diff options
Diffstat (limited to 'librpc/gen_ndr/ndr_drsuapi.c')
| -rw-r--r-- | librpc/gen_ndr/ndr_drsuapi.c | 971 |
1 files changed, 637 insertions, 334 deletions
diff --git a/librpc/gen_ndr/ndr_drsuapi.c b/librpc/gen_ndr/ndr_drsuapi.c index 336f56f6ad2..8ef414cf7d3 100644 --- a/librpc/gen_ndr/ndr_drsuapi.c +++ b/librpc/gen_ndr/ndr_drsuapi.c @@ -455,6 +455,7 @@ _PUBLIC_ enum ndr_err_code ndr_push_drsuapi_DsReplicaObjectIdentifier(struct ndr _PUBLIC_ enum ndr_err_code ndr_pull_drsuapi_DsReplicaObjectIdentifier(struct ndr_pull *ndr, int ndr_flags, struct drsuapi_DsReplicaObjectIdentifier *r) { + uint32_t size_dn_0 = 0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_array_size(ndr, &r->dn)); NDR_CHECK(ndr_pull_align(ndr, 4)); @@ -463,7 +464,8 @@ _PUBLIC_ enum ndr_err_code ndr_pull_drsuapi_DsReplicaObjectIdentifier(struct ndr NDR_CHECK(ndr_pull_GUID(ndr, NDR_SCALARS, &r->guid)); NDR_CHECK(ndr_pull_dom_sid28(ndr, NDR_SCALARS, &r->sid)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->__ndr_size_dn)); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->dn, ndr_get_array_size(ndr, &r->dn), sizeof(uint16_t), CH_UTF16)); + size_dn_0 = ndr_get_array_size(ndr, &r->dn); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->dn, size_dn_0, sizeof(uint16_t), CH_UTF16)); if (r->dn) { NDR_CHECK(ndr_check_array_size(ndr, (void*)&r->dn, r->__ndr_size_dn + 1)); } @@ -803,6 +805,7 @@ static enum ndr_err_code ndr_push_drsuapi_DsReplicaCursorCtrEx(struct ndr_push * static enum ndr_err_code ndr_pull_drsuapi_DsReplicaCursorCtrEx(struct ndr_pull *ndr, int ndr_flags, struct drsuapi_DsReplicaCursorCtrEx *r) { + uint32_t size_cursors_0 = 0; uint32_t cntr_cursors_0; TALLOC_CTX *_mem_save_cursors_0; if (ndr_flags & NDR_SCALARS) { @@ -815,10 +818,11 @@ static enum ndr_err_code ndr_pull_drsuapi_DsReplicaCursorCtrEx(struct ndr_pull * return ndr_pull_error(ndr, NDR_ERR_RANGE, "value out of range"); } NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->reserved2)); - NDR_PULL_ALLOC_N(ndr, r->cursors, ndr_get_array_size(ndr, &r->cursors)); + size_cursors_0 = ndr_get_array_size(ndr, &r->cursors); + NDR_PULL_ALLOC_N(ndr, r->cursors, size_cursors_0); _mem_save_cursors_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->cursors, 0); - for (cntr_cursors_0 = 0; cntr_cursors_0 < r->count; cntr_cursors_0++) { + for (cntr_cursors_0 = 0; cntr_cursors_0 < size_cursors_0; cntr_cursors_0++) { NDR_CHECK(ndr_pull_drsuapi_DsReplicaCursor(ndr, NDR_SCALARS, &r->cursors[cntr_cursors_0])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_cursors_0, 0); @@ -1160,6 +1164,7 @@ _PUBLIC_ enum ndr_err_code ndr_push_drsuapi_DsReplicaOIDMapping_Ctr(struct ndr_p _PUBLIC_ enum ndr_err_code ndr_pull_drsuapi_DsReplicaOIDMapping_Ctr(struct ndr_pull *ndr, int ndr_flags, struct drsuapi_DsReplicaOIDMapping_Ctr *r) { uint32_t _ptr_mappings; + uint32_t size_mappings_1 = 0; uint32_t cntr_mappings_1; TALLOC_CTX *_mem_save_mappings_0; TALLOC_CTX *_mem_save_mappings_1; @@ -1181,13 +1186,14 @@ _PUBLIC_ enum ndr_err_code ndr_pull_drsuapi_DsReplicaOIDMapping_Ctr(struct ndr_p _mem_save_mappings_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->mappings, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->mappings)); - NDR_PULL_ALLOC_N(ndr, r->mappings, ndr_get_array_size(ndr, &r->mappings)); + size_mappings_1 = ndr_get_array_size(ndr, &r->mappings); + NDR_PULL_ALLOC_N(ndr, r->mappings, size_mappings_1); _mem_save_mappings_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->mappings, 0); - for (cntr_mappings_1 = 0; cntr_mappings_1 < r->num_mappings; cntr_mappings_1++) { + for (cntr_mappings_1 = 0; cntr_mappings_1 < size_mappings_1; cntr_mappings_1++) { NDR_CHECK(ndr_pull_drsuapi_DsReplicaOIDMapping(ndr, NDR_SCALARS, &r->mappings[cntr_mappings_1])); } - for (cntr_mappings_1 = 0; cntr_mappings_1 < r->num_mappings; cntr_mappings_1++) { + for (cntr_mappings_1 = 0; cntr_mappings_1 < size_mappings_1; cntr_mappings_1++) { NDR_CHECK(ndr_pull_drsuapi_DsReplicaOIDMapping(ndr, NDR_BUFFERS, &r->mappings[cntr_mappings_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_mappings_1, 0); @@ -1343,6 +1349,7 @@ static enum ndr_err_code ndr_push_drsuapi_DsPartialAttributeSet(struct ndr_push static enum ndr_err_code ndr_pull_drsuapi_DsPartialAttributeSet(struct ndr_pull *ndr, int ndr_flags, struct drsuapi_DsPartialAttributeSet *r) { + uint32_t size_attids_0 = 0; uint32_t cntr_attids_0; TALLOC_CTX *_mem_save_attids_0; if (ndr_flags & NDR_SCALARS) { @@ -1354,10 +1361,11 @@ static enum ndr_err_code ndr_pull_drsuapi_DsPartialAttributeSet(struct ndr_pull if (r->num_attids < 1 || r->num_attids > 0x100000) { return ndr_pull_error(ndr, NDR_ERR_RANGE, "value out of range"); } - NDR_PULL_ALLOC_N(ndr, r->attids, ndr_get_array_size(ndr, &r->attids)); + size_attids_0 = ndr_get_array_size(ndr, &r->attids); + NDR_PULL_ALLOC_N(ndr, r->attids, size_attids_0); _mem_save_attids_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->attids, 0); - for (cntr_attids_0 = 0; cntr_attids_0 < r->num_attids; cntr_attids_0++) { + for (cntr_attids_0 = 0; cntr_attids_0 < size_attids_0; cntr_attids_0++) { NDR_CHECK(ndr_pull_drsuapi_DsAttributeId(ndr, NDR_SCALARS, &r->attids[cntr_attids_0])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_attids_0, 0); @@ -1692,6 +1700,7 @@ static enum ndr_err_code ndr_push_drsuapi_DsReplicaCursor2CtrEx(struct ndr_push static enum ndr_err_code ndr_pull_drsuapi_DsReplicaCursor2CtrEx(struct ndr_pull *ndr, int ndr_flags, struct drsuapi_DsReplicaCursor2CtrEx *r) { + uint32_t size_cursors_0 = 0; uint32_t cntr_cursors_0; TALLOC_CTX *_mem_save_cursors_0; if (ndr_flags & NDR_SCALARS) { @@ -1704,10 +1713,11 @@ static enum ndr_err_code ndr_pull_drsuapi_DsReplicaCursor2CtrEx(struct ndr_pull return ndr_pull_error(ndr, NDR_ERR_RANGE, "value out of range"); } NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->reserved2)); - NDR_PULL_ALLOC_N(ndr, r->cursors, ndr_get_array_size(ndr, &r->cursors)); + size_cursors_0 = ndr_get_array_size(ndr, &r->cursors); + NDR_PULL_ALLOC_N(ndr, r->cursors, size_cursors_0); _mem_save_cursors_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->cursors, 0); - for (cntr_cursors_0 = 0; cntr_cursors_0 < r->count; cntr_cursors_0++) { + for (cntr_cursors_0 = 0; cntr_cursors_0 < size_cursors_0; cntr_cursors_0++) { NDR_CHECK(ndr_pull_drsuapi_DsReplicaCursor2(ndr, NDR_SCALARS, &r->cursors[cntr_cursors_0])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_cursors_0, 0); @@ -1824,6 +1834,7 @@ static enum ndr_err_code ndr_push_drsuapi_DsAttributeValueCtr(struct ndr_push *n static enum ndr_err_code ndr_pull_drsuapi_DsAttributeValueCtr(struct ndr_pull *ndr, int ndr_flags, struct drsuapi_DsAttributeValueCtr *r) { uint32_t _ptr_values; + uint32_t size_values_1 = 0; uint32_t cntr_values_1; TALLOC_CTX *_mem_save_values_0; TALLOC_CTX *_mem_save_values_1; @@ -1845,13 +1856,14 @@ static enum ndr_err_code ndr_pull_drsuapi_DsAttributeValueCtr(struct ndr_pull *n _mem_save_values_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->values, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->values)); - NDR_PULL_ALLOC_N(ndr, r->values, ndr_get_array_size(ndr, &r->values)); + size_values_1 = ndr_get_array_size(ndr, &r->values); + NDR_PULL_ALLOC_N(ndr, r->values, size_values_1); _mem_save_values_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->values, 0); - for (cntr_values_1 = 0; cntr_values_1 < r->num_values; cntr_values_1++) { + for (cntr_values_1 = 0; cntr_values_1 < size_values_1; cntr_values_1++) { NDR_CHECK(ndr_pull_drsuapi_DsAttributeValue(ndr, NDR_SCALARS, &r->values[cntr_values_1])); } - for (cntr_values_1 = 0; cntr_values_1 < r->num_values; cntr_values_1++) { + for (cntr_values_1 = 0; cntr_values_1 < size_values_1; cntr_values_1++) { NDR_CHECK(ndr_pull_drsuapi_DsAttributeValue(ndr, NDR_BUFFERS, &r->values[cntr_values_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_values_1, 0); @@ -1907,6 +1919,7 @@ _PUBLIC_ enum ndr_err_code ndr_push_drsuapi_DsReplicaObjectIdentifier3(struct nd _PUBLIC_ enum ndr_err_code ndr_pull_drsuapi_DsReplicaObjectIdentifier3(struct ndr_pull *ndr, int ndr_flags, struct drsuapi_DsReplicaObjectIdentifier3 *r) { + uint32_t size_dn_0 = 0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->__ndr_size)); @@ -1914,7 +1927,8 @@ _PUBLIC_ enum ndr_err_code ndr_pull_drsuapi_DsReplicaObjectIdentifier3(struct nd NDR_CHECK(ndr_pull_GUID(ndr, NDR_SCALARS, &r->guid)); NDR_CHECK(ndr_pull_dom_sid28(ndr, NDR_SCALARS, &r->sid)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->__ndr_size_dn)); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->dn, r->__ndr_size_dn + 1, sizeof(uint16_t), CH_UTF16)); + size_dn_0 = r->__ndr_size_dn + 1; + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->dn, size_dn_0, sizeof(uint16_t), CH_UTF16)); } if (ndr_flags & NDR_BUFFERS) { NDR_CHECK(ndr_pull_dom_sid28(ndr, NDR_BUFFERS, &r->sid)); @@ -1966,6 +1980,7 @@ _PUBLIC_ enum ndr_err_code ndr_push_drsuapi_DsReplicaObjectIdentifier3Binary(str _PUBLIC_ enum ndr_err_code ndr_pull_drsuapi_DsReplicaObjectIdentifier3Binary(struct ndr_pull *ndr, int ndr_flags, struct drsuapi_DsReplicaObjectIdentifier3Binary *r) { + uint32_t size_dn_0 = 0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->__ndr_size)); @@ -1973,7 +1988,8 @@ _PUBLIC_ enum ndr_err_code ndr_pull_drsuapi_DsReplicaObjectIdentifier3Binary(str NDR_CHECK(ndr_pull_GUID(ndr, NDR_SCALARS, &r->guid)); NDR_CHECK(ndr_pull_dom_sid28(ndr, NDR_SCALARS, &r->sid)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->__ndr_size_dn)); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->dn, r->__ndr_size_dn + 1, sizeof(uint16_t), CH_UTF16)); + size_dn_0 = r->__ndr_size_dn + 1; + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->dn, size_dn_0, sizeof(uint16_t), CH_UTF16)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->__ndr_size_binary)); { uint32_t _flags_save_DATA_BLOB = ndr->flags; @@ -2068,6 +2084,7 @@ static enum ndr_err_code ndr_push_drsuapi_DsReplicaAttributeCtr(struct ndr_push static enum ndr_err_code ndr_pull_drsuapi_DsReplicaAttributeCtr(struct ndr_pull *ndr, int ndr_flags, struct drsuapi_DsReplicaAttributeCtr *r) { uint32_t _ptr_attributes; + uint32_t size_attributes_1 = 0; uint32_t cntr_attributes_1; TALLOC_CTX *_mem_save_attributes_0; TALLOC_CTX *_mem_save_attributes_1; @@ -2089,13 +2106,14 @@ static enum ndr_err_code ndr_pull_drsuapi_DsReplicaAttributeCtr(struct ndr_pull _mem_save_attributes_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->attributes, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->attributes)); - NDR_PULL_ALLOC_N(ndr, r->attributes, ndr_get_array_size(ndr, &r->attributes)); + size_attributes_1 = ndr_get_array_size(ndr, &r->attributes); + NDR_PULL_ALLOC_N(ndr, r->attributes, size_attributes_1); _mem_save_attributes_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->attributes, 0); - for (cntr_attributes_1 = 0; cntr_attributes_1 < r->num_attributes; cntr_attributes_1++) { + for (cntr_attributes_1 = 0; cntr_attributes_1 < size_attributes_1; cntr_attributes_1++) { NDR_CHECK(ndr_pull_drsuapi_DsReplicaAttribute(ndr, NDR_SCALARS, &r->attributes[cntr_attributes_1])); } - for (cntr_attributes_1 = 0; cntr_attributes_1 < r->num_attributes; cntr_attributes_1++) { + for (cntr_attributes_1 = 0; cntr_attributes_1 < size_attributes_1; cntr_attributes_1++) { NDR_CHECK(ndr_pull_drsuapi_DsReplicaAttribute(ndr, NDR_BUFFERS, &r->attributes[cntr_attributes_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_attributes_1, 0); @@ -2272,6 +2290,7 @@ _PUBLIC_ enum ndr_err_code ndr_push_drsuapi_DsReplicaMetaDataCtr(struct ndr_push _PUBLIC_ enum ndr_err_code ndr_pull_drsuapi_DsReplicaMetaDataCtr(struct ndr_pull *ndr, int ndr_flags, struct drsuapi_DsReplicaMetaDataCtr *r) { + uint32_t size_meta_data_0 = 0; uint32_t cntr_meta_data_0; TALLOC_CTX *_mem_save_meta_data_0; if (ndr_flags & NDR_SCALARS) { @@ -2281,10 +2300,11 @@ _PUBLIC_ enum ndr_err_code ndr_pull_drsuapi_DsReplicaMetaDataCtr(struct ndr_pull if (r->count > 1048576) { return ndr_pull_error(ndr, NDR_ERR_RANGE, "value out of range"); } - NDR_PULL_ALLOC_N(ndr, r->meta_data, ndr_get_array_size(ndr, &r->meta_data)); + size_meta_data_0 = ndr_get_array_size(ndr, &r->meta_data); + NDR_PULL_ALLOC_N(ndr, r->meta_data, size_meta_data_0); _mem_save_meta_data_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->meta_data, 0); - for (cntr_meta_data_0 = 0; cntr_meta_data_0 < r->count; cntr_meta_data_0++) { + for (cntr_meta_data_0 = 0; cntr_meta_data_0 < size_meta_data_0; cntr_meta_data_0++) { NDR_CHECK(ndr_pull_drsuapi_DsReplicaMetaData(ndr, NDR_SCALARS, &r->meta_data[cntr_meta_data_0])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_meta_data_0, 0); @@ -2675,6 +2695,7 @@ _PUBLIC_ enum ndr_err_code ndr_pull_drsuapi_DsGetNCChangesCtr6(struct ndr_pull * uint32_t _ptr_first_object; TALLOC_CTX *_mem_save_first_object_0; uint32_t _ptr_linked_attributes; + uint32_t size_linked_attributes_1 = 0; uint32_t cntr_linked_attributes_1; TALLOC_CTX *_mem_save_linked_attributes_0; TALLOC_CTX *_mem_save_linked_attributes_1; @@ -2745,13 +2766,14 @@ _PUBLIC_ enum ndr_err_code ndr_pull_drsuapi_DsGetNCChangesCtr6(struct ndr_pull * _mem_save_linked_attributes_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->linked_attributes, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->linked_attributes)); - NDR_PULL_ALLOC_N(ndr, r->linked_attributes, ndr_get_array_size(ndr, &r->linked_attributes)); + size_linked_attributes_1 = ndr_get_array_size(ndr, &r->linked_attributes); + NDR_PULL_ALLOC_N(ndr, r->linked_attributes, size_linked_attributes_1); _mem_save_linked_attributes_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->linked_attributes, 0); - for (cntr_linked_attributes_1 = 0; cntr_linked_attributes_1 < r->linked_attributes_count; cntr_linked_attributes_1++) { + for (cntr_linked_attributes_1 = 0; cntr_linked_attributes_1 < size_linked_attributes_1; cntr_linked_attributes_1++) { NDR_CHECK(ndr_pull_drsuapi_DsReplicaLinkedAttribute(ndr, NDR_SCALARS, &r->linked_attributes[cntr_linked_attributes_1])); } - for (cntr_linked_attributes_1 = 0; cntr_linked_attributes_1 < r->linked_attributes_count; cntr_linked_attributes_1++) { + for (cntr_linked_attributes_1 = 0; cntr_linked_attributes_1 < size_linked_attributes_1; cntr_linked_attributes_1++) { NDR_CHECK(ndr_pull_drsuapi_DsReplicaLinkedAttribute(ndr, NDR_BUFFERS, &r->linked_attributes[cntr_linked_attributes_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_linked_attributes_1, 0); @@ -3546,6 +3568,8 @@ static enum ndr_err_code ndr_pull_drsuapi_DsReplicaUpdateRefsRequest1(struct ndr uint32_t _ptr_naming_context; TALLOC_CTX *_mem_save_naming_context_0; uint32_t _ptr_dest_dsa_dns_name; + uint32_t size_dest_dsa_dns_name_1 = 0; + uint32_t length_dest_dsa_dns_name_1 = 0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); NDR_CHECK(ndr_pull_ref_ptr(ndr, &_ptr_naming_context)); @@ -3570,11 +3594,13 @@ static enum ndr_err_code ndr_pull_drsuapi_DsReplicaUpdateRefsRequest1(struct ndr NDR_PULL_SET_MEM_CTX(ndr, _mem_save_naming_context_0, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->dest_dsa_dns_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->dest_dsa_dns_name)); - if (ndr_get_array_length(ndr, &r->dest_dsa_dns_name) > ndr_get_array_size(ndr, &r->dest_dsa_dns_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->dest_dsa_dns_name), ndr_get_array_length(ndr, &r->dest_dsa_dns_name)); + size_dest_dsa_dns_name_1 = ndr_get_array_size(ndr, &r->dest_dsa_dns_name); + length_dest_dsa_dns_name_1 = ndr_get_array_length(ndr, &r->dest_dsa_dns_name); + if (length_dest_dsa_dns_name_1 > size_dest_dsa_dns_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_dest_dsa_dns_name_1, length_dest_dsa_dns_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->dest_dsa_dns_name), sizeof(uint8_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->dest_dsa_dns_name, ndr_get_array_length(ndr, &r->dest_dsa_dns_name), sizeof(uint8_t), CH_DOS)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_dest_dsa_dns_name_1, sizeof(uint8_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->dest_dsa_dns_name, length_dest_dsa_dns_name_1, sizeof(uint8_t), CH_DOS)); } return NDR_ERR_SUCCESS; } @@ -3820,15 +3846,18 @@ static enum ndr_err_code ndr_push_drsuapi_DsGetMembershipsCtr1(struct ndr_push * static enum ndr_err_code ndr_pull_drsuapi_DsGetMembershipsCtr1(struct ndr_pull *ndr, int ndr_flags, struct drsuapi_DsGetMembershipsCtr1 *r) { uint32_t _ptr_info_array; + uint32_t size_info_array_1 = 0; uint32_t cntr_info_array_1; TALLOC_CTX *_mem_save_info_array_0; TALLOC_CTX *_mem_save_info_array_1; TALLOC_CTX *_mem_save_info_array_2; uint32_t _ptr_group_attrs; + uint32_t size_group_attrs_1 = 0; uint32_t cntr_group_attrs_1; TALLOC_CTX *_mem_save_group_attrs_0; TALLOC_CTX *_mem_save_group_attrs_1; uint32_t _ptr_sids; + uint32_t size_sids_1 = 0; uint32_t cntr_sids_1; TALLOC_CTX *_mem_save_sids_0; TALLOC_CTX *_mem_save_sids_1; @@ -3868,10 +3897,11 @@ static enum ndr_err_code ndr_pull_drsuapi_DsGetMembershipsCtr1(struct ndr_pull * _mem_save_info_array_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->info_array, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->info_array)); - NDR_PULL_ALLOC_N(ndr, r->info_array, ndr_get_array_size(ndr, &r->info_array)); + size_info_array_1 = ndr_get_array_size(ndr, &r->info_array); + NDR_PULL_ALLOC_N(ndr, r->info_array, size_info_array_1); _mem_save_info_array_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->info_array, 0); - for (cntr_info_array_1 = 0; cntr_info_array_1 < r->num_memberships; cntr_info_array_1++) { + for (cntr_info_array_1 = 0; cntr_info_array_1 < size_info_array_1; cntr_info_array_1++) { NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info_array)); if (_ptr_info_array) { NDR_PULL_ALLOC(ndr, r->info_array[cntr_info_array_1]); @@ -3879,7 +3909,7 @@ static enum ndr_err_code ndr_pull_drsuapi_DsGetMembershipsCtr1(struct ndr_pull * r->info_array[cntr_info_array_1] = NULL; } } - for (cntr_info_array_1 = 0; cntr_info_array_1 < r->num_memberships; cntr_info_array_1++) { + for (cntr_info_array_1 = 0; cntr_info_array_1 < size_info_array_1; cntr_info_array_1++) { if (r->info_array[cntr_info_array_1]) { _mem_save_info_array_2 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->info_array[cntr_info_array_1], 0); @@ -3894,10 +3924,11 @@ static enum ndr_err_code ndr_pull_drsuapi_DsGetMembershipsCtr1(struct ndr_pull * _mem_save_group_attrs_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->group_attrs, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->group_attrs)); - NDR_PULL_ALLOC_N(ndr, r->group_attrs, ndr_get_array_size(ndr, &r->group_attrs)); + size_group_attrs_1 = ndr_get_array_size(ndr, &r->group_attrs); + NDR_PULL_ALLOC_N(ndr, r->group_attrs, size_group_attrs_1); _mem_save_group_attrs_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->group_attrs, 0); - for (cntr_group_attrs_1 = 0; cntr_group_attrs_1 < r->num_memberships; cntr_group_attrs_1++) { + for (cntr_group_attrs_1 = 0; cntr_group_attrs_1 < size_group_attrs_1; cntr_group_attrs_1++) { NDR_CHECK(ndr_pull_samr_GroupAttrs(ndr, NDR_SCALARS, &r->group_attrs[cntr_group_attrs_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_group_attrs_1, 0); @@ -3907,10 +3938,11 @@ static enum ndr_err_code ndr_pull_drsuapi_DsGetMembershipsCtr1(struct ndr_pull * _mem_save_sids_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->sids, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->sids)); - NDR_PULL_ALLOC_N(ndr, r->sids, ndr_get_array_size(ndr, &r->sids)); + size_sids_1 = ndr_get_array_size(ndr, &r->sids); + NDR_PULL_ALLOC_N(ndr, r->sids, size_sids_1); _mem_save_sids_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->sids, 0); - for (cntr_sids_1 = 0; cntr_sids_1 < r->num_sids; cntr_sids_1++) { + for (cntr_sids_1 = 0; cntr_sids_1 < size_sids_1; cntr_sids_1++) { NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_sids)); if (_ptr_sids) { NDR_PULL_ALLOC(ndr, r->sids[cntr_sids_1]); @@ -3918,7 +3950,7 @@ static enum ndr_err_code ndr_pull_drsuapi_DsGetMembershipsCtr1(struct ndr_pull * r->sids[cntr_sids_1] = NULL; } } - for (cntr_sids_1 = 0; cntr_sids_1 < r->num_sids; cntr_sids_1++) { + for (cntr_sids_1 = 0; cntr_sids_1 < size_sids_1; cntr_sids_1++) { if (r->sids[cntr_sids_1]) { _mem_save_sids_2 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->sids[cntr_sids_1], 0); @@ -4118,6 +4150,7 @@ static enum ndr_err_code ndr_push_drsuapi_DsGetMembershipsRequest1(struct ndr_pu static enum ndr_err_code ndr_pull_drsuapi_DsGetMembershipsRequest1(struct ndr_pull *ndr, int ndr_flags, struct drsuapi_DsGetMembershipsRequest1 *r) { uint32_t _ptr_info_array; + uint32_t size_info_array_1 = 0; uint32_t cntr_info_array_1; TALLOC_CTX *_mem_save_info_array_0; TALLOC_CTX *_mem_save_info_array_1; @@ -4150,10 +4183,11 @@ static enum ndr_err_code ndr_pull_drsuapi_DsGetMembershipsRequest1(struct ndr_pu _mem_save_info_array_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->info_array, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->info_array)); - NDR_PULL_ALLOC_N(ndr, r->info_array, ndr_get_array_size(ndr, &r->info_array)); + size_info_array_1 = ndr_get_array_size(ndr, &r->info_array); + NDR_PULL_ALLOC_N(ndr, r->info_array, size_info_array_1); _mem_save_info_array_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->info_array, 0); - for (cntr_info_array_1 = 0; cntr_info_array_1 < r->count; cntr_info_array_1++) { + for (cntr_info_array_1 = 0; cntr_info_array_1 < size_info_array_1; cntr_info_array_1++) { NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info_array)); if (_ptr_info_array) { NDR_PULL_ALLOC(ndr, r->info_array[cntr_info_array_1]); @@ -4161,7 +4195,7 @@ static enum ndr_err_code ndr_pull_drsuapi_DsGetMembershipsRequest1(struct ndr_pu r->info_array[cntr_info_array_1] = NULL; } } - for (cntr_info_array_1 = 0; cntr_info_array_1 < r->count; cntr_info_array_1++) { + for (cntr_info_array_1 = 0; cntr_info_array_1 < size_info_array_1; cntr_info_array_1++) { if (r->info_array[cntr_info_array_1]) { _mem_save_info_array_2 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->info_array[cntr_info_array_1], 0); @@ -4318,6 +4352,7 @@ static enum ndr_err_code ndr_push_drsuapi_DsGetNT4ChangeLogRequest1(struct ndr_p static enum ndr_err_code ndr_pull_drsuapi_DsGetNT4ChangeLogRequest1(struct ndr_pull *ndr, int ndr_flags, struct drsuapi_DsGetNT4ChangeLogRequest1 *r) { uint32_t _ptr_data; + uint32_t size_data_1 = 0; TALLOC_CTX *_mem_save_data_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); @@ -4339,8 +4374,9 @@ static enum ndr_err_code ndr_pull_drsuapi_DsGetNT4ChangeLogRequest1(struct ndr_p _mem_save_data_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->data, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->data)); - NDR_PULL_ALLOC_N(ndr, r->data, ndr_get_array_size(ndr, &r->data)); - NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->data, ndr_get_array_size(ndr, &r->data))); + size_data_1 = ndr_get_array_size(ndr, &r->data); + NDR_PULL_ALLOC_N(ndr, r->data, size_data_1); + NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->data, size_data_1)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_data_0, 0); } if (r->data) { @@ -4473,8 +4509,10 @@ static enum ndr_err_code ndr_push_drsuapi_DsGetNT4ChangeLogInfo1(struct ndr_push static enum ndr_err_code ndr_pull_drsuapi_DsGetNT4ChangeLogInfo1(struct ndr_pull *ndr, int ndr_flags, struct drsuapi_DsGetNT4ChangeLogInfo1 *r) { uint32_t _ptr_data1; + uint32_t size_data1_1 = 0; TALLOC_CTX *_mem_save_data1_0; uint32_t _ptr_data2; + uint32_t size_data2_1 = 0; TALLOC_CTX *_mem_save_data2_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 8)); @@ -4511,16 +4549,18 @@ static enum ndr_err_code ndr_pull_drsuapi_DsGetNT4ChangeLogInfo1(struct ndr_pull _mem_save_data1_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->data1, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->data1)); - NDR_PULL_ALLOC_N(ndr, r->data1, ndr_get_array_size(ndr, &r->data1)); - NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->data1, ndr_get_array_size(ndr, &r->data1))); + size_data1_1 = ndr_get_array_size(ndr, &r->data1); + NDR_PULL_ALLOC_N(ndr, r->data1, size_data1_1); + NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->data1, size_data1_1)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_data1_0, 0); } if (r->data2) { _mem_save_data2_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->data2, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->data2)); - NDR_PULL_ALLOC_N(ndr, r->data2, ndr_get_array_size(ndr, &r->data2)); - NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->data2, ndr_get_array_size(ndr, &r->data2))); + size_data2_1 = ndr_get_array_size(ndr, &r->data2); + NDR_PULL_ALLOC_N(ndr, r->data2, size_data2_1); + NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->data2, size_data2_1)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_data2_0, 0); } if (r->data1) { @@ -4749,6 +4789,8 @@ static enum ndr_err_code ndr_push_drsuapi_DsNameString(struct ndr_push *ndr, int static enum ndr_err_code ndr_pull_drsuapi_DsNameString(struct ndr_pull *ndr, int ndr_flags, struct drsuapi_DsNameString *r) { uint32_t _ptr_str; + uint32_t size_str_1 = 0; + uint32_t length_str_1 = 0; TALLOC_CTX *_mem_save_str_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); @@ -4765,11 +4807,13 @@ static enum ndr_err_code ndr_pull_drsuapi_DsNameString(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->str, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->str)); NDR_CHECK(ndr_pull_array_length(ndr, &r->str)); - if (ndr_get_array_length(ndr, &r->str) > ndr_get_array_size(ndr, &r->str)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->str), ndr_get_array_length(ndr, &r->str)); + size_str_1 = ndr_get_array_size(ndr, &r->str); + length_str_1 = ndr_get_array_length(ndr, &r->str); + if (length_str_1 > size_str_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_str_1, length_str_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->str), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->str, ndr_get_array_length(ndr, &r->str), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_str_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->str, length_str_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_str_0, 0); } } @@ -4819,6 +4863,7 @@ static enum ndr_err_code ndr_push_drsuapi_DsNameRequest1(struct ndr_push *ndr, i static enum ndr_err_code ndr_pull_drsuapi_DsNameRequest1(struct ndr_pull *ndr, int ndr_flags, struct drsuapi_DsNameRequest1 *r) { uint32_t _ptr_names; + uint32_t size_names_1 = 0; uint32_t cntr_names_1; TALLOC_CTX *_mem_save_names_0; TALLOC_CTX *_mem_save_names_1; @@ -4845,13 +4890,14 @@ static enum ndr_err_code ndr_pull_drsuapi_DsNameRequest1(struct ndr_pull *ndr, i _mem_save_names_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->names, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->names)); - NDR_PULL_ALLOC_N(ndr, r->names, ndr_get_array_size(ndr, &r->names)); + size_names_1 = ndr_get_array_size(ndr, &r->names); + NDR_PULL_ALLOC_N(ndr, r->names, size_names_1); _mem_save_names_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->names, 0); - for (cntr_names_1 = 0; cntr_names_1 < r->count; cntr_names_1++) { + for (cntr_names_1 = 0; cntr_names_1 < size_names_1; cntr_names_1++) { NDR_CHECK(ndr_pull_drsuapi_DsNameString(ndr, NDR_SCALARS, &r->names[cntr_names_1])); } - for (cntr_names_1 = 0; cntr_names_1 < r->count; cntr_names_1++) { + for (cntr_names_1 = 0; cntr_names_1 < size_names_1; cntr_names_1++) { NDR_CHECK(ndr_pull_drsuapi_DsNameString(ndr, NDR_BUFFERS, &r->names[cntr_names_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_names_1, 0); @@ -4996,8 +5042,12 @@ static enum ndr_err_code ndr_push_drsuapi_DsNameInfo1(struct ndr_push *ndr, int static enum ndr_err_code ndr_pull_drsuapi_DsNameInfo1(struct ndr_pull *ndr, int ndr_flags, struct drsuapi_DsNameInfo1 *r) { uint32_t _ptr_dns_domain_name; + uint32_t size_dns_domain_name_1 = 0; + uint32_t length_dns_domain_name_1 = 0; TALLOC_CTX *_mem_save_dns_domain_name_0; uint32_t _ptr_result_name; + uint32_t size_result_name_1 = 0; + uint32_t length_result_name_1 = 0; TALLOC_CTX *_mem_save_result_name_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); @@ -5021,11 +5071,13 @@ static enum ndr_err_code ndr_pull_drsuapi_DsNameInfo1(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->dns_domain_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->dns_domain_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->dns_domain_name)); - if (ndr_get_array_length(ndr, &r->dns_domain_name) > ndr_get_array_size(ndr, &r->dns_domain_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->dns_domain_name), ndr_get_array_length(ndr, &r->dns_domain_name)); + size_dns_domain_name_1 = ndr_get_array_size(ndr, &r->dns_domain_name); + length_dns_domain_name_1 = ndr_get_array_length(ndr, &r->dns_domain_name); + if (length_dns_domain_name_1 > size_dns_domain_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_dns_domain_name_1, length_dns_domain_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->dns_domain_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->dns_domain_name, ndr_get_array_length(ndr, &r->dns_domain_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_dns_domain_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->dns_domain_name, length_dns_domain_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_dns_domain_name_0, 0); } if (r->result_name) { @@ -5033,11 +5085,13 @@ static enum ndr_err_code ndr_pull_drsuapi_DsNameInfo1(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->result_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->result_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->result_name)); - if (ndr_get_array_length(ndr, &r->result_name) > ndr_get_array_size(ndr, &r->result_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->result_name), ndr_get_array_length(ndr, &r->result_name)); + size_result_name_1 = ndr_get_array_size(ndr, &r->result_name); + length_result_name_1 = ndr_get_array_length(ndr, &r->result_name); + if (length_result_name_1 > size_result_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_result_name_1, length_result_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->result_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->result_name, ndr_get_array_length(ndr, &r->result_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_result_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->result_name, length_result_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_result_name_0, 0); } } @@ -5089,6 +5143,7 @@ static enum ndr_err_code ndr_push_drsuapi_DsNameCtr1(struct ndr_push *ndr, int n static enum ndr_err_code ndr_pull_drsuapi_DsNameCtr1(struct ndr_pull *ndr, int ndr_flags, struct drsuapi_DsNameCtr1 *r) { uint32_t _ptr_array; + uint32_t size_array_1 = 0; uint32_t cntr_array_1; TALLOC_CTX *_mem_save_array_0; TALLOC_CTX *_mem_save_array_1; @@ -5107,13 +5162,14 @@ static enum ndr_err_code ndr_pull_drsuapi_DsNameCtr1(struct ndr_pull *ndr, int n _mem_save_array_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->array)); - NDR_PULL_ALLOC_N(ndr, r->array, ndr_get_array_size(ndr, &r->array)); + size_array_1 = ndr_get_array_size(ndr, &r->array); + NDR_PULL_ALLOC_N(ndr, r->array, size_array_1); _mem_save_array_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); - for (cntr_array_1 = 0; cntr_array_1 < r->count; cntr_array_1++) { + for (cntr_array_1 = 0; cntr_array_1 < size_array_1; cntr_array_1++) { NDR_CHECK(ndr_pull_drsuapi_DsNameInfo1(ndr, NDR_SCALARS, &r->array[cntr_array_1])); } - for (cntr_array_1 = 0; cntr_array_1 < r->count; cntr_array_1++) { + for (cntr_array_1 = 0; cntr_array_1 < size_array_1; cntr_array_1++) { NDR_CHECK(ndr_pull_drsuapi_DsNameInfo1(ndr, NDR_BUFFERS, &r->array[cntr_array_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_array_1, 0); @@ -5185,6 +5241,7 @@ static enum ndr_err_code ndr_pull_drsuapi_DsNameCtr(struct ndr_pull *ndr, int nd int level; int32_t _level; TALLOC_CTX *_mem_save_ctr1_0; + uint32_t _ptr_ctr1; level = ndr_pull_get_switch_value(ndr, r); if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_int32(ndr, NDR_SCALARS, &_level)); @@ -5193,7 +5250,6 @@ static enum ndr_err_code ndr_pull_drsuapi_DsNameCtr(struct ndr_pull *ndr, int nd } switch (level) { case 1: { - uint32_t _ptr_ctr1; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_ctr1)); if (_ptr_ctr1) { NDR_PULL_ALLOC(ndr, r->ctr1); @@ -5304,8 +5360,11 @@ static enum ndr_err_code ndr_push_drsuapi_DsWriteAccountSpnRequest1(struct ndr_p static enum ndr_err_code ndr_pull_drsuapi_DsWriteAccountSpnRequest1(struct ndr_pull *ndr, int ndr_flags, struct drsuapi_DsWriteAccountSpnRequest1 *r) { uint32_t _ptr_object_dn; + uint32_t size_object_dn_1 = 0; + uint32_t length_object_dn_1 = 0; TALLOC_CTX *_mem_save_object_dn_0; uint32_t _ptr_spn_names; + uint32_t size_spn_names_1 = 0; uint32_t cntr_spn_names_1; TALLOC_CTX *_mem_save_spn_names_0; TALLOC_CTX *_mem_save_spn_names_1; @@ -5336,24 +5395,27 @@ static enum ndr_err_code ndr_pull_drsuapi_DsWriteAccountSpnRequest1(struct ndr_p NDR_PULL_SET_MEM_CTX(ndr, r->object_dn, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->object_dn)); NDR_CHECK(ndr_pull_array_length(ndr, &r->object_dn)); - if (ndr_get_array_length(ndr, &r->object_dn) > ndr_get_array_size(ndr, &r->object_dn)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->object_dn), ndr_get_array_length(ndr, &r->object_dn)); + size_object_dn_1 = ndr_get_array_size(ndr, &r->object_dn); + length_object_dn_1 = ndr_get_array_length(ndr, &r->object_dn); + if (length_object_dn_1 > size_object_dn_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_object_dn_1, length_object_dn_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->object_dn), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->object_dn, ndr_get_array_length(ndr, &r->object_dn), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_object_dn_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->object_dn, length_object_dn_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_object_dn_0, 0); } if (r->spn_names) { _mem_save_spn_names_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->spn_names, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->spn_names)); - NDR_PULL_ALLOC_N(ndr, r->spn_names, ndr_get_array_size(ndr, &r->spn_names)); + size_spn_names_1 = ndr_get_array_size(ndr, &r->spn_names); + NDR_PULL_ALLOC_N(ndr, r->spn_names, size_spn_names_1); _mem_save_spn_names_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->spn_names, 0); - for (cntr_spn_names_1 = 0; cntr_spn_names_1 < r->count; cntr_spn_names_1++) { + for (cntr_spn_names_1 = 0; cntr_spn_names_1 < size_spn_names_1; cntr_spn_names_1++) { NDR_CHECK(ndr_pull_drsuapi_DsNameString(ndr, NDR_SCALARS, &r->spn_names[cntr_spn_names_1])); } - for (cntr_spn_names_1 = 0; cntr_spn_names_1 < r->count; cntr_spn_names_1++) { + for (cntr_spn_names_1 = 0; cntr_spn_names_1 < size_spn_names_1; cntr_spn_names_1++) { NDR_CHECK(ndr_pull_drsuapi_DsNameString(ndr, NDR_BUFFERS, &r->spn_names[cntr_spn_names_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_spn_names_1, 0); @@ -5604,8 +5666,12 @@ static enum ndr_err_code ndr_push_drsuapi_DsRemoveDSServerRequest1(struct ndr_pu static enum ndr_err_code ndr_pull_drsuapi_DsRemoveDSServerRequest1(struct ndr_pull *ndr, int ndr_flags, struct drsuapi_DsRemoveDSServerRequest1 *r) { uint32_t _ptr_server_dn; + uint32_t size_server_dn_1 = 0; + uint32_t length_server_dn_1 = 0; TALLOC_CTX *_mem_save_server_dn_0; uint32_t _ptr_domain_dn; + uint32_t size_domain_dn_1 = 0; + uint32_t length_domain_dn_1 = 0; TALLOC_CTX *_mem_save_domain_dn_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); @@ -5629,11 +5695,13 @@ static enum ndr_err_code ndr_pull_drsuapi_DsRemoveDSServerRequest1(struct ndr_pu NDR_PULL_SET_MEM_CTX(ndr, r->server_dn, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->server_dn)); NDR_CHECK(ndr_pull_array_length(ndr, &r->server_dn)); - if (ndr_get_array_length(ndr, &r->server_dn) > ndr_get_array_size(ndr, &r->server_dn)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->server_dn), ndr_get_array_length(ndr, &r->server_dn)); + size_server_dn_1 = ndr_get_array_size(ndr, &r->server_dn); + length_server_dn_1 = ndr_get_array_length(ndr, &r->server_dn); + if (length_server_dn_1 > size_server_dn_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_dn_1, length_server_dn_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->server_dn), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->server_dn, ndr_get_array_length(ndr, &r->server_dn), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_dn_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->server_dn, length_server_dn_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_dn_0, 0); } if (r->domain_dn) { @@ -5641,11 +5709,13 @@ static enum ndr_err_code ndr_pull_drsuapi_DsRemoveDSServerRequest1(struct ndr_pu NDR_PULL_SET_MEM_CTX(ndr, r->domain_dn, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->domain_dn)); NDR_CHECK(ndr_pull_array_length(ndr, &r->domain_dn)); - if (ndr_get_array_length(ndr, &r->domain_dn) > ndr_get_array_size(ndr, &r->domain_dn)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->domain_dn), ndr_get_array_length(ndr, &r->domain_dn)); + size_domain_dn_1 = ndr_get_array_size(ndr, &r->domain_dn); + length_domain_dn_1 = ndr_get_array_length(ndr, &r->domain_dn); + if (length_domain_dn_1 > size_domain_dn_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_domain_dn_1, length_domain_dn_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->domain_dn), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->domain_dn, ndr_get_array_length(ndr, &r->domain_dn), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_domain_dn_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->domain_dn, length_domain_dn_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_domain_dn_0, 0); } } @@ -5871,6 +5941,8 @@ static enum ndr_err_code ndr_push_drsuapi_DsGetDCInfoRequest1(struct ndr_push *n static enum ndr_err_code ndr_pull_drsuapi_DsGetDCInfoRequest1(struct ndr_pull *ndr, int ndr_flags, struct drsuapi_DsGetDCInfoRequest1 *r) { uint32_t _ptr_domain_name; + uint32_t size_domain_name_1 = 0; + uint32_t length_domain_name_1 = 0; TALLOC_CTX *_mem_save_domain_name_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); @@ -5888,11 +5960,13 @@ static enum ndr_err_code ndr_pull_drsuapi_DsGetDCInfoRequest1(struct ndr_pull *n NDR_PULL_SET_MEM_CTX(ndr, r->domain_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->domain_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->domain_name)); - if (ndr_get_array_length(ndr, &r->domain_name) > ndr_get_array_size(ndr, &r->domain_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->domain_name), ndr_get_array_length(ndr, &r->domain_name)); + size_domain_name_1 = ndr_get_array_size(ndr, &r->domain_name); + length_domain_name_1 = ndr_get_array_length(ndr, &r->domain_name); + if (length_domain_name_1 > size_domain_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_domain_name_1, length_domain_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->domain_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->domain_name, ndr_get_array_length(ndr, &r->domain_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_domain_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->domain_name, length_domain_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_domain_name_0, 0); } } @@ -6038,14 +6112,24 @@ static enum ndr_err_code ndr_push_drsuapi_DsGetDCInfo1(struct ndr_push *ndr, int static enum ndr_err_code ndr_pull_drsuapi_DsGetDCInfo1(struct ndr_pull *ndr, int ndr_flags, struct drsuapi_DsGetDCInfo1 *r) { uint32_t _ptr_netbios_name; + uint32_t size_netbios_name_1 = 0; + uint32_t length_netbios_name_1 = 0; TALLOC_CTX *_mem_save_netbios_name_0; uint32_t _ptr_dns_name; + uint32_t size_dns_name_1 = 0; + uint32_t length_dns_name_1 = 0; TALLOC_CTX *_mem_save_dns_name_0; uint32_t _ptr_site_name; + uint32_t size_site_name_1 = 0; + uint32_t length_site_name_1 = 0; TALLOC_CTX *_mem_save_site_name_0; uint32_t _ptr_computer_dn; + uint32_t size_computer_dn_1 = 0; + uint32_t length_computer_dn_1 = 0; TALLOC_CTX *_mem_save_computer_dn_0; uint32_t _ptr_server_dn; + uint32_t size_server_dn_1 = 0; + uint32_t length_server_dn_1 = 0; TALLOC_CTX *_mem_save_server_dn_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); @@ -6088,11 +6172,13 @@ static enum ndr_err_code ndr_pull_drsuapi_DsGetDCInfo1(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->netbios_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->netbios_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->netbios_name)); - if (ndr_get_array_length(ndr, &r->netbios_name) > ndr_get_array_size(ndr, &r->netbios_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->netbios_name), ndr_get_array_length(ndr, &r->netbios_name)); + size_netbios_name_1 = ndr_get_array_size(ndr, &r->netbios_name); + length_netbios_name_1 = ndr_get_array_length(ndr, &r->netbios_name); + if (length_netbios_name_1 > size_netbios_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_netbios_name_1, length_netbios_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->netbios_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->netbios_name, ndr_get_array_length(ndr, &r->netbios_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_netbios_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->netbios_name, length_netbios_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_netbios_name_0, 0); } if (r->dns_name) { @@ -6100,11 +6186,13 @@ static enum ndr_err_code ndr_pull_drsuapi_DsGetDCInfo1(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->dns_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->dns_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->dns_name)); - if (ndr_get_array_length(ndr, &r->dns_name) > ndr_get_array_size(ndr, &r->dns_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->dns_name), ndr_get_array_length(ndr, &r->dns_name)); + size_dns_name_1 = ndr_get_array_size(ndr, &r->dns_name); + length_dns_name_1 = ndr_get_array_length(ndr, &r->dns_name); + if (length_dns_name_1 > size_dns_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_dns_name_1, length_dns_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->dns_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->dns_name, ndr_get_array_length(ndr, &r->dns_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_dns_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->dns_name, length_dns_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_dns_name_0, 0); } if (r->site_name) { @@ -6112,11 +6200,13 @@ static enum ndr_err_code ndr_pull_drsuapi_DsGetDCInfo1(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->site_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->site_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->site_name)); - if (ndr_get_array_length(ndr, &r->site_name) > ndr_get_array_size(ndr, &r->site_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->site_name), ndr_get_array_length(ndr, &r->site_name)); + size_site_name_1 = ndr_get_array_size(ndr, &r->site_name); + length_site_name_1 = ndr_get_array_length(ndr, &r->site_name); + if (length_site_name_1 > size_site_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_site_name_1, length_site_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->site_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->site_name, ndr_get_array_length(ndr, &r->site_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_site_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->site_name, length_site_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_site_name_0, 0); } if (r->computer_dn) { @@ -6124,11 +6214,13 @@ static enum ndr_err_code ndr_pull_drsuapi_DsGetDCInfo1(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->computer_dn, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->computer_dn)); NDR_CHECK(ndr_pull_array_length(ndr, &r->computer_dn)); - if (ndr_get_array_length(ndr, &r->computer_dn) > ndr_get_array_size(ndr, &r->computer_dn)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->computer_dn), ndr_get_array_length(ndr, &r->computer_dn)); + size_computer_dn_1 = ndr_get_array_size(ndr, &r->computer_dn); + length_computer_dn_1 = ndr_get_array_length(ndr, &r->computer_dn); + if (length_computer_dn_1 > size_computer_dn_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_computer_dn_1, length_computer_dn_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->computer_dn), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->computer_dn, ndr_get_array_length(ndr, &r->computer_dn), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_computer_dn_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->computer_dn, length_computer_dn_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_computer_dn_0, 0); } if (r->server_dn) { @@ -6136,11 +6228,13 @@ static enum ndr_err_code ndr_pull_drsuapi_DsGetDCInfo1(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->server_dn, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->server_dn)); NDR_CHECK(ndr_pull_array_length(ndr, &r->server_dn)); - if (ndr_get_array_length(ndr, &r->server_dn) > ndr_get_array_size(ndr, &r->server_dn)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->server_dn), ndr_get_array_length(ndr, &r->server_dn)); + size_server_dn_1 = ndr_get_array_size(ndr, &r->server_dn); + length_server_dn_1 = ndr_get_array_length(ndr, &r->server_dn); + if (length_server_dn_1 > size_server_dn_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_dn_1, length_server_dn_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->server_dn), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->server_dn, ndr_get_array_length(ndr, &r->server_dn), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_dn_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->server_dn, length_server_dn_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_dn_0, 0); } } @@ -6211,6 +6305,7 @@ static enum ndr_err_code ndr_push_drsuapi_DsGetDCInfoCtr1(struct ndr_push *ndr, static enum ndr_err_code ndr_pull_drsuapi_DsGetDCInfoCtr1(struct ndr_pull *ndr, int ndr_flags, struct drsuapi_DsGetDCInfoCtr1 *r) { uint32_t _ptr_array; + uint32_t size_array_1 = 0; uint32_t cntr_array_1; TALLOC_CTX *_mem_save_array_0; TALLOC_CTX *_mem_save_array_1; @@ -6232,13 +6327,14 @@ static enum ndr_err_code ndr_pull_drsuapi_DsGetDCInfoCtr1(struct ndr_pull *ndr, _mem_save_array_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->array)); - NDR_PULL_ALLOC_N(ndr, r->array, ndr_get_array_size(ndr, &r->array)); + size_array_1 = ndr_get_array_size(ndr, &r->array); + NDR_PULL_ALLOC_N(ndr, r->array, size_array_1); _mem_save_array_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); - for (cntr_array_1 = 0; cntr_array_1 < r->count; cntr_array_1++) { + for (cntr_array_1 = 0; cntr_array_1 < size_array_1; cntr_array_1++) { NDR_CHECK(ndr_pull_drsuapi_DsGetDCInfo1(ndr, NDR_SCALARS, &r->array[cntr_array_1])); } - for (cntr_array_1 = 0; cntr_array_1 < r->count; cntr_array_1++) { + for (cntr_array_1 = 0; cntr_array_1 < size_array_1; cntr_array_1++) { NDR_CHECK(ndr_pull_drsuapi_DsGetDCInfo1(ndr, NDR_BUFFERS, &r->array[cntr_array_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_array_1, 0); @@ -6344,18 +6440,32 @@ static enum ndr_err_code ndr_push_drsuapi_DsGetDCInfo2(struct ndr_push *ndr, int static enum ndr_err_code ndr_pull_drsuapi_DsGetDCInfo2(struct ndr_pull *ndr, int ndr_flags, struct drsuapi_DsGetDCInfo2 *r) { uint32_t _ptr_netbios_name; + uint32_t size_netbios_name_1 = 0; + uint32_t length_netbios_name_1 = 0; TALLOC_CTX *_mem_save_netbios_name_0; uint32_t _ptr_dns_name; + uint32_t size_dns_name_1 = 0; + uint32_t length_dns_name_1 = 0; TALLOC_CTX *_mem_save_dns_name_0; uint32_t _ptr_site_name; + uint32_t size_site_name_1 = 0; + uint32_t length_site_name_1 = 0; TALLOC_CTX *_mem_save_site_name_0; uint32_t _ptr_site_dn; + uint32_t size_site_dn_1 = 0; + uint32_t length_site_dn_1 = 0; TALLOC_CTX *_mem_save_site_dn_0; uint32_t _ptr_computer_dn; + uint32_t size_computer_dn_1 = 0; + uint32_t length_computer_dn_1 = 0; TALLOC_CTX *_mem_save_computer_dn_0; uint32_t _ptr_server_dn; + uint32_t size_server_dn_1 = 0; + uint32_t length_server_dn_1 = 0; TALLOC_CTX *_mem_save_server_dn_0; uint32_t _ptr_ntds_dn; + uint32_t size_ntds_dn_1 = 0; + uint32_t length_ntds_dn_1 = 0; TALLOC_CTX *_mem_save_ntds_dn_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); @@ -6415,11 +6525,13 @@ static enum ndr_err_code ndr_pull_drsuapi_DsGetDCInfo2(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->netbios_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->netbios_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->netbios_name)); - if (ndr_get_array_length(ndr, &r->netbios_name) > ndr_get_array_size(ndr, &r->netbios_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->netbios_name), ndr_get_array_length(ndr, &r->netbios_name)); + size_netbios_name_1 = ndr_get_array_size(ndr, &r->netbios_name); + length_netbios_name_1 = ndr_get_array_length(ndr, &r->netbios_name); + if (length_netbios_name_1 > size_netbios_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_netbios_name_1, length_netbios_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->netbios_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->netbios_name, ndr_get_array_length(ndr, &r->netbios_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_netbios_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->netbios_name, length_netbios_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_netbios_name_0, 0); } if (r->dns_name) { @@ -6427,11 +6539,13 @@ static enum ndr_err_code ndr_pull_drsuapi_DsGetDCInfo2(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->dns_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->dns_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->dns_name)); - if (ndr_get_array_length(ndr, &r->dns_name) > ndr_get_array_size(ndr, &r->dns_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->dns_name), ndr_get_array_length(ndr, &r->dns_name)); + size_dns_name_1 = ndr_get_array_size(ndr, &r->dns_name); + length_dns_name_1 = ndr_get_array_length(ndr, &r->dns_name); + if (length_dns_name_1 > size_dns_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_dns_name_1, length_dns_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->dns_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->dns_name, ndr_get_array_length(ndr, &r->dns_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_dns_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->dns_name, length_dns_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_dns_name_0, 0); } if (r->site_name) { @@ -6439,11 +6553,13 @@ static enum ndr_err_code ndr_pull_drsuapi_DsGetDCInfo2(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->site_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->site_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->site_name)); - if (ndr_get_array_length(ndr, &r->site_name) > ndr_get_array_size(ndr, &r->site_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->site_name), ndr_get_array_length(ndr, &r->site_name)); + size_site_name_1 = ndr_get_array_size(ndr, &r->site_name); + length_site_name_1 = ndr_get_array_length(ndr, &r->site_name); + if (length_site_name_1 > size_site_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_site_name_1, length_site_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->site_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->site_name, ndr_get_array_length(ndr, &r->site_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_site_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->site_name, length_site_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_site_name_0, 0); } if (r->site_dn) { @@ -6451,11 +6567,13 @@ static enum ndr_err_code ndr_pull_drsuapi_DsGetDCInfo2(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->site_dn, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->site_dn)); NDR_CHECK(ndr_pull_array_length(ndr, &r->site_dn)); - if (ndr_get_array_length(ndr, &r->site_dn) > ndr_get_array_size(ndr, &r->site_dn)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->site_dn), ndr_get_array_length(ndr, &r->site_dn)); + size_site_dn_1 = ndr_get_array_size(ndr, &r->site_dn); + length_site_dn_1 = ndr_get_array_length(ndr, &r->site_dn); + if (length_site_dn_1 > size_site_dn_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_site_dn_1, length_site_dn_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->site_dn), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->site_dn, ndr_get_array_length(ndr, &r->site_dn), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_site_dn_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->site_dn, length_site_dn_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_site_dn_0, 0); } if (r->computer_dn) { @@ -6463,11 +6581,13 @@ static enum ndr_err_code ndr_pull_drsuapi_DsGetDCInfo2(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->computer_dn, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->computer_dn)); NDR_CHECK(ndr_pull_array_length(ndr, &r->computer_dn)); - if (ndr_get_array_length(ndr, &r->computer_dn) > ndr_get_array_size(ndr, &r->computer_dn)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->computer_dn), ndr_get_array_length(ndr, &r->computer_dn)); + size_computer_dn_1 = ndr_get_array_size(ndr, &r->computer_dn); + length_computer_dn_1 = ndr_get_array_length(ndr, &r->computer_dn); + if (length_computer_dn_1 > size_computer_dn_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_computer_dn_1, length_computer_dn_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->computer_dn), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->computer_dn, ndr_get_array_length(ndr, &r->computer_dn), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_computer_dn_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->computer_dn, length_computer_dn_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_computer_dn_0, 0); } if (r->server_dn) { @@ -6475,11 +6595,13 @@ static enum ndr_err_code ndr_pull_drsuapi_DsGetDCInfo2(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->server_dn, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->server_dn)); NDR_CHECK(ndr_pull_array_length(ndr, &r->server_dn)); - if (ndr_get_array_length(ndr, &r->server_dn) > ndr_get_array_size(ndr, &r->server_dn)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->server_dn), ndr_get_array_length(ndr, &r->server_dn)); + size_server_dn_1 = ndr_get_array_size(ndr, &r->server_dn); + length_server_dn_1 = ndr_get_array_length(ndr, &r->server_dn); + if (length_server_dn_1 > size_server_dn_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_dn_1, length_server_dn_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->server_dn), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->server_dn, ndr_get_array_length(ndr, &r->server_dn), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_dn_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->server_dn, length_server_dn_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_dn_0, 0); } if (r->ntds_dn) { @@ -6487,11 +6609,13 @@ static enum ndr_err_code ndr_pull_drsuapi_DsGetDCInfo2(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->ntds_dn, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->ntds_dn)); NDR_CHECK(ndr_pull_array_length(ndr, &r->ntds_dn)); - if (ndr_get_array_length(ndr, &r->ntds_dn) > ndr_get_array_size(ndr, &r->ntds_dn)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->ntds_dn), ndr_get_array_length(ndr, &r->ntds_dn)); + size_ntds_dn_1 = ndr_get_array_size(ndr, &r->ntds_dn); + length_ntds_dn_1 = ndr_get_array_length(ndr, &r->ntds_dn); + if (length_ntds_dn_1 > size_ntds_dn_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_ntds_dn_1, length_ntds_dn_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->ntds_dn), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->ntds_dn, ndr_get_array_length(ndr, &r->ntds_dn), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_ntds_dn_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->ntds_dn, length_ntds_dn_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_ntds_dn_0, 0); } } @@ -6579,6 +6703,7 @@ static enum ndr_err_code ndr_push_drsuapi_DsGetDCInfoCtr2(struct ndr_push *ndr, static enum ndr_err_code ndr_pull_drsuapi_DsGetDCInfoCtr2(struct ndr_pull *ndr, int ndr_flags, struct drsuapi_DsGetDCInfoCtr2 *r) { uint32_t _ptr_array; + uint32_t size_array_1 = 0; uint32_t cntr_array_1; TALLOC_CTX *_mem_save_array_0; TALLOC_CTX *_mem_save_array_1; @@ -6600,13 +6725,14 @@ static enum ndr_err_code ndr_pull_drsuapi_DsGetDCInfoCtr2(struct ndr_pull *ndr, _mem_save_array_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->array)); - NDR_PULL_ALLOC_N(ndr, r->array, ndr_get_array_size(ndr, &r->array)); + size_array_1 = ndr_get_array_size(ndr, &r->array); + NDR_PULL_ALLOC_N(ndr, r->array, size_array_1); _mem_save_array_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); - for (cntr_array_1 = 0; cntr_array_1 < r->count; cntr_array_1++) { + for (cntr_array_1 = 0; cntr_array_1 < size_array_1; cntr_array_1++) { NDR_CHECK(ndr_pull_drsuapi_DsGetDCInfo2(ndr, NDR_SCALARS, &r->array[cntr_array_1])); } - for (cntr_array_1 = 0; cntr_array_1 < r->count; cntr_array_1++) { + for (cntr_array_1 = 0; cntr_array_1 < size_array_1; cntr_array_1++) { NDR_CHECK(ndr_pull_drsuapi_DsGetDCInfo2(ndr, NDR_BUFFERS, &r->array[cntr_array_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_array_1, 0); @@ -6713,18 +6839,32 @@ static enum ndr_err_code ndr_push_drsuapi_DsGetDCInfo3(struct ndr_push *ndr, int static enum ndr_err_code ndr_pull_drsuapi_DsGetDCInfo3(struct ndr_pull *ndr, int ndr_flags, struct drsuapi_DsGetDCInfo3 *r) { uint32_t _ptr_netbios_name; + uint32_t size_netbios_name_1 = 0; + uint32_t length_netbios_name_1 = 0; TALLOC_CTX *_mem_save_netbios_name_0; uint32_t _ptr_dns_name; + uint32_t size_dns_name_1 = 0; + uint32_t length_dns_name_1 = 0; TALLOC_CTX *_mem_save_dns_name_0; uint32_t _ptr_site_name; + uint32_t size_site_name_1 = 0; + uint32_t length_site_name_1 = 0; TALLOC_CTX *_mem_save_site_name_0; uint32_t _ptr_site_dn; + uint32_t size_site_dn_1 = 0; + uint32_t length_site_dn_1 = 0; TALLOC_CTX *_mem_save_site_dn_0; uint32_t _ptr_computer_dn; + uint32_t size_computer_dn_1 = 0; + uint32_t length_computer_dn_1 = 0; TALLOC_CTX *_mem_save_computer_dn_0; uint32_t _ptr_server_dn; + uint32_t size_server_dn_1 = 0; + uint32_t length_server_dn_1 = 0; TALLOC_CTX *_mem_save_server_dn_0; uint32_t _ptr_ntds_dn; + uint32_t size_ntds_dn_1 = 0; + uint32_t length_ntds_dn_1 = 0; TALLOC_CTX *_mem_save_ntds_dn_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); @@ -6785,11 +6925,13 @@ static enum ndr_err_code ndr_pull_drsuapi_DsGetDCInfo3(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->netbios_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->netbios_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->netbios_name)); - if (ndr_get_array_length(ndr, &r->netbios_name) > ndr_get_array_size(ndr, &r->netbios_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->netbios_name), ndr_get_array_length(ndr, &r->netbios_name)); + size_netbios_name_1 = ndr_get_array_size(ndr, &r->netbios_name); + length_netbios_name_1 = ndr_get_array_length(ndr, &r->netbios_name); + if (length_netbios_name_1 > size_netbios_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_netbios_name_1, length_netbios_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->netbios_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->netbios_name, ndr_get_array_length(ndr, &r->netbios_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_netbios_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->netbios_name, length_netbios_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_netbios_name_0, 0); } if (r->dns_name) { @@ -6797,11 +6939,13 @@ static enum ndr_err_code ndr_pull_drsuapi_DsGetDCInfo3(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->dns_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->dns_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->dns_name)); - if (ndr_get_array_length(ndr, &r->dns_name) > ndr_get_array_size(ndr, &r->dns_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->dns_name), ndr_get_array_length(ndr, &r->dns_name)); + size_dns_name_1 = ndr_get_array_size(ndr, &r->dns_name); + length_dns_name_1 = ndr_get_array_length(ndr, &r->dns_name); + if (length_dns_name_1 > size_dns_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_dns_name_1, length_dns_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->dns_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->dns_name, ndr_get_array_length(ndr, &r->dns_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_dns_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->dns_name, length_dns_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_dns_name_0, 0); } if (r->site_name) { @@ -6809,11 +6953,13 @@ static enum ndr_err_code ndr_pull_drsuapi_DsGetDCInfo3(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->site_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->site_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->site_name)); - if (ndr_get_array_length(ndr, &r->site_name) > ndr_get_array_size(ndr, &r->site_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->site_name), ndr_get_array_length(ndr, &r->site_name)); + size_site_name_1 = ndr_get_array_size(ndr, &r->site_name); + length_site_name_1 = ndr_get_array_length(ndr, &r->site_name); + if (length_site_name_1 > size_site_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_site_name_1, length_site_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->site_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->site_name, ndr_get_array_length(ndr, &r->site_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_site_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->site_name, length_site_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_site_name_0, 0); } if (r->site_dn) { @@ -6821,11 +6967,13 @@ static enum ndr_err_code ndr_pull_drsuapi_DsGetDCInfo3(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->site_dn, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->site_dn)); NDR_CHECK(ndr_pull_array_length(ndr, &r->site_dn)); - if (ndr_get_array_length(ndr, &r->site_dn) > ndr_get_array_size(ndr, &r->site_dn)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->site_dn), ndr_get_array_length(ndr, &r->site_dn)); + size_site_dn_1 = ndr_get_array_size(ndr, &r->site_dn); + length_site_dn_1 = ndr_get_array_length(ndr, &r->site_dn); + if (length_site_dn_1 > size_site_dn_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_site_dn_1, length_site_dn_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->site_dn), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->site_dn, ndr_get_array_length(ndr, &r->site_dn), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_site_dn_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->site_dn, length_site_dn_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_site_dn_0, 0); } if (r->computer_dn) { @@ -6833,11 +6981,13 @@ static enum ndr_err_code ndr_pull_drsuapi_DsGetDCInfo3(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->computer_dn, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->computer_dn)); NDR_CHECK(ndr_pull_array_length(ndr, &r->computer_dn)); - if (ndr_get_array_length(ndr, &r->computer_dn) > ndr_get_array_size(ndr, &r->computer_dn)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->computer_dn), ndr_get_array_length(ndr, &r->computer_dn)); + size_computer_dn_1 = ndr_get_array_size(ndr, &r->computer_dn); + length_computer_dn_1 = ndr_get_array_length(ndr, &r->computer_dn); + if (length_computer_dn_1 > size_computer_dn_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_computer_dn_1, length_computer_dn_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->computer_dn), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->computer_dn, ndr_get_array_length(ndr, &r->computer_dn), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_computer_dn_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->computer_dn, length_computer_dn_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_computer_dn_0, 0); } if (r->server_dn) { @@ -6845,11 +6995,13 @@ static enum ndr_err_code ndr_pull_drsuapi_DsGetDCInfo3(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->server_dn, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->server_dn)); NDR_CHECK(ndr_pull_array_length(ndr, &r->server_dn)); - if (ndr_get_array_length(ndr, &r->server_dn) > ndr_get_array_size(ndr, &r->server_dn)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->server_dn), ndr_get_array_length(ndr, &r->server_dn)); + size_server_dn_1 = ndr_get_array_size(ndr, &r->server_dn); + length_server_dn_1 = ndr_get_array_length(ndr, &r->server_dn); + if (length_server_dn_1 > size_server_dn_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_dn_1, length_server_dn_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->server_dn), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->server_dn, ndr_get_array_length(ndr, &r->server_dn), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_dn_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->server_dn, length_server_dn_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_dn_0, 0); } if (r->ntds_dn) { @@ -6857,11 +7009,13 @@ static enum ndr_err_code ndr_pull_drsuapi_DsGetDCInfo3(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->ntds_dn, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->ntds_dn)); NDR_CHECK(ndr_pull_array_length(ndr, &r->ntds_dn)); - if (ndr_get_array_length(ndr, &r->ntds_dn) > ndr_get_array_size(ndr, &r->ntds_dn)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->ntds_dn), ndr_get_array_length(ndr, &r->ntds_dn)); + size_ntds_dn_1 = ndr_get_array_size(ndr, &r->ntds_dn); + length_ntds_dn_1 = ndr_get_array_length(ndr, &r->ntds_dn); + if (length_ntds_dn_1 > size_ntds_dn_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_ntds_dn_1, length_ntds_dn_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->ntds_dn), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->ntds_dn, ndr_get_array_length(ndr, &r->ntds_dn), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_ntds_dn_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->ntds_dn, length_ntds_dn_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_ntds_dn_0, 0); } } @@ -6950,6 +7104,7 @@ static enum ndr_err_code ndr_push_drsuapi_DsGetDCInfoCtr3(struct ndr_push *ndr, static enum ndr_err_code ndr_pull_drsuapi_DsGetDCInfoCtr3(struct ndr_pull *ndr, int ndr_flags, struct drsuapi_DsGetDCInfoCtr3 *r) { uint32_t _ptr_array; + uint32_t size_array_1 = 0; uint32_t cntr_array_1; TALLOC_CTX *_mem_save_array_0; TALLOC_CTX *_mem_save_array_1; @@ -6971,13 +7126,14 @@ static enum ndr_err_code ndr_pull_drsuapi_DsGetDCInfoCtr3(struct ndr_pull *ndr, _mem_save_array_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->array)); - NDR_PULL_ALLOC_N(ndr, r->array, ndr_get_array_size(ndr, &r->array)); + size_array_1 = ndr_get_array_size(ndr, &r->array); + NDR_PULL_ALLOC_N(ndr, r->array, size_array_1); _mem_save_array_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); - for (cntr_array_1 = 0; cntr_array_1 < r->count; cntr_array_1++) { + for (cntr_array_1 = 0; cntr_array_1 < size_array_1; cntr_array_1++) { NDR_CHECK(ndr_pull_drsuapi_DsGetDCInfo3(ndr, NDR_SCALARS, &r->array[cntr_array_1])); } - for (cntr_array_1 = 0; cntr_array_1 < r->count; cntr_array_1++) { + for (cntr_array_1 = 0; cntr_array_1 < size_array_1; cntr_array_1++) { NDR_CHECK(ndr_pull_drsuapi_DsGetDCInfo3(ndr, NDR_BUFFERS, &r->array[cntr_array_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_array_1, 0); @@ -7045,6 +7201,8 @@ static enum ndr_err_code ndr_push_drsuapi_DsGetDCConnection01(struct ndr_push *n static enum ndr_err_code ndr_pull_drsuapi_DsGetDCConnection01(struct ndr_pull *ndr, int ndr_flags, struct drsuapi_DsGetDCConnection01 *r) { uint32_t _ptr_client_account; + uint32_t size_client_account_1 = 0; + uint32_t length_client_account_1 = 0; TALLOC_CTX *_mem_save_client_account_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); @@ -7072,11 +7230,13 @@ static enum ndr_err_code ndr_pull_drsuapi_DsGetDCConnection01(struct ndr_pull *n NDR_PULL_SET_MEM_CTX(ndr, r->client_account, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->client_account)); NDR_CHECK(ndr_pull_array_length(ndr, &r->client_account)); - if (ndr_get_array_length(ndr, &r->client_account) > ndr_get_array_size(ndr, &r->client_account)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->client_account), ndr_get_array_length(ndr, &r->client_account)); + size_client_account_1 = ndr_get_array_size(ndr, &r->client_account); + length_client_account_1 = ndr_get_array_length(ndr, &r->client_account); + if (length_client_account_1 > size_client_account_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_client_account_1, length_client_account_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->client_account), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->client_account, ndr_get_array_length(ndr, &r->client_account), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_client_account_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->client_account, length_client_account_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_client_account_0, 0); } } @@ -7127,6 +7287,7 @@ static enum ndr_err_code ndr_push_drsuapi_DsGetDCConnectionCtr01(struct ndr_push static enum ndr_err_code ndr_pull_drsuapi_DsGetDCConnectionCtr01(struct ndr_pull *ndr, int ndr_flags, struct drsuapi_DsGetDCConnectionCtr01 *r) { uint32_t _ptr_array; + uint32_t size_array_1 = 0; uint32_t cntr_array_1; TALLOC_CTX *_mem_save_array_0; TALLOC_CTX *_mem_save_array_1; @@ -7148,13 +7309,14 @@ static enum ndr_err_code ndr_pull_drsuapi_DsGetDCConnectionCtr01(struct ndr_pull _mem_save_array_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->array)); - NDR_PULL_ALLOC_N(ndr, r->array, ndr_get_array_size(ndr, &r->array)); + size_array_1 = ndr_get_array_size(ndr, &r->array); + NDR_PULL_ALLOC_N(ndr, r->array, size_array_1); _mem_save_array_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); - for (cntr_array_1 = 0; cntr_array_1 < r->count; cntr_array_1++) { + for (cntr_array_1 = 0; cntr_array_1 < size_array_1; cntr_array_1++) { NDR_CHECK(ndr_pull_drsuapi_DsGetDCConnection01(ndr, NDR_SCALARS, &r->array[cntr_array_1])); } - for (cntr_array_1 = 0; cntr_array_1 < r->count; cntr_array_1++) { + for (cntr_array_1 = 0; cntr_array_1 < size_array_1; cntr_array_1++) { NDR_CHECK(ndr_pull_drsuapi_DsGetDCConnection01(ndr, NDR_BUFFERS, &r->array[cntr_array_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_array_1, 0); @@ -7533,6 +7695,7 @@ static enum ndr_err_code ndr_push_drsuapi_DsAddEntryExtraErrorBuffer(struct ndr_ static enum ndr_err_code ndr_pull_drsuapi_DsAddEntryExtraErrorBuffer(struct ndr_pull *ndr, int ndr_flags, struct drsuapi_DsAddEntryExtraErrorBuffer *r) { uint32_t _ptr_data; + uint32_t size_data_1 = 0; TALLOC_CTX *_mem_save_data_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); @@ -7552,8 +7715,9 @@ static enum ndr_err_code ndr_pull_drsuapi_DsAddEntryExtraErrorBuffer(struct ndr_ _mem_save_data_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->data, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->data)); - NDR_PULL_ALLOC_N(ndr, r->data, ndr_get_array_size(ndr, &r->data)); - NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->data, ndr_get_array_size(ndr, &r->data))); + size_data_1 = ndr_get_array_size(ndr, &r->data); + NDR_PULL_ALLOC_N(ndr, r->data, size_data_1); + NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->data, size_data_1)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_data_0, 0); } if (r->data) { @@ -8083,6 +8247,7 @@ static enum ndr_err_code ndr_pull_drsuapi_DsAddEntryCtr2(struct ndr_pull *ndr, i uint32_t _ptr_id; TALLOC_CTX *_mem_save_id_0; uint32_t _ptr_objects; + uint32_t size_objects_1 = 0; uint32_t cntr_objects_1; TALLOC_CTX *_mem_save_objects_0; TALLOC_CTX *_mem_save_objects_1; @@ -8118,13 +8283,14 @@ static enum ndr_err_code ndr_pull_drsuapi_DsAddEntryCtr2(struct ndr_pull *ndr, i _mem_save_objects_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->objects, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->objects)); - NDR_PULL_ALLOC_N(ndr, r->objects, ndr_get_array_size(ndr, &r->objects)); + size_objects_1 = ndr_get_array_size(ndr, &r->objects); + NDR_PULL_ALLOC_N(ndr, r->objects, size_objects_1); _mem_save_objects_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->objects, 0); - for (cntr_objects_1 = 0; cntr_objects_1 < r->count; cntr_objects_1++) { + for (cntr_objects_1 = 0; cntr_objects_1 < size_objects_1; cntr_objects_1++) { NDR_CHECK(ndr_pull_drsuapi_DsReplicaObjectIdentifier2(ndr, NDR_SCALARS, &r->objects[cntr_objects_1])); } - for (cntr_objects_1 = 0; cntr_objects_1 < r->count; cntr_objects_1++) { + for (cntr_objects_1 = 0; cntr_objects_1 < size_objects_1; cntr_objects_1++) { NDR_CHECK(ndr_pull_drsuapi_DsReplicaObjectIdentifier2(ndr, NDR_BUFFERS, &r->objects[cntr_objects_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_objects_1, 0); @@ -8208,6 +8374,7 @@ static enum ndr_err_code ndr_pull_drsuapi_DsAddEntryCtr3(struct ndr_pull *ndr, i uint32_t _ptr_error; TALLOC_CTX *_mem_save_error_0; uint32_t _ptr_objects; + uint32_t size_objects_1 = 0; uint32_t cntr_objects_1; TALLOC_CTX *_mem_save_objects_0; TALLOC_CTX *_mem_save_objects_1; @@ -8255,13 +8422,14 @@ static enum ndr_err_code ndr_pull_drsuapi_DsAddEntryCtr3(struct ndr_pull *ndr, i _mem_save_objects_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->objects, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->objects)); - NDR_PULL_ALLOC_N(ndr, r->objects, ndr_get_array_size(ndr, &r->objects)); + size_objects_1 = ndr_get_array_size(ndr, &r->objects); + NDR_PULL_ALLOC_N(ndr, r->objects, size_objects_1); _mem_save_objects_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->objects, 0); - for (cntr_objects_1 = 0; cntr_objects_1 < r->count; cntr_objects_1++) { + for (cntr_objects_1 = 0; cntr_objects_1 < size_objects_1; cntr_objects_1++) { NDR_CHECK(ndr_pull_drsuapi_DsReplicaObjectIdentifier2(ndr, NDR_SCALARS, &r->objects[cntr_objects_1])); } - for (cntr_objects_1 = 0; cntr_objects_1 < r->count; cntr_objects_1++) { + for (cntr_objects_1 = 0; cntr_objects_1 < size_objects_1; cntr_objects_1++) { NDR_CHECK(ndr_pull_drsuapi_DsReplicaObjectIdentifier2(ndr, NDR_BUFFERS, &r->objects[cntr_objects_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_objects_1, 0); @@ -8492,6 +8660,8 @@ static enum ndr_err_code ndr_push_drsuapi_DsReplicaGetInfoRequest1(struct ndr_pu static enum ndr_err_code ndr_pull_drsuapi_DsReplicaGetInfoRequest1(struct ndr_pull *ndr, int ndr_flags, struct drsuapi_DsReplicaGetInfoRequest1 *r) { uint32_t _ptr_object_dn; + uint32_t size_object_dn_1 = 0; + uint32_t length_object_dn_1 = 0; TALLOC_CTX *_mem_save_object_dn_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); @@ -8510,11 +8680,13 @@ static enum ndr_err_code ndr_pull_drsuapi_DsReplicaGetInfoRequest1(struct ndr_pu NDR_PULL_SET_MEM_CTX(ndr, r->object_dn, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->object_dn)); NDR_CHECK(ndr_pull_array_length(ndr, &r->object_dn)); - if (ndr_get_array_length(ndr, &r->object_dn) > ndr_get_array_size(ndr, &r->object_dn)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->object_dn), ndr_get_array_length(ndr, &r->object_dn)); + size_object_dn_1 = ndr_get_array_size(ndr, &r->object_dn); + length_object_dn_1 = ndr_get_array_length(ndr, &r->object_dn); + if (length_object_dn_1 > size_object_dn_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_object_dn_1, length_object_dn_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->object_dn), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->object_dn, ndr_get_array_length(ndr, &r->object_dn), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_object_dn_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->object_dn, length_object_dn_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_object_dn_0, 0); } } @@ -8574,10 +8746,16 @@ static enum ndr_err_code ndr_push_drsuapi_DsReplicaGetInfoRequest2(struct ndr_pu static enum ndr_err_code ndr_pull_drsuapi_DsReplicaGetInfoRequest2(struct ndr_pull *ndr, int ndr_flags, struct drsuapi_DsReplicaGetInfoRequest2 *r) { uint32_t _ptr_object_dn; + uint32_t size_object_dn_1 = 0; + uint32_t length_object_dn_1 = 0; TALLOC_CTX *_mem_save_object_dn_0; uint32_t _ptr_string1; + uint32_t size_string1_1 = 0; + uint32_t length_string1_1 = 0; TALLOC_CTX *_mem_save_string1_0; uint32_t _ptr_string2; + uint32_t size_string2_1 = 0; + uint32_t length_string2_1 = 0; TALLOC_CTX *_mem_save_string2_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); @@ -8610,11 +8788,13 @@ static enum ndr_err_code ndr_pull_drsuapi_DsReplicaGetInfoRequest2(struct ndr_pu NDR_PULL_SET_MEM_CTX(ndr, r->object_dn, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->object_dn)); NDR_CHECK(ndr_pull_array_length(ndr, &r->object_dn)); - if (ndr_get_array_length(ndr, &r->object_dn) > ndr_get_array_size(ndr, &r->object_dn)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->object_dn), ndr_get_array_length(ndr, &r->object_dn)); + size_object_dn_1 = ndr_get_array_size(ndr, &r->object_dn); + length_object_dn_1 = ndr_get_array_length(ndr, &r->object_dn); + if (length_object_dn_1 > size_object_dn_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_object_dn_1, length_object_dn_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->object_dn), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->object_dn, ndr_get_array_length(ndr, &r->object_dn), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_object_dn_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->object_dn, length_object_dn_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_object_dn_0, 0); } if (r->string1) { @@ -8622,11 +8802,13 @@ static enum ndr_err_code ndr_pull_drsuapi_DsReplicaGetInfoRequest2(struct ndr_pu NDR_PULL_SET_MEM_CTX(ndr, r->string1, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->string1)); NDR_CHECK(ndr_pull_array_length(ndr, &r->string1)); - if (ndr_get_array_length(ndr, &r->string1) > ndr_get_array_size(ndr, &r->string1)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->string1), ndr_get_array_length(ndr, &r->string1)); + size_string1_1 = ndr_get_array_size(ndr, &r->string1); + length_string1_1 = ndr_get_array_length(ndr, &r->string1); + if (length_string1_1 > size_string1_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_string1_1, length_string1_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->string1), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->string1, ndr_get_array_length(ndr, &r->string1), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_string1_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->string1, length_string1_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_string1_0, 0); } if (r->string2) { @@ -8634,11 +8816,13 @@ static enum ndr_err_code ndr_pull_drsuapi_DsReplicaGetInfoRequest2(struct ndr_pu NDR_PULL_SET_MEM_CTX(ndr, r->string2, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->string2)); NDR_CHECK(ndr_pull_array_length(ndr, &r->string2)); - if (ndr_get_array_length(ndr, &r->string2) > ndr_get_array_size(ndr, &r->string2)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->string2), ndr_get_array_length(ndr, &r->string2)); + size_string2_1 = ndr_get_array_size(ndr, &r->string2); + length_string2_1 = ndr_get_array_length(ndr, &r->string2); + if (length_string2_1 > size_string2_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_string2_1, length_string2_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->string2), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->string2, ndr_get_array_length(ndr, &r->string2), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_string2_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->string2, length_string2_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_string2_0, 0); } } @@ -8822,12 +9006,20 @@ static enum ndr_err_code ndr_push_drsuapi_DsReplicaNeighbour(struct ndr_push *nd static enum ndr_err_code ndr_pull_drsuapi_DsReplicaNeighbour(struct ndr_pull *ndr, int ndr_flags, struct drsuapi_DsReplicaNeighbour *r) { uint32_t _ptr_naming_context_dn; + uint32_t size_naming_context_dn_1 = 0; + uint32_t length_naming_context_dn_1 = 0; TALLOC_CTX *_mem_save_naming_context_dn_0; uint32_t _ptr_source_dsa_obj_dn; + uint32_t size_source_dsa_obj_dn_1 = 0; + uint32_t length_source_dsa_obj_dn_1 = 0; TALLOC_CTX *_mem_save_source_dsa_obj_dn_0; uint32_t _ptr_source_dsa_address; + uint32_t size_source_dsa_address_1 = 0; + uint32_t length_source_dsa_address_1 = 0; TALLOC_CTX *_mem_save_source_dsa_address_0; uint32_t _ptr_transport_obj_dn; + uint32_t size_transport_obj_dn_1 = 0; + uint32_t length_transport_obj_dn_1 = 0; TALLOC_CTX *_mem_save_transport_obj_dn_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 8)); @@ -8874,11 +9066,13 @@ static enum ndr_err_code ndr_pull_drsuapi_DsReplicaNeighbour(struct ndr_pull *nd NDR_PULL_SET_MEM_CTX(ndr, r->naming_context_dn, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->naming_context_dn)); NDR_CHECK(ndr_pull_array_length(ndr, &r->naming_context_dn)); - if (ndr_get_array_length(ndr, &r->naming_context_dn) > ndr_get_array_size(ndr, &r->naming_context_dn)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->naming_context_dn), ndr_get_array_length(ndr, &r->naming_context_dn)); + size_naming_context_dn_1 = ndr_get_array_size(ndr, &r->naming_context_dn); + length_naming_context_dn_1 = ndr_get_array_length(ndr, &r->naming_context_dn); + if (length_naming_context_dn_1 > size_naming_context_dn_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_naming_context_dn_1, length_naming_context_dn_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->naming_context_dn), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->naming_context_dn, ndr_get_array_length(ndr, &r->naming_context_dn), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_naming_context_dn_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->naming_context_dn, length_naming_context_dn_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_naming_context_dn_0, 0); } if (r->source_dsa_obj_dn) { @@ -8886,11 +9080,13 @@ static enum ndr_err_code ndr_pull_drsuapi_DsReplicaNeighbour(struct ndr_pull *nd NDR_PULL_SET_MEM_CTX(ndr, r->source_dsa_obj_dn, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->source_dsa_obj_dn)); NDR_CHECK(ndr_pull_array_length(ndr, &r->source_dsa_obj_dn)); - if (ndr_get_array_length(ndr, &r->source_dsa_obj_dn) > ndr_get_array_size(ndr, &r->source_dsa_obj_dn)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->source_dsa_obj_dn), ndr_get_array_length(ndr, &r->source_dsa_obj_dn)); + size_source_dsa_obj_dn_1 = ndr_get_array_size(ndr, &r->source_dsa_obj_dn); + length_source_dsa_obj_dn_1 = ndr_get_array_length(ndr, &r->source_dsa_obj_dn); + if (length_source_dsa_obj_dn_1 > size_source_dsa_obj_dn_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_source_dsa_obj_dn_1, length_source_dsa_obj_dn_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->source_dsa_obj_dn), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->source_dsa_obj_dn, ndr_get_array_length(ndr, &r->source_dsa_obj_dn), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_source_dsa_obj_dn_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->source_dsa_obj_dn, length_source_dsa_obj_dn_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_source_dsa_obj_dn_0, 0); } if (r->source_dsa_address) { @@ -8898,11 +9094,13 @@ static enum ndr_err_code ndr_pull_drsuapi_DsReplicaNeighbour(struct ndr_pull *nd NDR_PULL_SET_MEM_CTX(ndr, r->source_dsa_address, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->source_dsa_address)); NDR_CHECK(ndr_pull_array_length(ndr, &r->source_dsa_address)); - if (ndr_get_array_length(ndr, &r->source_dsa_address) > ndr_get_array_size(ndr, &r->source_dsa_address)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->source_dsa_address), ndr_get_array_length(ndr, &r->source_dsa_address)); + size_source_dsa_address_1 = ndr_get_array_size(ndr, &r->source_dsa_address); + length_source_dsa_address_1 = ndr_get_array_length(ndr, &r->source_dsa_address); + if (length_source_dsa_address_1 > size_source_dsa_address_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_source_dsa_address_1, length_source_dsa_address_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->source_dsa_address), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->source_dsa_address, ndr_get_array_length(ndr, &r->source_dsa_address), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_source_dsa_address_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->source_dsa_address, length_source_dsa_address_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_source_dsa_address_0, 0); } if (r->transport_obj_dn) { @@ -8910,11 +9108,13 @@ static enum ndr_err_code ndr_pull_drsuapi_DsReplicaNeighbour(struct ndr_pull *nd NDR_PULL_SET_MEM_CTX(ndr, r->transport_obj_dn, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->transport_obj_dn)); NDR_CHECK(ndr_pull_array_length(ndr, &r->transport_obj_dn)); - if (ndr_get_array_length(ndr, &r->transport_obj_dn) > ndr_get_array_size(ndr, &r->transport_obj_dn)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->transport_obj_dn), ndr_get_array_length(ndr, &r->transport_obj_dn)); + size_transport_obj_dn_1 = ndr_get_array_size(ndr, &r->transport_obj_dn); + length_transport_obj_dn_1 = ndr_get_array_length(ndr, &r->transport_obj_dn); + if (length_transport_obj_dn_1 > size_transport_obj_dn_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_transport_obj_dn_1, length_transport_obj_dn_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->transport_obj_dn), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->transport_obj_dn, ndr_get_array_length(ndr, &r->transport_obj_dn), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_transport_obj_dn_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->transport_obj_dn, length_transport_obj_dn_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_transport_obj_dn_0, 0); } } @@ -8986,6 +9186,7 @@ static enum ndr_err_code ndr_push_drsuapi_DsReplicaNeighbourCtr(struct ndr_push static enum ndr_err_code ndr_pull_drsuapi_DsReplicaNeighbourCtr(struct ndr_pull *ndr, int ndr_flags, struct drsuapi_DsReplicaNeighbourCtr *r) { + uint32_t size_array_0 = 0; uint32_t cntr_array_0; TALLOC_CTX *_mem_save_array_0; if (ndr_flags & NDR_SCALARS) { @@ -8993,10 +9194,11 @@ static enum ndr_err_code ndr_pull_drsuapi_DsReplicaNeighbourCtr(struct ndr_pull NDR_CHECK(ndr_pull_align(ndr, 8)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->count)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->reserved)); - NDR_PULL_ALLOC_N(ndr, r->array, ndr_get_array_size(ndr, &r->array)); + size_array_0 = ndr_get_array_size(ndr, &r->array); + NDR_PULL_ALLOC_N(ndr, r->array, size_array_0); _mem_save_array_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); - for (cntr_array_0 = 0; cntr_array_0 < r->count; cntr_array_0++) { + for (cntr_array_0 = 0; cntr_array_0 < size_array_0; cntr_array_0++) { NDR_CHECK(ndr_pull_drsuapi_DsReplicaNeighbour(ndr, NDR_SCALARS, &r->array[cntr_array_0])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_array_0, 0); @@ -9005,9 +9207,10 @@ static enum ndr_err_code ndr_pull_drsuapi_DsReplicaNeighbourCtr(struct ndr_pull } } if (ndr_flags & NDR_BUFFERS) { + size_array_0 = ndr_get_array_size(ndr, &r->array); _mem_save_array_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); - for (cntr_array_0 = 0; cntr_array_0 < r->count; cntr_array_0++) { + for (cntr_array_0 = 0; cntr_array_0 < size_array_0; cntr_array_0++) { NDR_CHECK(ndr_pull_drsuapi_DsReplicaNeighbour(ndr, NDR_BUFFERS, &r->array[cntr_array_0])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_array_0, 0); @@ -9054,6 +9257,7 @@ static enum ndr_err_code ndr_push_drsuapi_DsReplicaCursorCtr(struct ndr_push *nd static enum ndr_err_code ndr_pull_drsuapi_DsReplicaCursorCtr(struct ndr_pull *ndr, int ndr_flags, struct drsuapi_DsReplicaCursorCtr *r) { + uint32_t size_array_0 = 0; uint32_t cntr_array_0; TALLOC_CTX *_mem_save_array_0; if (ndr_flags & NDR_SCALARS) { @@ -9061,10 +9265,11 @@ static enum ndr_err_code ndr_pull_drsuapi_DsReplicaCursorCtr(struct ndr_pull *nd NDR_CHECK(ndr_pull_align(ndr, 8)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->count)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->reserved)); - NDR_PULL_ALLOC_N(ndr, r->array, ndr_get_array_size(ndr, &r->array)); + size_array_0 = ndr_get_array_size(ndr, &r->array); + NDR_PULL_ALLOC_N(ndr, r->array, size_array_0); _mem_save_array_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); - for (cntr_array_0 = 0; cntr_array_0 < r->count; cntr_array_0++) { + for (cntr_array_0 = 0; cntr_array_0 < size_array_0; cntr_array_0++) { NDR_CHECK(ndr_pull_drsuapi_DsReplicaCursor(ndr, NDR_SCALARS, &r->array[cntr_array_0])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_array_0, 0); @@ -9122,6 +9327,8 @@ static enum ndr_err_code ndr_push_drsuapi_DsReplicaObjMetaData(struct ndr_push * static enum ndr_err_code ndr_pull_drsuapi_DsReplicaObjMetaData(struct ndr_pull *ndr, int ndr_flags, struct drsuapi_DsReplicaObjMetaData *r) { uint32_t _ptr_attribute_name; + uint32_t size_attribute_name_1 = 0; + uint32_t length_attribute_name_1 = 0; TALLOC_CTX *_mem_save_attribute_name_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 8)); @@ -9143,11 +9350,13 @@ static enum ndr_err_code ndr_pull_drsuapi_DsReplicaObjMetaData(struct ndr_pull * NDR_PULL_SET_MEM_CTX(ndr, r->attribute_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->attribute_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->attribute_name)); - if (ndr_get_array_length(ndr, &r->attribute_name) > ndr_get_array_size(ndr, &r->attribute_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->attribute_name), ndr_get_array_length(ndr, &r->attribute_name)); + size_attribute_name_1 = ndr_get_array_size(ndr, &r->attribute_name); + length_attribute_name_1 = ndr_get_array_length(ndr, &r->attribute_name); + if (length_attribute_name_1 > size_attribute_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_attribute_name_1, length_attribute_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->attribute_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->attribute_name, ndr_get_array_length(ndr, &r->attribute_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_attribute_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->attribute_name, length_attribute_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_attribute_name_0, 0); } } @@ -9194,6 +9403,7 @@ static enum ndr_err_code ndr_push_drsuapi_DsReplicaObjMetaDataCtr(struct ndr_pus static enum ndr_err_code ndr_pull_drsuapi_DsReplicaObjMetaDataCtr(struct ndr_pull *ndr, int ndr_flags, struct drsuapi_DsReplicaObjMetaDataCtr *r) { + uint32_t size_array_0 = 0; uint32_t cntr_array_0; TALLOC_CTX *_mem_save_array_0; if (ndr_flags & NDR_SCALARS) { @@ -9201,10 +9411,11 @@ static enum ndr_err_code ndr_pull_drsuapi_DsReplicaObjMetaDataCtr(struct ndr_pul NDR_CHECK(ndr_pull_align(ndr, 8)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->count)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->reserved)); - NDR_PULL_ALLOC_N(ndr, r->array, ndr_get_array_size(ndr, &r->array)); + size_array_0 = ndr_get_array_size(ndr, &r->array); + NDR_PULL_ALLOC_N(ndr, r->array, size_array_0); _mem_save_array_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); - for (cntr_array_0 = 0; cntr_array_0 < r->count; cntr_array_0++) { + for (cntr_array_0 = 0; cntr_array_0 < size_array_0; cntr_array_0++) { NDR_CHECK(ndr_pull_drsuapi_DsReplicaObjMetaData(ndr, NDR_SCALARS, &r->array[cntr_array_0])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_array_0, 0); @@ -9213,9 +9424,10 @@ static enum ndr_err_code ndr_pull_drsuapi_DsReplicaObjMetaDataCtr(struct ndr_pul } } if (ndr_flags & NDR_BUFFERS) { + size_array_0 = ndr_get_array_size(ndr, &r->array); _mem_save_array_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); - for (cntr_array_0 = 0; cntr_array_0 < r->count; cntr_array_0++) { + for (cntr_array_0 = 0; cntr_array_0 < size_array_0; cntr_array_0++) { NDR_CHECK(ndr_pull_drsuapi_DsReplicaObjMetaData(ndr, NDR_BUFFERS, &r->array[cntr_array_0])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_array_0, 0); @@ -9267,6 +9479,8 @@ static enum ndr_err_code ndr_push_drsuapi_DsReplicaKccDsaFailure(struct ndr_push static enum ndr_err_code ndr_pull_drsuapi_DsReplicaKccDsaFailure(struct ndr_pull *ndr, int ndr_flags, struct drsuapi_DsReplicaKccDsaFailure *r) { uint32_t _ptr_dsa_obj_dn; + uint32_t size_dsa_obj_dn_1 = 0; + uint32_t length_dsa_obj_dn_1 = 0; TALLOC_CTX *_mem_save_dsa_obj_dn_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); @@ -9287,11 +9501,13 @@ static enum ndr_err_code ndr_pull_drsuapi_DsReplicaKccDsaFailure(struct ndr_pull NDR_PULL_SET_MEM_CTX(ndr, r->dsa_obj_dn, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->dsa_obj_dn)); NDR_CHECK(ndr_pull_array_length(ndr, &r->dsa_obj_dn)); - if (ndr_get_array_length(ndr, &r->dsa_obj_dn) > ndr_get_array_size(ndr, &r->dsa_obj_dn)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->dsa_obj_dn), ndr_get_array_length(ndr, &r->dsa_obj_dn)); + size_dsa_obj_dn_1 = ndr_get_array_size(ndr, &r->dsa_obj_dn); + length_dsa_obj_dn_1 = ndr_get_array_length(ndr, &r->dsa_obj_dn); + if (length_dsa_obj_dn_1 > size_dsa_obj_dn_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_dsa_obj_dn_1, length_dsa_obj_dn_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->dsa_obj_dn), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->dsa_obj_dn, ndr_get_array_length(ndr, &r->dsa_obj_dn), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_dsa_obj_dn_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->dsa_obj_dn, length_dsa_obj_dn_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_dsa_obj_dn_0, 0); } } @@ -9337,6 +9553,7 @@ static enum ndr_err_code ndr_push_drsuapi_DsReplicaKccDsaFailuresCtr(struct ndr_ static enum ndr_err_code ndr_pull_drsuapi_DsReplicaKccDsaFailuresCtr(struct ndr_pull *ndr, int ndr_flags, struct drsuapi_DsReplicaKccDsaFailuresCtr *r) { + uint32_t size_array_0 = 0; uint32_t cntr_array_0; TALLOC_CTX *_mem_save_array_0; if (ndr_flags & NDR_SCALARS) { @@ -9344,10 +9561,11 @@ static enum ndr_err_code ndr_pull_drsuapi_DsReplicaKccDsaFailuresCtr(struct ndr_ NDR_CHECK(ndr_pull_align(ndr, 4)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->count)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->reserved)); - NDR_PULL_ALLOC_N(ndr, r->array, ndr_get_array_size(ndr, &r->array)); + size_array_0 = ndr_get_array_size(ndr, &r->array); + NDR_PULL_ALLOC_N(ndr, r->array, size_array_0); _mem_save_array_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); - for (cntr_array_0 = 0; cntr_array_0 < r->count; cntr_array_0++) { + for (cntr_array_0 = 0; cntr_array_0 < size_array_0; cntr_array_0++) { NDR_CHECK(ndr_pull_drsuapi_DsReplicaKccDsaFailure(ndr, NDR_SCALARS, &r->array[cntr_array_0])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_array_0, 0); @@ -9356,9 +9574,10 @@ static enum ndr_err_code ndr_pull_drsuapi_DsReplicaKccDsaFailuresCtr(struct ndr_ } } if (ndr_flags & NDR_BUFFERS) { + size_array_0 = ndr_get_array_size(ndr, &r->array); _mem_save_array_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); - for (cntr_array_0 = 0; cntr_array_0 < r->count; cntr_array_0++) { + for (cntr_array_0 = 0; cntr_array_0 < size_array_0; cntr_array_0++) { NDR_CHECK(ndr_pull_drsuapi_DsReplicaKccDsaFailure(ndr, NDR_BUFFERS, &r->array[cntr_array_0])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_array_0, 0); @@ -9609,10 +9828,16 @@ static enum ndr_err_code ndr_push_drsuapi_DsReplicaOp(struct ndr_push *ndr, int static enum ndr_err_code ndr_pull_drsuapi_DsReplicaOp(struct ndr_pull *ndr, int ndr_flags, struct drsuapi_DsReplicaOp *r) { uint32_t _ptr_nc_dn; + uint32_t size_nc_dn_1 = 0; + uint32_t length_nc_dn_1 = 0; TALLOC_CTX *_mem_save_nc_dn_0; uint32_t _ptr_remote_dsa_obj_dn; + uint32_t size_remote_dsa_obj_dn_1 = 0; + uint32_t length_remote_dsa_obj_dn_1 = 0; TALLOC_CTX *_mem_save_remote_dsa_obj_dn_0; uint32_t _ptr_remote_dsa_address; + uint32_t size_remote_dsa_address_1 = 0; + uint32_t length_remote_dsa_address_1 = 0; TALLOC_CTX *_mem_save_remote_dsa_address_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); @@ -9649,11 +9874,13 @@ static enum ndr_err_code ndr_pull_drsuapi_DsReplicaOp(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->nc_dn, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->nc_dn)); NDR_CHECK(ndr_pull_array_length(ndr, &r->nc_dn)); - if (ndr_get_array_length(ndr, &r->nc_dn) > ndr_get_array_size(ndr, &r->nc_dn)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->nc_dn), ndr_get_array_length(ndr, &r->nc_dn)); + size_nc_dn_1 = ndr_get_array_size(ndr, &r->nc_dn); + length_nc_dn_1 = ndr_get_array_length(ndr, &r->nc_dn); + if (length_nc_dn_1 > size_nc_dn_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_nc_dn_1, length_nc_dn_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->nc_dn), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->nc_dn, ndr_get_array_length(ndr, &r->nc_dn), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_nc_dn_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->nc_dn, length_nc_dn_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_nc_dn_0, 0); } if (r->remote_dsa_obj_dn) { @@ -9661,11 +9888,13 @@ static enum ndr_err_code ndr_pull_drsuapi_DsReplicaOp(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->remote_dsa_obj_dn, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->remote_dsa_obj_dn)); NDR_CHECK(ndr_pull_array_length(ndr, &r->remote_dsa_obj_dn)); - if (ndr_get_array_length(ndr, &r->remote_dsa_obj_dn) > ndr_get_array_size(ndr, &r->remote_dsa_obj_dn)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->remote_dsa_obj_dn), ndr_get_array_length(ndr, &r->remote_dsa_obj_dn)); + size_remote_dsa_obj_dn_1 = ndr_get_array_size(ndr, &r->remote_dsa_obj_dn); + length_remote_dsa_obj_dn_1 = ndr_get_array_length(ndr, &r->remote_dsa_obj_dn); + if (length_remote_dsa_obj_dn_1 > size_remote_dsa_obj_dn_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_remote_dsa_obj_dn_1, length_remote_dsa_obj_dn_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->remote_dsa_obj_dn), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->remote_dsa_obj_dn, ndr_get_array_length(ndr, &r->remote_dsa_obj_dn), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_remote_dsa_obj_dn_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->remote_dsa_obj_dn, length_remote_dsa_obj_dn_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_remote_dsa_obj_dn_0, 0); } if (r->remote_dsa_address) { @@ -9673,11 +9902,13 @@ static enum ndr_err_code ndr_pull_drsuapi_DsReplicaOp(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->remote_dsa_address, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->remote_dsa_address)); NDR_CHECK(ndr_pull_array_length(ndr, &r->remote_dsa_address)); - if (ndr_get_array_length(ndr, &r->remote_dsa_address) > ndr_get_array_size(ndr, &r->remote_dsa_address)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->remote_dsa_address), ndr_get_array_length(ndr, &r->remote_dsa_address)); + size_remote_dsa_address_1 = ndr_get_array_size(ndr, &r->remote_dsa_address); + length_remote_dsa_address_1 = ndr_get_array_length(ndr, &r->remote_dsa_address); + if (length_remote_dsa_address_1 > size_remote_dsa_address_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_remote_dsa_address_1, length_remote_dsa_address_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->remote_dsa_address), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->remote_dsa_address, ndr_get_array_length(ndr, &r->remote_dsa_address), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_remote_dsa_address_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->remote_dsa_address, length_remote_dsa_address_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_remote_dsa_address_0, 0); } } @@ -9739,6 +9970,7 @@ static enum ndr_err_code ndr_push_drsuapi_DsReplicaOpCtr(struct ndr_push *ndr, i static enum ndr_err_code ndr_pull_drsuapi_DsReplicaOpCtr(struct ndr_pull *ndr, int ndr_flags, struct drsuapi_DsReplicaOpCtr *r) { + uint32_t size_array_0 = 0; uint32_t cntr_array_0; TALLOC_CTX *_mem_save_array_0; if (ndr_flags & NDR_SCALARS) { @@ -9746,10 +9978,11 @@ static enum ndr_err_code ndr_pull_drsuapi_DsReplicaOpCtr(struct ndr_pull *ndr, i NDR_CHECK(ndr_pull_align(ndr, 4)); NDR_CHECK(ndr_pull_NTTIME(ndr, NDR_SCALARS, &r->time)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->count)); - NDR_PULL_ALLOC_N(ndr, r->array, ndr_get_array_size(ndr, &r->array)); + size_array_0 = ndr_get_array_size(ndr, &r->array); + NDR_PULL_ALLOC_N(ndr, r->array, size_array_0); _mem_save_array_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); - for (cntr_array_0 = 0; cntr_array_0 < r->count; cntr_array_0++) { + for (cntr_array_0 = 0; cntr_array_0 < size_array_0; cntr_array_0++) { NDR_CHECK(ndr_pull_drsuapi_DsReplicaOp(ndr, NDR_SCALARS, &r->array[cntr_array_0])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_array_0, 0); @@ -9758,9 +9991,10 @@ static enum ndr_err_code ndr_pull_drsuapi_DsReplicaOpCtr(struct ndr_pull *ndr, i } } if (ndr_flags & NDR_BUFFERS) { + size_array_0 = ndr_get_array_size(ndr, &r->array); _mem_save_array_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); - for (cntr_array_0 = 0; cntr_array_0 < r->count; cntr_array_0++) { + for (cntr_array_0 = 0; cntr_array_0 < size_array_0; cntr_array_0++) { NDR_CHECK(ndr_pull_drsuapi_DsReplicaOp(ndr, NDR_BUFFERS, &r->array[cntr_array_0])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_array_0, 0); @@ -9827,8 +10061,12 @@ static enum ndr_err_code ndr_push_drsuapi_DsReplicaAttrValMetaData(struct ndr_pu static enum ndr_err_code ndr_pull_drsuapi_DsReplicaAttrValMetaData(struct ndr_pull *ndr, int ndr_flags, struct drsuapi_DsReplicaAttrValMetaData *r) { uint32_t _ptr_attribute_name; + uint32_t size_attribute_name_1 = 0; + uint32_t length_attribute_name_1 = 0; TALLOC_CTX *_mem_save_attribute_name_0; uint32_t _ptr_object_dn; + uint32_t size_object_dn_1 = 0; + uint32_t length_object_dn_1 = 0; TALLOC_CTX *_mem_save_object_dn_0; uint32_t _ptr_binary; TALLOC_CTX *_mem_save_binary_0; @@ -9867,11 +10105,13 @@ static enum ndr_err_code ndr_pull_drsuapi_DsReplicaAttrValMetaData(struct ndr_pu NDR_PULL_SET_MEM_CTX(ndr, r->attribute_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->attribute_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->attribute_name)); - if (ndr_get_array_length(ndr, &r->attribute_name) > ndr_get_array_size(ndr, &r->attribute_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->attribute_name), ndr_get_array_length(ndr, &r->attribute_name)); + size_attribute_name_1 = ndr_get_array_size(ndr, &r->attribute_name); + length_attribute_name_1 = ndr_get_array_length(ndr, &r->attribute_name); + if (length_attribute_name_1 > size_attribute_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_attribute_name_1, length_attribute_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->attribute_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->attribute_name, ndr_get_array_length(ndr, &r->attribute_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_attribute_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->attribute_name, length_attribute_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_attribute_name_0, 0); } if (r->object_dn) { @@ -9879,11 +10119,13 @@ static enum ndr_err_code ndr_pull_drsuapi_DsReplicaAttrValMetaData(struct ndr_pu NDR_PULL_SET_MEM_CTX(ndr, r->object_dn, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->object_dn)); NDR_CHECK(ndr_pull_array_length(ndr, &r->object_dn)); - if (ndr_get_array_length(ndr, &r->object_dn) > ndr_get_array_size(ndr, &r->object_dn)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->object_dn), ndr_get_array_length(ndr, &r->object_dn)); + size_object_dn_1 = ndr_get_array_size(ndr, &r->object_dn); + length_object_dn_1 = ndr_get_array_length(ndr, &r->object_dn); + if (length_object_dn_1 > size_object_dn_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_object_dn_1, length_object_dn_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->object_dn), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->object_dn, ndr_get_array_length(ndr, &r->object_dn), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_object_dn_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->object_dn, length_object_dn_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_object_dn_0, 0); } if (r->binary) { @@ -9951,6 +10193,7 @@ static enum ndr_err_code ndr_push_drsuapi_DsReplicaAttrValMetaDataCtr(struct ndr static enum ndr_err_code ndr_pull_drsuapi_DsReplicaAttrValMetaDataCtr(struct ndr_pull *ndr, int ndr_flags, struct drsuapi_DsReplicaAttrValMetaDataCtr *r) { + uint32_t size_array_0 = 0; uint32_t cntr_array_0; TALLOC_CTX *_mem_save_array_0; if (ndr_flags & NDR_SCALARS) { @@ -9958,10 +10201,11 @@ static enum ndr_err_code ndr_pull_drsuapi_DsReplicaAttrValMetaDataCtr(struct ndr NDR_CHECK(ndr_pull_align(ndr, 8)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->count)); NDR_CHECK(ndr_pull_int32(ndr, NDR_SCALARS, &r->enumeration_context)); - NDR_PULL_ALLOC_N(ndr, r->array, ndr_get_array_size(ndr, &r->array)); + size_array_0 = ndr_get_array_size(ndr, &r->array); + NDR_PULL_ALLOC_N(ndr, r->array, size_array_0); _mem_save_array_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); - for (cntr_array_0 = 0; cntr_array_0 < r->count; cntr_array_0++) { + for (cntr_array_0 = 0; cntr_array_0 < size_array_0; cntr_array_0++) { NDR_CHECK(ndr_pull_drsuapi_DsReplicaAttrValMetaData(ndr, NDR_SCALARS, &r->array[cntr_array_0])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_array_0, 0); @@ -9970,9 +10214,10 @@ static enum ndr_err_code ndr_pull_drsuapi_DsReplicaAttrValMetaDataCtr(struct ndr } } if (ndr_flags & NDR_BUFFERS) { + size_array_0 = ndr_get_array_size(ndr, &r->array); _mem_save_array_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); - for (cntr_array_0 = 0; cntr_array_0 < r->count; cntr_array_0++) { + for (cntr_array_0 = 0; cntr_array_0 < size_array_0; cntr_array_0++) { NDR_CHECK(ndr_pull_drsuapi_DsReplicaAttrValMetaData(ndr, NDR_BUFFERS, &r->array[cntr_array_0])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_array_0, 0); @@ -10019,6 +10264,7 @@ static enum ndr_err_code ndr_push_drsuapi_DsReplicaCursor2Ctr(struct ndr_push *n static enum ndr_err_code ndr_pull_drsuapi_DsReplicaCursor2Ctr(struct ndr_pull *ndr, int ndr_flags, struct drsuapi_DsReplicaCursor2Ctr *r) { + uint32_t size_array_0 = 0; uint32_t cntr_array_0; TALLOC_CTX *_mem_save_array_0; if (ndr_flags & NDR_SCALARS) { @@ -10026,10 +10272,11 @@ static enum ndr_err_code ndr_pull_drsuapi_DsReplicaCursor2Ctr(struct ndr_pull *n NDR_CHECK(ndr_pull_align(ndr, 8)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->count)); NDR_CHECK(ndr_pull_int32(ndr, NDR_SCALARS, &r->enumeration_context)); - NDR_PULL_ALLOC_N(ndr, r->array, ndr_get_array_size(ndr, &r->array)); + size_array_0 = ndr_get_array_size(ndr, &r->array); + NDR_PULL_ALLOC_N(ndr, r->array, size_array_0); _mem_save_array_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); - for (cntr_array_0 = 0; cntr_array_0 < r->count; cntr_array_0++) { + for (cntr_array_0 = 0; cntr_array_0 < size_array_0; cntr_array_0++) { NDR_CHECK(ndr_pull_drsuapi_DsReplicaCursor2(ndr, NDR_SCALARS, &r->array[cntr_array_0])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_array_0, 0); @@ -10085,6 +10332,8 @@ static enum ndr_err_code ndr_push_drsuapi_DsReplicaCursor3(struct ndr_push *ndr, static enum ndr_err_code ndr_pull_drsuapi_DsReplicaCursor3(struct ndr_pull *ndr, int ndr_flags, struct drsuapi_DsReplicaCursor3 *r) { uint32_t _ptr_source_dsa_obj_dn; + uint32_t size_source_dsa_obj_dn_1 = 0; + uint32_t length_source_dsa_obj_dn_1 = 0; TALLOC_CTX *_mem_save_source_dsa_obj_dn_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 8)); @@ -10104,11 +10353,13 @@ static enum ndr_err_code ndr_pull_drsuapi_DsReplicaCursor3(struct ndr_pull *ndr, NDR_PULL_SET_MEM_CTX(ndr, r->source_dsa_obj_dn, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->source_dsa_obj_dn)); NDR_CHECK(ndr_pull_array_length(ndr, &r->source_dsa_obj_dn)); - if (ndr_get_array_length(ndr, &r->source_dsa_obj_dn) > ndr_get_array_size(ndr, &r->source_dsa_obj_dn)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->source_dsa_obj_dn), ndr_get_array_length(ndr, &r->source_dsa_obj_dn)); + size_source_dsa_obj_dn_1 = ndr_get_array_size(ndr, &r->source_dsa_obj_dn); + length_source_dsa_obj_dn_1 = ndr_get_array_length(ndr, &r->source_dsa_obj_dn); + if (length_source_dsa_obj_dn_1 > size_source_dsa_obj_dn_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_source_dsa_obj_dn_1, length_source_dsa_obj_dn_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->source_dsa_obj_dn), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->source_dsa_obj_dn, ndr_get_array_length(ndr, &r->source_dsa_obj_dn), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_source_dsa_obj_dn_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->source_dsa_obj_dn, length_source_dsa_obj_dn_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_source_dsa_obj_dn_0, 0); } } @@ -10153,6 +10404,7 @@ static enum ndr_err_code ndr_push_drsuapi_DsReplicaCursor3Ctr(struct ndr_push *n static enum ndr_err_code ndr_pull_drsuapi_DsReplicaCursor3Ctr(struct ndr_pull *ndr, int ndr_flags, struct drsuapi_DsReplicaCursor3Ctr *r) { + uint32_t size_array_0 = 0; uint32_t cntr_array_0; TALLOC_CTX *_mem_save_array_0; if (ndr_flags & NDR_SCALARS) { @@ -10160,10 +10412,11 @@ static enum ndr_err_code ndr_pull_drsuapi_DsReplicaCursor3Ctr(struct ndr_pull *n NDR_CHECK(ndr_pull_align(ndr, 8)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->count)); NDR_CHECK(ndr_pull_int32(ndr, NDR_SCALARS, &r->enumeration_context)); - NDR_PULL_ALLOC_N(ndr, r->array, ndr_get_array_size(ndr, &r->array)); + size_array_0 = ndr_get_array_size(ndr, &r->array); + NDR_PULL_ALLOC_N(ndr, r->array, size_array_0); _mem_save_array_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); - for (cntr_array_0 = 0; cntr_array_0 < r->count; cntr_array_0++) { + for (cntr_array_0 = 0; cntr_array_0 < size_array_0; cntr_array_0++) { NDR_CHECK(ndr_pull_drsuapi_DsReplicaCursor3(ndr, NDR_SCALARS, &r->array[cntr_array_0])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_array_0, 0); @@ -10172,9 +10425,10 @@ static enum ndr_err_code ndr_pull_drsuapi_DsReplicaCursor3Ctr(struct ndr_pull *n } } if (ndr_flags & NDR_BUFFERS) { + size_array_0 = ndr_get_array_size(ndr, &r->array); _mem_save_array_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); - for (cntr_array_0 = 0; cntr_array_0 < r->count; cntr_array_0++) { + for (cntr_array_0 = 0; cntr_array_0 < size_array_0; cntr_array_0++) { NDR_CHECK(ndr_pull_drsuapi_DsReplicaCursor3(ndr, NDR_BUFFERS, &r->array[cntr_array_0])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_array_0, 0); @@ -10234,8 +10488,12 @@ static enum ndr_err_code ndr_push_drsuapi_DsReplicaObjMetaData2(struct ndr_push static enum ndr_err_code ndr_pull_drsuapi_DsReplicaObjMetaData2(struct ndr_pull *ndr, int ndr_flags, struct drsuapi_DsReplicaObjMetaData2 *r) { uint32_t _ptr_attribute_name; + uint32_t size_attribute_name_1 = 0; + uint32_t length_attribute_name_1 = 0; TALLOC_CTX *_mem_save_attribute_name_0; uint32_t _ptr_originating_dsa_dn; + uint32_t size_originating_dsa_dn_1 = 0; + uint32_t length_originating_dsa_dn_1 = 0; TALLOC_CTX *_mem_save_originating_dsa_dn_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 8)); @@ -10263,11 +10521,13 @@ static enum ndr_err_code ndr_pull_drsuapi_DsReplicaObjMetaData2(struct ndr_pull NDR_PULL_SET_MEM_CTX(ndr, r->attribute_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->attribute_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->attribute_name)); - if (ndr_get_array_length(ndr, &r->attribute_name) > ndr_get_array_size(ndr, &r->attribute_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->attribute_name), ndr_get_array_length(ndr, &r->attribute_name)); + size_attribute_name_1 = ndr_get_array_size(ndr, &r->attribute_name); + length_attribute_name_1 = ndr_get_array_length(ndr, &r->attribute_name); + if (length_attribute_name_1 > size_attribute_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_attribute_name_1, length_attribute_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->attribute_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->attribute_name, ndr_get_array_length(ndr, &r->attribute_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_attribute_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->attribute_name, length_attribute_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_attribute_name_0, 0); } if (r->originating_dsa_dn) { @@ -10275,11 +10535,13 @@ static enum ndr_err_code ndr_pull_drsuapi_DsReplicaObjMetaData2(struct ndr_pull NDR_PULL_SET_MEM_CTX(ndr, r->originating_dsa_dn, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->originating_dsa_dn)); NDR_CHECK(ndr_pull_array_length(ndr, &r->originating_dsa_dn)); - if (ndr_get_array_length(ndr, &r->originating_dsa_dn) > ndr_get_array_size(ndr, &r->originating_dsa_dn)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->originating_dsa_dn), ndr_get_array_length(ndr, &r->originating_dsa_dn)); + size_originating_dsa_dn_1 = ndr_get_array_size(ndr, &r->originating_dsa_dn); + length_originating_dsa_dn_1 = ndr_get_array_length(ndr, &r->originating_dsa_dn); + if (length_originating_dsa_dn_1 > size_originating_dsa_dn_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_originating_dsa_dn_1, length_originating_dsa_dn_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->originating_dsa_dn), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->originating_dsa_dn, ndr_get_array_length(ndr, &r->originating_dsa_dn), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_originating_dsa_dn_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->originating_dsa_dn, length_originating_dsa_dn_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_originating_dsa_dn_0, 0); } } @@ -10332,6 +10594,7 @@ static enum ndr_err_code ndr_push_drsuapi_DsReplicaObjMetaData2Ctr(struct ndr_pu static enum ndr_err_code ndr_pull_drsuapi_DsReplicaObjMetaData2Ctr(struct ndr_pull *ndr, int ndr_flags, struct drsuapi_DsReplicaObjMetaData2Ctr *r) { + uint32_t size_array_0 = 0; uint32_t cntr_array_0; TALLOC_CTX *_mem_save_array_0; if (ndr_flags & NDR_SCALARS) { @@ -10339,10 +10602,11 @@ static enum ndr_err_code ndr_pull_drsuapi_DsReplicaObjMetaData2Ctr(struct ndr_pu NDR_CHECK(ndr_pull_align(ndr, 8)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->count)); NDR_CHECK(ndr_pull_int32(ndr, NDR_SCALARS, &r->enumeration_context)); - NDR_PULL_ALLOC_N(ndr, r->array, ndr_get_array_size(ndr, &r->array)); + size_array_0 = ndr_get_array_size(ndr, &r->array); + NDR_PULL_ALLOC_N(ndr, r->array, size_array_0); _mem_save_array_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); - for (cntr_array_0 = 0; cntr_array_0 < r->count; cntr_array_0++) { + for (cntr_array_0 = 0; cntr_array_0 < size_array_0; cntr_array_0++) { NDR_CHECK(ndr_pull_drsuapi_DsReplicaObjMetaData2(ndr, NDR_SCALARS, &r->array[cntr_array_0])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_array_0, 0); @@ -10351,9 +10615,10 @@ static enum ndr_err_code ndr_pull_drsuapi_DsReplicaObjMetaData2Ctr(struct ndr_pu } } if (ndr_flags & NDR_BUFFERS) { + size_array_0 = ndr_get_array_size(ndr, &r->array); _mem_save_array_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); - for (cntr_array_0 = 0; cntr_array_0 < r->count; cntr_array_0++) { + for (cntr_array_0 = 0; cntr_array_0 < size_array_0; cntr_array_0++) { NDR_CHECK(ndr_pull_drsuapi_DsReplicaObjMetaData2(ndr, NDR_BUFFERS, &r->array[cntr_array_0])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_array_0, 0); @@ -10427,12 +10692,18 @@ static enum ndr_err_code ndr_push_drsuapi_DsReplicaAttrValMetaData2(struct ndr_p static enum ndr_err_code ndr_pull_drsuapi_DsReplicaAttrValMetaData2(struct ndr_pull *ndr, int ndr_flags, struct drsuapi_DsReplicaAttrValMetaData2 *r) { uint32_t _ptr_attribute_name; + uint32_t size_attribute_name_1 = 0; + uint32_t length_attribute_name_1 = 0; TALLOC_CTX *_mem_save_attribute_name_0; uint32_t _ptr_object_dn; + uint32_t size_object_dn_1 = 0; + uint32_t length_object_dn_1 = 0; TALLOC_CTX *_mem_save_object_dn_0; uint32_t _ptr_binary; TALLOC_CTX *_mem_save_binary_0; uint32_t _ptr_originating_dsa_dn; + uint32_t size_originating_dsa_dn_1 = 0; + uint32_t length_originating_dsa_dn_1 = 0; TALLOC_CTX *_mem_save_originating_dsa_dn_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 8)); @@ -10475,11 +10746,13 @@ static enum ndr_err_code ndr_pull_drsuapi_DsReplicaAttrValMetaData2(struct ndr_p NDR_PULL_SET_MEM_CTX(ndr, r->attribute_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->attribute_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->attribute_name)); - if (ndr_get_array_length(ndr, &r->attribute_name) > ndr_get_array_size(ndr, &r->attribute_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->attribute_name), ndr_get_array_length(ndr, &r->attribute_name)); + size_attribute_name_1 = ndr_get_array_size(ndr, &r->attribute_name); + length_attribute_name_1 = ndr_get_array_length(ndr, &r->attribute_name); + if (length_attribute_name_1 > size_attribute_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_attribute_name_1, length_attribute_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->attribute_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->attribute_name, ndr_get_array_length(ndr, &r->attribute_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_attribute_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->attribute_name, length_attribute_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_attribute_name_0, 0); } if (r->object_dn) { @@ -10487,11 +10760,13 @@ static enum ndr_err_code ndr_pull_drsuapi_DsReplicaAttrValMetaData2(struct ndr_p NDR_PULL_SET_MEM_CTX(ndr, r->object_dn, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->object_dn)); NDR_CHECK(ndr_pull_array_length(ndr, &r->object_dn)); - if (ndr_get_array_length(ndr, &r->object_dn) > ndr_get_array_size(ndr, &r->object_dn)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->object_dn), ndr_get_array_length(ndr, &r->object_dn)); + size_object_dn_1 = ndr_get_array_size(ndr, &r->object_dn); + length_object_dn_1 = ndr_get_array_length(ndr, &r->object_dn); + if (length_object_dn_1 > size_object_dn_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_object_dn_1, length_object_dn_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->object_dn), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->object_dn, ndr_get_array_length(ndr, &r->object_dn), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_object_dn_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->object_dn, length_object_dn_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_object_dn_0, 0); } if (r->binary) { @@ -10505,11 +10780,13 @@ static enum ndr_err_code ndr_pull_drsuapi_DsReplicaAttrValMetaData2(struct ndr_p NDR_PULL_SET_MEM_CTX(ndr, r->originating_dsa_dn, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->originating_dsa_dn)); NDR_CHECK(ndr_pull_array_length(ndr, &r->originating_dsa_dn)); - if (ndr_get_array_length(ndr, &r->originating_dsa_dn) > ndr_get_array_size(ndr, &r->originating_dsa_dn)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->originating_dsa_dn), ndr_get_array_length(ndr, &r->originating_dsa_dn)); + size_originating_dsa_dn_1 = ndr_get_array_size(ndr, &r->originating_dsa_dn); + length_originating_dsa_dn_1 = ndr_get_array_length(ndr, &r->originating_dsa_dn); + if (length_originating_dsa_dn_1 > size_originating_dsa_dn_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_originating_dsa_dn_1, length_originating_dsa_dn_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->originating_dsa_dn), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->originating_dsa_dn, ndr_get_array_length(ndr, &r->originating_dsa_dn), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_originating_dsa_dn_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->originating_dsa_dn, length_originating_dsa_dn_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_originating_dsa_dn_0, 0); } } @@ -10577,6 +10854,7 @@ static enum ndr_err_code ndr_push_drsuapi_DsReplicaAttrValMetaData2Ctr(struct nd static enum ndr_err_code ndr_pull_drsuapi_DsReplicaAttrValMetaData2Ctr(struct ndr_pull *ndr, int ndr_flags, struct drsuapi_DsReplicaAttrValMetaData2Ctr *r) { + uint32_t size_array_0 = 0; uint32_t cntr_array_0; TALLOC_CTX *_mem_save_array_0; if (ndr_flags & NDR_SCALARS) { @@ -10584,10 +10862,11 @@ static enum ndr_err_code ndr_pull_drsuapi_DsReplicaAttrValMetaData2Ctr(struct nd NDR_CHECK(ndr_pull_align(ndr, 8)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->count)); NDR_CHECK(ndr_pull_int32(ndr, NDR_SCALARS, &r->enumeration_context)); - NDR_PULL_ALLOC_N(ndr, r->array, ndr_get_array_size(ndr, &r->array)); + size_array_0 = ndr_get_array_size(ndr, &r->array); + NDR_PULL_ALLOC_N(ndr, r->array, size_array_0); _mem_save_array_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); - for (cntr_array_0 = 0; cntr_array_0 < r->count; cntr_array_0++) { + for (cntr_array_0 = 0; cntr_array_0 < size_array_0; cntr_array_0++) { NDR_CHECK(ndr_pull_drsuapi_DsReplicaAttrValMetaData2(ndr, NDR_SCALARS, &r->array[cntr_array_0])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_array_0, 0); @@ -10596,9 +10875,10 @@ static enum ndr_err_code ndr_pull_drsuapi_DsReplicaAttrValMetaData2Ctr(struct nd } } if (ndr_flags & NDR_BUFFERS) { + size_array_0 = ndr_get_array_size(ndr, &r->array); _mem_save_array_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); - for (cntr_array_0 = 0; cntr_array_0 < r->count; cntr_array_0++) { + for (cntr_array_0 = 0; cntr_array_0 < size_array_0; cntr_array_0++) { NDR_CHECK(ndr_pull_drsuapi_DsReplicaAttrValMetaData2(ndr, NDR_BUFFERS, &r->array[cntr_array_0])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_array_0, 0); @@ -10703,6 +10983,7 @@ static enum ndr_err_code ndr_push_drsuapi_DsReplicaConnection04Ctr(struct ndr_pu static enum ndr_err_code ndr_pull_drsuapi_DsReplicaConnection04Ctr(struct ndr_pull *ndr, int ndr_flags, struct drsuapi_DsReplicaConnection04Ctr *r) { + uint32_t size_array_0 = 0; uint32_t cntr_array_0; TALLOC_CTX *_mem_save_array_0; if (ndr_flags & NDR_SCALARS) { @@ -10713,10 +10994,11 @@ static enum ndr_err_code ndr_pull_drsuapi_DsReplicaConnection04Ctr(struct ndr_pu return ndr_pull_error(ndr, NDR_ERR_RANGE, "value out of range"); } NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->reserved)); - NDR_PULL_ALLOC_N(ndr, r->array, ndr_get_array_size(ndr, &r->array)); + size_array_0 = ndr_get_array_size(ndr, &r->array); + NDR_PULL_ALLOC_N(ndr, r->array, size_array_0); _mem_save_array_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); - for (cntr_array_0 = 0; cntr_array_0 < r->count; cntr_array_0++) { + for (cntr_array_0 = 0; cntr_array_0 < size_array_0; cntr_array_0++) { NDR_CHECK(ndr_pull_drsuapi_DsReplicaConnection04(ndr, NDR_SCALARS, &r->array[cntr_array_0])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_array_0, 0); @@ -10776,6 +11058,8 @@ static enum ndr_err_code ndr_push_drsuapi_DsReplica06(struct ndr_push *ndr, int static enum ndr_err_code ndr_pull_drsuapi_DsReplica06(struct ndr_pull *ndr, int ndr_flags, struct drsuapi_DsReplica06 *r) { uint32_t _ptr_str1; + uint32_t size_str1_1 = 0; + uint32_t length_str1_1 = 0; TALLOC_CTX *_mem_save_str1_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 8)); @@ -10799,11 +11083,13 @@ static enum ndr_err_code ndr_pull_drsuapi_DsReplica06(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->str1, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->str1)); NDR_CHECK(ndr_pull_array_length(ndr, &r->str1)); - if (ndr_get_array_length(ndr, &r->str1) > ndr_get_array_size(ndr, &r->str1)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->str1), ndr_get_array_length(ndr, &r->str1)); + size_str1_1 = ndr_get_array_size(ndr, &r->str1); + length_str1_1 = ndr_get_array_length(ndr, &r->str1); + if (length_str1_1 > size_str1_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_str1_1, length_str1_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->str1), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->str1, ndr_get_array_length(ndr, &r->str1), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_str1_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->str1, length_str1_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_str1_0, 0); } } @@ -10852,6 +11138,7 @@ static enum ndr_err_code ndr_push_drsuapi_DsReplica06Ctr(struct ndr_push *ndr, i static enum ndr_err_code ndr_pull_drsuapi_DsReplica06Ctr(struct ndr_pull *ndr, int ndr_flags, struct drsuapi_DsReplica06Ctr *r) { + uint32_t size_array_0 = 0; uint32_t cntr_array_0; TALLOC_CTX *_mem_save_array_0; if (ndr_flags & NDR_SCALARS) { @@ -10862,10 +11149,11 @@ static enum ndr_err_code ndr_pull_drsuapi_DsReplica06Ctr(struct ndr_pull *ndr, i return ndr_pull_error(ndr, NDR_ERR_RANGE, "value out of range"); } NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->reserved)); - NDR_PULL_ALLOC_N(ndr, r->array, ndr_get_array_size(ndr, &r->array)); + size_array_0 = ndr_get_array_size(ndr, &r->array); + NDR_PULL_ALLOC_N(ndr, r->array, size_array_0); _mem_save_array_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); - for (cntr_array_0 = 0; cntr_array_0 < r->count; cntr_array_0++) { + for (cntr_array_0 = 0; cntr_array_0 < size_array_0; cntr_array_0++) { NDR_CHECK(ndr_pull_drsuapi_DsReplica06(ndr, NDR_SCALARS, &r->array[cntr_array_0])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_array_0, 0); @@ -10874,9 +11162,10 @@ static enum ndr_err_code ndr_pull_drsuapi_DsReplica06Ctr(struct ndr_pull *ndr, i } } if (ndr_flags & NDR_BUFFERS) { + size_array_0 = ndr_get_array_size(ndr, &r->array); _mem_save_array_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); - for (cntr_array_0 = 0; cntr_array_0 < r->count; cntr_array_0++) { + for (cntr_array_0 = 0; cntr_array_0 < size_array_0; cntr_array_0++) { NDR_CHECK(ndr_pull_drsuapi_DsReplica06(ndr, NDR_BUFFERS, &r->array[cntr_array_0])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_array_0, 0); @@ -11079,20 +11368,35 @@ static enum ndr_err_code ndr_pull_drsuapi_DsReplicaInfo(struct ndr_pull *ndr, in int level; uint32_t _level; TALLOC_CTX *_mem_save_neighbours_0; + uint32_t _ptr_neighbours; TALLOC_CTX *_mem_save_cursors_0; + uint32_t _ptr_cursors; TALLOC_CTX *_mem_save_objmetadata_0; + uint32_t _ptr_objmetadata; TALLOC_CTX *_mem_save_connectfailures_0; + uint32_t _ptr_connectfailures; TALLOC_CTX *_mem_save_linkfailures_0; + uint32_t _ptr_linkfailures; TALLOC_CTX *_mem_save_pendingops_0; + uint32_t _ptr_pendingops; TALLOC_CTX *_mem_save_attrvalmetadata_0; + uint32_t _ptr_attrvalmetadata; TALLOC_CTX *_mem_save_cursors2_0; + uint32_t _ptr_cursors2; TALLOC_CTX *_mem_save_cursors3_0; + uint32_t _ptr_cursors3; TALLOC_CTX *_mem_save_objmetadata2_0; + uint32_t _ptr_objmetadata2; TALLOC_CTX *_mem_save_attrvalmetadata2_0; + uint32_t _ptr_attrvalmetadata2; TALLOC_CTX *_mem_save_neighbours02_0; + uint32_t _ptr_neighbours02; TALLOC_CTX *_mem_save_connections04_0; + uint32_t _ptr_connections04; TALLOC_CTX *_mem_save_cursors05_0; + uint32_t _ptr_cursors05; TALLOC_CTX *_mem_save_i06_0; + uint32_t _ptr_i06; level = ndr_pull_get_switch_value(ndr, r); if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &_level)); @@ -11101,7 +11405,6 @@ static enum ndr_err_code ndr_pull_drsuapi_DsReplicaInfo(struct ndr_pull *ndr, in } switch (level) { case DRSUAPI_DS_REPLICA_INFO_NEIGHBORS: { - uint32_t _ptr_neighbours; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_neighbours)); if (_ptr_neighbours) { NDR_PULL_ALLOC(ndr, r->neighbours); @@ -11111,7 +11414,6 @@ static enum ndr_err_code ndr_pull_drsuapi_DsReplicaInfo(struct ndr_pull *ndr, in break; } case DRSUAPI_DS_REPLICA_INFO_CURSORS: { - uint32_t _ptr_cursors; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_cursors)); if (_ptr_cursors) { NDR_PULL_ALLOC(ndr, r->cursors); @@ -11121,7 +11423,6 @@ static enum ndr_err_code ndr_pull_drsuapi_DsReplicaInfo(struct ndr_pull *ndr, in break; } case DRSUAPI_DS_REPLICA_INFO_OBJ_METADATA: { - uint32_t _ptr_objmetadata; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_objmetadata)); if (_ptr_objmetadata) { NDR_PULL_ALLOC(ndr, r->objmetadata); @@ -11131,7 +11432,6 @@ static enum ndr_err_code ndr_pull_drsuapi_DsReplicaInfo(struct ndr_pull *ndr, in break; } case DRSUAPI_DS_REPLICA_INFO_KCC_DSA_CONNECT_FAILURES: { - uint32_t _ptr_connectfailures; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_connectfailures)); if (_ptr_connectfailures) { NDR_PULL_ALLOC(ndr, r->connectfailures); @@ -11141,7 +11441,6 @@ static enum ndr_err_code ndr_pull_drsuapi_DsReplicaInfo(struct ndr_pull *ndr, in break; } case DRSUAPI_DS_REPLICA_INFO_KCC_DSA_LINK_FAILURES: { - uint32_t _ptr_linkfailures; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_linkfailures)); if (_ptr_linkfailures) { NDR_PULL_ALLOC(ndr, r->linkfailures); @@ -11151,7 +11450,6 @@ static enum ndr_err_code ndr_pull_drsuapi_DsReplicaInfo(struct ndr_pull *ndr, in break; } case DRSUAPI_DS_REPLICA_INFO_PENDING_OPS: { - uint32_t _ptr_pendingops; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_pendingops)); if (_ptr_pendingops) { NDR_PULL_ALLOC(ndr, r->pendingops); @@ -11161,7 +11459,6 @@ static enum ndr_err_code ndr_pull_drsuapi_DsReplicaInfo(struct ndr_pull *ndr, in break; } case DRSUAPI_DS_REPLICA_INFO_ATTRIBUTE_VALUE_METADATA: { - uint32_t _ptr_attrvalmetadata; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_attrvalmetadata)); if (_ptr_attrvalmetadata) { NDR_PULL_ALLOC(ndr, r->attrvalmetadata); @@ -11171,7 +11468,6 @@ static enum ndr_err_code ndr_pull_drsuapi_DsReplicaInfo(struct ndr_pull *ndr, in break; } case DRSUAPI_DS_REPLICA_INFO_CURSORS2: { - uint32_t _ptr_cursors2; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_cursors2)); if (_ptr_cursors2) { NDR_PULL_ALLOC(ndr, r->cursors2); @@ -11181,7 +11477,6 @@ static enum ndr_err_code ndr_pull_drsuapi_DsReplicaInfo(struct ndr_pull *ndr, in break; } case DRSUAPI_DS_REPLICA_INFO_CURSORS3: { - uint32_t _ptr_cursors3; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_cursors3)); if (_ptr_cursors3) { NDR_PULL_ALLOC(ndr, r->cursors3); @@ -11191,7 +11486,6 @@ static enum ndr_err_code ndr_pull_drsuapi_DsReplicaInfo(struct ndr_pull *ndr, in break; } case DRSUAPI_DS_REPLICA_INFO_OBJ_METADATA2: { - uint32_t _ptr_objmetadata2; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_objmetadata2)); if (_ptr_objmetadata2) { NDR_PULL_ALLOC(ndr, r->objmetadata2); @@ -11201,7 +11495,6 @@ static enum ndr_err_code ndr_pull_drsuapi_DsReplicaInfo(struct ndr_pull *ndr, in break; } case DRSUAPI_DS_REPLICA_INFO_ATTRIBUTE_VALUE_METADATA2: { - uint32_t _ptr_attrvalmetadata2; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_attrvalmetadata2)); if (_ptr_attrvalmetadata2) { NDR_PULL_ALLOC(ndr, r->attrvalmetadata2); @@ -11211,7 +11504,6 @@ static enum ndr_err_code ndr_pull_drsuapi_DsReplicaInfo(struct ndr_pull *ndr, in break; } case DRSUAPI_DS_REPLICA_INFO_NEIGHBORS02: { - uint32_t _ptr_neighbours02; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_neighbours02)); if (_ptr_neighbours02) { NDR_PULL_ALLOC(ndr, r->neighbours02); @@ -11221,7 +11513,6 @@ static enum ndr_err_code ndr_pull_drsuapi_DsReplicaInfo(struct ndr_pull *ndr, in break; } case DRSUAPI_DS_REPLICA_INFO_CONNECTIONS04: { - uint32_t _ptr_connections04; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_connections04)); if (_ptr_connections04) { NDR_PULL_ALLOC(ndr, r->connections04); @@ -11231,7 +11522,6 @@ static enum ndr_err_code ndr_pull_drsuapi_DsReplicaInfo(struct ndr_pull *ndr, in break; } case DRSUAPI_DS_REPLICA_INFO_CURSORS05: { - uint32_t _ptr_cursors05; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_cursors05)); if (_ptr_cursors05) { NDR_PULL_ALLOC(ndr, r->cursors05); @@ -11241,7 +11531,6 @@ static enum ndr_err_code ndr_pull_drsuapi_DsReplicaInfo(struct ndr_pull *ndr, in break; } case DRSUAPI_DS_REPLICA_INFO_06: { - uint32_t _ptr_i06; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_i06)); if (_ptr_i06) { NDR_PULL_ALLOC(ndr, r->i06); @@ -11646,6 +11935,7 @@ static enum ndr_err_code ndr_push_drsuapi_DsGetMemberships2Request1(struct ndr_p static enum ndr_err_code ndr_pull_drsuapi_DsGetMemberships2Request1(struct ndr_pull *ndr, int ndr_flags, struct drsuapi_DsGetMemberships2Request1 *r) { uint32_t _ptr_req_array; + uint32_t size_req_array_1 = 0; uint32_t cntr_req_array_1; TALLOC_CTX *_mem_save_req_array_0; TALLOC_CTX *_mem_save_req_array_1; @@ -11668,10 +11958,11 @@ static enum ndr_err_code ndr_pull_drsuapi_DsGetMemberships2Request1(struct ndr_p _mem_save_req_array_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->req_array, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->req_array)); - NDR_PULL_ALLOC_N(ndr, r->req_array, ndr_get_array_size(ndr, &r->req_array)); + size_req_array_1 = ndr_get_array_size(ndr, &r->req_array); + NDR_PULL_ALLOC_N(ndr, r->req_array, size_req_array_1); _mem_save_req_array_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->req_array, 0); - for (cntr_req_array_1 = 0; cntr_req_array_1 < r->num_req; cntr_req_array_1++) { + for (cntr_req_array_1 = 0; cntr_req_array_1 < size_req_array_1; cntr_req_array_1++) { NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_req_array)); if (_ptr_req_array) { NDR_PULL_ALLOC(ndr, r->req_array[cntr_req_array_1]); @@ -11679,7 +11970,7 @@ static enum ndr_err_code ndr_pull_drsuapi_DsGetMemberships2Request1(struct ndr_p r->req_array[cntr_req_array_1] = NULL; } } - for (cntr_req_array_1 = 0; cntr_req_array_1 < r->num_req; cntr_req_array_1++) { + for (cntr_req_array_1 = 0; cntr_req_array_1 < size_req_array_1; cntr_req_array_1++) { if (r->req_array[cntr_req_array_1]) { _mem_save_req_array_2 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->req_array[cntr_req_array_1], 0); @@ -11857,6 +12148,7 @@ static enum ndr_err_code ndr_push_drsuapi_QuerySitesByCostCtr1(struct ndr_push * static enum ndr_err_code ndr_pull_drsuapi_QuerySitesByCostCtr1(struct ndr_pull *ndr, int ndr_flags, struct drsuapi_QuerySitesByCostCtr1 *r) { uint32_t _ptr_info; + uint32_t size_info_1 = 0; uint32_t cntr_info_1; TALLOC_CTX *_mem_save_info_0; TALLOC_CTX *_mem_save_info_1; @@ -11879,10 +12171,11 @@ static enum ndr_err_code ndr_pull_drsuapi_QuerySitesByCostCtr1(struct ndr_pull * _mem_save_info_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->info, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->info)); - NDR_PULL_ALLOC_N(ndr, r->info, ndr_get_array_size(ndr, &r->info)); + size_info_1 = ndr_get_array_size(ndr, &r->info); + NDR_PULL_ALLOC_N(ndr, r->info, size_info_1); _mem_save_info_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->info, 0); - for (cntr_info_1 = 0; cntr_info_1 < r->num_info; cntr_info_1++) { + for (cntr_info_1 = 0; cntr_info_1 < size_info_1; cntr_info_1++) { NDR_CHECK(ndr_pull_drsuapi_DsSiteCostInfo(ndr, NDR_SCALARS, &r->info[cntr_info_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_info_1, 0); @@ -12033,9 +12326,14 @@ static enum ndr_err_code ndr_push_drsuapi_QuerySitesByCostRequest1(struct ndr_pu static enum ndr_err_code ndr_pull_drsuapi_QuerySitesByCostRequest1(struct ndr_pull *ndr, int ndr_flags, struct drsuapi_QuerySitesByCostRequest1 *r) { uint32_t _ptr_site_from; + uint32_t size_site_from_1 = 0; + uint32_t length_site_from_1 = 0; TALLOC_CTX *_mem_save_site_from_0; uint32_t _ptr_site_to; + uint32_t size_site_to_1 = 0; uint32_t cntr_site_to_1; + uint32_t size_site_to_3 = 0; + uint32_t length_site_to_3 = 0; TALLOC_CTX *_mem_save_site_to_0; TALLOC_CTX *_mem_save_site_to_1; TALLOC_CTX *_mem_save_site_to_2; @@ -12065,21 +12363,24 @@ static enum ndr_err_code ndr_pull_drsuapi_QuerySitesByCostRequest1(struct ndr_pu NDR_PULL_SET_MEM_CTX(ndr, r->site_from, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->site_from)); NDR_CHECK(ndr_pull_array_length(ndr, &r->site_from)); - if (ndr_get_array_length(ndr, &r->site_from) > ndr_get_array_size(ndr, &r->site_from)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->site_from), ndr_get_array_length(ndr, &r->site_from)); + size_site_from_1 = ndr_get_array_size(ndr, &r->site_from); + length_site_from_1 = ndr_get_array_length(ndr, &r->site_from); + if (length_site_from_1 > size_site_from_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_site_from_1, length_site_from_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->site_from), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->site_from, ndr_get_array_length(ndr, &r->site_from), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_site_from_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->site_from, length_site_from_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_site_from_0, 0); } if (r->site_to) { _mem_save_site_to_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->site_to, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->site_to)); - NDR_PULL_ALLOC_N(ndr, r->site_to, ndr_get_array_size(ndr, &r->site_to)); + size_site_to_1 = ndr_get_array_size(ndr, &r->site_to); + NDR_PULL_ALLOC_N(ndr, r->site_to, size_site_to_1); _mem_save_site_to_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->site_to, 0); - for (cntr_site_to_1 = 0; cntr_site_to_1 < r->num_req; cntr_site_to_1++) { + for (cntr_site_to_1 = 0; cntr_site_to_1 < size_site_to_1; cntr_site_to_1++) { NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_site_to)); if (_ptr_site_to) { NDR_PULL_ALLOC(ndr, r->site_to[cntr_site_to_1]); @@ -12087,17 +12388,19 @@ static enum ndr_err_code ndr_pull_drsuapi_QuerySitesByCostRequest1(struct ndr_pu r->site_to[cntr_site_to_1] = NULL; } } - for (cntr_site_to_1 = 0; cntr_site_to_1 < r->num_req; cntr_site_to_1++) { + for (cntr_site_to_1 = 0; cntr_site_to_1 < size_site_to_1; cntr_site_to_1++) { if (r->site_to[cntr_site_to_1]) { _mem_save_site_to_2 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->site_to[cntr_site_to_1], 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->site_to[cntr_site_to_1])); NDR_CHECK(ndr_pull_array_length(ndr, &r->site_to[cntr_site_to_1])); - if (ndr_get_array_length(ndr, &r->site_to[cntr_site_to_1]) > ndr_get_array_size(ndr, &r->site_to[cntr_site_to_1])) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->site_to[cntr_site_to_1]), ndr_get_array_length(ndr, &r->site_to[cntr_site_to_1])); + size_site_to_3 = ndr_get_array_size(ndr, &r->site_to[cntr_site_to_1]); + length_site_to_3 = ndr_get_array_length(ndr, &r->site_to[cntr_site_to_1]); + if (length_site_to_3 > size_site_to_3) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_site_to_3, length_site_to_3); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->site_to[cntr_site_to_1]), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->site_to[cntr_site_to_1], ndr_get_array_length(ndr, &r->site_to[cntr_site_to_1]), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_site_to_3, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->site_to[cntr_site_to_1], length_site_to_3, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_site_to_2, 0); } } |