvsvc_NetFileClose *r) { uint32_t _ptr_server_unc; + uint32_t size_server_unc_1 = 0; + uint32_t length_server_unc_1 = 0; TALLOC_CTX *_mem_save_server_unc_0; if (flags & NDR_IN) { NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_server_unc)); @@ -14799,11 +15219,13 @@ static enum ndr_err_code ndr_pull_srvsvc_NetFileClose(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->in.server_unc, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.server_unc)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.server_unc)); - if (ndr_get_array_length(ndr, &r->in.server_unc) > ndr_get_array_size(ndr, &r->in.server_unc)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.server_unc), ndr_get_array_length(ndr, &r->in.server_unc)); + size_server_unc_1 = ndr_get_array_size(ndr, &r->in.server_unc); + length_server_unc_1 = ndr_get_array_length(ndr, &r->in.server_unc); + if (length_server_unc_1 > size_server_unc_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_unc_1, length_server_unc_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.server_unc), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_unc, ndr_get_array_length(ndr, &r->in.server_unc), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_unc_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_unc, length_server_unc_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_unc_0, 0); } NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.fid)); @@ -14897,8 +15319,14 @@ static enum ndr_err_code ndr_push_srvsvc_NetSessEnum(struct ndr_push *ndr, int f static enum ndr_err_code ndr_pull_srvsvc_NetSessEnum(struct ndr_pull *ndr, int flags, struct srvsvc_NetSessEnum *r) { uint32_t _ptr_server_unc; + uint32_t size_server_unc_1 = 0; + uint32_t length_server_unc_1 = 0; uint32_t _ptr_client; + uint32_t size_client_1 = 0; + uint32_t length_client_1 = 0; uint32_t _ptr_user; + uint32_t size_user_1 = 0; + uint32_t length_user_1 = 0; uint32_t _ptr_resume_handle; TALLOC_CTX *_mem_save_server_unc_0; TALLOC_CTX *_mem_save_client_0; @@ -14920,11 +15348,13 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSessEnum(struct ndr_pull *ndr, int f NDR_PULL_SET_MEM_CTX(ndr, r->in.server_unc, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.server_unc)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.server_unc)); - if (ndr_get_array_length(ndr, &r->in.server_unc) > ndr_get_array_size(ndr, &r->in.server_unc)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.server_unc), ndr_get_array_length(ndr, &r->in.server_unc)); + size_server_unc_1 = ndr_get_array_size(ndr, &r->in.server_unc); + length_server_unc_1 = ndr_get_array_length(ndr, &r->in.server_unc); + if (length_server_unc_1 > size_server_unc_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_unc_1, length_server_unc_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.server_unc), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_unc, ndr_get_array_length(ndr, &r->in.server_unc), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_unc_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_unc, length_server_unc_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_unc_0, 0); } NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_client)); @@ -14938,11 +15368,13 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSessEnum(struct ndr_pull *ndr, int f NDR_PULL_SET_MEM_CTX(ndr, r->in.client, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.client)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.client)); - if (ndr_get_array_length(ndr, &r->in.client) > ndr_get_array_size(ndr, &r->in.client)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.client), ndr_get_array_length(ndr, &r->in.client)); + size_client_1 = ndr_get_array_size(ndr, &r->in.client); + length_client_1 = ndr_get_array_length(ndr, &r->in.client); + if (length_client_1 > size_client_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_client_1, length_client_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.client), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.client, ndr_get_array_length(ndr, &r->in.client), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_client_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.client, length_client_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_client_0, 0); } NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_user)); @@ -14956,11 +15388,13 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSessEnum(struct ndr_pull *ndr, int f NDR_PULL_SET_MEM_CTX(ndr, r->in.user, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.user)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.user)); - if (ndr_get_array_length(ndr, &r->in.user) > ndr_get_array_size(ndr, &r->in.user)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.user), ndr_get_array_length(ndr, &r->in.user)); + size_user_1 = ndr_get_array_size(ndr, &r->in.user); + length_user_1 = ndr_get_array_length(ndr, &r->in.user); + if (length_user_1 > size_user_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_user_1, length_user_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.user), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.user, ndr_get_array_length(ndr, &r->in.user), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_user_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.user, length_user_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_user_0, 0); } if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) { @@ -15118,8 +15552,14 @@ static enum ndr_err_code ndr_push_srvsvc_NetSessDel(struct ndr_push *ndr, int fl static enum ndr_err_code ndr_pull_srvsvc_NetSessDel(struct ndr_pull *ndr, int flags, struct srvsvc_NetSessDel *r) { uint32_t _ptr_server_unc; + uint32_t size_server_unc_1 = 0; + uint32_t length_server_unc_1 = 0; uint32_t _ptr_client; + uint32_t size_client_1 = 0; + uint32_t length_client_1 = 0; uint32_t _ptr_user; + uint32_t size_user_1 = 0; + uint32_t length_user_1 = 0; TALLOC_CTX *_mem_save_server_unc_0; TALLOC_CTX *_mem_save_client_0; TALLOC_CTX *_mem_save_user_0; @@ -15135,11 +15575,13 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSessDel(struct ndr_pull *ndr, int fl NDR_PULL_SET_MEM_CTX(ndr, r->in.server_unc, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.server_unc)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.server_unc)); - if (ndr_get_array_length(ndr, &r->in.server_unc) > ndr_get_array_size(ndr, &r->in.server_unc)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.server_unc), ndr_get_array_length(ndr, &r->in.server_unc)); + size_server_unc_1 = ndr_get_array_size(ndr, &r->in.server_unc); + length_server_unc_1 = ndr_get_array_length(ndr, &r->in.server_unc); + if (length_server_unc_1 > size_server_unc_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_unc_1, length_server_unc_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.server_unc), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_unc, ndr_get_array_length(ndr, &r->in.server_unc), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_unc_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_unc, length_server_unc_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_unc_0, 0); } NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_client)); @@ -15153,11 +15595,13 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSessDel(struct ndr_pull *ndr, int fl NDR_PULL_SET_MEM_CTX(ndr, r->in.client, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.client)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.client)); - if (ndr_get_array_length(ndr, &r->in.client) > ndr_get_array_size(ndr, &r->in.client)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.client), ndr_get_array_length(ndr, &r->in.client)); + size_client_1 = ndr_get_array_size(ndr, &r->in.client); + length_client_1 = ndr_get_array_length(ndr, &r->in.client); + if (length_client_1 > size_client_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_client_1, length_client_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.client), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.client, ndr_get_array_length(ndr, &r->in.client), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_client_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.client, length_client_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_client_0, 0); } NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_user)); @@ -15171,11 +15615,13 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSessDel(struct ndr_pull *ndr, int fl NDR_PULL_SET_MEM_CTX(ndr, r->in.user, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.user)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.user)); - if (ndr_get_array_length(ndr, &r->in.user) > ndr_get_array_size(ndr, &r->in.user)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.user), ndr_get_array_length(ndr, &r->in.user)); + size_user_1 = ndr_get_array_size(ndr, &r->in.user); + length_user_1 = ndr_get_array_length(ndr, &r->in.user); + if (length_user_1 > size_user_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_user_1, length_user_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.user), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.user, ndr_get_array_length(ndr, &r->in.user), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_user_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.user, length_user_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_user_0, 0); } } @@ -15258,6 +15704,8 @@ static enum ndr_err_code ndr_push_srvsvc_NetShareAdd(struct ndr_push *ndr, int f static enum ndr_err_code ndr_pull_srvsvc_NetShareAdd(struct ndr_pull *ndr, int flags, struct srvsvc_NetShareAdd *r) { uint32_t _ptr_server_unc; + uint32_t size_server_unc_1 = 0; + uint32_t length_server_unc_1 = 0; uint32_t _ptr_parm_error; TALLOC_CTX *_mem_save_server_unc_0; TALLOC_CTX *_mem_save_info_0; @@ -15276,11 +15724,13 @@ static enum ndr_err_code ndr_pull_srvsvc_NetShareAdd(struct ndr_pull *ndr, int f NDR_PULL_SET_MEM_CTX(ndr, r->in.server_unc, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.server_unc)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.server_unc)); - if (ndr_get_array_length(ndr, &r->in.server_unc) > ndr_get_array_size(ndr, &r->in.server_unc)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.server_unc), ndr_get_array_length(ndr, &r->in.server_unc)); + size_server_unc_1 = ndr_get_array_size(ndr, &r->in.server_unc); + length_server_unc_1 = ndr_get_array_length(ndr, &r->in.server_unc); + if (length_server_unc_1 > size_server_unc_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_unc_1, length_server_unc_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.server_unc), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_unc, ndr_get_array_length(ndr, &r->in.server_unc), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_unc_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_unc, length_server_unc_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_unc_0, 0); } NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.level)); @@ -15409,6 +15859,8 @@ static enum ndr_err_code ndr_push_srvsvc_NetShareEnumAll(struct ndr_push *ndr, i static enum ndr_err_code ndr_pull_srvsvc_NetShareEnumAll(struct ndr_pull *ndr, int flags, struct srvsvc_NetShareEnumAll *r) { uint32_t _ptr_server_unc; + uint32_t size_server_unc_1 = 0; + uint32_t length_server_unc_1 = 0; uint32_t _ptr_resume_handle; TALLOC_CTX *_mem_save_server_unc_0; TALLOC_CTX *_mem_save_info_ctr_0; @@ -15428,11 +15880,13 @@ static enum ndr_err_code ndr_pull_srvsvc_NetShareEnumAll(struct ndr_pull *ndr, i NDR_PULL_SET_MEM_CTX(ndr, r->in.server_unc, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.server_unc)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.server_unc)); - if (ndr_get_array_length(ndr, &r->in.server_unc) > ndr_get_array_size(ndr, &r->in.server_unc)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.server_unc), ndr_get_array_length(ndr, &r->in.server_unc)); + size_server_unc_1 = ndr_get_array_size(ndr, &r->in.server_unc); + length_server_unc_1 = ndr_get_array_length(ndr, &r->in.server_unc); + if (length_server_unc_1 > size_server_unc_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_unc_1, length_server_unc_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.server_unc), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_unc, ndr_get_array_length(ndr, &r->in.server_unc), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_unc_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_unc, length_server_unc_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_unc_0, 0); } if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) { @@ -15574,6 +16028,10 @@ static enum ndr_err_code ndr_push_srvsvc_NetShareGetInfo(struct ndr_push *ndr, i static enum ndr_err_code ndr_pull_srvsvc_NetShareGetInfo(struct ndr_pull *ndr, int flags, struct srvsvc_NetShareGetInfo *r) { uint32_t _ptr_server_unc; + uint32_t size_server_unc_1 = 0; + uint32_t length_server_unc_1 = 0; + uint32_t size_share_name_0 = 0; + uint32_t length_share_name_0 = 0; TALLOC_CTX *_mem_save_server_unc_0; TALLOC_CTX *_mem_save_info_0; if (flags & NDR_IN) { @@ -15590,20 +16048,24 @@ static enum ndr_err_code ndr_pull_srvsvc_NetShareGetInfo(struct ndr_pull *ndr, i NDR_PULL_SET_MEM_CTX(ndr, r->in.server_unc, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.server_unc)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.server_unc)); - if (ndr_get_array_length(ndr, &r->in.server_unc) > ndr_get_array_size(ndr, &r->in.server_unc)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.server_unc), ndr_get_array_length(ndr, &r->in.server_unc)); + size_server_unc_1 = ndr_get_array_size(ndr, &r->in.server_unc); + length_server_unc_1 = ndr_get_array_length(ndr, &r->in.server_unc); + if (length_server_unc_1 > size_server_unc_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_unc_1, length_server_unc_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.server_unc), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_unc, ndr_get_array_length(ndr, &r->in.server_unc), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_unc_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_unc, length_server_unc_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_unc_0, 0); } NDR_CHECK(ndr_pull_array_size(ndr, &r->in.share_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.share_name)); - if (ndr_get_array_length(ndr, &r->in.share_name) > ndr_get_array_size(ndr, &r->in.share_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.share_name), ndr_get_array_length(ndr, &r->in.share_name)); + size_share_name_0 = ndr_get_array_size(ndr, &r->in.share_name); + length_share_name_0 = ndr_get_array_length(ndr, &r->in.share_name); + if (length_share_name_0 > size_share_name_0) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_share_name_0, length_share_name_0); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.share_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.share_name, ndr_get_array_length(ndr, &r->in.share_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_share_name_0, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.share_name, length_share_name_0, sizeof(uint16_t), CH_UTF16)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.level)); NDR_PULL_ALLOC(ndr, r->out.info); ZERO_STRUCTP(r->out.info); @@ -15694,6 +16156,10 @@ static enum ndr_err_code ndr_push_srvsvc_NetShareSetInfo(struct ndr_push *ndr, i static enum ndr_err_code ndr_pull_srvsvc_NetShareSetInfo(struct ndr_pull *ndr, int flags, struct srvsvc_NetShareSetInfo *r) { uint32_t _ptr_server_unc; + uint32_t size_server_unc_1 = 0; + uint32_t length_server_unc_1 = 0; + uint32_t size_share_name_0 = 0; + uint32_t length_share_name_0 = 0; uint32_t _ptr_parm_error; TALLOC_CTX *_mem_save_server_unc_0; TALLOC_CTX *_mem_save_info_0; @@ -15712,20 +16178,24 @@ static enum ndr_err_code ndr_pull_srvsvc_NetShareSetInfo(struct ndr_pull *ndr, i NDR_PULL_SET_MEM_CTX(ndr, r->in.server_unc, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.server_unc)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.server_unc)); - if (ndr_get_array_length(ndr, &r->in.server_unc) > ndr_get_array_size(ndr, &r->in.server_unc)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.server_unc), ndr_get_array_length(ndr, &r->in.server_unc)); + size_server_unc_1 = ndr_get_array_size(ndr, &r->in.server_unc); + length_server_unc_1 = ndr_get_array_length(ndr, &r->in.server_unc); + if (length_server_unc_1 > size_server_unc_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_unc_1, length_server_unc_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.server_unc), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_unc, ndr_get_array_length(ndr, &r->in.server_unc), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_unc_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_unc, length_server_unc_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_unc_0, 0); } NDR_CHECK(ndr_pull_array_size(ndr, &r->in.share_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.share_name)); - if (ndr_get_array_length(ndr, &r->in.share_name) > ndr_get_array_size(ndr, &r->in.share_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.share_name), ndr_get_array_length(ndr, &r->in.share_name)); + size_share_name_0 = ndr_get_array_size(ndr, &r->in.share_name); + length_share_name_0 = ndr_get_array_length(ndr, &r->in.share_name); + if (length_share_name_0 > size_share_name_0) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_share_name_0, length_share_name_0); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.share_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.share_name, ndr_get_array_length(ndr, &r->in.share_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_share_name_0, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.share_name, length_share_name_0, sizeof(uint16_t), CH_UTF16)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.level)); if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) { NDR_PULL_ALLOC(ndr, r->in.info); @@ -15837,6 +16307,10 @@ static enum ndr_err_code ndr_push_srvsvc_NetShareDel(struct ndr_push *ndr, int f static enum ndr_err_code ndr_pull_srvsvc_NetShareDel(struct ndr_pull *ndr, int flags, struct srvsvc_NetShareDel *r) { uint32_t _ptr_server_unc; + uint32_t size_server_unc_1 = 0; + uint32_t length_server_unc_1 = 0; + uint32_t size_share_name_0 = 0; + uint32_t length_share_name_0 = 0; TALLOC_CTX *_mem_save_server_unc_0; if (flags & NDR_IN) { NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_server_unc)); @@ -15850,20 +16324,24 @@ static enum ndr_err_code ndr_pull_srvsvc_NetShareDel(struct ndr_pull *ndr, int f NDR_PULL_SET_MEM_CTX(ndr, r->in.server_unc, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.server_unc)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.server_unc)); - if (ndr_get_array_length(ndr, &r->in.server_unc) > ndr_get_array_size(ndr, &r->in.server_unc)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.server_unc), ndr_get_array_length(ndr, &r->in.server_unc)); + size_server_unc_1 = ndr_get_array_size(ndr, &r->in.server_unc); + length_server_unc_1 = ndr_get_array_length(ndr, &r->in.server_unc); + if (length_server_unc_1 > size_server_unc_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_unc_1, length_server_unc_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.server_unc), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_unc, ndr_get_array_length(ndr, &r->in.server_unc), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_unc_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_unc, length_server_unc_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_unc_0, 0); } NDR_CHECK(ndr_pull_array_size(ndr, &r->in.share_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.share_name)); - if (ndr_get_array_length(ndr, &r->in.share_name) > ndr_get_array_size(ndr, &r->in.share_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.share_name), ndr_get_array_length(ndr, &r->in.share_name)); + size_share_name_0 = ndr_get_array_size(ndr, &r->in.share_name); + length_share_name_0 = ndr_get_array_length(ndr, &r->in.share_name); + if (length_share_name_0 > size_share_name_0) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_share_name_0, length_share_name_0); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.share_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.share_name, ndr_get_array_length(ndr, &r->in.share_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_share_name_0, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.share_name, length_share_name_0, sizeof(uint16_t), CH_UTF16)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.reserved)); } if (flags & NDR_OUT) { @@ -15926,6 +16404,10 @@ static enum ndr_err_code ndr_push_srvsvc_NetShareDelSticky(struct ndr_push *ndr, static enum ndr_err_code ndr_pull_srvsvc_NetShareDelSticky(struct ndr_pull *ndr, int flags, struct srvsvc_NetShareDelSticky *r) { uint32_t _ptr_server_unc; + uint32_t size_server_unc_1 = 0; + uint32_t length_server_unc_1 = 0; + uint32_t size_share_name_0 = 0; + uint32_t length_share_name_0 = 0; TALLOC_CTX *_mem_save_server_unc_0; if (flags & NDR_IN) { NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_server_unc)); @@ -15939,20 +16421,24 @@ static enum ndr_err_code ndr_pull_srvsvc_NetShareDelSticky(struct ndr_pull *ndr, NDR_PULL_SET_MEM_CTX(ndr, r->in.server_unc, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.server_unc)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.server_unc)); - if (ndr_get_array_length(ndr, &r->in.server_unc) > ndr_get_array_size(ndr, &r->in.server_unc)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.server_unc), ndr_get_array_length(ndr, &r->in.server_unc)); + size_server_unc_1 = ndr_get_array_size(ndr, &r->in.server_unc); + length_server_unc_1 = ndr_get_array_length(ndr, &r->in.server_unc); + if (length_server_unc_1 > size_server_unc_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_unc_1, length_server_unc_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.server_unc), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_unc, ndr_get_array_length(ndr, &r->in.server_unc), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_unc_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_unc, length_server_unc_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_unc_0, 0); } NDR_CHECK(ndr_pull_array_size(ndr, &r->in.share_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.share_name)); - if (ndr_get_array_length(ndr, &r->in.share_name) > ndr_get_array_size(ndr, &r->in.share_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.share_name), ndr_get_array_length(ndr, &r->in.share_name)); + size_share_name_0 = ndr_get_array_size(ndr, &r->in.share_name); + length_share_name_0 = ndr_get_array_length(ndr, &r->in.share_name); + if (length_share_name_0 > size_share_name_0) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_share_name_0, length_share_name_0); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.share_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.share_name, ndr_get_array_length(ndr, &r->in.share_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_share_name_0, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.share_name, length_share_name_0, sizeof(uint16_t), CH_UTF16)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.reserved)); } if (flags & NDR_OUT) { @@ -16018,6 +16504,10 @@ static enum ndr_err_code ndr_push_srvsvc_NetShareCheck(struct ndr_push *ndr, int static enum ndr_err_code ndr_pull_srvsvc_NetShareCheck(struct ndr_pull *ndr, int flags, struct srvsvc_NetShareCheck *r) { uint32_t _ptr_server_unc; + uint32_t size_server_unc_1 = 0; + uint32_t length_server_unc_1 = 0; + uint32_t size_device_name_0 = 0; + uint32_t length_device_name_0 = 0; TALLOC_CTX *_mem_save_server_unc_0; TALLOC_CTX *_mem_save_type_0; if (flags & NDR_IN) { @@ -16034,20 +16524,24 @@ static enum ndr_err_code ndr_pull_srvsvc_NetShareCheck(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->in.server_unc, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.server_unc)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.server_unc)); - if (ndr_get_array_length(ndr, &r->in.server_unc) > ndr_get_array_size(ndr, &r->in.server_unc)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.server_unc), ndr_get_array_length(ndr, &r->in.server_unc)); + size_server_unc_1 = ndr_get_array_size(ndr, &r->in.server_unc); + length_server_unc_1 = ndr_get_array_length(ndr, &r->in.server_unc); + if (length_server_unc_1 > size_server_unc_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_unc_1, length_server_unc_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.server_unc), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_unc, ndr_get_array_length(ndr, &r->in.server_unc), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_unc_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_unc, length_server_unc_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_unc_0, 0); } NDR_CHECK(ndr_pull_array_size(ndr, &r->in.device_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.device_name)); - if (ndr_get_array_length(ndr, &r->in.device_name) > ndr_get_array_size(ndr, &r->in.device_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.device_name), ndr_get_array_length(ndr, &r->in.device_name)); + size_device_name_0 = ndr_get_array_size(ndr, &r->in.device_name); + length_device_name_0 = ndr_get_array_length(ndr, &r->in.device_name); + if (length_device_name_0 > size_device_name_0) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_device_name_0, length_device_name_0); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.device_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.device_name, ndr_get_array_length(ndr, &r->in.device_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_device_name_0, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.device_name, length_device_name_0, sizeof(uint16_t), CH_UTF16)); NDR_PULL_ALLOC(ndr, r->out.type); ZERO_STRUCTP(r->out.type); } @@ -16122,6 +16616,8 @@ static enum ndr_err_code ndr_push_srvsvc_NetSrvGetInfo(struct ndr_push *ndr, int static enum ndr_err_code ndr_pull_srvsvc_NetSrvGetInfo(struct ndr_pull *ndr, int flags, struct srvsvc_NetSrvGetInfo *r) { uint32_t _ptr_server_unc; + uint32_t size_server_unc_1 = 0; + uint32_t length_server_unc_1 = 0; TALLOC_CTX *_mem_save_server_unc_0; TALLOC_CTX *_mem_save_info_0; if (flags & NDR_IN) { @@ -16138,11 +16634,13 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSrvGetInfo(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->in.server_unc, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.server_unc)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.server_unc)); - if (ndr_get_array_length(ndr, &r->in.server_unc) > ndr_get_array_size(ndr, &r->in.server_unc)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.server_unc), ndr_get_array_length(ndr, &r->in.server_unc)); + size_server_unc_1 = ndr_get_array_size(ndr, &r->in.server_unc); + length_server_unc_1 = ndr_get_array_length(ndr, &r->in.server_unc); + if (length_server_unc_1 > size_server_unc_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_unc_1, length_server_unc_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.server_unc), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_unc, ndr_get_array_length(ndr, &r->in.server_unc), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_unc_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_unc, length_server_unc_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_unc_0, 0); } NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.level)); @@ -16230,6 +16728,8 @@ static enum ndr_err_code ndr_push_srvsvc_NetSrvSetInfo(struct ndr_push *ndr, int static enum ndr_err_code ndr_pull_srvsvc_NetSrvSetInfo(struct ndr_pull *ndr, int flags, struct srvsvc_NetSrvSetInfo *r) { uint32_t _ptr_server_unc; + uint32_t size_server_unc_1 = 0; + uint32_t length_server_unc_1 = 0; uint32_t _ptr_parm_error; TALLOC_CTX *_mem_save_server_unc_0; TALLOC_CTX *_mem_save_info_0; @@ -16248,11 +16748,13 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSrvSetInfo(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->in.server_unc, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.server_unc)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.server_unc)); - if (ndr_get_array_length(ndr, &r->in.server_unc) > ndr_get_array_size(ndr, &r->in.server_unc)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.server_unc), ndr_get_array_length(ndr, &r->in.server_unc)); + size_server_unc_1 = ndr_get_array_size(ndr, &r->in.server_unc); + length_server_unc_1 = ndr_get_array_length(ndr, &r->in.server_unc); + if (length_server_unc_1 > size_server_unc_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_unc_1, length_server_unc_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.server_unc), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_unc, ndr_get_array_length(ndr, &r->in.server_unc), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_unc_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_unc, length_server_unc_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_unc_0, 0); } NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.level)); @@ -16382,6 +16884,8 @@ static enum ndr_err_code ndr_push_srvsvc_NetDiskEnum(struct ndr_push *ndr, int f static enum ndr_err_code ndr_pull_srvsvc_NetDiskEnum(struct ndr_pull *ndr, int flags, struct srvsvc_NetDiskEnum *r) { uint32_t _ptr_server_unc; + uint32_t size_server_unc_1 = 0; + uint32_t length_server_unc_1 = 0; uint32_t _ptr_resume_handle; TALLOC_CTX *_mem_save_server_unc_0; TALLOC_CTX *_mem_save_info_0; @@ -16401,11 +16905,13 @@ static enum ndr_err_code ndr_pull_srvsvc_NetDiskEnum(struct ndr_pull *ndr, int f NDR_PULL_SET_MEM_CTX(ndr, r->in.server_unc, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.server_unc)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.server_unc)); - if (ndr_get_array_length(ndr, &r->in.server_unc) > ndr_get_array_size(ndr, &r->in.server_unc)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.server_unc), ndr_get_array_length(ndr, &r->in.server_unc)); + size_server_unc_1 = ndr_get_array_size(ndr, &r->in.server_unc); + length_server_unc_1 = ndr_get_array_length(ndr, &r->in.server_unc); + if (length_server_unc_1 > size_server_unc_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_unc_1, length_server_unc_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.server_unc), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_unc, ndr_get_array_length(ndr, &r->in.server_unc), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_unc_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_unc, length_server_unc_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_unc_0, 0); } NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.level)); @@ -16555,7 +17061,11 @@ static enum ndr_err_code ndr_push_srvsvc_NetServerStatisticsGet(struct ndr_push static enum ndr_err_code ndr_pull_srvsvc_NetServerStatisticsGet(struct ndr_pull *ndr, int flags, struct srvsvc_NetServerStatisticsGet *r) { uint32_t _ptr_server_unc; + uint32_t size_server_unc_1 = 0; + uint32_t length_server_unc_1 = 0; uint32_t _ptr_service; + uint32_t size_service_1 = 0; + uint32_t length_service_1 = 0; uint32_t _ptr_stats; TALLOC_CTX *_mem_save_server_unc_0; TALLOC_CTX *_mem_save_service_0; @@ -16575,11 +17085,13 @@ static enum ndr_err_code ndr_pull_srvsvc_NetServerStatisticsGet(struct ndr_pull NDR_PULL_SET_MEM_CTX(ndr, r->in.server_unc, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.server_unc)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.server_unc)); - if (ndr_get_array_length(ndr, &r->in.server_unc) > ndr_get_array_size(ndr, &r->in.server_unc)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.server_unc), ndr_get_array_length(ndr, &r->in.server_unc)); + size_server_unc_1 = ndr_get_array_size(ndr, &r->in.server_unc); + length_server_unc_1 = ndr_get_array_length(ndr, &r->in.server_unc); + if (length_server_unc_1 > size_server_unc_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_unc_1, length_server_unc_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.server_unc), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_unc, ndr_get_array_length(ndr, &r->in.server_unc), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_unc_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_unc, length_server_unc_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_unc_0, 0); } NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_service)); @@ -16593,11 +17105,13 @@ static enum ndr_err_code ndr_pull_srvsvc_NetServerStatisticsGet(struct ndr_pull NDR_PULL_SET_MEM_CTX(ndr, r->in.service, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.service)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.service)); - if (ndr_get_array_length(ndr, &r->in.service) > ndr_get_array_size(ndr, &r->in.service)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.service), ndr_get_array_length(ndr, &r->in.service)); + size_service_1 = ndr_get_array_size(ndr, &r->in.service); + length_service_1 = ndr_get_array_length(ndr, &r->in.service); + if (length_service_1 > size_service_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_service_1, length_service_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.service), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.service, ndr_get_array_length(ndr, &r->in.service), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_service_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.service, length_service_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_service_0, 0); } NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.level)); @@ -16696,6 +17210,8 @@ static enum ndr_err_code ndr_push_srvsvc_NetTransportAdd(struct ndr_push *ndr, i static enum ndr_err_code ndr_pull_srvsvc_NetTransportAdd(struct ndr_pull *ndr, int flags, struct srvsvc_NetTransportAdd *r) { uint32_t _ptr_server_unc; + uint32_t size_server_unc_1 = 0; + uint32_t length_server_unc_1 = 0; TALLOC_CTX *_mem_save_server_unc_0; if (flags & NDR_IN) { NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_server_unc)); @@ -16709,11 +17225,13 @@ static enum ndr_err_code ndr_pull_srvsvc_NetTransportAdd(struct ndr_pull *ndr, i NDR_PULL_SET_MEM_CTX(ndr, r->in.server_unc, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.server_unc)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.server_unc)); - if (ndr_get_array_length(ndr, &r->in.server_unc) > ndr_get_array_size(ndr, &r->in.server_unc)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.server_unc), ndr_get_array_length(ndr, &r->in.server_unc)); + size_server_unc_1 = ndr_get_array_size(ndr, &r->in.server_unc); + length_server_unc_1 = ndr_get_array_length(ndr, &r->in.server_unc); + if (length_server_unc_1 > size_server_unc_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_unc_1, length_server_unc_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.server_unc), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_unc, ndr_get_array_length(ndr, &r->in.server_unc), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_unc_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_unc, length_server_unc_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_unc_0, 0); } NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.level)); @@ -16797,6 +17315,8 @@ static enum ndr_err_code ndr_push_srvsvc_NetTransportEnum(struct ndr_push *ndr, static enum ndr_err_code ndr_pull_srvsvc_NetTransportEnum(struct ndr_pull *ndr, int flags, struct srvsvc_NetTransportEnum *r) { uint32_t _ptr_server_unc; + uint32_t size_server_unc_1 = 0; + uint32_t length_server_unc_1 = 0; uint32_t _ptr_resume_handle; TALLOC_CTX *_mem_save_server_unc_0; TALLOC_CTX *_mem_save_transports_0; @@ -16816,11 +17336,13 @@ static enum ndr_err_code ndr_pull_srvsvc_NetTransportEnum(struct ndr_pull *ndr, NDR_PULL_SET_MEM_CTX(ndr, r->in.server_unc, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.server_unc)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.server_unc)); - if (ndr_get_array_length(ndr, &r->in.server_unc) > ndr_get_array_size(ndr, &r->in.server_unc)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.server_unc), ndr_get_array_length(ndr, &r->in.server_unc)); + size_server_unc_1 = ndr_get_array_size(ndr, &r->in.server_unc); + length_server_unc_1 = ndr_get_array_length(ndr, &r->in.server_unc); + if (length_server_unc_1 > size_server_unc_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_unc_1, length_server_unc_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.server_unc), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_unc, ndr_get_array_length(ndr, &r->in.server_unc), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_unc_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_unc, length_server_unc_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_unc_0, 0); } if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) { @@ -16957,6 +17479,8 @@ static enum ndr_err_code ndr_push_srvsvc_NetTransportDel(struct ndr_push *ndr, i static enum ndr_err_code ndr_pull_srvsvc_NetTransportDel(struct ndr_pull *ndr, int flags, struct srvsvc_NetTransportDel *r) { uint32_t _ptr_server_unc; + uint32_t size_server_unc_1 = 0; + uint32_t length_server_unc_1 = 0; TALLOC_CTX *_mem_save_server_unc_0; TALLOC_CTX *_mem_save_info0_0; if (flags & NDR_IN) { @@ -16971,11 +17495,13 @@ static enum ndr_err_code ndr_pull_srvsvc_NetTransportDel(struct ndr_pull *ndr, i NDR_PULL_SET_MEM_CTX(ndr, r->in.server_unc, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.server_unc)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.server_unc)); - if (ndr_get_array_length(ndr, &r->in.server_unc) > ndr_get_array_size(ndr, &r->in.server_unc)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.server_unc), ndr_get_array_length(ndr, &r->in.server_unc)); + size_server_unc_1 = ndr_get_array_size(ndr, &r->in.server_unc); + length_server_unc_1 = ndr_get_array_length(ndr, &r->in.server_unc); + if (length_server_unc_1 > size_server_unc_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_unc_1, length_server_unc_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.server_unc), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_unc, ndr_get_array_length(ndr, &r->in.server_unc), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_unc_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_unc, length_server_unc_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_unc_0, 0); } NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.level)); @@ -17052,6 +17578,8 @@ static enum ndr_err_code ndr_push_srvsvc_NetRemoteTOD(struct ndr_push *ndr, int static enum ndr_err_code ndr_pull_srvsvc_NetRemoteTOD(struct ndr_pull *ndr, int flags, struct srvsvc_NetRemoteTOD *r) { uint32_t _ptr_server_unc; + uint32_t size_server_unc_1 = 0; + uint32_t length_server_unc_1 = 0; uint32_t _ptr_info; TALLOC_CTX *_mem_save_server_unc_0; TALLOC_CTX *_mem_save_info_0; @@ -17070,11 +17598,13 @@ static enum ndr_err_code ndr_pull_srvsvc_NetRemoteTOD(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->in.server_unc, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.server_unc)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.server_unc)); - if (ndr_get_array_length(ndr, &r->in.server_unc) > ndr_get_array_size(ndr, &r->in.server_unc)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.server_unc), ndr_get_array_length(ndr, &r->in.server_unc)); + size_server_unc_1 = ndr_get_array_size(ndr, &r->in.server_unc); + length_server_unc_1 = ndr_get_array_length(ndr, &r->in.server_unc); + if (length_server_unc_1 > size_server_unc_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_unc_1, length_server_unc_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.server_unc), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_unc, ndr_get_array_length(ndr, &r->in.server_unc), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_unc_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_unc, length_server_unc_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_unc_0, 0); } NDR_PULL_ALLOC(ndr, r->out.info); @@ -17169,7 +17699,11 @@ static enum ndr_err_code ndr_push_srvsvc_NetSetServiceBits(struct ndr_push *ndr, static enum ndr_err_code ndr_pull_srvsvc_NetSetServiceBits(struct ndr_pull *ndr, int flags, struct srvsvc_NetSetServiceBits *r) { uint32_t _ptr_server_unc; + uint32_t size_server_unc_1 = 0; + uint32_t length_server_unc_1 = 0; uint32_t _ptr_transport; + uint32_t size_transport_1 = 0; + uint32_t length_transport_1 = 0; TALLOC_CTX *_mem_save_server_unc_0; TALLOC_CTX *_mem_save_transport_0; if (flags & NDR_IN) { @@ -17184,11 +17718,13 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSetServiceBits(struct ndr_pull *ndr, NDR_PULL_SET_MEM_CTX(ndr, r->in.server_unc, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.server_unc)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.server_unc)); - if (ndr_get_array_length(ndr, &r->in.server_unc) > ndr_get_array_size(ndr, &r->in.server_unc)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.server_unc), ndr_get_array_length(ndr, &r->in.server_unc)); + size_server_unc_1 = ndr_get_array_size(ndr, &r->in.server_unc); + length_server_unc_1 = ndr_get_array_length(ndr, &r->in.server_unc); + if (length_server_unc_1 > size_server_unc_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_unc_1, length_server_unc_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.server_unc), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_unc, ndr_get_array_length(ndr, &r->in.server_unc), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_unc_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_unc, length_server_unc_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_unc_0, 0); } NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_transport)); @@ -17202,11 +17738,13 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSetServiceBits(struct ndr_pull *ndr, NDR_PULL_SET_MEM_CTX(ndr, r->in.transport, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.transport)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.transport)); - if (ndr_get_array_length(ndr, &r->in.transport) > ndr_get_array_size(ndr, &r->in.transport)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.transport), ndr_get_array_length(ndr, &r->in.transport)); + size_transport_1 = ndr_get_array_size(ndr, &r->in.transport); + length_transport_1 = ndr_get_array_length(ndr, &r->in.transport); + if (length_transport_1 > size_transport_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_transport_1, length_transport_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.transport), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.transport, ndr_get_array_length(ndr, &r->in.transport), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_transport_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.transport, length_transport_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_transport_0, 0); } NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.servicebits)); @@ -17282,6 +17820,10 @@ static enum ndr_err_code ndr_push_srvsvc_NetPathType(struct ndr_push *ndr, int f static enum ndr_err_code ndr_pull_srvsvc_NetPathType(struct ndr_pull *ndr, int flags, struct srvsvc_NetPathType *r) { uint32_t _ptr_server_unc; + uint32_t size_server_unc_1 = 0; + uint32_t length_server_unc_1 = 0; + uint32_t size_path_0 = 0; + uint32_t length_path_0 = 0; TALLOC_CTX *_mem_save_server_unc_0; TALLOC_CTX *_mem_save_pathtype_0; if (flags & NDR_IN) { @@ -17298,20 +17840,24 @@ static enum ndr_err_code ndr_pull_srvsvc_NetPathType(struct ndr_pull *ndr, int f NDR_PULL_SET_MEM_CTX(ndr, r->in.server_unc, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.server_unc)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.server_unc)); - if (ndr_get_array_length(ndr, &r->in.server_unc) > ndr_get_array_size(ndr, &r->in.server_unc)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.server_unc), ndr_get_array_length(ndr, &r->in.server_unc)); + size_server_unc_1 = ndr_get_array_size(ndr, &r->in.server_unc); + length_server_unc_1 = ndr_get_array_length(ndr, &r->in.server_unc); + if (length_server_unc_1 > size_server_unc_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_unc_1, length_server_unc_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.server_unc), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_unc, ndr_get_array_length(ndr, &r->in.server_unc), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_unc_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_unc, length_server_unc_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_unc_0, 0); } NDR_CHECK(ndr_pull_array_size(ndr, &r->in.path)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.path)); - if (ndr_get_array_length(ndr, &r->in.path) > ndr_get_array_size(ndr, &r->in.path)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.path), ndr_get_array_length(ndr, &r->in.path)); + size_path_0 = ndr_get_array_size(ndr, &r->in.path); + length_path_0 = ndr_get_array_length(ndr, &r->in.path); + if (length_path_0 > size_path_0) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_path_0, length_path_0); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.path), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.path, ndr_get_array_length(ndr, &r->in.path), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_path_0, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.path, length_path_0, sizeof(uint16_t), CH_UTF16)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.pathflags)); NDR_PULL_ALLOC(ndr, r->out.pathtype); ZERO_STRUCTP(r->out.pathtype); @@ -17402,6 +17948,13 @@ static enum ndr_err_code ndr_push_srvsvc_NetPathCanonicalize(struct ndr_push *nd static enum ndr_err_code ndr_pull_srvsvc_NetPathCanonicalize(struct ndr_pull *ndr, int flags, struct srvsvc_NetPathCanonicalize *r) { uint32_t _ptr_server_unc; + uint32_t size_server_unc_1 = 0; + uint32_t length_server_unc_1 = 0; + uint32_t size_path_0 = 0; + uint32_t length_path_0 = 0; + uint32_t size_can_path_0 = 0; + uint32_t size_prefix_0 = 0; + uint32_t length_prefix_0 = 0; TALLOC_CTX *_mem_save_server_unc_0; TALLOC_CTX *_mem_save_pathtype_0; if (flags & NDR_IN) { @@ -17418,28 +17971,34 @@ static enum ndr_err_code ndr_pull_srvsvc_NetPathCanonicalize(struct ndr_pull *nd NDR_PULL_SET_MEM_CTX(ndr, r->in.server_unc, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.server_unc)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.server_unc)); - if (ndr_get_array_length(ndr, &r->in.server_unc) > ndr_get_array_size(ndr, &r->in.server_unc)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.server_unc), ndr_get_array_length(ndr, &r->in.server_unc)); + size_server_unc_1 = ndr_get_array_size(ndr, &r->in.server_unc); + length_server_unc_1 = ndr_get_array_length(ndr, &r->in.server_unc); + if (length_server_unc_1 > size_server_unc_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_unc_1, length_server_unc_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.server_unc), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_unc, ndr_get_array_length(ndr, &r->in.server_unc), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_unc_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_unc, length_server_unc_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_unc_0, 0); } NDR_CHECK(ndr_pull_array_size(ndr, &r->in.path)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.path)); - if (ndr_get_array_length(ndr, &r->in.path) > ndr_get_array_size(ndr, &r->in.path)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.path), ndr_get_array_length(ndr, &r->in.path)); + size_path_0 = ndr_get_array_size(ndr, &r->in.path); + length_path_0 = ndr_get_array_length(ndr, &r->in.path); + if (length_path_0 > size_path_0) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_path_0, length_path_0); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.path), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.path, ndr_get_array_length(ndr, &r->in.path), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_path_0, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.path, length_path_0, sizeof(uint16_t), CH_UTF16)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.maxbuf)); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.prefix)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.prefix)); - if (ndr_get_array_length(ndr, &r->in.prefix) > ndr_get_array_size(ndr, &r->in.prefix)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.prefix), ndr_get_array_length(ndr, &r->in.prefix)); + size_prefix_0 = ndr_get_array_size(ndr, &r->in.prefix); + length_prefix_0 = ndr_get_array_length(ndr, &r->in.prefix); + if (length_prefix_0 > size_prefix_0) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_prefix_0, length_prefix_0); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.prefix), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.prefix, ndr_get_array_length(ndr, &r->in.prefix), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_prefix_0, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.prefix, length_prefix_0, sizeof(uint16_t), CH_UTF16)); if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) { NDR_PULL_ALLOC(ndr, r->in.pathtype); } @@ -17453,8 +18012,9 @@ static enum ndr_err_code ndr_pull_srvsvc_NetPathCanonicalize(struct ndr_pull *nd } if (flags & NDR_OUT) { NDR_CHECK(ndr_pull_array_size(ndr, &r->out.can_path)); - NDR_PULL_ALLOC_N(ndr, r->out.can_path, ndr_get_array_size(ndr, &r->out.can_path)); - NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->out.can_path, ndr_get_array_size(ndr, &r->out.can_path))); + size_can_path_0 = ndr_get_array_size(ndr, &r->out.can_path); + NDR_PULL_ALLOC_N(ndr, r->out.can_path, size_can_path_0); + NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->out.can_path, size_can_path_0)); if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) { NDR_PULL_ALLOC(ndr, r->out.pathtype); } @@ -17540,6 +18100,12 @@ static enum ndr_err_code ndr_push_srvsvc_NetPathCompare(struct ndr_push *ndr, in static enum ndr_err_code ndr_pull_srvsvc_NetPathCompare(struct ndr_pull *ndr, int flags, struct srvsvc_NetPathCompare *r) { uint32_t _ptr_server_unc; + uint32_t size_server_unc_1 = 0; + uint32_t length_server_unc_1 = 0; + uint32_t size_path1_0 = 0; + uint32_t length_path1_0 = 0; + uint32_t size_path2_0 = 0; + uint32_t length_path2_0 = 0; TALLOC_CTX *_mem_save_server_unc_0; if (flags & NDR_IN) { NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_server_unc)); @@ -17553,27 +18119,33 @@ static enum ndr_err_code ndr_pull_srvsvc_NetPathCompare(struct ndr_pull *ndr, in NDR_PULL_SET_MEM_CTX(ndr, r->in.server_unc, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.server_unc)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.server_unc)); - if (ndr_get_array_length(ndr, &r->in.server_unc) > ndr_get_array_size(ndr, &r->in.server_unc)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.server_unc), ndr_get_array_length(ndr, &r->in.server_unc)); + size_server_unc_1 = ndr_get_array_size(ndr, &r->in.server_unc); + length_server_unc_1 = ndr_get_array_length(ndr, &r->in.server_unc); + if (length_server_unc_1 > size_server_unc_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_unc_1, length_server_unc_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.server_unc), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_unc, ndr_get_array_length(ndr, &r->in.server_unc), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_unc_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_unc, length_server_unc_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_unc_0, 0); } NDR_CHECK(ndr_pull_array_size(ndr, &r->in.path1)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.path1)); - if (ndr_get_array_length(ndr, &r->in.path1) > ndr_get_array_size(ndr, &r->in.path1)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.path1), ndr_get_array_length(ndr, &r->in.path1)); + size_path1_0 = ndr_get_array_size(ndr, &r->in.path1); + length_path1_0 = ndr_get_array_length(ndr, &r->in.path1); + if (length_path1_0 > size_path1_0) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_path1_0, length_path1_0); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.path1), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.path1, ndr_get_array_length(ndr, &r->in.path1), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_path1_0, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.path1, length_path1_0, sizeof(uint16_t), CH_UTF16)); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.path2)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.path2)); - if (ndr_get_array_length(ndr, &r->in.path2) > ndr_get_array_size(ndr, &r->in.path2)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.path2), ndr_get_array_length(ndr, &r->in.path2)); + size_path2_0 = ndr_get_array_size(ndr, &r->in.path2); + length_path2_0 = ndr_get_array_length(ndr, &r->in.path2); + if (length_path2_0 > size_path2_0) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_path2_0, length_path2_0); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.path2), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.path2, ndr_get_array_length(ndr, &r->in.path2), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_path2_0, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.path2, length_path2_0, sizeof(uint16_t), CH_UTF16)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.pathtype)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.pathflags)); } @@ -17640,6 +18212,10 @@ static enum ndr_err_code ndr_push_srvsvc_NetNameValidate(struct ndr_push *ndr, i static enum ndr_err_code ndr_pull_srvsvc_NetNameValidate(struct ndr_pull *ndr, int flags, struct srvsvc_NetNameValidate *r) { uint32_t _ptr_server_unc; + uint32_t size_server_unc_1 = 0; + uint32_t length_server_unc_1 = 0; + uint32_t size_name_0 = 0; + uint32_t length_name_0 = 0; TALLOC_CTX *_mem_save_server_unc_0; if (flags & NDR_IN) { NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_server_unc)); @@ -17653,20 +18229,24 @@ static enum ndr_err_code ndr_pull_srvsvc_NetNameValidate(struct ndr_pull *ndr, i NDR_PULL_SET_MEM_CTX(ndr, r->in.server_unc, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.server_unc)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.server_unc)); - if (ndr_get_array_length(ndr, &r->in.server_unc) > ndr_get_array_size(ndr, &r->in.server_unc)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.server_unc), ndr_get_array_length(ndr, &r->in.server_unc)); + size_server_unc_1 = ndr_get_array_size(ndr, &r->in.server_unc); + length_server_unc_1 = ndr_get_array_length(ndr, &r->in.server_unc); + if (length_server_unc_1 > size_server_unc_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_unc_1, length_server_unc_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.server_unc), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_unc, ndr_get_array_length(ndr, &r->in.server_unc), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_unc_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_unc, length_server_unc_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_unc_0, 0); } NDR_CHECK(ndr_pull_array_size(ndr, &r->in.name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.name)); - if (ndr_get_array_length(ndr, &r->in.name) > ndr_get_array_size(ndr, &r->in.name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.name), ndr_get_array_length(ndr, &r->in.name)); + size_name_0 = ndr_get_array_size(ndr, &r->in.name); + length_name_0 = ndr_get_array_length(ndr, &r->in.name); + if (length_name_0 > size_name_0) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_name_0, length_name_0); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.name, ndr_get_array_length(ndr, &r->in.name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_name_0, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.name, length_name_0, sizeof(uint16_t), CH_UTF16)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.name_type)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.flags)); } @@ -17777,6 +18357,12 @@ static enum ndr_err_code ndr_push_srvsvc_NetPRNameCompare(struct ndr_push *ndr, static enum ndr_err_code ndr_pull_srvsvc_NetPRNameCompare(struct ndr_pull *ndr, int flags, struct srvsvc_NetPRNameCompare *r) { uint32_t _ptr_server_unc; + uint32_t size_server_unc_1 = 0; + uint32_t length_server_unc_1 = 0; + uint32_t size_name1_0 = 0; + uint32_t length_name1_0 = 0; + uint32_t size_name2_0 = 0; + uint32_t length_name2_0 = 0; TALLOC_CTX *_mem_save_server_unc_0; if (flags & NDR_IN) { NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_server_unc)); @@ -17790,27 +18376,33 @@ static enum ndr_err_code ndr_pull_srvsvc_NetPRNameCompare(struct ndr_pull *ndr, NDR_PULL_SET_MEM_CTX(ndr, r->in.server_unc, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.server_unc)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.server_unc)); - if (ndr_get_array_length(ndr, &r->in.server_unc) > ndr_get_array_size(ndr, &r->in.server_unc)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.server_unc), ndr_get_array_length(ndr, &r->in.server_unc)); + size_server_unc_1 = ndr_get_array_size(ndr, &r->in.server_unc); + length_server_unc_1 = ndr_get_array_length(ndr, &r->in.server_unc); + if (length_server_unc_1 > size_server_unc_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_unc_1, length_server_unc_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.server_unc), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_unc, ndr_get_array_length(ndr, &r->in.server_unc), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_unc_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_unc, length_server_unc_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_unc_0, 0); } NDR_CHECK(ndr_pull_array_size(ndr, &r->in.name1)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.name1)); - if (ndr_get_array_length(ndr, &r->in.name1) > ndr_get_array_size(ndr, &r->in.name1)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.name1), ndr_get_array_length(ndr, &r->in.name1)); + size_name1_0 = ndr_get_array_size(ndr, &r->in.name1); + length_name1_0 = ndr_get_array_length(ndr, &r->in.name1); + if (length_name1_0 > size_name1_0) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_name1_0, length_name1_0); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.name1), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.name1, ndr_get_array_length(ndr, &r->in.name1), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_name1_0, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.name1, length_name1_0, sizeof(uint16_t), CH_UTF16)); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.name2)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.name2)); - if (ndr_get_array_length(ndr, &r->in.name2) > ndr_get_array_size(ndr, &r->in.name2)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.name2), ndr_get_array_length(ndr, &r->in.name2)); + size_name2_0 = ndr_get_array_size(ndr, &r->in.name2); + length_name2_0 = ndr_get_array_length(ndr, &r->in.name2); + if (length_name2_0 > size_name2_0) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_name2_0, length_name2_0); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.name2), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.name2, ndr_get_array_length(ndr, &r->in.name2), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_name2_0, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.name2, length_name2_0, sizeof(uint16_t), CH_UTF16)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.name_type)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.flags)); } @@ -17892,6 +18484,8 @@ static enum ndr_err_code ndr_push_srvsvc_NetShareEnum(struct ndr_push *ndr, int static enum ndr_err_code ndr_pull_srvsvc_NetShareEnum(struct ndr_pull *ndr, int flags, struct srvsvc_NetShareEnum *r) { uint32_t _ptr_server_unc; + uint32_t size_server_unc_1 = 0; + uint32_t length_server_unc_1 = 0; uint32_t _ptr_resume_handle; TALLOC_CTX *_mem_save_server_unc_0; TALLOC_CTX *_mem_save_info_ctr_0; @@ -17911,11 +18505,13 @@ static enum ndr_err_code ndr_pull_srvsvc_NetShareEnum(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->in.server_unc, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.server_unc)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.server_unc)); - if (ndr_get_array_length(ndr, &r->in.server_unc) > ndr_get_array_size(ndr, &r->in.server_unc)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.server_unc), ndr_get_array_length(ndr, &r->in.server_unc)); + size_server_unc_1 = ndr_get_array_size(ndr, &r->in.server_unc); + length_server_unc_1 = ndr_get_array_length(ndr, &r->in.server_unc); + if (length_server_unc_1 > size_server_unc_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_unc_1, length_server_unc_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.server_unc), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_unc, ndr_get_array_length(ndr, &r->in.server_unc), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_unc_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_unc, length_server_unc_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_unc_0, 0); } if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) { @@ -18056,6 +18652,10 @@ static enum ndr_err_code ndr_push_srvsvc_NetShareDelStart(struct ndr_push *ndr, static enum ndr_err_code ndr_pull_srvsvc_NetShareDelStart(struct ndr_pull *ndr, int flags, struct srvsvc_NetShareDelStart *r) { uint32_t _ptr_server_unc; + uint32_t size_server_unc_1 = 0; + uint32_t length_server_unc_1 = 0; + uint32_t size_share_0 = 0; + uint32_t length_share_0 = 0; uint32_t _ptr_hnd; TALLOC_CTX *_mem_save_server_unc_0; TALLOC_CTX *_mem_save_hnd_0; @@ -18073,20 +18673,24 @@ static enum ndr_err_code ndr_pull_srvsvc_NetShareDelStart(struct ndr_pull *ndr, NDR_PULL_SET_MEM_CTX(ndr, r->in.server_unc, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.server_unc)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.server_unc)); - if (ndr_get_array_length(ndr, &r->in.server_unc) > ndr_get_array_size(ndr, &r->in.server_unc)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.server_unc), ndr_get_array_length(ndr, &r->in.server_unc)); + size_server_unc_1 = ndr_get_array_size(ndr, &r->in.server_unc); + length_server_unc_1 = ndr_get_array_length(ndr, &r->in.server_unc); + if (length_server_unc_1 > size_server_unc_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_unc_1, length_server_unc_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.server_unc), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_unc, ndr_get_array_length(ndr, &r->in.server_unc), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_unc_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_unc, length_server_unc_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_unc_0, 0); } NDR_CHECK(ndr_pull_array_size(ndr, &r->in.share)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.share)); - if (ndr_get_array_length(ndr, &r->in.share) > ndr_get_array_size(ndr, &r->in.share)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.share), ndr_get_array_length(ndr, &r->in.share)); + size_share_0 = ndr_get_array_size(ndr, &r->in.share); + length_share_0 = ndr_get_array_length(ndr, &r->in.share); + if (length_share_0 > size_share_0) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_share_0, length_share_0); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.share), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.share, ndr_get_array_length(ndr, &r->in.share), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_share_0, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.share, length_share_0, sizeof(uint16_t), CH_UTF16)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.reserved)); } if (flags & NDR_OUT) { @@ -18270,7 +18874,13 @@ static enum ndr_err_code ndr_push_srvsvc_NetGetFileSecurity(struct ndr_push *ndr static enum ndr_err_code ndr_pull_srvsvc_NetGetFileSecurity(struct ndr_pull *ndr, int flags, struct srvsvc_NetGetFileSecurity *r) { uint32_t _ptr_server_unc; + uint32_t size_server_unc_1 = 0; + uint32_t length_server_unc_1 = 0; uint32_t _ptr_share; + uint32_t size_share_1 = 0; + uint32_t length_share_1 = 0; + uint32_t size_file_0 = 0; + uint32_t length_file_0 = 0; uint32_t _ptr_sd_buf; TALLOC_CTX *_mem_save_server_unc_0; TALLOC_CTX *_mem_save_share_0; @@ -18290,11 +18900,13 @@ static enum ndr_err_code ndr_pull_srvsvc_NetGetFileSecurity(struct ndr_pull *ndr NDR_PULL_SET_MEM_CTX(ndr, r->in.server_unc, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.server_unc)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.server_unc)); - if (ndr_get_array_length(ndr, &r->in.server_unc) > ndr_get_array_size(ndr, &r->in.server_unc)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.server_unc), ndr_get_array_length(ndr, &r->in.server_unc)); + size_server_unc_1 = ndr_get_array_size(ndr, &r->in.server_unc); + length_server_unc_1 = ndr_get_array_length(ndr, &r->in.server_unc); + if (length_server_unc_1 > size_server_unc_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_unc_1, length_server_unc_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.server_unc), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_unc, ndr_get_array_length(ndr, &r->in.server_unc), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_unc_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_unc, length_server_unc_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_unc_0, 0); } NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_share)); @@ -18308,20 +18920,24 @@ static enum ndr_err_code ndr_pull_srvsvc_NetGetFileSecurity(struct ndr_pull *ndr NDR_PULL_SET_MEM_CTX(ndr, r->in.share, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.share)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.share)); - if (ndr_get_array_length(ndr, &r->in.share) > ndr_get_array_size(ndr, &r->in.share)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.share), ndr_get_array_length(ndr, &r->in.share)); + size_share_1 = ndr_get_array_size(ndr, &r->in.share); + length_share_1 = ndr_get_array_length(ndr, &r->in.share); + if (length_share_1 > size_share_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_share_1, length_share_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.share), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.share, ndr_get_array_length(ndr, &r->in.share), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_share_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.share, length_share_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_share_0, 0); } NDR_CHECK(ndr_pull_array_size(ndr, &r->in.file)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.file)); - if (ndr_get_array_length(ndr, &r->in.file) > ndr_get_array_size(ndr, &r->in.file)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.file), ndr_get_array_length(ndr, &r->in.file)); + size_file_0 = ndr_get_array_size(ndr, &r->in.file); + length_file_0 = ndr_get_array_length(ndr, &r->in.file); + if (length_file_0 > size_file_0) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_file_0, length_file_0); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.file), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.file, ndr_get_array_length(ndr, &r->in.file), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_file_0, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.file, length_file_0, sizeof(uint16_t), CH_UTF16)); NDR_CHECK(ndr_pull_security_secinfo(ndr, NDR_SCALARS, &r->in.securityinformation)); NDR_PULL_ALLOC(ndr, r->out.sd_buf); ZERO_STRUCTP(r->out.sd_buf); @@ -18430,7 +19046,13 @@ static enum ndr_err_code ndr_push_srvsvc_NetSetFileSecurity(struct ndr_push *ndr static enum ndr_err_code ndr_pull_srvsvc_NetSetFileSecurity(struct ndr_pull *ndr, int flags, struct srvsvc_NetSetFileSecurity *r) { uint32_t _ptr_server_unc; + uint32_t size_server_unc_1 = 0; + uint32_t length_server_unc_1 = 0; uint32_t _ptr_share; + uint32_t size_share_1 = 0; + uint32_t length_share_1 = 0; + uint32_t size_file_0 = 0; + uint32_t length_file_0 = 0; TALLOC_CTX *_mem_save_server_unc_0; TALLOC_CTX *_mem_save_share_0; TALLOC_CTX *_mem_save_sd_buf_0; @@ -18446,11 +19068,13 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSetFileSecurity(struct ndr_pull *ndr NDR_PULL_SET_MEM_CTX(ndr, r->in.server_unc, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.server_unc)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.server_unc)); - if (ndr_get_array_length(ndr, &r->in.server_unc) > ndr_get_array_size(ndr, &r->in.server_unc)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.server_unc), ndr_get_array_length(ndr, &r->in.server_unc)); + size_server_unc_1 = ndr_get_array_size(ndr, &r->in.server_unc); + length_server_unc_1 = ndr_get_array_length(ndr, &r->in.server_unc); + if (length_server_unc_1 > size_server_unc_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_unc_1, length_server_unc_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.server_unc), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_unc, ndr_get_array_length(ndr, &r->in.server_unc), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_unc_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_unc, length_server_unc_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_unc_0, 0); } NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_share)); @@ -18464,20 +19088,24 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSetFileSecurity(struct ndr_pull *ndr NDR_PULL_SET_MEM_CTX(ndr, r->in.share, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.share)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.share)); - if (ndr_get_array_length(ndr, &r->in.share) > ndr_get_array_size(ndr, &r->in.share)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.share), ndr_get_array_length(ndr, &r->in.share)); + size_share_1 = ndr_get_array_size(ndr, &r->in.share); + length_share_1 = ndr_get_array_length(ndr, &r->in.share); + if (length_share_1 > size_share_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_share_1, length_share_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.share), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.share, ndr_get_array_length(ndr, &r->in.share), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_share_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.share, length_share_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_share_0, 0); } NDR_CHECK(ndr_pull_array_size(ndr, &r->in.file)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.file)); - if (ndr_get_array_length(ndr, &r->in.file) > ndr_get_array_size(ndr, &r->in.file)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.file), ndr_get_array_length(ndr, &r->in.file)); + size_file_0 = ndr_get_array_size(ndr, &r->in.file); + length_file_0 = ndr_get_array_length(ndr, &r->in.file); + if (length_file_0 > size_file_0) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_file_0, length_file_0); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.file), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.file, ndr_get_array_length(ndr, &r->in.file), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_file_0, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.file, length_file_0, sizeof(uint16_t), CH_UTF16)); NDR_CHECK(ndr_pull_security_secinfo(ndr, NDR_SCALARS, &r->in.securityinformation)); if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) { NDR_PULL_ALLOC(ndr, r->in.sd_buf); @@ -18555,6 +19183,8 @@ static enum ndr_err_code ndr_push_srvsvc_NetServerTransportAddEx(struct ndr_push static enum ndr_err_code ndr_pull_srvsvc_NetServerTransportAddEx(struct ndr_pull *ndr, int flags, struct srvsvc_NetServerTransportAddEx *r) { uint32_t _ptr_server_unc; + uint32_t size_server_unc_1 = 0; + uint32_t length_server_unc_1 = 0; TALLOC_CTX *_mem_save_server_unc_0; if (flags & NDR_IN) { NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_server_unc)); @@ -18568,11 +19198,13 @@ static enum ndr_err_code ndr_pull_srvsvc_NetServerTransportAddEx(struct ndr_pull NDR_PULL_SET_MEM_CTX(ndr, r->in.server_unc, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.server_unc)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.server_unc)); - if (ndr_get_array_length(ndr, &r->in.server_unc) > ndr_get_array_size(ndr, &r->in.server_unc)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.server_unc), ndr_get_array_length(ndr, &r->in.server_unc)); + size_server_unc_1 = ndr_get_array_size(ndr, &r->in.server_unc); + length_server_unc_1 = ndr_get_array_length(ndr, &r->in.server_unc); + if (length_server_unc_1 > size_server_unc_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_unc_1, length_server_unc_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.server_unc), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_unc, ndr_get_array_length(ndr, &r->in.server_unc), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_unc_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_unc, length_server_unc_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_unc_0, 0); } NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.level)); @@ -18652,8 +19284,14 @@ static enum ndr_err_code ndr_push_srvsvc_NetServerSetServiceBitsEx(struct ndr_pu static enum ndr_err_code ndr_pull_srvsvc_NetServerSetServiceBitsEx(struct ndr_pull *ndr, int flags, struct srvsvc_NetServerSetServiceBitsEx *r) { uint32_t _ptr_server_unc; + uint32_t size_server_unc_1 = 0; + uint32_t length_server_unc_1 = 0; uint32_t _ptr_emulated_server_unc; + uint32_t size_emulated_server_unc_1 = 0; + uint32_t length_emulated_server_unc_1 = 0; uint32_t _ptr_transport; + uint32_t size_transport_1 = 0; + uint32_t length_transport_1 = 0; TALLOC_CTX *_mem_save_server_unc_0; TALLOC_CTX *_mem_save_emulated_server_unc_0; TALLOC_CTX *_mem_save_transport_0; @@ -18669,11 +19307,13 @@ static enum ndr_err_code ndr_pull_srvsvc_NetServerSetServiceBitsEx(struct ndr_pu NDR_PULL_SET_MEM_CTX(ndr, r->in.server_unc, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.server_unc)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.server_unc)); - if (ndr_get_array_length(ndr, &r->in.server_unc) > ndr_get_array_size(ndr, &r->in.server_unc)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.server_unc), ndr_get_array_length(ndr, &r->in.server_unc)); + size_server_unc_1 = ndr_get_array_size(ndr, &r->in.server_unc); + length_server_unc_1 = ndr_get_array_length(ndr, &r->in.server_unc); + if (length_server_unc_1 > size_server_unc_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_unc_1, length_server_unc_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.server_unc), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_unc, ndr_get_array_length(ndr, &r->in.server_unc), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_unc_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_unc, length_server_unc_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_unc_0, 0); } NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_emulated_server_unc)); @@ -18687,11 +19327,13 @@ static enum ndr_err_code ndr_pull_srvsvc_NetServerSetServiceBitsEx(struct ndr_pu NDR_PULL_SET_MEM_CTX(ndr, r->in.emulated_server_unc, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.emulated_server_unc)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.emulated_server_unc)); - if (ndr_get_array_length(ndr, &r->in.emulated_server_unc) > ndr_get_array_size(ndr, &r->in.emulated_server_unc)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.emulated_server_unc), ndr_get_array_length(ndr, &r->in.emulated_server_unc)); + size_emulated_server_unc_1 = ndr_get_array_size(ndr, &r->in.emulated_server_unc); + length_emulated_server_unc_1 = ndr_get_array_length(ndr, &r->in.emulated_server_unc); + if (length_emulated_server_unc_1 > size_emulated_server_unc_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_emulated_server_unc_1, length_emulated_server_unc_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.emulated_server_unc), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.emulated_server_unc, ndr_get_array_length(ndr, &r->in.emulated_server_unc), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_emulated_server_unc_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.emulated_server_unc, length_emulated_server_unc_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_emulated_server_unc_0, 0); } NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_transport)); @@ -18705,11 +19347,13 @@ static enum ndr_err_code ndr_pull_srvsvc_NetServerSetServiceBitsEx(struct ndr_pu NDR_PULL_SET_MEM_CTX(ndr, r->in.transport, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.transport)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.transport)); - if (ndr_get_array_length(ndr, &r->in.transport) > ndr_get_array_size(ndr, &r->in.transport)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.transport), ndr_get_array_length(ndr, &r->in.transport)); + size_transport_1 = ndr_get_array_size(ndr, &r->in.transport); + length_transport_1 = ndr_get_array_length(ndr, &r->in.transport); + if (length_transport_1 > size_transport_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_transport_1, length_transport_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.transport), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.transport, ndr_get_array_length(ndr, &r->in.transport), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_transport_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.transport, length_transport_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_transport_0, 0); } NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.servicebitsofinterest)); diff --git a/librpc/gen_ndr/ndr_svcctl.c b/librpc/gen_ndr/ndr_svcctl.c index 60ccda0..f19ecea 100644 --- a/librpc/gen_ndr/ndr_svcctl.c +++ b/librpc/gen_ndr/ndr_svcctl.c @@ -27,6 +27,8 @@ static enum ndr_err_code ndr_push_SERVICE_LOCK_STATUS(struct ndr_push *ndr, int static enum ndr_err_code ndr_pull_SERVICE_LOCK_STATUS(struct ndr_pull *ndr, int ndr_flags, struct SERVICE_LOCK_STATUS *r) { uint32_t _ptr_lock_owner; + uint32_t size_lock_owner_1 = 0; + uint32_t length_lock_owner_1 = 0; TALLOC_CTX *_mem_save_lock_owner_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); @@ -45,11 +47,13 @@ static enum ndr_err_code ndr_pull_SERVICE_LOCK_STATUS(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->lock_owner, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->lock_owner)); NDR_CHECK(ndr_pull_array_length(ndr, &r->lock_owner)); - if (ndr_get_array_length(ndr, &r->lock_owner) > ndr_get_array_size(ndr, &r->lock_owner)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->lock_owner), ndr_get_array_length(ndr, &r->lock_owner)); + size_lock_owner_1 = ndr_get_array_size(ndr, &r->lock_owner); + length_lock_owner_1 = ndr_get_array_length(ndr, &r->lock_owner); + if (length_lock_owner_1 > size_lock_owner_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_lock_owner_1, length_lock_owner_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->lock_owner), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->lock_owner, ndr_get_array_length(ndr, &r->lock_owner), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_lock_owner_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->lock_owner, length_lock_owner_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_lock_owner_0, 0); } } @@ -754,14 +758,24 @@ _PUBLIC_ enum ndr_err_code ndr_push_QUERY_SERVICE_CONFIG(struct ndr_push *ndr, i _PUBLIC_ enum ndr_err_code ndr_pull_QUERY_SERVICE_CONFIG(struct ndr_pull *ndr, int ndr_flags, struct QUERY_SERVICE_CONFIG *r) { uint32_t _ptr_executablepath; + uint32_t size_executablepath_1 = 0; + uint32_t length_executablepath_1 = 0; TALLOC_CTX *_mem_save_executablepath_0; uint32_t _ptr_loadordergroup; + uint32_t size_loadordergroup_1 = 0; + uint32_t length_loadordergroup_1 = 0; TALLOC_CTX *_mem_save_loadordergroup_0; uint32_t _ptr_dependencies; + uint32_t size_dependencies_1 = 0; + uint32_t length_dependencies_1 = 0; TALLOC_CTX *_mem_save_dependencies_0; uint32_t _ptr_startname; + uint32_t size_startname_1 = 0; + uint32_t length_startname_1 = 0; TALLOC_CTX *_mem_save_startname_0; uint32_t _ptr_displayname; + uint32_t size_displayname_1 = 0; + uint32_t length_displayname_1 = 0; TALLOC_CTX *_mem_save_displayname_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); @@ -806,11 +820,19 @@ _PUBLIC_ enum ndr_err_code ndr_pull_QUERY_SERVICE_CONFIG(struct ndr_pull *ndr, i NDR_PULL_SET_MEM_CTX(ndr, r->executablepath, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->executablepath)); NDR_CHECK(ndr_pull_array_length(ndr, &r->executablepath)); - if (ndr_get_array_length(ndr, &r->executablepath) > ndr_get_array_size(ndr, &r->executablepath)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->executablepath), ndr_get_array_length(ndr, &r->executablepath)); + size_executablepath_1 = ndr_get_array_size(ndr, &r->executablepath); + if (size_executablepath_1 > 8192) { + return ndr_pull_error(ndr, NDR_ERR_RANGE, "value out of range"); + } + length_executablepath_1 = ndr_get_array_length(ndr, &r->executablepath); + if (length_executablepath_1 > 8192) { + return ndr_pull_error(ndr, NDR_ERR_RANGE, "value out of range"); + } + if (length_executablepath_1 > size_executablepath_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_executablepath_1, length_executablepath_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->executablepath), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->executablepath, ndr_get_array_length(ndr, &r->executablepath), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_executablepath_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->executablepath, length_executablepath_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_executablepath_0, 0); } if (r->loadordergroup) { @@ -818,11 +840,19 @@ _PUBLIC_ enum ndr_err_code ndr_pull_QUERY_SERVICE_CONFIG(struct ndr_pull *ndr, i NDR_PULL_SET_MEM_CTX(ndr, r->loadordergroup, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->loadordergroup)); NDR_CHECK(ndr_pull_array_length(ndr, &r->loadordergroup)); - if (ndr_get_array_length(ndr, &r->loadordergroup) > ndr_get_array_size(ndr, &r->loadordergroup)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->loadordergroup), ndr_get_array_length(ndr, &r->loadordergroup)); + size_loadordergroup_1 = ndr_get_array_size(ndr, &r->loadordergroup); + if (size_loadordergroup_1 > 8192) { + return ndr_pull_error(ndr, NDR_ERR_RANGE, "value out of range"); + } + length_loadordergroup_1 = ndr_get_array_length(ndr, &r->loadordergroup); + if (length_loadordergroup_1 > 8192) { + return ndr_pull_error(ndr, NDR_ERR_RANGE, "value out of range"); + } + if (length_loadordergroup_1 > size_loadordergroup_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_loadordergroup_1, length_loadordergroup_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->loadordergroup), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->loadordergroup, ndr_get_array_length(ndr, &r->loadordergroup), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_loadordergroup_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->loadordergroup, length_loadordergroup_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_loadordergroup_0, 0); } if (r->dependencies) { @@ -830,11 +860,19 @@ _PUBLIC_ enum ndr_err_code ndr_pull_QUERY_SERVICE_CONFIG(struct ndr_pull *ndr, i NDR_PULL_SET_MEM_CTX(ndr, r->dependencies, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->dependencies)); NDR_CHECK(ndr_pull_array_length(ndr, &r->dependencies)); - if (ndr_get_array_length(ndr, &r->dependencies) > ndr_get_array_size(ndr, &r->dependencies)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->dependencies), ndr_get_array_length(ndr, &r->dependencies)); + size_dependencies_1 = ndr_get_array_size(ndr, &r->dependencies); + if (size_dependencies_1 > 8192) { + return ndr_pull_error(ndr, NDR_ERR_RANGE, "value out of range"); + } + length_dependencies_1 = ndr_get_array_length(ndr, &r->dependencies); + if (length_dependencies_1 > 8192) { + return ndr_pull_error(ndr, NDR_ERR_RANGE, "value out of range"); + } + if (length_dependencies_1 > size_dependencies_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_dependencies_1, length_dependencies_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->dependencies), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->dependencies, ndr_get_array_length(ndr, &r->dependencies), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_dependencies_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->dependencies, length_dependencies_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_dependencies_0, 0); } if (r->startname) { @@ -842,11 +880,19 @@ _PUBLIC_ enum ndr_err_code ndr_pull_QUERY_SERVICE_CONFIG(struct ndr_pull *ndr, i NDR_PULL_SET_MEM_CTX(ndr, r->startname, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->startname)); NDR_CHECK(ndr_pull_array_length(ndr, &r->startname)); - if (ndr_get_array_length(ndr, &r->startname) > ndr_get_array_size(ndr, &r->startname)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->startname), ndr_get_array_length(ndr, &r->startname)); + size_startname_1 = ndr_get_array_size(ndr, &r->startname); + if (size_startname_1 > 8192) { + return ndr_pull_error(ndr, NDR_ERR_RANGE, "value out of range"); + } + length_startname_1 = ndr_get_array_length(ndr, &r->startname); + if (length_startname_1 > 8192) { + return ndr_pull_error(ndr, NDR_ERR_RANGE, "value out of range"); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->startname), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->startname, ndr_get_array_length(ndr, &r->startname), sizeof(uint16_t), CH_UTF16)); + if (length_startname_1 > size_startname_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_startname_1, length_startname_1); + } + NDR_CHECK(ndr_check_string_terminator(ndr, length_startname_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->startname, length_startname_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_startname_0, 0); } if (r->displayname) { @@ -854,11 +900,19 @@ _PUBLIC_ enum ndr_err_code ndr_pull_QUERY_SERVICE_CONFIG(struct ndr_pull *ndr, i NDR_PULL_SET_MEM_CTX(ndr, r->displayname, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->displayname)); NDR_CHECK(ndr_pull_array_length(ndr, &r->displayname)); - if (ndr_get_array_length(ndr, &r->displayname) > ndr_get_array_size(ndr, &r->displayname)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->displayname), ndr_get_array_length(ndr, &r->displayname)); + size_displayname_1 = ndr_get_array_size(ndr, &r->displayname); + if (size_displayname_1 > 8192) { + return ndr_pull_error(ndr, NDR_ERR_RANGE, "value out of range"); + } + length_displayname_1 = ndr_get_array_length(ndr, &r->displayname); + if (length_displayname_1 > 8192) { + return ndr_pull_error(ndr, NDR_ERR_RANGE, "value out of range"); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->displayname), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->displayname, ndr_get_array_length(ndr, &r->displayname), sizeof(uint16_t), CH_UTF16)); + if (length_displayname_1 > size_displayname_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_displayname_1, length_displayname_1); + } + NDR_CHECK(ndr_check_string_terminator(ndr, length_displayname_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->displayname, length_displayname_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_displayname_0, 0); } } @@ -931,6 +985,8 @@ static enum ndr_err_code ndr_push_svcctl_ArgumentString(struct ndr_push *ndr, in static enum ndr_err_code ndr_pull_svcctl_ArgumentString(struct ndr_pull *ndr, int ndr_flags, struct svcctl_ArgumentString *r) { uint32_t _ptr_string; + uint32_t size_string_1 = 0; + uint32_t length_string_1 = 0; TALLOC_CTX *_mem_save_string_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); @@ -947,11 +1003,19 @@ static enum ndr_err_code ndr_pull_svcctl_ArgumentString(struct ndr_pull *ndr, in NDR_PULL_SET_MEM_CTX(ndr, r->string, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->string)); NDR_CHECK(ndr_pull_array_length(ndr, &r->string)); - if (ndr_get_array_length(ndr, &r->string) > ndr_get_array_size(ndr, &r->string)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->string), ndr_get_array_length(ndr, &r->string)); + size_string_1 = ndr_get_array_size(ndr, &r->string); + if (size_string_1 > SC_MAX_ARGUMENT_LENGTH) { + return ndr_pull_error(ndr, NDR_ERR_RANGE, "value out of range"); + } + length_string_1 = ndr_get_array_length(ndr, &r->string); + if (length_string_1 > SC_MAX_ARGUMENT_LENGTH) { + return ndr_pull_error(ndr, NDR_ERR_RANGE, "value out of range"); + } + if (length_string_1 > size_string_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_string_1, length_string_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->string), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->string, ndr_get_array_length(ndr, &r->string), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_string_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->string, length_string_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_string_0, 0); } } @@ -1200,6 +1264,7 @@ _PUBLIC_ enum ndr_err_code ndr_pull_SERVICE_FAILURE_ACTIONS(struct ndr_pull *ndr uint32_t _ptr_command; TALLOC_CTX *_mem_save_command_0; uint32_t _ptr_actions; + uint32_t size_actions_1 = 0; uint32_t cntr_actions_1; TALLOC_CTX *_mem_save_actions_0; TALLOC_CTX *_mem_save_actions_1; @@ -1280,10 +1345,11 @@ _PUBLIC_ enum ndr_err_code ndr_pull_SERVICE_FAILURE_ACTIONS(struct ndr_pull *ndr _mem_save_actions_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->actions, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->actions)); - NDR_PULL_ALLOC_N(ndr, r->actions, ndr_get_array_size(ndr, &r->actions)); + size_actions_1 = ndr_get_array_size(ndr, &r->actions); + NDR_PULL_ALLOC_N(ndr, r->actions, size_actions_1); _mem_save_actions_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->actions, 0); - for (cntr_actions_1 = 0; cntr_actions_1 < r->num_actions; cntr_actions_1++) { + for (cntr_actions_1 = 0; cntr_actions_1 < size_actions_1; cntr_actions_1++) { NDR_CHECK(ndr_pull_SC_ACTION(ndr, NDR_SCALARS, &r->actions[cntr_actions_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_actions_1, 0); @@ -1680,6 +1746,7 @@ static enum ndr_err_code ndr_push_svcctl_QueryServiceObjectSecurity(struct ndr_p static enum ndr_err_code ndr_pull_svcctl_QueryServiceObjectSecurity(struct ndr_pull *ndr, int flags, struct svcctl_QueryServiceObjectSecurity *r) { + uint32_t size_buffer_1 = 0; TALLOC_CTX *_mem_save_handle_0; TALLOC_CTX *_mem_save_needed_0; if (flags & NDR_IN) { @@ -1704,10 +1771,11 @@ static enum ndr_err_code ndr_pull_svcctl_QueryServiceObjectSecurity(struct ndr_p } if (flags & NDR_OUT) { NDR_CHECK(ndr_pull_array_size(ndr, &r->out.buffer)); + size_buffer_1 = ndr_get_array_size(ndr, &r->out.buffer); if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) { - NDR_PULL_ALLOC_N(ndr, r->out.buffer, ndr_get_array_size(ndr, &r->out.buffer)); + NDR_PULL_ALLOC_N(ndr, r->out.buffer, size_buffer_1); } - NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->out.buffer, ndr_get_array_size(ndr, &r->out.buffer))); + NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->out.buffer, size_buffer_1)); if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) { NDR_PULL_ALLOC(ndr, r->out.needed); } @@ -1784,6 +1852,7 @@ static enum ndr_err_code ndr_push_svcctl_SetServiceObjectSecurity(struct ndr_pus static enum ndr_err_code ndr_pull_svcctl_SetServiceObjectSecurity(struct ndr_pull *ndr, int flags, struct svcctl_SetServiceObjectSecurity *r) { + uint32_t size_buffer_1 = 0; TALLOC_CTX *_mem_save_handle_0; if (flags & NDR_IN) { if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) { @@ -1795,10 +1864,11 @@ static enum ndr_err_code ndr_pull_svcctl_SetServiceObjectSecurity(struct ndr_pul NDR_PULL_SET_MEM_CTX(ndr, _mem_save_handle_0, LIBNDR_FLAG_REF_ALLOC); NDR_CHECK(ndr_pull_security_secinfo(ndr, NDR_SCALARS, &r->in.security_flags)); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.buffer)); + size_buffer_1 = ndr_get_array_size(ndr, &r->in.buffer); if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) { - NDR_PULL_ALLOC_N(ndr, r->in.buffer, ndr_get_array_size(ndr, &r->in.buffer)); + NDR_PULL_ALLOC_N(ndr, r->in.buffer, size_buffer_1); } - NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->in.buffer, ndr_get_array_size(ndr, &r->in.buffer))); + NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->in.buffer, size_buffer_1)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.offered)); if (r->in.buffer) { NDR_CHECK(ndr_check_array_size(ndr, (void*)&r->in.buffer, r->in.offered)); @@ -2208,11 +2278,23 @@ static enum ndr_err_code ndr_push_svcctl_ChangeServiceConfigW(struct ndr_push *n static enum ndr_err_code ndr_pull_svcctl_ChangeServiceConfigW(struct ndr_pull *ndr, int flags, struct svcctl_ChangeServiceConfigW *r) { uint32_t _ptr_binary_path; + uint32_t size_binary_path_1 = 0; + uint32_t length_binary_path_1 = 0; uint32_t _ptr_load_order_group; + uint32_t size_load_order_group_1 = 0; + uint32_t length_load_order_group_1 = 0; uint32_t _ptr_dependencies; + uint32_t size_dependencies_1 = 0; + uint32_t length_dependencies_1 = 0; uint32_t _ptr_service_start_name; + uint32_t size_service_start_name_1 = 0; + uint32_t length_service_start_name_1 = 0; uint32_t _ptr_password; + uint32_t size_password_1 = 0; + uint32_t length_password_1 = 0; uint32_t _ptr_display_name; + uint32_t size_display_name_1 = 0; + uint32_t length_display_name_1 = 0; TALLOC_CTX *_mem_save_handle_0; TALLOC_CTX *_mem_save_binary_path_0; TALLOC_CTX *_mem_save_load_order_group_0; @@ -2245,11 +2327,13 @@ static enum ndr_err_code ndr_pull_svcctl_ChangeServiceConfigW(struct ndr_pull *n NDR_PULL_SET_MEM_CTX(ndr, r->in.binary_path, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.binary_path)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.binary_path)); - if (ndr_get_array_length(ndr, &r->in.binary_path) > ndr_get_array_size(ndr, &r->in.binary_path)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.binary_path), ndr_get_array_length(ndr, &r->in.binary_path)); + size_binary_path_1 = ndr_get_array_size(ndr, &r->in.binary_path); + length_binary_path_1 = ndr_get_array_length(ndr, &r->in.binary_path); + if (length_binary_path_1 > size_binary_path_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_binary_path_1, length_binary_path_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.binary_path), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.binary_path, ndr_get_array_length(ndr, &r->in.binary_path), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_binary_path_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.binary_path, length_binary_path_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_binary_path_0, 0); } NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_load_order_group)); @@ -2263,11 +2347,13 @@ static enum ndr_err_code ndr_pull_svcctl_ChangeServiceConfigW(struct ndr_pull *n NDR_PULL_SET_MEM_CTX(ndr, r->in.load_order_group, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.load_order_group)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.load_order_group)); - if (ndr_get_array_length(ndr, &r->in.load_order_group) > ndr_get_array_size(ndr, &r->in.load_order_group)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.load_order_group), ndr_get_array_length(ndr, &r->in.load_order_group)); + size_load_order_group_1 = ndr_get_array_size(ndr, &r->in.load_order_group); + length_load_order_group_1 = ndr_get_array_length(ndr, &r->in.load_order_group); + if (length_load_order_group_1 > size_load_order_group_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_load_order_group_1, length_load_order_group_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.load_order_group), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.load_order_group, ndr_get_array_length(ndr, &r->in.load_order_group), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_load_order_group_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.load_order_group, length_load_order_group_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_load_order_group_0, 0); } NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_dependencies)); @@ -2281,11 +2367,13 @@ static enum ndr_err_code ndr_pull_svcctl_ChangeServiceConfigW(struct ndr_pull *n NDR_PULL_SET_MEM_CTX(ndr, r->in.dependencies, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.dependencies)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.dependencies)); - if (ndr_get_array_length(ndr, &r->in.dependencies) > ndr_get_array_size(ndr, &r->in.dependencies)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.dependencies), ndr_get_array_length(ndr, &r->in.dependencies)); + size_dependencies_1 = ndr_get_array_size(ndr, &r->in.dependencies); + length_dependencies_1 = ndr_get_array_length(ndr, &r->in.dependencies); + if (length_dependencies_1 > size_dependencies_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_dependencies_1, length_dependencies_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.dependencies), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.dependencies, ndr_get_array_length(ndr, &r->in.dependencies), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_dependencies_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.dependencies, length_dependencies_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_dependencies_0, 0); } NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_service_start_name)); @@ -2299,11 +2387,13 @@ static enum ndr_err_code ndr_pull_svcctl_ChangeServiceConfigW(struct ndr_pull *n NDR_PULL_SET_MEM_CTX(ndr, r->in.service_start_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.service_start_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.service_start_name)); - if (ndr_get_array_length(ndr, &r->in.service_start_name) > ndr_get_array_size(ndr, &r->in.service_start_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.service_start_name), ndr_get_array_length(ndr, &r->in.service_start_name)); + size_service_start_name_1 = ndr_get_array_size(ndr, &r->in.service_start_name); + length_service_start_name_1 = ndr_get_array_length(ndr, &r->in.service_start_name); + if (length_service_start_name_1 > size_service_start_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_service_start_name_1, length_service_start_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.service_start_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.service_start_name, ndr_get_array_length(ndr, &r->in.service_start_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_service_start_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.service_start_name, length_service_start_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_service_start_name_0, 0); } NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_password)); @@ -2317,11 +2407,13 @@ static enum ndr_err_code ndr_pull_svcctl_ChangeServiceConfigW(struct ndr_pull *n NDR_PULL_SET_MEM_CTX(ndr, r->in.password, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.password)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.password)); - if (ndr_get_array_length(ndr, &r->in.password) > ndr_get_array_size(ndr, &r->in.password)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.password), ndr_get_array_length(ndr, &r->in.password)); + size_password_1 = ndr_get_array_size(ndr, &r->in.password); + length_password_1 = ndr_get_array_length(ndr, &r->in.password); + if (length_password_1 > size_password_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_password_1, length_password_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.password), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.password, ndr_get_array_length(ndr, &r->in.password), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_password_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.password, length_password_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_password_0, 0); } NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_display_name)); @@ -2335,11 +2427,13 @@ static enum ndr_err_code ndr_pull_svcctl_ChangeServiceConfigW(struct ndr_pull *n NDR_PULL_SET_MEM_CTX(ndr, r->in.display_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.display_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.display_name)); - if (ndr_get_array_length(ndr, &r->in.display_name) > ndr_get_array_size(ndr, &r->in.display_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.display_name), ndr_get_array_length(ndr, &r->in.display_name)); + size_display_name_1 = ndr_get_array_size(ndr, &r->in.display_name); + length_display_name_1 = ndr_get_array_length(ndr, &r->in.display_name); + if (length_display_name_1 > size_display_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_display_name_1, length_display_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.display_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.display_name, ndr_get_array_length(ndr, &r->in.display_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_display_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.display_name, length_display_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_display_name_0, 0); } NDR_PULL_ALLOC(ndr, r->out.tag_id); @@ -2499,12 +2593,24 @@ static enum ndr_err_code ndr_push_svcctl_CreateServiceW(struct ndr_push *ndr, in static enum ndr_err_code ndr_pull_svcctl_CreateServiceW(struct ndr_pull *ndr, int flags, struct svcctl_CreateServiceW *r) { + uint32_t size_ServiceName_0 = 0; + uint32_t length_ServiceName_0 = 0; uint32_t _ptr_DisplayName; + uint32_t size_DisplayName_1 = 0; + uint32_t length_DisplayName_1 = 0; + uint32_t size_binary_path_0 = 0; + uint32_t length_binary_path_0 = 0; uint32_t _ptr_LoadOrderGroupKey; + uint32_t size_LoadOrderGroupKey_1 = 0; + uint32_t length_LoadOrderGroupKey_1 = 0; uint32_t _ptr_TagId; uint32_t _ptr_dependencies; + uint32_t size_dependencies_1 = 0; uint32_t _ptr_service_start_name; + uint32_t size_service_start_name_1 = 0; + uint32_t length_service_start_name_1 = 0; uint32_t _ptr_password; + uint32_t size_password_1 = 0; TALLOC_CTX *_mem_save_scmanager_handle_0; TALLOC_CTX *_mem_save_DisplayName_0; TALLOC_CTX *_mem_save_LoadOrderGroupKey_0; @@ -2525,11 +2631,13 @@ static enum ndr_err_code ndr_pull_svcctl_CreateServiceW(struct ndr_pull *ndr, in NDR_PULL_SET_MEM_CTX(ndr, _mem_save_scmanager_handle_0, LIBNDR_FLAG_REF_ALLOC); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.ServiceName)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.ServiceName)); - if (ndr_get_array_length(ndr, &r->in.ServiceName) > ndr_get_array_size(ndr, &r->in.ServiceName)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.ServiceName), ndr_get_array_length(ndr, &r->in.ServiceName)); + size_ServiceName_0 = ndr_get_array_size(ndr, &r->in.ServiceName); + length_ServiceName_0 = ndr_get_array_length(ndr, &r->in.ServiceName); + if (length_ServiceName_0 > size_ServiceName_0) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_ServiceName_0, length_ServiceName_0); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.ServiceName), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.ServiceName, ndr_get_array_length(ndr, &r->in.ServiceName), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_ServiceName_0, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.ServiceName, length_ServiceName_0, sizeof(uint16_t), CH_UTF16)); NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_DisplayName)); if (_ptr_DisplayName) { NDR_PULL_ALLOC(ndr, r->in.DisplayName); @@ -2541,11 +2649,13 @@ static enum ndr_err_code ndr_pull_svcctl_CreateServiceW(struct ndr_pull *ndr, in NDR_PULL_SET_MEM_CTX(ndr, r->in.DisplayName, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.DisplayName)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.DisplayName)); - if (ndr_get_array_length(ndr, &r->in.DisplayName) > ndr_get_array_size(ndr, &r->in.DisplayName)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.DisplayName), ndr_get_array_length(ndr, &r->in.DisplayName)); + size_DisplayName_1 = ndr_get_array_size(ndr, &r->in.DisplayName); + length_DisplayName_1 = ndr_get_array_length(ndr, &r->in.DisplayName); + if (length_DisplayName_1 > size_DisplayName_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_DisplayName_1, length_DisplayName_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.DisplayName), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.DisplayName, ndr_get_array_length(ndr, &r->in.DisplayName), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_DisplayName_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.DisplayName, length_DisplayName_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_DisplayName_0, 0); } NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.desired_access)); @@ -2554,11 +2664,13 @@ static enum ndr_err_code ndr_pull_svcctl_CreateServiceW(struct ndr_pull *ndr, in NDR_CHECK(ndr_pull_svcctl_ErrorControl(ndr, NDR_SCALARS, &r->in.error_control)); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.binary_path)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.binary_path)); - if (ndr_get_array_length(ndr, &r->in.binary_path) > ndr_get_array_size(ndr, &r->in.binary_path)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.binary_path), ndr_get_array_length(ndr, &r->in.binary_path)); + size_binary_path_0 = ndr_get_array_size(ndr, &r->in.binary_path); + length_binary_path_0 = ndr_get_array_length(ndr, &r->in.binary_path); + if (length_binary_path_0 > size_binary_path_0) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_binary_path_0, length_binary_path_0); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.binary_path), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.binary_path, ndr_get_array_length(ndr, &r->in.binary_path), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_binary_path_0, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.binary_path, length_binary_path_0, sizeof(uint16_t), CH_UTF16)); NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_LoadOrderGroupKey)); if (_ptr_LoadOrderGroupKey) { NDR_PULL_ALLOC(ndr, r->in.LoadOrderGroupKey); @@ -2570,11 +2682,13 @@ static enum ndr_err_code ndr_pull_svcctl_CreateServiceW(struct ndr_pull *ndr, in NDR_PULL_SET_MEM_CTX(ndr, r->in.LoadOrderGroupKey, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.LoadOrderGroupKey)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.LoadOrderGroupKey)); - if (ndr_get_array_length(ndr, &r->in.LoadOrderGroupKey) > ndr_get_array_size(ndr, &r->in.LoadOrderGroupKey)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.LoadOrderGroupKey), ndr_get_array_length(ndr, &r->in.LoadOrderGroupKey)); + size_LoadOrderGroupKey_1 = ndr_get_array_size(ndr, &r->in.LoadOrderGroupKey); + length_LoadOrderGroupKey_1 = ndr_get_array_length(ndr, &r->in.LoadOrderGroupKey); + if (length_LoadOrderGroupKey_1 > size_LoadOrderGroupKey_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_LoadOrderGroupKey_1, length_LoadOrderGroupKey_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.LoadOrderGroupKey), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.LoadOrderGroupKey, ndr_get_array_length(ndr, &r->in.LoadOrderGroupKey), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_LoadOrderGroupKey_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.LoadOrderGroupKey, length_LoadOrderGroupKey_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_LoadOrderGroupKey_0, 0); } NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_TagId)); @@ -2599,8 +2713,9 @@ static enum ndr_err_code ndr_pull_svcctl_CreateServiceW(struct ndr_pull *ndr, in _mem_save_dependencies_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->in.dependencies, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.dependencies)); - NDR_PULL_ALLOC_N(ndr, r->in.dependencies, ndr_get_array_size(ndr, &r->in.dependencies)); - NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->in.dependencies, ndr_get_array_size(ndr, &r->in.dependencies))); + size_dependencies_1 = ndr_get_array_size(ndr, &r->in.dependencies); + NDR_PULL_ALLOC_N(ndr, r->in.dependencies, size_dependencies_1); + NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->in.dependencies, size_dependencies_1)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_dependencies_0, 0); } NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.dependencies_size)); @@ -2615,11 +2730,13 @@ static enum ndr_err_code ndr_pull_svcctl_CreateServiceW(struct ndr_pull *ndr, in NDR_PULL_SET_MEM_CTX(ndr, r->in.service_start_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.service_start_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.service_start_name)); - if (ndr_get_array_length(ndr, &r->in.service_start_name) > ndr_get_array_size(ndr, &r->in.service_start_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.service_start_name), ndr_get_array_length(ndr, &r->in.service_start_name)); + size_service_start_name_1 = ndr_get_array_size(ndr, &r->in.service_start_name); + length_service_start_name_1 = ndr_get_array_length(ndr, &r->in.service_start_name); + if (length_service_start_name_1 > size_service_start_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_service_start_name_1, length_service_start_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.service_start_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.service_start_name, ndr_get_array_length(ndr, &r->in.service_start_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_service_start_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.service_start_name, length_service_start_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_service_start_name_0, 0); } NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_password)); @@ -2632,8 +2749,9 @@ static enum ndr_err_code ndr_pull_svcctl_CreateServiceW(struct ndr_pull *ndr, in _mem_save_password_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->in.password, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.password)); - NDR_PULL_ALLOC_N(ndr, r->in.password, ndr_get_array_size(ndr, &r->in.password)); - NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->in.password, ndr_get_array_size(ndr, &r->in.password))); + size_password_1 = ndr_get_array_size(ndr, &r->in.password); + NDR_PULL_ALLOC_N(ndr, r->in.password, size_password_1); + NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->in.password, size_password_1)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_password_0, 0); } NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.password_size)); @@ -2781,6 +2899,7 @@ static enum ndr_err_code ndr_push_svcctl_EnumDependentServicesW(struct ndr_push static enum ndr_err_code ndr_pull_svcctl_EnumDependentServicesW(struct ndr_pull *ndr, int flags, struct svcctl_EnumDependentServicesW *r) { + uint32_t size_service_status_1 = 0; TALLOC_CTX *_mem_save_service_0; TALLOC_CTX *_mem_save_needed_0; TALLOC_CTX *_mem_save_services_returned_0; @@ -2808,10 +2927,11 @@ static enum ndr_err_code ndr_pull_svcctl_EnumDependentServicesW(struct ndr_pull } if (flags & NDR_OUT) { NDR_CHECK(ndr_pull_array_size(ndr, &r->out.service_status)); + size_service_status_1 = ndr_get_array_size(ndr, &r->out.service_status); if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) { - NDR_PULL_ALLOC_N(ndr, r->out.service_status, ndr_get_array_size(ndr, &r->out.service_status)); + NDR_PULL_ALLOC_N(ndr, r->out.service_status, size_service_status_1); } - NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->out.service_status, ndr_get_array_size(ndr, &r->out.service_status))); + NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->out.service_status, size_service_status_1)); if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) { NDR_PULL_ALLOC(ndr, r->out.needed); } @@ -2919,6 +3039,7 @@ static enum ndr_err_code ndr_push_svcctl_EnumServicesStatusW(struct ndr_push *nd static enum ndr_err_code ndr_pull_svcctl_EnumServicesStatusW(struct ndr_pull *ndr, int flags, struct svcctl_EnumServicesStatusW *r) { + uint32_t size_service_1 = 0; uint32_t _ptr_resume_handle; TALLOC_CTX *_mem_save_handle_0; TALLOC_CTX *_mem_save_needed_0; @@ -2961,10 +3082,11 @@ static enum ndr_err_code ndr_pull_svcctl_EnumServicesStatusW(struct ndr_pull *nd } if (flags & NDR_OUT) { NDR_CHECK(ndr_pull_array_size(ndr, &r->out.service)); + size_service_1 = ndr_get_array_size(ndr, &r->out.service); if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) { - NDR_PULL_ALLOC_N(ndr, r->out.service, ndr_get_array_size(ndr, &r->out.service)); + NDR_PULL_ALLOC_N(ndr, r->out.service, size_service_1); } - NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->out.service, ndr_get_array_size(ndr, &r->out.service))); + NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->out.service, size_service_1)); if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) { NDR_PULL_ALLOC(ndr, r->out.needed); } @@ -3089,7 +3211,11 @@ static enum ndr_err_code ndr_push_svcctl_OpenSCManagerW(struct ndr_push *ndr, in static enum ndr_err_code ndr_pull_svcctl_OpenSCManagerW(struct ndr_pull *ndr, int flags, struct svcctl_OpenSCManagerW *r) { uint32_t _ptr_MachineName; + uint32_t size_MachineName_1 = 0; + uint32_t length_MachineName_1 = 0; uint32_t _ptr_DatabaseName; + uint32_t size_DatabaseName_1 = 0; + uint32_t length_DatabaseName_1 = 0; TALLOC_CTX *_mem_save_MachineName_0; TALLOC_CTX *_mem_save_DatabaseName_0; TALLOC_CTX *_mem_save_handle_0; @@ -3107,11 +3233,13 @@ static enum ndr_err_code ndr_pull_svcctl_OpenSCManagerW(struct ndr_pull *ndr, in NDR_PULL_SET_MEM_CTX(ndr, r->in.MachineName, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.MachineName)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.MachineName)); - if (ndr_get_array_length(ndr, &r->in.MachineName) > ndr_get_array_size(ndr, &r->in.MachineName)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.MachineName), ndr_get_array_length(ndr, &r->in.MachineName)); + size_MachineName_1 = ndr_get_array_size(ndr, &r->in.MachineName); + length_MachineName_1 = ndr_get_array_length(ndr, &r->in.MachineName); + if (length_MachineName_1 > size_MachineName_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_MachineName_1, length_MachineName_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.MachineName), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.MachineName, ndr_get_array_length(ndr, &r->in.MachineName), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_MachineName_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.MachineName, length_MachineName_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_MachineName_0, 0); } NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_DatabaseName)); @@ -3125,11 +3253,13 @@ static enum ndr_err_code ndr_pull_svcctl_OpenSCManagerW(struct ndr_pull *ndr, in NDR_PULL_SET_MEM_CTX(ndr, r->in.DatabaseName, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.DatabaseName)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.DatabaseName)); - if (ndr_get_array_length(ndr, &r->in.DatabaseName) > ndr_get_array_size(ndr, &r->in.DatabaseName)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.DatabaseName), ndr_get_array_length(ndr, &r->in.DatabaseName)); + size_DatabaseName_1 = ndr_get_array_size(ndr, &r->in.DatabaseName); + length_DatabaseName_1 = ndr_get_array_length(ndr, &r->in.DatabaseName); + if (length_DatabaseName_1 > size_DatabaseName_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_DatabaseName_1, length_DatabaseName_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.DatabaseName), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.DatabaseName, ndr_get_array_length(ndr, &r->in.DatabaseName), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_DatabaseName_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.DatabaseName, length_DatabaseName_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_DatabaseName_0, 0); } NDR_CHECK(ndr_pull_svcctl_MgrAccessMask(ndr, NDR_SCALARS, &r->in.access_mask)); @@ -3212,6 +3342,8 @@ static enum ndr_err_code ndr_push_svcctl_OpenServiceW(struct ndr_push *ndr, int static enum ndr_err_code ndr_pull_svcctl_OpenServiceW(struct ndr_pull *ndr, int flags, struct svcctl_OpenServiceW *r) { + uint32_t size_ServiceName_0 = 0; + uint32_t length_ServiceName_0 = 0; TALLOC_CTX *_mem_save_scmanager_handle_0; TALLOC_CTX *_mem_save_handle_0; if (flags & NDR_IN) { @@ -3226,11 +3358,13 @@ static enum ndr_err_code ndr_pull_svcctl_OpenServiceW(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, _mem_save_scmanager_handle_0, LIBNDR_FLAG_REF_ALLOC); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.ServiceName)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.ServiceName)); - if (ndr_get_array_length(ndr, &r->in.ServiceName) > ndr_get_array_size(ndr, &r->in.ServiceName)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.ServiceName), ndr_get_array_length(ndr, &r->in.ServiceName)); + size_ServiceName_0 = ndr_get_array_size(ndr, &r->in.ServiceName); + length_ServiceName_0 = ndr_get_array_length(ndr, &r->in.ServiceName); + if (length_ServiceName_0 > size_ServiceName_0) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_ServiceName_0, length_ServiceName_0); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.ServiceName), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.ServiceName, ndr_get_array_length(ndr, &r->in.ServiceName), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_ServiceName_0, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.ServiceName, length_ServiceName_0, sizeof(uint16_t), CH_UTF16)); NDR_CHECK(ndr_pull_svcctl_ServiceAccessMask(ndr, NDR_SCALARS, &r->in.access_mask)); NDR_PULL_ALLOC(ndr, r->out.handle); ZERO_STRUCTP(r->out.handle); @@ -3510,6 +3644,7 @@ static enum ndr_err_code ndr_push_svcctl_StartServiceW(struct ndr_push *ndr, int static enum ndr_err_code ndr_pull_svcctl_StartServiceW(struct ndr_pull *ndr, int flags, struct svcctl_StartServiceW *r) { uint32_t _ptr_Arguments; + uint32_t size_Arguments_1 = 0; uint32_t cntr_Arguments_1; TALLOC_CTX *_mem_save_handle_0; TALLOC_CTX *_mem_save_Arguments_0; @@ -3536,13 +3671,14 @@ static enum ndr_err_code ndr_pull_svcctl_StartServiceW(struct ndr_pull *ndr, int _mem_save_Arguments_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->in.Arguments, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.Arguments)); - NDR_PULL_ALLOC_N(ndr, r->in.Arguments, ndr_get_array_size(ndr, &r->in.Arguments)); + size_Arguments_1 = ndr_get_array_size(ndr, &r->in.Arguments); + NDR_PULL_ALLOC_N(ndr, r->in.Arguments, size_Arguments_1); _mem_save_Arguments_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->in.Arguments, 0); - for (cntr_Arguments_1 = 0; cntr_Arguments_1 < r->in.NumArgs; cntr_Arguments_1++) { + for (cntr_Arguments_1 = 0; cntr_Arguments_1 < size_Arguments_1; cntr_Arguments_1++) { NDR_CHECK(ndr_pull_svcctl_ArgumentString(ndr, NDR_SCALARS, &r->in.Arguments[cntr_Arguments_1])); } - for (cntr_Arguments_1 = 0; cntr_Arguments_1 < r->in.NumArgs; cntr_Arguments_1++) { + for (cntr_Arguments_1 = 0; cntr_Arguments_1 < size_Arguments_1; cntr_Arguments_1++) { NDR_CHECK(ndr_pull_svcctl_ArgumentString(ndr, NDR_BUFFERS, &r->in.Arguments[cntr_Arguments_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_Arguments_1, 0); @@ -3642,7 +3778,11 @@ static enum ndr_err_code ndr_push_svcctl_GetServiceDisplayNameW(struct ndr_push static enum ndr_err_code ndr_pull_svcctl_GetServiceDisplayNameW(struct ndr_pull *ndr, int flags, struct svcctl_GetServiceDisplayNameW *r) { uint32_t _ptr_service_name; + uint32_t size_service_name_1 = 0; + uint32_t length_service_name_1 = 0; uint32_t _ptr_display_name; + uint32_t size_display_name_2 = 0; + uint32_t length_display_name_2 = 0; uint32_t _ptr_display_name_length; TALLOC_CTX *_mem_save_handle_0; TALLOC_CTX *_mem_save_service_name_0; @@ -3670,11 +3810,13 @@ static enum ndr_err_code ndr_pull_svcctl_GetServiceDisplayNameW(struct ndr_pull NDR_PULL_SET_MEM_CTX(ndr, r->in.service_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.service_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.service_name)); - if (ndr_get_array_length(ndr, &r->in.service_name) > ndr_get_array_size(ndr, &r->in.service_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.service_name), ndr_get_array_length(ndr, &r->in.service_name)); + size_service_name_1 = ndr_get_array_size(ndr, &r->in.service_name); + length_service_name_1 = ndr_get_array_length(ndr, &r->in.service_name); + if (length_service_name_1 > size_service_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_service_name_1, length_service_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.service_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.service_name, ndr_get_array_length(ndr, &r->in.service_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_service_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.service_name, length_service_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_service_name_0, 0); } NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_display_name_length)); @@ -3709,11 +3851,13 @@ static enum ndr_err_code ndr_pull_svcctl_GetServiceDisplayNameW(struct ndr_pull NDR_PULL_SET_MEM_CTX(ndr, *r->out.display_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, r->out.display_name)); NDR_CHECK(ndr_pull_array_length(ndr, r->out.display_name)); - if (ndr_get_array_length(ndr, r->out.display_name) > ndr_get_array_size(ndr, r->out.display_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, r->out.display_name), ndr_get_array_length(ndr, r->out.display_name)); + size_display_name_2 = ndr_get_array_size(ndr, r->out.display_name); + length_display_name_2 = ndr_get_array_length(ndr, r->out.display_name); + if (length_display_name_2 > size_display_name_2) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_display_name_2, length_display_name_2); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, r->out.display_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, r->out.display_name, ndr_get_array_length(ndr, r->out.display_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_display_name_2, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, r->out.display_name, length_display_name_2, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_display_name_1, 0); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_display_name_0, LIBNDR_FLAG_REF_ALLOC); @@ -3828,7 +3972,11 @@ static enum ndr_err_code ndr_push_svcctl_GetServiceKeyNameW(struct ndr_push *ndr static enum ndr_err_code ndr_pull_svcctl_GetServiceKeyNameW(struct ndr_pull *ndr, int flags, struct svcctl_GetServiceKeyNameW *r) { uint32_t _ptr_service_name; + uint32_t size_service_name_1 = 0; + uint32_t length_service_name_1 = 0; uint32_t _ptr_key_name; + uint32_t size_key_name_2 = 0; + uint32_t length_key_name_2 = 0; uint32_t _ptr_display_name_length; TALLOC_CTX *_mem_save_handle_0; TALLOC_CTX *_mem_save_service_name_0; @@ -3856,11 +4004,13 @@ static enum ndr_err_code ndr_pull_svcctl_GetServiceKeyNameW(struct ndr_pull *ndr NDR_PULL_SET_MEM_CTX(ndr, r->in.service_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.service_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.service_name)); - if (ndr_get_array_length(ndr, &r->in.service_name) > ndr_get_array_size(ndr, &r->in.service_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.service_name), ndr_get_array_length(ndr, &r->in.service_name)); + size_service_name_1 = ndr_get_array_size(ndr, &r->in.service_name); + length_service_name_1 = ndr_get_array_length(ndr, &r->in.service_name); + if (length_service_name_1 > size_service_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_service_name_1, length_service_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.service_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.service_name, ndr_get_array_length(ndr, &r->in.service_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_service_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.service_name, length_service_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_service_name_0, 0); } NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_display_name_length)); @@ -3895,11 +4045,13 @@ static enum ndr_err_code ndr_pull_svcctl_GetServiceKeyNameW(struct ndr_pull *ndr NDR_PULL_SET_MEM_CTX(ndr, *r->out.key_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, r->out.key_name)); NDR_CHECK(ndr_pull_array_length(ndr, r->out.key_name)); - if (ndr_get_array_length(ndr, r->out.key_name) > ndr_get_array_size(ndr, r->out.key_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, r->out.key_name), ndr_get_array_length(ndr, r->out.key_name)); + size_key_name_2 = ndr_get_array_size(ndr, r->out.key_name); + length_key_name_2 = ndr_get_array_length(ndr, r->out.key_name); + if (length_key_name_2 > size_key_name_2) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_key_name_2, length_key_name_2); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, r->out.key_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, r->out.key_name, ndr_get_array_length(ndr, r->out.key_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_key_name_2, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, r->out.key_name, length_key_name_2, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_key_name_1, 0); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_key_name_0, LIBNDR_FLAG_REF_ALLOC); @@ -4104,11 +4256,23 @@ static enum ndr_err_code ndr_push_svcctl_ChangeServiceConfigA(struct ndr_push *n static enum ndr_err_code ndr_pull_svcctl_ChangeServiceConfigA(struct ndr_pull *ndr, int flags, struct svcctl_ChangeServiceConfigA *r) { uint32_t _ptr_binary_path; + uint32_t size_binary_path_1 = 0; + uint32_t length_binary_path_1 = 0; uint32_t _ptr_load_order_group; + uint32_t size_load_order_group_1 = 0; + uint32_t length_load_order_group_1 = 0; uint32_t _ptr_dependencies; + uint32_t size_dependencies_1 = 0; + uint32_t length_dependencies_1 = 0; uint32_t _ptr_service_start_name; + uint32_t size_service_start_name_1 = 0; + uint32_t length_service_start_name_1 = 0; uint32_t _ptr_password; + uint32_t size_password_1 = 0; + uint32_t length_password_1 = 0; uint32_t _ptr_display_name; + uint32_t size_display_name_1 = 0; + uint32_t length_display_name_1 = 0; TALLOC_CTX *_mem_save_handle_0; TALLOC_CTX *_mem_save_binary_path_0; TALLOC_CTX *_mem_save_load_order_group_0; @@ -4141,11 +4305,13 @@ static enum ndr_err_code ndr_pull_svcctl_ChangeServiceConfigA(struct ndr_pull *n NDR_PULL_SET_MEM_CTX(ndr, r->in.binary_path, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.binary_path)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.binary_path)); - if (ndr_get_array_length(ndr, &r->in.binary_path) > ndr_get_array_size(ndr, &r->in.binary_path)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.binary_path), ndr_get_array_length(ndr, &r->in.binary_path)); + size_binary_path_1 = ndr_get_array_size(ndr, &r->in.binary_path); + length_binary_path_1 = ndr_get_array_length(ndr, &r->in.binary_path); + if (length_binary_path_1 > size_binary_path_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_binary_path_1, length_binary_path_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.binary_path), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.binary_path, ndr_get_array_length(ndr, &r->in.binary_path), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_binary_path_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.binary_path, length_binary_path_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_binary_path_0, 0); } NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_load_order_group)); @@ -4159,11 +4325,13 @@ static enum ndr_err_code ndr_pull_svcctl_ChangeServiceConfigA(struct ndr_pull *n NDR_PULL_SET_MEM_CTX(ndr, r->in.load_order_group, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.load_order_group)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.load_order_group)); - if (ndr_get_array_length(ndr, &r->in.load_order_group) > ndr_get_array_size(ndr, &r->in.load_order_group)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.load_order_group), ndr_get_array_length(ndr, &r->in.load_order_group)); + size_load_order_group_1 = ndr_get_array_size(ndr, &r->in.load_order_group); + length_load_order_group_1 = ndr_get_array_length(ndr, &r->in.load_order_group); + if (length_load_order_group_1 > size_load_order_group_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_load_order_group_1, length_load_order_group_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.load_order_group), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.load_order_group, ndr_get_array_length(ndr, &r->in.load_order_group), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_load_order_group_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.load_order_group, length_load_order_group_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_load_order_group_0, 0); } NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_dependencies)); @@ -4177,11 +4345,13 @@ static enum ndr_err_code ndr_pull_svcctl_ChangeServiceConfigA(struct ndr_pull *n NDR_PULL_SET_MEM_CTX(ndr, r->in.dependencies, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.dependencies)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.dependencies)); - if (ndr_get_array_length(ndr, &r->in.dependencies) > ndr_get_array_size(ndr, &r->in.dependencies)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.dependencies), ndr_get_array_length(ndr, &r->in.dependencies)); + size_dependencies_1 = ndr_get_array_size(ndr, &r->in.dependencies); + length_dependencies_1 = ndr_get_array_length(ndr, &r->in.dependencies); + if (length_dependencies_1 > size_dependencies_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_dependencies_1, length_dependencies_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.dependencies), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.dependencies, ndr_get_array_length(ndr, &r->in.dependencies), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_dependencies_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.dependencies, length_dependencies_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_dependencies_0, 0); } NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_service_start_name)); @@ -4195,11 +4365,13 @@ static enum ndr_err_code ndr_pull_svcctl_ChangeServiceConfigA(struct ndr_pull *n NDR_PULL_SET_MEM_CTX(ndr, r->in.service_start_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.service_start_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.service_start_name)); - if (ndr_get_array_length(ndr, &r->in.service_start_name) > ndr_get_array_size(ndr, &r->in.service_start_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.service_start_name), ndr_get_array_length(ndr, &r->in.service_start_name)); + size_service_start_name_1 = ndr_get_array_size(ndr, &r->in.service_start_name); + length_service_start_name_1 = ndr_get_array_length(ndr, &r->in.service_start_name); + if (length_service_start_name_1 > size_service_start_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_service_start_name_1, length_service_start_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.service_start_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.service_start_name, ndr_get_array_length(ndr, &r->in.service_start_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_service_start_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.service_start_name, length_service_start_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_service_start_name_0, 0); } NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_password)); @@ -4213,11 +4385,13 @@ static enum ndr_err_code ndr_pull_svcctl_ChangeServiceConfigA(struct ndr_pull *n NDR_PULL_SET_MEM_CTX(ndr, r->in.password, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.password)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.password)); - if (ndr_get_array_length(ndr, &r->in.password) > ndr_get_array_size(ndr, &r->in.password)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.password), ndr_get_array_length(ndr, &r->in.password)); + size_password_1 = ndr_get_array_size(ndr, &r->in.password); + length_password_1 = ndr_get_array_length(ndr, &r->in.password); + if (length_password_1 > size_password_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_password_1, length_password_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.password), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.password, ndr_get_array_length(ndr, &r->in.password), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_password_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.password, length_password_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_password_0, 0); } NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_display_name)); @@ -4231,11 +4405,13 @@ static enum ndr_err_code ndr_pull_svcctl_ChangeServiceConfigA(struct ndr_pull *n NDR_PULL_SET_MEM_CTX(ndr, r->in.display_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.display_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.display_name)); - if (ndr_get_array_length(ndr, &r->in.display_name) > ndr_get_array_size(ndr, &r->in.display_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.display_name), ndr_get_array_length(ndr, &r->in.display_name)); + size_display_name_1 = ndr_get_array_size(ndr, &r->in.display_name); + length_display_name_1 = ndr_get_array_length(ndr, &r->in.display_name); + if (length_display_name_1 > size_display_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_display_name_1, length_display_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.display_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.display_name, ndr_get_array_length(ndr, &r->in.display_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_display_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.display_name, length_display_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_display_name_0, 0); } NDR_PULL_ALLOC(ndr, r->out.tag_id); @@ -4396,13 +4572,27 @@ static enum ndr_err_code ndr_push_svcctl_CreateServiceA(struct ndr_push *ndr, in static enum ndr_err_code ndr_pull_svcctl_CreateServiceA(struct ndr_pull *ndr, int flags, struct svcctl_CreateServiceA *r) { uint32_t _ptr_ServiceName; + uint32_t size_ServiceName_1 = 0; + uint32_t length_ServiceName_1 = 0; uint32_t _ptr_DisplayName; + uint32_t size_DisplayName_1 = 0; + uint32_t length_DisplayName_1 = 0; uint32_t _ptr_binary_path; + uint32_t size_binary_path_1 = 0; + uint32_t length_binary_path_1 = 0; uint32_t _ptr_LoadOrderGroupKey; + uint32_t size_LoadOrderGroupKey_1 = 0; + uint32_t length_LoadOrderGroupKey_1 = 0; uint32_t _ptr_TagId; uint32_t _ptr_dependencies; + uint32_t size_dependencies_1 = 0; + uint32_t length_dependencies_1 = 0; uint32_t _ptr_service_start_name; + uint32_t size_service_start_name_1 = 0; + uint32_t length_service_start_name_1 = 0; uint32_t _ptr_password; + uint32_t size_password_1 = 0; + uint32_t length_password_1 = 0; TALLOC_CTX *_mem_save_handle_0; TALLOC_CTX *_mem_save_ServiceName_0; TALLOC_CTX *_mem_save_DisplayName_0; @@ -4433,11 +4623,13 @@ static enum ndr_err_code ndr_pull_svcctl_CreateServiceA(struct ndr_pull *ndr, in NDR_PULL_SET_MEM_CTX(ndr, r->in.ServiceName, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.ServiceName)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.ServiceName)); - if (ndr_get_array_length(ndr, &r->in.ServiceName) > ndr_get_array_size(ndr, &r->in.ServiceName)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.ServiceName), ndr_get_array_length(ndr, &r->in.ServiceName)); + size_ServiceName_1 = ndr_get_array_size(ndr, &r->in.ServiceName); + length_ServiceName_1 = ndr_get_array_length(ndr, &r->in.ServiceName); + if (length_ServiceName_1 > size_ServiceName_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_ServiceName_1, length_ServiceName_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.ServiceName), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.ServiceName, ndr_get_array_length(ndr, &r->in.ServiceName), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_ServiceName_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.ServiceName, length_ServiceName_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_ServiceName_0, 0); } NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_DisplayName)); @@ -4451,11 +4643,13 @@ static enum ndr_err_code ndr_pull_svcctl_CreateServiceA(struct ndr_pull *ndr, in NDR_PULL_SET_MEM_CTX(ndr, r->in.DisplayName, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.DisplayName)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.DisplayName)); - if (ndr_get_array_length(ndr, &r->in.DisplayName) > ndr_get_array_size(ndr, &r->in.DisplayName)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.DisplayName), ndr_get_array_length(ndr, &r->in.DisplayName)); + size_DisplayName_1 = ndr_get_array_size(ndr, &r->in.DisplayName); + length_DisplayName_1 = ndr_get_array_length(ndr, &r->in.DisplayName); + if (length_DisplayName_1 > size_DisplayName_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_DisplayName_1, length_DisplayName_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.DisplayName), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.DisplayName, ndr_get_array_length(ndr, &r->in.DisplayName), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_DisplayName_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.DisplayName, length_DisplayName_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_DisplayName_0, 0); } NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.desired_access)); @@ -4473,11 +4667,13 @@ static enum ndr_err_code ndr_pull_svcctl_CreateServiceA(struct ndr_pull *ndr, in NDR_PULL_SET_MEM_CTX(ndr, r->in.binary_path, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.binary_path)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.binary_path)); - if (ndr_get_array_length(ndr, &r->in.binary_path) > ndr_get_array_size(ndr, &r->in.binary_path)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.binary_path), ndr_get_array_length(ndr, &r->in.binary_path)); + size_binary_path_1 = ndr_get_array_size(ndr, &r->in.binary_path); + length_binary_path_1 = ndr_get_array_length(ndr, &r->in.binary_path); + if (length_binary_path_1 > size_binary_path_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_binary_path_1, length_binary_path_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.binary_path), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.binary_path, ndr_get_array_length(ndr, &r->in.binary_path), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_binary_path_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.binary_path, length_binary_path_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_binary_path_0, 0); } NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_LoadOrderGroupKey)); @@ -4491,11 +4687,13 @@ static enum ndr_err_code ndr_pull_svcctl_CreateServiceA(struct ndr_pull *ndr, in NDR_PULL_SET_MEM_CTX(ndr, r->in.LoadOrderGroupKey, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.LoadOrderGroupKey)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.LoadOrderGroupKey)); - if (ndr_get_array_length(ndr, &r->in.LoadOrderGroupKey) > ndr_get_array_size(ndr, &r->in.LoadOrderGroupKey)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.LoadOrderGroupKey), ndr_get_array_length(ndr, &r->in.LoadOrderGroupKey)); + size_LoadOrderGroupKey_1 = ndr_get_array_size(ndr, &r->in.LoadOrderGroupKey); + length_LoadOrderGroupKey_1 = ndr_get_array_length(ndr, &r->in.LoadOrderGroupKey); + if (length_LoadOrderGroupKey_1 > size_LoadOrderGroupKey_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_LoadOrderGroupKey_1, length_LoadOrderGroupKey_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.LoadOrderGroupKey), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.LoadOrderGroupKey, ndr_get_array_length(ndr, &r->in.LoadOrderGroupKey), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_LoadOrderGroupKey_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.LoadOrderGroupKey, length_LoadOrderGroupKey_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_LoadOrderGroupKey_0, 0); } NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_dependencies)); @@ -4509,11 +4707,13 @@ static enum ndr_err_code ndr_pull_svcctl_CreateServiceA(struct ndr_pull *ndr, in NDR_PULL_SET_MEM_CTX(ndr, r->in.dependencies, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.dependencies)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.dependencies)); - if (ndr_get_array_length(ndr, &r->in.dependencies) > ndr_get_array_size(ndr, &r->in.dependencies)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.dependencies), ndr_get_array_length(ndr, &r->in.dependencies)); + size_dependencies_1 = ndr_get_array_size(ndr, &r->in.dependencies); + length_dependencies_1 = ndr_get_array_length(ndr, &r->in.dependencies); + if (length_dependencies_1 > size_dependencies_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_dependencies_1, length_dependencies_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.dependencies), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.dependencies, ndr_get_array_length(ndr, &r->in.dependencies), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_dependencies_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.dependencies, length_dependencies_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_dependencies_0, 0); } NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_service_start_name)); @@ -4527,11 +4727,13 @@ static enum ndr_err_code ndr_pull_svcctl_CreateServiceA(struct ndr_pull *ndr, in NDR_PULL_SET_MEM_CTX(ndr, r->in.service_start_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.service_start_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.service_start_name)); - if (ndr_get_array_length(ndr, &r->in.service_start_name) > ndr_get_array_size(ndr, &r->in.service_start_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.service_start_name), ndr_get_array_length(ndr, &r->in.service_start_name)); + size_service_start_name_1 = ndr_get_array_size(ndr, &r->in.service_start_name); + length_service_start_name_1 = ndr_get_array_length(ndr, &r->in.service_start_name); + if (length_service_start_name_1 > size_service_start_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_service_start_name_1, length_service_start_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.service_start_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.service_start_name, ndr_get_array_length(ndr, &r->in.service_start_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_service_start_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.service_start_name, length_service_start_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_service_start_name_0, 0); } NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_password)); @@ -4545,11 +4747,13 @@ static enum ndr_err_code ndr_pull_svcctl_CreateServiceA(struct ndr_pull *ndr, in NDR_PULL_SET_MEM_CTX(ndr, r->in.password, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.password)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.password)); - if (ndr_get_array_length(ndr, &r->in.password) > ndr_get_array_size(ndr, &r->in.password)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.password), ndr_get_array_length(ndr, &r->in.password)); + size_password_1 = ndr_get_array_size(ndr, &r->in.password); + length_password_1 = ndr_get_array_length(ndr, &r->in.password); + if (length_password_1 > size_password_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_password_1, length_password_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.password), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.password, ndr_get_array_length(ndr, &r->in.password), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_password_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.password, length_password_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_password_0, 0); } } @@ -4810,6 +5014,7 @@ static enum ndr_err_code ndr_push_svcctl_EnumServicesStatusA(struct ndr_push *nd static enum ndr_err_code ndr_pull_svcctl_EnumServicesStatusA(struct ndr_pull *ndr, int flags, struct svcctl_EnumServicesStatusA *r) { + uint32_t size_service_0 = 0; uint32_t _ptr_resume_handle; TALLOC_CTX *_mem_save_handle_0; TALLOC_CTX *_mem_save_needed_0; @@ -4847,8 +5052,9 @@ static enum ndr_err_code ndr_pull_svcctl_EnumServicesStatusA(struct ndr_pull *nd } if (flags & NDR_OUT) { NDR_CHECK(ndr_pull_array_size(ndr, &r->out.service)); - NDR_PULL_ALLOC_N(ndr, r->out.service, ndr_get_array_size(ndr, &r->out.service)); - NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->out.service, ndr_get_array_size(ndr, &r->out.service))); + size_service_0 = ndr_get_array_size(ndr, &r->out.service); + NDR_PULL_ALLOC_N(ndr, r->out.service, size_service_0); + NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->out.service, size_service_0)); if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) { NDR_PULL_ALLOC(ndr, r->out.needed); } @@ -4964,7 +5170,11 @@ static enum ndr_err_code ndr_push_svcctl_OpenSCManagerA(struct ndr_push *ndr, in static enum ndr_err_code ndr_pull_svcctl_OpenSCManagerA(struct ndr_pull *ndr, int flags, struct svcctl_OpenSCManagerA *r) { uint32_t _ptr_MachineName; + uint32_t size_MachineName_1 = 0; + uint32_t length_MachineName_1 = 0; uint32_t _ptr_DatabaseName; + uint32_t size_DatabaseName_1 = 0; + uint32_t length_DatabaseName_1 = 0; TALLOC_CTX *_mem_save_MachineName_0; TALLOC_CTX *_mem_save_DatabaseName_0; TALLOC_CTX *_mem_save_handle_0; @@ -4982,11 +5192,13 @@ static enum ndr_err_code ndr_pull_svcctl_OpenSCManagerA(struct ndr_pull *ndr, in NDR_PULL_SET_MEM_CTX(ndr, r->in.MachineName, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.MachineName)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.MachineName)); - if (ndr_get_array_length(ndr, &r->in.MachineName) > ndr_get_array_size(ndr, &r->in.MachineName)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.MachineName), ndr_get_array_length(ndr, &r->in.MachineName)); + size_MachineName_1 = ndr_get_array_size(ndr, &r->in.MachineName); + length_MachineName_1 = ndr_get_array_length(ndr, &r->in.MachineName); + if (length_MachineName_1 > size_MachineName_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_MachineName_1, length_MachineName_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.MachineName), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.MachineName, ndr_get_array_length(ndr, &r->in.MachineName), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_MachineName_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.MachineName, length_MachineName_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_MachineName_0, 0); } NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_DatabaseName)); @@ -5000,11 +5212,13 @@ static enum ndr_err_code ndr_pull_svcctl_OpenSCManagerA(struct ndr_pull *ndr, in NDR_PULL_SET_MEM_CTX(ndr, r->in.DatabaseName, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.DatabaseName)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.DatabaseName)); - if (ndr_get_array_length(ndr, &r->in.DatabaseName) > ndr_get_array_size(ndr, &r->in.DatabaseName)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.DatabaseName), ndr_get_array_length(ndr, &r->in.DatabaseName)); + size_DatabaseName_1 = ndr_get_array_size(ndr, &r->in.DatabaseName); + length_DatabaseName_1 = ndr_get_array_length(ndr, &r->in.DatabaseName); + if (length_DatabaseName_1 > size_DatabaseName_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_DatabaseName_1, length_DatabaseName_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.DatabaseName), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.DatabaseName, ndr_get_array_length(ndr, &r->in.DatabaseName), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_DatabaseName_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.DatabaseName, length_DatabaseName_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_DatabaseName_0, 0); } NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.access_mask)); @@ -5087,6 +5301,8 @@ static enum ndr_err_code ndr_push_svcctl_OpenServiceA(struct ndr_push *ndr, int static enum ndr_err_code ndr_pull_svcctl_OpenServiceA(struct ndr_pull *ndr, int flags, struct svcctl_OpenServiceA *r) { uint32_t _ptr_ServiceName; + uint32_t size_ServiceName_1 = 0; + uint32_t length_ServiceName_1 = 0; TALLOC_CTX *_mem_save_scmanager_handle_0; TALLOC_CTX *_mem_save_ServiceName_0; if (flags & NDR_IN) { @@ -5108,11 +5324,13 @@ static enum ndr_err_code ndr_pull_svcctl_OpenServiceA(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->in.ServiceName, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.ServiceName)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.ServiceName)); - if (ndr_get_array_length(ndr, &r->in.ServiceName) > ndr_get_array_size(ndr, &r->in.ServiceName)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.ServiceName), ndr_get_array_length(ndr, &r->in.ServiceName)); + size_ServiceName_1 = ndr_get_array_size(ndr, &r->in.ServiceName); + length_ServiceName_1 = ndr_get_array_length(ndr, &r->in.ServiceName); + if (length_ServiceName_1 > size_ServiceName_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_ServiceName_1, length_ServiceName_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.ServiceName), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.ServiceName, ndr_get_array_length(ndr, &r->in.ServiceName), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_ServiceName_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.ServiceName, length_ServiceName_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_ServiceName_0, 0); } NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.access_mask)); @@ -5177,6 +5395,7 @@ static enum ndr_err_code ndr_push_svcctl_QueryServiceConfigA(struct ndr_push *nd static enum ndr_err_code ndr_pull_svcctl_QueryServiceConfigA(struct ndr_pull *ndr, int flags, struct svcctl_QueryServiceConfigA *r) { + uint32_t size_query_0 = 0; TALLOC_CTX *_mem_save_handle_0; TALLOC_CTX *_mem_save_needed_0; if (flags & NDR_IN) { @@ -5194,8 +5413,9 @@ static enum ndr_err_code ndr_pull_svcctl_QueryServiceConfigA(struct ndr_pull *nd ZERO_STRUCTP(r->out.needed); } if (flags & NDR_OUT) { - NDR_PULL_ALLOC_N(ndr, r->out.query, r->in.offered); - NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->out.query, r->in.offered)); + size_query_0 = r->in.offered; + NDR_PULL_ALLOC_N(ndr, r->out.query, size_query_0); + NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->out.query, size_query_0)); if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) { NDR_PULL_ALLOC(ndr, r->out.needed); } @@ -5362,6 +5582,8 @@ static enum ndr_err_code ndr_push_svcctl_StartServiceA(struct ndr_push *ndr, int static enum ndr_err_code ndr_pull_svcctl_StartServiceA(struct ndr_pull *ndr, int flags, struct svcctl_StartServiceA *r) { uint32_t _ptr_Arguments; + uint32_t size_Arguments_1 = 0; + uint32_t length_Arguments_1 = 0; TALLOC_CTX *_mem_save_handle_0; TALLOC_CTX *_mem_save_Arguments_0; if (flags & NDR_IN) { @@ -5384,11 +5606,13 @@ static enum ndr_err_code ndr_pull_svcctl_StartServiceA(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->in.Arguments, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.Arguments)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.Arguments)); - if (ndr_get_array_length(ndr, &r->in.Arguments) > ndr_get_array_size(ndr, &r->in.Arguments)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.Arguments), ndr_get_array_length(ndr, &r->in.Arguments)); + size_Arguments_1 = ndr_get_array_size(ndr, &r->in.Arguments); + length_Arguments_1 = ndr_get_array_length(ndr, &r->in.Arguments); + if (length_Arguments_1 > size_Arguments_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_Arguments_1, length_Arguments_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.Arguments), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.Arguments, ndr_get_array_length(ndr, &r->in.Arguments), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_Arguments_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.Arguments, length_Arguments_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_Arguments_0, 0); } } @@ -5472,7 +5696,11 @@ static enum ndr_err_code ndr_push_svcctl_GetServiceDisplayNameA(struct ndr_push static enum ndr_err_code ndr_pull_svcctl_GetServiceDisplayNameA(struct ndr_pull *ndr, int flags, struct svcctl_GetServiceDisplayNameA *r) { uint32_t _ptr_service_name; + uint32_t size_service_name_1 = 0; + uint32_t length_service_name_1 = 0; uint32_t _ptr_display_name; + uint32_t size_display_name_2 = 0; + uint32_t length_display_name_2 = 0; uint32_t _ptr_display_name_length; TALLOC_CTX *_mem_save_handle_0; TALLOC_CTX *_mem_save_service_name_0; @@ -5500,11 +5728,13 @@ static enum ndr_err_code ndr_pull_svcctl_GetServiceDisplayNameA(struct ndr_pull NDR_PULL_SET_MEM_CTX(ndr, r->in.service_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.service_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.service_name)); - if (ndr_get_array_length(ndr, &r->in.service_name) > ndr_get_array_size(ndr, &r->in.service_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.service_name), ndr_get_array_length(ndr, &r->in.service_name)); + size_service_name_1 = ndr_get_array_size(ndr, &r->in.service_name); + length_service_name_1 = ndr_get_array_length(ndr, &r->in.service_name); + if (length_service_name_1 > size_service_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_service_name_1, length_service_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.service_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.service_name, ndr_get_array_length(ndr, &r->in.service_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_service_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.service_name, length_service_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_service_name_0, 0); } NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_display_name_length)); @@ -5539,11 +5769,13 @@ static enum ndr_err_code ndr_pull_svcctl_GetServiceDisplayNameA(struct ndr_pull NDR_PULL_SET_MEM_CTX(ndr, *r->out.display_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, r->out.display_name)); NDR_CHECK(ndr_pull_array_length(ndr, r->out.display_name)); - if (ndr_get_array_length(ndr, r->out.display_name) > ndr_get_array_size(ndr, r->out.display_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, r->out.display_name), ndr_get_array_length(ndr, r->out.display_name)); + size_display_name_2 = ndr_get_array_size(ndr, r->out.display_name); + length_display_name_2 = ndr_get_array_length(ndr, r->out.display_name); + if (length_display_name_2 > size_display_name_2) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_display_name_2, length_display_name_2); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, r->out.display_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, r->out.display_name, ndr_get_array_length(ndr, r->out.display_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_display_name_2, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, r->out.display_name, length_display_name_2, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_display_name_1, 0); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_display_name_0, LIBNDR_FLAG_REF_ALLOC); @@ -5658,7 +5890,11 @@ static enum ndr_err_code ndr_push_svcctl_GetServiceKeyNameA(struct ndr_push *ndr static enum ndr_err_code ndr_pull_svcctl_GetServiceKeyNameA(struct ndr_pull *ndr, int flags, struct svcctl_GetServiceKeyNameA *r) { uint32_t _ptr_service_name; + uint32_t size_service_name_1 = 0; + uint32_t length_service_name_1 = 0; uint32_t _ptr_key_name; + uint32_t size_key_name_2 = 0; + uint32_t length_key_name_2 = 0; uint32_t _ptr_display_name_length; TALLOC_CTX *_mem_save_handle_0; TALLOC_CTX *_mem_save_service_name_0; @@ -5686,11 +5922,13 @@ static enum ndr_err_code ndr_pull_svcctl_GetServiceKeyNameA(struct ndr_pull *ndr NDR_PULL_SET_MEM_CTX(ndr, r->in.service_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.service_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.service_name)); - if (ndr_get_array_length(ndr, &r->in.service_name) > ndr_get_array_size(ndr, &r->in.service_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.service_name), ndr_get_array_length(ndr, &r->in.service_name)); + size_service_name_1 = ndr_get_array_size(ndr, &r->in.service_name); + length_service_name_1 = ndr_get_array_length(ndr, &r->in.service_name); + if (length_service_name_1 > size_service_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_service_name_1, length_service_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.service_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.service_name, ndr_get_array_length(ndr, &r->in.service_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_service_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.service_name, length_service_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_service_name_0, 0); } NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_display_name_length)); @@ -5725,11 +5963,13 @@ static enum ndr_err_code ndr_pull_svcctl_GetServiceKeyNameA(struct ndr_pull *ndr NDR_PULL_SET_MEM_CTX(ndr, *r->out.key_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, r->out.key_name)); NDR_CHECK(ndr_pull_array_length(ndr, r->out.key_name)); - if (ndr_get_array_length(ndr, r->out.key_name) > ndr_get_array_size(ndr, r->out.key_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, r->out.key_name), ndr_get_array_length(ndr, r->out.key_name)); + size_key_name_2 = ndr_get_array_size(ndr, r->out.key_name); + length_key_name_2 = ndr_get_array_length(ndr, r->out.key_name); + if (length_key_name_2 > size_key_name_2) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_key_name_2, length_key_name_2); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, r->out.key_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, r->out.key_name, ndr_get_array_length(ndr, r->out.key_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_key_name_2, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, r->out.key_name, length_key_name_2, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_key_name_1, 0); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_key_name_0, LIBNDR_FLAG_REF_ALLOC); @@ -6075,6 +6315,7 @@ static enum ndr_err_code ndr_push_svcctl_QueryServiceConfig2A(struct ndr_push *n static enum ndr_err_code ndr_pull_svcctl_QueryServiceConfig2A(struct ndr_pull *ndr, int flags, struct svcctl_QueryServiceConfig2A *r) { + uint32_t size_buffer_0 = 0; TALLOC_CTX *_mem_save_handle_0; TALLOC_CTX *_mem_save_needed_0; if (flags & NDR_IN) { @@ -6093,8 +6334,9 @@ static enum ndr_err_code ndr_pull_svcctl_QueryServiceConfig2A(struct ndr_pull *n ZERO_STRUCTP(r->out.needed); } if (flags & NDR_OUT) { - NDR_PULL_ALLOC_N(ndr, r->out.buffer, r->in.offered); - NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->out.buffer, r->in.offered)); + size_buffer_0 = r->in.offered; + NDR_PULL_ALLOC_N(ndr, r->out.buffer, size_buffer_0); + NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->out.buffer, size_buffer_0)); if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) { NDR_PULL_ALLOC(ndr, r->out.needed); } @@ -6166,6 +6408,7 @@ static enum ndr_err_code ndr_push_svcctl_QueryServiceConfig2W(struct ndr_push *n static enum ndr_err_code ndr_pull_svcctl_QueryServiceConfig2W(struct ndr_pull *ndr, int flags, struct svcctl_QueryServiceConfig2W *r) { + uint32_t size_buffer_1 = 0; TALLOC_CTX *_mem_save_handle_0; TALLOC_CTX *_mem_save_needed_0; if (flags & NDR_IN) { @@ -6190,10 +6433,11 @@ static enum ndr_err_code ndr_pull_svcctl_QueryServiceConfig2W(struct ndr_pull *n } if (flags & NDR_OUT) { NDR_CHECK(ndr_pull_array_size(ndr, &r->out.buffer)); + size_buffer_1 = ndr_get_array_size(ndr, &r->out.buffer); if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) { - NDR_PULL_ALLOC_N(ndr, r->out.buffer, ndr_get_array_size(ndr, &r->out.buffer)); + NDR_PULL_ALLOC_N(ndr, r->out.buffer, size_buffer_1); } - NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->out.buffer, ndr_get_array_size(ndr, &r->out.buffer))); + NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->out.buffer, size_buffer_1)); if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) { NDR_PULL_ALLOC(ndr, r->out.needed); } @@ -6274,6 +6518,7 @@ static enum ndr_err_code ndr_push_svcctl_QueryServiceStatusEx(struct ndr_push *n static enum ndr_err_code ndr_pull_svcctl_QueryServiceStatusEx(struct ndr_pull *ndr, int flags, struct svcctl_QueryServiceStatusEx *r) { + uint32_t size_buffer_1 = 0; TALLOC_CTX *_mem_save_handle_0; TALLOC_CTX *_mem_save_needed_0; if (flags & NDR_IN) { @@ -6298,10 +6543,11 @@ static enum ndr_err_code ndr_pull_svcctl_QueryServiceStatusEx(struct ndr_pull *n } if (flags & NDR_OUT) { NDR_CHECK(ndr_pull_array_size(ndr, &r->out.buffer)); + size_buffer_1 = ndr_get_array_size(ndr, &r->out.buffer); if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) { - NDR_PULL_ALLOC_N(ndr, r->out.buffer, ndr_get_array_size(ndr, &r->out.buffer)); + NDR_PULL_ALLOC_N(ndr, r->out.buffer, size_buffer_1); } - NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->out.buffer, ndr_get_array_size(ndr, &r->out.buffer))); + NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->out.buffer, size_buffer_1)); if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) { NDR_PULL_ALLOC(ndr, r->out.needed); } @@ -6402,8 +6648,11 @@ static enum ndr_err_code ndr_push_EnumServicesStatusExA(struct ndr_push *ndr, in static enum ndr_err_code ndr_pull_EnumServicesStatusExA(struct ndr_pull *ndr, int flags, struct EnumServicesStatusExA *r) { + uint32_t size_services_0 = 0; uint32_t _ptr_resume_handle; uint32_t _ptr_group_name; + uint32_t size_group_name_2 = 0; + uint32_t length_group_name_2 = 0; TALLOC_CTX *_mem_save_scmanager_0; TALLOC_CTX *_mem_save_needed_0; TALLOC_CTX *_mem_save_service_returned_0; @@ -6444,8 +6693,9 @@ static enum ndr_err_code ndr_pull_EnumServicesStatusExA(struct ndr_pull *ndr, in ZERO_STRUCTP(r->out.group_name); } if (flags & NDR_OUT) { - NDR_PULL_ALLOC_N(ndr, r->out.services, r->in.offered); - NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->out.services, r->in.offered)); + size_services_0 = r->in.offered; + NDR_PULL_ALLOC_N(ndr, r->out.services, size_services_0); + NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->out.services, size_services_0)); if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) { NDR_PULL_ALLOC(ndr, r->out.needed); } @@ -6488,11 +6738,13 @@ static enum ndr_err_code ndr_pull_EnumServicesStatusExA(struct ndr_pull *ndr, in NDR_PULL_SET_MEM_CTX(ndr, *r->out.group_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, r->out.group_name)); NDR_CHECK(ndr_pull_array_length(ndr, r->out.group_name)); - if (ndr_get_array_length(ndr, r->out.group_name) > ndr_get_array_size(ndr, r->out.group_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, r->out.group_name), ndr_get_array_length(ndr, r->out.group_name)); + size_group_name_2 = ndr_get_array_size(ndr, r->out.group_name); + length_group_name_2 = ndr_get_array_length(ndr, r->out.group_name); + if (length_group_name_2 > size_group_name_2) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_group_name_2, length_group_name_2); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, r->out.group_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, r->out.group_name, ndr_get_array_length(ndr, r->out.group_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_group_name_2, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, r->out.group_name, length_group_name_2, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_group_name_1, 0); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_group_name_0, LIBNDR_FLAG_REF_ALLOC); @@ -6608,8 +6860,11 @@ static enum ndr_err_code ndr_push_EnumServicesStatusExW(struct ndr_push *ndr, in static enum ndr_err_code ndr_pull_EnumServicesStatusExW(struct ndr_pull *ndr, int flags, struct EnumServicesStatusExW *r) { + uint32_t size_services_1 = 0; uint32_t _ptr_resume_handle; uint32_t _ptr_group_name; + uint32_t size_group_name_1 = 0; + uint32_t length_group_name_1 = 0; TALLOC_CTX *_mem_save_scmanager_0; TALLOC_CTX *_mem_save_needed_0; TALLOC_CTX *_mem_save_service_returned_0; @@ -6658,11 +6913,13 @@ static enum ndr_err_code ndr_pull_EnumServicesStatusExW(struct ndr_pull *ndr, in NDR_PULL_SET_MEM_CTX(ndr, r->in.group_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.group_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.group_name)); - if (ndr_get_array_length(ndr, &r->in.group_name) > ndr_get_array_size(ndr, &r->in.group_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.group_name), ndr_get_array_length(ndr, &r->in.group_name)); + size_group_name_1 = ndr_get_array_size(ndr, &r->in.group_name); + length_group_name_1 = ndr_get_array_length(ndr, &r->in.group_name); + if (length_group_name_1 > size_group_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_group_name_1, length_group_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.group_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.group_name, ndr_get_array_length(ndr, &r->in.group_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_group_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.group_name, length_group_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_group_name_0, 0); } NDR_PULL_ALLOC_N(ndr, r->out.services, r->in.offered); @@ -6674,10 +6931,11 @@ static enum ndr_err_code ndr_pull_EnumServicesStatusExW(struct ndr_pull *ndr, in } if (flags & NDR_OUT) { NDR_CHECK(ndr_pull_array_size(ndr, &r->out.services)); + size_services_1 = ndr_get_array_size(ndr, &r->out.services); if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) { - NDR_PULL_ALLOC_N(ndr, r->out.services, ndr_get_array_size(ndr, &r->out.services)); + NDR_PULL_ALLOC_N(ndr, r->out.services, size_services_1); } - NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->out.services, ndr_get_array_size(ndr, &r->out.services))); + NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->out.services, size_services_1)); if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) { NDR_PULL_ALLOC(ndr, r->out.needed); } diff --git a/librpc/gen_ndr/ndr_winreg.c b/librpc/gen_ndr/ndr_winreg.c index d7de718..b297b16 100644 --- a/librpc/gen_ndr/ndr_winreg.c +++ b/librpc/gen_ndr/ndr_winreg.c @@ -57,6 +57,8 @@ _PUBLIC_ enum ndr_err_code ndr_push_winreg_String(struct ndr_push *ndr, int ndr_ _PUBLIC_ enum ndr_err_code ndr_pull_winreg_String(struct ndr_pull *ndr, int ndr_flags, struct winreg_String *r) { uint32_t _ptr_name; + uint32_t size_name_1 = 0; + uint32_t length_name_1 = 0; TALLOC_CTX *_mem_save_name_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); @@ -75,11 +77,13 @@ _PUBLIC_ enum ndr_err_code ndr_pull_winreg_String(struct ndr_pull *ndr, int ndr_ NDR_PULL_SET_MEM_CTX(ndr, r->name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->name)); - if (ndr_get_array_length(ndr, &r->name) > ndr_get_array_size(ndr, &r->name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->name), ndr_get_array_length(ndr, &r->name)); + size_name_1 = ndr_get_array_size(ndr, &r->name); + length_name_1 = ndr_get_array_length(ndr, &r->name); + if (length_name_1 > size_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_name_1, length_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->name, ndr_get_array_length(ndr, &r->name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->name, length_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_name_0, 0); } } @@ -123,6 +127,8 @@ static enum ndr_err_code ndr_push_KeySecurityData(struct ndr_push *ndr, int ndr_ static enum ndr_err_code ndr_pull_KeySecurityData(struct ndr_pull *ndr, int ndr_flags, struct KeySecurityData *r) { uint32_t _ptr_data; + uint32_t size_data_1 = 0; + uint32_t length_data_1 = 0; TALLOC_CTX *_mem_save_data_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); @@ -141,11 +147,13 @@ static enum ndr_err_code ndr_pull_KeySecurityData(struct ndr_pull *ndr, int ndr_ NDR_PULL_SET_MEM_CTX(ndr, r->data, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->data)); NDR_CHECK(ndr_pull_array_length(ndr, &r->data)); - if (ndr_get_array_length(ndr, &r->data) > ndr_get_array_size(ndr, &r->data)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->data), ndr_get_array_length(ndr, &r->data)); + size_data_1 = ndr_get_array_size(ndr, &r->data); + length_data_1 = ndr_get_array_length(ndr, &r->data); + if (length_data_1 > size_data_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_data_1, length_data_1); } - NDR_PULL_ALLOC_N(ndr, r->data, ndr_get_array_size(ndr, &r->data)); - NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->data, ndr_get_array_length(ndr, &r->data))); + NDR_PULL_ALLOC_N(ndr, r->data, size_data_1); + NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->data, length_data_1)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_data_0, 0); } if (r->data) { @@ -259,6 +267,8 @@ static enum ndr_err_code ndr_push_winreg_StringBuf(struct ndr_push *ndr, int ndr static enum ndr_err_code ndr_pull_winreg_StringBuf(struct ndr_pull *ndr, int ndr_flags, struct winreg_StringBuf *r) { uint32_t _ptr_name; + uint32_t size_name_1 = 0; + uint32_t length_name_1 = 0; TALLOC_CTX *_mem_save_name_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); @@ -277,10 +287,12 @@ static enum ndr_err_code ndr_pull_winreg_StringBuf(struct ndr_pull *ndr, int ndr NDR_PULL_SET_MEM_CTX(ndr, r->name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->name)); - if (ndr_get_array_length(ndr, &r->name) > ndr_get_array_size(ndr, &r->name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->name), ndr_get_array_length(ndr, &r->name)); + size_name_1 = ndr_get_array_size(ndr, &r->name); + length_name_1 = ndr_get_array_length(ndr, &r->name); + if (length_name_1 > size_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_name_1, length_name_1); } - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->name, ndr_get_array_length(ndr, &r->name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->name, length_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_name_0, 0); } if (r->name) { @@ -330,6 +342,8 @@ static enum ndr_err_code ndr_push_winreg_ValNameBuf(struct ndr_push *ndr, int nd static enum ndr_err_code ndr_pull_winreg_ValNameBuf(struct ndr_pull *ndr, int ndr_flags, struct winreg_ValNameBuf *r) { uint32_t _ptr_name; + uint32_t size_name_1 = 0; + uint32_t length_name_1 = 0; TALLOC_CTX *_mem_save_name_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); @@ -348,10 +362,12 @@ static enum ndr_err_code ndr_pull_winreg_ValNameBuf(struct ndr_pull *ndr, int nd NDR_PULL_SET_MEM_CTX(ndr, r->name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->name)); - if (ndr_get_array_length(ndr, &r->name) > ndr_get_array_size(ndr, &r->name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->name), ndr_get_array_length(ndr, &r->name)); + size_name_1 = ndr_get_array_size(ndr, &r->name); + length_name_1 = ndr_get_array_length(ndr, &r->name); + if (length_name_1 > size_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_name_1, length_name_1); } - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->name, ndr_get_array_length(ndr, &r->name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->name, length_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_name_0, 0); } if (r->name) { @@ -1549,6 +1565,8 @@ _PUBLIC_ enum ndr_err_code ndr_pull_winreg_EnumValue(struct ndr_pull *ndr, int f { uint32_t _ptr_type; uint32_t _ptr_value; + uint32_t size_value_1 = 0; + uint32_t length_value_1 = 0; uint32_t _ptr_size; uint32_t _ptr_length; TALLOC_CTX *_mem_save_handle_0; @@ -1598,11 +1616,13 @@ _PUBLIC_ enum ndr_err_code ndr_pull_winreg_EnumValue(struct ndr_pull *ndr, int f NDR_PULL_SET_MEM_CTX(ndr, r->in.value, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.value)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.value)); - if (ndr_get_array_length(ndr, &r->in.value) > ndr_get_array_size(ndr, &r->in.value)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.value), ndr_get_array_length(ndr, &r->in.value)); + size_value_1 = ndr_get_array_size(ndr, &r->in.value); + length_value_1 = ndr_get_array_length(ndr, &r->in.value); + if (length_value_1 > size_value_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_value_1, length_value_1); } - NDR_PULL_ALLOC_N(ndr, r->in.value, ndr_get_array_size(ndr, &r->in.value)); - NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->in.value, ndr_get_array_length(ndr, &r->in.value))); + NDR_PULL_ALLOC_N(ndr, r->in.value, size_value_1); + NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->in.value, length_value_1)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_value_0, 0); } NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_size)); @@ -1671,11 +1691,13 @@ _PUBLIC_ enum ndr_err_code ndr_pull_winreg_EnumValue(struct ndr_pull *ndr, int f NDR_PULL_SET_MEM_CTX(ndr, r->out.value, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->out.value)); NDR_CHECK(ndr_pull_array_length(ndr, &r->out.value)); - if (ndr_get_array_length(ndr, &r->out.value) > ndr_get_array_size(ndr, &r->out.value)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->out.value), ndr_get_array_length(ndr, &r->out.value)); + size_value_1 = ndr_get_array_size(ndr, &r->out.value); + length_value_1 = ndr_get_array_length(ndr, &r->out.value); + if (length_value_1 > size_value_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_value_1, length_value_1); } - NDR_PULL_ALLOC_N(ndr, r->out.value, ndr_get_array_size(ndr, &r->out.value)); - NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->out.value, ndr_get_array_length(ndr, &r->out.value))); + NDR_PULL_ALLOC_N(ndr, r->out.value, size_value_1); + NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->out.value, length_value_1)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_value_0, 0); } NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_size)); @@ -2513,6 +2535,8 @@ _PUBLIC_ enum ndr_err_code ndr_pull_winreg_QueryValue(struct ndr_pull *ndr, int { uint32_t _ptr_type; uint32_t _ptr_data; + uint32_t size_data_1 = 0; + uint32_t length_data_1 = 0; uint32_t _ptr_data_size; uint32_t _ptr_data_length; TALLOC_CTX *_mem_save_handle_0; @@ -2561,11 +2585,13 @@ _PUBLIC_ enum ndr_err_code ndr_pull_winreg_QueryValue(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->in.data, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.data)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.data)); - if (ndr_get_array_length(ndr, &r->in.data) > ndr_get_array_size(ndr, &r->in.data)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.data), ndr_get_array_length(ndr, &r->in.data)); + size_data_1 = ndr_get_array_size(ndr, &r->in.data); + length_data_1 = ndr_get_array_length(ndr, &r->in.data); + if (length_data_1 > size_data_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_data_1, length_data_1); } - NDR_PULL_ALLOC_N(ndr, r->in.data, ndr_get_array_size(ndr, &r->in.data)); - NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->in.data, ndr_get_array_length(ndr, &r->in.data))); + NDR_PULL_ALLOC_N(ndr, r->in.data, size_data_1); + NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->in.data, length_data_1)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_data_0, 0); } NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_data_size)); @@ -2625,11 +2651,13 @@ _PUBLIC_ enum ndr_err_code ndr_pull_winreg_QueryValue(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->out.data, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->out.data)); NDR_CHECK(ndr_pull_array_length(ndr, &r->out.data)); - if (ndr_get_array_length(ndr, &r->out.data) > ndr_get_array_size(ndr, &r->out.data)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->out.data), ndr_get_array_length(ndr, &r->out.data)); + size_data_1 = ndr_get_array_size(ndr, &r->out.data); + length_data_1 = ndr_get_array_length(ndr, &r->out.data); + if (length_data_1 > size_data_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_data_1, length_data_1); } - NDR_PULL_ALLOC_N(ndr, r->out.data, ndr_get_array_size(ndr, &r->out.data)); - NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->out.data, ndr_get_array_length(ndr, &r->out.data))); + NDR_PULL_ALLOC_N(ndr, r->out.data, size_data_1); + NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->out.data, length_data_1)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_data_0, 0); } NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_data_size)); @@ -3062,6 +3090,7 @@ static enum ndr_err_code ndr_push_winreg_SetValue(struct ndr_push *ndr, int flag static enum ndr_err_code ndr_pull_winreg_SetValue(struct ndr_pull *ndr, int flags, struct winreg_SetValue *r) { + uint32_t size_data_1 = 0; TALLOC_CTX *_mem_save_handle_0; if (flags & NDR_IN) { if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) { @@ -3074,10 +3103,11 @@ static enum ndr_err_code ndr_pull_winreg_SetValue(struct ndr_pull *ndr, int flag NDR_CHECK(ndr_pull_winreg_String(ndr, NDR_SCALARS|NDR_BUFFERS, &r->in.name)); NDR_CHECK(ndr_pull_winreg_Type(ndr, NDR_SCALARS, &r->in.type)); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.data)); + size_data_1 = ndr_get_array_size(ndr, &r->in.data); if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) { - NDR_PULL_ALLOC_N(ndr, r->in.data, ndr_get_array_size(ndr, &r->in.data)); + NDR_PULL_ALLOC_N(ndr, r->in.data, size_data_1); } - NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->in.data, ndr_get_array_size(ndr, &r->in.data))); + NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->in.data, size_data_1)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.size)); if (r->in.data) { NDR_CHECK(ndr_check_array_size(ndr, (void*)&r->in.data, r->in.size)); @@ -3642,8 +3672,12 @@ _PUBLIC_ enum ndr_err_code ndr_push_winreg_QueryMultipleValues(struct ndr_push * _PUBLIC_ enum ndr_err_code ndr_pull_winreg_QueryMultipleValues(struct ndr_pull *ndr, int flags, struct winreg_QueryMultipleValues *r) { + uint32_t size_values_1 = 0; + uint32_t length_values_1 = 0; uint32_t cntr_values_1; uint32_t _ptr_buffer; + uint32_t size_buffer_1 = 0; + uint32_t length_buffer_1 = 0; TALLOC_CTX *_mem_save_key_handle_0; TALLOC_CTX *_mem_save_values_1; TALLOC_CTX *_mem_save_buffer_0; @@ -3660,19 +3694,21 @@ _PUBLIC_ enum ndr_err_code ndr_pull_winreg_QueryMultipleValues(struct ndr_pull * NDR_PULL_SET_MEM_CTX(ndr, _mem_save_key_handle_0, LIBNDR_FLAG_REF_ALLOC); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.values)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.values)); - if (ndr_get_array_length(ndr, &r->in.values) > ndr_get_array_size(ndr, &r->in.values)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.values), ndr_get_array_length(ndr, &r->in.values)); + size_values_1 = ndr_get_array_size(ndr, &r->in.values); + length_values_1 = ndr_get_array_length(ndr, &r->in.values); + if (length_values_1 > size_values_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_values_1, length_values_1); } if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) { - NDR_PULL_ALLOC_N(ndr, r->in.values, ndr_get_array_size(ndr, &r->in.values)); + NDR_PULL_ALLOC_N(ndr, r->in.values, size_values_1); } - memcpy(r->out.values, r->in.values, (ndr_get_array_size(ndr, &r->in.values)) * sizeof(*r->in.values)); + memcpy(r->out.values, r->in.values, (size_values_1) * sizeof(*r->in.values)); _mem_save_values_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->in.values, 0); - for (cntr_values_1 = 0; cntr_values_1 < r->in.num_values; cntr_values_1++) { + for (cntr_values_1 = 0; cntr_values_1 < length_values_1; cntr_values_1++) { NDR_CHECK(ndr_pull_QueryMultipleValue(ndr, NDR_SCALARS, &r->in.values[cntr_values_1])); } - for (cntr_values_1 = 0; cntr_values_1 < r->in.num_values; cntr_values_1++) { + for (cntr_values_1 = 0; cntr_values_1 < length_values_1; cntr_values_1++) { NDR_CHECK(ndr_pull_QueryMultipleValue(ndr, NDR_BUFFERS, &r->in.values[cntr_values_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_values_1, 0); @@ -3688,11 +3724,13 @@ _PUBLIC_ enum ndr_err_code ndr_pull_winreg_QueryMultipleValues(struct ndr_pull * NDR_PULL_SET_MEM_CTX(ndr, r->in.buffer, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.buffer)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.buffer)); - if (ndr_get_array_length(ndr, &r->in.buffer) > ndr_get_array_size(ndr, &r->in.buffer)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.buffer), ndr_get_array_length(ndr, &r->in.buffer)); + size_buffer_1 = ndr_get_array_size(ndr, &r->in.buffer); + length_buffer_1 = ndr_get_array_length(ndr, &r->in.buffer); + if (length_buffer_1 > size_buffer_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_buffer_1, length_buffer_1); } - NDR_PULL_ALLOC_N(ndr, r->in.buffer, ndr_get_array_size(ndr, &r->in.buffer)); - NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->in.buffer, ndr_get_array_length(ndr, &r->in.buffer))); + NDR_PULL_ALLOC_N(ndr, r->in.buffer, size_buffer_1); + NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->in.buffer, length_buffer_1)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_buffer_0, 0); } if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) { @@ -3722,19 +3760,21 @@ _PUBLIC_ enum ndr_err_code ndr_pull_winreg_QueryMultipleValues(struct ndr_pull * if (flags & NDR_OUT) { NDR_CHECK(ndr_pull_array_size(ndr, &r->out.values)); NDR_CHECK(ndr_pull_array_length(ndr, &r->out.values)); - if (ndr_get_array_length(ndr, &r->out.values) > ndr_get_array_size(ndr, &r->out.values)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->out.values), ndr_get_array_length(ndr, &r->out.values)); + size_values_1 = ndr_get_array_size(ndr, &r->out.values); + length_values_1 = ndr_get_array_length(ndr, &r->out.values); + if (length_values_1 > size_values_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_values_1, length_values_1); } if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) { - NDR_PULL_ALLOC_N(ndr, r->out.values, ndr_get_array_size(ndr, &r->out.values)); + NDR_PULL_ALLOC_N(ndr, r->out.values, size_values_1); } - memcpy(r->out.values, r->in.values, (ndr_get_array_size(ndr, &r->out.values)) * sizeof(*r->in.values)); + memcpy(r->out.values, r->in.values, (size_values_1) * sizeof(*r->in.values)); _mem_save_values_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->out.values, 0); - for (cntr_values_1 = 0; cntr_values_1 < r->in.num_values; cntr_values_1++) { + for (cntr_values_1 = 0; cntr_values_1 < length_values_1; cntr_values_1++) { NDR_CHECK(ndr_pull_QueryMultipleValue(ndr, NDR_SCALARS, &r->out.values[cntr_values_1])); } - for (cntr_values_1 = 0; cntr_values_1 < r->in.num_values; cntr_values_1++) { + for (cntr_values_1 = 0; cntr_values_1 < length_values_1; cntr_values_1++) { NDR_CHECK(ndr_pull_QueryMultipleValue(ndr, NDR_BUFFERS, &r->out.values[cntr_values_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_values_1, 0); @@ -3749,11 +3789,13 @@ _PUBLIC_ enum ndr_err_code ndr_pull_winreg_QueryMultipleValues(struct ndr_pull * NDR_PULL_SET_MEM_CTX(ndr, r->out.buffer, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->out.buffer)); NDR_CHECK(ndr_pull_array_length(ndr, &r->out.buffer)); - if (ndr_get_array_length(ndr, &r->out.buffer) > ndr_get_array_size(ndr, &r->out.buffer)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->out.buffer), ndr_get_array_length(ndr, &r->out.buffer)); + size_buffer_1 = ndr_get_array_size(ndr, &r->out.buffer); + length_buffer_1 = ndr_get_array_length(ndr, &r->out.buffer); + if (length_buffer_1 > size_buffer_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_buffer_1, length_buffer_1); } - NDR_PULL_ALLOC_N(ndr, r->out.buffer, ndr_get_array_size(ndr, &r->out.buffer)); - NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->out.buffer, ndr_get_array_length(ndr, &r->out.buffer))); + NDR_PULL_ALLOC_N(ndr, r->out.buffer, size_buffer_1); + NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->out.buffer, length_buffer_1)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_buffer_0, 0); } if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) { diff --git a/librpc/gen_ndr/ndr_wkssvc.c b/librpc/gen_ndr/ndr_wkssvc.c index 760b4ee..3fe99ae 100644 --- a/librpc/gen_ndr/ndr_wkssvc.c +++ b/librpc/gen_ndr/ndr_wkssvc.c @@ -35,8 +35,12 @@ static enum ndr_err_code ndr_push_wkssvc_NetWkstaInfo100(struct ndr_push *ndr, i static enum ndr_err_code ndr_pull_wkssvc_NetWkstaInfo100(struct ndr_pull *ndr, int ndr_flags, struct wkssvc_NetWkstaInfo100 *r) { uint32_t _ptr_server_name; + uint32_t size_server_name_1 = 0; + uint32_t length_server_name_1 = 0; TALLOC_CTX *_mem_save_server_name_0; uint32_t _ptr_domain_name; + uint32_t size_domain_name_1 = 0; + uint32_t length_domain_name_1 = 0; TALLOC_CTX *_mem_save_domain_name_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); @@ -62,11 +66,13 @@ static enum ndr_err_code ndr_pull_wkssvc_NetWkstaInfo100(struct ndr_pull *ndr, i NDR_PULL_SET_MEM_CTX(ndr, r->server_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->server_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->server_name)); - if (ndr_get_array_length(ndr, &r->server_name) > ndr_get_array_size(ndr, &r->server_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->server_name), ndr_get_array_length(ndr, &r->server_name)); + size_server_name_1 = ndr_get_array_size(ndr, &r->server_name); + length_server_name_1 = ndr_get_array_length(ndr, &r->server_name); + if (length_server_name_1 > size_server_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_name_1, length_server_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->server_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->server_name, ndr_get_array_length(ndr, &r->server_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->server_name, length_server_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_name_0, 0); } if (r->domain_name) { @@ -74,11 +80,13 @@ static enum ndr_err_code ndr_pull_wkssvc_NetWkstaInfo100(struct ndr_pull *ndr, i NDR_PULL_SET_MEM_CTX(ndr, r->domain_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->domain_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->domain_name)); - if (ndr_get_array_length(ndr, &r->domain_name) > ndr_get_array_size(ndr, &r->domain_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->domain_name), ndr_get_array_length(ndr, &r->domain_name)); + size_domain_name_1 = ndr_get_array_size(ndr, &r->domain_name); + length_domain_name_1 = ndr_get_array_length(ndr, &r->domain_name); + if (length_domain_name_1 > size_domain_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_domain_name_1, length_domain_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->domain_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->domain_name, ndr_get_array_length(ndr, &r->domain_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_domain_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->domain_name, length_domain_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_domain_name_0, 0); } } @@ -144,10 +152,16 @@ static enum ndr_err_code ndr_push_wkssvc_NetWkstaInfo101(struct ndr_push *ndr, i static enum ndr_err_code ndr_pull_wkssvc_NetWkstaInfo101(struct ndr_pull *ndr, int ndr_flags, struct wkssvc_NetWkstaInfo101 *r) { uint32_t _ptr_server_name; + uint32_t size_server_name_1 = 0; + uint32_t length_server_name_1 = 0; TALLOC_CTX *_mem_save_server_name_0; uint32_t _ptr_domain_name; + uint32_t size_domain_name_1 = 0; + uint32_t length_domain_name_1 = 0; TALLOC_CTX *_mem_save_domain_name_0; uint32_t _ptr_lan_root; + uint32_t size_lan_root_1 = 0; + uint32_t length_lan_root_1 = 0; TALLOC_CTX *_mem_save_lan_root_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); @@ -179,11 +193,13 @@ static enum ndr_err_code ndr_pull_wkssvc_NetWkstaInfo101(struct ndr_pull *ndr, i NDR_PULL_SET_MEM_CTX(ndr, r->server_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->server_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->server_name)); - if (ndr_get_array_length(ndr, &r->server_name) > ndr_get_array_size(ndr, &r->server_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->server_name), ndr_get_array_length(ndr, &r->server_name)); + size_server_name_1 = ndr_get_array_size(ndr, &r->server_name); + length_server_name_1 = ndr_get_array_length(ndr, &r->server_name); + if (length_server_name_1 > size_server_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_name_1, length_server_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->server_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->server_name, ndr_get_array_length(ndr, &r->server_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->server_name, length_server_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_name_0, 0); } if (r->domain_name) { @@ -191,11 +207,13 @@ static enum ndr_err_code ndr_pull_wkssvc_NetWkstaInfo101(struct ndr_pull *ndr, i NDR_PULL_SET_MEM_CTX(ndr, r->domain_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->domain_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->domain_name)); - if (ndr_get_array_length(ndr, &r->domain_name) > ndr_get_array_size(ndr, &r->domain_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->domain_name), ndr_get_array_length(ndr, &r->domain_name)); + size_domain_name_1 = ndr_get_array_size(ndr, &r->domain_name); + length_domain_name_1 = ndr_get_array_length(ndr, &r->domain_name); + if (length_domain_name_1 > size_domain_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_domain_name_1, length_domain_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->domain_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->domain_name, ndr_get_array_length(ndr, &r->domain_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_domain_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->domain_name, length_domain_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_domain_name_0, 0); } if (r->lan_root) { @@ -203,11 +221,13 @@ static enum ndr_err_code ndr_pull_wkssvc_NetWkstaInfo101(struct ndr_pull *ndr, i NDR_PULL_SET_MEM_CTX(ndr, r->lan_root, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->lan_root)); NDR_CHECK(ndr_pull_array_length(ndr, &r->lan_root)); - if (ndr_get_array_length(ndr, &r->lan_root) > ndr_get_array_size(ndr, &r->lan_root)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->lan_root), ndr_get_array_length(ndr, &r->lan_root)); + size_lan_root_1 = ndr_get_array_size(ndr, &r->lan_root); + length_lan_root_1 = ndr_get_array_length(ndr, &r->lan_root); + if (length_lan_root_1 > size_lan_root_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_lan_root_1, length_lan_root_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->lan_root), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->lan_root, ndr_get_array_length(ndr, &r->lan_root), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_lan_root_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->lan_root, length_lan_root_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_lan_root_0, 0); } } @@ -280,10 +300,16 @@ static enum ndr_err_code ndr_push_wkssvc_NetWkstaInfo102(struct ndr_push *ndr, i static enum ndr_err_code ndr_pull_wkssvc_NetWkstaInfo102(struct ndr_pull *ndr, int ndr_flags, struct wkssvc_NetWkstaInfo102 *r) { uint32_t _ptr_server_name; + uint32_t size_server_name_1 = 0; + uint32_t length_server_name_1 = 0; TALLOC_CTX *_mem_save_server_name_0; uint32_t _ptr_domain_name; + uint32_t size_domain_name_1 = 0; + uint32_t length_domain_name_1 = 0; TALLOC_CTX *_mem_save_domain_name_0; uint32_t _ptr_lan_root; + uint32_t size_lan_root_1 = 0; + uint32_t length_lan_root_1 = 0; TALLOC_CTX *_mem_save_lan_root_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); @@ -316,11 +342,13 @@ static enum ndr_err_code ndr_pull_wkssvc_NetWkstaInfo102(struct ndr_pull *ndr, i NDR_PULL_SET_MEM_CTX(ndr, r->server_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->server_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->server_name)); - if (ndr_get_array_length(ndr, &r->server_name) > ndr_get_array_size(ndr, &r->server_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->server_name), ndr_get_array_length(ndr, &r->server_name)); + size_server_name_1 = ndr_get_array_size(ndr, &r->server_name); + length_server_name_1 = ndr_get_array_length(ndr, &r->server_name); + if (length_server_name_1 > size_server_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_name_1, length_server_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->server_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->server_name, ndr_get_array_length(ndr, &r->server_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->server_name, length_server_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_name_0, 0); } if (r->domain_name) { @@ -328,11 +356,13 @@ static enum ndr_err_code ndr_pull_wkssvc_NetWkstaInfo102(struct ndr_pull *ndr, i NDR_PULL_SET_MEM_CTX(ndr, r->domain_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->domain_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->domain_name)); - if (ndr_get_array_length(ndr, &r->domain_name) > ndr_get_array_size(ndr, &r->domain_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->domain_name), ndr_get_array_length(ndr, &r->domain_name)); + size_domain_name_1 = ndr_get_array_size(ndr, &r->domain_name); + length_domain_name_1 = ndr_get_array_length(ndr, &r->domain_name); + if (length_domain_name_1 > size_domain_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_domain_name_1, length_domain_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->domain_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->domain_name, ndr_get_array_length(ndr, &r->domain_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_domain_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->domain_name, length_domain_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_domain_name_0, 0); } if (r->lan_root) { @@ -340,11 +370,13 @@ static enum ndr_err_code ndr_pull_wkssvc_NetWkstaInfo102(struct ndr_pull *ndr, i NDR_PULL_SET_MEM_CTX(ndr, r->lan_root, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->lan_root)); NDR_CHECK(ndr_pull_array_length(ndr, &r->lan_root)); - if (ndr_get_array_length(ndr, &r->lan_root) > ndr_get_array_size(ndr, &r->lan_root)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->lan_root), ndr_get_array_length(ndr, &r->lan_root)); + size_lan_root_1 = ndr_get_array_size(ndr, &r->lan_root); + length_lan_root_1 = ndr_get_array_length(ndr, &r->lan_root); + if (length_lan_root_1 > size_lan_root_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_lan_root_1, length_lan_root_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->lan_root), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->lan_root, ndr_get_array_length(ndr, &r->lan_root), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_lan_root_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->lan_root, length_lan_root_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_lan_root_0, 0); } } @@ -1859,41 +1891,77 @@ static enum ndr_err_code ndr_pull_wkssvc_NetWkstaInfo(struct ndr_pull *ndr, int int level; uint32_t _level; TALLOC_CTX *_mem_save_info100_0; + uint32_t _ptr_info100; TALLOC_CTX *_mem_save_info101_0; + uint32_t _ptr_info101; TALLOC_CTX *_mem_save_info102_0; + uint32_t _ptr_info102; TALLOC_CTX *_mem_save_info502_0; + uint32_t _ptr_info502; TALLOC_CTX *_mem_save_info1010_0; + uint32_t _ptr_info1010; TALLOC_CTX *_mem_save_info1011_0; + uint32_t _ptr_info1011; TALLOC_CTX *_mem_save_info1012_0; + uint32_t _ptr_info1012; TALLOC_CTX *_mem_save_info1013_0; + uint32_t _ptr_info1013; TALLOC_CTX *_mem_save_info1018_0; + uint32_t _ptr_info1018; TALLOC_CTX *_mem_save_info1023_0; + uint32_t _ptr_info1023; TALLOC_CTX *_mem_save_info1027_0; + uint32_t _ptr_info1027; TALLOC_CTX *_mem_save_info1028_0; + uint32_t _ptr_info1028; TALLOC_CTX *_mem_save_info1032_0; + uint32_t _ptr_info1032; TALLOC_CTX *_mem_save_info1033_0; + uint32_t _ptr_info1033; TALLOC_CTX *_mem_save_info1041_0; + uint32_t _ptr_info1041; TALLOC_CTX *_mem_save_info1042_0; + uint32_t _ptr_info1042; TALLOC_CTX *_mem_save_info1043_0; + uint32_t _ptr_info1043; TALLOC_CTX *_mem_save_info1044_0; + uint32_t _ptr_info1044; TALLOC_CTX *_mem_save_info1045_0; + uint32_t _ptr_info1045; TALLOC_CTX *_mem_save_info1046_0; + uint32_t _ptr_info1046; TALLOC_CTX *_mem_save_info1047_0; + uint32_t _ptr_info1047; TALLOC_CTX *_mem_save_info1048_0; + uint32_t _ptr_info1048; TALLOC_CTX *_mem_save_info1049_0; + uint32_t _ptr_info1049; TALLOC_CTX *_mem_save_info1050_0; + uint32_t _ptr_info1050; TALLOC_CTX *_mem_save_info1051_0; + uint32_t _ptr_info1051; TALLOC_CTX *_mem_save_info1052_0; + uint32_t _ptr_info1052; TALLOC_CTX *_mem_save_info1053_0; + uint32_t _ptr_info1053; TALLOC_CTX *_mem_save_info1054_0; + uint32_t _ptr_info1054; TALLOC_CTX *_mem_save_info1055_0; + uint32_t _ptr_info1055; TALLOC_CTX *_mem_save_info1056_0; + uint32_t _ptr_info1056; TALLOC_CTX *_mem_save_info1057_0; + uint32_t _ptr_info1057; TALLOC_CTX *_mem_save_info1058_0; + uint32_t _ptr_info1058; TALLOC_CTX *_mem_save_info1059_0; + uint32_t _ptr_info1059; TALLOC_CTX *_mem_save_info1060_0; + uint32_t _ptr_info1060; TALLOC_CTX *_mem_save_info1061_0; + uint32_t _ptr_info1061; TALLOC_CTX *_mem_save_info1062_0; + uint32_t _ptr_info1062; level = ndr_pull_get_switch_value(ndr, r); if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &_level)); @@ -1902,7 +1970,6 @@ static enum ndr_err_code ndr_pull_wkssvc_NetWkstaInfo(struct ndr_pull *ndr, int } switch (level) { case 100: { - uint32_t _ptr_info100; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info100)); if (_ptr_info100) { NDR_PULL_ALLOC(ndr, r->info100); @@ -1912,7 +1979,6 @@ static enum ndr_err_code ndr_pull_wkssvc_NetWkstaInfo(struct ndr_pull *ndr, int break; } case 101: { - uint32_t _ptr_info101; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info101)); if (_ptr_info101) { NDR_PULL_ALLOC(ndr, r->info101); @@ -1922,7 +1988,6 @@ static enum ndr_err_code ndr_pull_wkssvc_NetWkstaInfo(struct ndr_pull *ndr, int break; } case 102: { - uint32_t _ptr_info102; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info102)); if (_ptr_info102) { NDR_PULL_ALLOC(ndr, r->info102); @@ -1932,7 +1997,6 @@ static enum ndr_err_code ndr_pull_wkssvc_NetWkstaInfo(struct ndr_pull *ndr, int break; } case 502: { - uint32_t _ptr_info502; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info502)); if (_ptr_info502) { NDR_PULL_ALLOC(ndr, r->info502); @@ -1942,7 +2006,6 @@ static enum ndr_err_code ndr_pull_wkssvc_NetWkstaInfo(struct ndr_pull *ndr, int break; } case 1010: { - uint32_t _ptr_info1010; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info1010)); if (_ptr_info1010) { NDR_PULL_ALLOC(ndr, r->info1010); @@ -1952,7 +2015,6 @@ static enum ndr_err_code ndr_pull_wkssvc_NetWkstaInfo(struct ndr_pull *ndr, int break; } case 1011: { - uint32_t _ptr_info1011; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info1011)); if (_ptr_info1011) { NDR_PULL_ALLOC(ndr, r->info1011); @@ -1962,7 +2024,6 @@ static enum ndr_err_code ndr_pull_wkssvc_NetWkstaInfo(struct ndr_pull *ndr, int break; } case 1012: { - uint32_t _ptr_info1012; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info1012)); if (_ptr_info1012) { NDR_PULL_ALLOC(ndr, r->info1012); @@ -1972,7 +2033,6 @@ static enum ndr_err_code ndr_pull_wkssvc_NetWkstaInfo(struct ndr_pull *ndr, int break; } case 1013: { - uint32_t _ptr_info1013; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info1013)); if (_ptr_info1013) { NDR_PULL_ALLOC(ndr, r->info1013); @@ -1982,7 +2042,6 @@ static enum ndr_err_code ndr_pull_wkssvc_NetWkstaInfo(struct ndr_pull *ndr, int break; } case 1018: { - uint32_t _ptr_info1018; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info1018)); if (_ptr_info1018) { NDR_PULL_ALLOC(ndr, r->info1018); @@ -1992,7 +2051,6 @@ static enum ndr_err_code ndr_pull_wkssvc_NetWkstaInfo(struct ndr_pull *ndr, int break; } case 1023: { - uint32_t _ptr_info1023; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info1023)); if (_ptr_info1023) { NDR_PULL_ALLOC(ndr, r->info1023); @@ -2002,7 +2060,6 @@ static enum ndr_err_code ndr_pull_wkssvc_NetWkstaInfo(struct ndr_pull *ndr, int break; } case 1027: { - uint32_t _ptr_info1027; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info1027)); if (_ptr_info1027) { NDR_PULL_ALLOC(ndr, r->info1027); @@ -2012,7 +2069,6 @@ static enum ndr_err_code ndr_pull_wkssvc_NetWkstaInfo(struct ndr_pull *ndr, int break; } case 1028: { - uint32_t _ptr_info1028; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info1028)); if (_ptr_info1028) { NDR_PULL_ALLOC(ndr, r->info1028); @@ -2022,7 +2078,6 @@ static enum ndr_err_code ndr_pull_wkssvc_NetWkstaInfo(struct ndr_pull *ndr, int break; } case 1032: { - uint32_t _ptr_info1032; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info1032)); if (_ptr_info1032) { NDR_PULL_ALLOC(ndr, r->info1032); @@ -2032,7 +2087,6 @@ static enum ndr_err_code ndr_pull_wkssvc_NetWkstaInfo(struct ndr_pull *ndr, int break; } case 1033: { - uint32_t _ptr_info1033; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info1033)); if (_ptr_info1033) { NDR_PULL_ALLOC(ndr, r->info1033); @@ -2042,7 +2096,6 @@ static enum ndr_err_code ndr_pull_wkssvc_NetWkstaInfo(struct ndr_pull *ndr, int break; } case 1041: { - uint32_t _ptr_info1041; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info1041)); if (_ptr_info1041) { NDR_PULL_ALLOC(ndr, r->info1041); @@ -2052,7 +2105,6 @@ static enum ndr_err_code ndr_pull_wkssvc_NetWkstaInfo(struct ndr_pull *ndr, int break; } case 1042: { - uint32_t _ptr_info1042; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info1042)); if (_ptr_info1042) { NDR_PULL_ALLOC(ndr, r->info1042); @@ -2062,7 +2114,6 @@ static enum ndr_err_code ndr_pull_wkssvc_NetWkstaInfo(struct ndr_pull *ndr, int break; } case 1043: { - uint32_t _ptr_info1043; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info1043)); if (_ptr_info1043) { NDR_PULL_ALLOC(ndr, r->info1043); @@ -2072,7 +2123,6 @@ static enum ndr_err_code ndr_pull_wkssvc_NetWkstaInfo(struct ndr_pull *ndr, int break; } case 1044: { - uint32_t _ptr_info1044; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info1044)); if (_ptr_info1044) { NDR_PULL_ALLOC(ndr, r->info1044); @@ -2082,7 +2132,6 @@ static enum ndr_err_code ndr_pull_wkssvc_NetWkstaInfo(struct ndr_pull *ndr, int break; } case 1045: { - uint32_t _ptr_info1045; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info1045)); if (_ptr_info1045) { NDR_PULL_ALLOC(ndr, r->info1045); @@ -2092,7 +2141,6 @@ static enum ndr_err_code ndr_pull_wkssvc_NetWkstaInfo(struct ndr_pull *ndr, int break; } case 1046: { - uint32_t _ptr_info1046; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info1046)); if (_ptr_info1046) { NDR_PULL_ALLOC(ndr, r->info1046); @@ -2102,7 +2150,6 @@ static enum ndr_err_code ndr_pull_wkssvc_NetWkstaInfo(struct ndr_pull *ndr, int break; } case 1047: { - uint32_t _ptr_info1047; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info1047)); if (_ptr_info1047) { NDR_PULL_ALLOC(ndr, r->info1047); @@ -2112,7 +2159,6 @@ static enum ndr_err_code ndr_pull_wkssvc_NetWkstaInfo(struct ndr_pull *ndr, int break; } case 1048: { - uint32_t _ptr_info1048; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info1048)); if (_ptr_info1048) { NDR_PULL_ALLOC(ndr, r->info1048); @@ -2122,7 +2168,6 @@ static enum ndr_err_code ndr_pull_wkssvc_NetWkstaInfo(struct ndr_pull *ndr, int break; } case 1049: { - uint32_t _ptr_info1049; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info1049)); if (_ptr_info1049) { NDR_PULL_ALLOC(ndr, r->info1049); @@ -2132,7 +2177,6 @@ static enum ndr_err_code ndr_pull_wkssvc_NetWkstaInfo(struct ndr_pull *ndr, int break; } case 1050: { - uint32_t _ptr_info1050; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info1050)); if (_ptr_info1050) { NDR_PULL_ALLOC(ndr, r->info1050); @@ -2142,7 +2186,6 @@ static enum ndr_err_code ndr_pull_wkssvc_NetWkstaInfo(struct ndr_pull *ndr, int break; } case 1051: { - uint32_t _ptr_info1051; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info1051)); if (_ptr_info1051) { NDR_PULL_ALLOC(ndr, r->info1051); @@ -2152,7 +2195,6 @@ static enum ndr_err_code ndr_pull_wkssvc_NetWkstaInfo(struct ndr_pull *ndr, int break; } case 1052: { - uint32_t _ptr_info1052; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info1052)); if (_ptr_info1052) { NDR_PULL_ALLOC(ndr, r->info1052); @@ -2162,7 +2204,6 @@ static enum ndr_err_code ndr_pull_wkssvc_NetWkstaInfo(struct ndr_pull *ndr, int break; } case 1053: { - uint32_t _ptr_info1053; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info1053)); if (_ptr_info1053) { NDR_PULL_ALLOC(ndr, r->info1053); @@ -2172,7 +2213,6 @@ static enum ndr_err_code ndr_pull_wkssvc_NetWkstaInfo(struct ndr_pull *ndr, int break; } case 1054: { - uint32_t _ptr_info1054; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info1054)); if (_ptr_info1054) { NDR_PULL_ALLOC(ndr, r->info1054); @@ -2182,7 +2222,6 @@ static enum ndr_err_code ndr_pull_wkssvc_NetWkstaInfo(struct ndr_pull *ndr, int break; } case 1055: { - uint32_t _ptr_info1055; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info1055)); if (_ptr_info1055) { NDR_PULL_ALLOC(ndr, r->info1055); @@ -2192,7 +2231,6 @@ static enum ndr_err_code ndr_pull_wkssvc_NetWkstaInfo(struct ndr_pull *ndr, int break; } case 1056: { - uint32_t _ptr_info1056; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info1056)); if (_ptr_info1056) { NDR_PULL_ALLOC(ndr, r->info1056); @@ -2202,7 +2240,6 @@ static enum ndr_err_code ndr_pull_wkssvc_NetWkstaInfo(struct ndr_pull *ndr, int break; } case 1057: { - uint32_t _ptr_info1057; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info1057)); if (_ptr_info1057) { NDR_PULL_ALLOC(ndr, r->info1057); @@ -2212,7 +2249,6 @@ static enum ndr_err_code ndr_pull_wkssvc_NetWkstaInfo(struct ndr_pull *ndr, int break; } case 1058: { - uint32_t _ptr_info1058; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info1058)); if (_ptr_info1058) { NDR_PULL_ALLOC(ndr, r->info1058); @@ -2222,7 +2258,6 @@ static enum ndr_err_code ndr_pull_wkssvc_NetWkstaInfo(struct ndr_pull *ndr, int break; } case 1059: { - uint32_t _ptr_info1059; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info1059)); if (_ptr_info1059) { NDR_PULL_ALLOC(ndr, r->info1059); @@ -2232,7 +2267,6 @@ static enum ndr_err_code ndr_pull_wkssvc_NetWkstaInfo(struct ndr_pull *ndr, int break; } case 1060: { - uint32_t _ptr_info1060; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info1060)); if (_ptr_info1060) { NDR_PULL_ALLOC(ndr, r->info1060); @@ -2242,7 +2276,6 @@ static enum ndr_err_code ndr_pull_wkssvc_NetWkstaInfo(struct ndr_pull *ndr, int break; } case 1061: { - uint32_t _ptr_info1061; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info1061)); if (_ptr_info1061) { NDR_PULL_ALLOC(ndr, r->info1061); @@ -2252,7 +2285,6 @@ static enum ndr_err_code ndr_pull_wkssvc_NetWkstaInfo(struct ndr_pull *ndr, int break; } case 1062: { - uint32_t _ptr_info1062; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info1062)); if (_ptr_info1062) { NDR_PULL_ALLOC(ndr, r->info1062); @@ -2956,6 +2988,8 @@ static enum ndr_err_code ndr_push_wkssvc_NetrWkstaUserInfo0(struct ndr_push *ndr static enum ndr_err_code ndr_pull_wkssvc_NetrWkstaUserInfo0(struct ndr_pull *ndr, int ndr_flags, struct wkssvc_NetrWkstaUserInfo0 *r) { uint32_t _ptr_user_name; + uint32_t size_user_name_1 = 0; + uint32_t length_user_name_1 = 0; TALLOC_CTX *_mem_save_user_name_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); @@ -2972,11 +3006,13 @@ static enum ndr_err_code ndr_pull_wkssvc_NetrWkstaUserInfo0(struct ndr_pull *ndr NDR_PULL_SET_MEM_CTX(ndr, r->user_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->user_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->user_name)); - if (ndr_get_array_length(ndr, &r->user_name) > ndr_get_array_size(ndr, &r->user_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->user_name), ndr_get_array_length(ndr, &r->user_name)); + size_user_name_1 = ndr_get_array_size(ndr, &r->user_name); + length_user_name_1 = ndr_get_array_length(ndr, &r->user_name); + if (length_user_name_1 > size_user_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_user_name_1, length_user_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->user_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->user_name, ndr_get_array_length(ndr, &r->user_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_user_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->user_name, length_user_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_user_name_0, 0); } } @@ -3021,6 +3057,7 @@ static enum ndr_err_code ndr_push_wkssvc_NetWkstaEnumUsersCtr0(struct ndr_push * static enum ndr_err_code ndr_pull_wkssvc_NetWkstaEnumUsersCtr0(struct ndr_pull *ndr, int ndr_flags, struct wkssvc_NetWkstaEnumUsersCtr0 *r) { uint32_t _ptr_user0; + uint32_t size_user0_1 = 0; uint32_t cntr_user0_1; TALLOC_CTX *_mem_save_user0_0; TALLOC_CTX *_mem_save_user0_1; @@ -3039,13 +3076,14 @@ static enum ndr_err_code ndr_pull_wkssvc_NetWkstaEnumUsersCtr0(struct ndr_pull * _mem_save_user0_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->user0, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->user0)); - NDR_PULL_ALLOC_N(ndr, r->user0, ndr_get_array_size(ndr, &r->user0)); + size_user0_1 = ndr_get_array_size(ndr, &r->user0); + NDR_PULL_ALLOC_N(ndr, r->user0, size_user0_1); _mem_save_user0_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->user0, 0); - for (cntr_user0_1 = 0; cntr_user0_1 < r->entries_read; cntr_user0_1++) { + for (cntr_user0_1 = 0; cntr_user0_1 < size_user0_1; cntr_user0_1++) { NDR_CHECK(ndr_pull_wkssvc_NetrWkstaUserInfo0(ndr, NDR_SCALARS, &r->user0[cntr_user0_1])); } - for (cntr_user0_1 = 0; cntr_user0_1 < r->entries_read; cntr_user0_1++) { + for (cntr_user0_1 = 0; cntr_user0_1 < size_user0_1; cntr_user0_1++) { NDR_CHECK(ndr_pull_wkssvc_NetrWkstaUserInfo0(ndr, NDR_BUFFERS, &r->user0[cntr_user0_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_user0_1, 0); @@ -3123,12 +3161,20 @@ static enum ndr_err_code ndr_push_wkssvc_NetrWkstaUserInfo1(struct ndr_push *ndr static enum ndr_err_code ndr_pull_wkssvc_NetrWkstaUserInfo1(struct ndr_pull *ndr, int ndr_flags, struct wkssvc_NetrWkstaUserInfo1 *r) { uint32_t _ptr_user_name; + uint32_t size_user_name_1 = 0; + uint32_t length_user_name_1 = 0; TALLOC_CTX *_mem_save_user_name_0; uint32_t _ptr_logon_domain; + uint32_t size_logon_domain_1 = 0; + uint32_t length_logon_domain_1 = 0; TALLOC_CTX *_mem_save_logon_domain_0; uint32_t _ptr_other_domains; + uint32_t size_other_domains_1 = 0; + uint32_t length_other_domains_1 = 0; TALLOC_CTX *_mem_save_other_domains_0; uint32_t _ptr_logon_server; + uint32_t size_logon_server_1 = 0; + uint32_t length_logon_server_1 = 0; TALLOC_CTX *_mem_save_logon_server_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); @@ -3163,11 +3209,13 @@ static enum ndr_err_code ndr_pull_wkssvc_NetrWkstaUserInfo1(struct ndr_pull *ndr NDR_PULL_SET_MEM_CTX(ndr, r->user_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->user_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->user_name)); - if (ndr_get_array_length(ndr, &r->user_name) > ndr_get_array_size(ndr, &r->user_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->user_name), ndr_get_array_length(ndr, &r->user_name)); + size_user_name_1 = ndr_get_array_size(ndr, &r->user_name); + length_user_name_1 = ndr_get_array_length(ndr, &r->user_name); + if (length_user_name_1 > size_user_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_user_name_1, length_user_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->user_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->user_name, ndr_get_array_length(ndr, &r->user_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_user_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->user_name, length_user_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_user_name_0, 0); } if (r->logon_domain) { @@ -3175,11 +3223,13 @@ static enum ndr_err_code ndr_pull_wkssvc_NetrWkstaUserInfo1(struct ndr_pull *ndr NDR_PULL_SET_MEM_CTX(ndr, r->logon_domain, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->logon_domain)); NDR_CHECK(ndr_pull_array_length(ndr, &r->logon_domain)); - if (ndr_get_array_length(ndr, &r->logon_domain) > ndr_get_array_size(ndr, &r->logon_domain)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->logon_domain), ndr_get_array_length(ndr, &r->logon_domain)); + size_logon_domain_1 = ndr_get_array_size(ndr, &r->logon_domain); + length_logon_domain_1 = ndr_get_array_length(ndr, &r->logon_domain); + if (length_logon_domain_1 > size_logon_domain_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_logon_domain_1, length_logon_domain_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->logon_domain), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->logon_domain, ndr_get_array_length(ndr, &r->logon_domain), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_logon_domain_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->logon_domain, length_logon_domain_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_logon_domain_0, 0); } if (r->other_domains) { @@ -3187,11 +3237,13 @@ static enum ndr_err_code ndr_pull_wkssvc_NetrWkstaUserInfo1(struct ndr_pull *ndr NDR_PULL_SET_MEM_CTX(ndr, r->other_domains, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->other_domains)); NDR_CHECK(ndr_pull_array_length(ndr, &r->other_domains)); - if (ndr_get_array_length(ndr, &r->other_domains) > ndr_get_array_size(ndr, &r->other_domains)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->other_domains), ndr_get_array_length(ndr, &r->other_domains)); + size_other_domains_1 = ndr_get_array_size(ndr, &r->other_domains); + length_other_domains_1 = ndr_get_array_length(ndr, &r->other_domains); + if (length_other_domains_1 > size_other_domains_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_other_domains_1, length_other_domains_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->other_domains), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->other_domains, ndr_get_array_length(ndr, &r->other_domains), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_other_domains_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->other_domains, length_other_domains_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_other_domains_0, 0); } if (r->logon_server) { @@ -3199,11 +3251,13 @@ static enum ndr_err_code ndr_pull_wkssvc_NetrWkstaUserInfo1(struct ndr_pull *ndr NDR_PULL_SET_MEM_CTX(ndr, r->logon_server, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->logon_server)); NDR_CHECK(ndr_pull_array_length(ndr, &r->logon_server)); - if (ndr_get_array_length(ndr, &r->logon_server) > ndr_get_array_size(ndr, &r->logon_server)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->logon_server), ndr_get_array_length(ndr, &r->logon_server)); + size_logon_server_1 = ndr_get_array_size(ndr, &r->logon_server); + length_logon_server_1 = ndr_get_array_length(ndr, &r->logon_server); + if (length_logon_server_1 > size_logon_server_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_logon_server_1, length_logon_server_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->logon_server), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->logon_server, ndr_get_array_length(ndr, &r->logon_server), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_logon_server_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->logon_server, length_logon_server_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_logon_server_0, 0); } } @@ -3266,6 +3320,7 @@ static enum ndr_err_code ndr_push_wkssvc_NetWkstaEnumUsersCtr1(struct ndr_push * static enum ndr_err_code ndr_pull_wkssvc_NetWkstaEnumUsersCtr1(struct ndr_pull *ndr, int ndr_flags, struct wkssvc_NetWkstaEnumUsersCtr1 *r) { uint32_t _ptr_user1; + uint32_t size_user1_1 = 0; uint32_t cntr_user1_1; TALLOC_CTX *_mem_save_user1_0; TALLOC_CTX *_mem_save_user1_1; @@ -3284,13 +3339,14 @@ static enum ndr_err_code ndr_pull_wkssvc_NetWkstaEnumUsersCtr1(struct ndr_pull * _mem_save_user1_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->user1, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->user1)); - NDR_PULL_ALLOC_N(ndr, r->user1, ndr_get_array_size(ndr, &r->user1)); + size_user1_1 = ndr_get_array_size(ndr, &r->user1); + NDR_PULL_ALLOC_N(ndr, r->user1, size_user1_1); _mem_save_user1_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->user1, 0); - for (cntr_user1_1 = 0; cntr_user1_1 < r->entries_read; cntr_user1_1++) { + for (cntr_user1_1 = 0; cntr_user1_1 < size_user1_1; cntr_user1_1++) { NDR_CHECK(ndr_pull_wkssvc_NetrWkstaUserInfo1(ndr, NDR_SCALARS, &r->user1[cntr_user1_1])); } - for (cntr_user1_1 = 0; cntr_user1_1 < r->entries_read; cntr_user1_1++) { + for (cntr_user1_1 = 0; cntr_user1_1 < size_user1_1; cntr_user1_1++) { NDR_CHECK(ndr_pull_wkssvc_NetrWkstaUserInfo1(ndr, NDR_BUFFERS, &r->user1[cntr_user1_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_user1_1, 0); @@ -3372,7 +3428,9 @@ static enum ndr_err_code ndr_pull_wkssvc_NetWkstaEnumUsersCtr(struct ndr_pull *n int level; uint32_t _level; TALLOC_CTX *_mem_save_user0_0; + uint32_t _ptr_user0; TALLOC_CTX *_mem_save_user1_0; + uint32_t _ptr_user1; level = ndr_pull_get_switch_value(ndr, r); if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &_level)); @@ -3381,7 +3439,6 @@ static enum ndr_err_code ndr_pull_wkssvc_NetWkstaEnumUsersCtr(struct ndr_pull *n } switch (level) { case 0: { - uint32_t _ptr_user0; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_user0)); if (_ptr_user0) { NDR_PULL_ALLOC(ndr, r->user0); @@ -3391,7 +3448,6 @@ static enum ndr_err_code ndr_pull_wkssvc_NetWkstaEnumUsersCtr(struct ndr_pull *n break; } case 1: { - uint32_t _ptr_user1; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_user1)); if (_ptr_user1) { NDR_PULL_ALLOC(ndr, r->user1); @@ -3518,6 +3574,8 @@ static enum ndr_err_code ndr_push_wkssvc_NetrWkstaUserInfo1101(struct ndr_push * static enum ndr_err_code ndr_pull_wkssvc_NetrWkstaUserInfo1101(struct ndr_pull *ndr, int ndr_flags, struct wkssvc_NetrWkstaUserInfo1101 *r) { uint32_t _ptr_other_domains; + uint32_t size_other_domains_1 = 0; + uint32_t length_other_domains_1 = 0; TALLOC_CTX *_mem_save_other_domains_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); @@ -3534,11 +3592,13 @@ static enum ndr_err_code ndr_pull_wkssvc_NetrWkstaUserInfo1101(struct ndr_pull * NDR_PULL_SET_MEM_CTX(ndr, r->other_domains, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->other_domains)); NDR_CHECK(ndr_pull_array_length(ndr, &r->other_domains)); - if (ndr_get_array_length(ndr, &r->other_domains) > ndr_get_array_size(ndr, &r->other_domains)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->other_domains), ndr_get_array_length(ndr, &r->other_domains)); + size_other_domains_1 = ndr_get_array_size(ndr, &r->other_domains); + length_other_domains_1 = ndr_get_array_length(ndr, &r->other_domains); + if (length_other_domains_1 > size_other_domains_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_other_domains_1, length_other_domains_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->other_domains), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->other_domains, ndr_get_array_length(ndr, &r->other_domains), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_other_domains_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->other_domains, length_other_domains_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_other_domains_0, 0); } } @@ -3613,8 +3673,11 @@ static enum ndr_err_code ndr_pull_wkssvc_NetrWkstaUserInfo(struct ndr_pull *ndr, int level; uint32_t _level; TALLOC_CTX *_mem_save_info0_0; + uint32_t _ptr_info0; TALLOC_CTX *_mem_save_info1_0; + uint32_t _ptr_info1; TALLOC_CTX *_mem_save_info1101_0; + uint32_t _ptr_info1101; level = ndr_pull_get_switch_value(ndr, r); if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &_level)); @@ -3623,7 +3686,6 @@ static enum ndr_err_code ndr_pull_wkssvc_NetrWkstaUserInfo(struct ndr_pull *ndr, } switch (level) { case 0: { - uint32_t _ptr_info0; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info0)); if (_ptr_info0) { NDR_PULL_ALLOC(ndr, r->info0); @@ -3633,7 +3695,6 @@ static enum ndr_err_code ndr_pull_wkssvc_NetrWkstaUserInfo(struct ndr_pull *ndr, break; } case 1: { - uint32_t _ptr_info1; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info1)); if (_ptr_info1) { NDR_PULL_ALLOC(ndr, r->info1); @@ -3643,7 +3704,6 @@ static enum ndr_err_code ndr_pull_wkssvc_NetrWkstaUserInfo(struct ndr_pull *ndr, break; } case 1101: { - uint32_t _ptr_info1101; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info1101)); if (_ptr_info1101) { NDR_PULL_ALLOC(ndr, r->info1101); @@ -3760,8 +3820,12 @@ static enum ndr_err_code ndr_push_wkssvc_NetWkstaTransportInfo0(struct ndr_push static enum ndr_err_code ndr_pull_wkssvc_NetWkstaTransportInfo0(struct ndr_pull *ndr, int ndr_flags, struct wkssvc_NetWkstaTransportInfo0 *r) { uint32_t _ptr_name; + uint32_t size_name_1 = 0; + uint32_t length_name_1 = 0; TALLOC_CTX *_mem_save_name_0; uint32_t _ptr_address; + uint32_t size_address_1 = 0; + uint32_t length_address_1 = 0; TALLOC_CTX *_mem_save_address_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); @@ -3787,11 +3851,13 @@ static enum ndr_err_code ndr_pull_wkssvc_NetWkstaTransportInfo0(struct ndr_pull NDR_PULL_SET_MEM_CTX(ndr, r->name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->name)); - if (ndr_get_array_length(ndr, &r->name) > ndr_get_array_size(ndr, &r->name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->name), ndr_get_array_length(ndr, &r->name)); + size_name_1 = ndr_get_array_size(ndr, &r->name); + length_name_1 = ndr_get_array_length(ndr, &r->name); + if (length_name_1 > size_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_name_1, length_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->name, ndr_get_array_length(ndr, &r->name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->name, length_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_name_0, 0); } if (r->address) { @@ -3799,11 +3865,13 @@ static enum ndr_err_code ndr_pull_wkssvc_NetWkstaTransportInfo0(struct ndr_pull NDR_PULL_SET_MEM_CTX(ndr, r->address, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->address)); NDR_CHECK(ndr_pull_array_length(ndr, &r->address)); - if (ndr_get_array_length(ndr, &r->address) > ndr_get_array_size(ndr, &r->address)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->address), ndr_get_array_length(ndr, &r->address)); + size_address_1 = ndr_get_array_size(ndr, &r->address); + length_address_1 = ndr_get_array_length(ndr, &r->address); + if (length_address_1 > size_address_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_address_1, length_address_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->address), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->address, ndr_get_array_length(ndr, &r->address), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_address_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->address, length_address_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_address_0, 0); } } @@ -3857,6 +3925,7 @@ static enum ndr_err_code ndr_push_wkssvc_NetWkstaTransportCtr0(struct ndr_push * static enum ndr_err_code ndr_pull_wkssvc_NetWkstaTransportCtr0(struct ndr_pull *ndr, int ndr_flags, struct wkssvc_NetWkstaTransportCtr0 *r) { uint32_t _ptr_array; + uint32_t size_array_1 = 0; uint32_t cntr_array_1; TALLOC_CTX *_mem_save_array_0; TALLOC_CTX *_mem_save_array_1; @@ -3875,13 +3944,14 @@ static enum ndr_err_code ndr_pull_wkssvc_NetWkstaTransportCtr0(struct ndr_pull * _mem_save_array_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->array)); - NDR_PULL_ALLOC_N(ndr, r->array, ndr_get_array_size(ndr, &r->array)); + size_array_1 = ndr_get_array_size(ndr, &r->array); + NDR_PULL_ALLOC_N(ndr, r->array, size_array_1); _mem_save_array_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); - for (cntr_array_1 = 0; cntr_array_1 < r->count; cntr_array_1++) { + for (cntr_array_1 = 0; cntr_array_1 < size_array_1; cntr_array_1++) { NDR_CHECK(ndr_pull_wkssvc_NetWkstaTransportInfo0(ndr, NDR_SCALARS, &r->array[cntr_array_1])); } - for (cntr_array_1 = 0; cntr_array_1 < r->count; cntr_array_1++) { + for (cntr_array_1 = 0; cntr_array_1 < size_array_1; cntr_array_1++) { NDR_CHECK(ndr_pull_wkssvc_NetWkstaTransportInfo0(ndr, NDR_BUFFERS, &r->array[cntr_array_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_array_1, 0); @@ -3953,6 +4023,7 @@ static enum ndr_err_code ndr_pull_wkssvc_NetWkstaTransportCtr(struct ndr_pull *n int level; uint32_t _level; TALLOC_CTX *_mem_save_ctr0_0; + uint32_t _ptr_ctr0; level = ndr_pull_get_switch_value(ndr, r); if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &_level)); @@ -3961,7 +4032,6 @@ static enum ndr_err_code ndr_pull_wkssvc_NetWkstaTransportCtr(struct ndr_pull *n } switch (level) { case 0: { - uint32_t _ptr_ctr0; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_ctr0)); if (_ptr_ctr0) { NDR_PULL_ALLOC(ndr, r->ctr0); @@ -4077,8 +4147,12 @@ static enum ndr_err_code ndr_push_wkssvc_NetrUseInfo3(struct ndr_push *ndr, int static enum ndr_err_code ndr_pull_wkssvc_NetrUseInfo3(struct ndr_pull *ndr, int ndr_flags, struct wkssvc_NetrUseInfo3 *r) { uint32_t _ptr_unknown1; + uint32_t size_unknown1_1 = 0; + uint32_t length_unknown1_1 = 0; TALLOC_CTX *_mem_save_unknown1_0; uint32_t _ptr_unknown2; + uint32_t size_unknown2_1 = 0; + uint32_t length_unknown2_1 = 0; TALLOC_CTX *_mem_save_unknown2_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); @@ -4101,11 +4175,13 @@ static enum ndr_err_code ndr_pull_wkssvc_NetrUseInfo3(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->unknown1, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->unknown1)); NDR_CHECK(ndr_pull_array_length(ndr, &r->unknown1)); - if (ndr_get_array_length(ndr, &r->unknown1) > ndr_get_array_size(ndr, &r->unknown1)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->unknown1), ndr_get_array_length(ndr, &r->unknown1)); + size_unknown1_1 = ndr_get_array_size(ndr, &r->unknown1); + length_unknown1_1 = ndr_get_array_length(ndr, &r->unknown1); + if (length_unknown1_1 > size_unknown1_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_unknown1_1, length_unknown1_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->unknown1), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->unknown1, ndr_get_array_length(ndr, &r->unknown1), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_unknown1_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->unknown1, length_unknown1_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_unknown1_0, 0); } if (r->unknown2) { @@ -4113,11 +4189,13 @@ static enum ndr_err_code ndr_pull_wkssvc_NetrUseInfo3(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->unknown2, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->unknown2)); NDR_CHECK(ndr_pull_array_length(ndr, &r->unknown2)); - if (ndr_get_array_length(ndr, &r->unknown2) > ndr_get_array_size(ndr, &r->unknown2)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->unknown2), ndr_get_array_length(ndr, &r->unknown2)); + size_unknown2_1 = ndr_get_array_size(ndr, &r->unknown2); + length_unknown2_1 = ndr_get_array_length(ndr, &r->unknown2); + if (length_unknown2_1 > size_unknown2_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_unknown2_1, length_unknown2_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->unknown2), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->unknown2, ndr_get_array_length(ndr, &r->unknown2), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_unknown2_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->unknown2, length_unknown2_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_unknown2_0, 0); } } @@ -4195,14 +4273,24 @@ static enum ndr_err_code ndr_push_wkssvc_NetrUseInfo2(struct ndr_push *ndr, int static enum ndr_err_code ndr_pull_wkssvc_NetrUseInfo2(struct ndr_pull *ndr, int ndr_flags, struct wkssvc_NetrUseInfo2 *r) { uint32_t _ptr_local; + uint32_t size_local_1 = 0; + uint32_t length_local_1 = 0; TALLOC_CTX *_mem_save_local_0; uint32_t _ptr_remote; + uint32_t size_remote_1 = 0; + uint32_t length_remote_1 = 0; TALLOC_CTX *_mem_save_remote_0; uint32_t _ptr_password; + uint32_t size_password_1 = 0; + uint32_t length_password_1 = 0; TALLOC_CTX *_mem_save_password_0; uint32_t _ptr_user_name; + uint32_t size_user_name_1 = 0; + uint32_t length_user_name_1 = 0; TALLOC_CTX *_mem_save_user_name_0; uint32_t _ptr_domain_name; + uint32_t size_domain_name_1 = 0; + uint32_t length_domain_name_1 = 0; TALLOC_CTX *_mem_save_domain_name_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); @@ -4247,11 +4335,13 @@ static enum ndr_err_code ndr_pull_wkssvc_NetrUseInfo2(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->local, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->local)); NDR_CHECK(ndr_pull_array_length(ndr, &r->local)); - if (ndr_get_array_length(ndr, &r->local) > ndr_get_array_size(ndr, &r->local)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->local), ndr_get_array_length(ndr, &r->local)); + size_local_1 = ndr_get_array_size(ndr, &r->local); + length_local_1 = ndr_get_array_length(ndr, &r->local); + if (length_local_1 > size_local_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_local_1, length_local_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->local), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->local, ndr_get_array_length(ndr, &r->local), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_local_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->local, length_local_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_local_0, 0); } if (r->remote) { @@ -4259,11 +4349,13 @@ static enum ndr_err_code ndr_pull_wkssvc_NetrUseInfo2(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->remote, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->remote)); NDR_CHECK(ndr_pull_array_length(ndr, &r->remote)); - if (ndr_get_array_length(ndr, &r->remote) > ndr_get_array_size(ndr, &r->remote)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->remote), ndr_get_array_length(ndr, &r->remote)); + size_remote_1 = ndr_get_array_size(ndr, &r->remote); + length_remote_1 = ndr_get_array_length(ndr, &r->remote); + if (length_remote_1 > size_remote_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_remote_1, length_remote_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->remote), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->remote, ndr_get_array_length(ndr, &r->remote), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_remote_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->remote, length_remote_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_remote_0, 0); } if (r->password) { @@ -4271,11 +4363,13 @@ static enum ndr_err_code ndr_pull_wkssvc_NetrUseInfo2(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->password, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->password)); NDR_CHECK(ndr_pull_array_length(ndr, &r->password)); - if (ndr_get_array_length(ndr, &r->password) > ndr_get_array_size(ndr, &r->password)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->password), ndr_get_array_length(ndr, &r->password)); + size_password_1 = ndr_get_array_size(ndr, &r->password); + length_password_1 = ndr_get_array_length(ndr, &r->password); + if (length_password_1 > size_password_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_password_1, length_password_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->password), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->password, ndr_get_array_length(ndr, &r->password), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_password_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->password, length_password_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_password_0, 0); } if (r->user_name) { @@ -4283,11 +4377,13 @@ static enum ndr_err_code ndr_pull_wkssvc_NetrUseInfo2(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->user_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->user_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->user_name)); - if (ndr_get_array_length(ndr, &r->user_name) > ndr_get_array_size(ndr, &r->user_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->user_name), ndr_get_array_length(ndr, &r->user_name)); + size_user_name_1 = ndr_get_array_size(ndr, &r->user_name); + length_user_name_1 = ndr_get_array_length(ndr, &r->user_name); + if (length_user_name_1 > size_user_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_user_name_1, length_user_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->user_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->user_name, ndr_get_array_length(ndr, &r->user_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_user_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->user_name, length_user_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_user_name_0, 0); } if (r->domain_name) { @@ -4295,11 +4391,13 @@ static enum ndr_err_code ndr_pull_wkssvc_NetrUseInfo2(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->domain_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->domain_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->domain_name)); - if (ndr_get_array_length(ndr, &r->domain_name) > ndr_get_array_size(ndr, &r->domain_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->domain_name), ndr_get_array_length(ndr, &r->domain_name)); + size_domain_name_1 = ndr_get_array_size(ndr, &r->domain_name); + length_domain_name_1 = ndr_get_array_length(ndr, &r->domain_name); + if (length_domain_name_1 > size_domain_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_domain_name_1, length_domain_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->domain_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->domain_name, ndr_get_array_length(ndr, &r->domain_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_domain_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->domain_name, length_domain_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_domain_name_0, 0); } } @@ -4385,10 +4483,16 @@ static enum ndr_err_code ndr_push_wkssvc_NetrUseInfo1(struct ndr_push *ndr, int static enum ndr_err_code ndr_pull_wkssvc_NetrUseInfo1(struct ndr_pull *ndr, int ndr_flags, struct wkssvc_NetrUseInfo1 *r) { uint32_t _ptr_local; + uint32_t size_local_1 = 0; + uint32_t length_local_1 = 0; TALLOC_CTX *_mem_save_local_0; uint32_t _ptr_remote; + uint32_t size_remote_1 = 0; + uint32_t length_remote_1 = 0; TALLOC_CTX *_mem_save_remote_0; uint32_t _ptr_password; + uint32_t size_password_1 = 0; + uint32_t length_password_1 = 0; TALLOC_CTX *_mem_save_password_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); @@ -4421,11 +4525,13 @@ static enum ndr_err_code ndr_pull_wkssvc_NetrUseInfo1(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->local, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->local)); NDR_CHECK(ndr_pull_array_length(ndr, &r->local)); - if (ndr_get_array_length(ndr, &r->local) > ndr_get_array_size(ndr, &r->local)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->local), ndr_get_array_length(ndr, &r->local)); + size_local_1 = ndr_get_array_size(ndr, &r->local); + length_local_1 = ndr_get_array_length(ndr, &r->local); + if (length_local_1 > size_local_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_local_1, length_local_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->local), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->local, ndr_get_array_length(ndr, &r->local), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_local_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->local, length_local_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_local_0, 0); } if (r->remote) { @@ -4433,11 +4539,13 @@ static enum ndr_err_code ndr_pull_wkssvc_NetrUseInfo1(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->remote, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->remote)); NDR_CHECK(ndr_pull_array_length(ndr, &r->remote)); - if (ndr_get_array_length(ndr, &r->remote) > ndr_get_array_size(ndr, &r->remote)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->remote), ndr_get_array_length(ndr, &r->remote)); + size_remote_1 = ndr_get_array_size(ndr, &r->remote); + length_remote_1 = ndr_get_array_length(ndr, &r->remote); + if (length_remote_1 > size_remote_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_remote_1, length_remote_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->remote), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->remote, ndr_get_array_length(ndr, &r->remote), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_remote_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->remote, length_remote_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_remote_0, 0); } if (r->password) { @@ -4445,11 +4553,13 @@ static enum ndr_err_code ndr_pull_wkssvc_NetrUseInfo1(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->password, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->password)); NDR_CHECK(ndr_pull_array_length(ndr, &r->password)); - if (ndr_get_array_length(ndr, &r->password) > ndr_get_array_size(ndr, &r->password)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->password), ndr_get_array_length(ndr, &r->password)); + size_password_1 = ndr_get_array_size(ndr, &r->password); + length_password_1 = ndr_get_array_length(ndr, &r->password); + if (length_password_1 > size_password_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_password_1, length_password_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->password), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->password, ndr_get_array_length(ndr, &r->password), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_password_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->password, length_password_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_password_0, 0); } } @@ -4512,8 +4622,12 @@ static enum ndr_err_code ndr_push_wkssvc_NetrUseInfo0(struct ndr_push *ndr, int static enum ndr_err_code ndr_pull_wkssvc_NetrUseInfo0(struct ndr_pull *ndr, int ndr_flags, struct wkssvc_NetrUseInfo0 *r) { uint32_t _ptr_local; + uint32_t size_local_1 = 0; + uint32_t length_local_1 = 0; TALLOC_CTX *_mem_save_local_0; uint32_t _ptr_remote; + uint32_t size_remote_1 = 0; + uint32_t length_remote_1 = 0; TALLOC_CTX *_mem_save_remote_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); @@ -4536,11 +4650,13 @@ static enum ndr_err_code ndr_pull_wkssvc_NetrUseInfo0(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->local, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->local)); NDR_CHECK(ndr_pull_array_length(ndr, &r->local)); - if (ndr_get_array_length(ndr, &r->local) > ndr_get_array_size(ndr, &r->local)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->local), ndr_get_array_length(ndr, &r->local)); + size_local_1 = ndr_get_array_size(ndr, &r->local); + length_local_1 = ndr_get_array_length(ndr, &r->local); + if (length_local_1 > size_local_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_local_1, length_local_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->local), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->local, ndr_get_array_length(ndr, &r->local), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_local_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->local, length_local_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_local_0, 0); } if (r->remote) { @@ -4548,11 +4664,13 @@ static enum ndr_err_code ndr_pull_wkssvc_NetrUseInfo0(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->remote, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->remote)); NDR_CHECK(ndr_pull_array_length(ndr, &r->remote)); - if (ndr_get_array_length(ndr, &r->remote) > ndr_get_array_size(ndr, &r->remote)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->remote), ndr_get_array_length(ndr, &r->remote)); + size_remote_1 = ndr_get_array_size(ndr, &r->remote); + length_remote_1 = ndr_get_array_length(ndr, &r->remote); + if (length_remote_1 > size_remote_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_remote_1, length_remote_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->remote), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->remote, ndr_get_array_length(ndr, &r->remote), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_remote_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->remote, length_remote_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_remote_0, 0); } } @@ -4643,9 +4761,13 @@ static enum ndr_err_code ndr_pull_wkssvc_NetrUseGetInfoCtr(struct ndr_pull *ndr, int level; uint32_t _level; TALLOC_CTX *_mem_save_info0_0; + uint32_t _ptr_info0; TALLOC_CTX *_mem_save_info1_0; + uint32_t _ptr_info1; TALLOC_CTX *_mem_save_info2_0; + uint32_t _ptr_info2; TALLOC_CTX *_mem_save_info3_0; + uint32_t _ptr_info3; level = ndr_pull_get_switch_value(ndr, r); if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &_level)); @@ -4654,7 +4776,6 @@ static enum ndr_err_code ndr_pull_wkssvc_NetrUseGetInfoCtr(struct ndr_pull *ndr, } switch (level) { case 0: { - uint32_t _ptr_info0; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info0)); if (_ptr_info0) { NDR_PULL_ALLOC(ndr, r->info0); @@ -4664,7 +4785,6 @@ static enum ndr_err_code ndr_pull_wkssvc_NetrUseGetInfoCtr(struct ndr_pull *ndr, break; } case 1: { - uint32_t _ptr_info1; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info1)); if (_ptr_info1) { NDR_PULL_ALLOC(ndr, r->info1); @@ -4674,7 +4794,6 @@ static enum ndr_err_code ndr_pull_wkssvc_NetrUseGetInfoCtr(struct ndr_pull *ndr, break; } case 2: { - uint32_t _ptr_info2; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info2)); if (_ptr_info2) { NDR_PULL_ALLOC(ndr, r->info2); @@ -4684,7 +4803,6 @@ static enum ndr_err_code ndr_pull_wkssvc_NetrUseGetInfoCtr(struct ndr_pull *ndr, break; } case 3: { - uint32_t _ptr_info3; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info3)); if (_ptr_info3) { NDR_PULL_ALLOC(ndr, r->info3); @@ -4814,6 +4932,7 @@ static enum ndr_err_code ndr_push_wkssvc_NetrUseEnumCtr2(struct ndr_push *ndr, i static enum ndr_err_code ndr_pull_wkssvc_NetrUseEnumCtr2(struct ndr_pull *ndr, int ndr_flags, struct wkssvc_NetrUseEnumCtr2 *r) { uint32_t _ptr_array; + uint32_t size_array_1 = 0; uint32_t cntr_array_1; TALLOC_CTX *_mem_save_array_0; TALLOC_CTX *_mem_save_array_1; @@ -4832,13 +4951,14 @@ static enum ndr_err_code ndr_pull_wkssvc_NetrUseEnumCtr2(struct ndr_pull *ndr, i _mem_save_array_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->array)); - NDR_PULL_ALLOC_N(ndr, r->array, ndr_get_array_size(ndr, &r->array)); + size_array_1 = ndr_get_array_size(ndr, &r->array); + NDR_PULL_ALLOC_N(ndr, r->array, size_array_1); _mem_save_array_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); - for (cntr_array_1 = 0; cntr_array_1 < r->count; cntr_array_1++) { + for (cntr_array_1 = 0; cntr_array_1 < size_array_1; cntr_array_1++) { NDR_CHECK(ndr_pull_wkssvc_NetrUseInfo2(ndr, NDR_SCALARS, &r->array[cntr_array_1])); } - for (cntr_array_1 = 0; cntr_array_1 < r->count; cntr_array_1++) { + for (cntr_array_1 = 0; cntr_array_1 < size_array_1; cntr_array_1++) { NDR_CHECK(ndr_pull_wkssvc_NetrUseInfo2(ndr, NDR_BUFFERS, &r->array[cntr_array_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_array_1, 0); @@ -4900,6 +5020,7 @@ static enum ndr_err_code ndr_push_wkssvc_NetrUseEnumCtr1(struct ndr_push *ndr, i static enum ndr_err_code ndr_pull_wkssvc_NetrUseEnumCtr1(struct ndr_pull *ndr, int ndr_flags, struct wkssvc_NetrUseEnumCtr1 *r) { uint32_t _ptr_array; + uint32_t size_array_1 = 0; uint32_t cntr_array_1; TALLOC_CTX *_mem_save_array_0; TALLOC_CTX *_mem_save_array_1; @@ -4918,13 +5039,14 @@ static enum ndr_err_code ndr_pull_wkssvc_NetrUseEnumCtr1(struct ndr_pull *ndr, i _mem_save_array_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->array)); - NDR_PULL_ALLOC_N(ndr, r->array, ndr_get_array_size(ndr, &r->array)); + size_array_1 = ndr_get_array_size(ndr, &r->array); + NDR_PULL_ALLOC_N(ndr, r->array, size_array_1); _mem_save_array_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); - for (cntr_array_1 = 0; cntr_array_1 < r->count; cntr_array_1++) { + for (cntr_array_1 = 0; cntr_array_1 < size_array_1; cntr_array_1++) { NDR_CHECK(ndr_pull_wkssvc_NetrUseInfo1(ndr, NDR_SCALARS, &r->array[cntr_array_1])); } - for (cntr_array_1 = 0; cntr_array_1 < r->count; cntr_array_1++) { + for (cntr_array_1 = 0; cntr_array_1 < size_array_1; cntr_array_1++) { NDR_CHECK(ndr_pull_wkssvc_NetrUseInfo1(ndr, NDR_BUFFERS, &r->array[cntr_array_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_array_1, 0); @@ -4986,6 +5108,7 @@ static enum ndr_err_code ndr_push_wkssvc_NetrUseEnumCtr0(struct ndr_push *ndr, i static enum ndr_err_code ndr_pull_wkssvc_NetrUseEnumCtr0(struct ndr_pull *ndr, int ndr_flags, struct wkssvc_NetrUseEnumCtr0 *r) { uint32_t _ptr_array; + uint32_t size_array_1 = 0; uint32_t cntr_array_1; TALLOC_CTX *_mem_save_array_0; TALLOC_CTX *_mem_save_array_1; @@ -5004,13 +5127,14 @@ static enum ndr_err_code ndr_pull_wkssvc_NetrUseEnumCtr0(struct ndr_pull *ndr, i _mem_save_array_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->array)); - NDR_PULL_ALLOC_N(ndr, r->array, ndr_get_array_size(ndr, &r->array)); + size_array_1 = ndr_get_array_size(ndr, &r->array); + NDR_PULL_ALLOC_N(ndr, r->array, size_array_1); _mem_save_array_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); - for (cntr_array_1 = 0; cntr_array_1 < r->count; cntr_array_1++) { + for (cntr_array_1 = 0; cntr_array_1 < size_array_1; cntr_array_1++) { NDR_CHECK(ndr_pull_wkssvc_NetrUseInfo0(ndr, NDR_SCALARS, &r->array[cntr_array_1])); } - for (cntr_array_1 = 0; cntr_array_1 < r->count; cntr_array_1++) { + for (cntr_array_1 = 0; cntr_array_1 < size_array_1; cntr_array_1++) { NDR_CHECK(ndr_pull_wkssvc_NetrUseInfo0(ndr, NDR_BUFFERS, &r->array[cntr_array_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_array_1, 0); @@ -5102,8 +5226,11 @@ static enum ndr_err_code ndr_pull_wkssvc_NetrUseEnumCtr(struct ndr_pull *ndr, in int level; uint32_t _level; TALLOC_CTX *_mem_save_ctr0_0; + uint32_t _ptr_ctr0; TALLOC_CTX *_mem_save_ctr1_0; + uint32_t _ptr_ctr1; TALLOC_CTX *_mem_save_ctr2_0; + uint32_t _ptr_ctr2; level = ndr_pull_get_switch_value(ndr, r); if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &_level)); @@ -5112,7 +5239,6 @@ static enum ndr_err_code ndr_pull_wkssvc_NetrUseEnumCtr(struct ndr_pull *ndr, in } switch (level) { case 0: { - uint32_t _ptr_ctr0; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_ctr0)); if (_ptr_ctr0) { NDR_PULL_ALLOC(ndr, r->ctr0); @@ -5122,7 +5248,6 @@ static enum ndr_err_code ndr_pull_wkssvc_NetrUseEnumCtr(struct ndr_pull *ndr, in break; } case 1: { - uint32_t _ptr_ctr1; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_ctr1)); if (_ptr_ctr1) { NDR_PULL_ALLOC(ndr, r->ctr1); @@ -5132,7 +5257,6 @@ static enum ndr_err_code ndr_pull_wkssvc_NetrUseEnumCtr(struct ndr_pull *ndr, in break; } case 2: { - uint32_t _ptr_ctr2; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_ctr2)); if (_ptr_ctr2) { NDR_PULL_ALLOC(ndr, r->ctr2); @@ -5500,12 +5624,14 @@ static enum ndr_err_code ndr_push_wkssvc_PasswordBuffer(struct ndr_push *ndr, in static enum ndr_err_code ndr_pull_wkssvc_PasswordBuffer(struct ndr_pull *ndr, int ndr_flags, struct wkssvc_PasswordBuffer *r) { + uint32_t size_data_0 = 0; { uint32_t _flags_save_STRUCT = ndr->flags; ndr_set_flags(&ndr->flags, LIBNDR_PRINT_ARRAY_HEX); if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 1)); - NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->data, 524)); + size_data_0 = 524; + NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->data, size_data_0)); } if (ndr_flags & NDR_BUFFERS) { } @@ -5611,6 +5737,7 @@ static enum ndr_err_code ndr_push_wkssvc_ComputerNamesCtr(struct ndr_push *ndr, static enum ndr_err_code ndr_pull_wkssvc_ComputerNamesCtr(struct ndr_pull *ndr, int ndr_flags, struct wkssvc_ComputerNamesCtr *r) { uint32_t _ptr_computer_name; + uint32_t size_computer_name_1 = 0; uint32_t cntr_computer_name_1; TALLOC_CTX *_mem_save_computer_name_0; TALLOC_CTX *_mem_save_computer_name_1; @@ -5629,13 +5756,14 @@ static enum ndr_err_code ndr_pull_wkssvc_ComputerNamesCtr(struct ndr_pull *ndr, _mem_save_computer_name_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->computer_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->computer_name)); - NDR_PULL_ALLOC_N(ndr, r->computer_name, ndr_get_array_size(ndr, &r->computer_name)); + size_computer_name_1 = ndr_get_array_size(ndr, &r->computer_name); + NDR_PULL_ALLOC_N(ndr, r->computer_name, size_computer_name_1); _mem_save_computer_name_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->computer_name, 0); - for (cntr_computer_name_1 = 0; cntr_computer_name_1 < r->count; cntr_computer_name_1++) { + for (cntr_computer_name_1 = 0; cntr_computer_name_1 < size_computer_name_1; cntr_computer_name_1++) { NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_SCALARS, &r->computer_name[cntr_computer_name_1])); } - for (cntr_computer_name_1 = 0; cntr_computer_name_1 < r->count; cntr_computer_name_1++) { + for (cntr_computer_name_1 = 0; cntr_computer_name_1 < size_computer_name_1; cntr_computer_name_1++) { NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_BUFFERS, &r->computer_name[cntr_computer_name_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_computer_name_1, 0); @@ -5698,6 +5826,8 @@ static enum ndr_err_code ndr_push_wkssvc_NetWkstaGetInfo(struct ndr_push *ndr, i static enum ndr_err_code ndr_pull_wkssvc_NetWkstaGetInfo(struct ndr_pull *ndr, int flags, struct wkssvc_NetWkstaGetInfo *r) { uint32_t _ptr_server_name; + uint32_t size_server_name_1 = 0; + uint32_t length_server_name_1 = 0; TALLOC_CTX *_mem_save_server_name_0; TALLOC_CTX *_mem_save_info_0; if (flags & NDR_IN) { @@ -5714,11 +5844,13 @@ static enum ndr_err_code ndr_pull_wkssvc_NetWkstaGetInfo(struct ndr_pull *ndr, i NDR_PULL_SET_MEM_CTX(ndr, r->in.server_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.server_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.server_name)); - if (ndr_get_array_length(ndr, &r->in.server_name) > ndr_get_array_size(ndr, &r->in.server_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.server_name), ndr_get_array_length(ndr, &r->in.server_name)); + size_server_name_1 = ndr_get_array_size(ndr, &r->in.server_name); + length_server_name_1 = ndr_get_array_length(ndr, &r->in.server_name); + if (length_server_name_1 > size_server_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_name_1, length_server_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.server_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_name, ndr_get_array_length(ndr, &r->in.server_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_name, length_server_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_name_0, 0); } NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.level)); @@ -5806,6 +5938,8 @@ static enum ndr_err_code ndr_push_wkssvc_NetWkstaSetInfo(struct ndr_push *ndr, i static enum ndr_err_code ndr_pull_wkssvc_NetWkstaSetInfo(struct ndr_pull *ndr, int flags, struct wkssvc_NetWkstaSetInfo *r) { uint32_t _ptr_server_name; + uint32_t size_server_name_1 = 0; + uint32_t length_server_name_1 = 0; TALLOC_CTX *_mem_save_server_name_0; TALLOC_CTX *_mem_save_info_0; TALLOC_CTX *_mem_save_parm_error_0; @@ -5823,11 +5957,13 @@ static enum ndr_err_code ndr_pull_wkssvc_NetWkstaSetInfo(struct ndr_pull *ndr, i NDR_PULL_SET_MEM_CTX(ndr, r->in.server_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.server_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.server_name)); - if (ndr_get_array_length(ndr, &r->in.server_name) > ndr_get_array_size(ndr, &r->in.server_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.server_name), ndr_get_array_length(ndr, &r->in.server_name)); + size_server_name_1 = ndr_get_array_size(ndr, &r->in.server_name); + length_server_name_1 = ndr_get_array_length(ndr, &r->in.server_name); + if (length_server_name_1 > size_server_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_name_1, length_server_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.server_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_name, ndr_get_array_length(ndr, &r->in.server_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_name, length_server_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_name_0, 0); } NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.level)); @@ -5944,6 +6080,8 @@ static enum ndr_err_code ndr_push_wkssvc_NetWkstaEnumUsers(struct ndr_push *ndr, static enum ndr_err_code ndr_pull_wkssvc_NetWkstaEnumUsers(struct ndr_pull *ndr, int flags, struct wkssvc_NetWkstaEnumUsers *r) { uint32_t _ptr_server_name; + uint32_t size_server_name_1 = 0; + uint32_t length_server_name_1 = 0; uint32_t _ptr_resume_handle; TALLOC_CTX *_mem_save_server_name_0; TALLOC_CTX *_mem_save_info_0; @@ -5963,11 +6101,13 @@ static enum ndr_err_code ndr_pull_wkssvc_NetWkstaEnumUsers(struct ndr_pull *ndr, NDR_PULL_SET_MEM_CTX(ndr, r->in.server_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.server_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.server_name)); - if (ndr_get_array_length(ndr, &r->in.server_name) > ndr_get_array_size(ndr, &r->in.server_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.server_name), ndr_get_array_length(ndr, &r->in.server_name)); + size_server_name_1 = ndr_get_array_size(ndr, &r->in.server_name); + length_server_name_1 = ndr_get_array_length(ndr, &r->in.server_name); + if (length_server_name_1 > size_server_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_name_1, length_server_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.server_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_name, ndr_get_array_length(ndr, &r->in.server_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_name, length_server_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_name_0, 0); } if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) { @@ -6105,6 +6245,8 @@ static enum ndr_err_code ndr_push_wkssvc_NetrWkstaUserGetInfo(struct ndr_push *n static enum ndr_err_code ndr_pull_wkssvc_NetrWkstaUserGetInfo(struct ndr_pull *ndr, int flags, struct wkssvc_NetrWkstaUserGetInfo *r) { uint32_t _ptr_unknown; + uint32_t size_unknown_1 = 0; + uint32_t length_unknown_1 = 0; TALLOC_CTX *_mem_save_unknown_0; TALLOC_CTX *_mem_save_info_0; if (flags & NDR_IN) { @@ -6121,11 +6263,13 @@ static enum ndr_err_code ndr_pull_wkssvc_NetrWkstaUserGetInfo(struct ndr_pull *n NDR_PULL_SET_MEM_CTX(ndr, r->in.unknown, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.unknown)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.unknown)); - if (ndr_get_array_length(ndr, &r->in.unknown) > ndr_get_array_size(ndr, &r->in.unknown)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.unknown), ndr_get_array_length(ndr, &r->in.unknown)); + size_unknown_1 = ndr_get_array_size(ndr, &r->in.unknown); + length_unknown_1 = ndr_get_array_length(ndr, &r->in.unknown); + if (length_unknown_1 > size_unknown_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_unknown_1, length_unknown_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.unknown), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.unknown, ndr_get_array_length(ndr, &r->in.unknown), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_unknown_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.unknown, length_unknown_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_unknown_0, 0); } NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.level)); @@ -6213,6 +6357,8 @@ static enum ndr_err_code ndr_push_wkssvc_NetrWkstaUserSetInfo(struct ndr_push *n static enum ndr_err_code ndr_pull_wkssvc_NetrWkstaUserSetInfo(struct ndr_pull *ndr, int flags, struct wkssvc_NetrWkstaUserSetInfo *r) { uint32_t _ptr_unknown; + uint32_t size_unknown_1 = 0; + uint32_t length_unknown_1 = 0; uint32_t _ptr_parm_err; TALLOC_CTX *_mem_save_unknown_0; TALLOC_CTX *_mem_save_info_0; @@ -6231,11 +6377,13 @@ static enum ndr_err_code ndr_pull_wkssvc_NetrWkstaUserSetInfo(struct ndr_pull *n NDR_PULL_SET_MEM_CTX(ndr, r->in.unknown, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.unknown)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.unknown)); - if (ndr_get_array_length(ndr, &r->in.unknown) > ndr_get_array_size(ndr, &r->in.unknown)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.unknown), ndr_get_array_length(ndr, &r->in.unknown)); + size_unknown_1 = ndr_get_array_size(ndr, &r->in.unknown); + length_unknown_1 = ndr_get_array_length(ndr, &r->in.unknown); + if (length_unknown_1 > size_unknown_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_unknown_1, length_unknown_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.unknown), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.unknown, ndr_get_array_length(ndr, &r->in.unknown), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_unknown_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.unknown, length_unknown_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_unknown_0, 0); } NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.level)); @@ -6364,6 +6512,8 @@ static enum ndr_err_code ndr_push_wkssvc_NetWkstaTransportEnum(struct ndr_push * static enum ndr_err_code ndr_pull_wkssvc_NetWkstaTransportEnum(struct ndr_pull *ndr, int flags, struct wkssvc_NetWkstaTransportEnum *r) { uint32_t _ptr_server_name; + uint32_t size_server_name_1 = 0; + uint32_t length_server_name_1 = 0; uint32_t _ptr_resume_handle; TALLOC_CTX *_mem_save_server_name_0; TALLOC_CTX *_mem_save_info_0; @@ -6383,11 +6533,13 @@ static enum ndr_err_code ndr_pull_wkssvc_NetWkstaTransportEnum(struct ndr_pull * NDR_PULL_SET_MEM_CTX(ndr, r->in.server_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.server_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.server_name)); - if (ndr_get_array_length(ndr, &r->in.server_name) > ndr_get_array_size(ndr, &r->in.server_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.server_name), ndr_get_array_length(ndr, &r->in.server_name)); + size_server_name_1 = ndr_get_array_size(ndr, &r->in.server_name); + length_server_name_1 = ndr_get_array_length(ndr, &r->in.server_name); + if (length_server_name_1 > size_server_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_name_1, length_server_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.server_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_name, ndr_get_array_length(ndr, &r->in.server_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_name, length_server_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_name_0, 0); } if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) { @@ -6532,6 +6684,8 @@ static enum ndr_err_code ndr_push_wkssvc_NetrWkstaTransportAdd(struct ndr_push * static enum ndr_err_code ndr_pull_wkssvc_NetrWkstaTransportAdd(struct ndr_pull *ndr, int flags, struct wkssvc_NetrWkstaTransportAdd *r) { uint32_t _ptr_server_name; + uint32_t size_server_name_1 = 0; + uint32_t length_server_name_1 = 0; uint32_t _ptr_parm_err; TALLOC_CTX *_mem_save_server_name_0; TALLOC_CTX *_mem_save_info0_0; @@ -6550,11 +6704,13 @@ static enum ndr_err_code ndr_pull_wkssvc_NetrWkstaTransportAdd(struct ndr_pull * NDR_PULL_SET_MEM_CTX(ndr, r->in.server_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.server_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.server_name)); - if (ndr_get_array_length(ndr, &r->in.server_name) > ndr_get_array_size(ndr, &r->in.server_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.server_name), ndr_get_array_length(ndr, &r->in.server_name)); + size_server_name_1 = ndr_get_array_size(ndr, &r->in.server_name); + length_server_name_1 = ndr_get_array_length(ndr, &r->in.server_name); + if (length_server_name_1 > size_server_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_name_1, length_server_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.server_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_name, ndr_get_array_length(ndr, &r->in.server_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_name, length_server_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_name_0, 0); } NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.level)); @@ -6668,7 +6824,11 @@ static enum ndr_err_code ndr_push_wkssvc_NetrWkstaTransportDel(struct ndr_push * static enum ndr_err_code ndr_pull_wkssvc_NetrWkstaTransportDel(struct ndr_pull *ndr, int flags, struct wkssvc_NetrWkstaTransportDel *r) { uint32_t _ptr_server_name; + uint32_t size_server_name_1 = 0; + uint32_t length_server_name_1 = 0; uint32_t _ptr_transport_name; + uint32_t size_transport_name_1 = 0; + uint32_t length_transport_name_1 = 0; TALLOC_CTX *_mem_save_server_name_0; TALLOC_CTX *_mem_save_transport_name_0; if (flags & NDR_IN) { @@ -6683,11 +6843,13 @@ static enum ndr_err_code ndr_pull_wkssvc_NetrWkstaTransportDel(struct ndr_pull * NDR_PULL_SET_MEM_CTX(ndr, r->in.server_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.server_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.server_name)); - if (ndr_get_array_length(ndr, &r->in.server_name) > ndr_get_array_size(ndr, &r->in.server_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.server_name), ndr_get_array_length(ndr, &r->in.server_name)); + size_server_name_1 = ndr_get_array_size(ndr, &r->in.server_name); + length_server_name_1 = ndr_get_array_length(ndr, &r->in.server_name); + if (length_server_name_1 > size_server_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_name_1, length_server_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.server_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_name, ndr_get_array_length(ndr, &r->in.server_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_name, length_server_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_name_0, 0); } NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_transport_name)); @@ -6701,11 +6863,13 @@ static enum ndr_err_code ndr_pull_wkssvc_NetrWkstaTransportDel(struct ndr_pull * NDR_PULL_SET_MEM_CTX(ndr, r->in.transport_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.transport_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.transport_name)); - if (ndr_get_array_length(ndr, &r->in.transport_name) > ndr_get_array_size(ndr, &r->in.transport_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.transport_name), ndr_get_array_length(ndr, &r->in.transport_name)); + size_transport_name_1 = ndr_get_array_size(ndr, &r->in.transport_name); + length_transport_name_1 = ndr_get_array_length(ndr, &r->in.transport_name); + if (length_transport_name_1 > size_transport_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_transport_name_1, length_transport_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.transport_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.transport_name, ndr_get_array_length(ndr, &r->in.transport_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_transport_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.transport_name, length_transport_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_transport_name_0, 0); } NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.unknown3)); @@ -6784,6 +6948,8 @@ static enum ndr_err_code ndr_push_wkssvc_NetrUseAdd(struct ndr_push *ndr, int fl static enum ndr_err_code ndr_pull_wkssvc_NetrUseAdd(struct ndr_pull *ndr, int flags, struct wkssvc_NetrUseAdd *r) { uint32_t _ptr_server_name; + uint32_t size_server_name_1 = 0; + uint32_t length_server_name_1 = 0; uint32_t _ptr_parm_err; TALLOC_CTX *_mem_save_server_name_0; TALLOC_CTX *_mem_save_ctr_0; @@ -6802,11 +6968,13 @@ static enum ndr_err_code ndr_pull_wkssvc_NetrUseAdd(struct ndr_pull *ndr, int fl NDR_PULL_SET_MEM_CTX(ndr, r->in.server_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.server_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.server_name)); - if (ndr_get_array_length(ndr, &r->in.server_name) > ndr_get_array_size(ndr, &r->in.server_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.server_name), ndr_get_array_length(ndr, &r->in.server_name)); + size_server_name_1 = ndr_get_array_size(ndr, &r->in.server_name); + length_server_name_1 = ndr_get_array_length(ndr, &r->in.server_name); + if (length_server_name_1 > size_server_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_name_1, length_server_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.server_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_name, ndr_get_array_length(ndr, &r->in.server_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_name, length_server_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_name_0, 0); } NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.level)); @@ -6927,6 +7095,10 @@ static enum ndr_err_code ndr_push_wkssvc_NetrUseGetInfo(struct ndr_push *ndr, in static enum ndr_err_code ndr_pull_wkssvc_NetrUseGetInfo(struct ndr_pull *ndr, int flags, struct wkssvc_NetrUseGetInfo *r) { uint32_t _ptr_server_name; + uint32_t size_server_name_1 = 0; + uint32_t length_server_name_1 = 0; + uint32_t size_use_name_1 = 0; + uint32_t length_use_name_1 = 0; TALLOC_CTX *_mem_save_server_name_0; TALLOC_CTX *_mem_save_ctr_0; if (flags & NDR_IN) { @@ -6943,20 +7115,24 @@ static enum ndr_err_code ndr_pull_wkssvc_NetrUseGetInfo(struct ndr_pull *ndr, in NDR_PULL_SET_MEM_CTX(ndr, r->in.server_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.server_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.server_name)); - if (ndr_get_array_length(ndr, &r->in.server_name) > ndr_get_array_size(ndr, &r->in.server_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.server_name), ndr_get_array_length(ndr, &r->in.server_name)); + size_server_name_1 = ndr_get_array_size(ndr, &r->in.server_name); + length_server_name_1 = ndr_get_array_length(ndr, &r->in.server_name); + if (length_server_name_1 > size_server_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_name_1, length_server_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.server_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_name, ndr_get_array_length(ndr, &r->in.server_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_name, length_server_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_name_0, 0); } NDR_CHECK(ndr_pull_array_size(ndr, &r->in.use_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.use_name)); - if (ndr_get_array_length(ndr, &r->in.use_name) > ndr_get_array_size(ndr, &r->in.use_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.use_name), ndr_get_array_length(ndr, &r->in.use_name)); + size_use_name_1 = ndr_get_array_size(ndr, &r->in.use_name); + length_use_name_1 = ndr_get_array_length(ndr, &r->in.use_name); + if (length_use_name_1 > size_use_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_use_name_1, length_use_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.use_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.use_name, ndr_get_array_length(ndr, &r->in.use_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_use_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.use_name, length_use_name_1, sizeof(uint16_t), CH_UTF16)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.level)); NDR_PULL_ALLOC(ndr, r->out.ctr); ZERO_STRUCTP(r->out.ctr); @@ -7040,6 +7216,10 @@ static enum ndr_err_code ndr_push_wkssvc_NetrUseDel(struct ndr_push *ndr, int fl static enum ndr_err_code ndr_pull_wkssvc_NetrUseDel(struct ndr_pull *ndr, int flags, struct wkssvc_NetrUseDel *r) { uint32_t _ptr_server_name; + uint32_t size_server_name_1 = 0; + uint32_t length_server_name_1 = 0; + uint32_t size_use_name_1 = 0; + uint32_t length_use_name_1 = 0; TALLOC_CTX *_mem_save_server_name_0; if (flags & NDR_IN) { NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_server_name)); @@ -7053,20 +7233,24 @@ static enum ndr_err_code ndr_pull_wkssvc_NetrUseDel(struct ndr_pull *ndr, int fl NDR_PULL_SET_MEM_CTX(ndr, r->in.server_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.server_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.server_name)); - if (ndr_get_array_length(ndr, &r->in.server_name) > ndr_get_array_size(ndr, &r->in.server_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.server_name), ndr_get_array_length(ndr, &r->in.server_name)); + size_server_name_1 = ndr_get_array_size(ndr, &r->in.server_name); + length_server_name_1 = ndr_get_array_length(ndr, &r->in.server_name); + if (length_server_name_1 > size_server_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_name_1, length_server_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.server_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_name, ndr_get_array_length(ndr, &r->in.server_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_name, length_server_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_name_0, 0); } NDR_CHECK(ndr_pull_array_size(ndr, &r->in.use_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.use_name)); - if (ndr_get_array_length(ndr, &r->in.use_name) > ndr_get_array_size(ndr, &r->in.use_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.use_name), ndr_get_array_length(ndr, &r->in.use_name)); + size_use_name_1 = ndr_get_array_size(ndr, &r->in.use_name); + length_use_name_1 = ndr_get_array_length(ndr, &r->in.use_name); + if (length_use_name_1 > size_use_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_use_name_1, length_use_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.use_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.use_name, ndr_get_array_length(ndr, &r->in.use_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_use_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.use_name, length_use_name_1, sizeof(uint16_t), CH_UTF16)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.force_cond)); } if (flags & NDR_OUT) { @@ -7148,6 +7332,8 @@ static enum ndr_err_code ndr_push_wkssvc_NetrUseEnum(struct ndr_push *ndr, int f static enum ndr_err_code ndr_pull_wkssvc_NetrUseEnum(struct ndr_pull *ndr, int flags, struct wkssvc_NetrUseEnum *r) { uint32_t _ptr_server_name; + uint32_t size_server_name_1 = 0; + uint32_t length_server_name_1 = 0; uint32_t _ptr_resume_handle; TALLOC_CTX *_mem_save_server_name_0; TALLOC_CTX *_mem_save_info_0; @@ -7167,11 +7353,13 @@ static enum ndr_err_code ndr_pull_wkssvc_NetrUseEnum(struct ndr_pull *ndr, int f NDR_PULL_SET_MEM_CTX(ndr, r->in.server_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.server_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.server_name)); - if (ndr_get_array_length(ndr, &r->in.server_name) > ndr_get_array_size(ndr, &r->in.server_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.server_name), ndr_get_array_length(ndr, &r->in.server_name)); + size_server_name_1 = ndr_get_array_size(ndr, &r->in.server_name); + length_server_name_1 = ndr_get_array_length(ndr, &r->in.server_name); + if (length_server_name_1 > size_server_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_name_1, length_server_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.server_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_name, ndr_get_array_length(ndr, &r->in.server_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_name, length_server_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_name_0, 0); } if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) { @@ -7323,7 +7511,14 @@ static enum ndr_err_code ndr_push_wkssvc_NetrMessageBufferSend(struct ndr_push * static enum ndr_err_code ndr_pull_wkssvc_NetrMessageBufferSend(struct ndr_pull *ndr, int flags, struct wkssvc_NetrMessageBufferSend *r) { uint32_t _ptr_server_name; + uint32_t size_server_name_1 = 0; + uint32_t length_server_name_1 = 0; + uint32_t size_message_name_1 = 0; + uint32_t length_message_name_1 = 0; uint32_t _ptr_message_sender_name; + uint32_t size_message_sender_name_1 = 0; + uint32_t length_message_sender_name_1 = 0; + uint32_t size_message_buffer_1 = 0; TALLOC_CTX *_mem_save_server_name_0; TALLOC_CTX *_mem_save_message_sender_name_0; if (flags & NDR_IN) { @@ -7338,20 +7533,24 @@ static enum ndr_err_code ndr_pull_wkssvc_NetrMessageBufferSend(struct ndr_pull * NDR_PULL_SET_MEM_CTX(ndr, r->in.server_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.server_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.server_name)); - if (ndr_get_array_length(ndr, &r->in.server_name) > ndr_get_array_size(ndr, &r->in.server_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.server_name), ndr_get_array_length(ndr, &r->in.server_name)); + size_server_name_1 = ndr_get_array_size(ndr, &r->in.server_name); + length_server_name_1 = ndr_get_array_length(ndr, &r->in.server_name); + if (length_server_name_1 > size_server_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_name_1, length_server_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.server_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_name, ndr_get_array_length(ndr, &r->in.server_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_name, length_server_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_name_0, 0); } NDR_CHECK(ndr_pull_array_size(ndr, &r->in.message_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.message_name)); - if (ndr_get_array_length(ndr, &r->in.message_name) > ndr_get_array_size(ndr, &r->in.message_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.message_name), ndr_get_array_length(ndr, &r->in.message_name)); + size_message_name_1 = ndr_get_array_size(ndr, &r->in.message_name); + length_message_name_1 = ndr_get_array_length(ndr, &r->in.message_name); + if (length_message_name_1 > size_message_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_message_name_1, length_message_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.message_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.message_name, ndr_get_array_length(ndr, &r->in.message_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_message_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.message_name, length_message_name_1, sizeof(uint16_t), CH_UTF16)); NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_message_sender_name)); if (_ptr_message_sender_name) { NDR_PULL_ALLOC(ndr, r->in.message_sender_name); @@ -7363,18 +7562,21 @@ static enum ndr_err_code ndr_pull_wkssvc_NetrMessageBufferSend(struct ndr_pull * NDR_PULL_SET_MEM_CTX(ndr, r->in.message_sender_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.message_sender_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.message_sender_name)); - if (ndr_get_array_length(ndr, &r->in.message_sender_name) > ndr_get_array_size(ndr, &r->in.message_sender_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.message_sender_name), ndr_get_array_length(ndr, &r->in.message_sender_name)); + size_message_sender_name_1 = ndr_get_array_size(ndr, &r->in.message_sender_name); + length_message_sender_name_1 = ndr_get_array_length(ndr, &r->in.message_sender_name); + if (length_message_sender_name_1 > size_message_sender_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_message_sender_name_1, length_message_sender_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.message_sender_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.message_sender_name, ndr_get_array_length(ndr, &r->in.message_sender_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_message_sender_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.message_sender_name, length_message_sender_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_message_sender_name_0, 0); } NDR_CHECK(ndr_pull_array_size(ndr, &r->in.message_buffer)); + size_message_buffer_1 = ndr_get_array_size(ndr, &r->in.message_buffer); if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) { - NDR_PULL_ALLOC_N(ndr, r->in.message_buffer, ndr_get_array_size(ndr, &r->in.message_buffer)); + NDR_PULL_ALLOC_N(ndr, r->in.message_buffer, size_message_buffer_1); } - NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->in.message_buffer, ndr_get_array_size(ndr, &r->in.message_buffer))); + NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->in.message_buffer, size_message_buffer_1)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.message_size)); if (r->in.message_buffer) { NDR_CHECK(ndr_check_array_size(ndr, (void*)&r->in.message_buffer, r->in.message_size)); @@ -7464,7 +7666,11 @@ static enum ndr_err_code ndr_push_wkssvc_NetrWorkstationStatisticsGet(struct ndr static enum ndr_err_code ndr_pull_wkssvc_NetrWorkstationStatisticsGet(struct ndr_pull *ndr, int flags, struct wkssvc_NetrWorkstationStatisticsGet *r) { uint32_t _ptr_server_name; + uint32_t size_server_name_1 = 0; + uint32_t length_server_name_1 = 0; uint32_t _ptr_unknown2; + uint32_t size_unknown2_1 = 0; + uint32_t length_unknown2_1 = 0; uint32_t _ptr_info; TALLOC_CTX *_mem_save_server_name_0; TALLOC_CTX *_mem_save_unknown2_0; @@ -7484,11 +7690,13 @@ static enum ndr_err_code ndr_pull_wkssvc_NetrWorkstationStatisticsGet(struct ndr NDR_PULL_SET_MEM_CTX(ndr, r->in.server_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.server_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.server_name)); - if (ndr_get_array_length(ndr, &r->in.server_name) > ndr_get_array_size(ndr, &r->in.server_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.server_name), ndr_get_array_length(ndr, &r->in.server_name)); + size_server_name_1 = ndr_get_array_size(ndr, &r->in.server_name); + length_server_name_1 = ndr_get_array_length(ndr, &r->in.server_name); + if (length_server_name_1 > size_server_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_name_1, length_server_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.server_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_name, ndr_get_array_length(ndr, &r->in.server_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_name, length_server_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_name_0, 0); } NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_unknown2)); @@ -7502,11 +7710,13 @@ static enum ndr_err_code ndr_pull_wkssvc_NetrWorkstationStatisticsGet(struct ndr NDR_PULL_SET_MEM_CTX(ndr, r->in.unknown2, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.unknown2)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.unknown2)); - if (ndr_get_array_length(ndr, &r->in.unknown2) > ndr_get_array_size(ndr, &r->in.unknown2)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.unknown2), ndr_get_array_length(ndr, &r->in.unknown2)); + size_unknown2_1 = ndr_get_array_size(ndr, &r->in.unknown2); + length_unknown2_1 = ndr_get_array_length(ndr, &r->in.unknown2); + if (length_unknown2_1 > size_unknown2_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_unknown2_1, length_unknown2_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.unknown2), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.unknown2, ndr_get_array_length(ndr, &r->in.unknown2), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_unknown2_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.unknown2, length_unknown2_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_unknown2_0, 0); } NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.unknown3)); @@ -7601,14 +7811,18 @@ static enum ndr_err_code ndr_push_wkssvc_NetrLogonDomainNameAdd(struct ndr_push static enum ndr_err_code ndr_pull_wkssvc_NetrLogonDomainNameAdd(struct ndr_pull *ndr, int flags, struct wkssvc_NetrLogonDomainNameAdd *r) { + uint32_t size_domain_name_1 = 0; + uint32_t length_domain_name_1 = 0; if (flags & NDR_IN) { NDR_CHECK(ndr_pull_array_size(ndr, &r->in.domain_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.domain_name)); - if (ndr_get_array_length(ndr, &r->in.domain_name) > ndr_get_array_size(ndr, &r->in.domain_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.domain_name), ndr_get_array_length(ndr, &r->in.domain_name)); + size_domain_name_1 = ndr_get_array_size(ndr, &r->in.domain_name); + length_domain_name_1 = ndr_get_array_length(ndr, &r->in.domain_name); + if (length_domain_name_1 > size_domain_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_domain_name_1, length_domain_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.domain_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.domain_name, ndr_get_array_length(ndr, &r->in.domain_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_domain_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.domain_name, length_domain_name_1, sizeof(uint16_t), CH_UTF16)); } if (flags & NDR_OUT) { NDR_CHECK(ndr_pull_WERROR(ndr, NDR_SCALARS, &r->out.result)); @@ -7660,14 +7874,18 @@ static enum ndr_err_code ndr_push_wkssvc_NetrLogonDomainNameDel(struct ndr_push static enum ndr_err_code ndr_pull_wkssvc_NetrLogonDomainNameDel(struct ndr_pull *ndr, int flags, struct wkssvc_NetrLogonDomainNameDel *r) { + uint32_t size_domain_name_1 = 0; + uint32_t length_domain_name_1 = 0; if (flags & NDR_IN) { NDR_CHECK(ndr_pull_array_size(ndr, &r->in.domain_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.domain_name)); - if (ndr_get_array_length(ndr, &r->in.domain_name) > ndr_get_array_size(ndr, &r->in.domain_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.domain_name), ndr_get_array_length(ndr, &r->in.domain_name)); + size_domain_name_1 = ndr_get_array_size(ndr, &r->in.domain_name); + length_domain_name_1 = ndr_get_array_length(ndr, &r->in.domain_name); + if (length_domain_name_1 > size_domain_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_domain_name_1, length_domain_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.domain_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.domain_name, ndr_get_array_length(ndr, &r->in.domain_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_domain_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.domain_name, length_domain_name_1, sizeof(uint16_t), CH_UTF16)); } if (flags & NDR_OUT) { NDR_CHECK(ndr_pull_WERROR(ndr, NDR_SCALARS, &r->out.result)); @@ -7749,9 +7967,19 @@ static enum ndr_err_code ndr_push_wkssvc_NetrJoinDomain(struct ndr_push *ndr, in static enum ndr_err_code ndr_pull_wkssvc_NetrJoinDomain(struct ndr_pull *ndr, int flags, struct wkssvc_NetrJoinDomain *r) { uint32_t _ptr_server_name; + uint32_t size_server_name_1 = 0; + uint32_t length_server_name_1 = 0; + uint32_t size_domain_name_1 = 0; + uint32_t length_domain_name_1 = 0; uint32_t _ptr_account_ou; + uint32_t size_account_ou_1 = 0; + uint32_t length_account_ou_1 = 0; uint32_t _ptr_Account; + uint32_t size_Account_1 = 0; + uint32_t length_Account_1 = 0; uint32_t _ptr_password; + uint32_t size_password_1 = 0; + uint32_t length_password_1 = 0; TALLOC_CTX *_mem_save_server_name_0; TALLOC_CTX *_mem_save_account_ou_0; TALLOC_CTX *_mem_save_Account_0; @@ -7768,20 +7996,24 @@ static enum ndr_err_code ndr_pull_wkssvc_NetrJoinDomain(struct ndr_pull *ndr, in NDR_PULL_SET_MEM_CTX(ndr, r->in.server_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.server_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.server_name)); - if (ndr_get_array_length(ndr, &r->in.server_name) > ndr_get_array_size(ndr, &r->in.server_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.server_name), ndr_get_array_length(ndr, &r->in.server_name)); + size_server_name_1 = ndr_get_array_size(ndr, &r->in.server_name); + length_server_name_1 = ndr_get_array_length(ndr, &r->in.server_name); + if (length_server_name_1 > size_server_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_name_1, length_server_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.server_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_name, ndr_get_array_length(ndr, &r->in.server_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_name, length_server_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_name_0, 0); } NDR_CHECK(ndr_pull_array_size(ndr, &r->in.domain_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.domain_name)); - if (ndr_get_array_length(ndr, &r->in.domain_name) > ndr_get_array_size(ndr, &r->in.domain_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.domain_name), ndr_get_array_length(ndr, &r->in.domain_name)); + size_domain_name_1 = ndr_get_array_size(ndr, &r->in.domain_name); + length_domain_name_1 = ndr_get_array_length(ndr, &r->in.domain_name); + if (length_domain_name_1 > size_domain_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_domain_name_1, length_domain_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.domain_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.domain_name, ndr_get_array_length(ndr, &r->in.domain_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_domain_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.domain_name, length_domain_name_1, sizeof(uint16_t), CH_UTF16)); NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_account_ou)); if (_ptr_account_ou) { NDR_PULL_ALLOC(ndr, r->in.account_ou); @@ -7793,11 +8025,13 @@ static enum ndr_err_code ndr_pull_wkssvc_NetrJoinDomain(struct ndr_pull *ndr, in NDR_PULL_SET_MEM_CTX(ndr, r->in.account_ou, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.account_ou)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.account_ou)); - if (ndr_get_array_length(ndr, &r->in.account_ou) > ndr_get_array_size(ndr, &r->in.account_ou)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.account_ou), ndr_get_array_length(ndr, &r->in.account_ou)); + size_account_ou_1 = ndr_get_array_size(ndr, &r->in.account_ou); + length_account_ou_1 = ndr_get_array_length(ndr, &r->in.account_ou); + if (length_account_ou_1 > size_account_ou_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_account_ou_1, length_account_ou_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.account_ou), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.account_ou, ndr_get_array_length(ndr, &r->in.account_ou), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_account_ou_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.account_ou, length_account_ou_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_account_ou_0, 0); } NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_Account)); @@ -7811,11 +8045,13 @@ static enum ndr_err_code ndr_pull_wkssvc_NetrJoinDomain(struct ndr_pull *ndr, in NDR_PULL_SET_MEM_CTX(ndr, r->in.Account, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.Account)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.Account)); - if (ndr_get_array_length(ndr, &r->in.Account) > ndr_get_array_size(ndr, &r->in.Account)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.Account), ndr_get_array_length(ndr, &r->in.Account)); + size_Account_1 = ndr_get_array_size(ndr, &r->in.Account); + length_Account_1 = ndr_get_array_length(ndr, &r->in.Account); + if (length_Account_1 > size_Account_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_Account_1, length_Account_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.Account), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.Account, ndr_get_array_length(ndr, &r->in.Account), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_Account_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.Account, length_Account_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_Account_0, 0); } NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_password)); @@ -7829,11 +8065,13 @@ static enum ndr_err_code ndr_pull_wkssvc_NetrJoinDomain(struct ndr_pull *ndr, in NDR_PULL_SET_MEM_CTX(ndr, r->in.password, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.password)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.password)); - if (ndr_get_array_length(ndr, &r->in.password) > ndr_get_array_size(ndr, &r->in.password)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.password), ndr_get_array_length(ndr, &r->in.password)); + size_password_1 = ndr_get_array_size(ndr, &r->in.password); + length_password_1 = ndr_get_array_length(ndr, &r->in.password); + if (length_password_1 > size_password_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_password_1, length_password_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.password), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.password, ndr_get_array_length(ndr, &r->in.password), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_password_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.password, length_password_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_password_0, 0); } NDR_CHECK(ndr_pull_wkssvc_joinflags(ndr, NDR_SCALARS, &r->in.join_flags)); @@ -7929,8 +8167,14 @@ static enum ndr_err_code ndr_push_wkssvc_NetrUnjoinDomain(struct ndr_push *ndr, static enum ndr_err_code ndr_pull_wkssvc_NetrUnjoinDomain(struct ndr_pull *ndr, int flags, struct wkssvc_NetrUnjoinDomain *r) { uint32_t _ptr_server_name; + uint32_t size_server_name_1 = 0; + uint32_t length_server_name_1 = 0; uint32_t _ptr_Account; + uint32_t size_Account_1 = 0; + uint32_t length_Account_1 = 0; uint32_t _ptr_password; + uint32_t size_password_1 = 0; + uint32_t length_password_1 = 0; TALLOC_CTX *_mem_save_server_name_0; TALLOC_CTX *_mem_save_Account_0; TALLOC_CTX *_mem_save_password_0; @@ -7946,11 +8190,13 @@ static enum ndr_err_code ndr_pull_wkssvc_NetrUnjoinDomain(struct ndr_pull *ndr, NDR_PULL_SET_MEM_CTX(ndr, r->in.server_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.server_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.server_name)); - if (ndr_get_array_length(ndr, &r->in.server_name) > ndr_get_array_size(ndr, &r->in.server_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.server_name), ndr_get_array_length(ndr, &r->in.server_name)); + size_server_name_1 = ndr_get_array_size(ndr, &r->in.server_name); + length_server_name_1 = ndr_get_array_length(ndr, &r->in.server_name); + if (length_server_name_1 > size_server_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_name_1, length_server_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.server_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_name, ndr_get_array_length(ndr, &r->in.server_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_name, length_server_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_name_0, 0); } NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_Account)); @@ -7964,11 +8210,13 @@ static enum ndr_err_code ndr_pull_wkssvc_NetrUnjoinDomain(struct ndr_pull *ndr, NDR_PULL_SET_MEM_CTX(ndr, r->in.Account, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.Account)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.Account)); - if (ndr_get_array_length(ndr, &r->in.Account) > ndr_get_array_size(ndr, &r->in.Account)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.Account), ndr_get_array_length(ndr, &r->in.Account)); + size_Account_1 = ndr_get_array_size(ndr, &r->in.Account); + length_Account_1 = ndr_get_array_length(ndr, &r->in.Account); + if (length_Account_1 > size_Account_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_Account_1, length_Account_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.Account), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.Account, ndr_get_array_length(ndr, &r->in.Account), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_Account_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.Account, length_Account_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_Account_0, 0); } NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_password)); @@ -7982,11 +8230,13 @@ static enum ndr_err_code ndr_pull_wkssvc_NetrUnjoinDomain(struct ndr_pull *ndr, NDR_PULL_SET_MEM_CTX(ndr, r->in.password, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.password)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.password)); - if (ndr_get_array_length(ndr, &r->in.password) > ndr_get_array_size(ndr, &r->in.password)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.password), ndr_get_array_length(ndr, &r->in.password)); + size_password_1 = ndr_get_array_size(ndr, &r->in.password); + length_password_1 = ndr_get_array_length(ndr, &r->in.password); + if (length_password_1 > size_password_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_password_1, length_password_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.password), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.password, ndr_get_array_length(ndr, &r->in.password), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_password_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.password, length_password_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_password_0, 0); } NDR_CHECK(ndr_pull_wkssvc_joinflags(ndr, NDR_SCALARS, &r->in.unjoin_flags)); @@ -8079,9 +8329,17 @@ static enum ndr_err_code ndr_push_wkssvc_NetrRenameMachineInDomain(struct ndr_pu static enum ndr_err_code ndr_pull_wkssvc_NetrRenameMachineInDomain(struct ndr_pull *ndr, int flags, struct wkssvc_NetrRenameMachineInDomain *r) { uint32_t _ptr_server_name; + uint32_t size_server_name_1 = 0; + uint32_t length_server_name_1 = 0; uint32_t _ptr_NewMachineName; + uint32_t size_NewMachineName_1 = 0; + uint32_t length_NewMachineName_1 = 0; uint32_t _ptr_Account; + uint32_t size_Account_1 = 0; + uint32_t length_Account_1 = 0; uint32_t _ptr_password; + uint32_t size_password_1 = 0; + uint32_t length_password_1 = 0; TALLOC_CTX *_mem_save_server_name_0; TALLOC_CTX *_mem_save_NewMachineName_0; TALLOC_CTX *_mem_save_Account_0; @@ -8098,11 +8356,13 @@ static enum ndr_err_code ndr_pull_wkssvc_NetrRenameMachineInDomain(struct ndr_pu NDR_PULL_SET_MEM_CTX(ndr, r->in.server_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.server_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.server_name)); - if (ndr_get_array_length(ndr, &r->in.server_name) > ndr_get_array_size(ndr, &r->in.server_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.server_name), ndr_get_array_length(ndr, &r->in.server_name)); + size_server_name_1 = ndr_get_array_size(ndr, &r->in.server_name); + length_server_name_1 = ndr_get_array_length(ndr, &r->in.server_name); + if (length_server_name_1 > size_server_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_name_1, length_server_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.server_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_name, ndr_get_array_length(ndr, &r->in.server_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_name, length_server_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_name_0, 0); } NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_NewMachineName)); @@ -8116,11 +8376,13 @@ static enum ndr_err_code ndr_pull_wkssvc_NetrRenameMachineInDomain(struct ndr_pu NDR_PULL_SET_MEM_CTX(ndr, r->in.NewMachineName, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.NewMachineName)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.NewMachineName)); - if (ndr_get_array_length(ndr, &r->in.NewMachineName) > ndr_get_array_size(ndr, &r->in.NewMachineName)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.NewMachineName), ndr_get_array_length(ndr, &r->in.NewMachineName)); + size_NewMachineName_1 = ndr_get_array_size(ndr, &r->in.NewMachineName); + length_NewMachineName_1 = ndr_get_array_length(ndr, &r->in.NewMachineName); + if (length_NewMachineName_1 > size_NewMachineName_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_NewMachineName_1, length_NewMachineName_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.NewMachineName), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.NewMachineName, ndr_get_array_length(ndr, &r->in.NewMachineName), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_NewMachineName_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.NewMachineName, length_NewMachineName_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_NewMachineName_0, 0); } NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_Account)); @@ -8134,11 +8396,13 @@ static enum ndr_err_code ndr_pull_wkssvc_NetrRenameMachineInDomain(struct ndr_pu NDR_PULL_SET_MEM_CTX(ndr, r->in.Account, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.Account)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.Account)); - if (ndr_get_array_length(ndr, &r->in.Account) > ndr_get_array_size(ndr, &r->in.Account)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.Account), ndr_get_array_length(ndr, &r->in.Account)); + size_Account_1 = ndr_get_array_size(ndr, &r->in.Account); + length_Account_1 = ndr_get_array_length(ndr, &r->in.Account); + if (length_Account_1 > size_Account_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_Account_1, length_Account_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.Account), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.Account, ndr_get_array_length(ndr, &r->in.Account), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_Account_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.Account, length_Account_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_Account_0, 0); } NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_password)); @@ -8152,11 +8416,13 @@ static enum ndr_err_code ndr_pull_wkssvc_NetrRenameMachineInDomain(struct ndr_pu NDR_PULL_SET_MEM_CTX(ndr, r->in.password, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.password)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.password)); - if (ndr_get_array_length(ndr, &r->in.password) > ndr_get_array_size(ndr, &r->in.password)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.password), ndr_get_array_length(ndr, &r->in.password)); + size_password_1 = ndr_get_array_size(ndr, &r->in.password); + length_password_1 = ndr_get_array_length(ndr, &r->in.password); + if (length_password_1 > size_password_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_password_1, length_password_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.password), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.password, ndr_get_array_length(ndr, &r->in.password), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_password_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.password, length_password_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_password_0, 0); } NDR_CHECK(ndr_pull_wkssvc_renameflags(ndr, NDR_SCALARS, &r->in.RenameOptions)); @@ -8255,8 +8521,16 @@ static enum ndr_err_code ndr_push_wkssvc_NetrValidateName(struct ndr_push *ndr, static enum ndr_err_code ndr_pull_wkssvc_NetrValidateName(struct ndr_pull *ndr, int flags, struct wkssvc_NetrValidateName *r) { uint32_t _ptr_server_name; + uint32_t size_server_name_1 = 0; + uint32_t length_server_name_1 = 0; + uint32_t size_name_1 = 0; + uint32_t length_name_1 = 0; uint32_t _ptr_Account; + uint32_t size_Account_1 = 0; + uint32_t length_Account_1 = 0; uint32_t _ptr_Password; + uint32_t size_Password_1 = 0; + uint32_t length_Password_1 = 0; TALLOC_CTX *_mem_save_server_name_0; TALLOC_CTX *_mem_save_Account_0; TALLOC_CTX *_mem_save_Password_0; @@ -8272,20 +8546,24 @@ static enum ndr_err_code ndr_pull_wkssvc_NetrValidateName(struct ndr_pull *ndr, NDR_PULL_SET_MEM_CTX(ndr, r->in.server_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.server_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.server_name)); - if (ndr_get_array_length(ndr, &r->in.server_name) > ndr_get_array_size(ndr, &r->in.server_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.server_name), ndr_get_array_length(ndr, &r->in.server_name)); + size_server_name_1 = ndr_get_array_size(ndr, &r->in.server_name); + length_server_name_1 = ndr_get_array_length(ndr, &r->in.server_name); + if (length_server_name_1 > size_server_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_name_1, length_server_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.server_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_name, ndr_get_array_length(ndr, &r->in.server_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_name, length_server_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_name_0, 0); } NDR_CHECK(ndr_pull_array_size(ndr, &r->in.name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.name)); - if (ndr_get_array_length(ndr, &r->in.name) > ndr_get_array_size(ndr, &r->in.name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.name), ndr_get_array_length(ndr, &r->in.name)); + size_name_1 = ndr_get_array_size(ndr, &r->in.name); + length_name_1 = ndr_get_array_length(ndr, &r->in.name); + if (length_name_1 > size_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_name_1, length_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.name, ndr_get_array_length(ndr, &r->in.name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.name, length_name_1, sizeof(uint16_t), CH_UTF16)); NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_Account)); if (_ptr_Account) { NDR_PULL_ALLOC(ndr, r->in.Account); @@ -8297,11 +8575,13 @@ static enum ndr_err_code ndr_pull_wkssvc_NetrValidateName(struct ndr_pull *ndr, NDR_PULL_SET_MEM_CTX(ndr, r->in.Account, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.Account)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.Account)); - if (ndr_get_array_length(ndr, &r->in.Account) > ndr_get_array_size(ndr, &r->in.Account)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.Account), ndr_get_array_length(ndr, &r->in.Account)); + size_Account_1 = ndr_get_array_size(ndr, &r->in.Account); + length_Account_1 = ndr_get_array_length(ndr, &r->in.Account); + if (length_Account_1 > size_Account_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_Account_1, length_Account_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.Account), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.Account, ndr_get_array_length(ndr, &r->in.Account), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_Account_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.Account, length_Account_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_Account_0, 0); } NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_Password)); @@ -8315,11 +8595,13 @@ static enum ndr_err_code ndr_pull_wkssvc_NetrValidateName(struct ndr_pull *ndr, NDR_PULL_SET_MEM_CTX(ndr, r->in.Password, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.Password)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.Password)); - if (ndr_get_array_length(ndr, &r->in.Password) > ndr_get_array_size(ndr, &r->in.Password)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.Password), ndr_get_array_length(ndr, &r->in.Password)); + size_Password_1 = ndr_get_array_size(ndr, &r->in.Password); + length_Password_1 = ndr_get_array_length(ndr, &r->in.Password); + if (length_Password_1 > size_Password_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_Password_1, length_Password_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.Password), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.Password, ndr_get_array_length(ndr, &r->in.Password), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_Password_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.Password, length_Password_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_Password_0, 0); } NDR_CHECK(ndr_pull_wkssvc_NetValidateNameType(ndr, NDR_SCALARS, &r->in.name_type)); @@ -8418,7 +8700,11 @@ static enum ndr_err_code ndr_push_wkssvc_NetrGetJoinInformation(struct ndr_push static enum ndr_err_code ndr_pull_wkssvc_NetrGetJoinInformation(struct ndr_pull *ndr, int flags, struct wkssvc_NetrGetJoinInformation *r) { uint32_t _ptr_server_name; + uint32_t size_server_name_1 = 0; + uint32_t length_server_name_1 = 0; uint32_t _ptr_name_buffer; + uint32_t size_name_buffer_2 = 0; + uint32_t length_name_buffer_2 = 0; TALLOC_CTX *_mem_save_server_name_0; TALLOC_CTX *_mem_save_name_buffer_0; TALLOC_CTX *_mem_save_name_buffer_1; @@ -8437,11 +8723,13 @@ static enum ndr_err_code ndr_pull_wkssvc_NetrGetJoinInformation(struct ndr_pull NDR_PULL_SET_MEM_CTX(ndr, r->in.server_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.server_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.server_name)); - if (ndr_get_array_length(ndr, &r->in.server_name) > ndr_get_array_size(ndr, &r->in.server_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.server_name), ndr_get_array_length(ndr, &r->in.server_name)); + size_server_name_1 = ndr_get_array_size(ndr, &r->in.server_name); + length_server_name_1 = ndr_get_array_length(ndr, &r->in.server_name); + if (length_server_name_1 > size_server_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_name_1, length_server_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.server_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_name, ndr_get_array_length(ndr, &r->in.server_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_name, length_server_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_name_0, 0); } if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) { @@ -8460,11 +8748,13 @@ static enum ndr_err_code ndr_pull_wkssvc_NetrGetJoinInformation(struct ndr_pull NDR_PULL_SET_MEM_CTX(ndr, *r->in.name_buffer, 0); NDR_CHECK(ndr_pull_array_size(ndr, r->in.name_buffer)); NDR_CHECK(ndr_pull_array_length(ndr, r->in.name_buffer)); - if (ndr_get_array_length(ndr, r->in.name_buffer) > ndr_get_array_size(ndr, r->in.name_buffer)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, r->in.name_buffer), ndr_get_array_length(ndr, r->in.name_buffer)); + size_name_buffer_2 = ndr_get_array_size(ndr, r->in.name_buffer); + length_name_buffer_2 = ndr_get_array_length(ndr, r->in.name_buffer); + if (length_name_buffer_2 > size_name_buffer_2) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_name_buffer_2, length_name_buffer_2); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, r->in.name_buffer), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, r->in.name_buffer, ndr_get_array_length(ndr, r->in.name_buffer), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_name_buffer_2, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, r->in.name_buffer, length_name_buffer_2, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_name_buffer_1, 0); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_name_buffer_0, LIBNDR_FLAG_REF_ALLOC); @@ -8490,11 +8780,13 @@ static enum ndr_err_code ndr_pull_wkssvc_NetrGetJoinInformation(struct ndr_pull NDR_PULL_SET_MEM_CTX(ndr, *r->out.name_buffer, 0); NDR_CHECK(ndr_pull_array_size(ndr, r->out.name_buffer)); NDR_CHECK(ndr_pull_array_length(ndr, r->out.name_buffer)); - if (ndr_get_array_length(ndr, r->out.name_buffer) > ndr_get_array_size(ndr, r->out.name_buffer)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, r->out.name_buffer), ndr_get_array_length(ndr, r->out.name_buffer)); + size_name_buffer_2 = ndr_get_array_size(ndr, r->out.name_buffer); + length_name_buffer_2 = ndr_get_array_length(ndr, r->out.name_buffer); + if (length_name_buffer_2 > size_name_buffer_2) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_name_buffer_2, length_name_buffer_2); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, r->out.name_buffer), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, r->out.name_buffer, ndr_get_array_length(ndr, r->out.name_buffer), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_name_buffer_2, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, r->out.name_buffer, length_name_buffer_2, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_name_buffer_1, 0); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_name_buffer_0, LIBNDR_FLAG_REF_ALLOC); @@ -8627,10 +8919,21 @@ static enum ndr_err_code ndr_push_wkssvc_NetrGetJoinableOus(struct ndr_push *ndr static enum ndr_err_code ndr_pull_wkssvc_NetrGetJoinableOus(struct ndr_pull *ndr, int flags, struct wkssvc_NetrGetJoinableOus *r) { uint32_t _ptr_server_name; + uint32_t size_server_name_1 = 0; + uint32_t length_server_name_1 = 0; + uint32_t size_domain_name_1 = 0; + uint32_t length_domain_name_1 = 0; uint32_t _ptr_Account; + uint32_t size_Account_1 = 0; + uint32_t length_Account_1 = 0; uint32_t _ptr_unknown; + uint32_t size_unknown_1 = 0; + uint32_t length_unknown_1 = 0; uint32_t _ptr_ous; + uint32_t size_ous_2 = 0; uint32_t cntr_ous_2; + uint32_t size_ous_4 = 0; + uint32_t length_ous_4 = 0; TALLOC_CTX *_mem_save_server_name_0; TALLOC_CTX *_mem_save_Account_0; TALLOC_CTX *_mem_save_unknown_0; @@ -8653,20 +8956,24 @@ static enum ndr_err_code ndr_pull_wkssvc_NetrGetJoinableOus(struct ndr_pull *ndr NDR_PULL_SET_MEM_CTX(ndr, r->in.server_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.server_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.server_name)); - if (ndr_get_array_length(ndr, &r->in.server_name) > ndr_get_array_size(ndr, &r->in.server_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.server_name), ndr_get_array_length(ndr, &r->in.server_name)); + size_server_name_1 = ndr_get_array_size(ndr, &r->in.server_name); + length_server_name_1 = ndr_get_array_length(ndr, &r->in.server_name); + if (length_server_name_1 > size_server_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_name_1, length_server_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.server_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_name, ndr_get_array_length(ndr, &r->in.server_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_name, length_server_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_name_0, 0); } NDR_CHECK(ndr_pull_array_size(ndr, &r->in.domain_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.domain_name)); - if (ndr_get_array_length(ndr, &r->in.domain_name) > ndr_get_array_size(ndr, &r->in.domain_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.domain_name), ndr_get_array_length(ndr, &r->in.domain_name)); + size_domain_name_1 = ndr_get_array_size(ndr, &r->in.domain_name); + length_domain_name_1 = ndr_get_array_length(ndr, &r->in.domain_name); + if (length_domain_name_1 > size_domain_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_domain_name_1, length_domain_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.domain_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.domain_name, ndr_get_array_length(ndr, &r->in.domain_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_domain_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.domain_name, length_domain_name_1, sizeof(uint16_t), CH_UTF16)); NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_Account)); if (_ptr_Account) { NDR_PULL_ALLOC(ndr, r->in.Account); @@ -8678,11 +8985,13 @@ static enum ndr_err_code ndr_pull_wkssvc_NetrGetJoinableOus(struct ndr_pull *ndr NDR_PULL_SET_MEM_CTX(ndr, r->in.Account, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.Account)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.Account)); - if (ndr_get_array_length(ndr, &r->in.Account) > ndr_get_array_size(ndr, &r->in.Account)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.Account), ndr_get_array_length(ndr, &r->in.Account)); + size_Account_1 = ndr_get_array_size(ndr, &r->in.Account); + length_Account_1 = ndr_get_array_length(ndr, &r->in.Account); + if (length_Account_1 > size_Account_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_Account_1, length_Account_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.Account), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.Account, ndr_get_array_length(ndr, &r->in.Account), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_Account_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.Account, length_Account_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_Account_0, 0); } NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_unknown)); @@ -8696,11 +9005,13 @@ static enum ndr_err_code ndr_pull_wkssvc_NetrGetJoinableOus(struct ndr_pull *ndr NDR_PULL_SET_MEM_CTX(ndr, r->in.unknown, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.unknown)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.unknown)); - if (ndr_get_array_length(ndr, &r->in.unknown) > ndr_get_array_size(ndr, &r->in.unknown)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.unknown), ndr_get_array_length(ndr, &r->in.unknown)); + size_unknown_1 = ndr_get_array_size(ndr, &r->in.unknown); + length_unknown_1 = ndr_get_array_length(ndr, &r->in.unknown); + if (length_unknown_1 > size_unknown_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_unknown_1, length_unknown_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.unknown), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.unknown, ndr_get_array_length(ndr, &r->in.unknown), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_unknown_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.unknown, length_unknown_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_unknown_0, 0); } if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) { @@ -8738,10 +9049,11 @@ static enum ndr_err_code ndr_pull_wkssvc_NetrGetJoinableOus(struct ndr_pull *ndr _mem_save_ous_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, *r->out.ous, 0); NDR_CHECK(ndr_pull_array_size(ndr, r->out.ous)); - NDR_PULL_ALLOC_N(ndr, *r->out.ous, ndr_get_array_size(ndr, r->out.ous)); + size_ous_2 = ndr_get_array_size(ndr, r->out.ous); + NDR_PULL_ALLOC_N(ndr, *r->out.ous, size_ous_2); _mem_save_ous_2 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, *r->out.ous, 0); - for (cntr_ous_2 = 0; cntr_ous_2 < *r->out.num_ous; cntr_ous_2++) { + for (cntr_ous_2 = 0; cntr_ous_2 < size_ous_2; cntr_ous_2++) { NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_ous)); if (_ptr_ous) { NDR_PULL_ALLOC(ndr, (*r->out.ous)[cntr_ous_2]); @@ -8749,17 +9061,19 @@ static enum ndr_err_code ndr_pull_wkssvc_NetrGetJoinableOus(struct ndr_pull *ndr (*r->out.ous)[cntr_ous_2] = NULL; } } - for (cntr_ous_2 = 0; cntr_ous_2 < *r->out.num_ous; cntr_ous_2++) { + for (cntr_ous_2 = 0; cntr_ous_2 < size_ous_2; cntr_ous_2++) { if ((*r->out.ous)[cntr_ous_2]) { _mem_save_ous_3 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, (*r->out.ous)[cntr_ous_2], 0); NDR_CHECK(ndr_pull_array_size(ndr, &(*r->out.ous)[cntr_ous_2])); NDR_CHECK(ndr_pull_array_length(ndr, &(*r->out.ous)[cntr_ous_2])); - if (ndr_get_array_length(ndr, &(*r->out.ous)[cntr_ous_2]) > ndr_get_array_size(ndr, &(*r->out.ous)[cntr_ous_2])) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &(*r->out.ous)[cntr_ous_2]), ndr_get_array_length(ndr, &(*r->out.ous)[cntr_ous_2])); + size_ous_4 = ndr_get_array_size(ndr, &(*r->out.ous)[cntr_ous_2]); + length_ous_4 = ndr_get_array_length(ndr, &(*r->out.ous)[cntr_ous_2]); + if (length_ous_4 > size_ous_4) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_ous_4, length_ous_4); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &(*r->out.ous)[cntr_ous_2]), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &(*r->out.ous)[cntr_ous_2], ndr_get_array_length(ndr, &(*r->out.ous)[cntr_ous_2]), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_ous_4, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &(*r->out.ous)[cntr_ous_2], length_ous_4, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_ous_3, 0); } } @@ -8896,8 +9210,16 @@ static enum ndr_err_code ndr_push_wkssvc_NetrJoinDomain2(struct ndr_push *ndr, i static enum ndr_err_code ndr_pull_wkssvc_NetrJoinDomain2(struct ndr_pull *ndr, int flags, struct wkssvc_NetrJoinDomain2 *r) { uint32_t _ptr_server_name; + uint32_t size_server_name_1 = 0; + uint32_t length_server_name_1 = 0; + uint32_t size_domain_name_1 = 0; + uint32_t length_domain_name_1 = 0; uint32_t _ptr_account_ou; + uint32_t size_account_ou_1 = 0; + uint32_t length_account_ou_1 = 0; uint32_t _ptr_admin_account; + uint32_t size_admin_account_1 = 0; + uint32_t length_admin_account_1 = 0; uint32_t _ptr_encrypted_password; TALLOC_CTX *_mem_save_server_name_0; TALLOC_CTX *_mem_save_account_ou_0; @@ -8915,20 +9237,24 @@ static enum ndr_err_code ndr_pull_wkssvc_NetrJoinDomain2(struct ndr_pull *ndr, i NDR_PULL_SET_MEM_CTX(ndr, r->in.server_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.server_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.server_name)); - if (ndr_get_array_length(ndr, &r->in.server_name) > ndr_get_array_size(ndr, &r->in.server_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.server_name), ndr_get_array_length(ndr, &r->in.server_name)); + size_server_name_1 = ndr_get_array_size(ndr, &r->in.server_name); + length_server_name_1 = ndr_get_array_length(ndr, &r->in.server_name); + if (length_server_name_1 > size_server_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_name_1, length_server_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.server_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_name, ndr_get_array_length(ndr, &r->in.server_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_name, length_server_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_name_0, 0); } NDR_CHECK(ndr_pull_array_size(ndr, &r->in.domain_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.domain_name)); - if (ndr_get_array_length(ndr, &r->in.domain_name) > ndr_get_array_size(ndr, &r->in.domain_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.domain_name), ndr_get_array_length(ndr, &r->in.domain_name)); + size_domain_name_1 = ndr_get_array_size(ndr, &r->in.domain_name); + length_domain_name_1 = ndr_get_array_length(ndr, &r->in.domain_name); + if (length_domain_name_1 > size_domain_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_domain_name_1, length_domain_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.domain_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.domain_name, ndr_get_array_length(ndr, &r->in.domain_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_domain_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.domain_name, length_domain_name_1, sizeof(uint16_t), CH_UTF16)); NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_account_ou)); if (_ptr_account_ou) { NDR_PULL_ALLOC(ndr, r->in.account_ou); @@ -8940,11 +9266,13 @@ static enum ndr_err_code ndr_pull_wkssvc_NetrJoinDomain2(struct ndr_pull *ndr, i NDR_PULL_SET_MEM_CTX(ndr, r->in.account_ou, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.account_ou)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.account_ou)); - if (ndr_get_array_length(ndr, &r->in.account_ou) > ndr_get_array_size(ndr, &r->in.account_ou)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.account_ou), ndr_get_array_length(ndr, &r->in.account_ou)); + size_account_ou_1 = ndr_get_array_size(ndr, &r->in.account_ou); + length_account_ou_1 = ndr_get_array_length(ndr, &r->in.account_ou); + if (length_account_ou_1 > size_account_ou_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_account_ou_1, length_account_ou_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.account_ou), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.account_ou, ndr_get_array_length(ndr, &r->in.account_ou), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_account_ou_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.account_ou, length_account_ou_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_account_ou_0, 0); } NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_admin_account)); @@ -8958,11 +9286,13 @@ static enum ndr_err_code ndr_pull_wkssvc_NetrJoinDomain2(struct ndr_pull *ndr, i NDR_PULL_SET_MEM_CTX(ndr, r->in.admin_account, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.admin_account)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.admin_account)); - if (ndr_get_array_length(ndr, &r->in.admin_account) > ndr_get_array_size(ndr, &r->in.admin_account)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.admin_account), ndr_get_array_length(ndr, &r->in.admin_account)); + size_admin_account_1 = ndr_get_array_size(ndr, &r->in.admin_account); + length_admin_account_1 = ndr_get_array_length(ndr, &r->in.admin_account); + if (length_admin_account_1 > size_admin_account_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_admin_account_1, length_admin_account_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.admin_account), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.admin_account, ndr_get_array_length(ndr, &r->in.admin_account), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_admin_account_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.admin_account, length_admin_account_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_admin_account_0, 0); } NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_encrypted_password)); @@ -9067,7 +9397,11 @@ static enum ndr_err_code ndr_push_wkssvc_NetrUnjoinDomain2(struct ndr_push *ndr, static enum ndr_err_code ndr_pull_wkssvc_NetrUnjoinDomain2(struct ndr_pull *ndr, int flags, struct wkssvc_NetrUnjoinDomain2 *r) { uint32_t _ptr_server_name; + uint32_t size_server_name_1 = 0; + uint32_t length_server_name_1 = 0; uint32_t _ptr_account; + uint32_t size_account_1 = 0; + uint32_t length_account_1 = 0; uint32_t _ptr_encrypted_password; TALLOC_CTX *_mem_save_server_name_0; TALLOC_CTX *_mem_save_account_0; @@ -9084,11 +9418,13 @@ static enum ndr_err_code ndr_pull_wkssvc_NetrUnjoinDomain2(struct ndr_pull *ndr, NDR_PULL_SET_MEM_CTX(ndr, r->in.server_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.server_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.server_name)); - if (ndr_get_array_length(ndr, &r->in.server_name) > ndr_get_array_size(ndr, &r->in.server_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.server_name), ndr_get_array_length(ndr, &r->in.server_name)); + size_server_name_1 = ndr_get_array_size(ndr, &r->in.server_name); + length_server_name_1 = ndr_get_array_length(ndr, &r->in.server_name); + if (length_server_name_1 > size_server_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_name_1, length_server_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.server_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_name, ndr_get_array_length(ndr, &r->in.server_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_name, length_server_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_name_0, 0); } NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_account)); @@ -9102,11 +9438,13 @@ static enum ndr_err_code ndr_pull_wkssvc_NetrUnjoinDomain2(struct ndr_pull *ndr, NDR_PULL_SET_MEM_CTX(ndr, r->in.account, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.account)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.account)); - if (ndr_get_array_length(ndr, &r->in.account) > ndr_get_array_size(ndr, &r->in.account)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.account), ndr_get_array_length(ndr, &r->in.account)); + size_account_1 = ndr_get_array_size(ndr, &r->in.account); + length_account_1 = ndr_get_array_length(ndr, &r->in.account); + if (length_account_1 > size_account_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_account_1, length_account_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.account), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.account, ndr_get_array_length(ndr, &r->in.account), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_account_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.account, length_account_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_account_0, 0); } NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_encrypted_password)); @@ -9208,8 +9546,14 @@ static enum ndr_err_code ndr_push_wkssvc_NetrRenameMachineInDomain2(struct ndr_p static enum ndr_err_code ndr_pull_wkssvc_NetrRenameMachineInDomain2(struct ndr_pull *ndr, int flags, struct wkssvc_NetrRenameMachineInDomain2 *r) { uint32_t _ptr_server_name; + uint32_t size_server_name_1 = 0; + uint32_t length_server_name_1 = 0; uint32_t _ptr_NewMachineName; + uint32_t size_NewMachineName_1 = 0; + uint32_t length_NewMachineName_1 = 0; uint32_t _ptr_Account; + uint32_t size_Account_1 = 0; + uint32_t length_Account_1 = 0; uint32_t _ptr_EncryptedPassword; TALLOC_CTX *_mem_save_server_name_0; TALLOC_CTX *_mem_save_NewMachineName_0; @@ -9227,11 +9571,13 @@ static enum ndr_err_code ndr_pull_wkssvc_NetrRenameMachineInDomain2(struct ndr_p NDR_PULL_SET_MEM_CTX(ndr, r->in.server_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.server_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.server_name)); - if (ndr_get_array_length(ndr, &r->in.server_name) > ndr_get_array_size(ndr, &r->in.server_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.server_name), ndr_get_array_length(ndr, &r->in.server_name)); + size_server_name_1 = ndr_get_array_size(ndr, &r->in.server_name); + length_server_name_1 = ndr_get_array_length(ndr, &r->in.server_name); + if (length_server_name_1 > size_server_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_name_1, length_server_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.server_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_name, ndr_get_array_length(ndr, &r->in.server_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_name, length_server_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_name_0, 0); } NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_NewMachineName)); @@ -9245,11 +9591,13 @@ static enum ndr_err_code ndr_pull_wkssvc_NetrRenameMachineInDomain2(struct ndr_p NDR_PULL_SET_MEM_CTX(ndr, r->in.NewMachineName, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.NewMachineName)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.NewMachineName)); - if (ndr_get_array_length(ndr, &r->in.NewMachineName) > ndr_get_array_size(ndr, &r->in.NewMachineName)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.NewMachineName), ndr_get_array_length(ndr, &r->in.NewMachineName)); + size_NewMachineName_1 = ndr_get_array_size(ndr, &r->in.NewMachineName); + length_NewMachineName_1 = ndr_get_array_length(ndr, &r->in.NewMachineName); + if (length_NewMachineName_1 > size_NewMachineName_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_NewMachineName_1, length_NewMachineName_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.NewMachineName), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.NewMachineName, ndr_get_array_length(ndr, &r->in.NewMachineName), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_NewMachineName_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.NewMachineName, length_NewMachineName_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_NewMachineName_0, 0); } NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_Account)); @@ -9263,11 +9611,13 @@ static enum ndr_err_code ndr_pull_wkssvc_NetrRenameMachineInDomain2(struct ndr_p NDR_PULL_SET_MEM_CTX(ndr, r->in.Account, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.Account)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.Account)); - if (ndr_get_array_length(ndr, &r->in.Account) > ndr_get_array_size(ndr, &r->in.Account)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.Account), ndr_get_array_length(ndr, &r->in.Account)); + size_Account_1 = ndr_get_array_size(ndr, &r->in.Account); + length_Account_1 = ndr_get_array_length(ndr, &r->in.Account); + if (length_Account_1 > size_Account_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_Account_1, length_Account_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.Account), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.Account, ndr_get_array_length(ndr, &r->in.Account), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_Account_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.Account, length_Account_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_Account_0, 0); } NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_EncryptedPassword)); @@ -9375,7 +9725,13 @@ static enum ndr_err_code ndr_push_wkssvc_NetrValidateName2(struct ndr_push *ndr, static enum ndr_err_code ndr_pull_wkssvc_NetrValidateName2(struct ndr_pull *ndr, int flags, struct wkssvc_NetrValidateName2 *r) { uint32_t _ptr_server_name; + uint32_t size_server_name_1 = 0; + uint32_t length_server_name_1 = 0; + uint32_t size_name_1 = 0; + uint32_t length_name_1 = 0; uint32_t _ptr_Account; + uint32_t size_Account_1 = 0; + uint32_t length_Account_1 = 0; uint32_t _ptr_EncryptedPassword; TALLOC_CTX *_mem_save_server_name_0; TALLOC_CTX *_mem_save_Account_0; @@ -9392,20 +9748,24 @@ static enum ndr_err_code ndr_pull_wkssvc_NetrValidateName2(struct ndr_pull *ndr, NDR_PULL_SET_MEM_CTX(ndr, r->in.server_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.server_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.server_name)); - if (ndr_get_array_length(ndr, &r->in.server_name) > ndr_get_array_size(ndr, &r->in.server_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.server_name), ndr_get_array_length(ndr, &r->in.server_name)); + size_server_name_1 = ndr_get_array_size(ndr, &r->in.server_name); + length_server_name_1 = ndr_get_array_length(ndr, &r->in.server_name); + if (length_server_name_1 > size_server_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_name_1, length_server_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.server_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_name, ndr_get_array_length(ndr, &r->in.server_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_name, length_server_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_name_0, 0); } NDR_CHECK(ndr_pull_array_size(ndr, &r->in.name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.name)); - if (ndr_get_array_length(ndr, &r->in.name) > ndr_get_array_size(ndr, &r->in.name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.name), ndr_get_array_length(ndr, &r->in.name)); + size_name_1 = ndr_get_array_size(ndr, &r->in.name); + length_name_1 = ndr_get_array_length(ndr, &r->in.name); + if (length_name_1 > size_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_name_1, length_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.name, ndr_get_array_length(ndr, &r->in.name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.name, length_name_1, sizeof(uint16_t), CH_UTF16)); NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_Account)); if (_ptr_Account) { NDR_PULL_ALLOC(ndr, r->in.Account); @@ -9417,11 +9777,13 @@ static enum ndr_err_code ndr_pull_wkssvc_NetrValidateName2(struct ndr_pull *ndr, NDR_PULL_SET_MEM_CTX(ndr, r->in.Account, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.Account)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.Account)); - if (ndr_get_array_length(ndr, &r->in.Account) > ndr_get_array_size(ndr, &r->in.Account)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.Account), ndr_get_array_length(ndr, &r->in.Account)); + size_Account_1 = ndr_get_array_size(ndr, &r->in.Account); + length_Account_1 = ndr_get_array_length(ndr, &r->in.Account); + if (length_Account_1 > size_Account_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_Account_1, length_Account_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.Account), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.Account, ndr_get_array_length(ndr, &r->in.Account), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_Account_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.Account, length_Account_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_Account_0, 0); } NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_EncryptedPassword)); @@ -9553,10 +9915,19 @@ static enum ndr_err_code ndr_push_wkssvc_NetrGetJoinableOus2(struct ndr_push *nd static enum ndr_err_code ndr_pull_wkssvc_NetrGetJoinableOus2(struct ndr_pull *ndr, int flags, struct wkssvc_NetrGetJoinableOus2 *r) { uint32_t _ptr_server_name; + uint32_t size_server_name_1 = 0; + uint32_t length_server_name_1 = 0; + uint32_t size_domain_name_1 = 0; + uint32_t length_domain_name_1 = 0; uint32_t _ptr_Account; + uint32_t size_Account_1 = 0; + uint32_t length_Account_1 = 0; uint32_t _ptr_EncryptedPassword; uint32_t _ptr_ous; + uint32_t size_ous_2 = 0; uint32_t cntr_ous_2; + uint32_t size_ous_4 = 0; + uint32_t length_ous_4 = 0; TALLOC_CTX *_mem_save_server_name_0; TALLOC_CTX *_mem_save_Account_0; TALLOC_CTX *_mem_save_EncryptedPassword_0; @@ -9579,20 +9950,24 @@ static enum ndr_err_code ndr_pull_wkssvc_NetrGetJoinableOus2(struct ndr_pull *nd NDR_PULL_SET_MEM_CTX(ndr, r->in.server_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.server_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.server_name)); - if (ndr_get_array_length(ndr, &r->in.server_name) > ndr_get_array_size(ndr, &r->in.server_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.server_name), ndr_get_array_length(ndr, &r->in.server_name)); + size_server_name_1 = ndr_get_array_size(ndr, &r->in.server_name); + length_server_name_1 = ndr_get_array_length(ndr, &r->in.server_name); + if (length_server_name_1 > size_server_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_name_1, length_server_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.server_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_name, ndr_get_array_length(ndr, &r->in.server_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_name, length_server_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_name_0, 0); } NDR_CHECK(ndr_pull_array_size(ndr, &r->in.domain_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.domain_name)); - if (ndr_get_array_length(ndr, &r->in.domain_name) > ndr_get_array_size(ndr, &r->in.domain_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.domain_name), ndr_get_array_length(ndr, &r->in.domain_name)); + size_domain_name_1 = ndr_get_array_size(ndr, &r->in.domain_name); + length_domain_name_1 = ndr_get_array_length(ndr, &r->in.domain_name); + if (length_domain_name_1 > size_domain_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_domain_name_1, length_domain_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.domain_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.domain_name, ndr_get_array_length(ndr, &r->in.domain_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_domain_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.domain_name, length_domain_name_1, sizeof(uint16_t), CH_UTF16)); NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_Account)); if (_ptr_Account) { NDR_PULL_ALLOC(ndr, r->in.Account); @@ -9604,11 +9979,13 @@ static enum ndr_err_code ndr_pull_wkssvc_NetrGetJoinableOus2(struct ndr_pull *nd NDR_PULL_SET_MEM_CTX(ndr, r->in.Account, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.Account)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.Account)); - if (ndr_get_array_length(ndr, &r->in.Account) > ndr_get_array_size(ndr, &r->in.Account)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.Account), ndr_get_array_length(ndr, &r->in.Account)); + size_Account_1 = ndr_get_array_size(ndr, &r->in.Account); + length_Account_1 = ndr_get_array_length(ndr, &r->in.Account); + if (length_Account_1 > size_Account_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_Account_1, length_Account_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.Account), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.Account, ndr_get_array_length(ndr, &r->in.Account), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_Account_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.Account, length_Account_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_Account_0, 0); } NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_EncryptedPassword)); @@ -9658,10 +10035,11 @@ static enum ndr_err_code ndr_pull_wkssvc_NetrGetJoinableOus2(struct ndr_pull *nd _mem_save_ous_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, *r->out.ous, 0); NDR_CHECK(ndr_pull_array_size(ndr, r->out.ous)); - NDR_PULL_ALLOC_N(ndr, *r->out.ous, ndr_get_array_size(ndr, r->out.ous)); + size_ous_2 = ndr_get_array_size(ndr, r->out.ous); + NDR_PULL_ALLOC_N(ndr, *r->out.ous, size_ous_2); _mem_save_ous_2 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, *r->out.ous, 0); - for (cntr_ous_2 = 0; cntr_ous_2 < *r->out.num_ous; cntr_ous_2++) { + for (cntr_ous_2 = 0; cntr_ous_2 < size_ous_2; cntr_ous_2++) { NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_ous)); if (_ptr_ous) { NDR_PULL_ALLOC(ndr, (*r->out.ous)[cntr_ous_2]); @@ -9669,17 +10047,19 @@ static enum ndr_err_code ndr_pull_wkssvc_NetrGetJoinableOus2(struct ndr_pull *nd (*r->out.ous)[cntr_ous_2] = NULL; } } - for (cntr_ous_2 = 0; cntr_ous_2 < *r->out.num_ous; cntr_ous_2++) { + for (cntr_ous_2 = 0; cntr_ous_2 < size_ous_2; cntr_ous_2++) { if ((*r->out.ous)[cntr_ous_2]) { _mem_save_ous_3 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, (*r->out.ous)[cntr_ous_2], 0); NDR_CHECK(ndr_pull_array_size(ndr, &(*r->out.ous)[cntr_ous_2])); NDR_CHECK(ndr_pull_array_length(ndr, &(*r->out.ous)[cntr_ous_2])); - if (ndr_get_array_length(ndr, &(*r->out.ous)[cntr_ous_2]) > ndr_get_array_size(ndr, &(*r->out.ous)[cntr_ous_2])) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &(*r->out.ous)[cntr_ous_2]), ndr_get_array_length(ndr, &(*r->out.ous)[cntr_ous_2])); + size_ous_4 = ndr_get_array_size(ndr, &(*r->out.ous)[cntr_ous_2]); + length_ous_4 = ndr_get_array_length(ndr, &(*r->out.ous)[cntr_ous_2]); + if (length_ous_4 > size_ous_4) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_ous_4, length_ous_4); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &(*r->out.ous)[cntr_ous_2]), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &(*r->out.ous)[cntr_ous_2], ndr_get_array_length(ndr, &(*r->out.ous)[cntr_ous_2]), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_ous_4, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &(*r->out.ous)[cntr_ous_2], length_ous_4, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_ous_3, 0); } } @@ -9809,8 +10189,14 @@ static enum ndr_err_code ndr_push_wkssvc_NetrAddAlternateComputerName(struct ndr static enum ndr_err_code ndr_pull_wkssvc_NetrAddAlternateComputerName(struct ndr_pull *ndr, int flags, struct wkssvc_NetrAddAlternateComputerName *r) { uint32_t _ptr_server_name; + uint32_t size_server_name_1 = 0; + uint32_t length_server_name_1 = 0; uint32_t _ptr_NewAlternateMachineName; + uint32_t size_NewAlternateMachineName_1 = 0; + uint32_t length_NewAlternateMachineName_1 = 0; uint32_t _ptr_Account; + uint32_t size_Account_1 = 0; + uint32_t length_Account_1 = 0; uint32_t _ptr_EncryptedPassword; TALLOC_CTX *_mem_save_server_name_0; TALLOC_CTX *_mem_save_NewAlternateMachineName_0; @@ -9828,11 +10214,13 @@ static enum ndr_err_code ndr_pull_wkssvc_NetrAddAlternateComputerName(struct ndr NDR_PULL_SET_MEM_CTX(ndr, r->in.server_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.server_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.server_name)); - if (ndr_get_array_length(ndr, &r->in.server_name) > ndr_get_array_size(ndr, &r->in.server_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.server_name), ndr_get_array_length(ndr, &r->in.server_name)); + size_server_name_1 = ndr_get_array_size(ndr, &r->in.server_name); + length_server_name_1 = ndr_get_array_length(ndr, &r->in.server_name); + if (length_server_name_1 > size_server_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_name_1, length_server_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.server_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_name, ndr_get_array_length(ndr, &r->in.server_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_name, length_server_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_name_0, 0); } NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_NewAlternateMachineName)); @@ -9846,11 +10234,13 @@ static enum ndr_err_code ndr_pull_wkssvc_NetrAddAlternateComputerName(struct ndr NDR_PULL_SET_MEM_CTX(ndr, r->in.NewAlternateMachineName, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.NewAlternateMachineName)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.NewAlternateMachineName)); - if (ndr_get_array_length(ndr, &r->in.NewAlternateMachineName) > ndr_get_array_size(ndr, &r->in.NewAlternateMachineName)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.NewAlternateMachineName), ndr_get_array_length(ndr, &r->in.NewAlternateMachineName)); + size_NewAlternateMachineName_1 = ndr_get_array_size(ndr, &r->in.NewAlternateMachineName); + length_NewAlternateMachineName_1 = ndr_get_array_length(ndr, &r->in.NewAlternateMachineName); + if (length_NewAlternateMachineName_1 > size_NewAlternateMachineName_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_NewAlternateMachineName_1, length_NewAlternateMachineName_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.NewAlternateMachineName), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.NewAlternateMachineName, ndr_get_array_length(ndr, &r->in.NewAlternateMachineName), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_NewAlternateMachineName_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.NewAlternateMachineName, length_NewAlternateMachineName_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_NewAlternateMachineName_0, 0); } NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_Account)); @@ -9864,11 +10254,13 @@ static enum ndr_err_code ndr_pull_wkssvc_NetrAddAlternateComputerName(struct ndr NDR_PULL_SET_MEM_CTX(ndr, r->in.Account, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.Account)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.Account)); - if (ndr_get_array_length(ndr, &r->in.Account) > ndr_get_array_size(ndr, &r->in.Account)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.Account), ndr_get_array_length(ndr, &r->in.Account)); + size_Account_1 = ndr_get_array_size(ndr, &r->in.Account); + length_Account_1 = ndr_get_array_length(ndr, &r->in.Account); + if (length_Account_1 > size_Account_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_Account_1, length_Account_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.Account), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.Account, ndr_get_array_length(ndr, &r->in.Account), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_Account_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.Account, length_Account_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_Account_0, 0); } NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_EncryptedPassword)); @@ -9976,8 +10368,14 @@ static enum ndr_err_code ndr_push_wkssvc_NetrRemoveAlternateComputerName(struct static enum ndr_err_code ndr_pull_wkssvc_NetrRemoveAlternateComputerName(struct ndr_pull *ndr, int flags, struct wkssvc_NetrRemoveAlternateComputerName *r) { uint32_t _ptr_server_name; + uint32_t size_server_name_1 = 0; + uint32_t length_server_name_1 = 0; uint32_t _ptr_AlternateMachineNameToRemove; + uint32_t size_AlternateMachineNameToRemove_1 = 0; + uint32_t length_AlternateMachineNameToRemove_1 = 0; uint32_t _ptr_Account; + uint32_t size_Account_1 = 0; + uint32_t length_Account_1 = 0; uint32_t _ptr_EncryptedPassword; TALLOC_CTX *_mem_save_server_name_0; TALLOC_CTX *_mem_save_AlternateMachineNameToRemove_0; @@ -9995,11 +10393,13 @@ static enum ndr_err_code ndr_pull_wkssvc_NetrRemoveAlternateComputerName(struct NDR_PULL_SET_MEM_CTX(ndr, r->in.server_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.server_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.server_name)); - if (ndr_get_array_length(ndr, &r->in.server_name) > ndr_get_array_size(ndr, &r->in.server_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.server_name), ndr_get_array_length(ndr, &r->in.server_name)); + size_server_name_1 = ndr_get_array_size(ndr, &r->in.server_name); + length_server_name_1 = ndr_get_array_length(ndr, &r->in.server_name); + if (length_server_name_1 > size_server_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_name_1, length_server_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.server_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_name, ndr_get_array_length(ndr, &r->in.server_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_name, length_server_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_name_0, 0); } NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_AlternateMachineNameToRemove)); @@ -10013,11 +10413,13 @@ static enum ndr_err_code ndr_pull_wkssvc_NetrRemoveAlternateComputerName(struct NDR_PULL_SET_MEM_CTX(ndr, r->in.AlternateMachineNameToRemove, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.AlternateMachineNameToRemove)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.AlternateMachineNameToRemove)); - if (ndr_get_array_length(ndr, &r->in.AlternateMachineNameToRemove) > ndr_get_array_size(ndr, &r->in.AlternateMachineNameToRemove)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.AlternateMachineNameToRemove), ndr_get_array_length(ndr, &r->in.AlternateMachineNameToRemove)); + size_AlternateMachineNameToRemove_1 = ndr_get_array_size(ndr, &r->in.AlternateMachineNameToRemove); + length_AlternateMachineNameToRemove_1 = ndr_get_array_length(ndr, &r->in.AlternateMachineNameToRemove); + if (length_AlternateMachineNameToRemove_1 > size_AlternateMachineNameToRemove_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_AlternateMachineNameToRemove_1, length_AlternateMachineNameToRemove_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.AlternateMachineNameToRemove), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.AlternateMachineNameToRemove, ndr_get_array_length(ndr, &r->in.AlternateMachineNameToRemove), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_AlternateMachineNameToRemove_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.AlternateMachineNameToRemove, length_AlternateMachineNameToRemove_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_AlternateMachineNameToRemove_0, 0); } NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_Account)); @@ -10031,11 +10433,13 @@ static enum ndr_err_code ndr_pull_wkssvc_NetrRemoveAlternateComputerName(struct NDR_PULL_SET_MEM_CTX(ndr, r->in.Account, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.Account)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.Account)); - if (ndr_get_array_length(ndr, &r->in.Account) > ndr_get_array_size(ndr, &r->in.Account)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.Account), ndr_get_array_length(ndr, &r->in.Account)); + size_Account_1 = ndr_get_array_size(ndr, &r->in.Account); + length_Account_1 = ndr_get_array_length(ndr, &r->in.Account); + if (length_Account_1 > size_Account_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_Account_1, length_Account_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.Account), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.Account, ndr_get_array_length(ndr, &r->in.Account), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_Account_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.Account, length_Account_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_Account_0, 0); } NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_EncryptedPassword)); @@ -10143,8 +10547,14 @@ static enum ndr_err_code ndr_push_wkssvc_NetrSetPrimaryComputername(struct ndr_p static enum ndr_err_code ndr_pull_wkssvc_NetrSetPrimaryComputername(struct ndr_pull *ndr, int flags, struct wkssvc_NetrSetPrimaryComputername *r) { uint32_t _ptr_server_name; + uint32_t size_server_name_1 = 0; + uint32_t length_server_name_1 = 0; uint32_t _ptr_primary_name; + uint32_t size_primary_name_1 = 0; + uint32_t length_primary_name_1 = 0; uint32_t _ptr_Account; + uint32_t size_Account_1 = 0; + uint32_t length_Account_1 = 0; uint32_t _ptr_EncryptedPassword; TALLOC_CTX *_mem_save_server_name_0; TALLOC_CTX *_mem_save_primary_name_0; @@ -10162,11 +10572,13 @@ static enum ndr_err_code ndr_pull_wkssvc_NetrSetPrimaryComputername(struct ndr_p NDR_PULL_SET_MEM_CTX(ndr, r->in.server_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.server_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.server_name)); - if (ndr_get_array_length(ndr, &r->in.server_name) > ndr_get_array_size(ndr, &r->in.server_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.server_name), ndr_get_array_length(ndr, &r->in.server_name)); + size_server_name_1 = ndr_get_array_size(ndr, &r->in.server_name); + length_server_name_1 = ndr_get_array_length(ndr, &r->in.server_name); + if (length_server_name_1 > size_server_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_name_1, length_server_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.server_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_name, ndr_get_array_length(ndr, &r->in.server_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_name, length_server_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_name_0, 0); } NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_primary_name)); @@ -10180,11 +10592,13 @@ static enum ndr_err_code ndr_pull_wkssvc_NetrSetPrimaryComputername(struct ndr_p NDR_PULL_SET_MEM_CTX(ndr, r->in.primary_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.primary_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.primary_name)); - if (ndr_get_array_length(ndr, &r->in.primary_name) > ndr_get_array_size(ndr, &r->in.primary_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.primary_name), ndr_get_array_length(ndr, &r->in.primary_name)); + size_primary_name_1 = ndr_get_array_size(ndr, &r->in.primary_name); + length_primary_name_1 = ndr_get_array_length(ndr, &r->in.primary_name); + if (length_primary_name_1 > size_primary_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_primary_name_1, length_primary_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.primary_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.primary_name, ndr_get_array_length(ndr, &r->in.primary_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_primary_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.primary_name, length_primary_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_primary_name_0, 0); } NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_Account)); @@ -10198,11 +10612,13 @@ static enum ndr_err_code ndr_pull_wkssvc_NetrSetPrimaryComputername(struct ndr_p NDR_PULL_SET_MEM_CTX(ndr, r->in.Account, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.Account)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.Account)); - if (ndr_get_array_length(ndr, &r->in.Account) > ndr_get_array_size(ndr, &r->in.Account)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.Account), ndr_get_array_length(ndr, &r->in.Account)); + size_Account_1 = ndr_get_array_size(ndr, &r->in.Account); + length_Account_1 = ndr_get_array_length(ndr, &r->in.Account); + if (length_Account_1 > size_Account_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_Account_1, length_Account_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.Account), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.Account, ndr_get_array_length(ndr, &r->in.Account), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_Account_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.Account, length_Account_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_Account_0, 0); } NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_EncryptedPassword)); @@ -10300,6 +10716,8 @@ static enum ndr_err_code ndr_push_wkssvc_NetrEnumerateComputerNames(struct ndr_p static enum ndr_err_code ndr_pull_wkssvc_NetrEnumerateComputerNames(struct ndr_pull *ndr, int flags, struct wkssvc_NetrEnumerateComputerNames *r) { uint32_t _ptr_server_name; + uint32_t size_server_name_1 = 0; + uint32_t length_server_name_1 = 0; uint32_t _ptr_ctr; TALLOC_CTX *_mem_save_server_name_0; TALLOC_CTX *_mem_save_ctr_0; @@ -10318,11 +10736,13 @@ static enum ndr_err_code ndr_pull_wkssvc_NetrEnumerateComputerNames(struct ndr_p NDR_PULL_SET_MEM_CTX(ndr, r->in.server_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.server_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.server_name)); - if (ndr_get_array_length(ndr, &r->in.server_name) > ndr_get_array_size(ndr, &r->in.server_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.server_name), ndr_get_array_length(ndr, &r->in.server_name)); + size_server_name_1 = ndr_get_array_size(ndr, &r->in.server_name); + length_server_name_1 = ndr_get_array_length(ndr, &r->in.server_name); + if (length_server_name_1 > size_server_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_name_1, length_server_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.server_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_name, ndr_get_array_length(ndr, &r->in.server_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_name, length_server_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_name_0, 0); } NDR_CHECK(ndr_pull_wkssvc_ComputerNameType(ndr, NDR_SCALARS, &r->in.name_type)); diff --git a/librpc/gen_ndr/ndr_xattr.c b/librpc/gen_ndr/ndr_xattr.c index d217a00..a020ea3 100644 --- a/librpc/gen_ndr/ndr_xattr.c +++ b/librpc/gen_ndr/ndr_xattr.c @@ -305,6 +305,7 @@ _PUBLIC_ enum ndr_err_code ndr_push_xattr_DosEAs(struct ndr_push *ndr, int ndr_f _PUBLIC_ enum ndr_err_code ndr_pull_xattr_DosEAs(struct ndr_pull *ndr, int ndr_flags, struct xattr_DosEAs *r) { uint32_t _ptr_eas; + uint32_t size_eas_1 = 0; uint32_t cntr_eas_1; TALLOC_CTX *_mem_save_eas_0; TALLOC_CTX *_mem_save_eas_1; @@ -323,10 +324,11 @@ _PUBLIC_ enum ndr_err_code ndr_pull_xattr_DosEAs(struct ndr_pull *ndr, int ndr_f _mem_save_eas_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->eas, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->eas)); - NDR_PULL_ALLOC_N(ndr, r->eas, ndr_get_array_size(ndr, &r->eas)); + size_eas_1 = ndr_get_array_size(ndr, &r->eas); + NDR_PULL_ALLOC_N(ndr, r->eas, size_eas_1); _mem_save_eas_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->eas, 0); - for (cntr_eas_1 = 0; cntr_eas_1 < r->num_eas; cntr_eas_1++) { + for (cntr_eas_1 = 0; cntr_eas_1 < size_eas_1; cntr_eas_1++) { NDR_CHECK(ndr_pull_xattr_EA(ndr, NDR_SCALARS, &r->eas[cntr_eas_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_eas_1, 0); @@ -380,15 +382,17 @@ _PUBLIC_ enum ndr_err_code ndr_push_tdb_xattrs(struct ndr_push *ndr, int ndr_fla _PUBLIC_ enum ndr_err_code ndr_pull_tdb_xattrs(struct ndr_pull *ndr, int ndr_flags, struct tdb_xattrs *r) { + uint32_t size_eas_0 = 0; uint32_t cntr_eas_0; TALLOC_CTX *_mem_save_eas_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->num_eas)); - NDR_PULL_ALLOC_N(ndr, r->eas, r->num_eas); + size_eas_0 = r->num_eas; + NDR_PULL_ALLOC_N(ndr, r->eas, size_eas_0); _mem_save_eas_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->eas, 0); - for (cntr_eas_0 = 0; cntr_eas_0 < r->num_eas; cntr_eas_0++) { + for (cntr_eas_0 = 0; cntr_eas_0 < size_eas_0; cntr_eas_0++) { NDR_CHECK(ndr_pull_xattr_EA(ndr, NDR_SCALARS, &r->eas[cntr_eas_0])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_eas_0, 0); @@ -488,6 +492,7 @@ _PUBLIC_ enum ndr_err_code ndr_push_xattr_DosStreams(struct ndr_push *ndr, int n _PUBLIC_ enum ndr_err_code ndr_pull_xattr_DosStreams(struct ndr_pull *ndr, int ndr_flags, struct xattr_DosStreams *r) { uint32_t _ptr_streams; + uint32_t size_streams_1 = 0; uint32_t cntr_streams_1; TALLOC_CTX *_mem_save_streams_0; TALLOC_CTX *_mem_save_streams_1; @@ -506,10 +511,11 @@ _PUBLIC_ enum ndr_err_code ndr_pull_xattr_DosStreams(struct ndr_pull *ndr, int n _mem_save_streams_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->streams, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->streams)); - NDR_PULL_ALLOC_N(ndr, r->streams, ndr_get_array_size(ndr, &r->streams)); + size_streams_1 = ndr_get_array_size(ndr, &r->streams); + NDR_PULL_ALLOC_N(ndr, r->streams, size_streams_1); _mem_save_streams_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->streams, 0); - for (cntr_streams_1 = 0; cntr_streams_1 < r->num_streams; cntr_streams_1++) { + for (cntr_streams_1 = 0; cntr_streams_1 < size_streams_1; cntr_streams_1++) { NDR_CHECK(ndr_pull_xattr_DosStream(ndr, NDR_SCALARS, &r->streams[cntr_streams_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_streams_1, 0); @@ -565,6 +571,7 @@ _PUBLIC_ enum ndr_err_code ndr_pull_security_descriptor_hash(struct ndr_pull *nd { uint32_t _ptr_sd; TALLOC_CTX *_mem_save_sd_0; + uint32_t size_hash_0 = 0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_sd)); @@ -573,7 +580,8 @@ _PUBLIC_ enum ndr_err_code ndr_pull_security_descriptor_hash(struct ndr_pull *nd } else { r->sd = NULL; } - NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->hash, 16)); + size_hash_0 = 16; + NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->hash, size_hash_0)); } if (ndr_flags & NDR_BUFFERS) { if (r->sd) { @@ -645,7 +653,9 @@ static enum ndr_err_code ndr_pull_xattr_NTACL_Info(struct ndr_pull *ndr, int ndr int level; uint16_t _level; TALLOC_CTX *_mem_save_sd_0; + uint32_t _ptr_sd; TALLOC_CTX *_mem_save_sd_hs_0; + uint32_t _ptr_sd_hs; level = ndr_pull_get_switch_value(ndr, r); if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, &_level)); @@ -654,7 +664,6 @@ static enum ndr_err_code ndr_pull_xattr_NTACL_Info(struct ndr_pull *ndr, int ndr } switch (level) { case 1: { - uint32_t _ptr_sd; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_sd)); if (_ptr_sd) { NDR_PULL_ALLOC(ndr, r->sd); @@ -664,7 +673,6 @@ static enum ndr_err_code ndr_pull_xattr_NTACL_Info(struct ndr_pull *ndr, int ndr break; } case 2: { - uint32_t _ptr_sd_hs; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_sd_hs)); if (_ptr_sd_hs) { NDR_PULL_ALLOC(ndr, r->sd_hs); diff --git a/source3/librpc/gen_ndr/ndr_libnetapi.c b/source3/librpc/gen_ndr/ndr_libnetapi.c index 25956bf..ab2298f 100644 --- a/source3/librpc/gen_ndr/ndr_libnetapi.c +++ b/source3/librpc/gen_ndr/ndr_libnetapi.c @@ -46,17 +46,21 @@ _PUBLIC_ enum ndr_err_code ndr_push_domsid(struct ndr_push *ndr, int ndr_flags, _PUBLIC_ enum ndr_err_code ndr_pull_domsid(struct ndr_pull *ndr, int ndr_flags, struct domsid *r) { + uint32_t size_id_auth_0 = 0; + uint32_t size_sub_auths_0 = 0; uint32_t cntr_sub_auths_0; TALLOC_CTX *_mem_save_sub_auths_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); NDR_CHECK(ndr_pull_uint8(ndr, NDR_SCALARS, &r->sid_rev_num)); NDR_CHECK(ndr_pull_uint8(ndr, NDR_SCALARS, &r->num_auths)); - NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->id_auth, 6)); - NDR_PULL_ALLOC_N(ndr, r->sub_auths, MAXSUBAUTHS); + size_id_auth_0 = 6; + NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->id_auth, size_id_auth_0)); + size_sub_auths_0 = MAXSUBAUTHS; + NDR_PULL_ALLOC_N(ndr, r->sub_auths, size_sub_auths_0); _mem_save_sub_auths_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->sub_auths, 0); - for (cntr_sub_auths_0 = 0; cntr_sub_auths_0 < MAXSUBAUTHS; cntr_sub_auths_0++) { + for (cntr_sub_auths_0 = 0; cntr_sub_auths_0 < size_sub_auths_0; cntr_sub_auths_0++) { NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->sub_auths[cntr_sub_auths_0])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_sub_auths_0, 0); @@ -4664,10 +4668,12 @@ _PUBLIC_ enum ndr_err_code ndr_push_USER_INFO_21(struct ndr_push *ndr, int ndr_f _PUBLIC_ enum ndr_err_code ndr_pull_USER_INFO_21(struct ndr_pull *ndr, int ndr_flags, struct USER_INFO_21 *r) { + uint32_t size_usri21_password_0 = 0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 1)); - NDR_PULL_ALLOC_N(ndr, r->usri21_password, ENCRYPTED_PWLEN); - NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->usri21_password, ENCRYPTED_PWLEN)); + size_usri21_password_0 = ENCRYPTED_PWLEN; + NDR_PULL_ALLOC_N(ndr, r->usri21_password, size_usri21_password_0); + NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->usri21_password, size_usri21_password_0)); } if (ndr_flags & NDR_BUFFERS) { } @@ -4721,13 +4727,15 @@ _PUBLIC_ enum ndr_err_code ndr_push_USER_INFO_22(struct ndr_push *ndr, int ndr_f _PUBLIC_ enum ndr_err_code ndr_pull_USER_INFO_22(struct ndr_pull *ndr, int ndr_flags, struct USER_INFO_22 *r) { + uint32_t size_usri22_password_0 = 0; uint32_t _ptr_usri22_logon_hours; TALLOC_CTX *_mem_save_usri22_logon_hours_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); NDR_CHECK(ndr_pull_string(ndr, NDR_SCALARS, &r->usri22_name)); - NDR_PULL_ALLOC_N(ndr, r->usri22_password, ENCRYPTED_PWLEN); - NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->usri22_password, ENCRYPTED_PWLEN)); + size_usri22_password_0 = ENCRYPTED_PWLEN; + NDR_PULL_ALLOC_N(ndr, r->usri22_password, size_usri22_password_0); + NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->usri22_password, size_usri22_password_0)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->usri22_password_age)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->usri22_priv)); NDR_CHECK(ndr_pull_string(ndr, NDR_SCALARS, &r->usri22_home_dir)); diff --git a/source3/librpc/gen_ndr/ndr_messaging.c b/source3/librpc/gen_ndr/ndr_messaging.c index e1e95ee..8eb778f 100644 --- a/source3/librpc/gen_ndr/ndr_messaging.c +++ b/source3/librpc/gen_ndr/ndr_messaging.c @@ -144,23 +144,26 @@ _PUBLIC_ enum ndr_err_code ndr_push_messaging_array(struct ndr_push *ndr, int nd _PUBLIC_ enum ndr_err_code ndr_pull_messaging_array(struct ndr_pull *ndr, int ndr_flags, struct messaging_array *r) { + uint32_t size_messages_0 = 0; uint32_t cntr_messages_0; TALLOC_CTX *_mem_save_messages_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->num_messages)); - NDR_PULL_ALLOC_N(ndr, r->messages, r->num_messages); + size_messages_0 = r->num_messages; + NDR_PULL_ALLOC_N(ndr, r->messages, size_messages_0); _mem_save_messages_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->messages, 0); - for (cntr_messages_0 = 0; cntr_messages_0 < r->num_messages; cntr_messages_0++) { + for (cntr_messages_0 = 0; cntr_messages_0 < size_messages_0; cntr_messages_0++) { NDR_CHECK(ndr_pull_messaging_rec(ndr, NDR_SCALARS, &r->messages[cntr_messages_0])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_messages_0, 0); } if (ndr_flags & NDR_BUFFERS) { + size_messages_0 = r->num_messages; _mem_save_messages_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->messages, 0); - for (cntr_messages_0 = 0; cntr_messages_0 < r->num_messages; cntr_messages_0++) { + for (cntr_messages_0 = 0; cntr_messages_0 < size_messages_0; cntr_messages_0++) { NDR_CHECK(ndr_pull_messaging_rec(ndr, NDR_BUFFERS, &r->messages[cntr_messages_0])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_messages_0, 0); @@ -213,27 +216,35 @@ _PUBLIC_ enum ndr_err_code ndr_push_dbwrap_tdb2_changes(struct ndr_push *ndr, in _PUBLIC_ enum ndr_err_code ndr_pull_dbwrap_tdb2_changes(struct ndr_pull *ndr, int ndr_flags, struct dbwrap_tdb2_changes *r) { + uint32_t size_magic_string_0 = 0; + uint32_t size_name_0 = 0; + uint32_t length_name_0 = 0; + uint32_t size_keys_0 = 0; uint32_t cntr_keys_0; TALLOC_CTX *_mem_save_keys_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->magic_string, 4, sizeof(uint8_t), CH_DOS)); + size_magic_string_0 = 4; + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->magic_string, size_magic_string_0, sizeof(uint8_t), CH_DOS)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->magic_version)); NDR_CHECK(ndr_pull_array_size(ndr, &r->name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->name)); - if (ndr_get_array_length(ndr, &r->name) > ndr_get_array_size(ndr, &r->name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->name), ndr_get_array_length(ndr, &r->name)); + size_name_0 = ndr_get_array_size(ndr, &r->name); + length_name_0 = ndr_get_array_length(ndr, &r->name); + if (length_name_0 > size_name_0) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_name_0, length_name_0); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->name), sizeof(uint8_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->name, ndr_get_array_length(ndr, &r->name), sizeof(uint8_t), CH_UTF8)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_name_0, sizeof(uint8_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->name, length_name_0, sizeof(uint8_t), CH_UTF8)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->old_seqnum)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->new_seqnum)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->num_changes)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->num_keys)); - NDR_PULL_ALLOC_N(ndr, r->keys, r->num_keys); + size_keys_0 = r->num_keys; + NDR_PULL_ALLOC_N(ndr, r->keys, size_keys_0); _mem_save_keys_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->keys, 0); - for (cntr_keys_0 = 0; cntr_keys_0 < r->num_keys; cntr_keys_0++) { + for (cntr_keys_0 = 0; cntr_keys_0 < size_keys_0; cntr_keys_0++) { NDR_CHECK(ndr_pull_DATA_BLOB(ndr, NDR_SCALARS, &r->keys[cntr_keys_0])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_keys_0, 0); diff --git a/source3/librpc/gen_ndr/ndr_notify.c b/source3/librpc/gen_ndr/ndr_notify.c index d4ac42e..7e561de 100644 --- a/source3/librpc/gen_ndr/ndr_notify.c +++ b/source3/librpc/gen_ndr/ndr_notify.c @@ -90,6 +90,7 @@ static enum ndr_err_code ndr_push_notify_depth(struct ndr_push *ndr, int ndr_fla static enum ndr_err_code ndr_pull_notify_depth(struct ndr_pull *ndr, int ndr_flags, struct notify_depth *r) { + uint32_t size_entries_0 = 0; uint32_t cntr_entries_0; TALLOC_CTX *_mem_save_entries_0; if (ndr_flags & NDR_SCALARS) { @@ -97,18 +98,20 @@ static enum ndr_err_code ndr_pull_notify_depth(struct ndr_pull *ndr, int ndr_fla NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->max_mask)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->max_mask_subdir)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->num_entries)); - NDR_PULL_ALLOC_N(ndr, r->entries, r->num_entries); + size_entries_0 = r->num_entries; + NDR_PULL_ALLOC_N(ndr, r->entries, size_entries_0); _mem_save_entries_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->entries, 0); - for (cntr_entries_0 = 0; cntr_entries_0 < r->num_entries; cntr_entries_0++) { + for (cntr_entries_0 = 0; cntr_entries_0 < size_entries_0; cntr_entries_0++) { NDR_CHECK(ndr_pull_notify_entry(ndr, NDR_SCALARS, &r->entries[cntr_entries_0])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_entries_0, 0); } if (ndr_flags & NDR_BUFFERS) { + size_entries_0 = r->num_entries; _mem_save_entries_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->entries, 0); - for (cntr_entries_0 = 0; cntr_entries_0 < r->num_entries; cntr_entries_0++) { + for (cntr_entries_0 = 0; cntr_entries_0 < size_entries_0; cntr_entries_0++) { NDR_CHECK(ndr_pull_notify_entry(ndr, NDR_BUFFERS, &r->entries[cntr_entries_0])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_entries_0, 0); @@ -157,23 +160,26 @@ _PUBLIC_ enum ndr_err_code ndr_push_notify_array(struct ndr_push *ndr, int ndr_f _PUBLIC_ enum ndr_err_code ndr_pull_notify_array(struct ndr_pull *ndr, int ndr_flags, struct notify_array *r) { + uint32_t size_depth_0 = 0; uint32_t cntr_depth_0; TALLOC_CTX *_mem_save_depth_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 8)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->num_depths)); - NDR_PULL_ALLOC_N(ndr, r->depth, r->num_depths); + size_depth_0 = r->num_depths; + NDR_PULL_ALLOC_N(ndr, r->depth, size_depth_0); _mem_save_depth_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->depth, 0); - for (cntr_depth_0 = 0; cntr_depth_0 < r->num_depths; cntr_depth_0++) { + for (cntr_depth_0 = 0; cntr_depth_0 < size_depth_0; cntr_depth_0++) { NDR_CHECK(ndr_pull_notify_depth(ndr, NDR_SCALARS, &r->depth[cntr_depth_0])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_depth_0, 0); } if (ndr_flags & NDR_BUFFERS) { + size_depth_0 = r->num_depths; _mem_save_depth_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->depth, 0); - for (cntr_depth_0 = 0; cntr_depth_0 < r->num_depths; cntr_depth_0++) { + for (cntr_depth_0 = 0; cntr_depth_0 < size_depth_0; cntr_depth_0++) { NDR_CHECK(ndr_pull_notify_depth(ndr, NDR_BUFFERS, &r->depth[cntr_depth_0])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_depth_0, 0); diff --git a/source3/librpc/gen_ndr/ndr_printcap.c b/source3/librpc/gen_ndr/ndr_printcap.c index b6c7ba6..e693027 100644 --- a/source3/librpc/gen_ndr/ndr_printcap.c +++ b/source3/librpc/gen_ndr/ndr_printcap.c @@ -30,8 +30,12 @@ static enum ndr_err_code ndr_push_pcap_printer(struct ndr_push *ndr, int ndr_fla static enum ndr_err_code ndr_pull_pcap_printer(struct ndr_pull *ndr, int ndr_flags, struct pcap_printer *r) { uint32_t _ptr_name; + uint32_t size_name_1 = 0; + uint32_t length_name_1 = 0; TALLOC_CTX *_mem_save_name_0; uint32_t _ptr_info; + uint32_t size_info_1 = 0; + uint32_t length_info_1 = 0; TALLOC_CTX *_mem_save_info_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); @@ -54,11 +58,13 @@ static enum ndr_err_code ndr_pull_pcap_printer(struct ndr_pull *ndr, int ndr_fla NDR_PULL_SET_MEM_CTX(ndr, r->name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->name)); - if (ndr_get_array_length(ndr, &r->name) > ndr_get_array_size(ndr, &r->name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->name), ndr_get_array_length(ndr, &r->name)); + size_name_1 = ndr_get_array_size(ndr, &r->name); + length_name_1 = ndr_get_array_length(ndr, &r->name); + if (length_name_1 > size_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_name_1, length_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->name), sizeof(uint8_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->name, ndr_get_array_length(ndr, &r->name), sizeof(uint8_t), CH_UTF8)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_name_1, sizeof(uint8_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->name, length_name_1, sizeof(uint8_t), CH_UTF8)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_name_0, 0); } if (r->info) { @@ -66,11 +72,13 @@ static enum ndr_err_code ndr_pull_pcap_printer(struct ndr_pull *ndr, int ndr_fla NDR_PULL_SET_MEM_CTX(ndr, r->info, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->info)); NDR_CHECK(ndr_pull_array_length(ndr, &r->info)); - if (ndr_get_array_length(ndr, &r->info) > ndr_get_array_size(ndr, &r->info)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->info), ndr_get_array_length(ndr, &r->info)); + size_info_1 = ndr_get_array_size(ndr, &r->info); + length_info_1 = ndr_get_array_length(ndr, &r->info); + if (length_info_1 > size_info_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_info_1, length_info_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->info), sizeof(uint8_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->info, ndr_get_array_length(ndr, &r->info), sizeof(uint8_t), CH_UTF8)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_info_1, sizeof(uint8_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->info, length_info_1, sizeof(uint8_t), CH_UTF8)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_info_0, 0); } } @@ -118,6 +126,7 @@ _PUBLIC_ enum ndr_err_code ndr_push_pcap_data(struct ndr_push *ndr, int ndr_flag _PUBLIC_ enum ndr_err_code ndr_pull_pcap_data(struct ndr_pull *ndr, int ndr_flags, struct pcap_data *r) { + uint32_t size_printers_0 = 0; uint32_t cntr_printers_0; TALLOC_CTX *_mem_save_printers_0; if (ndr_flags & NDR_SCALARS) { @@ -125,10 +134,11 @@ _PUBLIC_ enum ndr_err_code ndr_pull_pcap_data(struct ndr_pull *ndr, int ndr_flag NDR_CHECK(ndr_pull_align(ndr, 4)); NDR_CHECK(ndr_pull_NTSTATUS(ndr, NDR_SCALARS, &r->status)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->count)); - NDR_PULL_ALLOC_N(ndr, r->printers, ndr_get_array_size(ndr, &r->printers)); + size_printers_0 = ndr_get_array_size(ndr, &r->printers); + NDR_PULL_ALLOC_N(ndr, r->printers, size_printers_0); _mem_save_printers_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->printers, 0); - for (cntr_printers_0 = 0; cntr_printers_0 < r->count; cntr_printers_0++) { + for (cntr_printers_0 = 0; cntr_printers_0 < size_printers_0; cntr_printers_0++) { NDR_CHECK(ndr_pull_pcap_printer(ndr, NDR_SCALARS, &r->printers[cntr_printers_0])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_printers_0, 0); @@ -137,9 +147,10 @@ _PUBLIC_ enum ndr_err_code ndr_pull_pcap_data(struct ndr_pull *ndr, int ndr_flag } } if (ndr_flags & NDR_BUFFERS) { + size_printers_0 = ndr_get_array_size(ndr, &r->printers); _mem_save_printers_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->printers, 0); - for (cntr_printers_0 = 0; cntr_printers_0 < r->count; cntr_printers_0++) { + for (cntr_printers_0 = 0; cntr_printers_0 < size_printers_0; cntr_printers_0++) { NDR_CHECK(ndr_pull_pcap_printer(ndr, NDR_BUFFERS, &r->printers[cntr_printers_0])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_printers_0, 0); @@ -166,3 +177,4 @@ _PUBLIC_ void ndr_print_pcap_data(struct ndr_print *ndr, const char *name, const ndr->depth--; ndr->depth--; } + -- 1.7.4.1