diff options
Diffstat (limited to 'librpc/gen_ndr/ndr_netlogon.c')
-rw-r--r-- | librpc/gen_ndr/ndr_netlogon.c | 1814 |
1 files changed, 1185 insertions, 629 deletions
diff --git a/librpc/gen_ndr/ndr_netlogon.c b/librpc/gen_ndr/ndr_netlogon.c index c1bdce4abd6..c3ab81a859f 100644 --- a/librpc/gen_ndr/ndr_netlogon.c +++ b/librpc/gen_ndr/ndr_netlogon.c @@ -61,12 +61,20 @@ static enum ndr_err_code ndr_push_netr_UasInfo(struct ndr_push *ndr, int ndr_fla static enum ndr_err_code ndr_pull_netr_UasInfo(struct ndr_pull *ndr, int ndr_flags, struct netr_UasInfo *r) { uint32_t _ptr_account_name; + uint32_t size_account_name_1 = 0; + uint32_t length_account_name_1 = 0; TALLOC_CTX *_mem_save_account_name_0; uint32_t _ptr_computer; + uint32_t size_computer_1 = 0; + uint32_t length_computer_1 = 0; TALLOC_CTX *_mem_save_computer_0; uint32_t _ptr_domain; + uint32_t size_domain_1 = 0; + uint32_t length_domain_1 = 0; TALLOC_CTX *_mem_save_domain_0; uint32_t _ptr_script_path; + uint32_t size_script_path_1 = 0; + uint32_t length_script_path_1 = 0; TALLOC_CTX *_mem_save_script_path_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); @@ -113,11 +121,13 @@ static enum ndr_err_code ndr_pull_netr_UasInfo(struct ndr_pull *ndr, int ndr_fla NDR_PULL_SET_MEM_CTX(ndr, r->account_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->account_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->account_name)); - if (ndr_get_array_length(ndr, &r->account_name) > ndr_get_array_size(ndr, &r->account_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->account_name), ndr_get_array_length(ndr, &r->account_name)); + size_account_name_1 = ndr_get_array_size(ndr, &r->account_name); + length_account_name_1 = ndr_get_array_length(ndr, &r->account_name); + if (length_account_name_1 > size_account_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_account_name_1, length_account_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->account_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->account_name, ndr_get_array_length(ndr, &r->account_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_account_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->account_name, length_account_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_account_name_0, 0); } if (r->computer) { @@ -125,11 +135,13 @@ static enum ndr_err_code ndr_pull_netr_UasInfo(struct ndr_pull *ndr, int ndr_fla NDR_PULL_SET_MEM_CTX(ndr, r->computer, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->computer)); NDR_CHECK(ndr_pull_array_length(ndr, &r->computer)); - if (ndr_get_array_length(ndr, &r->computer) > ndr_get_array_size(ndr, &r->computer)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->computer), ndr_get_array_length(ndr, &r->computer)); + size_computer_1 = ndr_get_array_size(ndr, &r->computer); + length_computer_1 = ndr_get_array_length(ndr, &r->computer); + if (length_computer_1 > size_computer_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_computer_1, length_computer_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->computer), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->computer, ndr_get_array_length(ndr, &r->computer), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_computer_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->computer, length_computer_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_computer_0, 0); } if (r->domain) { @@ -137,11 +149,13 @@ static enum ndr_err_code ndr_pull_netr_UasInfo(struct ndr_pull *ndr, int ndr_fla NDR_PULL_SET_MEM_CTX(ndr, r->domain, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->domain)); NDR_CHECK(ndr_pull_array_length(ndr, &r->domain)); - if (ndr_get_array_length(ndr, &r->domain) > ndr_get_array_size(ndr, &r->domain)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->domain), ndr_get_array_length(ndr, &r->domain)); + size_domain_1 = ndr_get_array_size(ndr, &r->domain); + length_domain_1 = ndr_get_array_length(ndr, &r->domain); + if (length_domain_1 > size_domain_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_domain_1, length_domain_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->domain), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->domain, ndr_get_array_length(ndr, &r->domain), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_domain_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->domain, length_domain_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_domain_0, 0); } if (r->script_path) { @@ -149,11 +163,13 @@ static enum ndr_err_code ndr_pull_netr_UasInfo(struct ndr_pull *ndr, int ndr_fla NDR_PULL_SET_MEM_CTX(ndr, r->script_path, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->script_path)); NDR_CHECK(ndr_pull_array_length(ndr, &r->script_path)); - if (ndr_get_array_length(ndr, &r->script_path) > ndr_get_array_size(ndr, &r->script_path)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->script_path), ndr_get_array_length(ndr, &r->script_path)); + size_script_path_1 = ndr_get_array_size(ndr, &r->script_path); + length_script_path_1 = ndr_get_array_length(ndr, &r->script_path); + if (length_script_path_1 > size_script_path_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_script_path_1, length_script_path_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->script_path), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->script_path, ndr_get_array_length(ndr, &r->script_path), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_script_path_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->script_path, length_script_path_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_script_path_0, 0); } } @@ -418,6 +434,8 @@ static enum ndr_err_code ndr_push_netr_ChallengeResponse(struct ndr_push *ndr, i static enum ndr_err_code ndr_pull_netr_ChallengeResponse(struct ndr_pull *ndr, int ndr_flags, struct netr_ChallengeResponse *r) { uint32_t _ptr_data; + uint32_t size_data_1 = 0; + uint32_t length_data_1 = 0; TALLOC_CTX *_mem_save_data_0; { uint32_t _flags_save_STRUCT = ndr->flags; @@ -439,11 +457,13 @@ static enum ndr_err_code ndr_pull_netr_ChallengeResponse(struct ndr_pull *ndr, i NDR_PULL_SET_MEM_CTX(ndr, r->data, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->data)); NDR_CHECK(ndr_pull_array_length(ndr, &r->data)); - if (ndr_get_array_length(ndr, &r->data) > ndr_get_array_size(ndr, &r->data)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->data), ndr_get_array_length(ndr, &r->data)); + size_data_1 = ndr_get_array_size(ndr, &r->data); + length_data_1 = ndr_get_array_length(ndr, &r->data); + if (length_data_1 > size_data_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_data_1, length_data_1); } - NDR_PULL_ALLOC_N(ndr, r->data, ndr_get_array_size(ndr, &r->data)); - NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->data, ndr_get_array_length(ndr, &r->data))); + NDR_PULL_ALLOC_N(ndr, r->data, size_data_1); + NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->data, length_data_1)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_data_0, 0); } if (r->data) { @@ -502,13 +522,15 @@ static enum ndr_err_code ndr_push_netr_NetworkInfo(struct ndr_push *ndr, int ndr static enum ndr_err_code ndr_pull_netr_NetworkInfo(struct ndr_pull *ndr, int ndr_flags, struct netr_NetworkInfo *r) { + uint32_t size_challenge_0 = 0; { uint32_t _flags_save_STRUCT = ndr->flags; ndr_set_flags(&ndr->flags, LIBNDR_PRINT_ARRAY_HEX); if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); NDR_CHECK(ndr_pull_netr_IdentityInfo(ndr, NDR_SCALARS, &r->identity_info)); - NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->challenge, 8)); + size_challenge_0 = 8; + NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->challenge, size_challenge_0)); NDR_CHECK(ndr_pull_netr_ChallengeResponse(ndr, NDR_SCALARS, &r->nt)); NDR_CHECK(ndr_pull_netr_ChallengeResponse(ndr, NDR_SCALARS, &r->lm)); } @@ -566,6 +588,7 @@ static enum ndr_err_code ndr_push_netr_GenericInfo(struct ndr_push *ndr, int ndr static enum ndr_err_code ndr_pull_netr_GenericInfo(struct ndr_pull *ndr, int ndr_flags, struct netr_GenericInfo *r) { uint32_t _ptr_data; + uint32_t size_data_1 = 0; TALLOC_CTX *_mem_save_data_0; { uint32_t _flags_save_STRUCT = ndr->flags; @@ -589,8 +612,9 @@ static enum ndr_err_code ndr_pull_netr_GenericInfo(struct ndr_pull *ndr, int ndr _mem_save_data_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->data, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->data)); - NDR_PULL_ALLOC_N(ndr, r->data, ndr_get_array_size(ndr, &r->data)); - NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->data, ndr_get_array_size(ndr, &r->data))); + size_data_1 = ndr_get_array_size(ndr, &r->data); + NDR_PULL_ALLOC_N(ndr, r->data, size_data_1); + NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->data, size_data_1)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_data_0, 0); } if (r->data) { @@ -748,8 +772,11 @@ _PUBLIC_ enum ndr_err_code ndr_pull_netr_LogonLevel(struct ndr_pull *ndr, int nd int level; uint16_t _level; TALLOC_CTX *_mem_save_password_0; + uint32_t _ptr_password; TALLOC_CTX *_mem_save_network_0; + uint32_t _ptr_network; TALLOC_CTX *_mem_save_generic_0; + uint32_t _ptr_generic; level = ndr_pull_get_switch_value(ndr, r); if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, &_level)); @@ -758,7 +785,6 @@ _PUBLIC_ enum ndr_err_code ndr_pull_netr_LogonLevel(struct ndr_pull *ndr, int nd } switch (level) { case NetlogonInteractiveInformation: { - uint32_t _ptr_password; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_password)); if (_ptr_password) { NDR_PULL_ALLOC(ndr, r->password); @@ -768,7 +794,6 @@ _PUBLIC_ enum ndr_err_code ndr_pull_netr_LogonLevel(struct ndr_pull *ndr, int nd break; } case NetlogonNetworkInformation: { - uint32_t _ptr_network; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_network)); if (_ptr_network) { NDR_PULL_ALLOC(ndr, r->network); @@ -778,7 +803,6 @@ _PUBLIC_ enum ndr_err_code ndr_pull_netr_LogonLevel(struct ndr_pull *ndr, int nd break; } case NetlogonServiceInformation: { - uint32_t _ptr_password; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_password)); if (_ptr_password) { NDR_PULL_ALLOC(ndr, r->password); @@ -788,7 +812,6 @@ _PUBLIC_ enum ndr_err_code ndr_pull_netr_LogonLevel(struct ndr_pull *ndr, int nd break; } case NetlogonGenericInformation: { - uint32_t _ptr_generic; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_generic)); if (_ptr_generic) { NDR_PULL_ALLOC(ndr, r->generic); @@ -798,7 +821,6 @@ _PUBLIC_ enum ndr_err_code ndr_pull_netr_LogonLevel(struct ndr_pull *ndr, int nd break; } case NetlogonInteractiveTransitiveInformation: { - uint32_t _ptr_password; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_password)); if (_ptr_password) { NDR_PULL_ALLOC(ndr, r->password); @@ -808,7 +830,6 @@ _PUBLIC_ enum ndr_err_code ndr_pull_netr_LogonLevel(struct ndr_pull *ndr, int nd break; } case NetlogonNetworkTransitiveInformation: { - uint32_t _ptr_network; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_network)); if (_ptr_network) { NDR_PULL_ALLOC(ndr, r->network); @@ -818,7 +839,6 @@ _PUBLIC_ enum ndr_err_code ndr_pull_netr_LogonLevel(struct ndr_pull *ndr, int nd break; } case NetlogonServiceTransitiveInformation: { - uint32_t _ptr_password; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_password)); if (_ptr_password) { NDR_PULL_ALLOC(ndr, r->password); @@ -995,12 +1015,14 @@ _PUBLIC_ enum ndr_err_code ndr_push_netr_UserSessionKey(struct ndr_push *ndr, in _PUBLIC_ enum ndr_err_code ndr_pull_netr_UserSessionKey(struct ndr_pull *ndr, int ndr_flags, struct netr_UserSessionKey *r) { + uint32_t size_key_0 = 0; { uint32_t _flags_save_STRUCT = ndr->flags; ndr_set_flags(&ndr->flags, LIBNDR_PRINT_ARRAY_HEX); if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 1)); - NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->key, 16)); + size_key_0 = 16; + NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->key, size_key_0)); } if (ndr_flags & NDR_BUFFERS) { } @@ -1040,12 +1062,14 @@ _PUBLIC_ enum ndr_err_code ndr_push_netr_LMSessionKey(struct ndr_push *ndr, int _PUBLIC_ enum ndr_err_code ndr_pull_netr_LMSessionKey(struct ndr_pull *ndr, int ndr_flags, struct netr_LMSessionKey *r) { + uint32_t size_key_0 = 0; { uint32_t _flags_save_STRUCT = ndr->flags; ndr_set_flags(&ndr->flags, LIBNDR_PRINT_ARRAY_HEX); if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 1)); - NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->key, 8)); + size_key_0 = 8; + NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->key, size_key_0)); } if (ndr_flags & NDR_BUFFERS) { } @@ -1153,6 +1177,7 @@ static enum ndr_err_code ndr_pull_netr_SamBaseInfo(struct ndr_pull *ndr, int ndr { uint32_t _ptr_domain_sid; TALLOC_CTX *_mem_save_domain_sid_0; + uint32_t size_unknown_0 = 0; uint32_t cntr_unknown_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); @@ -1185,7 +1210,8 @@ static enum ndr_err_code ndr_pull_netr_SamBaseInfo(struct ndr_pull *ndr, int ndr } NDR_CHECK(ndr_pull_netr_LMSessionKey(ndr, NDR_SCALARS, &r->LMSessKey)); NDR_CHECK(ndr_pull_samr_AcctFlags(ndr, NDR_SCALARS, &r->acct_flags)); - for (cntr_unknown_0 = 0; cntr_unknown_0 < 7; cntr_unknown_0++) { + size_unknown_0 = 7; + for (cntr_unknown_0 = 0; cntr_unknown_0 < size_unknown_0; cntr_unknown_0++) { NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->unknown[cntr_unknown_0])); } } @@ -1369,6 +1395,7 @@ _PUBLIC_ enum ndr_err_code ndr_push_netr_SamInfo3(struct ndr_push *ndr, int ndr_ _PUBLIC_ enum ndr_err_code ndr_pull_netr_SamInfo3(struct ndr_pull *ndr, int ndr_flags, struct netr_SamInfo3 *r) { uint32_t _ptr_sids; + uint32_t size_sids_1 = 0; uint32_t cntr_sids_1; TALLOC_CTX *_mem_save_sids_0; TALLOC_CTX *_mem_save_sids_1; @@ -1389,13 +1416,14 @@ _PUBLIC_ enum ndr_err_code ndr_pull_netr_SamInfo3(struct ndr_pull *ndr, int ndr_ _mem_save_sids_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->sids, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->sids)); - NDR_PULL_ALLOC_N(ndr, r->sids, ndr_get_array_size(ndr, &r->sids)); + size_sids_1 = ndr_get_array_size(ndr, &r->sids); + NDR_PULL_ALLOC_N(ndr, r->sids, size_sids_1); _mem_save_sids_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->sids, 0); - for (cntr_sids_1 = 0; cntr_sids_1 < r->sidcount; cntr_sids_1++) { + for (cntr_sids_1 = 0; cntr_sids_1 < size_sids_1; cntr_sids_1++) { NDR_CHECK(ndr_pull_netr_SidAttr(ndr, NDR_SCALARS, &r->sids[cntr_sids_1])); } - for (cntr_sids_1 = 0; cntr_sids_1 < r->sidcount; cntr_sids_1++) { + for (cntr_sids_1 = 0; cntr_sids_1 < size_sids_1; cntr_sids_1++) { NDR_CHECK(ndr_pull_netr_SidAttr(ndr, NDR_BUFFERS, &r->sids[cntr_sids_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_sids_1, 0); @@ -1468,9 +1496,11 @@ static enum ndr_err_code ndr_push_netr_SamInfo6(struct ndr_push *ndr, int ndr_fl static enum ndr_err_code ndr_pull_netr_SamInfo6(struct ndr_pull *ndr, int ndr_flags, struct netr_SamInfo6 *r) { uint32_t _ptr_sids; + uint32_t size_sids_1 = 0; uint32_t cntr_sids_1; TALLOC_CTX *_mem_save_sids_0; TALLOC_CTX *_mem_save_sids_1; + uint32_t size_unknown4_0 = 0; uint32_t cntr_unknown4_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); @@ -1484,7 +1514,8 @@ static enum ndr_err_code ndr_pull_netr_SamInfo6(struct ndr_pull *ndr, int ndr_fl } NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_SCALARS, &r->forest)); NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_SCALARS, &r->principle)); - for (cntr_unknown4_0 = 0; cntr_unknown4_0 < 20; cntr_unknown4_0++) { + size_unknown4_0 = 20; + for (cntr_unknown4_0 = 0; cntr_unknown4_0 < size_unknown4_0; cntr_unknown4_0++) { NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->unknown4[cntr_unknown4_0])); } } @@ -1494,13 +1525,14 @@ static enum ndr_err_code ndr_pull_netr_SamInfo6(struct ndr_pull *ndr, int ndr_fl _mem_save_sids_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->sids, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->sids)); - NDR_PULL_ALLOC_N(ndr, r->sids, ndr_get_array_size(ndr, &r->sids)); + size_sids_1 = ndr_get_array_size(ndr, &r->sids); + NDR_PULL_ALLOC_N(ndr, r->sids, size_sids_1); _mem_save_sids_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->sids, 0); - for (cntr_sids_1 = 0; cntr_sids_1 < r->sidcount; cntr_sids_1++) { + for (cntr_sids_1 = 0; cntr_sids_1 < size_sids_1; cntr_sids_1++) { NDR_CHECK(ndr_pull_netr_SidAttr(ndr, NDR_SCALARS, &r->sids[cntr_sids_1])); } - for (cntr_sids_1 = 0; cntr_sids_1 < r->sidcount; cntr_sids_1++) { + for (cntr_sids_1 = 0; cntr_sids_1 < size_sids_1; cntr_sids_1++) { NDR_CHECK(ndr_pull_netr_SidAttr(ndr, NDR_BUFFERS, &r->sids[cntr_sids_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_sids_1, 0); @@ -1597,9 +1629,12 @@ static enum ndr_err_code ndr_push_netr_PacInfo(struct ndr_push *ndr, int ndr_fla static enum ndr_err_code ndr_pull_netr_PacInfo(struct ndr_pull *ndr, int ndr_flags, struct netr_PacInfo *r) { uint32_t _ptr_pac; + uint32_t size_pac_1 = 0; TALLOC_CTX *_mem_save_pac_0; uint32_t _ptr_auth; + uint32_t size_auth_1 = 0; TALLOC_CTX *_mem_save_auth_0; + uint32_t size_expansionroom_0 = 0; uint32_t cntr_expansionroom_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); @@ -1621,7 +1656,8 @@ static enum ndr_err_code ndr_pull_netr_PacInfo(struct ndr_pull *ndr, int ndr_fla r->auth = NULL; } NDR_CHECK(ndr_pull_netr_UserSessionKey(ndr, NDR_SCALARS, &r->user_session_key)); - for (cntr_expansionroom_0 = 0; cntr_expansionroom_0 < 10; cntr_expansionroom_0++) { + size_expansionroom_0 = 10; + for (cntr_expansionroom_0 = 0; cntr_expansionroom_0 < size_expansionroom_0; cntr_expansionroom_0++) { NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->expansionroom[cntr_expansionroom_0])); } NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_SCALARS, &r->unknown1)); @@ -1634,8 +1670,9 @@ static enum ndr_err_code ndr_pull_netr_PacInfo(struct ndr_pull *ndr, int ndr_fla _mem_save_pac_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->pac, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->pac)); - NDR_PULL_ALLOC_N(ndr, r->pac, ndr_get_array_size(ndr, &r->pac)); - NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->pac, ndr_get_array_size(ndr, &r->pac))); + size_pac_1 = ndr_get_array_size(ndr, &r->pac); + NDR_PULL_ALLOC_N(ndr, r->pac, size_pac_1); + NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->pac, size_pac_1)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_pac_0, 0); } NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_BUFFERS, &r->logon_domain)); @@ -1645,8 +1682,9 @@ static enum ndr_err_code ndr_pull_netr_PacInfo(struct ndr_pull *ndr, int ndr_fla _mem_save_auth_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->auth, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->auth)); - NDR_PULL_ALLOC_N(ndr, r->auth, ndr_get_array_size(ndr, &r->auth)); - NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->auth, ndr_get_array_size(ndr, &r->auth))); + size_auth_1 = ndr_get_array_size(ndr, &r->auth); + NDR_PULL_ALLOC_N(ndr, r->auth, size_auth_1); + NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->auth, size_auth_1)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_auth_0, 0); } NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_BUFFERS, &r->unknown1)); @@ -1727,6 +1765,7 @@ static enum ndr_err_code ndr_push_netr_GenericInfo2(struct ndr_push *ndr, int nd static enum ndr_err_code ndr_pull_netr_GenericInfo2(struct ndr_pull *ndr, int ndr_flags, struct netr_GenericInfo2 *r) { uint32_t _ptr_data; + uint32_t size_data_1 = 0; TALLOC_CTX *_mem_save_data_0; { uint32_t _flags_save_STRUCT = ndr->flags; @@ -1746,8 +1785,9 @@ static enum ndr_err_code ndr_pull_netr_GenericInfo2(struct ndr_pull *ndr, int nd _mem_save_data_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->data, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->data)); - NDR_PULL_ALLOC_N(ndr, r->data, ndr_get_array_size(ndr, &r->data)); - NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->data, ndr_get_array_size(ndr, &r->data))); + size_data_1 = ndr_get_array_size(ndr, &r->data); + NDR_PULL_ALLOC_N(ndr, r->data, size_data_1); + NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->data, size_data_1)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_data_0, 0); } if (r->data) { @@ -1853,10 +1893,15 @@ _PUBLIC_ enum ndr_err_code ndr_pull_netr_Validation(struct ndr_pull *ndr, int nd int level; uint16_t _level; TALLOC_CTX *_mem_save_sam2_0; + uint32_t _ptr_sam2; TALLOC_CTX *_mem_save_sam3_0; + uint32_t _ptr_sam3; TALLOC_CTX *_mem_save_pac_0; + uint32_t _ptr_pac; TALLOC_CTX *_mem_save_generic_0; + uint32_t _ptr_generic; TALLOC_CTX *_mem_save_sam6_0; + uint32_t _ptr_sam6; level = ndr_pull_get_switch_value(ndr, r); if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, &_level)); @@ -1865,7 +1910,6 @@ _PUBLIC_ enum ndr_err_code ndr_pull_netr_Validation(struct ndr_pull *ndr, int nd } switch (level) { case NetlogonValidationSamInfo: { - uint32_t _ptr_sam2; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_sam2)); if (_ptr_sam2) { NDR_PULL_ALLOC(ndr, r->sam2); @@ -1875,7 +1919,6 @@ _PUBLIC_ enum ndr_err_code ndr_pull_netr_Validation(struct ndr_pull *ndr, int nd break; } case NetlogonValidationSamInfo2: { - uint32_t _ptr_sam3; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_sam3)); if (_ptr_sam3) { NDR_PULL_ALLOC(ndr, r->sam3); @@ -1885,7 +1928,6 @@ _PUBLIC_ enum ndr_err_code ndr_pull_netr_Validation(struct ndr_pull *ndr, int nd break; } case 4: { - uint32_t _ptr_pac; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_pac)); if (_ptr_pac) { NDR_PULL_ALLOC(ndr, r->pac); @@ -1895,7 +1937,6 @@ _PUBLIC_ enum ndr_err_code ndr_pull_netr_Validation(struct ndr_pull *ndr, int nd break; } case NetlogonValidationGenericInfo2: { - uint32_t _ptr_generic; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_generic)); if (_ptr_generic) { NDR_PULL_ALLOC(ndr, r->generic); @@ -1905,7 +1946,6 @@ _PUBLIC_ enum ndr_err_code ndr_pull_netr_Validation(struct ndr_pull *ndr, int nd break; } case NetlogonValidationSamInfo4: { - uint32_t _ptr_sam6; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_sam6)); if (_ptr_sam6) { NDR_PULL_ALLOC(ndr, r->sam6); @@ -2046,12 +2086,14 @@ _PUBLIC_ enum ndr_err_code ndr_push_netr_Credential(struct ndr_push *ndr, int nd _PUBLIC_ enum ndr_err_code ndr_pull_netr_Credential(struct ndr_pull *ndr, int ndr_flags, struct netr_Credential *r) { + uint32_t size_data_0 = 0; { uint32_t _flags_save_STRUCT = ndr->flags; ndr_set_flags(&ndr->flags, LIBNDR_PRINT_ARRAY_HEX); if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 1)); - NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->data, 8)); + size_data_0 = 8; + NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->data, size_data_0)); } if (ndr_flags & NDR_BUFFERS) { } @@ -2138,6 +2180,8 @@ static enum ndr_err_code ndr_push_netr_DELTA_DELETE_USER(struct ndr_push *ndr, i static enum ndr_err_code ndr_pull_netr_DELTA_DELETE_USER(struct ndr_pull *ndr, int ndr_flags, struct netr_DELTA_DELETE_USER *r) { uint32_t _ptr_account_name; + uint32_t size_account_name_1 = 0; + uint32_t length_account_name_1 = 0; TALLOC_CTX *_mem_save_account_name_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); @@ -2162,11 +2206,13 @@ static enum ndr_err_code ndr_pull_netr_DELTA_DELETE_USER(struct ndr_pull *ndr, i NDR_PULL_SET_MEM_CTX(ndr, r->account_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->account_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->account_name)); - if (ndr_get_array_length(ndr, &r->account_name) > ndr_get_array_size(ndr, &r->account_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->account_name), ndr_get_array_length(ndr, &r->account_name)); + size_account_name_1 = ndr_get_array_size(ndr, &r->account_name); + length_account_name_1 = ndr_get_array_length(ndr, &r->account_name); + if (length_account_name_1 > size_account_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_account_name_1, length_account_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->account_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->account_name, ndr_get_array_length(ndr, &r->account_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_account_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->account_name, length_account_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_account_name_0, 0); } NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_BUFFERS, &r->unknown1)); @@ -2257,6 +2303,8 @@ static enum ndr_err_code ndr_push_netr_PasswordHistory(struct ndr_push *ndr, int static enum ndr_err_code ndr_pull_netr_PasswordHistory(struct ndr_pull *ndr, int ndr_flags, struct netr_PasswordHistory *r) { + uint32_t size_nt_history_0 = 0; + uint32_t size_lm_history_0 = 0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, &r->nt_length)); @@ -2265,10 +2313,12 @@ static enum ndr_err_code ndr_pull_netr_PasswordHistory(struct ndr_pull *ndr, int NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, &r->lm_length)); NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, &r->lm_size)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->lm_flags)); - NDR_PULL_ALLOC_N(ndr, r->nt_history, r->nt_length); - NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->nt_history, r->nt_length)); - NDR_PULL_ALLOC_N(ndr, r->lm_history, r->lm_length); - NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->lm_history, r->lm_length)); + size_nt_history_0 = r->nt_length; + NDR_PULL_ALLOC_N(ndr, r->nt_history, size_nt_history_0); + NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->nt_history, size_nt_history_0)); + size_lm_history_0 = r->lm_length; + NDR_PULL_ALLOC_N(ndr, r->lm_history, size_lm_history_0); + NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->lm_history, size_lm_history_0)); } if (ndr_flags & NDR_BUFFERS) { } @@ -2419,6 +2469,7 @@ static enum ndr_err_code ndr_push_netr_USER_PRIVATE_INFO(struct ndr_push *ndr, i static enum ndr_err_code ndr_pull_netr_USER_PRIVATE_INFO(struct ndr_pull *ndr, int ndr_flags, struct netr_USER_PRIVATE_INFO *r) { uint32_t _ptr_SensitiveData; + uint32_t size_SensitiveData_1 = 0; TALLOC_CTX *_mem_save_SensitiveData_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); @@ -2444,8 +2495,9 @@ static enum ndr_err_code ndr_pull_netr_USER_PRIVATE_INFO(struct ndr_pull *ndr, i _mem_save_SensitiveData_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->SensitiveData, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->SensitiveData)); - NDR_PULL_ALLOC_N(ndr, r->SensitiveData, ndr_get_array_size(ndr, &r->SensitiveData)); - NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->SensitiveData, ndr_get_array_size(ndr, &r->SensitiveData))); + size_SensitiveData_1 = ndr_get_array_size(ndr, &r->SensitiveData); + NDR_PULL_ALLOC_N(ndr, r->SensitiveData, size_SensitiveData_1); + NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->SensitiveData, size_SensitiveData_1)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_SensitiveData_0, 0); } ndr->flags = _flags_save_uint8; @@ -2926,10 +2978,12 @@ static enum ndr_err_code ndr_push_netr_DELTA_GROUP_MEMBER(struct ndr_push *ndr, static enum ndr_err_code ndr_pull_netr_DELTA_GROUP_MEMBER(struct ndr_pull *ndr, int ndr_flags, struct netr_DELTA_GROUP_MEMBER *r) { uint32_t _ptr_rids; + uint32_t size_rids_1 = 0; uint32_t cntr_rids_1; TALLOC_CTX *_mem_save_rids_0; TALLOC_CTX *_mem_save_rids_1; uint32_t _ptr_attribs; + uint32_t size_attribs_1 = 0; uint32_t cntr_attribs_1; TALLOC_CTX *_mem_save_attribs_0; TALLOC_CTX *_mem_save_attribs_1; @@ -2958,10 +3012,11 @@ static enum ndr_err_code ndr_pull_netr_DELTA_GROUP_MEMBER(struct ndr_pull *ndr, _mem_save_rids_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->rids, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->rids)); - NDR_PULL_ALLOC_N(ndr, r->rids, ndr_get_array_size(ndr, &r->rids)); + size_rids_1 = ndr_get_array_size(ndr, &r->rids); + NDR_PULL_ALLOC_N(ndr, r->rids, size_rids_1); _mem_save_rids_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->rids, 0); - for (cntr_rids_1 = 0; cntr_rids_1 < r->num_rids; cntr_rids_1++) { + for (cntr_rids_1 = 0; cntr_rids_1 < size_rids_1; cntr_rids_1++) { NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->rids[cntr_rids_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_rids_1, 0); @@ -2971,10 +3026,11 @@ static enum ndr_err_code ndr_pull_netr_DELTA_GROUP_MEMBER(struct ndr_pull *ndr, _mem_save_attribs_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->attribs, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->attribs)); - NDR_PULL_ALLOC_N(ndr, r->attribs, ndr_get_array_size(ndr, &r->attribs)); + size_attribs_1 = ndr_get_array_size(ndr, &r->attribs); + NDR_PULL_ALLOC_N(ndr, r->attribs, size_attribs_1); _mem_save_attribs_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->attribs, 0); - for (cntr_attribs_1 = 0; cntr_attribs_1 < r->num_rids; cntr_attribs_1++) { + for (cntr_attribs_1 = 0; cntr_attribs_1 < size_attribs_1; cntr_attribs_1++) { NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->attribs[cntr_attribs_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_attribs_1, 0); @@ -3247,6 +3303,7 @@ static enum ndr_err_code ndr_push_netr_DELTA_POLICY(struct ndr_push *ndr, int nd static enum ndr_err_code ndr_pull_netr_DELTA_POLICY(struct ndr_pull *ndr, int ndr_flags, struct netr_DELTA_POLICY *r) { uint32_t _ptr_eventauditoptions; + uint32_t size_eventauditoptions_1 = 0; uint32_t cntr_eventauditoptions_1; TALLOC_CTX *_mem_save_eventauditoptions_0; TALLOC_CTX *_mem_save_eventauditoptions_1; @@ -3290,10 +3347,11 @@ static enum ndr_err_code ndr_pull_netr_DELTA_POLICY(struct ndr_pull *ndr, int nd _mem_save_eventauditoptions_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->eventauditoptions, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->eventauditoptions)); - NDR_PULL_ALLOC_N(ndr, r->eventauditoptions, ndr_get_array_size(ndr, &r->eventauditoptions)); + size_eventauditoptions_1 = ndr_get_array_size(ndr, &r->eventauditoptions); + NDR_PULL_ALLOC_N(ndr, r->eventauditoptions, size_eventauditoptions_1); _mem_save_eventauditoptions_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->eventauditoptions, 0); - for (cntr_eventauditoptions_1 = 0; cntr_eventauditoptions_1 < r->maxauditeventcount + 1; cntr_eventauditoptions_1++) { + for (cntr_eventauditoptions_1 = 0; cntr_eventauditoptions_1 < size_eventauditoptions_1; cntr_eventauditoptions_1++) { NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->eventauditoptions[cntr_eventauditoptions_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_eventauditoptions_1, 0); @@ -3407,6 +3465,7 @@ static enum ndr_err_code ndr_push_netr_DELTA_TRUSTED_DOMAIN(struct ndr_push *ndr static enum ndr_err_code ndr_pull_netr_DELTA_TRUSTED_DOMAIN(struct ndr_pull *ndr, int ndr_flags, struct netr_DELTA_TRUSTED_DOMAIN *r) { uint32_t _ptr_controller_names; + uint32_t size_controller_names_1 = 0; uint32_t cntr_controller_names_1; TALLOC_CTX *_mem_save_controller_names_0; TALLOC_CTX *_mem_save_controller_names_1; @@ -3437,13 +3496,14 @@ static enum ndr_err_code ndr_pull_netr_DELTA_TRUSTED_DOMAIN(struct ndr_pull *ndr _mem_save_controller_names_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->controller_names, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->controller_names)); - NDR_PULL_ALLOC_N(ndr, r->controller_names, ndr_get_array_size(ndr, &r->controller_names)); + size_controller_names_1 = ndr_get_array_size(ndr, &r->controller_names); + NDR_PULL_ALLOC_N(ndr, r->controller_names, size_controller_names_1); _mem_save_controller_names_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->controller_names, 0); - for (cntr_controller_names_1 = 0; cntr_controller_names_1 < r->num_controllers; cntr_controller_names_1++) { + for (cntr_controller_names_1 = 0; cntr_controller_names_1 < size_controller_names_1; cntr_controller_names_1++) { NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_SCALARS, &r->controller_names[cntr_controller_names_1])); } - for (cntr_controller_names_1 = 0; cntr_controller_names_1 < r->num_controllers; cntr_controller_names_1++) { + for (cntr_controller_names_1 = 0; cntr_controller_names_1 < size_controller_names_1; cntr_controller_names_1++) { NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_BUFFERS, &r->controller_names[cntr_controller_names_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_controller_names_1, 0); @@ -3577,10 +3637,12 @@ static enum ndr_err_code ndr_push_netr_DELTA_ACCOUNT(struct ndr_push *ndr, int n static enum ndr_err_code ndr_pull_netr_DELTA_ACCOUNT(struct ndr_pull *ndr, int ndr_flags, struct netr_DELTA_ACCOUNT *r) { uint32_t _ptr_privilege_attrib; + uint32_t size_privilege_attrib_1 = 0; uint32_t cntr_privilege_attrib_1; TALLOC_CTX *_mem_save_privilege_attrib_0; TALLOC_CTX *_mem_save_privilege_attrib_1; uint32_t _ptr_privilege_name; + uint32_t size_privilege_name_1 = 0; uint32_t cntr_privilege_name_1; TALLOC_CTX *_mem_save_privilege_name_0; TALLOC_CTX *_mem_save_privilege_name_1; @@ -3618,10 +3680,11 @@ static enum ndr_err_code ndr_pull_netr_DELTA_ACCOUNT(struct ndr_pull *ndr, int n _mem_save_privilege_attrib_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->privilege_attrib, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->privilege_attrib)); - NDR_PULL_ALLOC_N(ndr, r->privilege_attrib, ndr_get_array_size(ndr, &r->privilege_attrib)); + size_privilege_attrib_1 = ndr_get_array_size(ndr, &r->privilege_attrib); + NDR_PULL_ALLOC_N(ndr, r->privilege_attrib, size_privilege_attrib_1); _mem_save_privilege_attrib_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->privilege_attrib, 0); - for (cntr_privilege_attrib_1 = 0; cntr_privilege_attrib_1 < r->privilege_entries; cntr_privilege_attrib_1++) { + for (cntr_privilege_attrib_1 = 0; cntr_privilege_attrib_1 < size_privilege_attrib_1; cntr_privilege_attrib_1++) { NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->privilege_attrib[cntr_privilege_attrib_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_privilege_attrib_1, 0); @@ -3631,13 +3694,14 @@ static enum ndr_err_code ndr_pull_netr_DELTA_ACCOUNT(struct ndr_pull *ndr, int n _mem_save_privilege_name_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->privilege_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->privilege_name)); - NDR_PULL_ALLOC_N(ndr, r->privilege_name, ndr_get_array_size(ndr, &r->privilege_name)); + size_privilege_name_1 = ndr_get_array_size(ndr, &r->privilege_name); + NDR_PULL_ALLOC_N(ndr, r->privilege_name, size_privilege_name_1); _mem_save_privilege_name_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->privilege_name, 0); - for (cntr_privilege_name_1 = 0; cntr_privilege_name_1 < r->privilege_entries; cntr_privilege_name_1++) { + for (cntr_privilege_name_1 = 0; cntr_privilege_name_1 < size_privilege_name_1; cntr_privilege_name_1++) { NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_SCALARS, &r->privilege_name[cntr_privilege_name_1])); } - for (cntr_privilege_name_1 = 0; cntr_privilege_name_1 < r->privilege_entries; cntr_privilege_name_1++) { + for (cntr_privilege_name_1 = 0; cntr_privilege_name_1 < size_privilege_name_1; cntr_privilege_name_1++) { NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_BUFFERS, &r->privilege_name[cntr_privilege_name_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_privilege_name_1, 0); @@ -3793,6 +3857,8 @@ static enum ndr_err_code ndr_push_netr_CIPHER_VALUE(struct ndr_push *ndr, int nd static enum ndr_err_code ndr_pull_netr_CIPHER_VALUE(struct ndr_pull *ndr, int ndr_flags, struct netr_CIPHER_VALUE *r) { uint32_t _ptr_cipher_data; + uint32_t size_cipher_data_1 = 0; + uint32_t length_cipher_data_1 = 0; TALLOC_CTX *_mem_save_cipher_data_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); @@ -3811,11 +3877,13 @@ static enum ndr_err_code ndr_pull_netr_CIPHER_VALUE(struct ndr_pull *ndr, int nd NDR_PULL_SET_MEM_CTX(ndr, r->cipher_data, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->cipher_data)); NDR_CHECK(ndr_pull_array_length(ndr, &r->cipher_data)); - if (ndr_get_array_length(ndr, &r->cipher_data) > ndr_get_array_size(ndr, &r->cipher_data)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->cipher_data), ndr_get_array_length(ndr, &r->cipher_data)); + size_cipher_data_1 = ndr_get_array_size(ndr, &r->cipher_data); + length_cipher_data_1 = ndr_get_array_length(ndr, &r->cipher_data); + if (length_cipher_data_1 > size_cipher_data_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_cipher_data_1, length_cipher_data_1); } - NDR_PULL_ALLOC_N(ndr, r->cipher_data, ndr_get_array_size(ndr, &r->cipher_data)); - NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->cipher_data, ndr_get_array_length(ndr, &r->cipher_data))); + NDR_PULL_ALLOC_N(ndr, r->cipher_data, size_cipher_data_1); + NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->cipher_data, length_cipher_data_1)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_cipher_data_0, 0); } if (r->cipher_data) { @@ -4195,21 +4263,37 @@ static enum ndr_err_code ndr_pull_netr_DELTA_UNION(struct ndr_pull *ndr, int ndr int level; uint16_t _level; TALLOC_CTX *_mem_save_domain_0; + uint32_t _ptr_domain; TALLOC_CTX *_mem_save_group_0; + uint32_t _ptr_group; TALLOC_CTX *_mem_save_rename_group_0; + uint32_t _ptr_rename_group; TALLOC_CTX *_mem_save_user_0; + uint32_t _ptr_user; TALLOC_CTX *_mem_save_rename_user_0; + uint32_t _ptr_rename_user; TALLOC_CTX *_mem_save_group_member_0; + uint32_t _ptr_group_member; TALLOC_CTX *_mem_save_alias_0; + uint32_t _ptr_alias; TALLOC_CTX *_mem_save_rename_alias_0; + uint32_t _ptr_rename_alias; TALLOC_CTX *_mem_save_alias_member_0; + uint32_t _ptr_alias_member; TALLOC_CTX *_mem_save_policy_0; + uint32_t _ptr_policy; TALLOC_CTX *_mem_save_trusted_domain_0; + uint32_t _ptr_trusted_domain; TALLOC_CTX *_mem_save_account_0; + uint32_t _ptr_account; TALLOC_CTX *_mem_save_secret_0; + uint32_t _ptr_secret; TALLOC_CTX *_mem_save_delete_group_0; + uint32_t _ptr_delete_group; TALLOC_CTX *_mem_save_delete_user_0; + uint32_t _ptr_delete_user; TALLOC_CTX *_mem_save_modified_count_0; + uint32_t _ptr_modified_count; level = ndr_pull_get_switch_value(ndr, r); if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, &_level)); @@ -4218,7 +4302,6 @@ static enum ndr_err_code ndr_pull_netr_DELTA_UNION(struct ndr_pull *ndr, int ndr } switch (level) { case NETR_DELTA_DOMAIN: { - uint32_t _ptr_domain; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_domain)); if (_ptr_domain) { NDR_PULL_ALLOC(ndr, r->domain); @@ -4228,7 +4311,6 @@ static enum ndr_err_code ndr_pull_netr_DELTA_UNION(struct ndr_pull *ndr, int ndr break; } case NETR_DELTA_GROUP: { - uint32_t _ptr_group; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_group)); if (_ptr_group) { NDR_PULL_ALLOC(ndr, r->group); @@ -4241,7 +4323,6 @@ static enum ndr_err_code ndr_pull_netr_DELTA_UNION(struct ndr_pull *ndr, int ndr break; } case NETR_DELTA_RENAME_GROUP: { - uint32_t _ptr_rename_group; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_rename_group)); if (_ptr_rename_group) { NDR_PULL_ALLOC(ndr, r->rename_group); @@ -4251,7 +4332,6 @@ static enum ndr_err_code ndr_pull_netr_DELTA_UNION(struct ndr_pull *ndr, int ndr break; } case NETR_DELTA_USER: { - uint32_t _ptr_user; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_user)); if (_ptr_user) { NDR_PULL_ALLOC(ndr, r->user); @@ -4264,7 +4344,6 @@ static enum ndr_err_code ndr_pull_netr_DELTA_UNION(struct ndr_pull *ndr, int ndr break; } case NETR_DELTA_RENAME_USER: { - uint32_t _ptr_rename_user; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_rename_user)); if (_ptr_rename_user) { NDR_PULL_ALLOC(ndr, r->rename_user); @@ -4274,7 +4353,6 @@ static enum ndr_err_code ndr_pull_netr_DELTA_UNION(struct ndr_pull *ndr, int ndr break; } case NETR_DELTA_GROUP_MEMBER: { - uint32_t _ptr_group_member; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_group_member)); if (_ptr_group_member) { NDR_PULL_ALLOC(ndr, r->group_member); @@ -4284,7 +4362,6 @@ static enum ndr_err_code ndr_pull_netr_DELTA_UNION(struct ndr_pull *ndr, int ndr break; } case NETR_DELTA_ALIAS: { - uint32_t _ptr_alias; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_alias)); if (_ptr_alias) { NDR_PULL_ALLOC(ndr, r->alias); @@ -4297,7 +4374,6 @@ static enum ndr_err_code ndr_pull_netr_DELTA_UNION(struct ndr_pull *ndr, int ndr break; } case NETR_DELTA_RENAME_ALIAS: { - uint32_t _ptr_rename_alias; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_rename_alias)); if (_ptr_rename_alias) { NDR_PULL_ALLOC(ndr, r->rename_alias); @@ -4307,7 +4383,6 @@ static enum ndr_err_code ndr_pull_netr_DELTA_UNION(struct ndr_pull *ndr, int ndr break; } case NETR_DELTA_ALIAS_MEMBER: { - uint32_t _ptr_alias_member; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_alias_member)); if (_ptr_alias_member) { NDR_PULL_ALLOC(ndr, r->alias_member); @@ -4317,7 +4392,6 @@ static enum ndr_err_code ndr_pull_netr_DELTA_UNION(struct ndr_pull *ndr, int ndr break; } case NETR_DELTA_POLICY: { - uint32_t _ptr_policy; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_policy)); if (_ptr_policy) { NDR_PULL_ALLOC(ndr, r->policy); @@ -4327,7 +4401,6 @@ static enum ndr_err_code ndr_pull_netr_DELTA_UNION(struct ndr_pull *ndr, int ndr break; } case NETR_DELTA_TRUSTED_DOMAIN: { - uint32_t _ptr_trusted_domain; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_trusted_domain)); if (_ptr_trusted_domain) { NDR_PULL_ALLOC(ndr, r->trusted_domain); @@ -4341,7 +4414,6 @@ static enum ndr_err_code ndr_pull_netr_DELTA_UNION(struct ndr_pull *ndr, int ndr break; } case NETR_DELTA_ACCOUNT: { - uint32_t _ptr_account; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_account)); if (_ptr_account) { NDR_PULL_ALLOC(ndr, r->account); @@ -4355,7 +4427,6 @@ static enum ndr_err_code ndr_pull_netr_DELTA_UNION(struct ndr_pull *ndr, int ndr break; } case NETR_DELTA_SECRET: { - uint32_t _ptr_secret; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_secret)); if (_ptr_secret) { NDR_PULL_ALLOC(ndr, r->secret); @@ -4369,7 +4440,6 @@ static enum ndr_err_code ndr_pull_netr_DELTA_UNION(struct ndr_pull *ndr, int ndr break; } case NETR_DELTA_DELETE_GROUP2: { - uint32_t _ptr_delete_group; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_delete_group)); if (_ptr_delete_group) { NDR_PULL_ALLOC(ndr, r->delete_group); @@ -4379,7 +4449,6 @@ static enum ndr_err_code ndr_pull_netr_DELTA_UNION(struct ndr_pull *ndr, int ndr break; } case NETR_DELTA_DELETE_USER2: { - uint32_t _ptr_delete_user; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_delete_user)); if (_ptr_delete_user) { NDR_PULL_ALLOC(ndr, r->delete_user); @@ -4389,7 +4458,6 @@ static enum ndr_err_code ndr_pull_netr_DELTA_UNION(struct ndr_pull *ndr, int ndr break; } case NETR_DELTA_MODIFY_COUNT: { - uint32_t _ptr_modified_count; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_modified_count)); if (_ptr_modified_count) { NDR_PULL_ALLOC(ndr, r->modified_count); @@ -4954,7 +5022,11 @@ static enum ndr_err_code ndr_pull_netr_DELTA_ID_UNION(struct ndr_pull *ndr, int int level; uint16_t _level; TALLOC_CTX *_mem_save_sid_0; + uint32_t _ptr_sid; TALLOC_CTX *_mem_save_name_0; + uint32_t _ptr_name; + uint32_t size_name_1 = 0; + uint32_t length_name_1 = 0; level = ndr_pull_get_switch_value(ndr, r); if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, &_level)); @@ -5011,7 +5083,6 @@ static enum ndr_err_code ndr_pull_netr_DELTA_ID_UNION(struct ndr_pull *ndr, int break; } case NETR_DELTA_POLICY: { - uint32_t _ptr_sid; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_sid)); if (_ptr_sid) { NDR_PULL_ALLOC(ndr, r->sid); @@ -5021,7 +5092,6 @@ static enum ndr_err_code ndr_pull_netr_DELTA_ID_UNION(struct ndr_pull *ndr, int break; } case NETR_DELTA_TRUSTED_DOMAIN: { - uint32_t _ptr_sid; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_sid)); if (_ptr_sid) { NDR_PULL_ALLOC(ndr, r->sid); @@ -5031,7 +5101,6 @@ static enum ndr_err_code ndr_pull_netr_DELTA_ID_UNION(struct ndr_pull *ndr, int break; } case NETR_DELTA_DELETE_TRUST: { - uint32_t _ptr_sid; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_sid)); if (_ptr_sid) { NDR_PULL_ALLOC(ndr, r->sid); @@ -5041,7 +5110,6 @@ static enum ndr_err_code ndr_pull_netr_DELTA_ID_UNION(struct ndr_pull *ndr, int break; } case NETR_DELTA_ACCOUNT: { - uint32_t _ptr_sid; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_sid)); if (_ptr_sid) { NDR_PULL_ALLOC(ndr, r->sid); @@ -5051,7 +5119,6 @@ static enum ndr_err_code ndr_pull_netr_DELTA_ID_UNION(struct ndr_pull *ndr, int break; } case NETR_DELTA_DELETE_ACCOUNT: { - uint32_t _ptr_sid; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_sid)); if (_ptr_sid) { NDR_PULL_ALLOC(ndr, r->sid); @@ -5061,7 +5128,6 @@ static enum ndr_err_code ndr_pull_netr_DELTA_ID_UNION(struct ndr_pull *ndr, int break; } case NETR_DELTA_SECRET: { - uint32_t _ptr_name; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_name)); if (_ptr_name) { NDR_PULL_ALLOC(ndr, r->name); @@ -5071,7 +5137,6 @@ static enum ndr_err_code ndr_pull_netr_DELTA_ID_UNION(struct ndr_pull *ndr, int break; } case NETR_DELTA_DELETE_SECRET: { - uint32_t _ptr_name; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_name)); if (_ptr_name) { NDR_PULL_ALLOC(ndr, r->name); @@ -5184,11 +5249,13 @@ static enum ndr_err_code ndr_pull_netr_DELTA_ID_UNION(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->name)); - if (ndr_get_array_length(ndr, &r->name) > ndr_get_array_size(ndr, &r->name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->name), ndr_get_array_length(ndr, &r->name)); + size_name_1 = ndr_get_array_size(ndr, &r->name); + length_name_1 = ndr_get_array_length(ndr, &r->name); + if (length_name_1 > size_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_name_1, length_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->name, ndr_get_array_length(ndr, &r->name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->name, length_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_name_0, 0); } break; @@ -5199,11 +5266,13 @@ static enum ndr_err_code ndr_pull_netr_DELTA_ID_UNION(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->name)); - if (ndr_get_array_length(ndr, &r->name) > ndr_get_array_size(ndr, &r->name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->name), ndr_get_array_length(ndr, &r->name)); + size_name_1 = ndr_get_array_size(ndr, &r->name); + length_name_1 = ndr_get_array_length(ndr, &r->name); + if (length_name_1 > size_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_name_1, length_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->name, ndr_get_array_length(ndr, &r->name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->name, length_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_name_0, 0); } break; @@ -5428,6 +5497,7 @@ static enum ndr_err_code ndr_push_netr_DELTA_ENUM_ARRAY(struct ndr_push *ndr, in static enum ndr_err_code ndr_pull_netr_DELTA_ENUM_ARRAY(struct ndr_pull *ndr, int ndr_flags, struct netr_DELTA_ENUM_ARRAY *r) { uint32_t _ptr_delta_enum; + uint32_t size_delta_enum_1 = 0; uint32_t cntr_delta_enum_1; TALLOC_CTX *_mem_save_delta_enum_0; TALLOC_CTX *_mem_save_delta_enum_1; @@ -5446,13 +5516,14 @@ static enum ndr_err_code ndr_pull_netr_DELTA_ENUM_ARRAY(struct ndr_pull *ndr, in _mem_save_delta_enum_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->delta_enum, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->delta_enum)); - NDR_PULL_ALLOC_N(ndr, r->delta_enum, ndr_get_array_size(ndr, &r->delta_enum)); + size_delta_enum_1 = ndr_get_array_size(ndr, &r->delta_enum); + NDR_PULL_ALLOC_N(ndr, r->delta_enum, size_delta_enum_1); _mem_save_delta_enum_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->delta_enum, 0); - for (cntr_delta_enum_1 = 0; cntr_delta_enum_1 < r->num_deltas; cntr_delta_enum_1++) { + for (cntr_delta_enum_1 = 0; cntr_delta_enum_1 < size_delta_enum_1; cntr_delta_enum_1++) { NDR_CHECK(ndr_pull_netr_DELTA_ENUM(ndr, NDR_SCALARS, &r->delta_enum[cntr_delta_enum_1])); } - for (cntr_delta_enum_1 = 0; cntr_delta_enum_1 < r->num_deltas; cntr_delta_enum_1++) { + for (cntr_delta_enum_1 = 0; cntr_delta_enum_1 < size_delta_enum_1; cntr_delta_enum_1++) { NDR_CHECK(ndr_pull_netr_DELTA_ENUM(ndr, NDR_BUFFERS, &r->delta_enum[cntr_delta_enum_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_delta_enum_1, 0); @@ -5509,12 +5580,14 @@ static enum ndr_err_code ndr_push_netr_UAS_INFO_0(struct ndr_push *ndr, int ndr_ static enum ndr_err_code ndr_pull_netr_UAS_INFO_0(struct ndr_pull *ndr, int ndr_flags, struct netr_UAS_INFO_0 *r) { + uint32_t size_computer_name_0 = 0; { uint32_t _flags_save_STRUCT = ndr->flags; ndr_set_flags(&ndr->flags, LIBNDR_PRINT_ARRAY_HEX); if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); - NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->computer_name, 16)); + size_computer_name_0 = 16; + NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->computer_name, size_computer_name_0)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->timecreated)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->serial_number)); } @@ -5660,6 +5733,8 @@ static enum ndr_err_code ndr_push_netr_NETLOGON_INFO_2(struct ndr_push *ndr, int static enum ndr_err_code ndr_pull_netr_NETLOGON_INFO_2(struct ndr_pull *ndr, int ndr_flags, struct netr_NETLOGON_INFO_2 *r) { uint32_t _ptr_trusted_dc_name; + uint32_t size_trusted_dc_name_1 = 0; + uint32_t length_trusted_dc_name_1 = 0; TALLOC_CTX *_mem_save_trusted_dc_name_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); @@ -5679,11 +5754,13 @@ static enum ndr_err_code ndr_pull_netr_NETLOGON_INFO_2(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->trusted_dc_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->trusted_dc_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->trusted_dc_name)); - if (ndr_get_array_length(ndr, &r->trusted_dc_name) > ndr_get_array_size(ndr, &r->trusted_dc_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->trusted_dc_name), ndr_get_array_length(ndr, &r->trusted_dc_name)); + size_trusted_dc_name_1 = ndr_get_array_size(ndr, &r->trusted_dc_name); + length_trusted_dc_name_1 = ndr_get_array_length(ndr, &r->trusted_dc_name); + if (length_trusted_dc_name_1 > size_trusted_dc_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_trusted_dc_name_1, length_trusted_dc_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->trusted_dc_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->trusted_dc_name, ndr_get_array_length(ndr, &r->trusted_dc_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_trusted_dc_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->trusted_dc_name, length_trusted_dc_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_trusted_dc_name_0, 0); } } @@ -5781,8 +5858,12 @@ static enum ndr_err_code ndr_push_netr_NETLOGON_INFO_4(struct ndr_push *ndr, int static enum ndr_err_code ndr_pull_netr_NETLOGON_INFO_4(struct ndr_pull *ndr, int ndr_flags, struct netr_NETLOGON_INFO_4 *r) { uint32_t _ptr_trusted_dc_name; + uint32_t size_trusted_dc_name_1 = 0; + uint32_t length_trusted_dc_name_1 = 0; TALLOC_CTX *_mem_save_trusted_dc_name_0; uint32_t _ptr_trusted_domain_name; + uint32_t size_trusted_domain_name_1 = 0; + uint32_t length_trusted_domain_name_1 = 0; TALLOC_CTX *_mem_save_trusted_domain_name_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); @@ -5805,11 +5886,13 @@ static enum ndr_err_code ndr_pull_netr_NETLOGON_INFO_4(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->trusted_dc_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->trusted_dc_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->trusted_dc_name)); - if (ndr_get_array_length(ndr, &r->trusted_dc_name) > ndr_get_array_size(ndr, &r->trusted_dc_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->trusted_dc_name), ndr_get_array_length(ndr, &r->trusted_dc_name)); + size_trusted_dc_name_1 = ndr_get_array_size(ndr, &r->trusted_dc_name); + length_trusted_dc_name_1 = ndr_get_array_length(ndr, &r->trusted_dc_name); + if (length_trusted_dc_name_1 > size_trusted_dc_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_trusted_dc_name_1, length_trusted_dc_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->trusted_dc_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->trusted_dc_name, ndr_get_array_length(ndr, &r->trusted_dc_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_trusted_dc_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->trusted_dc_name, length_trusted_dc_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_trusted_dc_name_0, 0); } if (r->trusted_domain_name) { @@ -5817,11 +5900,13 @@ static enum ndr_err_code ndr_pull_netr_NETLOGON_INFO_4(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->trusted_domain_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->trusted_domain_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->trusted_domain_name)); - if (ndr_get_array_length(ndr, &r->trusted_domain_name) > ndr_get_array_size(ndr, &r->trusted_domain_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->trusted_domain_name), ndr_get_array_length(ndr, &r->trusted_domain_name)); + size_trusted_domain_name_1 = ndr_get_array_size(ndr, &r->trusted_domain_name); + length_trusted_domain_name_1 = ndr_get_array_length(ndr, &r->trusted_domain_name); + if (length_trusted_domain_name_1 > size_trusted_domain_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_trusted_domain_name_1, length_trusted_domain_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->trusted_domain_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->trusted_domain_name, ndr_get_array_length(ndr, &r->trusted_domain_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_trusted_domain_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->trusted_domain_name, length_trusted_domain_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_trusted_domain_name_0, 0); } } @@ -5912,9 +5997,13 @@ static enum ndr_err_code ndr_pull_netr_CONTROL_QUERY_INFORMATION(struct ndr_pull int level; uint32_t _level; TALLOC_CTX *_mem_save_info1_0; + uint32_t _ptr_info1; TALLOC_CTX *_mem_save_info2_0; + uint32_t _ptr_info2; TALLOC_CTX *_mem_save_info3_0; + uint32_t _ptr_info3; TALLOC_CTX *_mem_save_info4_0; + uint32_t _ptr_info4; level = ndr_pull_get_switch_value(ndr, r); if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &_level)); @@ -5923,7 +6012,6 @@ static enum ndr_err_code ndr_pull_netr_CONTROL_QUERY_INFORMATION(struct ndr_pull } switch (level) { case 1: { - uint32_t _ptr_info1; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info1)); if (_ptr_info1) { NDR_PULL_ALLOC(ndr, r->info1); @@ -5933,7 +6021,6 @@ static enum ndr_err_code ndr_pull_netr_CONTROL_QUERY_INFORMATION(struct ndr_pull break; } case 2: { - uint32_t _ptr_info2; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info2)); if (_ptr_info2) { NDR_PULL_ALLOC(ndr, r->info2); @@ -5943,7 +6030,6 @@ static enum ndr_err_code ndr_pull_netr_CONTROL_QUERY_INFORMATION(struct ndr_pull break; } case 3: { - uint32_t _ptr_info3; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info3)); if (_ptr_info3) { NDR_PULL_ALLOC(ndr, r->info3); @@ -5953,7 +6039,6 @@ static enum ndr_err_code ndr_pull_netr_CONTROL_QUERY_INFORMATION(struct ndr_pull break; } case 4: { - uint32_t _ptr_info4; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info4)); if (_ptr_info4) { NDR_PULL_ALLOC(ndr, r->info4); @@ -6207,7 +6292,13 @@ static enum ndr_err_code ndr_pull_netr_CONTROL_DATA_INFORMATION(struct ndr_pull int level; uint32_t _level; TALLOC_CTX *_mem_save_domain_0; + uint32_t _ptr_domain; + uint32_t size_domain_1 = 0; + uint32_t length_domain_1 = 0; TALLOC_CTX *_mem_save_user_0; + uint32_t _ptr_user; + uint32_t size_user_1 = 0; + uint32_t length_user_1 = 0; level = ndr_pull_get_switch_value(ndr, r); if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &_level)); @@ -6216,7 +6307,6 @@ static enum ndr_err_code ndr_pull_netr_CONTROL_DATA_INFORMATION(struct ndr_pull } switch (level) { case NETLOGON_CONTROL_REDISCOVER: { - uint32_t _ptr_domain; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_domain)); if (_ptr_domain) { NDR_PULL_ALLOC(ndr, r->domain); @@ -6226,7 +6316,6 @@ static enum ndr_err_code ndr_pull_netr_CONTROL_DATA_INFORMATION(struct ndr_pull break; } case NETLOGON_CONTROL_TC_QUERY: { - uint32_t _ptr_domain; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_domain)); if (_ptr_domain) { NDR_PULL_ALLOC(ndr, r->domain); @@ -6236,7 +6325,6 @@ static enum ndr_err_code ndr_pull_netr_CONTROL_DATA_INFORMATION(struct ndr_pull break; } case NETLOGON_CONTROL_TRANSPORT_NOTIFY: { - uint32_t _ptr_domain; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_domain)); if (_ptr_domain) { NDR_PULL_ALLOC(ndr, r->domain); @@ -6246,7 +6334,6 @@ static enum ndr_err_code ndr_pull_netr_CONTROL_DATA_INFORMATION(struct ndr_pull break; } case NETLOGON_CONTROL_CHANGE_PASSWORD: { - uint32_t _ptr_domain; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_domain)); if (_ptr_domain) { NDR_PULL_ALLOC(ndr, r->domain); @@ -6256,7 +6343,6 @@ static enum ndr_err_code ndr_pull_netr_CONTROL_DATA_INFORMATION(struct ndr_pull break; } case NETLOGON_CONTROL_TC_VERIFY: { - uint32_t _ptr_domain; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_domain)); if (_ptr_domain) { NDR_PULL_ALLOC(ndr, r->domain); @@ -6266,7 +6352,6 @@ static enum ndr_err_code ndr_pull_netr_CONTROL_DATA_INFORMATION(struct ndr_pull break; } case NETLOGON_CONTROL_FIND_USER: { - uint32_t _ptr_user; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_user)); if (_ptr_user) { NDR_PULL_ALLOC(ndr, r->user); @@ -6291,11 +6376,13 @@ static enum ndr_err_code ndr_pull_netr_CONTROL_DATA_INFORMATION(struct ndr_pull NDR_PULL_SET_MEM_CTX(ndr, r->domain, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->domain)); NDR_CHECK(ndr_pull_array_length(ndr, &r->domain)); - if (ndr_get_array_length(ndr, &r->domain) > ndr_get_array_size(ndr, &r->domain)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->domain), ndr_get_array_length(ndr, &r->domain)); + size_domain_1 = ndr_get_array_size(ndr, &r->domain); + length_domain_1 = ndr_get_array_length(ndr, &r->domain); + if (length_domain_1 > size_domain_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_domain_1, length_domain_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->domain), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->domain, ndr_get_array_length(ndr, &r->domain), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_domain_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->domain, length_domain_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_domain_0, 0); } break; @@ -6306,11 +6393,13 @@ static enum ndr_err_code ndr_pull_netr_CONTROL_DATA_INFORMATION(struct ndr_pull NDR_PULL_SET_MEM_CTX(ndr, r->domain, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->domain)); NDR_CHECK(ndr_pull_array_length(ndr, &r->domain)); - if (ndr_get_array_length(ndr, &r->domain) > ndr_get_array_size(ndr, &r->domain)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->domain), ndr_get_array_length(ndr, &r->domain)); + size_domain_1 = ndr_get_array_size(ndr, &r->domain); + length_domain_1 = ndr_get_array_length(ndr, &r->domain); + if (length_domain_1 > size_domain_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_domain_1, length_domain_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->domain), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->domain, ndr_get_array_length(ndr, &r->domain), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_domain_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->domain, length_domain_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_domain_0, 0); } break; @@ -6321,11 +6410,13 @@ static enum ndr_err_code ndr_pull_netr_CONTROL_DATA_INFORMATION(struct ndr_pull NDR_PULL_SET_MEM_CTX(ndr, r->domain, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->domain)); NDR_CHECK(ndr_pull_array_length(ndr, &r->domain)); - if (ndr_get_array_length(ndr, &r->domain) > ndr_get_array_size(ndr, &r->domain)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->domain), ndr_get_array_length(ndr, &r->domain)); + size_domain_1 = ndr_get_array_size(ndr, &r->domain); + length_domain_1 = ndr_get_array_length(ndr, &r->domain); + if (length_domain_1 > size_domain_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_domain_1, length_domain_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->domain), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->domain, ndr_get_array_length(ndr, &r->domain), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_domain_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->domain, length_domain_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_domain_0, 0); } break; @@ -6336,11 +6427,13 @@ static enum ndr_err_code ndr_pull_netr_CONTROL_DATA_INFORMATION(struct ndr_pull NDR_PULL_SET_MEM_CTX(ndr, r->domain, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->domain)); NDR_CHECK(ndr_pull_array_length(ndr, &r->domain)); - if (ndr_get_array_length(ndr, &r->domain) > ndr_get_array_size(ndr, &r->domain)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->domain), ndr_get_array_length(ndr, &r->domain)); + size_domain_1 = ndr_get_array_size(ndr, &r->domain); + length_domain_1 = ndr_get_array_length(ndr, &r->domain); + if (length_domain_1 > size_domain_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_domain_1, length_domain_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->domain), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->domain, ndr_get_array_length(ndr, &r->domain), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_domain_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->domain, length_domain_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_domain_0, 0); } break; @@ -6351,11 +6444,13 @@ static enum ndr_err_code ndr_pull_netr_CONTROL_DATA_INFORMATION(struct ndr_pull NDR_PULL_SET_MEM_CTX(ndr, r->domain, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->domain)); NDR_CHECK(ndr_pull_array_length(ndr, &r->domain)); - if (ndr_get_array_length(ndr, &r->domain) > ndr_get_array_size(ndr, &r->domain)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->domain), ndr_get_array_length(ndr, &r->domain)); + size_domain_1 = ndr_get_array_size(ndr, &r->domain); + length_domain_1 = ndr_get_array_length(ndr, &r->domain); + if (length_domain_1 > size_domain_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_domain_1, length_domain_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->domain), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->domain, ndr_get_array_length(ndr, &r->domain), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_domain_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->domain, length_domain_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_domain_0, 0); } break; @@ -6366,11 +6461,13 @@ static enum ndr_err_code ndr_pull_netr_CONTROL_DATA_INFORMATION(struct ndr_pull NDR_PULL_SET_MEM_CTX(ndr, r->user, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->user)); NDR_CHECK(ndr_pull_array_length(ndr, &r->user)); - if (ndr_get_array_length(ndr, &r->user) > ndr_get_array_size(ndr, &r->user)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->user), ndr_get_array_length(ndr, &r->user)); + size_user_1 = ndr_get_array_size(ndr, &r->user); + length_user_1 = ndr_get_array_length(ndr, &r->user); + if (length_user_1 > size_user_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_user_1, length_user_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->user), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->user, ndr_get_array_length(ndr, &r->user), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_user_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->user, length_user_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_user_0, 0); } break; @@ -6703,6 +6800,7 @@ static enum ndr_err_code ndr_push_netr_Blob(struct ndr_push *ndr, int ndr_flags, static enum ndr_err_code ndr_pull_netr_Blob(struct ndr_pull *ndr, int ndr_flags, struct netr_Blob *r) { uint32_t _ptr_data; + uint32_t size_data_1 = 0; TALLOC_CTX *_mem_save_data_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); @@ -6719,8 +6817,9 @@ static enum ndr_err_code ndr_pull_netr_Blob(struct ndr_pull *ndr, int ndr_flags, _mem_save_data_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->data, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->data)); - NDR_PULL_ALLOC_N(ndr, r->data, ndr_get_array_size(ndr, &r->data)); - NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->data, ndr_get_array_size(ndr, &r->data))); + size_data_1 = ndr_get_array_size(ndr, &r->data); + NDR_PULL_ALLOC_N(ndr, r->data, size_data_1); + NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->data, size_data_1)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_data_0, 0); } if (r->data) { @@ -6903,16 +7002,28 @@ _PUBLIC_ enum ndr_err_code ndr_push_netr_DsRGetDCNameInfo(struct ndr_push *ndr, _PUBLIC_ enum ndr_err_code ndr_pull_netr_DsRGetDCNameInfo(struct ndr_pull *ndr, int ndr_flags, struct netr_DsRGetDCNameInfo *r) { uint32_t _ptr_dc_unc; + uint32_t size_dc_unc_1 = 0; + uint32_t length_dc_unc_1 = 0; TALLOC_CTX *_mem_save_dc_unc_0; uint32_t _ptr_dc_address; + uint32_t size_dc_address_1 = 0; + uint32_t length_dc_address_1 = 0; TALLOC_CTX *_mem_save_dc_address_0; uint32_t _ptr_domain_name; + uint32_t size_domain_name_1 = 0; + uint32_t length_domain_name_1 = 0; TALLOC_CTX *_mem_save_domain_name_0; uint32_t _ptr_forest_name; + uint32_t size_forest_name_1 = 0; + uint32_t length_forest_name_1 = 0; TALLOC_CTX *_mem_save_forest_name_0; uint32_t _ptr_dc_site_name; + uint32_t size_dc_site_name_1 = 0; + uint32_t length_dc_site_name_1 = 0; TALLOC_CTX *_mem_save_dc_site_name_0; uint32_t _ptr_client_site_name; + uint32_t size_client_site_name_1 = 0; + uint32_t length_client_site_name_1 = 0; TALLOC_CTX *_mem_save_client_site_name_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); @@ -6962,11 +7073,13 @@ _PUBLIC_ enum ndr_err_code ndr_pull_netr_DsRGetDCNameInfo(struct ndr_pull *ndr, NDR_PULL_SET_MEM_CTX(ndr, r->dc_unc, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->dc_unc)); NDR_CHECK(ndr_pull_array_length(ndr, &r->dc_unc)); - if (ndr_get_array_length(ndr, &r->dc_unc) > ndr_get_array_size(ndr, &r->dc_unc)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->dc_unc), ndr_get_array_length(ndr, &r->dc_unc)); + size_dc_unc_1 = ndr_get_array_size(ndr, &r->dc_unc); + length_dc_unc_1 = ndr_get_array_length(ndr, &r->dc_unc); + if (length_dc_unc_1 > size_dc_unc_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_dc_unc_1, length_dc_unc_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->dc_unc), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->dc_unc, ndr_get_array_length(ndr, &r->dc_unc), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_dc_unc_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->dc_unc, length_dc_unc_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_dc_unc_0, 0); } if (r->dc_address) { @@ -6974,11 +7087,13 @@ _PUBLIC_ enum ndr_err_code ndr_pull_netr_DsRGetDCNameInfo(struct ndr_pull *ndr, NDR_PULL_SET_MEM_CTX(ndr, r->dc_address, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->dc_address)); NDR_CHECK(ndr_pull_array_length(ndr, &r->dc_address)); - if (ndr_get_array_length(ndr, &r->dc_address) > ndr_get_array_size(ndr, &r->dc_address)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->dc_address), ndr_get_array_length(ndr, &r->dc_address)); + size_dc_address_1 = ndr_get_array_size(ndr, &r->dc_address); + length_dc_address_1 = ndr_get_array_length(ndr, &r->dc_address); + if (length_dc_address_1 > size_dc_address_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_dc_address_1, length_dc_address_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->dc_address), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->dc_address, ndr_get_array_length(ndr, &r->dc_address), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_dc_address_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->dc_address, length_dc_address_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_dc_address_0, 0); } if (r->domain_name) { @@ -6986,11 +7101,13 @@ _PUBLIC_ enum ndr_err_code ndr_pull_netr_DsRGetDCNameInfo(struct ndr_pull *ndr, NDR_PULL_SET_MEM_CTX(ndr, r->domain_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->domain_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->domain_name)); - if (ndr_get_array_length(ndr, &r->domain_name) > ndr_get_array_size(ndr, &r->domain_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->domain_name), ndr_get_array_length(ndr, &r->domain_name)); + size_domain_name_1 = ndr_get_array_size(ndr, &r->domain_name); + length_domain_name_1 = ndr_get_array_length(ndr, &r->domain_name); + if (length_domain_name_1 > size_domain_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_domain_name_1, length_domain_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->domain_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->domain_name, ndr_get_array_length(ndr, &r->domain_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_domain_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->domain_name, length_domain_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_domain_name_0, 0); } if (r->forest_name) { @@ -6998,11 +7115,13 @@ _PUBLIC_ enum ndr_err_code ndr_pull_netr_DsRGetDCNameInfo(struct ndr_pull *ndr, NDR_PULL_SET_MEM_CTX(ndr, r->forest_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->forest_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->forest_name)); - if (ndr_get_array_length(ndr, &r->forest_name) > ndr_get_array_size(ndr, &r->forest_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->forest_name), ndr_get_array_length(ndr, &r->forest_name)); + size_forest_name_1 = ndr_get_array_size(ndr, &r->forest_name); + length_forest_name_1 = ndr_get_array_length(ndr, &r->forest_name); + if (length_forest_name_1 > size_forest_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_forest_name_1, length_forest_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->forest_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->forest_name, ndr_get_array_length(ndr, &r->forest_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_forest_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->forest_name, length_forest_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_forest_name_0, 0); } if (r->dc_site_name) { @@ -7010,11 +7129,13 @@ _PUBLIC_ enum ndr_err_code ndr_pull_netr_DsRGetDCNameInfo(struct ndr_pull *ndr, NDR_PULL_SET_MEM_CTX(ndr, r->dc_site_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->dc_site_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->dc_site_name)); - if (ndr_get_array_length(ndr, &r->dc_site_name) > ndr_get_array_size(ndr, &r->dc_site_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->dc_site_name), ndr_get_array_length(ndr, &r->dc_site_name)); + size_dc_site_name_1 = ndr_get_array_size(ndr, &r->dc_site_name); + length_dc_site_name_1 = ndr_get_array_length(ndr, &r->dc_site_name); + if (length_dc_site_name_1 > size_dc_site_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_dc_site_name_1, length_dc_site_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->dc_site_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->dc_site_name, ndr_get_array_length(ndr, &r->dc_site_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_dc_site_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->dc_site_name, length_dc_site_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_dc_site_name_0, 0); } if (r->client_site_name) { @@ -7022,11 +7143,13 @@ _PUBLIC_ enum ndr_err_code ndr_pull_netr_DsRGetDCNameInfo(struct ndr_pull *ndr, NDR_PULL_SET_MEM_CTX(ndr, r->client_site_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->client_site_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->client_site_name)); - if (ndr_get_array_length(ndr, &r->client_site_name) > ndr_get_array_size(ndr, &r->client_site_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->client_site_name), ndr_get_array_length(ndr, &r->client_site_name)); + size_client_site_name_1 = ndr_get_array_size(ndr, &r->client_site_name); + length_client_site_name_1 = ndr_get_array_length(ndr, &r->client_site_name); + if (length_client_site_name_1 > size_client_site_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_client_site_name_1, length_client_site_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->client_site_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->client_site_name, ndr_get_array_length(ndr, &r->client_site_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_client_site_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->client_site_name, length_client_site_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_client_site_name_0, 0); } } @@ -7250,17 +7373,30 @@ static enum ndr_err_code ndr_push_netr_DomainQuery1(struct ndr_push *ndr, int nd static enum ndr_err_code ndr_pull_netr_DomainQuery1(struct ndr_pull *ndr, int ndr_flags, struct netr_DomainQuery1 *r) { uint32_t _ptr_workstation_domain; + uint32_t size_workstation_domain_1 = 0; + uint32_t length_workstation_domain_1 = 0; TALLOC_CTX *_mem_save_workstation_domain_0; uint32_t _ptr_workstation_site; + uint32_t size_workstation_site_1 = 0; + uint32_t length_workstation_site_1 = 0; TALLOC_CTX *_mem_save_workstation_site_0; uint32_t _ptr_unknown1; + uint32_t size_unknown1_1 = 0; + uint32_t length_unknown1_1 = 0; TALLOC_CTX *_mem_save_unknown1_0; uint32_t _ptr_unknown2; + uint32_t size_unknown2_1 = 0; + uint32_t length_unknown2_1 = 0; TALLOC_CTX *_mem_save_unknown2_0; uint32_t _ptr_unknown3; + uint32_t size_unknown3_1 = 0; + uint32_t length_unknown3_1 = 0; TALLOC_CTX *_mem_save_unknown3_0; uint32_t _ptr_unknown4; + uint32_t size_unknown4_1 = 0; + uint32_t length_unknown4_1 = 0; TALLOC_CTX *_mem_save_unknown4_0; + uint32_t size_unknown7_0 = 0; uint32_t cntr_unknown7_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); @@ -7305,7 +7441,8 @@ static enum ndr_err_code ndr_pull_netr_DomainQuery1(struct ndr_pull *ndr, int nd NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_SCALARS, &r->product)); NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_SCALARS, &r->unknown5)); NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_SCALARS, &r->unknown6)); - for (cntr_unknown7_0 = 0; cntr_unknown7_0 < 4; cntr_unknown7_0++) { + size_unknown7_0 = 4; + for (cntr_unknown7_0 = 0; cntr_unknown7_0 < size_unknown7_0; cntr_unknown7_0++) { NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->unknown7[cntr_unknown7_0])); } } @@ -7316,11 +7453,13 @@ static enum ndr_err_code ndr_pull_netr_DomainQuery1(struct ndr_pull *ndr, int nd NDR_PULL_SET_MEM_CTX(ndr, r->workstation_domain, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->workstation_domain)); NDR_CHECK(ndr_pull_array_length(ndr, &r->workstation_domain)); - if (ndr_get_array_length(ndr, &r->workstation_domain) > ndr_get_array_size(ndr, &r->workstation_domain)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->workstation_domain), ndr_get_array_length(ndr, &r->workstation_domain)); + size_workstation_domain_1 = ndr_get_array_size(ndr, &r->workstation_domain); + length_workstation_domain_1 = ndr_get_array_length(ndr, &r->workstation_domain); + if (length_workstation_domain_1 > size_workstation_domain_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_workstation_domain_1, length_workstation_domain_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->workstation_domain), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->workstation_domain, ndr_get_array_length(ndr, &r->workstation_domain), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_workstation_domain_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->workstation_domain, length_workstation_domain_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_workstation_domain_0, 0); } if (r->workstation_site) { @@ -7328,11 +7467,13 @@ static enum ndr_err_code ndr_pull_netr_DomainQuery1(struct ndr_pull *ndr, int nd NDR_PULL_SET_MEM_CTX(ndr, r->workstation_site, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->workstation_site)); NDR_CHECK(ndr_pull_array_length(ndr, &r->workstation_site)); - if (ndr_get_array_length(ndr, &r->workstation_site) > ndr_get_array_size(ndr, &r->workstation_site)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->workstation_site), ndr_get_array_length(ndr, &r->workstation_site)); + size_workstation_site_1 = ndr_get_array_size(ndr, &r->workstation_site); + length_workstation_site_1 = ndr_get_array_length(ndr, &r->workstation_site); + if (length_workstation_site_1 > size_workstation_site_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_workstation_site_1, length_workstation_site_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->workstation_site), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->workstation_site, ndr_get_array_length(ndr, &r->workstation_site), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_workstation_site_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->workstation_site, length_workstation_site_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_workstation_site_0, 0); } if (r->unknown1) { @@ -7340,11 +7481,13 @@ static enum ndr_err_code ndr_pull_netr_DomainQuery1(struct ndr_pull *ndr, int nd NDR_PULL_SET_MEM_CTX(ndr, r->unknown1, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->unknown1)); NDR_CHECK(ndr_pull_array_length(ndr, &r->unknown1)); - if (ndr_get_array_length(ndr, &r->unknown1) > ndr_get_array_size(ndr, &r->unknown1)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->unknown1), ndr_get_array_length(ndr, &r->unknown1)); + size_unknown1_1 = ndr_get_array_size(ndr, &r->unknown1); + length_unknown1_1 = ndr_get_array_length(ndr, &r->unknown1); + if (length_unknown1_1 > size_unknown1_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_unknown1_1, length_unknown1_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->unknown1), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->unknown1, ndr_get_array_length(ndr, &r->unknown1), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_unknown1_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->unknown1, length_unknown1_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_unknown1_0, 0); } if (r->unknown2) { @@ -7352,11 +7495,13 @@ static enum ndr_err_code ndr_pull_netr_DomainQuery1(struct ndr_pull *ndr, int nd NDR_PULL_SET_MEM_CTX(ndr, r->unknown2, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->unknown2)); NDR_CHECK(ndr_pull_array_length(ndr, &r->unknown2)); - if (ndr_get_array_length(ndr, &r->unknown2) > ndr_get_array_size(ndr, &r->unknown2)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->unknown2), ndr_get_array_length(ndr, &r->unknown2)); + size_unknown2_1 = ndr_get_array_size(ndr, &r->unknown2); + length_unknown2_1 = ndr_get_array_length(ndr, &r->unknown2); + if (length_unknown2_1 > size_unknown2_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_unknown2_1, length_unknown2_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->unknown2), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->unknown2, ndr_get_array_length(ndr, &r->unknown2), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_unknown2_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->unknown2, length_unknown2_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_unknown2_0, 0); } if (r->unknown3) { @@ -7364,11 +7509,13 @@ static enum ndr_err_code ndr_pull_netr_DomainQuery1(struct ndr_pull *ndr, int nd NDR_PULL_SET_MEM_CTX(ndr, r->unknown3, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->unknown3)); NDR_CHECK(ndr_pull_array_length(ndr, &r->unknown3)); - if (ndr_get_array_length(ndr, &r->unknown3) > ndr_get_array_size(ndr, &r->unknown3)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->unknown3), ndr_get_array_length(ndr, &r->unknown3)); + size_unknown3_1 = ndr_get_array_size(ndr, &r->unknown3); + length_unknown3_1 = ndr_get_array_length(ndr, &r->unknown3); + if (length_unknown3_1 > size_unknown3_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_unknown3_1, length_unknown3_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->unknown3), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->unknown3, ndr_get_array_length(ndr, &r->unknown3), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_unknown3_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->unknown3, length_unknown3_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_unknown3_0, 0); } if (r->unknown4) { @@ -7376,11 +7523,13 @@ static enum ndr_err_code ndr_pull_netr_DomainQuery1(struct ndr_pull *ndr, int nd NDR_PULL_SET_MEM_CTX(ndr, r->unknown4, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->unknown4)); NDR_CHECK(ndr_pull_array_length(ndr, &r->unknown4)); - if (ndr_get_array_length(ndr, &r->unknown4) > ndr_get_array_size(ndr, &r->unknown4)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->unknown4), ndr_get_array_length(ndr, &r->unknown4)); + size_unknown4_1 = ndr_get_array_size(ndr, &r->unknown4); + length_unknown4_1 = ndr_get_array_length(ndr, &r->unknown4); + if (length_unknown4_1 > size_unknown4_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_unknown4_1, length_unknown4_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->unknown4), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->unknown4, ndr_get_array_length(ndr, &r->unknown4), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_unknown4_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->unknown4, length_unknown4_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_unknown4_0, 0); } NDR_CHECK(ndr_pull_lsa_BinaryString(ndr, NDR_BUFFERS, &r->blob2)); @@ -7495,6 +7644,7 @@ static enum ndr_err_code ndr_pull_netr_DomainQuery(struct ndr_pull *ndr, int ndr int level; uint32_t _level; TALLOC_CTX *_mem_save_query1_0; + uint32_t _ptr_query1; level = ndr_pull_get_switch_value(ndr, r); if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &_level)); @@ -7503,7 +7653,6 @@ static enum ndr_err_code ndr_pull_netr_DomainQuery(struct ndr_pull *ndr, int ndr } switch (level) { case 1: { - uint32_t _ptr_query1; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_query1)); if (_ptr_query1) { NDR_PULL_ALLOC(ndr, r->query1); @@ -7513,7 +7662,6 @@ static enum ndr_err_code ndr_pull_netr_DomainQuery(struct ndr_pull *ndr, int ndr break; } case 2: { - uint32_t _ptr_query1; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_query1)); if (_ptr_query1) { NDR_PULL_ALLOC(ndr, r->query1); @@ -7725,7 +7873,9 @@ static enum ndr_err_code ndr_pull_netr_DomainTrustInfo(struct ndr_pull *ndr, int { uint32_t _ptr_sid; TALLOC_CTX *_mem_save_sid_0; + uint32_t size_dummystring_0 = 0; uint32_t cntr_dummystring_0; + uint32_t size_dummy_0 = 0; uint32_t cntr_dummy_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); @@ -7740,10 +7890,12 @@ static enum ndr_err_code ndr_pull_netr_DomainTrustInfo(struct ndr_pull *ndr, int r->sid = NULL; } NDR_CHECK(ndr_pull_netr_trust_extension_container(ndr, NDR_SCALARS, &r->trust_extension)); - for (cntr_dummystring_0 = 0; cntr_dummystring_0 < 3; cntr_dummystring_0++) { + size_dummystring_0 = 3; + for (cntr_dummystring_0 = 0; cntr_dummystring_0 < size_dummystring_0; cntr_dummystring_0++) { NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_SCALARS, &r->dummystring[cntr_dummystring_0])); } - for (cntr_dummy_0 = 0; cntr_dummy_0 < 4; cntr_dummy_0++) { + size_dummy_0 = 4; + for (cntr_dummy_0 = 0; cntr_dummy_0 < size_dummy_0; cntr_dummy_0++) { NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->dummy[cntr_dummy_0])); } } @@ -7758,7 +7910,8 @@ static enum ndr_err_code ndr_pull_netr_DomainTrustInfo(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, _mem_save_sid_0, 0); } NDR_CHECK(ndr_pull_netr_trust_extension_container(ndr, NDR_BUFFERS, &r->trust_extension)); - for (cntr_dummystring_0 = 0; cntr_dummystring_0 < 3; cntr_dummystring_0++) { + size_dummystring_0 = 3; + for (cntr_dummystring_0 = 0; cntr_dummystring_0 < size_dummystring_0; cntr_dummystring_0++) { NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_BUFFERS, &r->dummystring[cntr_dummystring_0])); } } @@ -7824,6 +7977,7 @@ static enum ndr_err_code ndr_push_netr_LsaPolicyInfo(struct ndr_push *ndr, int n static enum ndr_err_code ndr_pull_netr_LsaPolicyInfo(struct ndr_pull *ndr, int ndr_flags, struct netr_LsaPolicyInfo *r) { uint32_t _ptr_policy; + uint32_t size_policy_1 = 0; TALLOC_CTX *_mem_save_policy_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); @@ -7840,8 +7994,9 @@ static enum ndr_err_code ndr_pull_netr_LsaPolicyInfo(struct ndr_pull *ndr, int n _mem_save_policy_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->policy, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->policy)); - NDR_PULL_ALLOC_N(ndr, r->policy, ndr_get_array_size(ndr, &r->policy)); - NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->policy, ndr_get_array_size(ndr, &r->policy))); + size_policy_1 = ndr_get_array_size(ndr, &r->policy); + NDR_PULL_ALLOC_N(ndr, r->policy, size_policy_1); + NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->policy, size_policy_1)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_policy_0, 0); } if (r->policy) { @@ -7932,10 +8087,13 @@ static enum ndr_err_code ndr_push_netr_DomainInfo1(struct ndr_push *ndr, int ndr static enum ndr_err_code ndr_pull_netr_DomainInfo1(struct ndr_pull *ndr, int ndr_flags, struct netr_DomainInfo1 *r) { uint32_t _ptr_trusts; + uint32_t size_trusts_1 = 0; uint32_t cntr_trusts_1; TALLOC_CTX *_mem_save_trusts_0; TALLOC_CTX *_mem_save_trusts_1; + uint32_t size_dummystring_0 = 0; uint32_t cntr_dummystring_0; + uint32_t size_dummy_0 = 0; uint32_t cntr_dummy_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); @@ -7949,12 +8107,14 @@ static enum ndr_err_code ndr_pull_netr_DomainInfo1(struct ndr_pull *ndr, int ndr } NDR_CHECK(ndr_pull_netr_LsaPolicyInfo(ndr, NDR_SCALARS, &r->lsa_policy)); NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_SCALARS, &r->dns_hostname)); - for (cntr_dummystring_0 = 0; cntr_dummystring_0 < 3; cntr_dummystring_0++) { + size_dummystring_0 = 3; + for (cntr_dummystring_0 = 0; cntr_dummystring_0 < size_dummystring_0; cntr_dummystring_0++) { NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_SCALARS, &r->dummystring[cntr_dummystring_0])); } NDR_CHECK(ndr_pull_netr_WorkstationFlags(ndr, NDR_SCALARS, &r->workstation_flags)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->supported_enc_types)); - for (cntr_dummy_0 = 0; cntr_dummy_0 < 2; cntr_dummy_0++) { + size_dummy_0 = 2; + for (cntr_dummy_0 = 0; cntr_dummy_0 < size_dummy_0; cntr_dummy_0++) { NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->dummy[cntr_dummy_0])); } } @@ -7964,13 +8124,14 @@ static enum ndr_err_code ndr_pull_netr_DomainInfo1(struct ndr_pull *ndr, int ndr _mem_save_trusts_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->trusts, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->trusts)); - NDR_PULL_ALLOC_N(ndr, r->trusts, ndr_get_array_size(ndr, &r->trusts)); + size_trusts_1 = ndr_get_array_size(ndr, &r->trusts); + NDR_PULL_ALLOC_N(ndr, r->trusts, size_trusts_1); _mem_save_trusts_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->trusts, 0); - for (cntr_trusts_1 = 0; cntr_trusts_1 < r->num_trusts; cntr_trusts_1++) { + for (cntr_trusts_1 = 0; cntr_trusts_1 < size_trusts_1; cntr_trusts_1++) { NDR_CHECK(ndr_pull_netr_DomainTrustInfo(ndr, NDR_SCALARS, &r->trusts[cntr_trusts_1])); } - for (cntr_trusts_1 = 0; cntr_trusts_1 < r->num_trusts; cntr_trusts_1++) { + for (cntr_trusts_1 = 0; cntr_trusts_1 < size_trusts_1; cntr_trusts_1++) { NDR_CHECK(ndr_pull_netr_DomainTrustInfo(ndr, NDR_BUFFERS, &r->trusts[cntr_trusts_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_trusts_1, 0); @@ -7978,7 +8139,8 @@ static enum ndr_err_code ndr_pull_netr_DomainInfo1(struct ndr_pull *ndr, int ndr } NDR_CHECK(ndr_pull_netr_LsaPolicyInfo(ndr, NDR_BUFFERS, &r->lsa_policy)); NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_BUFFERS, &r->dns_hostname)); - for (cntr_dummystring_0 = 0; cntr_dummystring_0 < 3; cntr_dummystring_0++) { + size_dummystring_0 = 3; + for (cntr_dummystring_0 = 0; cntr_dummystring_0 < size_dummystring_0; cntr_dummystring_0++) { NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_BUFFERS, &r->dummystring[cntr_dummystring_0])); } if (r->trusts) { @@ -8084,7 +8246,9 @@ static enum ndr_err_code ndr_pull_netr_DomainInfo(struct ndr_pull *ndr, int ndr_ int level; uint32_t _level; TALLOC_CTX *_mem_save_info1_0; + uint32_t _ptr_info1; TALLOC_CTX *_mem_save_info2_0; + uint32_t _ptr_info2; level = ndr_pull_get_switch_value(ndr, r); if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &_level)); @@ -8093,7 +8257,6 @@ static enum ndr_err_code ndr_pull_netr_DomainInfo(struct ndr_pull *ndr, int ndr_ } switch (level) { case 1: { - uint32_t _ptr_info1; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info1)); if (_ptr_info1) { NDR_PULL_ALLOC(ndr, r->info1); @@ -8103,7 +8266,6 @@ static enum ndr_err_code ndr_pull_netr_DomainInfo(struct ndr_pull *ndr, int ndr_ break; } case 2: { - uint32_t _ptr_info2; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info2)); if (_ptr_info2) { NDR_PULL_ALLOC(ndr, r->info2); @@ -8191,12 +8353,14 @@ static enum ndr_err_code ndr_push_netr_CryptPassword(struct ndr_push *ndr, int n static enum ndr_err_code ndr_pull_netr_CryptPassword(struct ndr_pull *ndr, int ndr_flags, struct netr_CryptPassword *r) { + uint32_t size_data_0 = 0; { uint32_t _flags_save_STRUCT = ndr->flags; ndr_set_flags(&ndr->flags, LIBNDR_PRINT_ARRAY_HEX); if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); - NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->data, 512)); + size_data_0 = 512; + NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->data, size_data_0)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->length)); } if (ndr_flags & NDR_BUFFERS) { @@ -8245,6 +8409,7 @@ static enum ndr_err_code ndr_push_netr_DsRAddressToSitenamesWCtr(struct ndr_push static enum ndr_err_code ndr_pull_netr_DsRAddressToSitenamesWCtr(struct ndr_pull *ndr, int ndr_flags, struct netr_DsRAddressToSitenamesWCtr *r) { uint32_t _ptr_sitename; + uint32_t size_sitename_1 = 0; uint32_t cntr_sitename_1; TALLOC_CTX *_mem_save_sitename_0; TALLOC_CTX *_mem_save_sitename_1; @@ -8263,13 +8428,14 @@ static enum ndr_err_code ndr_pull_netr_DsRAddressToSitenamesWCtr(struct ndr_pull _mem_save_sitename_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->sitename, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->sitename)); - NDR_PULL_ALLOC_N(ndr, r->sitename, ndr_get_array_size(ndr, &r->sitename)); + size_sitename_1 = ndr_get_array_size(ndr, &r->sitename); + NDR_PULL_ALLOC_N(ndr, r->sitename, size_sitename_1); _mem_save_sitename_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->sitename, 0); - for (cntr_sitename_1 = 0; cntr_sitename_1 < r->count; cntr_sitename_1++) { + for (cntr_sitename_1 = 0; cntr_sitename_1 < size_sitename_1; cntr_sitename_1++) { NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_SCALARS, &r->sitename[cntr_sitename_1])); } - for (cntr_sitename_1 = 0; cntr_sitename_1 < r->count; cntr_sitename_1++) { + for (cntr_sitename_1 = 0; cntr_sitename_1 < size_sitename_1; cntr_sitename_1++) { NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_BUFFERS, &r->sitename[cntr_sitename_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_sitename_1, 0); @@ -8325,6 +8491,7 @@ static enum ndr_err_code ndr_push_netr_DsRAddress(struct ndr_push *ndr, int ndr_ static enum ndr_err_code ndr_pull_netr_DsRAddress(struct ndr_pull *ndr, int ndr_flags, struct netr_DsRAddress *r) { uint32_t _ptr_buffer; + uint32_t size_buffer_1 = 0; TALLOC_CTX *_mem_save_buffer_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); @@ -8341,8 +8508,9 @@ static enum ndr_err_code ndr_pull_netr_DsRAddress(struct ndr_pull *ndr, int ndr_ _mem_save_buffer_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->buffer, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->buffer)); - NDR_PULL_ALLOC_N(ndr, r->buffer, ndr_get_array_size(ndr, &r->buffer)); - NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->buffer, ndr_get_array_size(ndr, &r->buffer))); + size_buffer_1 = ndr_get_array_size(ndr, &r->buffer); + NDR_PULL_ALLOC_N(ndr, r->buffer, size_buffer_1); + NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->buffer, size_buffer_1)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_buffer_0, 0); } if (r->buffer) { @@ -8457,8 +8625,12 @@ static enum ndr_err_code ndr_push_netr_DomainTrust(struct ndr_push *ndr, int ndr static enum ndr_err_code ndr_pull_netr_DomainTrust(struct ndr_pull *ndr, int ndr_flags, struct netr_DomainTrust *r) { uint32_t _ptr_netbios_name; + uint32_t size_netbios_name_1 = 0; + uint32_t length_netbios_name_1 = 0; TALLOC_CTX *_mem_save_netbios_name_0; uint32_t _ptr_dns_name; + uint32_t size_dns_name_1 = 0; + uint32_t length_dns_name_1 = 0; TALLOC_CTX *_mem_save_dns_name_0; uint32_t _ptr_sid; TALLOC_CTX *_mem_save_sid_0; @@ -8494,11 +8666,13 @@ static enum ndr_err_code ndr_pull_netr_DomainTrust(struct ndr_pull *ndr, int ndr NDR_PULL_SET_MEM_CTX(ndr, r->netbios_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->netbios_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->netbios_name)); - if (ndr_get_array_length(ndr, &r->netbios_name) > ndr_get_array_size(ndr, &r->netbios_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->netbios_name), ndr_get_array_length(ndr, &r->netbios_name)); + size_netbios_name_1 = ndr_get_array_size(ndr, &r->netbios_name); + length_netbios_name_1 = ndr_get_array_length(ndr, &r->netbios_name); + if (length_netbios_name_1 > size_netbios_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_netbios_name_1, length_netbios_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->netbios_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->netbios_name, ndr_get_array_length(ndr, &r->netbios_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_netbios_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->netbios_name, length_netbios_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_netbios_name_0, 0); } if (r->dns_name) { @@ -8506,11 +8680,13 @@ static enum ndr_err_code ndr_pull_netr_DomainTrust(struct ndr_pull *ndr, int ndr NDR_PULL_SET_MEM_CTX(ndr, r->dns_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->dns_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->dns_name)); - if (ndr_get_array_length(ndr, &r->dns_name) > ndr_get_array_size(ndr, &r->dns_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->dns_name), ndr_get_array_length(ndr, &r->dns_name)); + size_dns_name_1 = ndr_get_array_size(ndr, &r->dns_name); + length_dns_name_1 = ndr_get_array_length(ndr, &r->dns_name); + if (length_dns_name_1 > size_dns_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_dns_name_1, length_dns_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->dns_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->dns_name, ndr_get_array_length(ndr, &r->dns_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_dns_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->dns_name, length_dns_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_dns_name_0, 0); } if (r->sid) { @@ -8578,6 +8754,7 @@ static enum ndr_err_code ndr_push_netr_DomainTrustList(struct ndr_push *ndr, int static enum ndr_err_code ndr_pull_netr_DomainTrustList(struct ndr_pull *ndr, int ndr_flags, struct netr_DomainTrustList *r) { uint32_t _ptr_array; + uint32_t size_array_1 = 0; uint32_t cntr_array_1; TALLOC_CTX *_mem_save_array_0; TALLOC_CTX *_mem_save_array_1; @@ -8596,13 +8773,14 @@ static enum ndr_err_code ndr_pull_netr_DomainTrustList(struct ndr_pull *ndr, int _mem_save_array_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->array)); - NDR_PULL_ALLOC_N(ndr, r->array, ndr_get_array_size(ndr, &r->array)); + size_array_1 = ndr_get_array_size(ndr, &r->array); + NDR_PULL_ALLOC_N(ndr, r->array, size_array_1); _mem_save_array_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); - for (cntr_array_1 = 0; cntr_array_1 < r->count; cntr_array_1++) { + for (cntr_array_1 = 0; cntr_array_1 < size_array_1; cntr_array_1++) { NDR_CHECK(ndr_pull_netr_DomainTrust(ndr, NDR_SCALARS, &r->array[cntr_array_1])); } - for (cntr_array_1 = 0; cntr_array_1 < r->count; cntr_array_1++) { + for (cntr_array_1 = 0; cntr_array_1 < size_array_1; cntr_array_1++) { NDR_CHECK(ndr_pull_netr_DomainTrust(ndr, NDR_BUFFERS, &r->array[cntr_array_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_array_1, 0); @@ -8675,10 +8853,12 @@ static enum ndr_err_code ndr_push_netr_DsRAddressToSitenamesExWCtr(struct ndr_pu static enum ndr_err_code ndr_pull_netr_DsRAddressToSitenamesExWCtr(struct ndr_pull *ndr, int ndr_flags, struct netr_DsRAddressToSitenamesExWCtr *r) { uint32_t _ptr_sitename; + uint32_t size_sitename_1 = 0; uint32_t cntr_sitename_1; TALLOC_CTX *_mem_save_sitename_0; TALLOC_CTX *_mem_save_sitename_1; uint32_t _ptr_subnetname; + uint32_t size_subnetname_1 = 0; uint32_t cntr_subnetname_1; TALLOC_CTX *_mem_save_subnetname_0; TALLOC_CTX *_mem_save_subnetname_1; @@ -8703,13 +8883,14 @@ static enum ndr_err_code ndr_pull_netr_DsRAddressToSitenamesExWCtr(struct ndr_pu _mem_save_sitename_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->sitename, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->sitename)); - NDR_PULL_ALLOC_N(ndr, r->sitename, ndr_get_array_size(ndr, &r->sitename)); + size_sitename_1 = ndr_get_array_size(ndr, &r->sitename); + NDR_PULL_ALLOC_N(ndr, r->sitename, size_sitename_1); _mem_save_sitename_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->sitename, 0); - for (cntr_sitename_1 = 0; cntr_sitename_1 < r->count; cntr_sitename_1++) { + for (cntr_sitename_1 = 0; cntr_sitename_1 < size_sitename_1; cntr_sitename_1++) { NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_SCALARS, &r->sitename[cntr_sitename_1])); } - for (cntr_sitename_1 = 0; cntr_sitename_1 < r->count; cntr_sitename_1++) { + for (cntr_sitename_1 = 0; cntr_sitename_1 < size_sitename_1; cntr_sitename_1++) { NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_BUFFERS, &r->sitename[cntr_sitename_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_sitename_1, 0); @@ -8719,13 +8900,14 @@ static enum ndr_err_code ndr_pull_netr_DsRAddressToSitenamesExWCtr(struct ndr_pu _mem_save_subnetname_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->subnetname, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->subnetname)); - NDR_PULL_ALLOC_N(ndr, r->subnetname, ndr_get_array_size(ndr, &r->subnetname)); + size_subnetname_1 = ndr_get_array_size(ndr, &r->subnetname); + NDR_PULL_ALLOC_N(ndr, r->subnetname, size_subnetname_1); _mem_save_subnetname_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->subnetname, 0); - for (cntr_subnetname_1 = 0; cntr_subnetname_1 < r->count; cntr_subnetname_1++) { + for (cntr_subnetname_1 = 0; cntr_subnetname_1 < size_subnetname_1; cntr_subnetname_1++) { NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_SCALARS, &r->subnetname[cntr_subnetname_1])); } - for (cntr_subnetname_1 = 0; cntr_subnetname_1 < r->count; cntr_subnetname_1++) { + for (cntr_subnetname_1 = 0; cntr_subnetname_1 < size_subnetname_1; cntr_subnetname_1++) { NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_BUFFERS, &r->subnetname[cntr_subnetname_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_subnetname_1, 0); @@ -8806,6 +8988,7 @@ static enum ndr_err_code ndr_push_DcSitesCtr(struct ndr_push *ndr, int ndr_flags static enum ndr_err_code ndr_pull_DcSitesCtr(struct ndr_pull *ndr, int ndr_flags, struct DcSitesCtr *r) { uint32_t _ptr_sites; + uint32_t size_sites_1 = 0; uint32_t cntr_sites_1; TALLOC_CTX *_mem_save_sites_0; TALLOC_CTX *_mem_save_sites_1; @@ -8824,13 +9007,14 @@ static enum ndr_err_code ndr_pull_DcSitesCtr(struct ndr_pull *ndr, int ndr_flags _mem_save_sites_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->sites, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->sites)); - NDR_PULL_ALLOC_N(ndr, r->sites, ndr_get_array_size(ndr, &r->sites)); + size_sites_1 = ndr_get_array_size(ndr, &r->sites); + NDR_PULL_ALLOC_N(ndr, r->sites, size_sites_1); _mem_save_sites_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->sites, 0); - for (cntr_sites_1 = 0; cntr_sites_1 < r->num_sites; cntr_sites_1++) { + for (cntr_sites_1 = 0; cntr_sites_1 < size_sites_1; cntr_sites_1++) { NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_SCALARS, &r->sites[cntr_sites_1])); } - for (cntr_sites_1 = 0; cntr_sites_1 < r->num_sites; cntr_sites_1++) { + for (cntr_sites_1 = 0; cntr_sites_1 < size_sites_1; cntr_sites_1++) { NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_BUFFERS, &r->sites[cntr_sites_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_sites_1, 0); @@ -8901,10 +9085,12 @@ static enum ndr_err_code ndr_push_netr_TrustInfo(struct ndr_push *ndr, int ndr_f static enum ndr_err_code ndr_pull_netr_TrustInfo(struct ndr_pull *ndr, int ndr_flags, struct netr_TrustInfo *r) { uint32_t _ptr_data; + uint32_t size_data_1 = 0; uint32_t cntr_data_1; TALLOC_CTX *_mem_save_data_0; TALLOC_CTX *_mem_save_data_1; uint32_t _ptr_entries; + uint32_t size_entries_1 = 0; uint32_t cntr_entries_1; TALLOC_CTX *_mem_save_entries_0; TALLOC_CTX *_mem_save_entries_1; @@ -8930,10 +9116,11 @@ static enum ndr_err_code ndr_pull_netr_TrustInfo(struct ndr_pull *ndr, int ndr_f _mem_save_data_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->data, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->data)); - NDR_PULL_ALLOC_N(ndr, r->data, ndr_get_array_size(ndr, &r->data)); + size_data_1 = ndr_get_array_size(ndr, &r->data); + NDR_PULL_ALLOC_N(ndr, r->data, size_data_1); _mem_save_data_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->data, 0); - for (cntr_data_1 = 0; cntr_data_1 < r->count; cntr_data_1++) { + for (cntr_data_1 = 0; cntr_data_1 < size_data_1; cntr_data_1++) { NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->data[cntr_data_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_data_1, 0); @@ -8943,13 +9130,14 @@ static enum ndr_err_code ndr_pull_netr_TrustInfo(struct ndr_pull *ndr, int ndr_f _mem_save_entries_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->entries, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->entries)); - NDR_PULL_ALLOC_N(ndr, r->entries, ndr_get_array_size(ndr, &r->entries)); + size_entries_1 = ndr_get_array_size(ndr, &r->entries); + NDR_PULL_ALLOC_N(ndr, r->entries, size_entries_1); _mem_save_entries_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->entries, 0); - for (cntr_entries_1 = 0; cntr_entries_1 < r->count; cntr_entries_1++) { + for (cntr_entries_1 = 0; cntr_entries_1 < size_entries_1; cntr_entries_1++) { NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_SCALARS, &r->entries[cntr_entries_1])); } - for (cntr_entries_1 = 0; cntr_entries_1 < r->count; cntr_entries_1++) { + for (cntr_entries_1 = 0; cntr_entries_1 < size_entries_1; cntr_entries_1++) { NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_BUFFERS, &r->entries[cntr_entries_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_entries_1, 0); @@ -9041,6 +9229,12 @@ static enum ndr_err_code ndr_push_netr_LogonUasLogon(struct ndr_push *ndr, int f static enum ndr_err_code ndr_pull_netr_LogonUasLogon(struct ndr_pull *ndr, int flags, struct netr_LogonUasLogon *r) { uint32_t _ptr_server_name; + uint32_t size_server_name_1 = 0; + uint32_t length_server_name_1 = 0; + uint32_t size_account_name_0 = 0; + uint32_t length_account_name_0 = 0; + uint32_t size_workstation_0 = 0; + uint32_t length_workstation_0 = 0; uint32_t _ptr_info; TALLOC_CTX *_mem_save_server_name_0; TALLOC_CTX *_mem_save_info_0; @@ -9059,27 +9253,33 @@ static enum ndr_err_code ndr_pull_netr_LogonUasLogon(struct ndr_pull *ndr, int f NDR_PULL_SET_MEM_CTX(ndr, r->in.server_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.server_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.server_name)); - if (ndr_get_array_length(ndr, &r->in.server_name) > ndr_get_array_size(ndr, &r->in.server_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.server_name), ndr_get_array_length(ndr, &r->in.server_name)); + size_server_name_1 = ndr_get_array_size(ndr, &r->in.server_name); + length_server_name_1 = ndr_get_array_length(ndr, &r->in.server_name); + if (length_server_name_1 > size_server_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_name_1, length_server_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.server_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_name, ndr_get_array_length(ndr, &r->in.server_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_name, length_server_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_name_0, 0); } NDR_CHECK(ndr_pull_array_size(ndr, &r->in.account_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.account_name)); - if (ndr_get_array_length(ndr, &r->in.account_name) > ndr_get_array_size(ndr, &r->in.account_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.account_name), ndr_get_array_length(ndr, &r->in.account_name)); + size_account_name_0 = ndr_get_array_size(ndr, &r->in.account_name); + length_account_name_0 = ndr_get_array_length(ndr, &r->in.account_name); + if (length_account_name_0 > size_account_name_0) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_account_name_0, length_account_name_0); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.account_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.account_name, ndr_get_array_length(ndr, &r->in.account_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_account_name_0, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.account_name, length_account_name_0, sizeof(uint16_t), CH_UTF16)); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.workstation)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.workstation)); - if (ndr_get_array_length(ndr, &r->in.workstation) > ndr_get_array_size(ndr, &r->in.workstation)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.workstation), ndr_get_array_length(ndr, &r->in.workstation)); + size_workstation_0 = ndr_get_array_size(ndr, &r->in.workstation); + length_workstation_0 = ndr_get_array_length(ndr, &r->in.workstation); + if (length_workstation_0 > size_workstation_0) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_workstation_0, length_workstation_0); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.workstation), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.workstation, ndr_get_array_length(ndr, &r->in.workstation), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_workstation_0, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.workstation, length_workstation_0, sizeof(uint16_t), CH_UTF16)); NDR_PULL_ALLOC(ndr, r->out.info); ZERO_STRUCTP(r->out.info); } @@ -9177,6 +9377,12 @@ static enum ndr_err_code ndr_push_netr_LogonUasLogoff(struct ndr_push *ndr, int static enum ndr_err_code ndr_pull_netr_LogonUasLogoff(struct ndr_pull *ndr, int flags, struct netr_LogonUasLogoff *r) { uint32_t _ptr_server_name; + uint32_t size_server_name_1 = 0; + uint32_t length_server_name_1 = 0; + uint32_t size_account_name_0 = 0; + uint32_t length_account_name_0 = 0; + uint32_t size_workstation_0 = 0; + uint32_t length_workstation_0 = 0; TALLOC_CTX *_mem_save_server_name_0; TALLOC_CTX *_mem_save_info_0; if (flags & NDR_IN) { @@ -9193,27 +9399,33 @@ static enum ndr_err_code ndr_pull_netr_LogonUasLogoff(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->in.server_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.server_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.server_name)); - if (ndr_get_array_length(ndr, &r->in.server_name) > ndr_get_array_size(ndr, &r->in.server_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.server_name), ndr_get_array_length(ndr, &r->in.server_name)); + size_server_name_1 = ndr_get_array_size(ndr, &r->in.server_name); + length_server_name_1 = ndr_get_array_length(ndr, &r->in.server_name); + if (length_server_name_1 > size_server_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_name_1, length_server_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.server_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_name, ndr_get_array_length(ndr, &r->in.server_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_name, length_server_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_name_0, 0); } NDR_CHECK(ndr_pull_array_size(ndr, &r->in.account_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.account_name)); - if (ndr_get_array_length(ndr, &r->in.account_name) > ndr_get_array_size(ndr, &r->in.account_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.account_name), ndr_get_array_length(ndr, &r->in.account_name)); + size_account_name_0 = ndr_get_array_size(ndr, &r->in.account_name); + length_account_name_0 = ndr_get_array_length(ndr, &r->in.account_name); + if (length_account_name_0 > size_account_name_0) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_account_name_0, length_account_name_0); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.account_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.account_name, ndr_get_array_length(ndr, &r->in.account_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_account_name_0, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.account_name, length_account_name_0, sizeof(uint16_t), CH_UTF16)); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.workstation)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.workstation)); - if (ndr_get_array_length(ndr, &r->in.workstation) > ndr_get_array_size(ndr, &r->in.workstation)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.workstation), ndr_get_array_length(ndr, &r->in.workstation)); + size_workstation_0 = ndr_get_array_size(ndr, &r->in.workstation); + length_workstation_0 = ndr_get_array_length(ndr, &r->in.workstation); + if (length_workstation_0 > size_workstation_0) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_workstation_0, length_workstation_0); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.workstation), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.workstation, ndr_get_array_length(ndr, &r->in.workstation), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_workstation_0, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.workstation, length_workstation_0, sizeof(uint16_t), CH_UTF16)); NDR_PULL_ALLOC(ndr, r->out.info); ZERO_STRUCTP(r->out.info); } @@ -9318,7 +9530,11 @@ static enum ndr_err_code ndr_push_netr_LogonSamLogon(struct ndr_push *ndr, int f static enum ndr_err_code ndr_pull_netr_LogonSamLogon(struct ndr_pull *ndr, int flags, struct netr_LogonSamLogon *r) { uint32_t _ptr_server_name; + uint32_t size_server_name_1 = 0; + uint32_t length_server_name_1 = 0; uint32_t _ptr_computer_name; + uint32_t size_computer_name_1 = 0; + uint32_t length_computer_name_1 = 0; uint32_t _ptr_credential; uint32_t _ptr_return_authenticator; TALLOC_CTX *_mem_save_server_name_0; @@ -9342,11 +9558,13 @@ static enum ndr_err_code ndr_pull_netr_LogonSamLogon(struct ndr_pull *ndr, int f NDR_PULL_SET_MEM_CTX(ndr, r->in.server_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.server_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.server_name)); - if (ndr_get_array_length(ndr, &r->in.server_name) > ndr_get_array_size(ndr, &r->in.server_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.server_name), ndr_get_array_length(ndr, &r->in.server_name)); + size_server_name_1 = ndr_get_array_size(ndr, &r->in.server_name); + length_server_name_1 = ndr_get_array_length(ndr, &r->in.server_name); + if (length_server_name_1 > size_server_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_name_1, length_server_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.server_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_name, ndr_get_array_length(ndr, &r->in.server_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_name, length_server_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_name_0, 0); } NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_computer_name)); @@ -9360,11 +9578,13 @@ static enum ndr_err_code ndr_pull_netr_LogonSamLogon(struct ndr_pull *ndr, int f NDR_PULL_SET_MEM_CTX(ndr, r->in.computer_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.computer_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.computer_name)); - if (ndr_get_array_length(ndr, &r->in.computer_name) > ndr_get_array_size(ndr, &r->in.computer_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.computer_name), ndr_get_array_length(ndr, &r->in.computer_name)); + size_computer_name_1 = ndr_get_array_size(ndr, &r->in.computer_name); + length_computer_name_1 = ndr_get_array_length(ndr, &r->in.computer_name); + if (length_computer_name_1 > size_computer_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_computer_name_1, length_computer_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.computer_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.computer_name, ndr_get_array_length(ndr, &r->in.computer_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_computer_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.computer_name, length_computer_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_computer_name_0, 0); } NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_credential)); @@ -9548,7 +9768,11 @@ static enum ndr_err_code ndr_push_netr_LogonSamLogoff(struct ndr_push *ndr, int static enum ndr_err_code ndr_pull_netr_LogonSamLogoff(struct ndr_pull *ndr, int flags, struct netr_LogonSamLogoff *r) { uint32_t _ptr_server_name; + uint32_t size_server_name_1 = 0; + uint32_t length_server_name_1 = 0; uint32_t _ptr_computer_name; + uint32_t size_computer_name_1 = 0; + uint32_t length_computer_name_1 = 0; uint32_t _ptr_credential; uint32_t _ptr_return_authenticator; TALLOC_CTX *_mem_save_server_name_0; @@ -9569,11 +9793,13 @@ static enum ndr_err_code ndr_pull_netr_LogonSamLogoff(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->in.server_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.server_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.server_name)); - if (ndr_get_array_length(ndr, &r->in.server_name) > ndr_get_array_size(ndr, &r->in.server_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.server_name), ndr_get_array_length(ndr, &r->in.server_name)); + size_server_name_1 = ndr_get_array_size(ndr, &r->in.server_name); + length_server_name_1 = ndr_get_array_length(ndr, &r->in.server_name); + if (length_server_name_1 > size_server_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_name_1, length_server_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.server_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_name, ndr_get_array_length(ndr, &r->in.server_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_name, length_server_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_name_0, 0); } NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_computer_name)); @@ -9587,11 +9813,13 @@ static enum ndr_err_code ndr_pull_netr_LogonSamLogoff(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->in.computer_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.computer_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.computer_name)); - if (ndr_get_array_length(ndr, &r->in.computer_name) > ndr_get_array_size(ndr, &r->in.computer_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.computer_name), ndr_get_array_length(ndr, &r->in.computer_name)); + size_computer_name_1 = ndr_get_array_size(ndr, &r->in.computer_name); + length_computer_name_1 = ndr_get_array_length(ndr, &r->in.computer_name); + if (length_computer_name_1 > size_computer_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_computer_name_1, length_computer_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.computer_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.computer_name, ndr_get_array_length(ndr, &r->in.computer_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_computer_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.computer_name, length_computer_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_computer_name_0, 0); } NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_credential)); @@ -9726,6 +9954,10 @@ _PUBLIC_ enum ndr_err_code ndr_push_netr_ServerReqChallenge(struct ndr_push *ndr _PUBLIC_ enum ndr_err_code ndr_pull_netr_ServerReqChallenge(struct ndr_pull *ndr, int flags, struct netr_ServerReqChallenge *r) { uint32_t _ptr_server_name; + uint32_t size_server_name_1 = 0; + uint32_t length_server_name_1 = 0; + uint32_t size_computer_name_0 = 0; + uint32_t length_computer_name_0 = 0; TALLOC_CTX *_mem_save_server_name_0; TALLOC_CTX *_mem_save_credentials_0; TALLOC_CTX *_mem_save_return_credentials_0; @@ -9743,20 +9975,24 @@ _PUBLIC_ enum ndr_err_code ndr_pull_netr_ServerReqChallenge(struct ndr_pull *ndr NDR_PULL_SET_MEM_CTX(ndr, r->in.server_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.server_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.server_name)); - if (ndr_get_array_length(ndr, &r->in.server_name) > ndr_get_array_size(ndr, &r->in.server_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.server_name), ndr_get_array_length(ndr, &r->in.server_name)); + size_server_name_1 = ndr_get_array_size(ndr, &r->in.server_name); + length_server_name_1 = ndr_get_array_length(ndr, &r->in.server_name); + if (length_server_name_1 > size_server_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_name_1, length_server_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.server_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_name, ndr_get_array_length(ndr, &r->in.server_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_name, length_server_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_name_0, 0); } NDR_CHECK(ndr_pull_array_size(ndr, &r->in.computer_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.computer_name)); - if (ndr_get_array_length(ndr, &r->in.computer_name) > ndr_get_array_size(ndr, &r->in.computer_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.computer_name), ndr_get_array_length(ndr, &r->in.computer_name)); + size_computer_name_0 = ndr_get_array_size(ndr, &r->in.computer_name); + length_computer_name_0 = ndr_get_array_length(ndr, &r->in.computer_name); + if (length_computer_name_0 > size_computer_name_0) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_computer_name_0, length_computer_name_0); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.computer_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.computer_name, ndr_get_array_length(ndr, &r->in.computer_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_computer_name_0, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.computer_name, length_computer_name_0, sizeof(uint16_t), CH_UTF16)); if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) { NDR_PULL_ALLOC(ndr, r->in.credentials); } @@ -9853,6 +10089,12 @@ static enum ndr_err_code ndr_push_netr_ServerAuthenticate(struct ndr_push *ndr, static enum ndr_err_code ndr_pull_netr_ServerAuthenticate(struct ndr_pull *ndr, int flags, struct netr_ServerAuthenticate *r) { uint32_t _ptr_server_name; + uint32_t size_server_name_1 = 0; + uint32_t length_server_name_1 = 0; + uint32_t size_account_name_0 = 0; + uint32_t length_account_name_0 = 0; + uint32_t size_computer_name_0 = 0; + uint32_t length_computer_name_0 = 0; TALLOC_CTX *_mem_save_server_name_0; TALLOC_CTX *_mem_save_credentials_0; TALLOC_CTX *_mem_save_return_credentials_0; @@ -9870,28 +10112,34 @@ static enum ndr_err_code ndr_pull_netr_ServerAuthenticate(struct ndr_pull *ndr, NDR_PULL_SET_MEM_CTX(ndr, r->in.server_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.server_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.server_name)); - if (ndr_get_array_length(ndr, &r->in.server_name) > ndr_get_array_size(ndr, &r->in.server_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.server_name), ndr_get_array_length(ndr, &r->in.server_name)); + size_server_name_1 = ndr_get_array_size(ndr, &r->in.server_name); + length_server_name_1 = ndr_get_array_length(ndr, &r->in.server_name); + if (length_server_name_1 > size_server_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_name_1, length_server_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.server_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_name, ndr_get_array_length(ndr, &r->in.server_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_name, length_server_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_name_0, 0); } NDR_CHECK(ndr_pull_array_size(ndr, &r->in.account_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.account_name)); - if (ndr_get_array_length(ndr, &r->in.account_name) > ndr_get_array_size(ndr, &r->in.account_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.account_name), ndr_get_array_length(ndr, &r->in.account_name)); + size_account_name_0 = ndr_get_array_size(ndr, &r->in.account_name); + length_account_name_0 = ndr_get_array_length(ndr, &r->in.account_name); + if (length_account_name_0 > size_account_name_0) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_account_name_0, length_account_name_0); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.account_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.account_name, ndr_get_array_length(ndr, &r->in.account_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_account_name_0, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.account_name, length_account_name_0, sizeof(uint16_t), CH_UTF16)); NDR_CHECK(ndr_pull_netr_SchannelType(ndr, NDR_SCALARS, &r->in.secure_channel_type)); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.computer_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.computer_name)); - if (ndr_get_array_length(ndr, &r->in.computer_name) > ndr_get_array_size(ndr, &r->in.computer_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.computer_name), ndr_get_array_length(ndr, &r->in.computer_name)); + size_computer_name_0 = ndr_get_array_size(ndr, &r->in.computer_name); + length_computer_name_0 = ndr_get_array_length(ndr, &r->in.computer_name); + if (length_computer_name_0 > size_computer_name_0) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_computer_name_0, length_computer_name_0); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.computer_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.computer_name, ndr_get_array_length(ndr, &r->in.computer_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_computer_name_0, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.computer_name, length_computer_name_0, sizeof(uint16_t), CH_UTF16)); if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) { NDR_PULL_ALLOC(ndr, r->in.credentials); } @@ -9994,6 +10242,12 @@ static enum ndr_err_code ndr_push_netr_ServerPasswordSet(struct ndr_push *ndr, i static enum ndr_err_code ndr_pull_netr_ServerPasswordSet(struct ndr_pull *ndr, int flags, struct netr_ServerPasswordSet *r) { uint32_t _ptr_server_name; + uint32_t size_server_name_1 = 0; + uint32_t length_server_name_1 = 0; + uint32_t size_account_name_0 = 0; + uint32_t length_account_name_0 = 0; + uint32_t size_computer_name_0 = 0; + uint32_t length_computer_name_0 = 0; TALLOC_CTX *_mem_save_server_name_0; TALLOC_CTX *_mem_save_credential_0; TALLOC_CTX *_mem_save_return_authenticator_0; @@ -10012,28 +10266,34 @@ static enum ndr_err_code ndr_pull_netr_ServerPasswordSet(struct ndr_pull *ndr, i NDR_PULL_SET_MEM_CTX(ndr, r->in.server_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.server_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.server_name)); - if (ndr_get_array_length(ndr, &r->in.server_name) > ndr_get_array_size(ndr, &r->in.server_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.server_name), ndr_get_array_length(ndr, &r->in.server_name)); + size_server_name_1 = ndr_get_array_size(ndr, &r->in.server_name); + length_server_name_1 = ndr_get_array_length(ndr, &r->in.server_name); + if (length_server_name_1 > size_server_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_name_1, length_server_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.server_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_name, ndr_get_array_length(ndr, &r->in.server_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_name, length_server_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_name_0, 0); } NDR_CHECK(ndr_pull_array_size(ndr, &r->in.account_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.account_name)); - if (ndr_get_array_length(ndr, &r->in.account_name) > ndr_get_array_size(ndr, &r->in.account_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.account_name), ndr_get_array_length(ndr, &r->in.account_name)); + size_account_name_0 = ndr_get_array_size(ndr, &r->in.account_name); + length_account_name_0 = ndr_get_array_length(ndr, &r->in.account_name); + if (length_account_name_0 > size_account_name_0) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_account_name_0, length_account_name_0); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.account_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.account_name, ndr_get_array_length(ndr, &r->in.account_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_account_name_0, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.account_name, length_account_name_0, sizeof(uint16_t), CH_UTF16)); NDR_CHECK(ndr_pull_netr_SchannelType(ndr, NDR_SCALARS, &r->in.secure_channel_type)); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.computer_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.computer_name)); - if (ndr_get_array_length(ndr, &r->in.computer_name) > ndr_get_array_size(ndr, &r->in.computer_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.computer_name), ndr_get_array_length(ndr, &r->in.computer_name)); + size_computer_name_0 = ndr_get_array_size(ndr, &r->in.computer_name); + length_computer_name_0 = ndr_get_array_length(ndr, &r->in.computer_name); + if (length_computer_name_0 > size_computer_name_0) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_computer_name_0, length_computer_name_0); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.computer_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.computer_name, ndr_get_array_length(ndr, &r->in.computer_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_computer_name_0, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.computer_name, length_computer_name_0, sizeof(uint16_t), CH_UTF16)); if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) { NDR_PULL_ALLOC(ndr, r->in.credential); } @@ -10155,6 +10415,10 @@ static enum ndr_err_code ndr_push_netr_DatabaseDeltas(struct ndr_push *ndr, int static enum ndr_err_code ndr_pull_netr_DatabaseDeltas(struct ndr_pull *ndr, int flags, struct netr_DatabaseDeltas *r) { + uint32_t size_logon_server_0 = 0; + uint32_t length_logon_server_0 = 0; + uint32_t size_computername_0 = 0; + uint32_t length_computername_0 = 0; uint32_t _ptr_delta_enum_array; TALLOC_CTX *_mem_save_credential_0; TALLOC_CTX *_mem_save_return_authenticator_0; @@ -10166,18 +10430,22 @@ static enum ndr_err_code ndr_pull_netr_DatabaseDeltas(struct ndr_pull *ndr, int NDR_CHECK(ndr_pull_array_size(ndr, &r->in.logon_server)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.logon_server)); - if (ndr_get_array_length(ndr, &r->in.logon_server) > ndr_get_array_size(ndr, &r->in.logon_server)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.logon_server), ndr_get_array_length(ndr, &r->in.logon_server)); + size_logon_server_0 = ndr_get_array_size(ndr, &r->in.logon_server); + length_logon_server_0 = ndr_get_array_length(ndr, &r->in.logon_server); + if (length_logon_server_0 > size_logon_server_0) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_logon_server_0, length_logon_server_0); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.logon_server), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.logon_server, ndr_get_array_length(ndr, &r->in.logon_server), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_logon_server_0, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.logon_server, length_logon_server_0, sizeof(uint16_t), CH_UTF16)); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.computername)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.computername)); - if (ndr_get_array_length(ndr, &r->in.computername) > ndr_get_array_size(ndr, &r->in.computername)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.computername), ndr_get_array_length(ndr, &r->in.computername)); + size_computername_0 = ndr_get_array_size(ndr, &r->in.computername); + length_computername_0 = ndr_get_array_length(ndr, &r->in.computername); + if (length_computername_0 > size_computername_0) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_computername_0, length_computername_0); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.computername), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.computername, ndr_get_array_length(ndr, &r->in.computername), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_computername_0, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.computername, length_computername_0, sizeof(uint16_t), CH_UTF16)); if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) { NDR_PULL_ALLOC(ndr, r->in.credential); } @@ -10349,6 +10617,10 @@ static enum ndr_err_code ndr_push_netr_DatabaseSync(struct ndr_push *ndr, int fl static enum ndr_err_code ndr_pull_netr_DatabaseSync(struct ndr_pull *ndr, int flags, struct netr_DatabaseSync *r) { + uint32_t size_logon_server_0 = 0; + uint32_t length_logon_server_0 = 0; + uint32_t size_computername_0 = 0; + uint32_t length_computername_0 = 0; uint32_t _ptr_delta_enum_array; TALLOC_CTX *_mem_save_credential_0; TALLOC_CTX *_mem_save_return_authenticator_0; @@ -10360,18 +10632,22 @@ static enum ndr_err_code ndr_pull_netr_DatabaseSync(struct ndr_pull *ndr, int fl NDR_CHECK(ndr_pull_array_size(ndr, &r->in.logon_server)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.logon_server)); - if (ndr_get_array_length(ndr, &r->in.logon_server) > ndr_get_array_size(ndr, &r->in.logon_server)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.logon_server), ndr_get_array_length(ndr, &r->in.logon_server)); + size_logon_server_0 = ndr_get_array_size(ndr, &r->in.logon_server); + length_logon_server_0 = ndr_get_array_length(ndr, &r->in.logon_server); + if (length_logon_server_0 > size_logon_server_0) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_logon_server_0, length_logon_server_0); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.logon_server), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.logon_server, ndr_get_array_length(ndr, &r->in.logon_server), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_logon_server_0, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.logon_server, length_logon_server_0, sizeof(uint16_t), CH_UTF16)); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.computername)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.computername)); - if (ndr_get_array_length(ndr, &r->in.computername) > ndr_get_array_size(ndr, &r->in.computername)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.computername), ndr_get_array_length(ndr, &r->in.computername)); + size_computername_0 = ndr_get_array_size(ndr, &r->in.computername); + length_computername_0 = ndr_get_array_length(ndr, &r->in.computername); + if (length_computername_0 > size_computername_0) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_computername_0, length_computername_0); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.computername), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.computername, ndr_get_array_length(ndr, &r->in.computername), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_computername_0, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.computername, length_computername_0, sizeof(uint16_t), CH_UTF16)); if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) { NDR_PULL_ALLOC(ndr, r->in.credential); } @@ -10552,6 +10828,10 @@ static enum ndr_err_code ndr_push_netr_AccountDeltas(struct ndr_push *ndr, int f static enum ndr_err_code ndr_pull_netr_AccountDeltas(struct ndr_pull *ndr, int flags, struct netr_AccountDeltas *r) { uint32_t _ptr_logon_server; + uint32_t size_logon_server_1 = 0; + uint32_t length_logon_server_1 = 0; + uint32_t size_computername_0 = 0; + uint32_t length_computername_0 = 0; TALLOC_CTX *_mem_save_logon_server_0; TALLOC_CTX *_mem_save_return_authenticator_0; TALLOC_CTX *_mem_save_buffer_0; @@ -10572,20 +10852,24 @@ static enum ndr_err_code ndr_pull_netr_AccountDeltas(struct ndr_pull *ndr, int f NDR_PULL_SET_MEM_CTX(ndr, r->in.logon_server, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.logon_server)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.logon_server)); - if (ndr_get_array_length(ndr, &r->in.logon_server) > ndr_get_array_size(ndr, &r->in.logon_server)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.logon_server), ndr_get_array_length(ndr, &r->in.logon_server)); + size_logon_server_1 = ndr_get_array_size(ndr, &r->in.logon_server); + length_logon_server_1 = ndr_get_array_length(ndr, &r->in.logon_server); + if (length_logon_server_1 > size_logon_server_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_logon_server_1, length_logon_server_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.logon_server), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.logon_server, ndr_get_array_length(ndr, &r->in.logon_server), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_logon_server_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.logon_server, length_logon_server_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_logon_server_0, 0); } NDR_CHECK(ndr_pull_array_size(ndr, &r->in.computername)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.computername)); - if (ndr_get_array_length(ndr, &r->in.computername) > ndr_get_array_size(ndr, &r->in.computername)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.computername), ndr_get_array_length(ndr, &r->in.computername)); + size_computername_0 = ndr_get_array_size(ndr, &r->in.computername); + length_computername_0 = ndr_get_array_length(ndr, &r->in.computername); + if (length_computername_0 > size_computername_0) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_computername_0, length_computername_0); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.computername), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.computername, ndr_get_array_length(ndr, &r->in.computername), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_computername_0, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.computername, length_computername_0, sizeof(uint16_t), CH_UTF16)); NDR_CHECK(ndr_pull_netr_Authenticator(ndr, NDR_SCALARS, &r->in.credential)); if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) { NDR_PULL_ALLOC(ndr, r->in.return_authenticator); @@ -10777,6 +11061,10 @@ static enum ndr_err_code ndr_push_netr_AccountSync(struct ndr_push *ndr, int fla static enum ndr_err_code ndr_pull_netr_AccountSync(struct ndr_pull *ndr, int flags, struct netr_AccountSync *r) { uint32_t _ptr_logon_server; + uint32_t size_logon_server_1 = 0; + uint32_t length_logon_server_1 = 0; + uint32_t size_computername_0 = 0; + uint32_t length_computername_0 = 0; TALLOC_CTX *_mem_save_logon_server_0; TALLOC_CTX *_mem_save_return_authenticator_0; TALLOC_CTX *_mem_save_buffer_0; @@ -10798,20 +11086,24 @@ static enum ndr_err_code ndr_pull_netr_AccountSync(struct ndr_pull *ndr, int fla NDR_PULL_SET_MEM_CTX(ndr, r->in.logon_server, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.logon_server)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.logon_server)); - if (ndr_get_array_length(ndr, &r->in.logon_server) > ndr_get_array_size(ndr, &r->in.logon_server)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.logon_server), ndr_get_array_length(ndr, &r->in.logon_server)); + size_logon_server_1 = ndr_get_array_size(ndr, &r->in.logon_server); + length_logon_server_1 = ndr_get_array_length(ndr, &r->in.logon_server); + if (length_logon_server_1 > size_logon_server_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_logon_server_1, length_logon_server_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.logon_server), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.logon_server, ndr_get_array_length(ndr, &r->in.logon_server), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_logon_server_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.logon_server, length_logon_server_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_logon_server_0, 0); } NDR_CHECK(ndr_pull_array_size(ndr, &r->in.computername)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.computername)); - if (ndr_get_array_length(ndr, &r->in.computername) > ndr_get_array_size(ndr, &r->in.computername)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.computername), ndr_get_array_length(ndr, &r->in.computername)); + size_computername_0 = ndr_get_array_size(ndr, &r->in.computername); + length_computername_0 = ndr_get_array_length(ndr, &r->in.computername); + if (length_computername_0 > size_computername_0) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_computername_0, length_computername_0); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.computername), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.computername, ndr_get_array_length(ndr, &r->in.computername), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_computername_0, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.computername, length_computername_0, sizeof(uint16_t), CH_UTF16)); NDR_CHECK(ndr_pull_netr_Authenticator(ndr, NDR_SCALARS, &r->in.credential)); if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) { NDR_PULL_ALLOC(ndr, r->in.return_authenticator); @@ -10993,8 +11285,14 @@ static enum ndr_err_code ndr_push_netr_GetDcName(struct ndr_push *ndr, int flags static enum ndr_err_code ndr_pull_netr_GetDcName(struct ndr_pull *ndr, int flags, struct netr_GetDcName *r) { + uint32_t size_logon_server_0 = 0; + uint32_t length_logon_server_0 = 0; uint32_t _ptr_domainname; + uint32_t size_domainname_1 = 0; + uint32_t length_domainname_1 = 0; uint32_t _ptr_dcname; + uint32_t size_dcname_2 = 0; + uint32_t length_dcname_2 = 0; TALLOC_CTX *_mem_save_domainname_0; TALLOC_CTX *_mem_save_dcname_0; TALLOC_CTX *_mem_save_dcname_1; @@ -11003,11 +11301,13 @@ static enum ndr_err_code ndr_pull_netr_GetDcName(struct ndr_pull *ndr, int flags NDR_CHECK(ndr_pull_array_size(ndr, &r->in.logon_server)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.logon_server)); - if (ndr_get_array_length(ndr, &r->in.logon_server) > ndr_get_array_size(ndr, &r->in.logon_server)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.logon_server), ndr_get_array_length(ndr, &r->in.logon_server)); + size_logon_server_0 = ndr_get_array_size(ndr, &r->in.logon_server); + length_logon_server_0 = ndr_get_array_length(ndr, &r->in.logon_server); + if (length_logon_server_0 > size_logon_server_0) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_logon_server_0, length_logon_server_0); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.logon_server), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.logon_server, ndr_get_array_length(ndr, &r->in.logon_server), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_logon_server_0, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.logon_server, length_logon_server_0, sizeof(uint16_t), CH_UTF16)); NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_domainname)); if (_ptr_domainname) { NDR_PULL_ALLOC(ndr, r->in.domainname); @@ -11019,11 +11319,13 @@ static enum ndr_err_code ndr_pull_netr_GetDcName(struct ndr_pull *ndr, int flags NDR_PULL_SET_MEM_CTX(ndr, r->in.domainname, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.domainname)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.domainname)); - if (ndr_get_array_length(ndr, &r->in.domainname) > ndr_get_array_size(ndr, &r->in.domainname)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.domainname), ndr_get_array_length(ndr, &r->in.domainname)); + size_domainname_1 = ndr_get_array_size(ndr, &r->in.domainname); + length_domainname_1 = ndr_get_array_length(ndr, &r->in.domainname); + if (length_domainname_1 > size_domainname_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_domainname_1, length_domainname_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.domainname), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.domainname, ndr_get_array_length(ndr, &r->in.domainname), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_domainname_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.domainname, length_domainname_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_domainname_0, 0); } NDR_PULL_ALLOC(ndr, r->out.dcname); @@ -11046,11 +11348,13 @@ static enum ndr_err_code ndr_pull_netr_GetDcName(struct ndr_pull *ndr, int flags NDR_PULL_SET_MEM_CTX(ndr, *r->out.dcname, 0); NDR_CHECK(ndr_pull_array_size(ndr, r->out.dcname)); NDR_CHECK(ndr_pull_array_length(ndr, r->out.dcname)); - if (ndr_get_array_length(ndr, r->out.dcname) > ndr_get_array_size(ndr, r->out.dcname)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, r->out.dcname), ndr_get_array_length(ndr, r->out.dcname)); + size_dcname_2 = ndr_get_array_size(ndr, r->out.dcname); + length_dcname_2 = ndr_get_array_length(ndr, r->out.dcname); + if (length_dcname_2 > size_dcname_2) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_dcname_2, length_dcname_2); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, r->out.dcname), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, r->out.dcname, ndr_get_array_length(ndr, r->out.dcname), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_dcname_2, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, r->out.dcname, length_dcname_2, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_dcname_1, 0); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_dcname_0, LIBNDR_FLAG_REF_ALLOC); @@ -11123,6 +11427,8 @@ static enum ndr_err_code ndr_push_netr_LogonControl(struct ndr_push *ndr, int fl static enum ndr_err_code ndr_pull_netr_LogonControl(struct ndr_pull *ndr, int flags, struct netr_LogonControl *r) { uint32_t _ptr_logon_server; + uint32_t size_logon_server_1 = 0; + uint32_t length_logon_server_1 = 0; TALLOC_CTX *_mem_save_logon_server_0; TALLOC_CTX *_mem_save_info_0; if (flags & NDR_IN) { @@ -11139,11 +11445,13 @@ static enum ndr_err_code ndr_pull_netr_LogonControl(struct ndr_pull *ndr, int fl NDR_PULL_SET_MEM_CTX(ndr, r->in.logon_server, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.logon_server)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.logon_server)); - if (ndr_get_array_length(ndr, &r->in.logon_server) > ndr_get_array_size(ndr, &r->in.logon_server)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.logon_server), ndr_get_array_length(ndr, &r->in.logon_server)); + size_logon_server_1 = ndr_get_array_size(ndr, &r->in.logon_server); + length_logon_server_1 = ndr_get_array_length(ndr, &r->in.logon_server); + if (length_logon_server_1 > size_logon_server_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_logon_server_1, length_logon_server_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.logon_server), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.logon_server, ndr_get_array_length(ndr, &r->in.logon_server), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_logon_server_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.logon_server, length_logon_server_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_logon_server_0, 0); } NDR_CHECK(ndr_pull_netr_LogonControlCode(ndr, NDR_SCALARS, &r->in.function_code)); @@ -11236,8 +11544,14 @@ static enum ndr_err_code ndr_push_netr_GetAnyDCName(struct ndr_push *ndr, int fl static enum ndr_err_code ndr_pull_netr_GetAnyDCName(struct ndr_pull *ndr, int flags, struct netr_GetAnyDCName *r) { uint32_t _ptr_logon_server; + uint32_t size_logon_server_1 = 0; + uint32_t length_logon_server_1 = 0; uint32_t _ptr_domainname; + uint32_t size_domainname_1 = 0; + uint32_t length_domainname_1 = 0; uint32_t _ptr_dcname; + uint32_t size_dcname_2 = 0; + uint32_t length_dcname_2 = 0; TALLOC_CTX *_mem_save_logon_server_0; TALLOC_CTX *_mem_save_domainname_0; TALLOC_CTX *_mem_save_dcname_0; @@ -11256,11 +11570,13 @@ static enum ndr_err_code ndr_pull_netr_GetAnyDCName(struct ndr_pull *ndr, int fl NDR_PULL_SET_MEM_CTX(ndr, r->in.logon_server, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.logon_server)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.logon_server)); - if (ndr_get_array_length(ndr, &r->in.logon_server) > ndr_get_array_size(ndr, &r->in.logon_server)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.logon_server), ndr_get_array_length(ndr, &r->in.logon_server)); + size_logon_server_1 = ndr_get_array_size(ndr, &r->in.logon_server); + length_logon_server_1 = ndr_get_array_length(ndr, &r->in.logon_server); + if (length_logon_server_1 > size_logon_server_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_logon_server_1, length_logon_server_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.logon_server), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.logon_server, ndr_get_array_length(ndr, &r->in.logon_server), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_logon_server_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.logon_server, length_logon_server_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_logon_server_0, 0); } NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_domainname)); @@ -11274,11 +11590,13 @@ static enum ndr_err_code ndr_pull_netr_GetAnyDCName(struct ndr_pull *ndr, int fl NDR_PULL_SET_MEM_CTX(ndr, r->in.domainname, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.domainname)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.domainname)); - if (ndr_get_array_length(ndr, &r->in.domainname) > ndr_get_array_size(ndr, &r->in.domainname)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.domainname), ndr_get_array_length(ndr, &r->in.domainname)); + size_domainname_1 = ndr_get_array_size(ndr, &r->in.domainname); + length_domainname_1 = ndr_get_array_length(ndr, &r->in.domainname); + if (length_domainname_1 > size_domainname_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_domainname_1, length_domainname_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.domainname), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.domainname, ndr_get_array_length(ndr, &r->in.domainname), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_domainname_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.domainname, length_domainname_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_domainname_0, 0); } NDR_PULL_ALLOC(ndr, r->out.dcname); @@ -11301,11 +11619,13 @@ static enum ndr_err_code ndr_pull_netr_GetAnyDCName(struct ndr_pull *ndr, int fl NDR_PULL_SET_MEM_CTX(ndr, *r->out.dcname, 0); NDR_CHECK(ndr_pull_array_size(ndr, r->out.dcname)); NDR_CHECK(ndr_pull_array_length(ndr, r->out.dcname)); - if (ndr_get_array_length(ndr, r->out.dcname) > ndr_get_array_size(ndr, r->out.dcname)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, r->out.dcname), ndr_get_array_length(ndr, r->out.dcname)); + size_dcname_2 = ndr_get_array_size(ndr, r->out.dcname); + length_dcname_2 = ndr_get_array_length(ndr, r->out.dcname); + if (length_dcname_2 > size_dcname_2) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_dcname_2, length_dcname_2); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, r->out.dcname), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, r->out.dcname, ndr_get_array_length(ndr, r->out.dcname), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_dcname_2, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, r->out.dcname, length_dcname_2, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_dcname_1, 0); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_dcname_0, LIBNDR_FLAG_REF_ALLOC); @@ -11388,6 +11708,8 @@ static enum ndr_err_code ndr_push_netr_LogonControl2(struct ndr_push *ndr, int f static enum ndr_err_code ndr_pull_netr_LogonControl2(struct ndr_pull *ndr, int flags, struct netr_LogonControl2 *r) { uint32_t _ptr_logon_server; + uint32_t size_logon_server_1 = 0; + uint32_t length_logon_server_1 = 0; TALLOC_CTX *_mem_save_logon_server_0; TALLOC_CTX *_mem_save_data_0; TALLOC_CTX *_mem_save_query_0; @@ -11405,11 +11727,13 @@ static enum ndr_err_code ndr_pull_netr_LogonControl2(struct ndr_pull *ndr, int f NDR_PULL_SET_MEM_CTX(ndr, r->in.logon_server, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.logon_server)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.logon_server)); - if (ndr_get_array_length(ndr, &r->in.logon_server) > ndr_get_array_size(ndr, &r->in.logon_server)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.logon_server), ndr_get_array_length(ndr, &r->in.logon_server)); + size_logon_server_1 = ndr_get_array_size(ndr, &r->in.logon_server); + length_logon_server_1 = ndr_get_array_length(ndr, &r->in.logon_server); + if (length_logon_server_1 > size_logon_server_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_logon_server_1, length_logon_server_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.logon_server), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.logon_server, ndr_get_array_length(ndr, &r->in.logon_server), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_logon_server_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.logon_server, length_logon_server_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_logon_server_0, 0); } NDR_CHECK(ndr_pull_netr_LogonControlCode(ndr, NDR_SCALARS, &r->in.function_code)); @@ -11523,6 +11847,12 @@ static enum ndr_err_code ndr_push_netr_ServerAuthenticate2(struct ndr_push *ndr, static enum ndr_err_code ndr_pull_netr_ServerAuthenticate2(struct ndr_pull *ndr, int flags, struct netr_ServerAuthenticate2 *r) { uint32_t _ptr_server_name; + uint32_t size_server_name_1 = 0; + uint32_t length_server_name_1 = 0; + uint32_t size_account_name_0 = 0; + uint32_t length_account_name_0 = 0; + uint32_t size_computer_name_0 = 0; + uint32_t length_computer_name_0 = 0; TALLOC_CTX *_mem_save_server_name_0; TALLOC_CTX *_mem_save_credentials_0; TALLOC_CTX *_mem_save_return_credentials_0; @@ -11541,28 +11871,34 @@ static enum ndr_err_code ndr_pull_netr_ServerAuthenticate2(struct ndr_pull *ndr, NDR_PULL_SET_MEM_CTX(ndr, r->in.server_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.server_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.server_name)); - if (ndr_get_array_length(ndr, &r->in.server_name) > ndr_get_array_size(ndr, &r->in.server_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.server_name), ndr_get_array_length(ndr, &r->in.server_name)); + size_server_name_1 = ndr_get_array_size(ndr, &r->in.server_name); + length_server_name_1 = ndr_get_array_length(ndr, &r->in.server_name); + if (length_server_name_1 > size_server_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_name_1, length_server_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.server_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_name, ndr_get_array_length(ndr, &r->in.server_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_name, length_server_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_name_0, 0); } NDR_CHECK(ndr_pull_array_size(ndr, &r->in.account_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.account_name)); - if (ndr_get_array_length(ndr, &r->in.account_name) > ndr_get_array_size(ndr, &r->in.account_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.account_name), ndr_get_array_length(ndr, &r->in.account_name)); + size_account_name_0 = ndr_get_array_size(ndr, &r->in.account_name); + length_account_name_0 = ndr_get_array_length(ndr, &r->in.account_name); + if (length_account_name_0 > size_account_name_0) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_account_name_0, length_account_name_0); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.account_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.account_name, ndr_get_array_length(ndr, &r->in.account_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_account_name_0, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.account_name, length_account_name_0, sizeof(uint16_t), CH_UTF16)); NDR_CHECK(ndr_pull_netr_SchannelType(ndr, NDR_SCALARS, &r->in.secure_channel_type)); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.computer_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.computer_name)); - if (ndr_get_array_length(ndr, &r->in.computer_name) > ndr_get_array_size(ndr, &r->in.computer_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.computer_name), ndr_get_array_length(ndr, &r->in.computer_name)); + size_computer_name_0 = ndr_get_array_size(ndr, &r->in.computer_name); + length_computer_name_0 = ndr_get_array_length(ndr, &r->in.computer_name); + if (length_computer_name_0 > size_computer_name_0) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_computer_name_0, length_computer_name_0); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.computer_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.computer_name, ndr_get_array_length(ndr, &r->in.computer_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_computer_name_0, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.computer_name, length_computer_name_0, sizeof(uint16_t), CH_UTF16)); if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) { NDR_PULL_ALLOC(ndr, r->in.credentials); } @@ -11698,6 +12034,10 @@ static enum ndr_err_code ndr_push_netr_DatabaseSync2(struct ndr_push *ndr, int f static enum ndr_err_code ndr_pull_netr_DatabaseSync2(struct ndr_pull *ndr, int flags, struct netr_DatabaseSync2 *r) { + uint32_t size_logon_server_0 = 0; + uint32_t length_logon_server_0 = 0; + uint32_t size_computername_0 = 0; + uint32_t length_computername_0 = 0; uint32_t _ptr_delta_enum_array; TALLOC_CTX *_mem_save_credential_0; TALLOC_CTX *_mem_save_return_authenticator_0; @@ -11709,18 +12049,22 @@ static enum ndr_err_code ndr_pull_netr_DatabaseSync2(struct ndr_pull *ndr, int f NDR_CHECK(ndr_pull_array_size(ndr, &r->in.logon_server)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.logon_server)); - if (ndr_get_array_length(ndr, &r->in.logon_server) > ndr_get_array_size(ndr, &r->in.logon_server)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.logon_server), ndr_get_array_length(ndr, &r->in.logon_server)); + size_logon_server_0 = ndr_get_array_size(ndr, &r->in.logon_server); + length_logon_server_0 = ndr_get_array_length(ndr, &r->in.logon_server); + if (length_logon_server_0 > size_logon_server_0) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_logon_server_0, length_logon_server_0); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.logon_server), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.logon_server, ndr_get_array_length(ndr, &r->in.logon_server), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_logon_server_0, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.logon_server, length_logon_server_0, sizeof(uint16_t), CH_UTF16)); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.computername)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.computername)); - if (ndr_get_array_length(ndr, &r->in.computername) > ndr_get_array_size(ndr, &r->in.computername)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.computername), ndr_get_array_length(ndr, &r->in.computername)); + size_computername_0 = ndr_get_array_size(ndr, &r->in.computername); + length_computername_0 = ndr_get_array_length(ndr, &r->in.computername); + if (length_computername_0 > size_computername_0) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_computername_0, length_computername_0); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.computername), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.computername, ndr_get_array_length(ndr, &r->in.computername), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_computername_0, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.computername, length_computername_0, sizeof(uint16_t), CH_UTF16)); if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) { NDR_PULL_ALLOC(ndr, r->in.credential); } @@ -11891,6 +12235,10 @@ static enum ndr_err_code ndr_push_netr_DatabaseRedo(struct ndr_push *ndr, int fl static enum ndr_err_code ndr_pull_netr_DatabaseRedo(struct ndr_pull *ndr, int flags, struct netr_DatabaseRedo *r) { + uint32_t size_logon_server_0 = 0; + uint32_t length_logon_server_0 = 0; + uint32_t size_computername_0 = 0; + uint32_t length_computername_0 = 0; uint32_t _ptr_delta_enum_array; TALLOC_CTX *_mem_save_credential_0; TALLOC_CTX *_mem_save_return_authenticator_0; @@ -11901,18 +12249,22 @@ static enum ndr_err_code ndr_pull_netr_DatabaseRedo(struct ndr_pull *ndr, int fl NDR_CHECK(ndr_pull_array_size(ndr, &r->in.logon_server)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.logon_server)); - if (ndr_get_array_length(ndr, &r->in.logon_server) > ndr_get_array_size(ndr, &r->in.logon_server)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.logon_server), ndr_get_array_length(ndr, &r->in.logon_server)); + size_logon_server_0 = ndr_get_array_size(ndr, &r->in.logon_server); + length_logon_server_0 = ndr_get_array_length(ndr, &r->in.logon_server); + if (length_logon_server_0 > size_logon_server_0) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_logon_server_0, length_logon_server_0); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.logon_server), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.logon_server, ndr_get_array_length(ndr, &r->in.logon_server), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_logon_server_0, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.logon_server, length_logon_server_0, sizeof(uint16_t), CH_UTF16)); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.computername)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.computername)); - if (ndr_get_array_length(ndr, &r->in.computername) > ndr_get_array_size(ndr, &r->in.computername)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.computername), ndr_get_array_length(ndr, &r->in.computername)); + size_computername_0 = ndr_get_array_size(ndr, &r->in.computername); + length_computername_0 = ndr_get_array_length(ndr, &r->in.computername); + if (length_computername_0 > size_computername_0) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_computername_0, length_computername_0); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.computername), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.computername, ndr_get_array_length(ndr, &r->in.computername), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_computername_0, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.computername, length_computername_0, sizeof(uint16_t), CH_UTF16)); if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) { NDR_PULL_ALLOC(ndr, r->in.credential); } @@ -12048,6 +12400,8 @@ static enum ndr_err_code ndr_push_netr_LogonControl2Ex(struct ndr_push *ndr, int static enum ndr_err_code ndr_pull_netr_LogonControl2Ex(struct ndr_pull *ndr, int flags, struct netr_LogonControl2Ex *r) { uint32_t _ptr_logon_server; + uint32_t size_logon_server_1 = 0; + uint32_t length_logon_server_1 = 0; TALLOC_CTX *_mem_save_logon_server_0; TALLOC_CTX *_mem_save_data_0; TALLOC_CTX *_mem_save_query_0; @@ -12065,11 +12419,13 @@ static enum ndr_err_code ndr_pull_netr_LogonControl2Ex(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->in.logon_server, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.logon_server)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.logon_server)); - if (ndr_get_array_length(ndr, &r->in.logon_server) > ndr_get_array_size(ndr, &r->in.logon_server)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.logon_server), ndr_get_array_length(ndr, &r->in.logon_server)); + size_logon_server_1 = ndr_get_array_size(ndr, &r->in.logon_server); + length_logon_server_1 = ndr_get_array_length(ndr, &r->in.logon_server); + if (length_logon_server_1 > size_logon_server_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_logon_server_1, length_logon_server_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.logon_server), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.logon_server, ndr_get_array_length(ndr, &r->in.logon_server), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_logon_server_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.logon_server, length_logon_server_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_logon_server_0, 0); } NDR_CHECK(ndr_pull_netr_LogonControlCode(ndr, NDR_SCALARS, &r->in.function_code)); @@ -12162,6 +12518,8 @@ static enum ndr_err_code ndr_push_netr_NetrEnumerateTrustedDomains(struct ndr_pu static enum ndr_err_code ndr_pull_netr_NetrEnumerateTrustedDomains(struct ndr_pull *ndr, int flags, struct netr_NetrEnumerateTrustedDomains *r) { uint32_t _ptr_server_name; + uint32_t size_server_name_1 = 0; + uint32_t length_server_name_1 = 0; TALLOC_CTX *_mem_save_server_name_0; TALLOC_CTX *_mem_save_trusted_domains_blob_0; if (flags & NDR_IN) { @@ -12178,11 +12536,13 @@ static enum ndr_err_code ndr_pull_netr_NetrEnumerateTrustedDomains(struct ndr_pu NDR_PULL_SET_MEM_CTX(ndr, r->in.server_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.server_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.server_name)); - if (ndr_get_array_length(ndr, &r->in.server_name) > ndr_get_array_size(ndr, &r->in.server_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.server_name), ndr_get_array_length(ndr, &r->in.server_name)); + size_server_name_1 = ndr_get_array_size(ndr, &r->in.server_name); + length_server_name_1 = ndr_get_array_length(ndr, &r->in.server_name); + if (length_server_name_1 > size_server_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_name_1, length_server_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.server_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_name, ndr_get_array_length(ndr, &r->in.server_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_name, length_server_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_name_0, 0); } NDR_PULL_ALLOC(ndr, r->out.trusted_domains_blob); @@ -12275,7 +12635,11 @@ static enum ndr_err_code ndr_push_netr_DsRGetDCName(struct ndr_push *ndr, int fl static enum ndr_err_code ndr_pull_netr_DsRGetDCName(struct ndr_pull *ndr, int flags, struct netr_DsRGetDCName *r) { uint32_t _ptr_server_unc; + uint32_t size_server_unc_1 = 0; + uint32_t length_server_unc_1 = 0; uint32_t _ptr_domain_name; + uint32_t size_domain_name_1 = 0; + uint32_t length_domain_name_1 = 0; uint32_t _ptr_domain_guid; uint32_t _ptr_site_guid; uint32_t _ptr_info; @@ -12299,11 +12663,13 @@ static enum ndr_err_code ndr_pull_netr_DsRGetDCName(struct ndr_pull *ndr, int fl NDR_PULL_SET_MEM_CTX(ndr, r->in.server_unc, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.server_unc)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.server_unc)); - if (ndr_get_array_length(ndr, &r->in.server_unc) > ndr_get_array_size(ndr, &r->in.server_unc)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.server_unc), ndr_get_array_length(ndr, &r->in.server_unc)); + size_server_unc_1 = ndr_get_array_size(ndr, &r->in.server_unc); + length_server_unc_1 = ndr_get_array_length(ndr, &r->in.server_unc); + if (length_server_unc_1 > size_server_unc_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_unc_1, length_server_unc_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.server_unc), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_unc, ndr_get_array_length(ndr, &r->in.server_unc), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_unc_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_unc, length_server_unc_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_unc_0, 0); } NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_domain_name)); @@ -12317,11 +12683,13 @@ static enum ndr_err_code ndr_pull_netr_DsRGetDCName(struct ndr_pull *ndr, int fl NDR_PULL_SET_MEM_CTX(ndr, r->in.domain_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.domain_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.domain_name)); - if (ndr_get_array_length(ndr, &r->in.domain_name) > ndr_get_array_size(ndr, &r->in.domain_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.domain_name), ndr_get_array_length(ndr, &r->in.domain_name)); + size_domain_name_1 = ndr_get_array_size(ndr, &r->in.domain_name); + length_domain_name_1 = ndr_get_array_length(ndr, &r->in.domain_name); + if (length_domain_name_1 > size_domain_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_domain_name_1, length_domain_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.domain_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.domain_name, ndr_get_array_length(ndr, &r->in.domain_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_domain_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.domain_name, length_domain_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_domain_name_0, 0); } NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_domain_guid)); @@ -12472,7 +12840,11 @@ static enum ndr_err_code ndr_push_netr_LogonGetCapabilities(struct ndr_push *ndr static enum ndr_err_code ndr_pull_netr_LogonGetCapabilities(struct ndr_pull *ndr, int flags, struct netr_LogonGetCapabilities *r) { + uint32_t size_server_name_0 = 0; + uint32_t length_server_name_0 = 0; uint32_t _ptr_computer_name; + uint32_t size_computer_name_1 = 0; + uint32_t length_computer_name_1 = 0; TALLOC_CTX *_mem_save_computer_name_0; TALLOC_CTX *_mem_save_credential_0; TALLOC_CTX *_mem_save_return_authenticator_0; @@ -12482,11 +12854,13 @@ static enum ndr_err_code ndr_pull_netr_LogonGetCapabilities(struct ndr_pull *ndr NDR_CHECK(ndr_pull_array_size(ndr, &r->in.server_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.server_name)); - if (ndr_get_array_length(ndr, &r->in.server_name) > ndr_get_array_size(ndr, &r->in.server_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.server_name), ndr_get_array_length(ndr, &r->in.server_name)); + size_server_name_0 = ndr_get_array_size(ndr, &r->in.server_name); + length_server_name_0 = ndr_get_array_length(ndr, &r->in.server_name); + if (length_server_name_0 > size_server_name_0) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_name_0, length_server_name_0); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.server_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_name, ndr_get_array_length(ndr, &r->in.server_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_name_0, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_name, length_server_name_0, sizeof(uint16_t), CH_UTF16)); NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_computer_name)); if (_ptr_computer_name) { NDR_PULL_ALLOC(ndr, r->in.computer_name); @@ -12498,11 +12872,13 @@ static enum ndr_err_code ndr_pull_netr_LogonGetCapabilities(struct ndr_pull *ndr NDR_PULL_SET_MEM_CTX(ndr, r->in.computer_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.computer_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.computer_name)); - if (ndr_get_array_length(ndr, &r->in.computer_name) > ndr_get_array_size(ndr, &r->in.computer_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.computer_name), ndr_get_array_length(ndr, &r->in.computer_name)); + size_computer_name_1 = ndr_get_array_size(ndr, &r->in.computer_name); + length_computer_name_1 = ndr_get_array_length(ndr, &r->in.computer_name); + if (length_computer_name_1 > size_computer_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_computer_name_1, length_computer_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.computer_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.computer_name, ndr_get_array_length(ndr, &r->in.computer_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_computer_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.computer_name, length_computer_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_computer_name_0, 0); } if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) { @@ -12664,7 +13040,11 @@ static enum ndr_err_code ndr_push_netr_LogonGetTrustRid(struct ndr_push *ndr, in static enum ndr_err_code ndr_pull_netr_LogonGetTrustRid(struct ndr_pull *ndr, int flags, struct netr_LogonGetTrustRid *r) { uint32_t _ptr_server_name; + uint32_t size_server_name_1 = 0; + uint32_t length_server_name_1 = 0; uint32_t _ptr_domain_name; + uint32_t size_domain_name_1 = 0; + uint32_t length_domain_name_1 = 0; TALLOC_CTX *_mem_save_server_name_0; TALLOC_CTX *_mem_save_domain_name_0; TALLOC_CTX *_mem_save_rid_0; @@ -12682,11 +13062,13 @@ static enum ndr_err_code ndr_pull_netr_LogonGetTrustRid(struct ndr_pull *ndr, in NDR_PULL_SET_MEM_CTX(ndr, r->in.server_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.server_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.server_name)); - if (ndr_get_array_length(ndr, &r->in.server_name) > ndr_get_array_size(ndr, &r->in.server_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.server_name), ndr_get_array_length(ndr, &r->in.server_name)); + size_server_name_1 = ndr_get_array_size(ndr, &r->in.server_name); + length_server_name_1 = ndr_get_array_length(ndr, &r->in.server_name); + if (length_server_name_1 > size_server_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_name_1, length_server_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.server_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_name, ndr_get_array_length(ndr, &r->in.server_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_name, length_server_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_name_0, 0); } NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_domain_name)); @@ -12700,11 +13082,13 @@ static enum ndr_err_code ndr_pull_netr_LogonGetTrustRid(struct ndr_pull *ndr, in NDR_PULL_SET_MEM_CTX(ndr, r->in.domain_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.domain_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.domain_name)); - if (ndr_get_array_length(ndr, &r->in.domain_name) > ndr_get_array_size(ndr, &r->in.domain_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.domain_name), ndr_get_array_length(ndr, &r->in.domain_name)); + size_domain_name_1 = ndr_get_array_size(ndr, &r->in.domain_name); + length_domain_name_1 = ndr_get_array_length(ndr, &r->in.domain_name); + if (length_domain_name_1 > size_domain_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_domain_name_1, length_domain_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.domain_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.domain_name, ndr_get_array_length(ndr, &r->in.domain_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_domain_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.domain_name, length_domain_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_domain_name_0, 0); } NDR_PULL_ALLOC(ndr, r->out.rid); @@ -12891,6 +13275,12 @@ _PUBLIC_ enum ndr_err_code ndr_push_netr_ServerAuthenticate3(struct ndr_push *nd _PUBLIC_ enum ndr_err_code ndr_pull_netr_ServerAuthenticate3(struct ndr_pull *ndr, int flags, struct netr_ServerAuthenticate3 *r) { uint32_t _ptr_server_name; + uint32_t size_server_name_1 = 0; + uint32_t length_server_name_1 = 0; + uint32_t size_account_name_0 = 0; + uint32_t length_account_name_0 = 0; + uint32_t size_computer_name_0 = 0; + uint32_t length_computer_name_0 = 0; TALLOC_CTX *_mem_save_server_name_0; TALLOC_CTX *_mem_save_credentials_0; TALLOC_CTX *_mem_save_return_credentials_0; @@ -12910,28 +13300,34 @@ _PUBLIC_ enum ndr_err_code ndr_pull_netr_ServerAuthenticate3(struct ndr_pull *nd NDR_PULL_SET_MEM_CTX(ndr, r->in.server_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.server_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.server_name)); - if (ndr_get_array_length(ndr, &r->in.server_name) > ndr_get_array_size(ndr, &r->in.server_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.server_name), ndr_get_array_length(ndr, &r->in.server_name)); + size_server_name_1 = ndr_get_array_size(ndr, &r->in.server_name); + length_server_name_1 = ndr_get_array_length(ndr, &r->in.server_name); + if (length_server_name_1 > size_server_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_name_1, length_server_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.server_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_name, ndr_get_array_length(ndr, &r->in.server_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_name, length_server_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_name_0, 0); } NDR_CHECK(ndr_pull_array_size(ndr, &r->in.account_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.account_name)); - if (ndr_get_array_length(ndr, &r->in.account_name) > ndr_get_array_size(ndr, &r->in.account_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.account_name), ndr_get_array_length(ndr, &r->in.account_name)); + size_account_name_0 = ndr_get_array_size(ndr, &r->in.account_name); + length_account_name_0 = ndr_get_array_length(ndr, &r->in.account_name); + if (length_account_name_0 > size_account_name_0) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_account_name_0, length_account_name_0); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.account_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.account_name, ndr_get_array_length(ndr, &r->in.account_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_account_name_0, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.account_name, length_account_name_0, sizeof(uint16_t), CH_UTF16)); NDR_CHECK(ndr_pull_netr_SchannelType(ndr, NDR_SCALARS, &r->in.secure_channel_type)); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.computer_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.computer_name)); - if (ndr_get_array_length(ndr, &r->in.computer_name) > ndr_get_array_size(ndr, &r->in.computer_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.computer_name), ndr_get_array_length(ndr, &r->in.computer_name)); + size_computer_name_0 = ndr_get_array_size(ndr, &r->in.computer_name); + length_computer_name_0 = ndr_get_array_length(ndr, &r->in.computer_name); + if (length_computer_name_0 > size_computer_name_0) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_computer_name_0, length_computer_name_0); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.computer_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.computer_name, ndr_get_array_length(ndr, &r->in.computer_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_computer_name_0, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.computer_name, length_computer_name_0, sizeof(uint16_t), CH_UTF16)); if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) { NDR_PULL_ALLOC(ndr, r->in.credentials); } @@ -13076,9 +13472,15 @@ static enum ndr_err_code ndr_push_netr_DsRGetDCNameEx(struct ndr_push *ndr, int static enum ndr_err_code ndr_pull_netr_DsRGetDCNameEx(struct ndr_pull *ndr, int flags, struct netr_DsRGetDCNameEx *r) { uint32_t _ptr_server_unc; + uint32_t size_server_unc_1 = 0; + uint32_t length_server_unc_1 = 0; uint32_t _ptr_domain_name; + uint32_t size_domain_name_1 = 0; + uint32_t length_domain_name_1 = 0; uint32_t _ptr_domain_guid; uint32_t _ptr_site_name; + uint32_t size_site_name_1 = 0; + uint32_t length_site_name_1 = 0; uint32_t _ptr_info; TALLOC_CTX *_mem_save_server_unc_0; TALLOC_CTX *_mem_save_domain_name_0; @@ -13100,11 +13502,13 @@ static enum ndr_err_code ndr_pull_netr_DsRGetDCNameEx(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->in.server_unc, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.server_unc)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.server_unc)); - if (ndr_get_array_length(ndr, &r->in.server_unc) > ndr_get_array_size(ndr, &r->in.server_unc)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.server_unc), ndr_get_array_length(ndr, &r->in.server_unc)); + size_server_unc_1 = ndr_get_array_size(ndr, &r->in.server_unc); + length_server_unc_1 = ndr_get_array_length(ndr, &r->in.server_unc); + if (length_server_unc_1 > size_server_unc_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_unc_1, length_server_unc_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.server_unc), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_unc, ndr_get_array_length(ndr, &r->in.server_unc), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_unc_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_unc, length_server_unc_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_unc_0, 0); } NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_domain_name)); @@ -13118,11 +13522,13 @@ static enum ndr_err_code ndr_pull_netr_DsRGetDCNameEx(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->in.domain_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.domain_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.domain_name)); - if (ndr_get_array_length(ndr, &r->in.domain_name) > ndr_get_array_size(ndr, &r->in.domain_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.domain_name), ndr_get_array_length(ndr, &r->in.domain_name)); + size_domain_name_1 = ndr_get_array_size(ndr, &r->in.domain_name); + length_domain_name_1 = ndr_get_array_length(ndr, &r->in.domain_name); + if (length_domain_name_1 > size_domain_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_domain_name_1, length_domain_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.domain_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.domain_name, ndr_get_array_length(ndr, &r->in.domain_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_domain_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.domain_name, length_domain_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_domain_name_0, 0); } NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_domain_guid)); @@ -13148,11 +13554,13 @@ static enum ndr_err_code ndr_pull_netr_DsRGetDCNameEx(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->in.site_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.site_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.site_name)); - if (ndr_get_array_length(ndr, &r->in.site_name) > ndr_get_array_size(ndr, &r->in.site_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.site_name), ndr_get_array_length(ndr, &r->in.site_name)); + size_site_name_1 = ndr_get_array_size(ndr, &r->in.site_name); + length_site_name_1 = ndr_get_array_length(ndr, &r->in.site_name); + if (length_site_name_1 > size_site_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_site_name_1, length_site_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.site_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.site_name, ndr_get_array_length(ndr, &r->in.site_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_site_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.site_name, length_site_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_site_name_0, 0); } NDR_CHECK(ndr_pull_netr_DsRGetDCName_flags(ndr, NDR_SCALARS, &r->in.flags)); @@ -13268,7 +13676,11 @@ static enum ndr_err_code ndr_push_netr_DsRGetSiteName(struct ndr_push *ndr, int static enum ndr_err_code ndr_pull_netr_DsRGetSiteName(struct ndr_pull *ndr, int flags, struct netr_DsRGetSiteName *r) { uint32_t _ptr_computer_name; + uint32_t size_computer_name_1 = 0; + uint32_t length_computer_name_1 = 0; uint32_t _ptr_site; + uint32_t size_site_2 = 0; + uint32_t length_site_2 = 0; TALLOC_CTX *_mem_save_computer_name_0; TALLOC_CTX *_mem_save_site_0; TALLOC_CTX *_mem_save_site_1; @@ -13286,11 +13698,13 @@ static enum ndr_err_code ndr_pull_netr_DsRGetSiteName(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->in.computer_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.computer_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.computer_name)); - if (ndr_get_array_length(ndr, &r->in.computer_name) > ndr_get_array_size(ndr, &r->in.computer_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.computer_name), ndr_get_array_length(ndr, &r->in.computer_name)); + size_computer_name_1 = ndr_get_array_size(ndr, &r->in.computer_name); + length_computer_name_1 = ndr_get_array_length(ndr, &r->in.computer_name); + if (length_computer_name_1 > size_computer_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_computer_name_1, length_computer_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.computer_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.computer_name, ndr_get_array_length(ndr, &r->in.computer_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_computer_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.computer_name, length_computer_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_computer_name_0, 0); } NDR_PULL_ALLOC(ndr, r->out.site); @@ -13313,11 +13727,13 @@ static enum ndr_err_code ndr_pull_netr_DsRGetSiteName(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, *r->out.site, 0); NDR_CHECK(ndr_pull_array_size(ndr, r->out.site)); NDR_CHECK(ndr_pull_array_length(ndr, r->out.site)); - if (ndr_get_array_length(ndr, r->out.site) > ndr_get_array_size(ndr, r->out.site)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, r->out.site), ndr_get_array_length(ndr, r->out.site)); + size_site_2 = ndr_get_array_size(ndr, r->out.site); + length_site_2 = ndr_get_array_length(ndr, r->out.site); + if (length_site_2 > size_site_2) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_site_2, length_site_2); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, r->out.site), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, r->out.site, ndr_get_array_length(ndr, r->out.site), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_site_2, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, r->out.site, length_site_2, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_site_1, 0); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_site_0, LIBNDR_FLAG_REF_ALLOC); @@ -13405,7 +13821,11 @@ static enum ndr_err_code ndr_push_netr_LogonGetDomainInfo(struct ndr_push *ndr, static enum ndr_err_code ndr_pull_netr_LogonGetDomainInfo(struct ndr_pull *ndr, int flags, struct netr_LogonGetDomainInfo *r) { + uint32_t size_server_name_0 = 0; + uint32_t length_server_name_0 = 0; uint32_t _ptr_computer_name; + uint32_t size_computer_name_1 = 0; + uint32_t length_computer_name_1 = 0; TALLOC_CTX *_mem_save_computer_name_0; TALLOC_CTX *_mem_save_credential_0; TALLOC_CTX *_mem_save_return_authenticator_0; @@ -13415,11 +13835,13 @@ static enum ndr_err_code ndr_pull_netr_LogonGetDomainInfo(struct ndr_pull *ndr, NDR_CHECK(ndr_pull_array_size(ndr, &r->in.server_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.server_name)); - if (ndr_get_array_length(ndr, &r->in.server_name) > ndr_get_array_size(ndr, &r->in.server_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.server_name), ndr_get_array_length(ndr, &r->in.server_name)); + size_server_name_0 = ndr_get_array_size(ndr, &r->in.server_name); + length_server_name_0 = ndr_get_array_length(ndr, &r->in.server_name); + if (length_server_name_0 > size_server_name_0) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_name_0, length_server_name_0); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.server_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_name, ndr_get_array_length(ndr, &r->in.server_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_name_0, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_name, length_server_name_0, sizeof(uint16_t), CH_UTF16)); NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_computer_name)); if (_ptr_computer_name) { NDR_PULL_ALLOC(ndr, r->in.computer_name); @@ -13431,11 +13853,13 @@ static enum ndr_err_code ndr_pull_netr_LogonGetDomainInfo(struct ndr_pull *ndr, NDR_PULL_SET_MEM_CTX(ndr, r->in.computer_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.computer_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.computer_name)); - if (ndr_get_array_length(ndr, &r->in.computer_name) > ndr_get_array_size(ndr, &r->in.computer_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.computer_name), ndr_get_array_length(ndr, &r->in.computer_name)); + size_computer_name_1 = ndr_get_array_size(ndr, &r->in.computer_name); + length_computer_name_1 = ndr_get_array_length(ndr, &r->in.computer_name); + if (length_computer_name_1 > size_computer_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_computer_name_1, length_computer_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.computer_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.computer_name, ndr_get_array_length(ndr, &r->in.computer_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_computer_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.computer_name, length_computer_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_computer_name_0, 0); } if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) { @@ -13570,6 +13994,12 @@ static enum ndr_err_code ndr_push_netr_ServerPasswordSet2(struct ndr_push *ndr, static enum ndr_err_code ndr_pull_netr_ServerPasswordSet2(struct ndr_pull *ndr, int flags, struct netr_ServerPasswordSet2 *r) { uint32_t _ptr_server_name; + uint32_t size_server_name_1 = 0; + uint32_t length_server_name_1 = 0; + uint32_t size_account_name_0 = 0; + uint32_t length_account_name_0 = 0; + uint32_t size_computer_name_0 = 0; + uint32_t length_computer_name_0 = 0; TALLOC_CTX *_mem_save_server_name_0; TALLOC_CTX *_mem_save_credential_0; TALLOC_CTX *_mem_save_return_authenticator_0; @@ -13588,28 +14018,34 @@ static enum ndr_err_code ndr_pull_netr_ServerPasswordSet2(struct ndr_pull *ndr, NDR_PULL_SET_MEM_CTX(ndr, r->in.server_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.server_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.server_name)); - if (ndr_get_array_length(ndr, &r->in.server_name) > ndr_get_array_size(ndr, &r->in.server_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.server_name), ndr_get_array_length(ndr, &r->in.server_name)); + size_server_name_1 = ndr_get_array_size(ndr, &r->in.server_name); + length_server_name_1 = ndr_get_array_length(ndr, &r->in.server_name); + if (length_server_name_1 > size_server_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_name_1, length_server_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.server_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_name, ndr_get_array_length(ndr, &r->in.server_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_name, length_server_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_name_0, 0); } NDR_CHECK(ndr_pull_array_size(ndr, &r->in.account_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.account_name)); - if (ndr_get_array_length(ndr, &r->in.account_name) > ndr_get_array_size(ndr, &r->in.account_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.account_name), ndr_get_array_length(ndr, &r->in.account_name)); + size_account_name_0 = ndr_get_array_size(ndr, &r->in.account_name); + length_account_name_0 = ndr_get_array_length(ndr, &r->in.account_name); + if (length_account_name_0 > size_account_name_0) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_account_name_0, length_account_name_0); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.account_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.account_name, ndr_get_array_length(ndr, &r->in.account_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_account_name_0, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.account_name, length_account_name_0, sizeof(uint16_t), CH_UTF16)); NDR_CHECK(ndr_pull_netr_SchannelType(ndr, NDR_SCALARS, &r->in.secure_channel_type)); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.computer_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.computer_name)); - if (ndr_get_array_length(ndr, &r->in.computer_name) > ndr_get_array_size(ndr, &r->in.computer_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.computer_name), ndr_get_array_length(ndr, &r->in.computer_name)); + size_computer_name_0 = ndr_get_array_size(ndr, &r->in.computer_name); + length_computer_name_0 = ndr_get_array_length(ndr, &r->in.computer_name); + if (length_computer_name_0 > size_computer_name_0) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_computer_name_0, length_computer_name_0); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.computer_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.computer_name, ndr_get_array_length(ndr, &r->in.computer_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_computer_name_0, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.computer_name, length_computer_name_0, sizeof(uint16_t), CH_UTF16)); if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) { NDR_PULL_ALLOC(ndr, r->in.credential); } @@ -13723,6 +14159,12 @@ static enum ndr_err_code ndr_push_netr_ServerPasswordGet(struct ndr_push *ndr, i static enum ndr_err_code ndr_pull_netr_ServerPasswordGet(struct ndr_pull *ndr, int flags, struct netr_ServerPasswordGet *r) { uint32_t _ptr_server_name; + uint32_t size_server_name_1 = 0; + uint32_t length_server_name_1 = 0; + uint32_t size_account_name_0 = 0; + uint32_t length_account_name_0 = 0; + uint32_t size_computer_name_0 = 0; + uint32_t length_computer_name_0 = 0; TALLOC_CTX *_mem_save_server_name_0; TALLOC_CTX *_mem_save_credential_0; TALLOC_CTX *_mem_save_return_authenticator_0; @@ -13741,28 +14183,34 @@ static enum ndr_err_code ndr_pull_netr_ServerPasswordGet(struct ndr_pull *ndr, i NDR_PULL_SET_MEM_CTX(ndr, r->in.server_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.server_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.server_name)); - if (ndr_get_array_length(ndr, &r->in.server_name) > ndr_get_array_size(ndr, &r->in.server_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.server_name), ndr_get_array_length(ndr, &r->in.server_name)); + size_server_name_1 = ndr_get_array_size(ndr, &r->in.server_name); + length_server_name_1 = ndr_get_array_length(ndr, &r->in.server_name); + if (length_server_name_1 > size_server_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_name_1, length_server_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.server_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_name, ndr_get_array_length(ndr, &r->in.server_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_name, length_server_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_name_0, 0); } NDR_CHECK(ndr_pull_array_size(ndr, &r->in.account_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.account_name)); - if (ndr_get_array_length(ndr, &r->in.account_name) > ndr_get_array_size(ndr, &r->in.account_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.account_name), ndr_get_array_length(ndr, &r->in.account_name)); + size_account_name_0 = ndr_get_array_size(ndr, &r->in.account_name); + length_account_name_0 = ndr_get_array_length(ndr, &r->in.account_name); + if (length_account_name_0 > size_account_name_0) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_account_name_0, length_account_name_0); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.account_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.account_name, ndr_get_array_length(ndr, &r->in.account_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_account_name_0, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.account_name, length_account_name_0, sizeof(uint16_t), CH_UTF16)); NDR_CHECK(ndr_pull_netr_SchannelType(ndr, NDR_SCALARS, &r->in.secure_channel_type)); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.computer_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.computer_name)); - if (ndr_get_array_length(ndr, &r->in.computer_name) > ndr_get_array_size(ndr, &r->in.computer_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.computer_name), ndr_get_array_length(ndr, &r->in.computer_name)); + size_computer_name_0 = ndr_get_array_size(ndr, &r->in.computer_name); + length_computer_name_0 = ndr_get_array_length(ndr, &r->in.computer_name); + if (length_computer_name_0 > size_computer_name_0) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_computer_name_0, length_computer_name_0); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.computer_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.computer_name, ndr_get_array_length(ndr, &r->in.computer_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_computer_name_0, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.computer_name, length_computer_name_0, sizeof(uint16_t), CH_UTF16)); if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) { NDR_PULL_ALLOC(ndr, r->in.credential); } @@ -13917,6 +14365,9 @@ static enum ndr_err_code ndr_push_netr_DsRAddressToSitenamesW(struct ndr_push *n static enum ndr_err_code ndr_pull_netr_DsRAddressToSitenamesW(struct ndr_pull *ndr, int flags, struct netr_DsRAddressToSitenamesW *r) { uint32_t _ptr_server_name; + uint32_t size_server_name_1 = 0; + uint32_t length_server_name_1 = 0; + uint32_t size_addresses_1 = 0; uint32_t cntr_addresses_1; uint32_t _ptr_ctr; TALLOC_CTX *_mem_save_server_name_0; @@ -13937,11 +14388,13 @@ static enum ndr_err_code ndr_pull_netr_DsRAddressToSitenamesW(struct ndr_pull *n NDR_PULL_SET_MEM_CTX(ndr, r->in.server_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.server_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.server_name)); - if (ndr_get_array_length(ndr, &r->in.server_name) > ndr_get_array_size(ndr, &r->in.server_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.server_name), ndr_get_array_length(ndr, &r->in.server_name)); + size_server_name_1 = ndr_get_array_size(ndr, &r->in.server_name); + length_server_name_1 = ndr_get_array_length(ndr, &r->in.server_name); + if (length_server_name_1 > size_server_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_name_1, length_server_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.server_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_name, ndr_get_array_length(ndr, &r->in.server_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_name, length_server_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_name_0, 0); } NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.count)); @@ -13949,15 +14402,16 @@ static enum ndr_err_code ndr_pull_netr_DsRAddressToSitenamesW(struct ndr_pull *n return ndr_pull_error(ndr, NDR_ERR_RANGE, "value out of range"); } NDR_CHECK(ndr_pull_array_size(ndr, &r->in.addresses)); + size_addresses_1 = ndr_get_array_size(ndr, &r->in.addresses); if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) { - NDR_PULL_ALLOC_N(ndr, r->in.addresses, ndr_get_array_size(ndr, &r->in.addresses)); + NDR_PULL_ALLOC_N(ndr, r->in.addresses, size_addresses_1); } _mem_save_addresses_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->in.addresses, 0); - for (cntr_addresses_1 = 0; cntr_addresses_1 < r->in.count; cntr_addresses_1++) { + for (cntr_addresses_1 = 0; cntr_addresses_1 < size_addresses_1; cntr_addresses_1++) { NDR_CHECK(ndr_pull_netr_DsRAddress(ndr, NDR_SCALARS, &r->in.addresses[cntr_addresses_1])); } - for (cntr_addresses_1 = 0; cntr_addresses_1 < r->in.count; cntr_addresses_1++) { + for (cntr_addresses_1 = 0; cntr_addresses_1 < size_addresses_1; cntr_addresses_1++) { NDR_CHECK(ndr_pull_netr_DsRAddress(ndr, NDR_BUFFERS, &r->in.addresses[cntr_addresses_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_addresses_1, 0); @@ -14096,10 +14550,18 @@ static enum ndr_err_code ndr_push_netr_DsRGetDCNameEx2(struct ndr_push *ndr, int static enum ndr_err_code ndr_pull_netr_DsRGetDCNameEx2(struct ndr_pull *ndr, int flags, struct netr_DsRGetDCNameEx2 *r) { uint32_t _ptr_server_unc; + uint32_t size_server_unc_1 = 0; + uint32_t length_server_unc_1 = 0; uint32_t _ptr_client_account; + uint32_t size_client_account_1 = 0; + uint32_t length_client_account_1 = 0; uint32_t _ptr_domain_name; + uint32_t size_domain_name_1 = 0; + uint32_t length_domain_name_1 = 0; uint32_t _ptr_domain_guid; uint32_t _ptr_site_name; + uint32_t size_site_name_1 = 0; + uint32_t length_site_name_1 = 0; uint32_t _ptr_info; TALLOC_CTX *_mem_save_server_unc_0; TALLOC_CTX *_mem_save_client_account_0; @@ -14122,11 +14584,13 @@ static enum ndr_err_code ndr_pull_netr_DsRGetDCNameEx2(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->in.server_unc, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.server_unc)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.server_unc)); - if (ndr_get_array_length(ndr, &r->in.server_unc) > ndr_get_array_size(ndr, &r->in.server_unc)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.server_unc), ndr_get_array_length(ndr, &r->in.server_unc)); + size_server_unc_1 = ndr_get_array_size(ndr, &r->in.server_unc); + length_server_unc_1 = ndr_get_array_length(ndr, &r->in.server_unc); + if (length_server_unc_1 > size_server_unc_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_unc_1, length_server_unc_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.server_unc), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_unc, ndr_get_array_length(ndr, &r->in.server_unc), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_unc_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_unc, length_server_unc_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_unc_0, 0); } NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_client_account)); @@ -14140,11 +14604,13 @@ static enum ndr_err_code ndr_pull_netr_DsRGetDCNameEx2(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->in.client_account, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.client_account)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.client_account)); - if (ndr_get_array_length(ndr, &r->in.client_account) > ndr_get_array_size(ndr, &r->in.client_account)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.client_account), ndr_get_array_length(ndr, &r->in.client_account)); + size_client_account_1 = ndr_get_array_size(ndr, &r->in.client_account); + length_client_account_1 = ndr_get_array_length(ndr, &r->in.client_account); + if (length_client_account_1 > size_client_account_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_client_account_1, length_client_account_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.client_account), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.client_account, ndr_get_array_length(ndr, &r->in.client_account), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_client_account_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.client_account, length_client_account_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_client_account_0, 0); } NDR_CHECK(ndr_pull_samr_AcctFlags(ndr, NDR_SCALARS, &r->in.mask)); @@ -14159,11 +14625,13 @@ static enum ndr_err_code ndr_pull_netr_DsRGetDCNameEx2(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->in.domain_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.domain_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.domain_name)); - if (ndr_get_array_length(ndr, &r->in.domain_name) > ndr_get_array_size(ndr, &r->in.domain_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.domain_name), ndr_get_array_length(ndr, &r->in.domain_name)); + size_domain_name_1 = ndr_get_array_size(ndr, &r->in.domain_name); + length_domain_name_1 = ndr_get_array_length(ndr, &r->in.domain_name); + if (length_domain_name_1 > size_domain_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_domain_name_1, length_domain_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.domain_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.domain_name, ndr_get_array_length(ndr, &r->in.domain_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_domain_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.domain_name, length_domain_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_domain_name_0, 0); } NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_domain_guid)); @@ -14189,11 +14657,13 @@ static enum ndr_err_code ndr_pull_netr_DsRGetDCNameEx2(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->in.site_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.site_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.site_name)); - if (ndr_get_array_length(ndr, &r->in.site_name) > ndr_get_array_size(ndr, &r->in.site_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.site_name), ndr_get_array_length(ndr, &r->in.site_name)); + size_site_name_1 = ndr_get_array_size(ndr, &r->in.site_name); + length_site_name_1 = ndr_get_array_length(ndr, &r->in.site_name); + if (length_site_name_1 > size_site_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_site_name_1, length_site_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.site_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.site_name, ndr_get_array_length(ndr, &r->in.site_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_site_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.site_name, length_site_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_site_name_0, 0); } NDR_CHECK(ndr_pull_netr_DsRGetDCName_flags(ndr, NDR_SCALARS, &r->in.flags)); @@ -14351,6 +14821,8 @@ static enum ndr_err_code ndr_push_netr_NetrEnumerateTrustedDomainsEx(struct ndr_ static enum ndr_err_code ndr_pull_netr_NetrEnumerateTrustedDomainsEx(struct ndr_pull *ndr, int flags, struct netr_NetrEnumerateTrustedDomainsEx *r) { uint32_t _ptr_server_name; + uint32_t size_server_name_1 = 0; + uint32_t length_server_name_1 = 0; TALLOC_CTX *_mem_save_server_name_0; TALLOC_CTX *_mem_save_dom_trust_list_0; if (flags & NDR_IN) { @@ -14367,11 +14839,13 @@ static enum ndr_err_code ndr_pull_netr_NetrEnumerateTrustedDomainsEx(struct ndr_ NDR_PULL_SET_MEM_CTX(ndr, r->in.server_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.server_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.server_name)); - if (ndr_get_array_length(ndr, &r->in.server_name) > ndr_get_array_size(ndr, &r->in.server_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.server_name), ndr_get_array_length(ndr, &r->in.server_name)); + size_server_name_1 = ndr_get_array_size(ndr, &r->in.server_name); + length_server_name_1 = ndr_get_array_length(ndr, &r->in.server_name); + if (length_server_name_1 > size_server_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_name_1, length_server_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.server_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_name, ndr_get_array_length(ndr, &r->in.server_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_name, length_server_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_name_0, 0); } NDR_PULL_ALLOC(ndr, r->out.dom_trust_list); @@ -14460,6 +14934,9 @@ static enum ndr_err_code ndr_push_netr_DsRAddressToSitenamesExW(struct ndr_push static enum ndr_err_code ndr_pull_netr_DsRAddressToSitenamesExW(struct ndr_pull *ndr, int flags, struct netr_DsRAddressToSitenamesExW *r) { uint32_t _ptr_server_name; + uint32_t size_server_name_1 = 0; + uint32_t length_server_name_1 = 0; + uint32_t size_addresses_1 = 0; uint32_t cntr_addresses_1; uint32_t _ptr_ctr; TALLOC_CTX *_mem_save_server_name_0; @@ -14480,11 +14957,13 @@ static enum ndr_err_code ndr_pull_netr_DsRAddressToSitenamesExW(struct ndr_pull NDR_PULL_SET_MEM_CTX(ndr, r->in.server_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.server_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.server_name)); - if (ndr_get_array_length(ndr, &r->in.server_name) > ndr_get_array_size(ndr, &r->in.server_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.server_name), ndr_get_array_length(ndr, &r->in.server_name)); + size_server_name_1 = ndr_get_array_size(ndr, &r->in.server_name); + length_server_name_1 = ndr_get_array_length(ndr, &r->in.server_name); + if (length_server_name_1 > size_server_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_name_1, length_server_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.server_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_name, ndr_get_array_length(ndr, &r->in.server_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_name, length_server_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_name_0, 0); } NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.count)); @@ -14492,15 +14971,16 @@ static enum ndr_err_code ndr_pull_netr_DsRAddressToSitenamesExW(struct ndr_pull return ndr_pull_error(ndr, NDR_ERR_RANGE, "value out of range"); } NDR_CHECK(ndr_pull_array_size(ndr, &r->in.addresses)); + size_addresses_1 = ndr_get_array_size(ndr, &r->in.addresses); if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) { - NDR_PULL_ALLOC_N(ndr, r->in.addresses, ndr_get_array_size(ndr, &r->in.addresses)); + NDR_PULL_ALLOC_N(ndr, r->in.addresses, size_addresses_1); } _mem_save_addresses_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->in.addresses, 0); - for (cntr_addresses_1 = 0; cntr_addresses_1 < r->in.count; cntr_addresses_1++) { + for (cntr_addresses_1 = 0; cntr_addresses_1 < size_addresses_1; cntr_addresses_1++) { NDR_CHECK(ndr_pull_netr_DsRAddress(ndr, NDR_SCALARS, &r->in.addresses[cntr_addresses_1])); } - for (cntr_addresses_1 = 0; cntr_addresses_1 < r->in.count; cntr_addresses_1++) { + for (cntr_addresses_1 = 0; cntr_addresses_1 < size_addresses_1; cntr_addresses_1++) { NDR_CHECK(ndr_pull_netr_DsRAddress(ndr, NDR_BUFFERS, &r->in.addresses[cntr_addresses_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_addresses_1, 0); @@ -14612,6 +15092,8 @@ static enum ndr_err_code ndr_push_netr_DsrGetDcSiteCoverageW(struct ndr_push *nd static enum ndr_err_code ndr_pull_netr_DsrGetDcSiteCoverageW(struct ndr_pull *ndr, int flags, struct netr_DsrGetDcSiteCoverageW *r) { uint32_t _ptr_server_name; + uint32_t size_server_name_1 = 0; + uint32_t length_server_name_1 = 0; uint32_t _ptr_ctr; TALLOC_CTX *_mem_save_server_name_0; TALLOC_CTX *_mem_save_ctr_0; @@ -14630,11 +15112,13 @@ static enum ndr_err_code ndr_pull_netr_DsrGetDcSiteCoverageW(struct ndr_pull *nd NDR_PULL_SET_MEM_CTX(ndr, r->in.server_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.server_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.server_name)); - if (ndr_get_array_length(ndr, &r->in.server_name) > ndr_get_array_size(ndr, &r->in.server_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.server_name), ndr_get_array_length(ndr, &r->in.server_name)); + size_server_name_1 = ndr_get_array_size(ndr, &r->in.server_name); + length_server_name_1 = ndr_get_array_length(ndr, &r->in.server_name); + if (length_server_name_1 > size_server_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_name_1, length_server_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.server_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_name, ndr_get_array_length(ndr, &r->in.server_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_name, length_server_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_name_0, 0); } NDR_PULL_ALLOC(ndr, r->out.ctr); @@ -14751,7 +15235,11 @@ static enum ndr_err_code ndr_push_netr_LogonSamLogonEx(struct ndr_push *ndr, int static enum ndr_err_code ndr_pull_netr_LogonSamLogonEx(struct ndr_pull *ndr, int flags, struct netr_LogonSamLogonEx *r) { uint32_t _ptr_server_name; + uint32_t size_server_name_1 = 0; + uint32_t length_server_name_1 = 0; uint32_t _ptr_computer_name; + uint32_t size_computer_name_1 = 0; + uint32_t length_computer_name_1 = 0; TALLOC_CTX *_mem_save_server_name_0; TALLOC_CTX *_mem_save_computer_name_0; TALLOC_CTX *_mem_save_logon_0; @@ -14772,11 +15260,13 @@ static enum ndr_err_code ndr_pull_netr_LogonSamLogonEx(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->in.server_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.server_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.server_name)); - if (ndr_get_array_length(ndr, &r->in.server_name) > ndr_get_array_size(ndr, &r->in.server_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.server_name), ndr_get_array_length(ndr, &r->in.server_name)); + size_server_name_1 = ndr_get_array_size(ndr, &r->in.server_name); + length_server_name_1 = ndr_get_array_length(ndr, &r->in.server_name); + if (length_server_name_1 > size_server_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_name_1, length_server_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.server_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_name, ndr_get_array_length(ndr, &r->in.server_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_name, length_server_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_name_0, 0); } NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_computer_name)); @@ -14790,11 +15280,13 @@ static enum ndr_err_code ndr_pull_netr_LogonSamLogonEx(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->in.computer_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.computer_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.computer_name)); - if (ndr_get_array_length(ndr, &r->in.computer_name) > ndr_get_array_size(ndr, &r->in.computer_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.computer_name), ndr_get_array_length(ndr, &r->in.computer_name)); + size_computer_name_1 = ndr_get_array_size(ndr, &r->in.computer_name); + length_computer_name_1 = ndr_get_array_length(ndr, &r->in.computer_name); + if (length_computer_name_1 > size_computer_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_computer_name_1, length_computer_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.computer_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.computer_name, ndr_get_array_length(ndr, &r->in.computer_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_computer_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.computer_name, length_computer_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_computer_name_0, 0); } NDR_CHECK(ndr_pull_netr_LogonInfoClass(ndr, NDR_SCALARS, &r->in.logon_level)); @@ -14931,6 +15423,8 @@ static enum ndr_err_code ndr_push_netr_DsrEnumerateDomainTrusts(struct ndr_push static enum ndr_err_code ndr_pull_netr_DsrEnumerateDomainTrusts(struct ndr_pull *ndr, int flags, struct netr_DsrEnumerateDomainTrusts *r) { uint32_t _ptr_server_name; + uint32_t size_server_name_1 = 0; + uint32_t length_server_name_1 = 0; TALLOC_CTX *_mem_save_server_name_0; TALLOC_CTX *_mem_save_trusts_0; if (flags & NDR_IN) { @@ -14947,11 +15441,13 @@ static enum ndr_err_code ndr_pull_netr_DsrEnumerateDomainTrusts(struct ndr_pull NDR_PULL_SET_MEM_CTX(ndr, r->in.server_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.server_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.server_name)); - if (ndr_get_array_length(ndr, &r->in.server_name) > ndr_get_array_size(ndr, &r->in.server_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.server_name), ndr_get_array_length(ndr, &r->in.server_name)); + size_server_name_1 = ndr_get_array_size(ndr, &r->in.server_name); + length_server_name_1 = ndr_get_array_length(ndr, &r->in.server_name); + if (length_server_name_1 > size_server_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_name_1, length_server_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.server_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_name, ndr_get_array_length(ndr, &r->in.server_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_name, length_server_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_name_0, 0); } NDR_CHECK(ndr_pull_netr_TrustFlags(ndr, NDR_SCALARS, &r->in.trust_flags)); @@ -15045,9 +15541,15 @@ static enum ndr_err_code ndr_push_netr_DsrDeregisterDNSHostRecords(struct ndr_pu static enum ndr_err_code ndr_pull_netr_DsrDeregisterDNSHostRecords(struct ndr_pull *ndr, int flags, struct netr_DsrDeregisterDNSHostRecords *r) { uint32_t _ptr_server_name; + uint32_t size_server_name_1 = 0; + uint32_t length_server_name_1 = 0; uint32_t _ptr_domain; + uint32_t size_domain_1 = 0; + uint32_t length_domain_1 = 0; uint32_t _ptr_domain_guid; uint32_t _ptr_dsa_guid; + uint32_t size_dns_host_1 = 0; + uint32_t length_dns_host_1 = 0; TALLOC_CTX *_mem_save_server_name_0; TALLOC_CTX *_mem_save_domain_0; TALLOC_CTX *_mem_save_domain_guid_0; @@ -15064,11 +15566,13 @@ static enum ndr_err_code ndr_pull_netr_DsrDeregisterDNSHostRecords(struct ndr_pu NDR_PULL_SET_MEM_CTX(ndr, r->in.server_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.server_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.server_name)); - if (ndr_get_array_length(ndr, &r->in.server_name) > ndr_get_array_size(ndr, &r->in.server_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.server_name), ndr_get_array_length(ndr, &r->in.server_name)); + size_server_name_1 = ndr_get_array_size(ndr, &r->in.server_name); + length_server_name_1 = ndr_get_array_length(ndr, &r->in.server_name); + if (length_server_name_1 > size_server_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_name_1, length_server_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.server_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_name, ndr_get_array_length(ndr, &r->in.server_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_name, length_server_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_name_0, 0); } NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_domain)); @@ -15082,11 +15586,13 @@ static enum ndr_err_code ndr_pull_netr_DsrDeregisterDNSHostRecords(struct ndr_pu NDR_PULL_SET_MEM_CTX(ndr, r->in.domain, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.domain)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.domain)); - if (ndr_get_array_length(ndr, &r->in.domain) > ndr_get_array_size(ndr, &r->in.domain)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.domain), ndr_get_array_length(ndr, &r->in.domain)); + size_domain_1 = ndr_get_array_size(ndr, &r->in.domain); + length_domain_1 = ndr_get_array_length(ndr, &r->in.domain); + if (length_domain_1 > size_domain_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_domain_1, length_domain_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.domain), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.domain, ndr_get_array_length(ndr, &r->in.domain), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_domain_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.domain, length_domain_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_domain_0, 0); } NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_domain_guid)); @@ -15115,11 +15621,13 @@ static enum ndr_err_code ndr_pull_netr_DsrDeregisterDNSHostRecords(struct ndr_pu } NDR_CHECK(ndr_pull_array_size(ndr, &r->in.dns_host)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.dns_host)); - if (ndr_get_array_length(ndr, &r->in.dns_host) > ndr_get_array_size(ndr, &r->in.dns_host)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.dns_host), ndr_get_array_length(ndr, &r->in.dns_host)); + size_dns_host_1 = ndr_get_array_size(ndr, &r->in.dns_host); + length_dns_host_1 = ndr_get_array_length(ndr, &r->in.dns_host); + if (length_dns_host_1 > size_dns_host_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_dns_host_1, length_dns_host_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.dns_host), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.dns_host, ndr_get_array_length(ndr, &r->in.dns_host), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_dns_host_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.dns_host, length_dns_host_1, sizeof(uint16_t), CH_UTF16)); } if (flags & NDR_OUT) { NDR_CHECK(ndr_pull_WERROR(ndr, NDR_SCALARS, &r->out.result)); @@ -15221,6 +15729,12 @@ static enum ndr_err_code ndr_push_netr_ServerTrustPasswordsGet(struct ndr_push * static enum ndr_err_code ndr_pull_netr_ServerTrustPasswordsGet(struct ndr_pull *ndr, int flags, struct netr_ServerTrustPasswordsGet *r) { uint32_t _ptr_server_name; + uint32_t size_server_name_1 = 0; + uint32_t length_server_name_1 = 0; + uint32_t size_account_name_0 = 0; + uint32_t length_account_name_0 = 0; + uint32_t size_computer_name_0 = 0; + uint32_t length_computer_name_0 = 0; TALLOC_CTX *_mem_save_server_name_0; TALLOC_CTX *_mem_save_credential_0; TALLOC_CTX *_mem_save_return_authenticator_0; @@ -15240,28 +15754,34 @@ static enum ndr_err_code ndr_pull_netr_ServerTrustPasswordsGet(struct ndr_pull * NDR_PULL_SET_MEM_CTX(ndr, r->in.server_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.server_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.server_name)); - if (ndr_get_array_length(ndr, &r->in.server_name) > ndr_get_array_size(ndr, &r->in.server_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.server_name), ndr_get_array_length(ndr, &r->in.server_name)); + size_server_name_1 = ndr_get_array_size(ndr, &r->in.server_name); + length_server_name_1 = ndr_get_array_length(ndr, &r->in.server_name); + if (length_server_name_1 > size_server_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_name_1, length_server_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.server_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_name, ndr_get_array_length(ndr, &r->in.server_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_name, length_server_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_name_0, 0); } NDR_CHECK(ndr_pull_array_size(ndr, &r->in.account_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.account_name)); - if (ndr_get_array_length(ndr, &r->in.account_name) > ndr_get_array_size(ndr, &r->in.account_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.account_name), ndr_get_array_length(ndr, &r->in.account_name)); + size_account_name_0 = ndr_get_array_size(ndr, &r->in.account_name); + length_account_name_0 = ndr_get_array_length(ndr, &r->in.account_name); + if (length_account_name_0 > size_account_name_0) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_account_name_0, length_account_name_0); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.account_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.account_name, ndr_get_array_length(ndr, &r->in.account_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_account_name_0, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.account_name, length_account_name_0, sizeof(uint16_t), CH_UTF16)); NDR_CHECK(ndr_pull_netr_SchannelType(ndr, NDR_SCALARS, &r->in.secure_channel_type)); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.computer_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.computer_name)); - if (ndr_get_array_length(ndr, &r->in.computer_name) > ndr_get_array_size(ndr, &r->in.computer_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.computer_name), ndr_get_array_length(ndr, &r->in.computer_name)); + size_computer_name_0 = ndr_get_array_size(ndr, &r->in.computer_name); + length_computer_name_0 = ndr_get_array_length(ndr, &r->in.computer_name); + if (length_computer_name_0 > size_computer_name_0) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_computer_name_0, length_computer_name_0); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.computer_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.computer_name, ndr_get_array_length(ndr, &r->in.computer_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_computer_name_0, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.computer_name, length_computer_name_0, sizeof(uint16_t), CH_UTF16)); if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) { NDR_PULL_ALLOC(ndr, r->in.credential); } @@ -15384,7 +15904,11 @@ static enum ndr_err_code ndr_push_netr_DsRGetForestTrustInformation(struct ndr_p static enum ndr_err_code ndr_pull_netr_DsRGetForestTrustInformation(struct ndr_pull *ndr, int flags, struct netr_DsRGetForestTrustInformation *r) { uint32_t _ptr_server_name; + uint32_t size_server_name_1 = 0; + uint32_t length_server_name_1 = 0; uint32_t _ptr_trusted_domain_name; + uint32_t size_trusted_domain_name_1 = 0; + uint32_t length_trusted_domain_name_1 = 0; uint32_t _ptr_forest_trust_info; TALLOC_CTX *_mem_save_server_name_0; TALLOC_CTX *_mem_save_trusted_domain_name_0; @@ -15404,11 +15928,13 @@ static enum ndr_err_code ndr_pull_netr_DsRGetForestTrustInformation(struct ndr_p NDR_PULL_SET_MEM_CTX(ndr, r->in.server_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.server_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.server_name)); - if (ndr_get_array_length(ndr, &r->in.server_name) > ndr_get_array_size(ndr, &r->in.server_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.server_name), ndr_get_array_length(ndr, &r->in.server_name)); + size_server_name_1 = ndr_get_array_size(ndr, &r->in.server_name); + length_server_name_1 = ndr_get_array_length(ndr, &r->in.server_name); + if (length_server_name_1 > size_server_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_name_1, length_server_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.server_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_name, ndr_get_array_length(ndr, &r->in.server_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_name, length_server_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_name_0, 0); } NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_trusted_domain_name)); @@ -15422,11 +15948,13 @@ static enum ndr_err_code ndr_pull_netr_DsRGetForestTrustInformation(struct ndr_p NDR_PULL_SET_MEM_CTX(ndr, r->in.trusted_domain_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.trusted_domain_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.trusted_domain_name)); - if (ndr_get_array_length(ndr, &r->in.trusted_domain_name) > ndr_get_array_size(ndr, &r->in.trusted_domain_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.trusted_domain_name), ndr_get_array_length(ndr, &r->in.trusted_domain_name)); + size_trusted_domain_name_1 = ndr_get_array_size(ndr, &r->in.trusted_domain_name); + length_trusted_domain_name_1 = ndr_get_array_length(ndr, &r->in.trusted_domain_name); + if (length_trusted_domain_name_1 > size_trusted_domain_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_trusted_domain_name_1, length_trusted_domain_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.trusted_domain_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.trusted_domain_name, ndr_get_array_length(ndr, &r->in.trusted_domain_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_trusted_domain_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.trusted_domain_name, length_trusted_domain_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_trusted_domain_name_0, 0); } NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.flags)); @@ -15543,6 +16071,10 @@ static enum ndr_err_code ndr_push_netr_GetForestTrustInformation(struct ndr_push static enum ndr_err_code ndr_pull_netr_GetForestTrustInformation(struct ndr_pull *ndr, int flags, struct netr_GetForestTrustInformation *r) { uint32_t _ptr_server_name; + uint32_t size_server_name_1 = 0; + uint32_t length_server_name_1 = 0; + uint32_t size_trusted_domain_name_1 = 0; + uint32_t length_trusted_domain_name_1 = 0; uint32_t _ptr_forest_trust_info; TALLOC_CTX *_mem_save_server_name_0; TALLOC_CTX *_mem_save_credential_0; @@ -15563,20 +16095,24 @@ static enum ndr_err_code ndr_pull_netr_GetForestTrustInformation(struct ndr_pull NDR_PULL_SET_MEM_CTX(ndr, r->in.server_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.server_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.server_name)); - if (ndr_get_array_length(ndr, &r->in.server_name) > ndr_get_array_size(ndr, &r->in.server_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.server_name), ndr_get_array_length(ndr, &r->in.server_name)); + size_server_name_1 = ndr_get_array_size(ndr, &r->in.server_name); + length_server_name_1 = ndr_get_array_length(ndr, &r->in.server_name); + if (length_server_name_1 > size_server_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_name_1, length_server_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.server_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_name, ndr_get_array_length(ndr, &r->in.server_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_name, length_server_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_name_0, 0); } NDR_CHECK(ndr_pull_array_size(ndr, &r->in.trusted_domain_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.trusted_domain_name)); - if (ndr_get_array_length(ndr, &r->in.trusted_domain_name) > ndr_get_array_size(ndr, &r->in.trusted_domain_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.trusted_domain_name), ndr_get_array_length(ndr, &r->in.trusted_domain_name)); + size_trusted_domain_name_1 = ndr_get_array_size(ndr, &r->in.trusted_domain_name); + length_trusted_domain_name_1 = ndr_get_array_length(ndr, &r->in.trusted_domain_name); + if (length_trusted_domain_name_1 > size_trusted_domain_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_trusted_domain_name_1, length_trusted_domain_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.trusted_domain_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.trusted_domain_name, ndr_get_array_length(ndr, &r->in.trusted_domain_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_trusted_domain_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.trusted_domain_name, length_trusted_domain_name_1, sizeof(uint16_t), CH_UTF16)); if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) { NDR_PULL_ALLOC(ndr, r->in.credential); } @@ -15733,7 +16269,11 @@ static enum ndr_err_code ndr_push_netr_LogonSamLogonWithFlags(struct ndr_push *n static enum ndr_err_code ndr_pull_netr_LogonSamLogonWithFlags(struct ndr_pull *ndr, int flags, struct netr_LogonSamLogonWithFlags *r) { uint32_t _ptr_server_name; + uint32_t size_server_name_1 = 0; + uint32_t length_server_name_1 = 0; uint32_t _ptr_computer_name; + uint32_t size_computer_name_1 = 0; + uint32_t length_computer_name_1 = 0; uint32_t _ptr_credential; uint32_t _ptr_return_authenticator; TALLOC_CTX *_mem_save_server_name_0; @@ -15758,11 +16298,13 @@ static enum ndr_err_code ndr_pull_netr_LogonSamLogonWithFlags(struct ndr_pull *n NDR_PULL_SET_MEM_CTX(ndr, r->in.server_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.server_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.server_name)); - if (ndr_get_array_length(ndr, &r->in.server_name) > ndr_get_array_size(ndr, &r->in.server_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.server_name), ndr_get_array_length(ndr, &r->in.server_name)); + size_server_name_1 = ndr_get_array_size(ndr, &r->in.server_name); + length_server_name_1 = ndr_get_array_length(ndr, &r->in.server_name); + if (length_server_name_1 > size_server_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_name_1, length_server_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.server_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_name, ndr_get_array_length(ndr, &r->in.server_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_name, length_server_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_name_0, 0); } NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_computer_name)); @@ -15776,11 +16318,13 @@ static enum ndr_err_code ndr_pull_netr_LogonSamLogonWithFlags(struct ndr_pull *n NDR_PULL_SET_MEM_CTX(ndr, r->in.computer_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.computer_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.computer_name)); - if (ndr_get_array_length(ndr, &r->in.computer_name) > ndr_get_array_size(ndr, &r->in.computer_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.computer_name), ndr_get_array_length(ndr, &r->in.computer_name)); + size_computer_name_1 = ndr_get_array_size(ndr, &r->in.computer_name); + length_computer_name_1 = ndr_get_array_length(ndr, &r->in.computer_name); + if (length_computer_name_1 > size_computer_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_computer_name_1, length_computer_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.computer_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.computer_name, ndr_get_array_length(ndr, &r->in.computer_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_computer_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.computer_name, length_computer_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_computer_name_0, 0); } NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_credential)); @@ -16004,6 +16548,12 @@ static enum ndr_err_code ndr_push_netr_ServerGetTrustInfo(struct ndr_push *ndr, static enum ndr_err_code ndr_pull_netr_ServerGetTrustInfo(struct ndr_pull *ndr, int flags, struct netr_ServerGetTrustInfo *r) { uint32_t _ptr_server_name; + uint32_t size_server_name_1 = 0; + uint32_t length_server_name_1 = 0; + uint32_t size_account_name_1 = 0; + uint32_t length_account_name_1 = 0; + uint32_t size_computer_name_1 = 0; + uint32_t length_computer_name_1 = 0; uint32_t _ptr_trust_info; TALLOC_CTX *_mem_save_server_name_0; TALLOC_CTX *_mem_save_credential_0; @@ -16026,28 +16576,34 @@ static enum ndr_err_code ndr_pull_netr_ServerGetTrustInfo(struct ndr_pull *ndr, NDR_PULL_SET_MEM_CTX(ndr, r->in.server_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.server_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.server_name)); - if (ndr_get_array_length(ndr, &r->in.server_name) > ndr_get_array_size(ndr, &r->in.server_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.server_name), ndr_get_array_length(ndr, &r->in.server_name)); + size_server_name_1 = ndr_get_array_size(ndr, &r->in.server_name); + length_server_name_1 = ndr_get_array_length(ndr, &r->in.server_name); + if (length_server_name_1 > size_server_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_name_1, length_server_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.server_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_name, ndr_get_array_length(ndr, &r->in.server_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_name, length_server_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_name_0, 0); } NDR_CHECK(ndr_pull_array_size(ndr, &r->in.account_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.account_name)); - if (ndr_get_array_length(ndr, &r->in.account_name) > ndr_get_array_size(ndr, &r->in.account_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.account_name), ndr_get_array_length(ndr, &r->in.account_name)); + size_account_name_1 = ndr_get_array_size(ndr, &r->in.account_name); + length_account_name_1 = ndr_get_array_length(ndr, &r->in.account_name); + if (length_account_name_1 > size_account_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_account_name_1, length_account_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.account_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.account_name, ndr_get_array_length(ndr, &r->in.account_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_account_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.account_name, length_account_name_1, sizeof(uint16_t), CH_UTF16)); NDR_CHECK(ndr_pull_netr_SchannelType(ndr, NDR_SCALARS, &r->in.secure_channel_type)); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.computer_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.computer_name)); - if (ndr_get_array_length(ndr, &r->in.computer_name) > ndr_get_array_size(ndr, &r->in.computer_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.computer_name), ndr_get_array_length(ndr, &r->in.computer_name)); + size_computer_name_1 = ndr_get_array_size(ndr, &r->in.computer_name); + length_computer_name_1 = ndr_get_array_length(ndr, &r->in.computer_name); + if (length_computer_name_1 > size_computer_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_computer_name_1, length_computer_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.computer_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.computer_name, ndr_get_array_length(ndr, &r->in.computer_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_computer_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.computer_name, length_computer_name_1, sizeof(uint16_t), CH_UTF16)); if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) { NDR_PULL_ALLOC(ndr, r->in.credential); } |