diff options
Diffstat (limited to 'librpc/gen_ndr/ndr_srvsvc.c')
-rw-r--r-- | librpc/gen_ndr/ndr_srvsvc.c | 2178 |
1 files changed, 1411 insertions, 767 deletions
diff --git a/librpc/gen_ndr/ndr_srvsvc.c b/librpc/gen_ndr/ndr_srvsvc.c index 31d2fe2deb8..987faf1339f 100644 --- a/librpc/gen_ndr/ndr_srvsvc.c +++ b/librpc/gen_ndr/ndr_srvsvc.c @@ -25,6 +25,8 @@ static enum ndr_err_code ndr_push_srvsvc_NetCharDevInfo0(struct ndr_push *ndr, i static enum ndr_err_code ndr_pull_srvsvc_NetCharDevInfo0(struct ndr_pull *ndr, int ndr_flags, struct srvsvc_NetCharDevInfo0 *r) { uint32_t _ptr_device; + uint32_t size_device_1 = 0; + uint32_t length_device_1 = 0; TALLOC_CTX *_mem_save_device_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); @@ -41,11 +43,13 @@ static enum ndr_err_code ndr_pull_srvsvc_NetCharDevInfo0(struct ndr_pull *ndr, i NDR_PULL_SET_MEM_CTX(ndr, r->device, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->device)); NDR_CHECK(ndr_pull_array_length(ndr, &r->device)); - if (ndr_get_array_length(ndr, &r->device) > ndr_get_array_size(ndr, &r->device)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->device), ndr_get_array_length(ndr, &r->device)); + size_device_1 = ndr_get_array_size(ndr, &r->device); + length_device_1 = ndr_get_array_length(ndr, &r->device); + if (length_device_1 > size_device_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_device_1, length_device_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->device), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->device, ndr_get_array_length(ndr, &r->device), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_device_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->device, length_device_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_device_0, 0); } } @@ -90,6 +94,7 @@ static enum ndr_err_code ndr_push_srvsvc_NetCharDevCtr0(struct ndr_push *ndr, in static enum ndr_err_code ndr_pull_srvsvc_NetCharDevCtr0(struct ndr_pull *ndr, int ndr_flags, struct srvsvc_NetCharDevCtr0 *r) { uint32_t _ptr_array; + uint32_t size_array_1 = 0; uint32_t cntr_array_1; TALLOC_CTX *_mem_save_array_0; TALLOC_CTX *_mem_save_array_1; @@ -108,13 +113,14 @@ static enum ndr_err_code ndr_pull_srvsvc_NetCharDevCtr0(struct ndr_pull *ndr, in _mem_save_array_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->array)); - NDR_PULL_ALLOC_N(ndr, r->array, ndr_get_array_size(ndr, &r->array)); + size_array_1 = ndr_get_array_size(ndr, &r->array); + NDR_PULL_ALLOC_N(ndr, r->array, size_array_1); _mem_save_array_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); - for (cntr_array_1 = 0; cntr_array_1 < r->count; cntr_array_1++) { + for (cntr_array_1 = 0; cntr_array_1 < size_array_1; cntr_array_1++) { NDR_CHECK(ndr_pull_srvsvc_NetCharDevInfo0(ndr, NDR_SCALARS, &r->array[cntr_array_1])); } - for (cntr_array_1 = 0; cntr_array_1 < r->count; cntr_array_1++) { + for (cntr_array_1 = 0; cntr_array_1 < size_array_1; cntr_array_1++) { NDR_CHECK(ndr_pull_srvsvc_NetCharDevInfo0(ndr, NDR_BUFFERS, &r->array[cntr_array_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_array_1, 0); @@ -180,8 +186,12 @@ static enum ndr_err_code ndr_push_srvsvc_NetCharDevInfo1(struct ndr_push *ndr, i static enum ndr_err_code ndr_pull_srvsvc_NetCharDevInfo1(struct ndr_pull *ndr, int ndr_flags, struct srvsvc_NetCharDevInfo1 *r) { uint32_t _ptr_device; + uint32_t size_device_1 = 0; + uint32_t length_device_1 = 0; TALLOC_CTX *_mem_save_device_0; uint32_t _ptr_user; + uint32_t size_user_1 = 0; + uint32_t length_user_1 = 0; TALLOC_CTX *_mem_save_user_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); @@ -206,11 +216,13 @@ static enum ndr_err_code ndr_pull_srvsvc_NetCharDevInfo1(struct ndr_pull *ndr, i NDR_PULL_SET_MEM_CTX(ndr, r->device, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->device)); NDR_CHECK(ndr_pull_array_length(ndr, &r->device)); - if (ndr_get_array_length(ndr, &r->device) > ndr_get_array_size(ndr, &r->device)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->device), ndr_get_array_length(ndr, &r->device)); + size_device_1 = ndr_get_array_size(ndr, &r->device); + length_device_1 = ndr_get_array_length(ndr, &r->device); + if (length_device_1 > size_device_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_device_1, length_device_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->device), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->device, ndr_get_array_length(ndr, &r->device), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_device_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->device, length_device_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_device_0, 0); } if (r->user) { @@ -218,11 +230,13 @@ static enum ndr_err_code ndr_pull_srvsvc_NetCharDevInfo1(struct ndr_pull *ndr, i NDR_PULL_SET_MEM_CTX(ndr, r->user, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->user)); NDR_CHECK(ndr_pull_array_length(ndr, &r->user)); - if (ndr_get_array_length(ndr, &r->user) > ndr_get_array_size(ndr, &r->user)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->user), ndr_get_array_length(ndr, &r->user)); + size_user_1 = ndr_get_array_size(ndr, &r->user); + length_user_1 = ndr_get_array_length(ndr, &r->user); + if (length_user_1 > size_user_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_user_1, length_user_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->user), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->user, ndr_get_array_length(ndr, &r->user), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_user_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->user, length_user_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_user_0, 0); } } @@ -275,6 +289,7 @@ static enum ndr_err_code ndr_push_srvsvc_NetCharDevCtr1(struct ndr_push *ndr, in static enum ndr_err_code ndr_pull_srvsvc_NetCharDevCtr1(struct ndr_pull *ndr, int ndr_flags, struct srvsvc_NetCharDevCtr1 *r) { uint32_t _ptr_array; + uint32_t size_array_1 = 0; uint32_t cntr_array_1; TALLOC_CTX *_mem_save_array_0; TALLOC_CTX *_mem_save_array_1; @@ -293,13 +308,14 @@ static enum ndr_err_code ndr_pull_srvsvc_NetCharDevCtr1(struct ndr_pull *ndr, in _mem_save_array_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->array)); - NDR_PULL_ALLOC_N(ndr, r->array, ndr_get_array_size(ndr, &r->array)); + size_array_1 = ndr_get_array_size(ndr, &r->array); + NDR_PULL_ALLOC_N(ndr, r->array, size_array_1); _mem_save_array_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); - for (cntr_array_1 = 0; cntr_array_1 < r->count; cntr_array_1++) { + for (cntr_array_1 = 0; cntr_array_1 < size_array_1; cntr_array_1++) { NDR_CHECK(ndr_pull_srvsvc_NetCharDevInfo1(ndr, NDR_SCALARS, &r->array[cntr_array_1])); } - for (cntr_array_1 = 0; cntr_array_1 < r->count; cntr_array_1++) { + for (cntr_array_1 = 0; cntr_array_1 < size_array_1; cntr_array_1++) { NDR_CHECK(ndr_pull_srvsvc_NetCharDevInfo1(ndr, NDR_BUFFERS, &r->array[cntr_array_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_array_1, 0); @@ -383,7 +399,9 @@ static enum ndr_err_code ndr_pull_srvsvc_NetCharDevInfo(struct ndr_pull *ndr, in int level; uint32_t _level; TALLOC_CTX *_mem_save_info0_0; + uint32_t _ptr_info0; TALLOC_CTX *_mem_save_info1_0; + uint32_t _ptr_info1; level = ndr_pull_get_switch_value(ndr, r); if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &_level)); @@ -392,7 +410,6 @@ static enum ndr_err_code ndr_pull_srvsvc_NetCharDevInfo(struct ndr_pull *ndr, in } switch (level) { case 0: { - uint32_t _ptr_info0; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info0)); if (_ptr_info0) { NDR_PULL_ALLOC(ndr, r->info0); @@ -402,7 +419,6 @@ static enum ndr_err_code ndr_pull_srvsvc_NetCharDevInfo(struct ndr_pull *ndr, in break; } case 1: { - uint32_t _ptr_info1; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info1)); if (_ptr_info1) { NDR_PULL_ALLOC(ndr, r->info1); @@ -521,7 +537,9 @@ static enum ndr_err_code ndr_pull_srvsvc_NetCharDevCtr(struct ndr_pull *ndr, int int level; uint32_t _level; TALLOC_CTX *_mem_save_ctr0_0; + uint32_t _ptr_ctr0; TALLOC_CTX *_mem_save_ctr1_0; + uint32_t _ptr_ctr1; level = ndr_pull_get_switch_value(ndr, r); if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &_level)); @@ -530,7 +548,6 @@ static enum ndr_err_code ndr_pull_srvsvc_NetCharDevCtr(struct ndr_pull *ndr, int } switch (level) { case 0: { - uint32_t _ptr_ctr0; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_ctr0)); if (_ptr_ctr0) { NDR_PULL_ALLOC(ndr, r->ctr0); @@ -540,7 +557,6 @@ static enum ndr_err_code ndr_pull_srvsvc_NetCharDevCtr(struct ndr_pull *ndr, int break; } case 1: { - uint32_t _ptr_ctr1; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_ctr1)); if (_ptr_ctr1) { NDR_PULL_ALLOC(ndr, r->ctr1); @@ -670,6 +686,8 @@ static enum ndr_err_code ndr_push_srvsvc_NetCharDevQInfo0(struct ndr_push *ndr, static enum ndr_err_code ndr_pull_srvsvc_NetCharDevQInfo0(struct ndr_pull *ndr, int ndr_flags, struct srvsvc_NetCharDevQInfo0 *r) { uint32_t _ptr_device; + uint32_t size_device_1 = 0; + uint32_t length_device_1 = 0; TALLOC_CTX *_mem_save_device_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); @@ -686,11 +704,13 @@ static enum ndr_err_code ndr_pull_srvsvc_NetCharDevQInfo0(struct ndr_pull *ndr, NDR_PULL_SET_MEM_CTX(ndr, r->device, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->device)); NDR_CHECK(ndr_pull_array_length(ndr, &r->device)); - if (ndr_get_array_length(ndr, &r->device) > ndr_get_array_size(ndr, &r->device)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->device), ndr_get_array_length(ndr, &r->device)); + size_device_1 = ndr_get_array_size(ndr, &r->device); + length_device_1 = ndr_get_array_length(ndr, &r->device); + if (length_device_1 > size_device_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_device_1, length_device_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->device), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->device, ndr_get_array_length(ndr, &r->device), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_device_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->device, length_device_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_device_0, 0); } } @@ -735,6 +755,7 @@ static enum ndr_err_code ndr_push_srvsvc_NetCharDevQCtr0(struct ndr_push *ndr, i static enum ndr_err_code ndr_pull_srvsvc_NetCharDevQCtr0(struct ndr_pull *ndr, int ndr_flags, struct srvsvc_NetCharDevQCtr0 *r) { uint32_t _ptr_array; + uint32_t size_array_1 = 0; uint32_t cntr_array_1; TALLOC_CTX *_mem_save_array_0; TALLOC_CTX *_mem_save_array_1; @@ -753,13 +774,14 @@ static enum ndr_err_code ndr_pull_srvsvc_NetCharDevQCtr0(struct ndr_pull *ndr, i _mem_save_array_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->array)); - NDR_PULL_ALLOC_N(ndr, r->array, ndr_get_array_size(ndr, &r->array)); + size_array_1 = ndr_get_array_size(ndr, &r->array); + NDR_PULL_ALLOC_N(ndr, r->array, size_array_1); _mem_save_array_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); - for (cntr_array_1 = 0; cntr_array_1 < r->count; cntr_array_1++) { + for (cntr_array_1 = 0; cntr_array_1 < size_array_1; cntr_array_1++) { NDR_CHECK(ndr_pull_srvsvc_NetCharDevQInfo0(ndr, NDR_SCALARS, &r->array[cntr_array_1])); } - for (cntr_array_1 = 0; cntr_array_1 < r->count; cntr_array_1++) { + for (cntr_array_1 = 0; cntr_array_1 < size_array_1; cntr_array_1++) { NDR_CHECK(ndr_pull_srvsvc_NetCharDevQInfo0(ndr, NDR_BUFFERS, &r->array[cntr_array_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_array_1, 0); @@ -826,8 +848,12 @@ static enum ndr_err_code ndr_push_srvsvc_NetCharDevQInfo1(struct ndr_push *ndr, static enum ndr_err_code ndr_pull_srvsvc_NetCharDevQInfo1(struct ndr_pull *ndr, int ndr_flags, struct srvsvc_NetCharDevQInfo1 *r) { uint32_t _ptr_device; + uint32_t size_device_1 = 0; + uint32_t length_device_1 = 0; TALLOC_CTX *_mem_save_device_0; uint32_t _ptr_devices; + uint32_t size_devices_1 = 0; + uint32_t length_devices_1 = 0; TALLOC_CTX *_mem_save_devices_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); @@ -853,11 +879,13 @@ static enum ndr_err_code ndr_pull_srvsvc_NetCharDevQInfo1(struct ndr_pull *ndr, NDR_PULL_SET_MEM_CTX(ndr, r->device, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->device)); NDR_CHECK(ndr_pull_array_length(ndr, &r->device)); - if (ndr_get_array_length(ndr, &r->device) > ndr_get_array_size(ndr, &r->device)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->device), ndr_get_array_length(ndr, &r->device)); + size_device_1 = ndr_get_array_size(ndr, &r->device); + length_device_1 = ndr_get_array_length(ndr, &r->device); + if (length_device_1 > size_device_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_device_1, length_device_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->device), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->device, ndr_get_array_length(ndr, &r->device), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_device_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->device, length_device_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_device_0, 0); } if (r->devices) { @@ -865,11 +893,13 @@ static enum ndr_err_code ndr_pull_srvsvc_NetCharDevQInfo1(struct ndr_pull *ndr, NDR_PULL_SET_MEM_CTX(ndr, r->devices, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->devices)); NDR_CHECK(ndr_pull_array_length(ndr, &r->devices)); - if (ndr_get_array_length(ndr, &r->devices) > ndr_get_array_size(ndr, &r->devices)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->devices), ndr_get_array_length(ndr, &r->devices)); + size_devices_1 = ndr_get_array_size(ndr, &r->devices); + length_devices_1 = ndr_get_array_length(ndr, &r->devices); + if (length_devices_1 > size_devices_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_devices_1, length_devices_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->devices), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->devices, ndr_get_array_length(ndr, &r->devices), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_devices_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->devices, length_devices_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_devices_0, 0); } } @@ -923,6 +953,7 @@ static enum ndr_err_code ndr_push_srvsvc_NetCharDevQCtr1(struct ndr_push *ndr, i static enum ndr_err_code ndr_pull_srvsvc_NetCharDevQCtr1(struct ndr_pull *ndr, int ndr_flags, struct srvsvc_NetCharDevQCtr1 *r) { uint32_t _ptr_array; + uint32_t size_array_1 = 0; uint32_t cntr_array_1; TALLOC_CTX *_mem_save_array_0; TALLOC_CTX *_mem_save_array_1; @@ -941,13 +972,14 @@ static enum ndr_err_code ndr_pull_srvsvc_NetCharDevQCtr1(struct ndr_pull *ndr, i _mem_save_array_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->array)); - NDR_PULL_ALLOC_N(ndr, r->array, ndr_get_array_size(ndr, &r->array)); + size_array_1 = ndr_get_array_size(ndr, &r->array); + NDR_PULL_ALLOC_N(ndr, r->array, size_array_1); _mem_save_array_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); - for (cntr_array_1 = 0; cntr_array_1 < r->count; cntr_array_1++) { + for (cntr_array_1 = 0; cntr_array_1 < size_array_1; cntr_array_1++) { NDR_CHECK(ndr_pull_srvsvc_NetCharDevQInfo1(ndr, NDR_SCALARS, &r->array[cntr_array_1])); } - for (cntr_array_1 = 0; cntr_array_1 < r->count; cntr_array_1++) { + for (cntr_array_1 = 0; cntr_array_1 < size_array_1; cntr_array_1++) { NDR_CHECK(ndr_pull_srvsvc_NetCharDevQInfo1(ndr, NDR_BUFFERS, &r->array[cntr_array_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_array_1, 0); @@ -1031,7 +1063,9 @@ static enum ndr_err_code ndr_pull_srvsvc_NetCharDevQInfo(struct ndr_pull *ndr, i int level; uint32_t _level; TALLOC_CTX *_mem_save_info0_0; + uint32_t _ptr_info0; TALLOC_CTX *_mem_save_info1_0; + uint32_t _ptr_info1; level = ndr_pull_get_switch_value(ndr, r); if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &_level)); @@ -1040,7 +1074,6 @@ static enum ndr_err_code ndr_pull_srvsvc_NetCharDevQInfo(struct ndr_pull *ndr, i } switch (level) { case 0: { - uint32_t _ptr_info0; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info0)); if (_ptr_info0) { NDR_PULL_ALLOC(ndr, r->info0); @@ -1050,7 +1083,6 @@ static enum ndr_err_code ndr_pull_srvsvc_NetCharDevQInfo(struct ndr_pull *ndr, i break; } case 1: { - uint32_t _ptr_info1; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info1)); if (_ptr_info1) { NDR_PULL_ALLOC(ndr, r->info1); @@ -1169,7 +1201,9 @@ static enum ndr_err_code ndr_pull_srvsvc_NetCharDevQCtr(struct ndr_pull *ndr, in int level; uint32_t _level; TALLOC_CTX *_mem_save_ctr0_0; + uint32_t _ptr_ctr0; TALLOC_CTX *_mem_save_ctr1_0; + uint32_t _ptr_ctr1; level = ndr_pull_get_switch_value(ndr, r); if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &_level)); @@ -1178,7 +1212,6 @@ static enum ndr_err_code ndr_pull_srvsvc_NetCharDevQCtr(struct ndr_pull *ndr, in } switch (level) { case 0: { - uint32_t _ptr_ctr0; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_ctr0)); if (_ptr_ctr0) { NDR_PULL_ALLOC(ndr, r->ctr0); @@ -1188,7 +1221,6 @@ static enum ndr_err_code ndr_pull_srvsvc_NetCharDevQCtr(struct ndr_pull *ndr, in break; } case 1: { - uint32_t _ptr_ctr1; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_ctr1)); if (_ptr_ctr1) { NDR_PULL_ALLOC(ndr, r->ctr1); @@ -1350,6 +1382,7 @@ static enum ndr_err_code ndr_push_srvsvc_NetConnCtr0(struct ndr_push *ndr, int n static enum ndr_err_code ndr_pull_srvsvc_NetConnCtr0(struct ndr_pull *ndr, int ndr_flags, struct srvsvc_NetConnCtr0 *r) { uint32_t _ptr_array; + uint32_t size_array_1 = 0; uint32_t cntr_array_1; TALLOC_CTX *_mem_save_array_0; TALLOC_CTX *_mem_save_array_1; @@ -1368,10 +1401,11 @@ static enum ndr_err_code ndr_pull_srvsvc_NetConnCtr0(struct ndr_pull *ndr, int n _mem_save_array_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->array)); - NDR_PULL_ALLOC_N(ndr, r->array, ndr_get_array_size(ndr, &r->array)); + size_array_1 = ndr_get_array_size(ndr, &r->array); + NDR_PULL_ALLOC_N(ndr, r->array, size_array_1); _mem_save_array_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); - for (cntr_array_1 = 0; cntr_array_1 < r->count; cntr_array_1++) { + for (cntr_array_1 = 0; cntr_array_1 < size_array_1; cntr_array_1++) { NDR_CHECK(ndr_pull_srvsvc_NetConnInfo0(ndr, NDR_SCALARS, &r->array[cntr_array_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_array_1, 0); @@ -1440,8 +1474,12 @@ static enum ndr_err_code ndr_push_srvsvc_NetConnInfo1(struct ndr_push *ndr, int static enum ndr_err_code ndr_pull_srvsvc_NetConnInfo1(struct ndr_pull *ndr, int ndr_flags, struct srvsvc_NetConnInfo1 *r) { uint32_t _ptr_user; + uint32_t size_user_1 = 0; + uint32_t length_user_1 = 0; TALLOC_CTX *_mem_save_user_0; uint32_t _ptr_share; + uint32_t size_share_1 = 0; + uint32_t length_share_1 = 0; TALLOC_CTX *_mem_save_share_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); @@ -1469,11 +1507,13 @@ static enum ndr_err_code ndr_pull_srvsvc_NetConnInfo1(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->user, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->user)); NDR_CHECK(ndr_pull_array_length(ndr, &r->user)); - if (ndr_get_array_length(ndr, &r->user) > ndr_get_array_size(ndr, &r->user)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->user), ndr_get_array_length(ndr, &r->user)); + size_user_1 = ndr_get_array_size(ndr, &r->user); + length_user_1 = ndr_get_array_length(ndr, &r->user); + if (length_user_1 > size_user_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_user_1, length_user_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->user), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->user, ndr_get_array_length(ndr, &r->user), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_user_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->user, length_user_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_user_0, 0); } if (r->share) { @@ -1481,11 +1521,13 @@ static enum ndr_err_code ndr_pull_srvsvc_NetConnInfo1(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->share, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->share)); NDR_CHECK(ndr_pull_array_length(ndr, &r->share)); - if (ndr_get_array_length(ndr, &r->share) > ndr_get_array_size(ndr, &r->share)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->share), ndr_get_array_length(ndr, &r->share)); + size_share_1 = ndr_get_array_size(ndr, &r->share); + length_share_1 = ndr_get_array_length(ndr, &r->share); + if (length_share_1 > size_share_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_share_1, length_share_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->share), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->share, ndr_get_array_length(ndr, &r->share), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_share_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->share, length_share_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_share_0, 0); } } @@ -1541,6 +1583,7 @@ static enum ndr_err_code ndr_push_srvsvc_NetConnCtr1(struct ndr_push *ndr, int n static enum ndr_err_code ndr_pull_srvsvc_NetConnCtr1(struct ndr_pull *ndr, int ndr_flags, struct srvsvc_NetConnCtr1 *r) { uint32_t _ptr_array; + uint32_t size_array_1 = 0; uint32_t cntr_array_1; TALLOC_CTX *_mem_save_array_0; TALLOC_CTX *_mem_save_array_1; @@ -1559,13 +1602,14 @@ static enum ndr_err_code ndr_pull_srvsvc_NetConnCtr1(struct ndr_pull *ndr, int n _mem_save_array_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->array)); - NDR_PULL_ALLOC_N(ndr, r->array, ndr_get_array_size(ndr, &r->array)); + size_array_1 = ndr_get_array_size(ndr, &r->array); + NDR_PULL_ALLOC_N(ndr, r->array, size_array_1); _mem_save_array_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); - for (cntr_array_1 = 0; cntr_array_1 < r->count; cntr_array_1++) { + for (cntr_array_1 = 0; cntr_array_1 < size_array_1; cntr_array_1++) { NDR_CHECK(ndr_pull_srvsvc_NetConnInfo1(ndr, NDR_SCALARS, &r->array[cntr_array_1])); } - for (cntr_array_1 = 0; cntr_array_1 < r->count; cntr_array_1++) { + for (cntr_array_1 = 0; cntr_array_1 < size_array_1; cntr_array_1++) { NDR_CHECK(ndr_pull_srvsvc_NetConnInfo1(ndr, NDR_BUFFERS, &r->array[cntr_array_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_array_1, 0); @@ -1649,7 +1693,9 @@ static enum ndr_err_code ndr_pull_srvsvc_NetConnCtr(struct ndr_pull *ndr, int nd int level; uint32_t _level; TALLOC_CTX *_mem_save_ctr0_0; + uint32_t _ptr_ctr0; TALLOC_CTX *_mem_save_ctr1_0; + uint32_t _ptr_ctr1; level = ndr_pull_get_switch_value(ndr, r); if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &_level)); @@ -1658,7 +1704,6 @@ static enum ndr_err_code ndr_pull_srvsvc_NetConnCtr(struct ndr_pull *ndr, int nd } switch (level) { case 0: { - uint32_t _ptr_ctr0; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_ctr0)); if (_ptr_ctr0) { NDR_PULL_ALLOC(ndr, r->ctr0); @@ -1668,7 +1713,6 @@ static enum ndr_err_code ndr_pull_srvsvc_NetConnCtr(struct ndr_pull *ndr, int nd break; } case 1: { - uint32_t _ptr_ctr1; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_ctr1)); if (_ptr_ctr1) { NDR_PULL_ALLOC(ndr, r->ctr1); @@ -1830,6 +1874,7 @@ static enum ndr_err_code ndr_push_srvsvc_NetFileCtr2(struct ndr_push *ndr, int n static enum ndr_err_code ndr_pull_srvsvc_NetFileCtr2(struct ndr_pull *ndr, int ndr_flags, struct srvsvc_NetFileCtr2 *r) { uint32_t _ptr_array; + uint32_t size_array_1 = 0; uint32_t cntr_array_1; TALLOC_CTX *_mem_save_array_0; TALLOC_CTX *_mem_save_array_1; @@ -1848,10 +1893,11 @@ static enum ndr_err_code ndr_pull_srvsvc_NetFileCtr2(struct ndr_pull *ndr, int n _mem_save_array_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->array)); - NDR_PULL_ALLOC_N(ndr, r->array, ndr_get_array_size(ndr, &r->array)); + size_array_1 = ndr_get_array_size(ndr, &r->array); + NDR_PULL_ALLOC_N(ndr, r->array, size_array_1); _mem_save_array_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); - for (cntr_array_1 = 0; cntr_array_1 < r->count; cntr_array_1++) { + for (cntr_array_1 = 0; cntr_array_1 < size_array_1; cntr_array_1++) { NDR_CHECK(ndr_pull_srvsvc_NetFileInfo2(ndr, NDR_SCALARS, &r->array[cntr_array_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_array_1, 0); @@ -1918,8 +1964,12 @@ static enum ndr_err_code ndr_push_srvsvc_NetFileInfo3(struct ndr_push *ndr, int static enum ndr_err_code ndr_pull_srvsvc_NetFileInfo3(struct ndr_pull *ndr, int ndr_flags, struct srvsvc_NetFileInfo3 *r) { uint32_t _ptr_path; + uint32_t size_path_1 = 0; + uint32_t length_path_1 = 0; TALLOC_CTX *_mem_save_path_0; uint32_t _ptr_user; + uint32_t size_user_1 = 0; + uint32_t length_user_1 = 0; TALLOC_CTX *_mem_save_user_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); @@ -1945,11 +1995,13 @@ static enum ndr_err_code ndr_pull_srvsvc_NetFileInfo3(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->path, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->path)); NDR_CHECK(ndr_pull_array_length(ndr, &r->path)); - if (ndr_get_array_length(ndr, &r->path) > ndr_get_array_size(ndr, &r->path)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->path), ndr_get_array_length(ndr, &r->path)); + size_path_1 = ndr_get_array_size(ndr, &r->path); + length_path_1 = ndr_get_array_length(ndr, &r->path); + if (length_path_1 > size_path_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_path_1, length_path_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->path), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->path, ndr_get_array_length(ndr, &r->path), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_path_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->path, length_path_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_path_0, 0); } if (r->user) { @@ -1957,11 +2009,13 @@ static enum ndr_err_code ndr_pull_srvsvc_NetFileInfo3(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->user, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->user)); NDR_CHECK(ndr_pull_array_length(ndr, &r->user)); - if (ndr_get_array_length(ndr, &r->user) > ndr_get_array_size(ndr, &r->user)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->user), ndr_get_array_length(ndr, &r->user)); + size_user_1 = ndr_get_array_size(ndr, &r->user); + length_user_1 = ndr_get_array_length(ndr, &r->user); + if (length_user_1 > size_user_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_user_1, length_user_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->user), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->user, ndr_get_array_length(ndr, &r->user), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_user_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->user, length_user_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_user_0, 0); } } @@ -2015,6 +2069,7 @@ static enum ndr_err_code ndr_push_srvsvc_NetFileCtr3(struct ndr_push *ndr, int n static enum ndr_err_code ndr_pull_srvsvc_NetFileCtr3(struct ndr_pull *ndr, int ndr_flags, struct srvsvc_NetFileCtr3 *r) { uint32_t _ptr_array; + uint32_t size_array_1 = 0; uint32_t cntr_array_1; TALLOC_CTX *_mem_save_array_0; TALLOC_CTX *_mem_save_array_1; @@ -2033,13 +2088,14 @@ static enum ndr_err_code ndr_pull_srvsvc_NetFileCtr3(struct ndr_pull *ndr, int n _mem_save_array_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->array)); - NDR_PULL_ALLOC_N(ndr, r->array, ndr_get_array_size(ndr, &r->array)); + size_array_1 = ndr_get_array_size(ndr, &r->array); + NDR_PULL_ALLOC_N(ndr, r->array, size_array_1); _mem_save_array_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); - for (cntr_array_1 = 0; cntr_array_1 < r->count; cntr_array_1++) { + for (cntr_array_1 = 0; cntr_array_1 < size_array_1; cntr_array_1++) { NDR_CHECK(ndr_pull_srvsvc_NetFileInfo3(ndr, NDR_SCALARS, &r->array[cntr_array_1])); } - for (cntr_array_1 = 0; cntr_array_1 < r->count; cntr_array_1++) { + for (cntr_array_1 = 0; cntr_array_1 < size_array_1; cntr_array_1++) { NDR_CHECK(ndr_pull_srvsvc_NetFileInfo3(ndr, NDR_BUFFERS, &r->array[cntr_array_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_array_1, 0); @@ -2123,7 +2179,9 @@ static enum ndr_err_code ndr_pull_srvsvc_NetFileInfo(struct ndr_pull *ndr, int n int level; uint32_t _level; TALLOC_CTX *_mem_save_info2_0; + uint32_t _ptr_info2; TALLOC_CTX *_mem_save_info3_0; + uint32_t _ptr_info3; level = ndr_pull_get_switch_value(ndr, r); if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &_level)); @@ -2132,7 +2190,6 @@ static enum ndr_err_code ndr_pull_srvsvc_NetFileInfo(struct ndr_pull *ndr, int n } switch (level) { case 2: { - uint32_t _ptr_info2; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info2)); if (_ptr_info2) { NDR_PULL_ALLOC(ndr, r->info2); @@ -2142,7 +2199,6 @@ static enum ndr_err_code ndr_pull_srvsvc_NetFileInfo(struct ndr_pull *ndr, int n break; } case 3: { - uint32_t _ptr_info3; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info3)); if (_ptr_info3) { NDR_PULL_ALLOC(ndr, r->info3); @@ -2261,7 +2317,9 @@ static enum ndr_err_code ndr_pull_srvsvc_NetFileCtr(struct ndr_pull *ndr, int nd int level; uint32_t _level; TALLOC_CTX *_mem_save_ctr2_0; + uint32_t _ptr_ctr2; TALLOC_CTX *_mem_save_ctr3_0; + uint32_t _ptr_ctr3; level = ndr_pull_get_switch_value(ndr, r); if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &_level)); @@ -2270,7 +2328,6 @@ static enum ndr_err_code ndr_pull_srvsvc_NetFileCtr(struct ndr_pull *ndr, int nd } switch (level) { case 2: { - uint32_t _ptr_ctr2; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_ctr2)); if (_ptr_ctr2) { NDR_PULL_ALLOC(ndr, r->ctr2); @@ -2280,7 +2337,6 @@ static enum ndr_err_code ndr_pull_srvsvc_NetFileCtr(struct ndr_pull *ndr, int nd break; } case 3: { - uint32_t _ptr_ctr3; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_ctr3)); if (_ptr_ctr3) { NDR_PULL_ALLOC(ndr, r->ctr3); @@ -2410,6 +2466,8 @@ static enum ndr_err_code ndr_push_srvsvc_NetSessInfo0(struct ndr_push *ndr, int static enum ndr_err_code ndr_pull_srvsvc_NetSessInfo0(struct ndr_pull *ndr, int ndr_flags, struct srvsvc_NetSessInfo0 *r) { uint32_t _ptr_client; + uint32_t size_client_1 = 0; + uint32_t length_client_1 = 0; TALLOC_CTX *_mem_save_client_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); @@ -2426,11 +2484,13 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSessInfo0(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->client, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->client)); NDR_CHECK(ndr_pull_array_length(ndr, &r->client)); - if (ndr_get_array_length(ndr, &r->client) > ndr_get_array_size(ndr, &r->client)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->client), ndr_get_array_length(ndr, &r->client)); + size_client_1 = ndr_get_array_size(ndr, &r->client); + length_client_1 = ndr_get_array_length(ndr, &r->client); + if (length_client_1 > size_client_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_client_1, length_client_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->client), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->client, ndr_get_array_length(ndr, &r->client), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_client_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->client, length_client_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_client_0, 0); } } @@ -2475,6 +2535,7 @@ static enum ndr_err_code ndr_push_srvsvc_NetSessCtr0(struct ndr_push *ndr, int n static enum ndr_err_code ndr_pull_srvsvc_NetSessCtr0(struct ndr_pull *ndr, int ndr_flags, struct srvsvc_NetSessCtr0 *r) { uint32_t _ptr_array; + uint32_t size_array_1 = 0; uint32_t cntr_array_1; TALLOC_CTX *_mem_save_array_0; TALLOC_CTX *_mem_save_array_1; @@ -2493,13 +2554,14 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSessCtr0(struct ndr_pull *ndr, int n _mem_save_array_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->array)); - NDR_PULL_ALLOC_N(ndr, r->array, ndr_get_array_size(ndr, &r->array)); + size_array_1 = ndr_get_array_size(ndr, &r->array); + NDR_PULL_ALLOC_N(ndr, r->array, size_array_1); _mem_save_array_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); - for (cntr_array_1 = 0; cntr_array_1 < r->count; cntr_array_1++) { + for (cntr_array_1 = 0; cntr_array_1 < size_array_1; cntr_array_1++) { NDR_CHECK(ndr_pull_srvsvc_NetSessInfo0(ndr, NDR_SCALARS, &r->array[cntr_array_1])); } - for (cntr_array_1 = 0; cntr_array_1 < r->count; cntr_array_1++) { + for (cntr_array_1 = 0; cntr_array_1 < size_array_1; cntr_array_1++) { NDR_CHECK(ndr_pull_srvsvc_NetSessInfo0(ndr, NDR_BUFFERS, &r->array[cntr_array_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_array_1, 0); @@ -2567,8 +2629,12 @@ static enum ndr_err_code ndr_push_srvsvc_NetSessInfo1(struct ndr_push *ndr, int static enum ndr_err_code ndr_pull_srvsvc_NetSessInfo1(struct ndr_pull *ndr, int ndr_flags, struct srvsvc_NetSessInfo1 *r) { uint32_t _ptr_client; + uint32_t size_client_1 = 0; + uint32_t length_client_1 = 0; TALLOC_CTX *_mem_save_client_0; uint32_t _ptr_user; + uint32_t size_user_1 = 0; + uint32_t length_user_1 = 0; TALLOC_CTX *_mem_save_user_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); @@ -2595,11 +2661,13 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSessInfo1(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->client, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->client)); NDR_CHECK(ndr_pull_array_length(ndr, &r->client)); - if (ndr_get_array_length(ndr, &r->client) > ndr_get_array_size(ndr, &r->client)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->client), ndr_get_array_length(ndr, &r->client)); + size_client_1 = ndr_get_array_size(ndr, &r->client); + length_client_1 = ndr_get_array_length(ndr, &r->client); + if (length_client_1 > size_client_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_client_1, length_client_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->client), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->client, ndr_get_array_length(ndr, &r->client), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_client_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->client, length_client_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_client_0, 0); } if (r->user) { @@ -2607,11 +2675,13 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSessInfo1(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->user, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->user)); NDR_CHECK(ndr_pull_array_length(ndr, &r->user)); - if (ndr_get_array_length(ndr, &r->user) > ndr_get_array_size(ndr, &r->user)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->user), ndr_get_array_length(ndr, &r->user)); + size_user_1 = ndr_get_array_size(ndr, &r->user); + length_user_1 = ndr_get_array_length(ndr, &r->user); + if (length_user_1 > size_user_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_user_1, length_user_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->user), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->user, ndr_get_array_length(ndr, &r->user), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_user_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->user, length_user_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_user_0, 0); } } @@ -2666,6 +2736,7 @@ static enum ndr_err_code ndr_push_srvsvc_NetSessCtr1(struct ndr_push *ndr, int n static enum ndr_err_code ndr_pull_srvsvc_NetSessCtr1(struct ndr_pull *ndr, int ndr_flags, struct srvsvc_NetSessCtr1 *r) { uint32_t _ptr_array; + uint32_t size_array_1 = 0; uint32_t cntr_array_1; TALLOC_CTX *_mem_save_array_0; TALLOC_CTX *_mem_save_array_1; @@ -2684,13 +2755,14 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSessCtr1(struct ndr_pull *ndr, int n _mem_save_array_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->array)); - NDR_PULL_ALLOC_N(ndr, r->array, ndr_get_array_size(ndr, &r->array)); + size_array_1 = ndr_get_array_size(ndr, &r->array); + NDR_PULL_ALLOC_N(ndr, r->array, size_array_1); _mem_save_array_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); - for (cntr_array_1 = 0; cntr_array_1 < r->count; cntr_array_1++) { + for (cntr_array_1 = 0; cntr_array_1 < size_array_1; cntr_array_1++) { NDR_CHECK(ndr_pull_srvsvc_NetSessInfo1(ndr, NDR_SCALARS, &r->array[cntr_array_1])); } - for (cntr_array_1 = 0; cntr_array_1 < r->count; cntr_array_1++) { + for (cntr_array_1 = 0; cntr_array_1 < size_array_1; cntr_array_1++) { NDR_CHECK(ndr_pull_srvsvc_NetSessInfo1(ndr, NDR_BUFFERS, &r->array[cntr_array_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_array_1, 0); @@ -2765,10 +2837,16 @@ static enum ndr_err_code ndr_push_srvsvc_NetSessInfo2(struct ndr_push *ndr, int static enum ndr_err_code ndr_pull_srvsvc_NetSessInfo2(struct ndr_pull *ndr, int ndr_flags, struct srvsvc_NetSessInfo2 *r) { uint32_t _ptr_client; + uint32_t size_client_1 = 0; + uint32_t length_client_1 = 0; TALLOC_CTX *_mem_save_client_0; uint32_t _ptr_user; + uint32_t size_user_1 = 0; + uint32_t length_user_1 = 0; TALLOC_CTX *_mem_save_user_0; uint32_t _ptr_client_type; + uint32_t size_client_type_1 = 0; + uint32_t length_client_type_1 = 0; TALLOC_CTX *_mem_save_client_type_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); @@ -2801,11 +2879,13 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSessInfo2(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->client, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->client)); NDR_CHECK(ndr_pull_array_length(ndr, &r->client)); - if (ndr_get_array_length(ndr, &r->client) > ndr_get_array_size(ndr, &r->client)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->client), ndr_get_array_length(ndr, &r->client)); + size_client_1 = ndr_get_array_size(ndr, &r->client); + length_client_1 = ndr_get_array_length(ndr, &r->client); + if (length_client_1 > size_client_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_client_1, length_client_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->client), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->client, ndr_get_array_length(ndr, &r->client), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_client_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->client, length_client_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_client_0, 0); } if (r->user) { @@ -2813,11 +2893,13 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSessInfo2(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->user, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->user)); NDR_CHECK(ndr_pull_array_length(ndr, &r->user)); - if (ndr_get_array_length(ndr, &r->user) > ndr_get_array_size(ndr, &r->user)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->user), ndr_get_array_length(ndr, &r->user)); + size_user_1 = ndr_get_array_size(ndr, &r->user); + length_user_1 = ndr_get_array_length(ndr, &r->user); + if (length_user_1 > size_user_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_user_1, length_user_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->user), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->user, ndr_get_array_length(ndr, &r->user), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_user_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->user, length_user_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_user_0, 0); } if (r->client_type) { @@ -2825,11 +2907,13 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSessInfo2(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->client_type, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->client_type)); NDR_CHECK(ndr_pull_array_length(ndr, &r->client_type)); - if (ndr_get_array_length(ndr, &r->client_type) > ndr_get_array_size(ndr, &r->client_type)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->client_type), ndr_get_array_length(ndr, &r->client_type)); + size_client_type_1 = ndr_get_array_size(ndr, &r->client_type); + length_client_type_1 = ndr_get_array_length(ndr, &r->client_type); + if (length_client_type_1 > size_client_type_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_client_type_1, length_client_type_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->client_type), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->client_type, ndr_get_array_length(ndr, &r->client_type), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_client_type_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->client_type, length_client_type_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_client_type_0, 0); } } @@ -2890,6 +2974,7 @@ static enum ndr_err_code ndr_push_srvsvc_NetSessCtr2(struct ndr_push *ndr, int n static enum ndr_err_code ndr_pull_srvsvc_NetSessCtr2(struct ndr_pull *ndr, int ndr_flags, struct srvsvc_NetSessCtr2 *r) { uint32_t _ptr_array; + uint32_t size_array_1 = 0; uint32_t cntr_array_1; TALLOC_CTX *_mem_save_array_0; TALLOC_CTX *_mem_save_array_1; @@ -2908,13 +2993,14 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSessCtr2(struct ndr_pull *ndr, int n _mem_save_array_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->array)); - NDR_PULL_ALLOC_N(ndr, r->array, ndr_get_array_size(ndr, &r->array)); + size_array_1 = ndr_get_array_size(ndr, &r->array); + NDR_PULL_ALLOC_N(ndr, r->array, size_array_1); _mem_save_array_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); - for (cntr_array_1 = 0; cntr_array_1 < r->count; cntr_array_1++) { + for (cntr_array_1 = 0; cntr_array_1 < size_array_1; cntr_array_1++) { NDR_CHECK(ndr_pull_srvsvc_NetSessInfo2(ndr, NDR_SCALARS, &r->array[cntr_array_1])); } - for (cntr_array_1 = 0; cntr_array_1 < r->count; cntr_array_1++) { + for (cntr_array_1 = 0; cntr_array_1 < size_array_1; cntr_array_1++) { NDR_CHECK(ndr_pull_srvsvc_NetSessInfo2(ndr, NDR_BUFFERS, &r->array[cntr_array_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_array_1, 0); @@ -2980,8 +3066,12 @@ static enum ndr_err_code ndr_push_srvsvc_NetSessInfo10(struct ndr_push *ndr, int static enum ndr_err_code ndr_pull_srvsvc_NetSessInfo10(struct ndr_pull *ndr, int ndr_flags, struct srvsvc_NetSessInfo10 *r) { uint32_t _ptr_client; + uint32_t size_client_1 = 0; + uint32_t length_client_1 = 0; TALLOC_CTX *_mem_save_client_0; uint32_t _ptr_user; + uint32_t size_user_1 = 0; + uint32_t length_user_1 = 0; TALLOC_CTX *_mem_save_user_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); @@ -3006,11 +3096,13 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSessInfo10(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->client, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->client)); NDR_CHECK(ndr_pull_array_length(ndr, &r->client)); - if (ndr_get_array_length(ndr, &r->client) > ndr_get_array_size(ndr, &r->client)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->client), ndr_get_array_length(ndr, &r->client)); + size_client_1 = ndr_get_array_size(ndr, &r->client); + length_client_1 = ndr_get_array_length(ndr, &r->client); + if (length_client_1 > size_client_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_client_1, length_client_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->client), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->client, ndr_get_array_length(ndr, &r->client), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_client_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->client, length_client_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_client_0, 0); } if (r->user) { @@ -3018,11 +3110,13 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSessInfo10(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->user, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->user)); NDR_CHECK(ndr_pull_array_length(ndr, &r->user)); - if (ndr_get_array_length(ndr, &r->user) > ndr_get_array_size(ndr, &r->user)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->user), ndr_get_array_length(ndr, &r->user)); + size_user_1 = ndr_get_array_size(ndr, &r->user); + length_user_1 = ndr_get_array_length(ndr, &r->user); + if (length_user_1 > size_user_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_user_1, length_user_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->user), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->user, ndr_get_array_length(ndr, &r->user), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_user_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->user, length_user_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_user_0, 0); } } @@ -3075,6 +3169,7 @@ static enum ndr_err_code ndr_push_srvsvc_NetSessCtr10(struct ndr_push *ndr, int static enum ndr_err_code ndr_pull_srvsvc_NetSessCtr10(struct ndr_pull *ndr, int ndr_flags, struct srvsvc_NetSessCtr10 *r) { uint32_t _ptr_array; + uint32_t size_array_1 = 0; uint32_t cntr_array_1; TALLOC_CTX *_mem_save_array_0; TALLOC_CTX *_mem_save_array_1; @@ -3093,13 +3188,14 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSessCtr10(struct ndr_pull *ndr, int _mem_save_array_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->array)); - NDR_PULL_ALLOC_N(ndr, r->array, ndr_get_array_size(ndr, &r->array)); + size_array_1 = ndr_get_array_size(ndr, &r->array); + NDR_PULL_ALLOC_N(ndr, r->array, size_array_1); _mem_save_array_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); - for (cntr_array_1 = 0; cntr_array_1 < r->count; cntr_array_1++) { + for (cntr_array_1 = 0; cntr_array_1 < size_array_1; cntr_array_1++) { NDR_CHECK(ndr_pull_srvsvc_NetSessInfo10(ndr, NDR_SCALARS, &r->array[cntr_array_1])); } - for (cntr_array_1 = 0; cntr_array_1 < r->count; cntr_array_1++) { + for (cntr_array_1 = 0; cntr_array_1 < size_array_1; cntr_array_1++) { NDR_CHECK(ndr_pull_srvsvc_NetSessInfo10(ndr, NDR_BUFFERS, &r->array[cntr_array_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_array_1, 0); @@ -3181,12 +3277,20 @@ static enum ndr_err_code ndr_push_srvsvc_NetSessInfo502(struct ndr_push *ndr, in static enum ndr_err_code ndr_pull_srvsvc_NetSessInfo502(struct ndr_pull *ndr, int ndr_flags, struct srvsvc_NetSessInfo502 *r) { uint32_t _ptr_client; + uint32_t size_client_1 = 0; + uint32_t length_client_1 = 0; TALLOC_CTX *_mem_save_client_0; uint32_t _ptr_user; + uint32_t size_user_1 = 0; + uint32_t length_user_1 = 0; TALLOC_CTX *_mem_save_user_0; uint32_t _ptr_client_type; + uint32_t size_client_type_1 = 0; + uint32_t length_client_type_1 = 0; TALLOC_CTX *_mem_save_client_type_0; uint32_t _ptr_transport; + uint32_t size_transport_1 = 0; + uint32_t length_transport_1 = 0; TALLOC_CTX *_mem_save_transport_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); @@ -3225,11 +3329,13 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSessInfo502(struct ndr_pull *ndr, in NDR_PULL_SET_MEM_CTX(ndr, r->client, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->client)); NDR_CHECK(ndr_pull_array_length(ndr, &r->client)); - if (ndr_get_array_length(ndr, &r->client) > ndr_get_array_size(ndr, &r->client)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->client), ndr_get_array_length(ndr, &r->client)); + size_client_1 = ndr_get_array_size(ndr, &r->client); + length_client_1 = ndr_get_array_length(ndr, &r->client); + if (length_client_1 > size_client_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_client_1, length_client_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->client), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->client, ndr_get_array_length(ndr, &r->client), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_client_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->client, length_client_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_client_0, 0); } if (r->user) { @@ -3237,11 +3343,13 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSessInfo502(struct ndr_pull *ndr, in NDR_PULL_SET_MEM_CTX(ndr, r->user, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->user)); NDR_CHECK(ndr_pull_array_length(ndr, &r->user)); - if (ndr_get_array_length(ndr, &r->user) > ndr_get_array_size(ndr, &r->user)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->user), ndr_get_array_length(ndr, &r->user)); + size_user_1 = ndr_get_array_size(ndr, &r->user); + length_user_1 = ndr_get_array_length(ndr, &r->user); + if (length_user_1 > size_user_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_user_1, length_user_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->user), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->user, ndr_get_array_length(ndr, &r->user), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_user_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->user, length_user_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_user_0, 0); } if (r->client_type) { @@ -3249,11 +3357,13 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSessInfo502(struct ndr_pull *ndr, in NDR_PULL_SET_MEM_CTX(ndr, r->client_type, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->client_type)); NDR_CHECK(ndr_pull_array_length(ndr, &r->client_type)); - if (ndr_get_array_length(ndr, &r->client_type) > ndr_get_array_size(ndr, &r->client_type)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->client_type), ndr_get_array_length(ndr, &r->client_type)); + size_client_type_1 = ndr_get_array_size(ndr, &r->client_type); + length_client_type_1 = ndr_get_array_length(ndr, &r->client_type); + if (length_client_type_1 > size_client_type_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_client_type_1, length_client_type_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->client_type), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->client_type, ndr_get_array_length(ndr, &r->client_type), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_client_type_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->client_type, length_client_type_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_client_type_0, 0); } if (r->transport) { @@ -3261,11 +3371,13 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSessInfo502(struct ndr_pull *ndr, in NDR_PULL_SET_MEM_CTX(ndr, r->transport, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->transport)); NDR_CHECK(ndr_pull_array_length(ndr, &r->transport)); - if (ndr_get_array_length(ndr, &r->transport) > ndr_get_array_size(ndr, &r->transport)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->transport), ndr_get_array_length(ndr, &r->transport)); + size_transport_1 = ndr_get_array_size(ndr, &r->transport); + length_transport_1 = ndr_get_array_length(ndr, &r->transport); + if (length_transport_1 > size_transport_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_transport_1, length_transport_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->transport), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->transport, ndr_get_array_length(ndr, &r->transport), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_transport_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->transport, length_transport_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_transport_0, 0); } } @@ -3332,6 +3444,7 @@ static enum ndr_err_code ndr_push_srvsvc_NetSessCtr502(struct ndr_push *ndr, int static enum ndr_err_code ndr_pull_srvsvc_NetSessCtr502(struct ndr_pull *ndr, int ndr_flags, struct srvsvc_NetSessCtr502 *r) { uint32_t _ptr_array; + uint32_t size_array_1 = 0; uint32_t cntr_array_1; TALLOC_CTX *_mem_save_array_0; TALLOC_CTX *_mem_save_array_1; @@ -3350,13 +3463,14 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSessCtr502(struct ndr_pull *ndr, int _mem_save_array_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->array)); - NDR_PULL_ALLOC_N(ndr, r->array, ndr_get_array_size(ndr, &r->array)); + size_array_1 = ndr_get_array_size(ndr, &r->array); + NDR_PULL_ALLOC_N(ndr, r->array, size_array_1); _mem_save_array_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); - for (cntr_array_1 = 0; cntr_array_1 < r->count; cntr_array_1++) { + for (cntr_array_1 = 0; cntr_array_1 < size_array_1; cntr_array_1++) { NDR_CHECK(ndr_pull_srvsvc_NetSessInfo502(ndr, NDR_SCALARS, &r->array[cntr_array_1])); } - for (cntr_array_1 = 0; cntr_array_1 < r->count; cntr_array_1++) { + for (cntr_array_1 = 0; cntr_array_1 < size_array_1; cntr_array_1++) { NDR_CHECK(ndr_pull_srvsvc_NetSessInfo502(ndr, NDR_BUFFERS, &r->array[cntr_array_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_array_1, 0); @@ -3470,10 +3584,15 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSessCtr(struct ndr_pull *ndr, int nd int level; uint32_t _level; TALLOC_CTX *_mem_save_ctr0_0; + uint32_t _ptr_ctr0; TALLOC_CTX *_mem_save_ctr1_0; + uint32_t _ptr_ctr1; TALLOC_CTX *_mem_save_ctr2_0; + uint32_t _ptr_ctr2; TALLOC_CTX *_mem_save_ctr10_0; + uint32_t _ptr_ctr10; TALLOC_CTX *_mem_save_ctr502_0; + uint32_t _ptr_ctr502; level = ndr_pull_get_switch_value(ndr, r); if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &_level)); @@ -3482,7 +3601,6 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSessCtr(struct ndr_pull *ndr, int nd } switch (level) { case 0: { - uint32_t _ptr_ctr0; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_ctr0)); if (_ptr_ctr0) { NDR_PULL_ALLOC(ndr, r->ctr0); @@ -3492,7 +3610,6 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSessCtr(struct ndr_pull *ndr, int nd break; } case 1: { - uint32_t _ptr_ctr1; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_ctr1)); if (_ptr_ctr1) { NDR_PULL_ALLOC(ndr, r->ctr1); @@ -3502,7 +3619,6 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSessCtr(struct ndr_pull *ndr, int nd break; } case 2: { - uint32_t _ptr_ctr2; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_ctr2)); if (_ptr_ctr2) { NDR_PULL_ALLOC(ndr, r->ctr2); @@ -3512,7 +3628,6 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSessCtr(struct ndr_pull *ndr, int nd break; } case 10: { - uint32_t _ptr_ctr10; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_ctr10)); if (_ptr_ctr10) { NDR_PULL_ALLOC(ndr, r->ctr10); @@ -3522,7 +3637,6 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSessCtr(struct ndr_pull *ndr, int nd break; } case 502: { - uint32_t _ptr_ctr502; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_ctr502)); if (_ptr_ctr502) { NDR_PULL_ALLOC(ndr, r->ctr502); @@ -3756,6 +3870,8 @@ static enum ndr_err_code ndr_push_srvsvc_NetShareInfo0(struct ndr_push *ndr, int static enum ndr_err_code ndr_pull_srvsvc_NetShareInfo0(struct ndr_pull *ndr, int ndr_flags, struct srvsvc_NetShareInfo0 *r) { uint32_t _ptr_name; + uint32_t size_name_1 = 0; + uint32_t length_name_1 = 0; TALLOC_CTX *_mem_save_name_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); @@ -3772,11 +3888,13 @@ static enum ndr_err_code ndr_pull_srvsvc_NetShareInfo0(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->name)); - if (ndr_get_array_length(ndr, &r->name) > ndr_get_array_size(ndr, &r->name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->name), ndr_get_array_length(ndr, &r->name)); + size_name_1 = ndr_get_array_size(ndr, &r->name); + length_name_1 = ndr_get_array_length(ndr, &r->name); + if (length_name_1 > size_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_name_1, length_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->name, ndr_get_array_length(ndr, &r->name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->name, length_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_name_0, 0); } } @@ -3821,6 +3939,7 @@ static enum ndr_err_code ndr_push_srvsvc_NetShareCtr0(struct ndr_push *ndr, int static enum ndr_err_code ndr_pull_srvsvc_NetShareCtr0(struct ndr_pull *ndr, int ndr_flags, struct srvsvc_NetShareCtr0 *r) { uint32_t _ptr_array; + uint32_t size_array_1 = 0; uint32_t cntr_array_1; TALLOC_CTX *_mem_save_array_0; TALLOC_CTX *_mem_save_array_1; @@ -3839,13 +3958,14 @@ static enum ndr_err_code ndr_pull_srvsvc_NetShareCtr0(struct ndr_pull *ndr, int _mem_save_array_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->array)); - NDR_PULL_ALLOC_N(ndr, r->array, ndr_get_array_size(ndr, &r->array)); + size_array_1 = ndr_get_array_size(ndr, &r->array); + NDR_PULL_ALLOC_N(ndr, r->array, size_array_1); _mem_save_array_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); - for (cntr_array_1 = 0; cntr_array_1 < r->count; cntr_array_1++) { + for (cntr_array_1 = 0; cntr_array_1 < size_array_1; cntr_array_1++) { NDR_CHECK(ndr_pull_srvsvc_NetShareInfo0(ndr, NDR_SCALARS, &r->array[cntr_array_1])); } - for (cntr_array_1 = 0; cntr_array_1 < r->count; cntr_array_1++) { + for (cntr_array_1 = 0; cntr_array_1 < size_array_1; cntr_array_1++) { NDR_CHECK(ndr_pull_srvsvc_NetShareInfo0(ndr, NDR_BUFFERS, &r->array[cntr_array_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_array_1, 0); @@ -3910,8 +4030,12 @@ static enum ndr_err_code ndr_push_srvsvc_NetShareInfo1(struct ndr_push *ndr, int static enum ndr_err_code ndr_pull_srvsvc_NetShareInfo1(struct ndr_pull *ndr, int ndr_flags, struct srvsvc_NetShareInfo1 *r) { uint32_t _ptr_name; + uint32_t size_name_1 = 0; + uint32_t length_name_1 = 0; TALLOC_CTX *_mem_save_name_0; uint32_t _ptr_comment; + uint32_t size_comment_1 = 0; + uint32_t length_comment_1 = 0; TALLOC_CTX *_mem_save_comment_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); @@ -3935,11 +4059,13 @@ static enum ndr_err_code ndr_pull_srvsvc_NetShareInfo1(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->name)); - if (ndr_get_array_length(ndr, &r->name) > ndr_get_array_size(ndr, &r->name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->name), ndr_get_array_length(ndr, &r->name)); + size_name_1 = ndr_get_array_size(ndr, &r->name); + length_name_1 = ndr_get_array_length(ndr, &r->name); + if (length_name_1 > size_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_name_1, length_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->name, ndr_get_array_length(ndr, &r->name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->name, length_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_name_0, 0); } if (r->comment) { @@ -3947,11 +4073,13 @@ static enum ndr_err_code ndr_pull_srvsvc_NetShareInfo1(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->comment, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->comment)); NDR_CHECK(ndr_pull_array_length(ndr, &r->comment)); - if (ndr_get_array_length(ndr, &r->comment) > ndr_get_array_size(ndr, &r->comment)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->comment), ndr_get_array_length(ndr, &r->comment)); + size_comment_1 = ndr_get_array_size(ndr, &r->comment); + length_comment_1 = ndr_get_array_length(ndr, &r->comment); + if (length_comment_1 > size_comment_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_comment_1, length_comment_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->comment), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->comment, ndr_get_array_length(ndr, &r->comment), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_comment_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->comment, length_comment_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_comment_0, 0); } } @@ -4003,6 +4131,7 @@ static enum ndr_err_code ndr_push_srvsvc_NetShareCtr1(struct ndr_push *ndr, int static enum ndr_err_code ndr_pull_srvsvc_NetShareCtr1(struct ndr_pull *ndr, int ndr_flags, struct srvsvc_NetShareCtr1 *r) { uint32_t _ptr_array; + uint32_t size_array_1 = 0; uint32_t cntr_array_1; TALLOC_CTX *_mem_save_array_0; TALLOC_CTX *_mem_save_array_1; @@ -4021,13 +4150,14 @@ static enum ndr_err_code ndr_pull_srvsvc_NetShareCtr1(struct ndr_pull *ndr, int _mem_save_array_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->array)); - NDR_PULL_ALLOC_N(ndr, r->array, ndr_get_array_size(ndr, &r->array)); + size_array_1 = ndr_get_array_size(ndr, &r->array); + NDR_PULL_ALLOC_N(ndr, r->array, size_array_1); _mem_save_array_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); - for (cntr_array_1 = 0; cntr_array_1 < r->count; cntr_array_1++) { + for (cntr_array_1 = 0; cntr_array_1 < size_array_1; cntr_array_1++) { NDR_CHECK(ndr_pull_srvsvc_NetShareInfo1(ndr, NDR_SCALARS, &r->array[cntr_array_1])); } - for (cntr_array_1 = 0; cntr_array_1 < r->count; cntr_array_1++) { + for (cntr_array_1 = 0; cntr_array_1 < size_array_1; cntr_array_1++) { NDR_CHECK(ndr_pull_srvsvc_NetShareInfo1(ndr, NDR_BUFFERS, &r->array[cntr_array_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_array_1, 0); @@ -4109,12 +4239,20 @@ static enum ndr_err_code ndr_push_srvsvc_NetShareInfo2(struct ndr_push *ndr, int static enum ndr_err_code ndr_pull_srvsvc_NetShareInfo2(struct ndr_pull *ndr, int ndr_flags, struct srvsvc_NetShareInfo2 *r) { uint32_t _ptr_name; + uint32_t size_name_1 = 0; + uint32_t length_name_1 = 0; TALLOC_CTX *_mem_save_name_0; uint32_t _ptr_comment; + uint32_t size_comment_1 = 0; + uint32_t length_comment_1 = 0; TALLOC_CTX *_mem_save_comment_0; uint32_t _ptr_path; + uint32_t size_path_1 = 0; + uint32_t length_path_1 = 0; TALLOC_CTX *_mem_save_path_0; uint32_t _ptr_password; + uint32_t size_password_1 = 0; + uint32_t length_password_1 = 0; TALLOC_CTX *_mem_save_password_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); @@ -4153,11 +4291,13 @@ static enum ndr_err_code ndr_pull_srvsvc_NetShareInfo2(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->name)); - if (ndr_get_array_length(ndr, &r->name) > ndr_get_array_size(ndr, &r->name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->name), ndr_get_array_length(ndr, &r->name)); + size_name_1 = ndr_get_array_size(ndr, &r->name); + length_name_1 = ndr_get_array_length(ndr, &r->name); + if (length_name_1 > size_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_name_1, length_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->name, ndr_get_array_length(ndr, &r->name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->name, length_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_name_0, 0); } if (r->comment) { @@ -4165,11 +4305,13 @@ static enum ndr_err_code ndr_pull_srvsvc_NetShareInfo2(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->comment, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->comment)); NDR_CHECK(ndr_pull_array_length(ndr, &r->comment)); - if (ndr_get_array_length(ndr, &r->comment) > ndr_get_array_size(ndr, &r->comment)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->comment), ndr_get_array_length(ndr, &r->comment)); + size_comment_1 = ndr_get_array_size(ndr, &r->comment); + length_comment_1 = ndr_get_array_length(ndr, &r->comment); + if (length_comment_1 > size_comment_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_comment_1, length_comment_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->comment), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->comment, ndr_get_array_length(ndr, &r->comment), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_comment_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->comment, length_comment_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_comment_0, 0); } if (r->path) { @@ -4177,11 +4319,13 @@ static enum ndr_err_code ndr_pull_srvsvc_NetShareInfo2(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->path, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->path)); NDR_CHECK(ndr_pull_array_length(ndr, &r->path)); - if (ndr_get_array_length(ndr, &r->path) > ndr_get_array_size(ndr, &r->path)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->path), ndr_get_array_length(ndr, &r->path)); + size_path_1 = ndr_get_array_size(ndr, &r->path); + length_path_1 = ndr_get_array_length(ndr, &r->path); + if (length_path_1 > size_path_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_path_1, length_path_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->path), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->path, ndr_get_array_length(ndr, &r->path), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_path_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->path, length_path_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_path_0, 0); } if (r->password) { @@ -4189,11 +4333,13 @@ static enum ndr_err_code ndr_pull_srvsvc_NetShareInfo2(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->password, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->password)); NDR_CHECK(ndr_pull_array_length(ndr, &r->password)); - if (ndr_get_array_length(ndr, &r->password) > ndr_get_array_size(ndr, &r->password)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->password), ndr_get_array_length(ndr, &r->password)); + size_password_1 = ndr_get_array_size(ndr, &r->password); + length_password_1 = ndr_get_array_length(ndr, &r->password); + if (length_password_1 > size_password_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_password_1, length_password_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->password), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->password, ndr_get_array_length(ndr, &r->password), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_password_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->password, length_password_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_password_0, 0); } } @@ -4260,6 +4406,7 @@ static enum ndr_err_code ndr_push_srvsvc_NetShareCtr2(struct ndr_push *ndr, int static enum ndr_err_code ndr_pull_srvsvc_NetShareCtr2(struct ndr_pull *ndr, int ndr_flags, struct srvsvc_NetShareCtr2 *r) { uint32_t _ptr_array; + uint32_t size_array_1 = 0; uint32_t cntr_array_1; TALLOC_CTX *_mem_save_array_0; TALLOC_CTX *_mem_save_array_1; @@ -4278,13 +4425,14 @@ static enum ndr_err_code ndr_pull_srvsvc_NetShareCtr2(struct ndr_pull *ndr, int _mem_save_array_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->array)); - NDR_PULL_ALLOC_N(ndr, r->array, ndr_get_array_size(ndr, &r->array)); + size_array_1 = ndr_get_array_size(ndr, &r->array); + NDR_PULL_ALLOC_N(ndr, r->array, size_array_1); _mem_save_array_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); - for (cntr_array_1 = 0; cntr_array_1 < r->count; cntr_array_1++) { + for (cntr_array_1 = 0; cntr_array_1 < size_array_1; cntr_array_1++) { NDR_CHECK(ndr_pull_srvsvc_NetShareInfo2(ndr, NDR_SCALARS, &r->array[cntr_array_1])); } - for (cntr_array_1 = 0; cntr_array_1 < r->count; cntr_array_1++) { + for (cntr_array_1 = 0; cntr_array_1 < size_array_1; cntr_array_1++) { NDR_CHECK(ndr_pull_srvsvc_NetShareInfo2(ndr, NDR_BUFFERS, &r->array[cntr_array_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_array_1, 0); @@ -4350,8 +4498,12 @@ static enum ndr_err_code ndr_push_srvsvc_NetShareInfo501(struct ndr_push *ndr, i static enum ndr_err_code ndr_pull_srvsvc_NetShareInfo501(struct ndr_pull *ndr, int ndr_flags, struct srvsvc_NetShareInfo501 *r) { uint32_t _ptr_name; + uint32_t size_name_1 = 0; + uint32_t length_name_1 = 0; TALLOC_CTX *_mem_save_name_0; uint32_t _ptr_comment; + uint32_t size_comment_1 = 0; + uint32_t length_comment_1 = 0; TALLOC_CTX *_mem_save_comment_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); @@ -4376,11 +4528,13 @@ static enum ndr_err_code ndr_pull_srvsvc_NetShareInfo501(struct ndr_pull *ndr, i NDR_PULL_SET_MEM_CTX(ndr, r->name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->name)); - if (ndr_get_array_length(ndr, &r->name) > ndr_get_array_size(ndr, &r->name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->name), ndr_get_array_length(ndr, &r->name)); + size_name_1 = ndr_get_array_size(ndr, &r->name); + length_name_1 = ndr_get_array_length(ndr, &r->name); + if (length_name_1 > size_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_name_1, length_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->name, ndr_get_array_length(ndr, &r->name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->name, length_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_name_0, 0); } if (r->comment) { @@ -4388,11 +4542,13 @@ static enum ndr_err_code ndr_pull_srvsvc_NetShareInfo501(struct ndr_pull *ndr, i NDR_PULL_SET_MEM_CTX(ndr, r->comment, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->comment)); NDR_CHECK(ndr_pull_array_length(ndr, &r->comment)); - if (ndr_get_array_length(ndr, &r->comment) > ndr_get_array_size(ndr, &r->comment)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->comment), ndr_get_array_length(ndr, &r->comment)); + size_comment_1 = ndr_get_array_size(ndr, &r->comment); + length_comment_1 = ndr_get_array_length(ndr, &r->comment); + if (length_comment_1 > size_comment_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_comment_1, length_comment_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->comment), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->comment, ndr_get_array_length(ndr, &r->comment), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_comment_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->comment, length_comment_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_comment_0, 0); } } @@ -4445,6 +4601,7 @@ static enum ndr_err_code ndr_push_srvsvc_NetShareCtr501(struct ndr_push *ndr, in static enum ndr_err_code ndr_pull_srvsvc_NetShareCtr501(struct ndr_pull *ndr, int ndr_flags, struct srvsvc_NetShareCtr501 *r) { uint32_t _ptr_array; + uint32_t size_array_1 = 0; uint32_t cntr_array_1; TALLOC_CTX *_mem_save_array_0; TALLOC_CTX *_mem_save_array_1; @@ -4463,13 +4620,14 @@ static enum ndr_err_code ndr_pull_srvsvc_NetShareCtr501(struct ndr_pull *ndr, in _mem_save_array_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->array)); - NDR_PULL_ALLOC_N(ndr, r->array, ndr_get_array_size(ndr, &r->array)); + size_array_1 = ndr_get_array_size(ndr, &r->array); + NDR_PULL_ALLOC_N(ndr, r->array, size_array_1); _mem_save_array_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); - for (cntr_array_1 = 0; cntr_array_1 < r->count; cntr_array_1++) { + for (cntr_array_1 = 0; cntr_array_1 < size_array_1; cntr_array_1++) { NDR_CHECK(ndr_pull_srvsvc_NetShareInfo501(ndr, NDR_SCALARS, &r->array[cntr_array_1])); } - for (cntr_array_1 = 0; cntr_array_1 < r->count; cntr_array_1++) { + for (cntr_array_1 = 0; cntr_array_1 < size_array_1; cntr_array_1++) { NDR_CHECK(ndr_pull_srvsvc_NetShareInfo501(ndr, NDR_BUFFERS, &r->array[cntr_array_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_array_1, 0); @@ -4553,12 +4711,20 @@ static enum ndr_err_code ndr_push_srvsvc_NetShareInfo502(struct ndr_push *ndr, i static enum ndr_err_code ndr_pull_srvsvc_NetShareInfo502(struct ndr_pull *ndr, int ndr_flags, struct srvsvc_NetShareInfo502 *r) { uint32_t _ptr_name; + uint32_t size_name_1 = 0; + uint32_t length_name_1 = 0; TALLOC_CTX *_mem_save_name_0; uint32_t _ptr_comment; + uint32_t size_comment_1 = 0; + uint32_t length_comment_1 = 0; TALLOC_CTX *_mem_save_comment_0; uint32_t _ptr_path; + uint32_t size_path_1 = 0; + uint32_t length_path_1 = 0; TALLOC_CTX *_mem_save_path_0; uint32_t _ptr_password; + uint32_t size_password_1 = 0; + uint32_t length_password_1 = 0; TALLOC_CTX *_mem_save_password_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); @@ -4598,11 +4764,13 @@ static enum ndr_err_code ndr_pull_srvsvc_NetShareInfo502(struct ndr_pull *ndr, i NDR_PULL_SET_MEM_CTX(ndr, r->name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->name)); - if (ndr_get_array_length(ndr, &r->name) > ndr_get_array_size(ndr, &r->name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->name), ndr_get_array_length(ndr, &r->name)); + size_name_1 = ndr_get_array_size(ndr, &r->name); + length_name_1 = ndr_get_array_length(ndr, &r->name); + if (length_name_1 > size_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_name_1, length_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->name, ndr_get_array_length(ndr, &r->name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->name, length_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_name_0, 0); } if (r->comment) { @@ -4610,11 +4778,13 @@ static enum ndr_err_code ndr_pull_srvsvc_NetShareInfo502(struct ndr_pull *ndr, i NDR_PULL_SET_MEM_CTX(ndr, r->comment, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->comment)); NDR_CHECK(ndr_pull_array_length(ndr, &r->comment)); - if (ndr_get_array_length(ndr, &r->comment) > ndr_get_array_size(ndr, &r->comment)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->comment), ndr_get_array_length(ndr, &r->comment)); + size_comment_1 = ndr_get_array_size(ndr, &r->comment); + length_comment_1 = ndr_get_array_length(ndr, &r->comment); + if (length_comment_1 > size_comment_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_comment_1, length_comment_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->comment), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->comment, ndr_get_array_length(ndr, &r->comment), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_comment_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->comment, length_comment_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_comment_0, 0); } if (r->path) { @@ -4622,11 +4792,13 @@ static enum ndr_err_code ndr_pull_srvsvc_NetShareInfo502(struct ndr_pull *ndr, i NDR_PULL_SET_MEM_CTX(ndr, r->path, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->path)); NDR_CHECK(ndr_pull_array_length(ndr, &r->path)); - if (ndr_get_array_length(ndr, &r->path) > ndr_get_array_size(ndr, &r->path)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->path), ndr_get_array_length(ndr, &r->path)); + size_path_1 = ndr_get_array_size(ndr, &r->path); + length_path_1 = ndr_get_array_length(ndr, &r->path); + if (length_path_1 > size_path_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_path_1, length_path_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->path), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->path, ndr_get_array_length(ndr, &r->path), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_path_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->path, length_path_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_path_0, 0); } if (r->password) { @@ -4634,11 +4806,13 @@ static enum ndr_err_code ndr_pull_srvsvc_NetShareInfo502(struct ndr_pull *ndr, i NDR_PULL_SET_MEM_CTX(ndr, r->password, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->password)); NDR_CHECK(ndr_pull_array_length(ndr, &r->password)); - if (ndr_get_array_length(ndr, &r->password) > ndr_get_array_size(ndr, &r->password)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->password), ndr_get_array_length(ndr, &r->password)); + size_password_1 = ndr_get_array_size(ndr, &r->password); + length_password_1 = ndr_get_array_length(ndr, &r->password); + if (length_password_1 > size_password_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_password_1, length_password_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->password), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->password, ndr_get_array_length(ndr, &r->password), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_password_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->password, length_password_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_password_0, 0); } NDR_CHECK(ndr_pull_sec_desc_buf(ndr, NDR_BUFFERS, &r->sd_buf)); @@ -4707,6 +4881,7 @@ static enum ndr_err_code ndr_push_srvsvc_NetShareCtr502(struct ndr_push *ndr, in static enum ndr_err_code ndr_pull_srvsvc_NetShareCtr502(struct ndr_pull *ndr, int ndr_flags, struct srvsvc_NetShareCtr502 *r) { uint32_t _ptr_array; + uint32_t size_array_1 = 0; uint32_t cntr_array_1; TALLOC_CTX *_mem_save_array_0; TALLOC_CTX *_mem_save_array_1; @@ -4725,13 +4900,14 @@ static enum ndr_err_code ndr_pull_srvsvc_NetShareCtr502(struct ndr_pull *ndr, in _mem_save_array_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->array)); - NDR_PULL_ALLOC_N(ndr, r->array, ndr_get_array_size(ndr, &r->array)); + size_array_1 = ndr_get_array_size(ndr, &r->array); + NDR_PULL_ALLOC_N(ndr, r->array, size_array_1); _mem_save_array_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); - for (cntr_array_1 = 0; cntr_array_1 < r->count; cntr_array_1++) { + for (cntr_array_1 = 0; cntr_array_1 < size_array_1; cntr_array_1++) { NDR_CHECK(ndr_pull_srvsvc_NetShareInfo502(ndr, NDR_SCALARS, &r->array[cntr_array_1])); } - for (cntr_array_1 = 0; cntr_array_1 < r->count; cntr_array_1++) { + for (cntr_array_1 = 0; cntr_array_1 < size_array_1; cntr_array_1++) { NDR_CHECK(ndr_pull_srvsvc_NetShareInfo502(ndr, NDR_BUFFERS, &r->array[cntr_array_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_array_1, 0); @@ -4788,6 +4964,8 @@ static enum ndr_err_code ndr_push_srvsvc_NetShareInfo1004(struct ndr_push *ndr, static enum ndr_err_code ndr_pull_srvsvc_NetShareInfo1004(struct ndr_pull *ndr, int ndr_flags, struct srvsvc_NetShareInfo1004 *r) { uint32_t _ptr_comment; + uint32_t size_comment_1 = 0; + uint32_t length_comment_1 = 0; TALLOC_CTX *_mem_save_comment_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); @@ -4804,11 +4982,13 @@ static enum ndr_err_code ndr_pull_srvsvc_NetShareInfo1004(struct ndr_pull *ndr, NDR_PULL_SET_MEM_CTX(ndr, r->comment, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->comment)); NDR_CHECK(ndr_pull_array_length(ndr, &r->comment)); - if (ndr_get_array_length(ndr, &r->comment) > ndr_get_array_size(ndr, &r->comment)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->comment), ndr_get_array_length(ndr, &r->comment)); + size_comment_1 = ndr_get_array_size(ndr, &r->comment); + length_comment_1 = ndr_get_array_length(ndr, &r->comment); + if (length_comment_1 > size_comment_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_comment_1, length_comment_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->comment), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->comment, ndr_get_array_length(ndr, &r->comment), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_comment_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->comment, length_comment_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_comment_0, 0); } } @@ -4853,6 +5033,7 @@ static enum ndr_err_code ndr_push_srvsvc_NetShareCtr1004(struct ndr_push *ndr, i static enum ndr_err_code ndr_pull_srvsvc_NetShareCtr1004(struct ndr_pull *ndr, int ndr_flags, struct srvsvc_NetShareCtr1004 *r) { uint32_t _ptr_array; + uint32_t size_array_1 = 0; uint32_t cntr_array_1; TALLOC_CTX *_mem_save_array_0; TALLOC_CTX *_mem_save_array_1; @@ -4871,13 +5052,14 @@ static enum ndr_err_code ndr_pull_srvsvc_NetShareCtr1004(struct ndr_pull *ndr, i _mem_save_array_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->array)); - NDR_PULL_ALLOC_N(ndr, r->array, ndr_get_array_size(ndr, &r->array)); + size_array_1 = ndr_get_array_size(ndr, &r->array); + NDR_PULL_ALLOC_N(ndr, r->array, size_array_1); _mem_save_array_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); - for (cntr_array_1 = 0; cntr_array_1 < r->count; cntr_array_1++) { + for (cntr_array_1 = 0; cntr_array_1 < size_array_1; cntr_array_1++) { NDR_CHECK(ndr_pull_srvsvc_NetShareInfo1004(ndr, NDR_SCALARS, &r->array[cntr_array_1])); } - for (cntr_array_1 = 0; cntr_array_1 < r->count; cntr_array_1++) { + for (cntr_array_1 = 0; cntr_array_1 < size_array_1; cntr_array_1++) { NDR_CHECK(ndr_pull_srvsvc_NetShareInfo1004(ndr, NDR_BUFFERS, &r->array[cntr_array_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_array_1, 0); @@ -4989,6 +5171,7 @@ static enum ndr_err_code ndr_push_srvsvc_NetShareCtr1005(struct ndr_push *ndr, i static enum ndr_err_code ndr_pull_srvsvc_NetShareCtr1005(struct ndr_pull *ndr, int ndr_flags, struct srvsvc_NetShareCtr1005 *r) { uint32_t _ptr_array; + uint32_t size_array_1 = 0; uint32_t cntr_array_1; TALLOC_CTX *_mem_save_array_0; TALLOC_CTX *_mem_save_array_1; @@ -5007,10 +5190,11 @@ static enum ndr_err_code ndr_pull_srvsvc_NetShareCtr1005(struct ndr_pull *ndr, i _mem_save_array_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->array)); - NDR_PULL_ALLOC_N(ndr, r->array, ndr_get_array_size(ndr, &r->array)); + size_array_1 = ndr_get_array_size(ndr, &r->array); + NDR_PULL_ALLOC_N(ndr, r->array, size_array_1); _mem_save_array_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); - for (cntr_array_1 = 0; cntr_array_1 < r->count; cntr_array_1++) { + for (cntr_array_1 = 0; cntr_array_1 < size_array_1; cntr_array_1++) { NDR_CHECK(ndr_pull_srvsvc_NetShareInfo1005(ndr, NDR_SCALARS, &r->array[cntr_array_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_array_1, 0); @@ -5099,6 +5283,7 @@ static enum ndr_err_code ndr_push_srvsvc_NetShareCtr1006(struct ndr_push *ndr, i static enum ndr_err_code ndr_pull_srvsvc_NetShareCtr1006(struct ndr_pull *ndr, int ndr_flags, struct srvsvc_NetShareCtr1006 *r) { uint32_t _ptr_array; + uint32_t size_array_1 = 0; uint32_t cntr_array_1; TALLOC_CTX *_mem_save_array_0; TALLOC_CTX *_mem_save_array_1; @@ -5117,10 +5302,11 @@ static enum ndr_err_code ndr_pull_srvsvc_NetShareCtr1006(struct ndr_pull *ndr, i _mem_save_array_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->array)); - NDR_PULL_ALLOC_N(ndr, r->array, ndr_get_array_size(ndr, &r->array)); + size_array_1 = ndr_get_array_size(ndr, &r->array); + NDR_PULL_ALLOC_N(ndr, r->array, size_array_1); _mem_save_array_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); - for (cntr_array_1 = 0; cntr_array_1 < r->count; cntr_array_1++) { + for (cntr_array_1 = 0; cntr_array_1 < size_array_1; cntr_array_1++) { NDR_CHECK(ndr_pull_srvsvc_NetShareInfo1006(ndr, NDR_SCALARS, &r->array[cntr_array_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_array_1, 0); @@ -5178,6 +5364,8 @@ static enum ndr_err_code ndr_push_srvsvc_NetShareInfo1007(struct ndr_push *ndr, static enum ndr_err_code ndr_pull_srvsvc_NetShareInfo1007(struct ndr_pull *ndr, int ndr_flags, struct srvsvc_NetShareInfo1007 *r) { uint32_t _ptr_alternate_directory_name; + uint32_t size_alternate_directory_name_1 = 0; + uint32_t length_alternate_directory_name_1 = 0; TALLOC_CTX *_mem_save_alternate_directory_name_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); @@ -5195,11 +5383,13 @@ static enum ndr_err_code ndr_pull_srvsvc_NetShareInfo1007(struct ndr_pull *ndr, NDR_PULL_SET_MEM_CTX(ndr, r->alternate_directory_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->alternate_directory_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->alternate_directory_name)); - if (ndr_get_array_length(ndr, &r->alternate_directory_name) > ndr_get_array_size(ndr, &r->alternate_directory_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->alternate_directory_name), ndr_get_array_length(ndr, &r->alternate_directory_name)); + size_alternate_directory_name_1 = ndr_get_array_size(ndr, &r->alternate_directory_name); + length_alternate_directory_name_1 = ndr_get_array_length(ndr, &r->alternate_directory_name); + if (length_alternate_directory_name_1 > size_alternate_directory_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_alternate_directory_name_1, length_alternate_directory_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->alternate_directory_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->alternate_directory_name, ndr_get_array_length(ndr, &r->alternate_directory_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_alternate_directory_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->alternate_directory_name, length_alternate_directory_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_alternate_directory_name_0, 0); } } @@ -5245,6 +5435,7 @@ static enum ndr_err_code ndr_push_srvsvc_NetShareCtr1007(struct ndr_push *ndr, i static enum ndr_err_code ndr_pull_srvsvc_NetShareCtr1007(struct ndr_pull *ndr, int ndr_flags, struct srvsvc_NetShareCtr1007 *r) { uint32_t _ptr_array; + uint32_t size_array_1 = 0; uint32_t cntr_array_1; TALLOC_CTX *_mem_save_array_0; TALLOC_CTX *_mem_save_array_1; @@ -5263,13 +5454,14 @@ static enum ndr_err_code ndr_pull_srvsvc_NetShareCtr1007(struct ndr_pull *ndr, i _mem_save_array_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->array)); - NDR_PULL_ALLOC_N(ndr, r->array, ndr_get_array_size(ndr, &r->array)); + size_array_1 = ndr_get_array_size(ndr, &r->array); + NDR_PULL_ALLOC_N(ndr, r->array, size_array_1); _mem_save_array_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); - for (cntr_array_1 = 0; cntr_array_1 < r->count; cntr_array_1++) { + for (cntr_array_1 = 0; cntr_array_1 < size_array_1; cntr_array_1++) { NDR_CHECK(ndr_pull_srvsvc_NetShareInfo1007(ndr, NDR_SCALARS, &r->array[cntr_array_1])); } - for (cntr_array_1 = 0; cntr_array_1 < r->count; cntr_array_1++) { + for (cntr_array_1 = 0; cntr_array_1 < size_array_1; cntr_array_1++) { NDR_CHECK(ndr_pull_srvsvc_NetShareInfo1007(ndr, NDR_BUFFERS, &r->array[cntr_array_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_array_1, 0); @@ -5331,6 +5523,7 @@ static enum ndr_err_code ndr_push_srvsvc_NetShareCtr1501(struct ndr_push *ndr, i static enum ndr_err_code ndr_pull_srvsvc_NetShareCtr1501(struct ndr_pull *ndr, int ndr_flags, struct srvsvc_NetShareCtr1501 *r) { uint32_t _ptr_array; + uint32_t size_array_1 = 0; uint32_t cntr_array_1; TALLOC_CTX *_mem_save_array_0; TALLOC_CTX *_mem_save_array_1; @@ -5349,13 +5542,14 @@ static enum ndr_err_code ndr_pull_srvsvc_NetShareCtr1501(struct ndr_pull *ndr, i _mem_save_array_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->array)); - NDR_PULL_ALLOC_N(ndr, r->array, ndr_get_array_size(ndr, &r->array)); + size_array_1 = ndr_get_array_size(ndr, &r->array); + NDR_PULL_ALLOC_N(ndr, r->array, size_array_1); _mem_save_array_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); - for (cntr_array_1 = 0; cntr_array_1 < r->count; cntr_array_1++) { + for (cntr_array_1 = 0; cntr_array_1 < size_array_1; cntr_array_1++) { NDR_CHECK(ndr_pull_sec_desc_buf(ndr, NDR_SCALARS, &r->array[cntr_array_1])); } - for (cntr_array_1 = 0; cntr_array_1 < r->count; cntr_array_1++) { + for (cntr_array_1 = 0; cntr_array_1 < size_array_1; cntr_array_1++) { NDR_CHECK(ndr_pull_sec_desc_buf(ndr, NDR_BUFFERS, &r->array[cntr_array_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_array_1, 0); @@ -5519,15 +5713,25 @@ static enum ndr_err_code ndr_pull_srvsvc_NetShareInfo(struct ndr_pull *ndr, int int level; uint32_t _level; TALLOC_CTX *_mem_save_info0_0; + uint32_t _ptr_info0; TALLOC_CTX *_mem_save_info1_0; + uint32_t _ptr_info1; TALLOC_CTX *_mem_save_info2_0; + uint32_t _ptr_info2; TALLOC_CTX *_mem_save_info501_0; + uint32_t _ptr_info501; TALLOC_CTX *_mem_save_info502_0; + uint32_t _ptr_info502; TALLOC_CTX *_mem_save_info1004_0; + uint32_t _ptr_info1004; TALLOC_CTX *_mem_save_info1005_0; + uint32_t _ptr_info1005; TALLOC_CTX *_mem_save_info1006_0; + uint32_t _ptr_info1006; TALLOC_CTX *_mem_save_info1007_0; + uint32_t _ptr_info1007; TALLOC_CTX *_mem_save_info1501_0; + uint32_t _ptr_info1501; level = ndr_pull_get_switch_value(ndr, r); if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &_level)); @@ -5536,7 +5740,6 @@ static enum ndr_err_code ndr_pull_srvsvc_NetShareInfo(struct ndr_pull *ndr, int } switch (level) { case 0: { - uint32_t _ptr_info0; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info0)); if (_ptr_info0) { NDR_PULL_ALLOC(ndr, r->info0); @@ -5546,7 +5749,6 @@ static enum ndr_err_code ndr_pull_srvsvc_NetShareInfo(struct ndr_pull *ndr, int break; } case 1: { - uint32_t _ptr_info1; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info1)); if (_ptr_info1) { NDR_PULL_ALLOC(ndr, r->info1); @@ -5556,7 +5758,6 @@ static enum ndr_err_code ndr_pull_srvsvc_NetShareInfo(struct ndr_pull *ndr, int break; } case 2: { - uint32_t _ptr_info2; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info2)); if (_ptr_info2) { NDR_PULL_ALLOC(ndr, r->info2); @@ -5566,7 +5767,6 @@ static enum ndr_err_code ndr_pull_srvsvc_NetShareInfo(struct ndr_pull *ndr, int break; } case 501: { - uint32_t _ptr_info501; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info501)); if (_ptr_info501) { NDR_PULL_ALLOC(ndr, r->info501); @@ -5576,7 +5776,6 @@ static enum ndr_err_code ndr_pull_srvsvc_NetShareInfo(struct ndr_pull *ndr, int break; } case 502: { - uint32_t _ptr_info502; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info502)); if (_ptr_info502) { NDR_PULL_ALLOC(ndr, r->info502); @@ -5586,7 +5785,6 @@ static enum ndr_err_code ndr_pull_srvsvc_NetShareInfo(struct ndr_pull *ndr, int break; } case 1004: { - uint32_t _ptr_info1004; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info1004)); if (_ptr_info1004) { NDR_PULL_ALLOC(ndr, r->info1004); @@ -5596,7 +5794,6 @@ static enum ndr_err_code ndr_pull_srvsvc_NetShareInfo(struct ndr_pull *ndr, int break; } case 1005: { - uint32_t _ptr_info1005; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info1005)); if (_ptr_info1005) { NDR_PULL_ALLOC(ndr, r->info1005); @@ -5606,7 +5803,6 @@ static enum ndr_err_code ndr_pull_srvsvc_NetShareInfo(struct ndr_pull *ndr, int break; } case 1006: { - uint32_t _ptr_info1006; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info1006)); if (_ptr_info1006) { NDR_PULL_ALLOC(ndr, r->info1006); @@ -5616,7 +5812,6 @@ static enum ndr_err_code ndr_pull_srvsvc_NetShareInfo(struct ndr_pull *ndr, int break; } case 1007: { - uint32_t _ptr_info1007; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info1007)); if (_ptr_info1007) { NDR_PULL_ALLOC(ndr, r->info1007); @@ -5626,7 +5821,6 @@ static enum ndr_err_code ndr_pull_srvsvc_NetShareInfo(struct ndr_pull *ndr, int break; } case 1501: { - uint32_t _ptr_info1501; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info1501)); if (_ptr_info1501) { NDR_PULL_ALLOC(ndr, r->info1501); @@ -5969,15 +6163,25 @@ static enum ndr_err_code ndr_pull_srvsvc_NetShareCtr(struct ndr_pull *ndr, int n int level; uint32_t _level; TALLOC_CTX *_mem_save_ctr0_0; + uint32_t _ptr_ctr0; TALLOC_CTX *_mem_save_ctr1_0; + uint32_t _ptr_ctr1; TALLOC_CTX *_mem_save_ctr2_0; + uint32_t _ptr_ctr2; TALLOC_CTX *_mem_save_ctr501_0; + uint32_t _ptr_ctr501; TALLOC_CTX *_mem_save_ctr502_0; + uint32_t _ptr_ctr502; TALLOC_CTX *_mem_save_ctr1004_0; + uint32_t _ptr_ctr1004; TALLOC_CTX *_mem_save_ctr1005_0; + uint32_t _ptr_ctr1005; TALLOC_CTX *_mem_save_ctr1006_0; + uint32_t _ptr_ctr1006; TALLOC_CTX *_mem_save_ctr1007_0; + uint32_t _ptr_ctr1007; TALLOC_CTX *_mem_save_ctr1501_0; + uint32_t _ptr_ctr1501; level = ndr_pull_get_switch_value(ndr, r); if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &_level)); @@ -5986,7 +6190,6 @@ static enum ndr_err_code ndr_pull_srvsvc_NetShareCtr(struct ndr_pull *ndr, int n } switch (level) { case 0: { - uint32_t _ptr_ctr0; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_ctr0)); if (_ptr_ctr0) { NDR_PULL_ALLOC(ndr, r->ctr0); @@ -5996,7 +6199,6 @@ static enum ndr_err_code ndr_pull_srvsvc_NetShareCtr(struct ndr_pull *ndr, int n break; } case 1: { - uint32_t _ptr_ctr1; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_ctr1)); if (_ptr_ctr1) { NDR_PULL_ALLOC(ndr, r->ctr1); @@ -6006,7 +6208,6 @@ static enum ndr_err_code ndr_pull_srvsvc_NetShareCtr(struct ndr_pull *ndr, int n break; } case 2: { - uint32_t _ptr_ctr2; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_ctr2)); if (_ptr_ctr2) { NDR_PULL_ALLOC(ndr, r->ctr2); @@ -6016,7 +6217,6 @@ static enum ndr_err_code ndr_pull_srvsvc_NetShareCtr(struct ndr_pull *ndr, int n break; } case 501: { - uint32_t _ptr_ctr501; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_ctr501)); if (_ptr_ctr501) { NDR_PULL_ALLOC(ndr, r->ctr501); @@ -6026,7 +6226,6 @@ static enum ndr_err_code ndr_pull_srvsvc_NetShareCtr(struct ndr_pull *ndr, int n break; } case 502: { - uint32_t _ptr_ctr502; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_ctr502)); if (_ptr_ctr502) { NDR_PULL_ALLOC(ndr, r->ctr502); @@ -6036,7 +6235,6 @@ static enum ndr_err_code ndr_pull_srvsvc_NetShareCtr(struct ndr_pull *ndr, int n break; } case 1004: { - uint32_t _ptr_ctr1004; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_ctr1004)); if (_ptr_ctr1004) { NDR_PULL_ALLOC(ndr, r->ctr1004); @@ -6046,7 +6244,6 @@ static enum ndr_err_code ndr_pull_srvsvc_NetShareCtr(struct ndr_pull *ndr, int n break; } case 1005: { - uint32_t _ptr_ctr1005; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_ctr1005)); if (_ptr_ctr1005) { NDR_PULL_ALLOC(ndr, r->ctr1005); @@ -6056,7 +6253,6 @@ static enum ndr_err_code ndr_pull_srvsvc_NetShareCtr(struct ndr_pull *ndr, int n break; } case 1006: { - uint32_t _ptr_ctr1006; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_ctr1006)); if (_ptr_ctr1006) { NDR_PULL_ALLOC(ndr, r->ctr1006); @@ -6066,7 +6262,6 @@ static enum ndr_err_code ndr_pull_srvsvc_NetShareCtr(struct ndr_pull *ndr, int n break; } case 1007: { - uint32_t _ptr_ctr1007; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_ctr1007)); if (_ptr_ctr1007) { NDR_PULL_ALLOC(ndr, r->ctr1007); @@ -6076,7 +6271,6 @@ static enum ndr_err_code ndr_pull_srvsvc_NetShareCtr(struct ndr_pull *ndr, int n break; } case 1501: { - uint32_t _ptr_ctr1501; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_ctr1501)); if (_ptr_ctr1501) { NDR_PULL_ALLOC(ndr, r->ctr1501); @@ -6379,6 +6573,8 @@ _PUBLIC_ enum ndr_err_code ndr_push_srvsvc_NetSrvInfo100(struct ndr_push *ndr, i _PUBLIC_ enum ndr_err_code ndr_pull_srvsvc_NetSrvInfo100(struct ndr_pull *ndr, int ndr_flags, struct srvsvc_NetSrvInfo100 *r) { uint32_t _ptr_server_name; + uint32_t size_server_name_1 = 0; + uint32_t length_server_name_1 = 0; TALLOC_CTX *_mem_save_server_name_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); @@ -6396,11 +6592,13 @@ _PUBLIC_ enum ndr_err_code ndr_pull_srvsvc_NetSrvInfo100(struct ndr_pull *ndr, i NDR_PULL_SET_MEM_CTX(ndr, r->server_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->server_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->server_name)); - if (ndr_get_array_length(ndr, &r->server_name) > ndr_get_array_size(ndr, &r->server_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->server_name), ndr_get_array_length(ndr, &r->server_name)); + size_server_name_1 = ndr_get_array_size(ndr, &r->server_name); + length_server_name_1 = ndr_get_array_length(ndr, &r->server_name); + if (length_server_name_1 > size_server_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_name_1, length_server_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->server_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->server_name, ndr_get_array_length(ndr, &r->server_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->server_name, length_server_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_name_0, 0); } } @@ -6452,8 +6650,12 @@ _PUBLIC_ enum ndr_err_code ndr_push_srvsvc_NetSrvInfo101(struct ndr_push *ndr, i _PUBLIC_ enum ndr_err_code ndr_pull_srvsvc_NetSrvInfo101(struct ndr_pull *ndr, int ndr_flags, struct srvsvc_NetSrvInfo101 *r) { uint32_t _ptr_server_name; + uint32_t size_server_name_1 = 0; + uint32_t length_server_name_1 = 0; TALLOC_CTX *_mem_save_server_name_0; uint32_t _ptr_comment; + uint32_t size_comment_1 = 0; + uint32_t length_comment_1 = 0; TALLOC_CTX *_mem_save_comment_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); @@ -6480,11 +6682,13 @@ _PUBLIC_ enum ndr_err_code ndr_pull_srvsvc_NetSrvInfo101(struct ndr_pull *ndr, i NDR_PULL_SET_MEM_CTX(ndr, r->server_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->server_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->server_name)); - if (ndr_get_array_length(ndr, &r->server_name) > ndr_get_array_size(ndr, &r->server_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->server_name), ndr_get_array_length(ndr, &r->server_name)); + size_server_name_1 = ndr_get_array_size(ndr, &r->server_name); + length_server_name_1 = ndr_get_array_length(ndr, &r->server_name); + if (length_server_name_1 > size_server_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_name_1, length_server_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->server_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->server_name, ndr_get_array_length(ndr, &r->server_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->server_name, length_server_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_name_0, 0); } if (r->comment) { @@ -6492,11 +6696,13 @@ _PUBLIC_ enum ndr_err_code ndr_pull_srvsvc_NetSrvInfo101(struct ndr_pull *ndr, i NDR_PULL_SET_MEM_CTX(ndr, r->comment, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->comment)); NDR_CHECK(ndr_pull_array_length(ndr, &r->comment)); - if (ndr_get_array_length(ndr, &r->comment) > ndr_get_array_size(ndr, &r->comment)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->comment), ndr_get_array_length(ndr, &r->comment)); + size_comment_1 = ndr_get_array_size(ndr, &r->comment); + length_comment_1 = ndr_get_array_length(ndr, &r->comment); + if (length_comment_1 > size_comment_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_comment_1, length_comment_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->comment), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->comment, ndr_get_array_length(ndr, &r->comment), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_comment_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->comment, length_comment_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_comment_0, 0); } } @@ -6570,10 +6776,16 @@ static enum ndr_err_code ndr_push_srvsvc_NetSrvInfo102(struct ndr_push *ndr, int static enum ndr_err_code ndr_pull_srvsvc_NetSrvInfo102(struct ndr_pull *ndr, int ndr_flags, struct srvsvc_NetSrvInfo102 *r) { uint32_t _ptr_server_name; + uint32_t size_server_name_1 = 0; + uint32_t length_server_name_1 = 0; TALLOC_CTX *_mem_save_server_name_0; uint32_t _ptr_comment; + uint32_t size_comment_1 = 0; + uint32_t length_comment_1 = 0; TALLOC_CTX *_mem_save_comment_0; uint32_t _ptr_userpath; + uint32_t size_userpath_1 = 0; + uint32_t length_userpath_1 = 0; TALLOC_CTX *_mem_save_userpath_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); @@ -6612,11 +6824,13 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSrvInfo102(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->server_name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->server_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->server_name)); - if (ndr_get_array_length(ndr, &r->server_name) > ndr_get_array_size(ndr, &r->server_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->server_name), ndr_get_array_length(ndr, &r->server_name)); + size_server_name_1 = ndr_get_array_size(ndr, &r->server_name); + length_server_name_1 = ndr_get_array_length(ndr, &r->server_name); + if (length_server_name_1 > size_server_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_name_1, length_server_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->server_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->server_name, ndr_get_array_length(ndr, &r->server_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->server_name, length_server_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_name_0, 0); } if (r->comment) { @@ -6624,11 +6838,13 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSrvInfo102(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->comment, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->comment)); NDR_CHECK(ndr_pull_array_length(ndr, &r->comment)); - if (ndr_get_array_length(ndr, &r->comment) > ndr_get_array_size(ndr, &r->comment)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->comment), ndr_get_array_length(ndr, &r->comment)); + size_comment_1 = ndr_get_array_size(ndr, &r->comment); + length_comment_1 = ndr_get_array_length(ndr, &r->comment); + if (length_comment_1 > size_comment_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_comment_1, length_comment_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->comment), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->comment, ndr_get_array_length(ndr, &r->comment), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_comment_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->comment, length_comment_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_comment_0, 0); } if (r->userpath) { @@ -6636,11 +6852,13 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSrvInfo102(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->userpath, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->userpath)); NDR_CHECK(ndr_pull_array_length(ndr, &r->userpath)); - if (ndr_get_array_length(ndr, &r->userpath) > ndr_get_array_size(ndr, &r->userpath)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->userpath), ndr_get_array_length(ndr, &r->userpath)); + size_userpath_1 = ndr_get_array_size(ndr, &r->userpath); + length_userpath_1 = ndr_get_array_length(ndr, &r->userpath); + if (length_userpath_1 > size_userpath_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_userpath_1, length_userpath_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->userpath), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->userpath, ndr_get_array_length(ndr, &r->userpath), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_userpath_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->userpath, length_userpath_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_userpath_0, 0); } } @@ -6744,10 +6962,16 @@ static enum ndr_err_code ndr_push_srvsvc_NetSrvInfo402(struct ndr_push *ndr, int static enum ndr_err_code ndr_pull_srvsvc_NetSrvInfo402(struct ndr_pull *ndr, int ndr_flags, struct srvsvc_NetSrvInfo402 *r) { uint32_t _ptr_alerts; + uint32_t size_alerts_1 = 0; + uint32_t length_alerts_1 = 0; TALLOC_CTX *_mem_save_alerts_0; uint32_t _ptr_guestaccount; + uint32_t size_guestaccount_1 = 0; + uint32_t length_guestaccount_1 = 0; TALLOC_CTX *_mem_save_guestaccount_0; uint32_t _ptr_srvheuristics; + uint32_t size_srvheuristics_1 = 0; + uint32_t length_srvheuristics_1 = 0; TALLOC_CTX *_mem_save_srvheuristics_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); @@ -6804,11 +7028,13 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSrvInfo402(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->alerts, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->alerts)); NDR_CHECK(ndr_pull_array_length(ndr, &r->alerts)); - if (ndr_get_array_length(ndr, &r->alerts) > ndr_get_array_size(ndr, &r->alerts)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->alerts), ndr_get_array_length(ndr, &r->alerts)); + size_alerts_1 = ndr_get_array_size(ndr, &r->alerts); + length_alerts_1 = ndr_get_array_length(ndr, &r->alerts); + if (length_alerts_1 > size_alerts_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_alerts_1, length_alerts_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->alerts), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->alerts, ndr_get_array_length(ndr, &r->alerts), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_alerts_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->alerts, length_alerts_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_alerts_0, 0); } if (r->guestaccount) { @@ -6816,11 +7042,13 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSrvInfo402(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->guestaccount, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->guestaccount)); NDR_CHECK(ndr_pull_array_length(ndr, &r->guestaccount)); - if (ndr_get_array_length(ndr, &r->guestaccount) > ndr_get_array_size(ndr, &r->guestaccount)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->guestaccount), ndr_get_array_length(ndr, &r->guestaccount)); + size_guestaccount_1 = ndr_get_array_size(ndr, &r->guestaccount); + length_guestaccount_1 = ndr_get_array_length(ndr, &r->guestaccount); + if (length_guestaccount_1 > size_guestaccount_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_guestaccount_1, length_guestaccount_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->guestaccount), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->guestaccount, ndr_get_array_length(ndr, &r->guestaccount), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_guestaccount_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->guestaccount, length_guestaccount_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_guestaccount_0, 0); } if (r->srvheuristics) { @@ -6828,11 +7056,13 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSrvInfo402(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->srvheuristics, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->srvheuristics)); NDR_CHECK(ndr_pull_array_length(ndr, &r->srvheuristics)); - if (ndr_get_array_length(ndr, &r->srvheuristics) > ndr_get_array_size(ndr, &r->srvheuristics)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->srvheuristics), ndr_get_array_length(ndr, &r->srvheuristics)); + size_srvheuristics_1 = ndr_get_array_size(ndr, &r->srvheuristics); + length_srvheuristics_1 = ndr_get_array_length(ndr, &r->srvheuristics); + if (length_srvheuristics_1 > size_srvheuristics_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_srvheuristics_1, length_srvheuristics_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->srvheuristics), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->srvheuristics, ndr_get_array_length(ndr, &r->srvheuristics), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_srvheuristics_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->srvheuristics, length_srvheuristics_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_srvheuristics_0, 0); } } @@ -6963,12 +7193,20 @@ static enum ndr_err_code ndr_push_srvsvc_NetSrvInfo403(struct ndr_push *ndr, int static enum ndr_err_code ndr_pull_srvsvc_NetSrvInfo403(struct ndr_pull *ndr, int ndr_flags, struct srvsvc_NetSrvInfo403 *r) { uint32_t _ptr_alerts; + uint32_t size_alerts_1 = 0; + uint32_t length_alerts_1 = 0; TALLOC_CTX *_mem_save_alerts_0; uint32_t _ptr_guestaccount; + uint32_t size_guestaccount_1 = 0; + uint32_t length_guestaccount_1 = 0; TALLOC_CTX *_mem_save_guestaccount_0; uint32_t _ptr_srvheuristics; + uint32_t size_srvheuristics_1 = 0; + uint32_t length_srvheuristics_1 = 0; TALLOC_CTX *_mem_save_srvheuristics_0; uint32_t _ptr_autopath; + uint32_t size_autopath_1 = 0; + uint32_t length_autopath_1 = 0; TALLOC_CTX *_mem_save_autopath_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); @@ -7033,11 +7271,13 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSrvInfo403(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->alerts, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->alerts)); NDR_CHECK(ndr_pull_array_length(ndr, &r->alerts)); - if (ndr_get_array_length(ndr, &r->alerts) > ndr_get_array_size(ndr, &r->alerts)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->alerts), ndr_get_array_length(ndr, &r->alerts)); + size_alerts_1 = ndr_get_array_size(ndr, &r->alerts); + length_alerts_1 = ndr_get_array_length(ndr, &r->alerts); + if (length_alerts_1 > size_alerts_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_alerts_1, length_alerts_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->alerts), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->alerts, ndr_get_array_length(ndr, &r->alerts), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_alerts_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->alerts, length_alerts_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_alerts_0, 0); } if (r->guestaccount) { @@ -7045,11 +7285,13 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSrvInfo403(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->guestaccount, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->guestaccount)); NDR_CHECK(ndr_pull_array_length(ndr, &r->guestaccount)); - if (ndr_get_array_length(ndr, &r->guestaccount) > ndr_get_array_size(ndr, &r->guestaccount)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->guestaccount), ndr_get_array_length(ndr, &r->guestaccount)); + size_guestaccount_1 = ndr_get_array_size(ndr, &r->guestaccount); + length_guestaccount_1 = ndr_get_array_length(ndr, &r->guestaccount); + if (length_guestaccount_1 > size_guestaccount_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_guestaccount_1, length_guestaccount_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->guestaccount), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->guestaccount, ndr_get_array_length(ndr, &r->guestaccount), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_guestaccount_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->guestaccount, length_guestaccount_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_guestaccount_0, 0); } if (r->srvheuristics) { @@ -7057,11 +7299,13 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSrvInfo403(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->srvheuristics, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->srvheuristics)); NDR_CHECK(ndr_pull_array_length(ndr, &r->srvheuristics)); - if (ndr_get_array_length(ndr, &r->srvheuristics) > ndr_get_array_size(ndr, &r->srvheuristics)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->srvheuristics), ndr_get_array_length(ndr, &r->srvheuristics)); + size_srvheuristics_1 = ndr_get_array_size(ndr, &r->srvheuristics); + length_srvheuristics_1 = ndr_get_array_length(ndr, &r->srvheuristics); + if (length_srvheuristics_1 > size_srvheuristics_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_srvheuristics_1, length_srvheuristics_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->srvheuristics), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->srvheuristics, ndr_get_array_length(ndr, &r->srvheuristics), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_srvheuristics_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->srvheuristics, length_srvheuristics_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_srvheuristics_0, 0); } if (r->autopath) { @@ -7069,11 +7313,13 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSrvInfo403(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->autopath, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->autopath)); NDR_CHECK(ndr_pull_array_length(ndr, &r->autopath)); - if (ndr_get_array_length(ndr, &r->autopath) > ndr_get_array_size(ndr, &r->autopath)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->autopath), ndr_get_array_length(ndr, &r->autopath)); + size_autopath_1 = ndr_get_array_size(ndr, &r->autopath); + length_autopath_1 = ndr_get_array_length(ndr, &r->autopath); + if (length_autopath_1 > size_autopath_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_autopath_1, length_autopath_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->autopath), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->autopath, ndr_get_array_length(ndr, &r->autopath), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_autopath_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->autopath, length_autopath_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_autopath_0, 0); } } @@ -7283,6 +7529,8 @@ static enum ndr_err_code ndr_push_srvsvc_NetSrvInfo503(struct ndr_push *ndr, int static enum ndr_err_code ndr_pull_srvsvc_NetSrvInfo503(struct ndr_pull *ndr, int ndr_flags, struct srvsvc_NetSrvInfo503 *r) { uint32_t _ptr_domain; + uint32_t size_domain_1 = 0; + uint32_t length_domain_1 = 0; TALLOC_CTX *_mem_save_domain_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); @@ -7340,11 +7588,13 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSrvInfo503(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->domain, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->domain)); NDR_CHECK(ndr_pull_array_length(ndr, &r->domain)); - if (ndr_get_array_length(ndr, &r->domain) > ndr_get_array_size(ndr, &r->domain)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->domain), ndr_get_array_length(ndr, &r->domain)); + size_domain_1 = ndr_get_array_size(ndr, &r->domain); + length_domain_1 = ndr_get_array_length(ndr, &r->domain); + if (length_domain_1 > size_domain_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_domain_1, length_domain_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->domain), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->domain, ndr_get_array_length(ndr, &r->domain), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_domain_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->domain, length_domain_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_domain_0, 0); } } @@ -7479,6 +7729,8 @@ static enum ndr_err_code ndr_push_srvsvc_NetSrvInfo599(struct ndr_push *ndr, int static enum ndr_err_code ndr_pull_srvsvc_NetSrvInfo599(struct ndr_pull *ndr, int ndr_flags, struct srvsvc_NetSrvInfo599 *r) { uint32_t _ptr_domain; + uint32_t size_domain_1 = 0; + uint32_t length_domain_1 = 0; TALLOC_CTX *_mem_save_domain_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); @@ -7549,11 +7801,13 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSrvInfo599(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->domain, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->domain)); NDR_CHECK(ndr_pull_array_length(ndr, &r->domain)); - if (ndr_get_array_length(ndr, &r->domain) > ndr_get_array_size(ndr, &r->domain)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->domain), ndr_get_array_length(ndr, &r->domain)); + size_domain_1 = ndr_get_array_size(ndr, &r->domain); + length_domain_1 = ndr_get_array_length(ndr, &r->domain); + if (length_domain_1 > size_domain_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_domain_1, length_domain_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->domain), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->domain, ndr_get_array_length(ndr, &r->domain), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_domain_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->domain, length_domain_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_domain_0, 0); } } @@ -7647,6 +7901,8 @@ static enum ndr_err_code ndr_push_srvsvc_NetSrvInfo1005(struct ndr_push *ndr, in static enum ndr_err_code ndr_pull_srvsvc_NetSrvInfo1005(struct ndr_pull *ndr, int ndr_flags, struct srvsvc_NetSrvInfo1005 *r) { uint32_t _ptr_comment; + uint32_t size_comment_1 = 0; + uint32_t length_comment_1 = 0; TALLOC_CTX *_mem_save_comment_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); @@ -7663,11 +7919,13 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSrvInfo1005(struct ndr_pull *ndr, in NDR_PULL_SET_MEM_CTX(ndr, r->comment, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->comment)); NDR_CHECK(ndr_pull_array_length(ndr, &r->comment)); - if (ndr_get_array_length(ndr, &r->comment) > ndr_get_array_size(ndr, &r->comment)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->comment), ndr_get_array_length(ndr, &r->comment)); + size_comment_1 = ndr_get_array_size(ndr, &r->comment); + length_comment_1 = ndr_get_array_length(ndr, &r->comment); + if (length_comment_1 > size_comment_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_comment_1, length_comment_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->comment), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->comment, ndr_get_array_length(ndr, &r->comment), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_comment_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->comment, length_comment_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_comment_0, 0); } } @@ -9804,64 +10062,123 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSrvInfo(struct ndr_pull *ndr, int nd int level; uint32_t _level; TALLOC_CTX *_mem_save_info100_0; + uint32_t _ptr_info100; TALLOC_CTX *_mem_save_info101_0; + uint32_t _ptr_info101; TALLOC_CTX *_mem_save_info102_0; + uint32_t _ptr_info102; TALLOC_CTX *_mem_save_info402_0; + uint32_t _ptr_info402; TALLOC_CTX *_mem_save_info403_0; + uint32_t _ptr_info403; TALLOC_CTX *_mem_save_info502_0; + uint32_t _ptr_info502; TALLOC_CTX *_mem_save_info503_0; + uint32_t _ptr_info503; TALLOC_CTX *_mem_save_info599_0; + uint32_t _ptr_info599; TALLOC_CTX *_mem_save_info1005_0; + uint32_t _ptr_info1005; TALLOC_CTX *_mem_save_info1010_0; + uint32_t _ptr_info1010; TALLOC_CTX *_mem_save_info1016_0; + uint32_t _ptr_info1016; TALLOC_CTX *_mem_save_info1017_0; + uint32_t _ptr_info1017; TALLOC_CTX *_mem_save_info1018_0; + uint32_t _ptr_info1018; TALLOC_CTX *_mem_save_info1107_0; + uint32_t _ptr_info1107; TALLOC_CTX *_mem_save_info1501_0; + uint32_t _ptr_info1501; TALLOC_CTX *_mem_save_info1502_0; + uint32_t _ptr_info1502; TALLOC_CTX *_mem_save_info1503_0; + uint32_t _ptr_info1503; TALLOC_CTX *_mem_save_info1506_0; + uint32_t _ptr_info1506; TALLOC_CTX *_mem_save_info1509_0; + uint32_t _ptr_info1509; TALLOC_CTX *_mem_save_info1510_0; + uint32_t _ptr_info1510; TALLOC_CTX *_mem_save_info1511_0; + uint32_t _ptr_info1511; TALLOC_CTX *_mem_save_info1512_0; + uint32_t _ptr_info1512; TALLOC_CTX *_mem_save_info1513_0; + uint32_t _ptr_info1513; TALLOC_CTX *_mem_save_info1514_0; + uint32_t _ptr_info1514; TALLOC_CTX *_mem_save_info1515_0; + uint32_t _ptr_info1515; TALLOC_CTX *_mem_save_info1516_0; + uint32_t _ptr_info1516; TALLOC_CTX *_mem_save_info1518_0; + uint32_t _ptr_info1518; TALLOC_CTX *_mem_save_info1520_0; + uint32_t _ptr_info1520; TALLOC_CTX *_mem_save_info1521_0; + uint32_t _ptr_info1521; TALLOC_CTX *_mem_save_info1522_0; + uint32_t _ptr_info1522; TALLOC_CTX *_mem_save_info1523_0; + uint32_t _ptr_info1523; TALLOC_CTX *_mem_save_info1524_0; + uint32_t _ptr_info1524; TALLOC_CTX *_mem_save_info1525_0; + uint32_t _ptr_info1525; TALLOC_CTX *_mem_save_info1528_0; + uint32_t _ptr_info1528; TALLOC_CTX *_mem_save_info1529_0; + uint32_t _ptr_info1529; TALLOC_CTX *_mem_save_info1530_0; + uint32_t _ptr_info1530; TALLOC_CTX *_mem_save_info1533_0; + uint32_t _ptr_info1533; TALLOC_CTX *_mem_save_info1534_0; + uint32_t _ptr_info1534; TALLOC_CTX *_mem_save_info1535_0; + uint32_t _ptr_info1535; TALLOC_CTX *_mem_save_info1536_0; + uint32_t _ptr_info1536; TALLOC_CTX *_mem_save_info1537_0; + uint32_t _ptr_info1537; TALLOC_CTX *_mem_save_info1538_0; + uint32_t _ptr_info1538; TALLOC_CTX *_mem_save_info1539_0; + uint32_t _ptr_info1539; TALLOC_CTX *_mem_save_info1540_0; + uint32_t _ptr_info1540; TALLOC_CTX *_mem_save_info1541_0; + uint32_t _ptr_info1541; TALLOC_CTX *_mem_save_info1542_0; + uint32_t _ptr_info1542; TALLOC_CTX *_mem_save_info1543_0; + uint32_t _ptr_info1543; TALLOC_CTX *_mem_save_info1544_0; + uint32_t _ptr_info1544; TALLOC_CTX *_mem_save_info1545_0; + uint32_t _ptr_info1545; TALLOC_CTX *_mem_save_info1546_0; + uint32_t _ptr_info1546; TALLOC_CTX *_mem_save_info1547_0; + uint32_t _ptr_info1547; TALLOC_CTX *_mem_save_info1548_0; + uint32_t _ptr_info1548; TALLOC_CTX *_mem_save_info1549_0; + uint32_t _ptr_info1549; TALLOC_CTX *_mem_save_info1550_0; + uint32_t _ptr_info1550; TALLOC_CTX *_mem_save_info1552_0; + uint32_t _ptr_info1552; TALLOC_CTX *_mem_save_info1553_0; + uint32_t _ptr_info1553; TALLOC_CTX *_mem_save_info1554_0; + uint32_t _ptr_info1554; TALLOC_CTX *_mem_save_info1555_0; + uint32_t _ptr_info1555; TALLOC_CTX *_mem_save_info1556_0; + uint32_t _ptr_info1556; level = ndr_pull_get_switch_value(ndr, r); if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &_level)); @@ -9870,7 +10187,6 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSrvInfo(struct ndr_pull *ndr, int nd } switch (level) { case 100: { - uint32_t _ptr_info100; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info100)); if (_ptr_info100) { NDR_PULL_ALLOC(ndr, r->info100); @@ -9880,7 +10196,6 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSrvInfo(struct ndr_pull *ndr, int nd break; } case 101: { - uint32_t _ptr_info101; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info101)); if (_ptr_info101) { NDR_PULL_ALLOC(ndr, r->info101); @@ -9890,7 +10205,6 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSrvInfo(struct ndr_pull *ndr, int nd break; } case 102: { - uint32_t _ptr_info102; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info102)); if (_ptr_info102) { NDR_PULL_ALLOC(ndr, r->info102); @@ -9900,7 +10214,6 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSrvInfo(struct ndr_pull *ndr, int nd break; } case 402: { - uint32_t _ptr_info402; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info402)); if (_ptr_info402) { NDR_PULL_ALLOC(ndr, r->info402); @@ -9910,7 +10223,6 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSrvInfo(struct ndr_pull *ndr, int nd break; } case 403: { - uint32_t _ptr_info403; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info403)); if (_ptr_info403) { NDR_PULL_ALLOC(ndr, r->info403); @@ -9920,7 +10232,6 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSrvInfo(struct ndr_pull *ndr, int nd break; } case 502: { - uint32_t _ptr_info502; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info502)); if (_ptr_info502) { NDR_PULL_ALLOC(ndr, r->info502); @@ -9930,7 +10241,6 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSrvInfo(struct ndr_pull *ndr, int nd break; } case 503: { - uint32_t _ptr_info503; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info503)); if (_ptr_info503) { NDR_PULL_ALLOC(ndr, r->info503); @@ -9940,7 +10250,6 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSrvInfo(struct ndr_pull *ndr, int nd break; } case 599: { - uint32_t _ptr_info599; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info599)); if (_ptr_info599) { NDR_PULL_ALLOC(ndr, r->info599); @@ -9950,7 +10259,6 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSrvInfo(struct ndr_pull *ndr, int nd break; } case 1005: { - uint32_t _ptr_info1005; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info1005)); if (_ptr_info1005) { NDR_PULL_ALLOC(ndr, r->info1005); @@ -9960,7 +10268,6 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSrvInfo(struct ndr_pull *ndr, int nd break; } case 1010: { - uint32_t _ptr_info1010; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info1010)); if (_ptr_info1010) { NDR_PULL_ALLOC(ndr, r->info1010); @@ -9970,7 +10277,6 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSrvInfo(struct ndr_pull *ndr, int nd break; } case 1016: { - uint32_t _ptr_info1016; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info1016)); if (_ptr_info1016) { NDR_PULL_ALLOC(ndr, r->info1016); @@ -9980,7 +10286,6 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSrvInfo(struct ndr_pull *ndr, int nd break; } case 1017: { - uint32_t _ptr_info1017; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info1017)); if (_ptr_info1017) { NDR_PULL_ALLOC(ndr, r->info1017); @@ -9990,7 +10295,6 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSrvInfo(struct ndr_pull *ndr, int nd break; } case 1018: { - uint32_t _ptr_info1018; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info1018)); if (_ptr_info1018) { NDR_PULL_ALLOC(ndr, r->info1018); @@ -10000,7 +10304,6 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSrvInfo(struct ndr_pull *ndr, int nd break; } case 1107: { - uint32_t _ptr_info1107; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info1107)); if (_ptr_info1107) { NDR_PULL_ALLOC(ndr, r->info1107); @@ -10010,7 +10313,6 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSrvInfo(struct ndr_pull *ndr, int nd break; } case 1501: { - uint32_t _ptr_info1501; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info1501)); if (_ptr_info1501) { NDR_PULL_ALLOC(ndr, r->info1501); @@ -10020,7 +10322,6 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSrvInfo(struct ndr_pull *ndr, int nd break; } case 1502: { - uint32_t _ptr_info1502; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info1502)); if (_ptr_info1502) { NDR_PULL_ALLOC(ndr, r->info1502); @@ -10030,7 +10331,6 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSrvInfo(struct ndr_pull *ndr, int nd break; } case 1503: { - uint32_t _ptr_info1503; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info1503)); if (_ptr_info1503) { NDR_PULL_ALLOC(ndr, r->info1503); @@ -10040,7 +10340,6 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSrvInfo(struct ndr_pull *ndr, int nd break; } case 1506: { - uint32_t _ptr_info1506; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info1506)); if (_ptr_info1506) { NDR_PULL_ALLOC(ndr, r->info1506); @@ -10050,7 +10349,6 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSrvInfo(struct ndr_pull *ndr, int nd break; } case 1509: { - uint32_t _ptr_info1509; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info1509)); if (_ptr_info1509) { NDR_PULL_ALLOC(ndr, r->info1509); @@ -10060,7 +10358,6 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSrvInfo(struct ndr_pull *ndr, int nd break; } case 1510: { - uint32_t _ptr_info1510; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info1510)); if (_ptr_info1510) { NDR_PULL_ALLOC(ndr, r->info1510); @@ -10070,7 +10367,6 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSrvInfo(struct ndr_pull *ndr, int nd break; } case 1511: { - uint32_t _ptr_info1511; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info1511)); if (_ptr_info1511) { NDR_PULL_ALLOC(ndr, r->info1511); @@ -10080,7 +10376,6 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSrvInfo(struct ndr_pull *ndr, int nd break; } case 1512: { - uint32_t _ptr_info1512; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info1512)); if (_ptr_info1512) { NDR_PULL_ALLOC(ndr, r->info1512); @@ -10090,7 +10385,6 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSrvInfo(struct ndr_pull *ndr, int nd break; } case 1513: { - uint32_t _ptr_info1513; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info1513)); if (_ptr_info1513) { NDR_PULL_ALLOC(ndr, r->info1513); @@ -10100,7 +10394,6 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSrvInfo(struct ndr_pull *ndr, int nd break; } case 1514: { - uint32_t _ptr_info1514; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info1514)); if (_ptr_info1514) { NDR_PULL_ALLOC(ndr, r->info1514); @@ -10110,7 +10403,6 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSrvInfo(struct ndr_pull *ndr, int nd break; } case 1515: { - uint32_t _ptr_info1515; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info1515)); if (_ptr_info1515) { NDR_PULL_ALLOC(ndr, r->info1515); @@ -10120,7 +10412,6 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSrvInfo(struct ndr_pull *ndr, int nd break; } case 1516: { - uint32_t _ptr_info1516; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info1516)); if (_ptr_info1516) { NDR_PULL_ALLOC(ndr, r->info1516); @@ -10130,7 +10421,6 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSrvInfo(struct ndr_pull *ndr, int nd break; } case 1518: { - uint32_t _ptr_info1518; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info1518)); if (_ptr_info1518) { NDR_PULL_ALLOC(ndr, r->info1518); @@ -10140,7 +10430,6 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSrvInfo(struct ndr_pull *ndr, int nd break; } case 1520: { - uint32_t _ptr_info1520; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info1520)); if (_ptr_info1520) { NDR_PULL_ALLOC(ndr, r->info1520); @@ -10150,7 +10439,6 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSrvInfo(struct ndr_pull *ndr, int nd break; } case 1521: { - uint32_t _ptr_info1521; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info1521)); if (_ptr_info1521) { NDR_PULL_ALLOC(ndr, r->info1521); @@ -10160,7 +10448,6 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSrvInfo(struct ndr_pull *ndr, int nd break; } case 1522: { - uint32_t _ptr_info1522; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info1522)); if (_ptr_info1522) { NDR_PULL_ALLOC(ndr, r->info1522); @@ -10170,7 +10457,6 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSrvInfo(struct ndr_pull *ndr, int nd break; } case 1523: { - uint32_t _ptr_info1523; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info1523)); if (_ptr_info1523) { NDR_PULL_ALLOC(ndr, r->info1523); @@ -10180,7 +10466,6 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSrvInfo(struct ndr_pull *ndr, int nd break; } case 1524: { - uint32_t _ptr_info1524; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info1524)); if (_ptr_info1524) { NDR_PULL_ALLOC(ndr, r->info1524); @@ -10190,7 +10475,6 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSrvInfo(struct ndr_pull *ndr, int nd break; } case 1525: { - uint32_t _ptr_info1525; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info1525)); if (_ptr_info1525) { NDR_PULL_ALLOC(ndr, r->info1525); @@ -10200,7 +10484,6 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSrvInfo(struct ndr_pull *ndr, int nd break; } case 1528: { - uint32_t _ptr_info1528; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info1528)); if (_ptr_info1528) { NDR_PULL_ALLOC(ndr, r->info1528); @@ -10210,7 +10493,6 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSrvInfo(struct ndr_pull *ndr, int nd break; } case 1529: { - uint32_t _ptr_info1529; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info1529)); if (_ptr_info1529) { NDR_PULL_ALLOC(ndr, r->info1529); @@ -10220,7 +10502,6 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSrvInfo(struct ndr_pull *ndr, int nd break; } case 1530: { - uint32_t _ptr_info1530; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info1530)); if (_ptr_info1530) { NDR_PULL_ALLOC(ndr, r->info1530); @@ -10230,7 +10511,6 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSrvInfo(struct ndr_pull *ndr, int nd break; } case 1533: { - uint32_t _ptr_info1533; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info1533)); if (_ptr_info1533) { NDR_PULL_ALLOC(ndr, r->info1533); @@ -10240,7 +10520,6 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSrvInfo(struct ndr_pull *ndr, int nd break; } case 1534: { - uint32_t _ptr_info1534; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info1534)); if (_ptr_info1534) { NDR_PULL_ALLOC(ndr, r->info1534); @@ -10250,7 +10529,6 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSrvInfo(struct ndr_pull *ndr, int nd break; } case 1535: { - uint32_t _ptr_info1535; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info1535)); if (_ptr_info1535) { NDR_PULL_ALLOC(ndr, r->info1535); @@ -10260,7 +10538,6 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSrvInfo(struct ndr_pull *ndr, int nd break; } case 1536: { - uint32_t _ptr_info1536; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info1536)); if (_ptr_info1536) { NDR_PULL_ALLOC(ndr, r->info1536); @@ -10270,7 +10547,6 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSrvInfo(struct ndr_pull *ndr, int nd break; } case 1537: { - uint32_t _ptr_info1537; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info1537)); if (_ptr_info1537) { NDR_PULL_ALLOC(ndr, r->info1537); @@ -10280,7 +10556,6 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSrvInfo(struct ndr_pull *ndr, int nd break; } case 1538: { - uint32_t _ptr_info1538; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info1538)); if (_ptr_info1538) { NDR_PULL_ALLOC(ndr, r->info1538); @@ -10290,7 +10565,6 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSrvInfo(struct ndr_pull *ndr, int nd break; } case 1539: { - uint32_t _ptr_info1539; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info1539)); if (_ptr_info1539) { NDR_PULL_ALLOC(ndr, r->info1539); @@ -10300,7 +10574,6 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSrvInfo(struct ndr_pull *ndr, int nd break; } case 1540: { - uint32_t _ptr_info1540; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info1540)); if (_ptr_info1540) { NDR_PULL_ALLOC(ndr, r->info1540); @@ -10310,7 +10583,6 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSrvInfo(struct ndr_pull *ndr, int nd break; } case 1541: { - uint32_t _ptr_info1541; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info1541)); if (_ptr_info1541) { NDR_PULL_ALLOC(ndr, r->info1541); @@ -10320,7 +10592,6 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSrvInfo(struct ndr_pull *ndr, int nd break; } case 1542: { - uint32_t _ptr_info1542; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info1542)); if (_ptr_info1542) { NDR_PULL_ALLOC(ndr, r->info1542); @@ -10330,7 +10601,6 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSrvInfo(struct ndr_pull *ndr, int nd break; } case 1543: { - uint32_t _ptr_info1543; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info1543)); if (_ptr_info1543) { NDR_PULL_ALLOC(ndr, r->info1543); @@ -10340,7 +10610,6 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSrvInfo(struct ndr_pull *ndr, int nd break; } case 1544: { - uint32_t _ptr_info1544; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info1544)); if (_ptr_info1544) { NDR_PULL_ALLOC(ndr, r->info1544); @@ -10350,7 +10619,6 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSrvInfo(struct ndr_pull *ndr, int nd break; } case 1545: { - uint32_t _ptr_info1545; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info1545)); if (_ptr_info1545) { NDR_PULL_ALLOC(ndr, r->info1545); @@ -10360,7 +10628,6 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSrvInfo(struct ndr_pull *ndr, int nd break; } case 1546: { - uint32_t _ptr_info1546; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info1546)); if (_ptr_info1546) { NDR_PULL_ALLOC(ndr, r->info1546); @@ -10370,7 +10637,6 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSrvInfo(struct ndr_pull *ndr, int nd break; } case 1547: { - uint32_t _ptr_info1547; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info1547)); if (_ptr_info1547) { NDR_PULL_ALLOC(ndr, r->info1547); @@ -10380,7 +10646,6 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSrvInfo(struct ndr_pull *ndr, int nd break; } case 1548: { - uint32_t _ptr_info1548; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info1548)); if (_ptr_info1548) { NDR_PULL_ALLOC(ndr, r->info1548); @@ -10390,7 +10655,6 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSrvInfo(struct ndr_pull *ndr, int nd break; } case 1549: { - uint32_t _ptr_info1549; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info1549)); if (_ptr_info1549) { NDR_PULL_ALLOC(ndr, r->info1549); @@ -10400,7 +10664,6 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSrvInfo(struct ndr_pull *ndr, int nd break; } case 1550: { - uint32_t _ptr_info1550; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info1550)); if (_ptr_info1550) { NDR_PULL_ALLOC(ndr, r->info1550); @@ -10410,7 +10673,6 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSrvInfo(struct ndr_pull *ndr, int nd break; } case 1552: { - uint32_t _ptr_info1552; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info1552)); if (_ptr_info1552) { NDR_PULL_ALLOC(ndr, r->info1552); @@ -10420,7 +10682,6 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSrvInfo(struct ndr_pull *ndr, int nd break; } case 1553: { - uint32_t _ptr_info1553; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info1553)); if (_ptr_info1553) { NDR_PULL_ALLOC(ndr, r->info1553); @@ -10430,7 +10691,6 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSrvInfo(struct ndr_pull *ndr, int nd break; } case 1554: { - uint32_t _ptr_info1554; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info1554)); if (_ptr_info1554) { NDR_PULL_ALLOC(ndr, r->info1554); @@ -10440,7 +10700,6 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSrvInfo(struct ndr_pull *ndr, int nd break; } case 1555: { - uint32_t _ptr_info1555; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info1555)); if (_ptr_info1555) { NDR_PULL_ALLOC(ndr, r->info1555); @@ -10450,7 +10709,6 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSrvInfo(struct ndr_pull *ndr, int nd break; } case 1556: { - uint32_t _ptr_info1556; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info1556)); if (_ptr_info1556) { NDR_PULL_ALLOC(ndr, r->info1556); @@ -11563,11 +11821,13 @@ static enum ndr_err_code ndr_push_srvsvc_NetDiskInfo0(struct ndr_push *ndr, int static enum ndr_err_code ndr_pull_srvsvc_NetDiskInfo0(struct ndr_pull *ndr, int ndr_flags, struct srvsvc_NetDiskInfo0 *r) { + uint32_t size_disk_0 = 0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->__disk_offset)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->__disk_length)); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->disk, r->__disk_length, sizeof(uint16_t), CH_UTF16)); + size_disk_0 = r->__disk_length; + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->disk, size_disk_0, sizeof(uint16_t), CH_UTF16)); } if (ndr_flags & NDR_BUFFERS) { } @@ -11608,6 +11868,8 @@ static enum ndr_err_code ndr_push_srvsvc_NetDiskInfo(struct ndr_push *ndr, int n static enum ndr_err_code ndr_pull_srvsvc_NetDiskInfo(struct ndr_pull *ndr, int ndr_flags, struct srvsvc_NetDiskInfo *r) { uint32_t _ptr_disks; + uint32_t size_disks_1 = 0; + uint32_t length_disks_1 = 0; uint32_t cntr_disks_1; TALLOC_CTX *_mem_save_disks_0; TALLOC_CTX *_mem_save_disks_1; @@ -11627,13 +11889,15 @@ static enum ndr_err_code ndr_pull_srvsvc_NetDiskInfo(struct ndr_pull *ndr, int n NDR_PULL_SET_MEM_CTX(ndr, r->disks, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->disks)); NDR_CHECK(ndr_pull_array_length(ndr, &r->disks)); - if (ndr_get_array_length(ndr, &r->disks) > ndr_get_array_size(ndr, &r->disks)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->disks), ndr_get_array_length(ndr, &r->disks)); + size_disks_1 = ndr_get_array_size(ndr, &r->disks); + length_disks_1 = ndr_get_array_length(ndr, &r->disks); + if (length_disks_1 > size_disks_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_disks_1, length_disks_1); } - NDR_PULL_ALLOC_N(ndr, r->disks, ndr_get_array_size(ndr, &r->disks)); + NDR_PULL_ALLOC_N(ndr, r->disks, size_disks_1); _mem_save_disks_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->disks, 0); - for (cntr_disks_1 = 0; cntr_disks_1 < r->count; cntr_disks_1++) { + for (cntr_disks_1 = 0; cntr_disks_1 < length_disks_1; cntr_disks_1++) { NDR_CHECK(ndr_pull_srvsvc_NetDiskInfo0(ndr, NDR_SCALARS, &r->disks[cntr_disks_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_disks_1, 0); @@ -11785,10 +12049,15 @@ static enum ndr_err_code ndr_push_srvsvc_NetTransportInfo0(struct ndr_push *ndr, static enum ndr_err_code ndr_pull_srvsvc_NetTransportInfo0(struct ndr_pull *ndr, int ndr_flags, struct srvsvc_NetTransportInfo0 *r) { uint32_t _ptr_name; + uint32_t size_name_1 = 0; + uint32_t length_name_1 = 0; TALLOC_CTX *_mem_save_name_0; uint32_t _ptr_addr; + uint32_t size_addr_1 = 0; TALLOC_CTX *_mem_save_addr_0; uint32_t _ptr_net_addr; + uint32_t size_net_addr_1 = 0; + uint32_t length_net_addr_1 = 0; TALLOC_CTX *_mem_save_net_addr_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); @@ -11819,19 +12088,22 @@ static enum ndr_err_code ndr_pull_srvsvc_NetTransportInfo0(struct ndr_pull *ndr, NDR_PULL_SET_MEM_CTX(ndr, r->name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->name)); - if (ndr_get_array_length(ndr, &r->name) > ndr_get_array_size(ndr, &r->name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->name), ndr_get_array_length(ndr, &r->name)); + size_name_1 = ndr_get_array_size(ndr, &r->name); + length_name_1 = ndr_get_array_length(ndr, &r->name); + if (length_name_1 > size_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_name_1, length_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->name, ndr_get_array_length(ndr, &r->name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->name, length_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_name_0, 0); } if (r->addr) { _mem_save_addr_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->addr, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->addr)); - NDR_PULL_ALLOC_N(ndr, r->addr, ndr_get_array_size(ndr, &r->addr)); - NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->addr, ndr_get_array_size(ndr, &r->addr))); + size_addr_1 = ndr_get_array_size(ndr, &r->addr); + NDR_PULL_ALLOC_N(ndr, r->addr, size_addr_1); + NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->addr, size_addr_1)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_addr_0, 0); } if (r->net_addr) { @@ -11839,11 +12111,13 @@ static enum ndr_err_code ndr_pull_srvsvc_NetTransportInfo0(struct ndr_pull *ndr, NDR_PULL_SET_MEM_CTX(ndr, r->net_addr, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->net_addr)); NDR_CHECK(ndr_pull_array_length(ndr, &r->net_addr)); - if (ndr_get_array_length(ndr, &r->net_addr) > ndr_get_array_size(ndr, &r->net_addr)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->net_addr), ndr_get_array_length(ndr, &r->net_addr)); + size_net_addr_1 = ndr_get_array_size(ndr, &r->net_addr); + length_net_addr_1 = ndr_get_array_length(ndr, &r->net_addr); + if (length_net_addr_1 > size_net_addr_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_net_addr_1, length_net_addr_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->net_addr), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->net_addr, ndr_get_array_length(ndr, &r->net_addr), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_net_addr_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->net_addr, length_net_addr_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_net_addr_0, 0); } if (r->addr) { @@ -11905,6 +12179,7 @@ static enum ndr_err_code ndr_push_srvsvc_NetTransportCtr0(struct ndr_push *ndr, static enum ndr_err_code ndr_pull_srvsvc_NetTransportCtr0(struct ndr_pull *ndr, int ndr_flags, struct srvsvc_NetTransportCtr0 *r) { uint32_t _ptr_array; + uint32_t size_array_1 = 0; uint32_t cntr_array_1; TALLOC_CTX *_mem_save_array_0; TALLOC_CTX *_mem_save_array_1; @@ -11923,13 +12198,14 @@ static enum ndr_err_code ndr_pull_srvsvc_NetTransportCtr0(struct ndr_pull *ndr, _mem_save_array_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->array)); - NDR_PULL_ALLOC_N(ndr, r->array, ndr_get_array_size(ndr, &r->array)); + size_array_1 = ndr_get_array_size(ndr, &r->array); + NDR_PULL_ALLOC_N(ndr, r->array, size_array_1); _mem_save_array_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); - for (cntr_array_1 = 0; cntr_array_1 < r->count; cntr_array_1++) { + for (cntr_array_1 = 0; cntr_array_1 < size_array_1; cntr_array_1++) { NDR_CHECK(ndr_pull_srvsvc_NetTransportInfo0(ndr, NDR_SCALARS, &r->array[cntr_array_1])); } - for (cntr_array_1 = 0; cntr_array_1 < r->count; cntr_array_1++) { + for (cntr_array_1 = 0; cntr_array_1 < size_array_1; cntr_array_1++) { NDR_CHECK(ndr_pull_srvsvc_NetTransportInfo0(ndr, NDR_BUFFERS, &r->array[cntr_array_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_array_1, 0); @@ -12007,12 +12283,19 @@ static enum ndr_err_code ndr_push_srvsvc_NetTransportInfo1(struct ndr_push *ndr, static enum ndr_err_code ndr_pull_srvsvc_NetTransportInfo1(struct ndr_pull *ndr, int ndr_flags, struct srvsvc_NetTransportInfo1 *r) { uint32_t _ptr_name; + uint32_t size_name_1 = 0; + uint32_t length_name_1 = 0; TALLOC_CTX *_mem_save_name_0; uint32_t _ptr_addr; + uint32_t size_addr_1 = 0; TALLOC_CTX *_mem_save_addr_0; uint32_t _ptr_net_addr; + uint32_t size_net_addr_1 = 0; + uint32_t length_net_addr_1 = 0; TALLOC_CTX *_mem_save_net_addr_0; uint32_t _ptr_domain; + uint32_t size_domain_1 = 0; + uint32_t length_domain_1 = 0; TALLOC_CTX *_mem_save_domain_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); @@ -12049,19 +12332,22 @@ static enum ndr_err_code ndr_pull_srvsvc_NetTransportInfo1(struct ndr_pull *ndr, NDR_PULL_SET_MEM_CTX(ndr, r->name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->name)); - if (ndr_get_array_length(ndr, &r->name) > ndr_get_array_size(ndr, &r->name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->name), ndr_get_array_length(ndr, &r->name)); + size_name_1 = ndr_get_array_size(ndr, &r->name); + length_name_1 = ndr_get_array_length(ndr, &r->name); + if (length_name_1 > size_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_name_1, length_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->name, ndr_get_array_length(ndr, &r->name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->name, length_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_name_0, 0); } if (r->addr) { _mem_save_addr_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->addr, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->addr)); - NDR_PULL_ALLOC_N(ndr, r->addr, ndr_get_array_size(ndr, &r->addr)); - NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->addr, ndr_get_array_size(ndr, &r->addr))); + size_addr_1 = ndr_get_array_size(ndr, &r->addr); + NDR_PULL_ALLOC_N(ndr, r->addr, size_addr_1); + NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->addr, size_addr_1)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_addr_0, 0); } if (r->net_addr) { @@ -12069,11 +12355,13 @@ static enum ndr_err_code ndr_pull_srvsvc_NetTransportInfo1(struct ndr_pull *ndr, NDR_PULL_SET_MEM_CTX(ndr, r->net_addr, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->net_addr)); NDR_CHECK(ndr_pull_array_length(ndr, &r->net_addr)); - if (ndr_get_array_length(ndr, &r->net_addr) > ndr_get_array_size(ndr, &r->net_addr)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->net_addr), ndr_get_array_length(ndr, &r->net_addr)); + size_net_addr_1 = ndr_get_array_size(ndr, &r->net_addr); + length_net_addr_1 = ndr_get_array_length(ndr, &r->net_addr); + if (length_net_addr_1 > size_net_addr_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_net_addr_1, length_net_addr_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->net_addr), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->net_addr, ndr_get_array_length(ndr, &r->net_addr), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_net_addr_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->net_addr, length_net_addr_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_net_addr_0, 0); } if (r->domain) { @@ -12081,11 +12369,13 @@ static enum ndr_err_code ndr_pull_srvsvc_NetTransportInfo1(struct ndr_pull *ndr, NDR_PULL_SET_MEM_CTX(ndr, r->domain, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->domain)); NDR_CHECK(ndr_pull_array_length(ndr, &r->domain)); - if (ndr_get_array_length(ndr, &r->domain) > ndr_get_array_size(ndr, &r->domain)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->domain), ndr_get_array_length(ndr, &r->domain)); + size_domain_1 = ndr_get_array_size(ndr, &r->domain); + length_domain_1 = ndr_get_array_length(ndr, &r->domain); + if (length_domain_1 > size_domain_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_domain_1, length_domain_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->domain), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->domain, ndr_get_array_length(ndr, &r->domain), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_domain_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->domain, length_domain_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_domain_0, 0); } if (r->addr) { @@ -12153,6 +12443,7 @@ static enum ndr_err_code ndr_push_srvsvc_NetTransportCtr1(struct ndr_push *ndr, static enum ndr_err_code ndr_pull_srvsvc_NetTransportCtr1(struct ndr_pull *ndr, int ndr_flags, struct srvsvc_NetTransportCtr1 *r) { uint32_t _ptr_array; + uint32_t size_array_1 = 0; uint32_t cntr_array_1; TALLOC_CTX *_mem_save_array_0; TALLOC_CTX *_mem_save_array_1; @@ -12171,13 +12462,14 @@ static enum ndr_err_code ndr_pull_srvsvc_NetTransportCtr1(struct ndr_pull *ndr, _mem_save_array_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->array)); - NDR_PULL_ALLOC_N(ndr, r->array, ndr_get_array_size(ndr, &r->array)); + size_array_1 = ndr_get_array_size(ndr, &r->array); + NDR_PULL_ALLOC_N(ndr, r->array, size_array_1); _mem_save_array_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); - for (cntr_array_1 = 0; cntr_array_1 < r->count; cntr_array_1++) { + for (cntr_array_1 = 0; cntr_array_1 < size_array_1; cntr_array_1++) { NDR_CHECK(ndr_pull_srvsvc_NetTransportInfo1(ndr, NDR_SCALARS, &r->array[cntr_array_1])); } - for (cntr_array_1 = 0; cntr_array_1 < r->count; cntr_array_1++) { + for (cntr_array_1 = 0; cntr_array_1 < size_array_1; cntr_array_1++) { NDR_CHECK(ndr_pull_srvsvc_NetTransportInfo1(ndr, NDR_BUFFERS, &r->array[cntr_array_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_array_1, 0); @@ -12256,12 +12548,19 @@ static enum ndr_err_code ndr_push_srvsvc_NetTransportInfo2(struct ndr_push *ndr, static enum ndr_err_code ndr_pull_srvsvc_NetTransportInfo2(struct ndr_pull *ndr, int ndr_flags, struct srvsvc_NetTransportInfo2 *r) { uint32_t _ptr_name; + uint32_t size_name_1 = 0; + uint32_t length_name_1 = 0; TALLOC_CTX *_mem_save_name_0; uint32_t _ptr_addr; + uint32_t size_addr_1 = 0; TALLOC_CTX *_mem_save_addr_0; uint32_t _ptr_net_addr; + uint32_t size_net_addr_1 = 0; + uint32_t length_net_addr_1 = 0; TALLOC_CTX *_mem_save_net_addr_0; uint32_t _ptr_domain; + uint32_t size_domain_1 = 0; + uint32_t length_domain_1 = 0; TALLOC_CTX *_mem_save_domain_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); @@ -12299,19 +12598,22 @@ static enum ndr_err_code ndr_pull_srvsvc_NetTransportInfo2(struct ndr_pull *ndr, NDR_PULL_SET_MEM_CTX(ndr, r->name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->name)); - if (ndr_get_array_length(ndr, &r->name) > ndr_get_array_size(ndr, &r->name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->name), ndr_get_array_length(ndr, &r->name)); + size_name_1 = ndr_get_array_size(ndr, &r->name); + length_name_1 = ndr_get_array_length(ndr, &r->name); + if (length_name_1 > size_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_name_1, length_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->name, ndr_get_array_length(ndr, &r->name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->name, length_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_name_0, 0); } if (r->addr) { _mem_save_addr_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->addr, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->addr)); - NDR_PULL_ALLOC_N(ndr, r->addr, ndr_get_array_size(ndr, &r->addr)); - NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->addr, ndr_get_array_size(ndr, &r->addr))); + size_addr_1 = ndr_get_array_size(ndr, &r->addr); + NDR_PULL_ALLOC_N(ndr, r->addr, size_addr_1); + NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->addr, size_addr_1)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_addr_0, 0); } if (r->net_addr) { @@ -12319,11 +12621,13 @@ static enum ndr_err_code ndr_pull_srvsvc_NetTransportInfo2(struct ndr_pull *ndr, NDR_PULL_SET_MEM_CTX(ndr, r->net_addr, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->net_addr)); NDR_CHECK(ndr_pull_array_length(ndr, &r->net_addr)); - if (ndr_get_array_length(ndr, &r->net_addr) > ndr_get_array_size(ndr, &r->net_addr)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->net_addr), ndr_get_array_length(ndr, &r->net_addr)); + size_net_addr_1 = ndr_get_array_size(ndr, &r->net_addr); + length_net_addr_1 = ndr_get_array_length(ndr, &r->net_addr); + if (length_net_addr_1 > size_net_addr_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_net_addr_1, length_net_addr_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->net_addr), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->net_addr, ndr_get_array_length(ndr, &r->net_addr), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_net_addr_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->net_addr, length_net_addr_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_net_addr_0, 0); } if (r->domain) { @@ -12331,11 +12635,13 @@ static enum ndr_err_code ndr_pull_srvsvc_NetTransportInfo2(struct ndr_pull *ndr, NDR_PULL_SET_MEM_CTX(ndr, r->domain, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->domain)); NDR_CHECK(ndr_pull_array_length(ndr, &r->domain)); - if (ndr_get_array_length(ndr, &r->domain) > ndr_get_array_size(ndr, &r->domain)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->domain), ndr_get_array_length(ndr, &r->domain)); + size_domain_1 = ndr_get_array_size(ndr, &r->domain); + length_domain_1 = ndr_get_array_length(ndr, &r->domain); + if (length_domain_1 > size_domain_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_domain_1, length_domain_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->domain), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->domain, ndr_get_array_length(ndr, &r->domain), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_domain_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->domain, length_domain_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_domain_0, 0); } if (r->addr) { @@ -12404,6 +12710,7 @@ static enum ndr_err_code ndr_push_srvsvc_NetTransportCtr2(struct ndr_push *ndr, static enum ndr_err_code ndr_pull_srvsvc_NetTransportCtr2(struct ndr_pull *ndr, int ndr_flags, struct srvsvc_NetTransportCtr2 *r) { uint32_t _ptr_array; + uint32_t size_array_1 = 0; uint32_t cntr_array_1; TALLOC_CTX *_mem_save_array_0; TALLOC_CTX *_mem_save_array_1; @@ -12422,13 +12729,14 @@ static enum ndr_err_code ndr_pull_srvsvc_NetTransportCtr2(struct ndr_pull *ndr, _mem_save_array_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->array)); - NDR_PULL_ALLOC_N(ndr, r->array, ndr_get_array_size(ndr, &r->array)); + size_array_1 = ndr_get_array_size(ndr, &r->array); + NDR_PULL_ALLOC_N(ndr, r->array, size_array_1); _mem_save_array_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); - for (cntr_array_1 = 0; cntr_array_1 < r->count; cntr_array_1++) { + for (cntr_array_1 = 0; cntr_array_1 < size_array_1; cntr_array_1++) { NDR_CHECK(ndr_pull_srvsvc_NetTransportInfo2(ndr, NDR_SCALARS, &r->array[cntr_array_1])); } - for (cntr_array_1 = 0; cntr_array_1 < r->count; cntr_array_1++) { + for (cntr_array_1 = 0; cntr_array_1 < size_array_1; cntr_array_1++) { NDR_CHECK(ndr_pull_srvsvc_NetTransportInfo2(ndr, NDR_BUFFERS, &r->array[cntr_array_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_array_1, 0); @@ -12509,13 +12817,21 @@ static enum ndr_err_code ndr_push_srvsvc_NetTransportInfo3(struct ndr_push *ndr, static enum ndr_err_code ndr_pull_srvsvc_NetTransportInfo3(struct ndr_pull *ndr, int ndr_flags, struct srvsvc_NetTransportInfo3 *r) { uint32_t _ptr_name; + uint32_t size_name_1 = 0; + uint32_t length_name_1 = 0; TALLOC_CTX *_mem_save_name_0; uint32_t _ptr_addr; + uint32_t size_addr_1 = 0; TALLOC_CTX *_mem_save_addr_0; uint32_t _ptr_net_addr; + uint32_t size_net_addr_1 = 0; + uint32_t length_net_addr_1 = 0; TALLOC_CTX *_mem_save_net_addr_0; uint32_t _ptr_domain; + uint32_t size_domain_1 = 0; + uint32_t length_domain_1 = 0; TALLOC_CTX *_mem_save_domain_0; + uint32_t size_unknown3_0 = 0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->vcs)); @@ -12546,7 +12862,8 @@ static enum ndr_err_code ndr_pull_srvsvc_NetTransportInfo3(struct ndr_pull *ndr, } NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->unknown1)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->unknown2)); - NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->unknown3, 256)); + size_unknown3_0 = 256; + NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->unknown3, size_unknown3_0)); } if (ndr_flags & NDR_BUFFERS) { if (r->name) { @@ -12554,19 +12871,22 @@ static enum ndr_err_code ndr_pull_srvsvc_NetTransportInfo3(struct ndr_pull *ndr, NDR_PULL_SET_MEM_CTX(ndr, r->name, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->name)); - if (ndr_get_array_length(ndr, &r->name) > ndr_get_array_size(ndr, &r->name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->name), ndr_get_array_length(ndr, &r->name)); + size_name_1 = ndr_get_array_size(ndr, &r->name); + length_name_1 = ndr_get_array_length(ndr, &r->name); + if (length_name_1 > size_name_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_name_1, length_name_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->name, ndr_get_array_length(ndr, &r->name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_name_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->name, length_name_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_name_0, 0); } if (r->addr) { _mem_save_addr_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->addr, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->addr)); - NDR_PULL_ALLOC_N(ndr, r->addr, ndr_get_array_size(ndr, &r->addr)); - NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->addr, ndr_get_array_size(ndr, &r->addr))); + size_addr_1 = ndr_get_array_size(ndr, &r->addr); + NDR_PULL_ALLOC_N(ndr, r->addr, size_addr_1); + NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->addr, size_addr_1)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_addr_0, 0); } if (r->net_addr) { @@ -12574,11 +12894,13 @@ static enum ndr_err_code ndr_pull_srvsvc_NetTransportInfo3(struct ndr_pull *ndr, NDR_PULL_SET_MEM_CTX(ndr, r->net_addr, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->net_addr)); NDR_CHECK(ndr_pull_array_length(ndr, &r->net_addr)); - if (ndr_get_array_length(ndr, &r->net_addr) > ndr_get_array_size(ndr, &r->net_addr)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->net_addr), ndr_get_array_length(ndr, &r->net_addr)); + size_net_addr_1 = ndr_get_array_size(ndr, &r->net_addr); + length_net_addr_1 = ndr_get_array_length(ndr, &r->net_addr); + if (length_net_addr_1 > size_net_addr_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_net_addr_1, length_net_addr_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->net_addr), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->net_addr, ndr_get_array_length(ndr, &r->net_addr), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_net_addr_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->net_addr, length_net_addr_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_net_addr_0, 0); } if (r->domain) { @@ -12586,11 +12908,13 @@ static enum ndr_err_code ndr_pull_srvsvc_NetTransportInfo3(struct ndr_pull *ndr, NDR_PULL_SET_MEM_CTX(ndr, r->domain, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->domain)); NDR_CHECK(ndr_pull_array_length(ndr, &r->domain)); - if (ndr_get_array_length(ndr, &r->domain) > ndr_get_array_size(ndr, &r->domain)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->domain), ndr_get_array_length(ndr, &r->domain)); + size_domain_1 = ndr_get_array_size(ndr, &r->domain); + length_domain_1 = ndr_get_array_length(ndr, &r->domain); + if (length_domain_1 > size_domain_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_domain_1, length_domain_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->domain), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->domain, ndr_get_array_length(ndr, &r->domain), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_domain_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->domain, length_domain_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_domain_0, 0); } if (r->addr) { @@ -12661,6 +12985,7 @@ static enum ndr_err_code ndr_push_srvsvc_NetTransportCtr3(struct ndr_push *ndr, static enum ndr_err_code ndr_pull_srvsvc_NetTransportCtr3(struct ndr_pull *ndr, int ndr_flags, struct srvsvc_NetTransportCtr3 *r) { uint32_t _ptr_array; + uint32_t size_array_1 = 0; uint32_t cntr_array_1; TALLOC_CTX *_mem_save_array_0; TALLOC_CTX *_mem_save_array_1; @@ -12679,13 +13004,14 @@ static enum ndr_err_code ndr_pull_srvsvc_NetTransportCtr3(struct ndr_pull *ndr, _mem_save_array_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->array)); - NDR_PULL_ALLOC_N(ndr, r->array, ndr_get_array_size(ndr, &r->array)); + size_array_1 = ndr_get_array_size(ndr, &r->array); + NDR_PULL_ALLOC_N(ndr, r->array, size_array_1); _mem_save_array_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); - for (cntr_array_1 = 0; cntr_array_1 < r->count; cntr_array_1++) { + for (cntr_array_1 = 0; cntr_array_1 < size_array_1; cntr_array_1++) { NDR_CHECK(ndr_pull_srvsvc_NetTransportInfo3(ndr, NDR_SCALARS, &r->array[cntr_array_1])); } - for (cntr_array_1 = 0; cntr_array_1 < r->count; cntr_array_1++) { + for (cntr_array_1 = 0; cntr_array_1 < size_array_1; cntr_array_1++) { NDR_CHECK(ndr_pull_srvsvc_NetTransportInfo3(ndr, NDR_BUFFERS, &r->array[cntr_array_1])); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_array_1, 0); @@ -12789,9 +13115,13 @@ static enum ndr_err_code ndr_pull_srvsvc_NetTransportCtr(struct ndr_pull *ndr, i int level; uint32_t _level; TALLOC_CTX *_mem_save_ctr0_0; + uint32_t _ptr_ctr0; TALLOC_CTX *_mem_save_ctr1_0; + uint32_t _ptr_ctr1; TALLOC_CTX *_mem_save_ctr2_0; + uint32_t _ptr_ctr2; TALLOC_CTX *_mem_save_ctr3_0; + uint32_t _ptr_ctr3; level = ndr_pull_get_switch_value(ndr, r); if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &_level)); @@ -12800,7 +13130,6 @@ static enum ndr_err_code ndr_pull_srvsvc_NetTransportCtr(struct ndr_pull *ndr, i } switch (level) { case 0: { - uint32_t _ptr_ctr0; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_ctr0)); if (_ptr_ctr0) { NDR_PULL_ALLOC(ndr, r->ctr0); @@ -12810,7 +13139,6 @@ static enum ndr_err_code ndr_pull_srvsvc_NetTransportCtr(struct ndr_pull *ndr, i break; } case 1: { - uint32_t _ptr_ctr1; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_ctr1)); if (_ptr_ctr1) { NDR_PULL_ALLOC(ndr, r->ctr1); @@ -12820,7 +13148,6 @@ static enum ndr_err_code ndr_pull_srvsvc_NetTransportCtr(struct ndr_pull *ndr, i break; } case 2: { - uint32_t _ptr_ctr2; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_ctr2)); if (_ptr_ctr2) { NDR_PULL_ALLOC(ndr, r->ctr2); @@ -12830,7 +13157,6 @@ static enum ndr_err_code ndr_pull_srvsvc_NetTransportCtr(struct ndr_pull *ndr, i break; } case 3: { - uint32_t _ptr_ctr3; NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_ctr3)); if (_ptr_ctr3) { NDR_PULL_ALLOC(ndr, r->ctr3); @@ -13215,6 +13541,8 @@ static enum ndr_err_code ndr_push_srvsvc_NetCharDevEnum(struct ndr_push *ndr, in static enum ndr_err_code ndr_pull_srvsvc_NetCharDevEnum(struct ndr_pull *ndr, int flags, struct srvsvc_NetCharDevEnum *r) { uint32_t _ptr_server_unc; + uint32_t size_server_unc_1 = 0; + uint32_t length_server_unc_1 = 0; uint32_t _ptr_resume_handle; TALLOC_CTX *_mem_save_server_unc_0; TALLOC_CTX *_mem_save_info_ctr_0; @@ -13234,11 +13562,13 @@ static enum ndr_err_code ndr_pull_srvsvc_NetCharDevEnum(struct ndr_pull *ndr, in NDR_PULL_SET_MEM_CTX(ndr, r->in.server_unc, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.server_unc)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.server_unc)); - if (ndr_get_array_length(ndr, &r->in.server_unc) > ndr_get_array_size(ndr, &r->in.server_unc)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.server_unc), ndr_get_array_length(ndr, &r->in.server_unc)); + size_server_unc_1 = ndr_get_array_size(ndr, &r->in.server_unc); + length_server_unc_1 = ndr_get_array_length(ndr, &r->in.server_unc); + if (length_server_unc_1 > size_server_unc_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_unc_1, length_server_unc_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.server_unc), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_unc, ndr_get_array_length(ndr, &r->in.server_unc), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_unc_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_unc, length_server_unc_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_unc_0, 0); } if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) { @@ -13380,6 +13710,10 @@ static enum ndr_err_code ndr_push_srvsvc_NetCharDevGetInfo(struct ndr_push *ndr, static enum ndr_err_code ndr_pull_srvsvc_NetCharDevGetInfo(struct ndr_pull *ndr, int flags, struct srvsvc_NetCharDevGetInfo *r) { uint32_t _ptr_server_unc; + uint32_t size_server_unc_1 = 0; + uint32_t length_server_unc_1 = 0; + uint32_t size_device_name_0 = 0; + uint32_t length_device_name_0 = 0; TALLOC_CTX *_mem_save_server_unc_0; TALLOC_CTX *_mem_save_info_0; if (flags & NDR_IN) { @@ -13396,20 +13730,24 @@ static enum ndr_err_code ndr_pull_srvsvc_NetCharDevGetInfo(struct ndr_pull *ndr, NDR_PULL_SET_MEM_CTX(ndr, r->in.server_unc, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.server_unc)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.server_unc)); - if (ndr_get_array_length(ndr, &r->in.server_unc) > ndr_get_array_size(ndr, &r->in.server_unc)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.server_unc), ndr_get_array_length(ndr, &r->in.server_unc)); + size_server_unc_1 = ndr_get_array_size(ndr, &r->in.server_unc); + length_server_unc_1 = ndr_get_array_length(ndr, &r->in.server_unc); + if (length_server_unc_1 > size_server_unc_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_unc_1, length_server_unc_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.server_unc), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_unc, ndr_get_array_length(ndr, &r->in.server_unc), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_unc_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_unc, length_server_unc_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_unc_0, 0); } NDR_CHECK(ndr_pull_array_size(ndr, &r->in.device_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.device_name)); - if (ndr_get_array_length(ndr, &r->in.device_name) > ndr_get_array_size(ndr, &r->in.device_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.device_name), ndr_get_array_length(ndr, &r->in.device_name)); + size_device_name_0 = ndr_get_array_size(ndr, &r->in.device_name); + length_device_name_0 = ndr_get_array_length(ndr, &r->in.device_name); + if (length_device_name_0 > size_device_name_0) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_device_name_0, length_device_name_0); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.device_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.device_name, ndr_get_array_length(ndr, &r->in.device_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_device_name_0, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.device_name, length_device_name_0, sizeof(uint16_t), CH_UTF16)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.level)); NDR_PULL_ALLOC(ndr, r->out.info); ZERO_STRUCTP(r->out.info); @@ -13487,6 +13825,10 @@ static enum ndr_err_code ndr_push_srvsvc_NetCharDevControl(struct ndr_push *ndr, static enum ndr_err_code ndr_pull_srvsvc_NetCharDevControl(struct ndr_pull *ndr, int flags, struct srvsvc_NetCharDevControl *r) { uint32_t _ptr_server_unc; + uint32_t size_server_unc_1 = 0; + uint32_t length_server_unc_1 = 0; + uint32_t size_device_name_0 = 0; + uint32_t length_device_name_0 = 0; TALLOC_CTX *_mem_save_server_unc_0; if (flags & NDR_IN) { NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_server_unc)); @@ -13500,20 +13842,24 @@ static enum ndr_err_code ndr_pull_srvsvc_NetCharDevControl(struct ndr_pull *ndr, NDR_PULL_SET_MEM_CTX(ndr, r->in.server_unc, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.server_unc)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.server_unc)); - if (ndr_get_array_length(ndr, &r->in.server_unc) > ndr_get_array_size(ndr, &r->in.server_unc)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.server_unc), ndr_get_array_length(ndr, &r->in.server_unc)); + size_server_unc_1 = ndr_get_array_size(ndr, &r->in.server_unc); + length_server_unc_1 = ndr_get_array_length(ndr, &r->in.server_unc); + if (length_server_unc_1 > size_server_unc_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_unc_1, length_server_unc_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.server_unc), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_unc, ndr_get_array_length(ndr, &r->in.server_unc), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_unc_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_unc, length_server_unc_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_unc_0, 0); } NDR_CHECK(ndr_pull_array_size(ndr, &r->in.device_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.device_name)); - if (ndr_get_array_length(ndr, &r->in.device_name) > ndr_get_array_size(ndr, &r->in.device_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.device_name), ndr_get_array_length(ndr, &r->in.device_name)); + size_device_name_0 = ndr_get_array_size(ndr, &r->in.device_name); + length_device_name_0 = ndr_get_array_length(ndr, &r->in.device_name); + if (length_device_name_0 > size_device_name_0) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_device_name_0, length_device_name_0); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.device_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.device_name, ndr_get_array_length(ndr, &r->in.device_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_device_name_0, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.device_name, length_device_name_0, sizeof(uint16_t), CH_UTF16)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.opcode)); } if (flags & NDR_OUT) { @@ -13599,7 +13945,11 @@ static enum ndr_err_code ndr_push_srvsvc_NetCharDevQEnum(struct ndr_push *ndr, i static enum ndr_err_code ndr_pull_srvsvc_NetCharDevQEnum(struct ndr_pull *ndr, int flags, struct srvsvc_NetCharDevQEnum *r) { uint32_t _ptr_server_unc; + uint32_t size_server_unc_1 = 0; + uint32_t length_server_unc_1 = 0; uint32_t _ptr_user; + uint32_t size_user_1 = 0; + uint32_t length_user_1 = 0; uint32_t _ptr_resume_handle; TALLOC_CTX *_mem_save_server_unc_0; TALLOC_CTX *_mem_save_user_0; @@ -13620,11 +13970,13 @@ static enum ndr_err_code ndr_pull_srvsvc_NetCharDevQEnum(struct ndr_pull *ndr, i NDR_PULL_SET_MEM_CTX(ndr, r->in.server_unc, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.server_unc)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.server_unc)); - if (ndr_get_array_length(ndr, &r->in.server_unc) > ndr_get_array_size(ndr, &r->in.server_unc)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.server_unc), ndr_get_array_length(ndr, &r->in.server_unc)); + size_server_unc_1 = ndr_get_array_size(ndr, &r->in.server_unc); + length_server_unc_1 = ndr_get_array_length(ndr, &r->in.server_unc); + if (length_server_unc_1 > size_server_unc_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_unc_1, length_server_unc_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.server_unc), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_unc, ndr_get_array_length(ndr, &r->in.server_unc), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_unc_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_unc, length_server_unc_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_unc_0, 0); } NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_user)); @@ -13638,11 +13990,13 @@ static enum ndr_err_code ndr_pull_srvsvc_NetCharDevQEnum(struct ndr_pull *ndr, i NDR_PULL_SET_MEM_CTX(ndr, r->in.user, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.user)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.user)); - if (ndr_get_array_length(ndr, &r->in.user) > ndr_get_array_size(ndr, &r->in.user)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.user), ndr_get_array_length(ndr, &r->in.user)); + size_user_1 = ndr_get_array_size(ndr, &r->in.user); + length_user_1 = ndr_get_array_length(ndr, &r->in.user); + if (length_user_1 > size_user_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_user_1, length_user_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.user), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.user, ndr_get_array_length(ndr, &r->in.user), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_user_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.user, length_user_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_user_0, 0); } if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) { @@ -13794,6 +14148,12 @@ static enum ndr_err_code ndr_push_srvsvc_NetCharDevQGetInfo(struct ndr_push *ndr static enum ndr_err_code ndr_pull_srvsvc_NetCharDevQGetInfo(struct ndr_pull *ndr, int flags, struct srvsvc_NetCharDevQGetInfo *r) { uint32_t _ptr_server_unc; + uint32_t size_server_unc_1 = 0; + uint32_t length_server_unc_1 = 0; + uint32_t size_queue_name_0 = 0; + uint32_t length_queue_name_0 = 0; + uint32_t size_user_0 = 0; + uint32_t length_user_0 = 0; TALLOC_CTX *_mem_save_server_unc_0; TALLOC_CTX *_mem_save_info_0; if (flags & NDR_IN) { @@ -13810,27 +14170,33 @@ static enum ndr_err_code ndr_pull_srvsvc_NetCharDevQGetInfo(struct ndr_pull *ndr NDR_PULL_SET_MEM_CTX(ndr, r->in.server_unc, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.server_unc)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.server_unc)); - if (ndr_get_array_length(ndr, &r->in.server_unc) > ndr_get_array_size(ndr, &r->in.server_unc)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.server_unc), ndr_get_array_length(ndr, &r->in.server_unc)); + size_server_unc_1 = ndr_get_array_size(ndr, &r->in.server_unc); + length_server_unc_1 = ndr_get_array_length(ndr, &r->in.server_unc); + if (length_server_unc_1 > size_server_unc_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_unc_1, length_server_unc_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.server_unc), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_unc, ndr_get_array_length(ndr, &r->in.server_unc), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_unc_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_unc, length_server_unc_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_unc_0, 0); } NDR_CHECK(ndr_pull_array_size(ndr, &r->in.queue_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.queue_name)); - if (ndr_get_array_length(ndr, &r->in.queue_name) > ndr_get_array_size(ndr, &r->in.queue_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.queue_name), ndr_get_array_length(ndr, &r->in.queue_name)); + size_queue_name_0 = ndr_get_array_size(ndr, &r->in.queue_name); + length_queue_name_0 = ndr_get_array_length(ndr, &r->in.queue_name); + if (length_queue_name_0 > size_queue_name_0) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_queue_name_0, length_queue_name_0); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.queue_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.queue_name, ndr_get_array_length(ndr, &r->in.queue_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_queue_name_0, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.queue_name, length_queue_name_0, sizeof(uint16_t), CH_UTF16)); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.user)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.user)); - if (ndr_get_array_length(ndr, &r->in.user) > ndr_get_array_size(ndr, &r->in.user)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.user), ndr_get_array_length(ndr, &r->in.user)); + size_user_0 = ndr_get_array_size(ndr, &r->in.user); + length_user_0 = ndr_get_array_length(ndr, &r->in.user); + if (length_user_0 > size_user_0) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_user_0, length_user_0); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.user), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.user, ndr_get_array_length(ndr, &r->in.user), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_user_0, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.user, length_user_0, sizeof(uint16_t), CH_UTF16)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.level)); NDR_PULL_ALLOC(ndr, r->out.info); ZERO_STRUCTP(r->out.info); @@ -13919,6 +14285,10 @@ static enum ndr_err_code ndr_push_srvsvc_NetCharDevQSetInfo(struct ndr_push *ndr static enum ndr_err_code ndr_pull_srvsvc_NetCharDevQSetInfo(struct ndr_pull *ndr, int flags, struct srvsvc_NetCharDevQSetInfo *r) { uint32_t _ptr_server_unc; + uint32_t size_server_unc_1 = 0; + uint32_t length_server_unc_1 = 0; + uint32_t size_queue_name_0 = 0; + uint32_t length_queue_name_0 = 0; uint32_t _ptr_parm_error; TALLOC_CTX *_mem_save_server_unc_0; TALLOC_CTX *_mem_save_parm_error_0; @@ -13936,20 +14306,24 @@ static enum ndr_err_code ndr_pull_srvsvc_NetCharDevQSetInfo(struct ndr_pull *ndr NDR_PULL_SET_MEM_CTX(ndr, r->in.server_unc, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.server_unc)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.server_unc)); - if (ndr_get_array_length(ndr, &r->in.server_unc) > ndr_get_array_size(ndr, &r->in.server_unc)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.server_unc), ndr_get_array_length(ndr, &r->in.server_unc)); + size_server_unc_1 = ndr_get_array_size(ndr, &r->in.server_unc); + length_server_unc_1 = ndr_get_array_length(ndr, &r->in.server_unc); + if (length_server_unc_1 > size_server_unc_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_unc_1, length_server_unc_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.server_unc), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_unc, ndr_get_array_length(ndr, &r->in.server_unc), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_unc_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_unc, length_server_unc_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_unc_0, 0); } NDR_CHECK(ndr_pull_array_size(ndr, &r->in.queue_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.queue_name)); - if (ndr_get_array_length(ndr, &r->in.queue_name) > ndr_get_array_size(ndr, &r->in.queue_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.queue_name), ndr_get_array_length(ndr, &r->in.queue_name)); + size_queue_name_0 = ndr_get_array_size(ndr, &r->in.queue_name); + length_queue_name_0 = ndr_get_array_length(ndr, &r->in.queue_name); + if (length_queue_name_0 > size_queue_name_0) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_queue_name_0, length_queue_name_0); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.queue_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.queue_name, ndr_get_array_length(ndr, &r->in.queue_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_queue_name_0, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.queue_name, length_queue_name_0, sizeof(uint16_t), CH_UTF16)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.level)); NDR_CHECK(ndr_pull_set_switch_value(ndr, &r->in.info, r->in.level)); NDR_CHECK(ndr_pull_srvsvc_NetCharDevQInfo(ndr, NDR_SCALARS|NDR_BUFFERS, &r->in.info)); @@ -14051,6 +14425,10 @@ static enum ndr_err_code ndr_push_srvsvc_NetCharDevQPurge(struct ndr_push *ndr, static enum ndr_err_code ndr_pull_srvsvc_NetCharDevQPurge(struct ndr_pull *ndr, int flags, struct srvsvc_NetCharDevQPurge *r) { uint32_t _ptr_server_unc; + uint32_t size_server_unc_1 = 0; + uint32_t length_server_unc_1 = 0; + uint32_t size_queue_name_0 = 0; + uint32_t length_queue_name_0 = 0; TALLOC_CTX *_mem_save_server_unc_0; if (flags & NDR_IN) { NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_server_unc)); @@ -14064,20 +14442,24 @@ static enum ndr_err_code ndr_pull_srvsvc_NetCharDevQPurge(struct ndr_pull *ndr, NDR_PULL_SET_MEM_CTX(ndr, r->in.server_unc, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.server_unc)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.server_unc)); - if (ndr_get_array_length(ndr, &r->in.server_unc) > ndr_get_array_size(ndr, &r->in.server_unc)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.server_unc), ndr_get_array_length(ndr, &r->in.server_unc)); + size_server_unc_1 = ndr_get_array_size(ndr, &r->in.server_unc); + length_server_unc_1 = ndr_get_array_length(ndr, &r->in.server_unc); + if (length_server_unc_1 > size_server_unc_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_unc_1, length_server_unc_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.server_unc), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_unc, ndr_get_array_length(ndr, &r->in.server_unc), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_unc_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_unc, length_server_unc_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_unc_0, 0); } NDR_CHECK(ndr_pull_array_size(ndr, &r->in.queue_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.queue_name)); - if (ndr_get_array_length(ndr, &r->in.queue_name) > ndr_get_array_size(ndr, &r->in.queue_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.queue_name), ndr_get_array_length(ndr, &r->in.queue_name)); + size_queue_name_0 = ndr_get_array_size(ndr, &r->in.queue_name); + length_queue_name_0 = ndr_get_array_length(ndr, &r->in.queue_name); + if (length_queue_name_0 > size_queue_name_0) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_queue_name_0, length_queue_name_0); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.queue_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.queue_name, ndr_get_array_length(ndr, &r->in.queue_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_queue_name_0, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.queue_name, length_queue_name_0, sizeof(uint16_t), CH_UTF16)); } if (flags & NDR_OUT) { NDR_CHECK(ndr_pull_WERROR(ndr, NDR_SCALARS, &r->out.result)); @@ -14141,6 +14523,12 @@ static enum ndr_err_code ndr_push_srvsvc_NetCharDevQPurgeSelf(struct ndr_push *n static enum ndr_err_code ndr_pull_srvsvc_NetCharDevQPurgeSelf(struct ndr_pull *ndr, int flags, struct srvsvc_NetCharDevQPurgeSelf *r) { uint32_t _ptr_server_unc; + uint32_t size_server_unc_1 = 0; + uint32_t length_server_unc_1 = 0; + uint32_t size_queue_name_0 = 0; + uint32_t length_queue_name_0 = 0; + uint32_t size_computer_name_0 = 0; + uint32_t length_computer_name_0 = 0; TALLOC_CTX *_mem_save_server_unc_0; if (flags & NDR_IN) { NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_server_unc)); @@ -14154,27 +14542,33 @@ static enum ndr_err_code ndr_pull_srvsvc_NetCharDevQPurgeSelf(struct ndr_pull *n NDR_PULL_SET_MEM_CTX(ndr, r->in.server_unc, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.server_unc)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.server_unc)); - if (ndr_get_array_length(ndr, &r->in.server_unc) > ndr_get_array_size(ndr, &r->in.server_unc)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.server_unc), ndr_get_array_length(ndr, &r->in.server_unc)); + size_server_unc_1 = ndr_get_array_size(ndr, &r->in.server_unc); + length_server_unc_1 = ndr_get_array_length(ndr, &r->in.server_unc); + if (length_server_unc_1 > size_server_unc_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_unc_1, length_server_unc_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.server_unc), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_unc, ndr_get_array_length(ndr, &r->in.server_unc), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_unc_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_unc, length_server_unc_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_unc_0, 0); } NDR_CHECK(ndr_pull_array_size(ndr, &r->in.queue_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.queue_name)); - if (ndr_get_array_length(ndr, &r->in.queue_name) > ndr_get_array_size(ndr, &r->in.queue_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.queue_name), ndr_get_array_length(ndr, &r->in.queue_name)); + size_queue_name_0 = ndr_get_array_size(ndr, &r->in.queue_name); + length_queue_name_0 = ndr_get_array_length(ndr, &r->in.queue_name); + if (length_queue_name_0 > size_queue_name_0) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_queue_name_0, length_queue_name_0); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.queue_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.queue_name, ndr_get_array_length(ndr, &r->in.queue_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_queue_name_0, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.queue_name, length_queue_name_0, sizeof(uint16_t), CH_UTF16)); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.computer_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.computer_name)); - if (ndr_get_array_length(ndr, &r->in.computer_name) > ndr_get_array_size(ndr, &r->in.computer_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.computer_name), ndr_get_array_length(ndr, &r->in.computer_name)); + size_computer_name_0 = ndr_get_array_size(ndr, &r->in.computer_name); + length_computer_name_0 = ndr_get_array_length(ndr, &r->in.computer_name); + if (length_computer_name_0 > size_computer_name_0) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_computer_name_0, length_computer_name_0); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.computer_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.computer_name, ndr_get_array_length(ndr, &r->in.computer_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_computer_name_0, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.computer_name, length_computer_name_0, sizeof(uint16_t), CH_UTF16)); } if (flags & NDR_OUT) { NDR_CHECK(ndr_pull_WERROR(ndr, NDR_SCALARS, &r->out.result)); @@ -14259,7 +14653,11 @@ static enum ndr_err_code ndr_push_srvsvc_NetConnEnum(struct ndr_push *ndr, int f static enum ndr_err_code ndr_pull_srvsvc_NetConnEnum(struct ndr_pull *ndr, int flags, struct srvsvc_NetConnEnum *r) { uint32_t _ptr_server_unc; + uint32_t size_server_unc_1 = 0; + uint32_t length_server_unc_1 = 0; uint32_t _ptr_path; + uint32_t size_path_1 = 0; + uint32_t length_path_1 = 0; uint32_t _ptr_resume_handle; TALLOC_CTX *_mem_save_server_unc_0; TALLOC_CTX *_mem_save_path_0; @@ -14280,11 +14678,13 @@ static enum ndr_err_code ndr_pull_srvsvc_NetConnEnum(struct ndr_pull *ndr, int f NDR_PULL_SET_MEM_CTX(ndr, r->in.server_unc, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.server_unc)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.server_unc)); - if (ndr_get_array_length(ndr, &r->in.server_unc) > ndr_get_array_size(ndr, &r->in.server_unc)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.server_unc), ndr_get_array_length(ndr, &r->in.server_unc)); + size_server_unc_1 = ndr_get_array_size(ndr, &r->in.server_unc); + length_server_unc_1 = ndr_get_array_length(ndr, &r->in.server_unc); + if (length_server_unc_1 > size_server_unc_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_unc_1, length_server_unc_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.server_unc), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_unc, ndr_get_array_length(ndr, &r->in.server_unc), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_unc_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_unc, length_server_unc_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_unc_0, 0); } NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_path)); @@ -14298,11 +14698,13 @@ static enum ndr_err_code ndr_pull_srvsvc_NetConnEnum(struct ndr_pull *ndr, int f NDR_PULL_SET_MEM_CTX(ndr, r->in.path, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.path)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.path)); - if (ndr_get_array_length(ndr, &r->in.path) > ndr_get_array_size(ndr, &r->in.path)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.path), ndr_get_array_length(ndr, &r->in.path)); + size_path_1 = ndr_get_array_size(ndr, &r->in.path); + length_path_1 = ndr_get_array_length(ndr, &r->in.path); + if (length_path_1 > size_path_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_path_1, length_path_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.path), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.path, ndr_get_array_length(ndr, &r->in.path), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_path_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.path, length_path_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_path_0, 0); } if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) { @@ -14475,8 +14877,14 @@ static enum ndr_err_code ndr_push_srvsvc_NetFileEnum(struct ndr_push *ndr, int f static enum ndr_err_code ndr_pull_srvsvc_NetFileEnum(struct ndr_pull *ndr, int flags, struct srvsvc_NetFileEnum *r) { uint32_t _ptr_server_unc; + uint32_t size_server_unc_1 = 0; + uint32_t length_server_unc_1 = 0; uint32_t _ptr_path; + uint32_t size_path_1 = 0; + uint32_t length_path_1 = 0; uint32_t _ptr_user; + uint32_t size_user_1 = 0; + uint32_t length_user_1 = 0; uint32_t _ptr_resume_handle; TALLOC_CTX *_mem_save_server_unc_0; TALLOC_CTX *_mem_save_path_0; @@ -14498,11 +14906,13 @@ static enum ndr_err_code ndr_pull_srvsvc_NetFileEnum(struct ndr_pull *ndr, int f NDR_PULL_SET_MEM_CTX(ndr, r->in.server_unc, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.server_unc)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.server_unc)); - if (ndr_get_array_length(ndr, &r->in.server_unc) > ndr_get_array_size(ndr, &r->in.server_unc)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.server_unc), ndr_get_array_length(ndr, &r->in.server_unc)); + size_server_unc_1 = ndr_get_array_size(ndr, &r->in.server_unc); + length_server_unc_1 = ndr_get_array_length(ndr, &r->in.server_unc); + if (length_server_unc_1 > size_server_unc_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_unc_1, length_server_unc_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.server_unc), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_unc, ndr_get_array_length(ndr, &r->in.server_unc), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_unc_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_unc, length_server_unc_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_unc_0, 0); } NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_path)); @@ -14516,11 +14926,13 @@ static enum ndr_err_code ndr_pull_srvsvc_NetFileEnum(struct ndr_pull *ndr, int f NDR_PULL_SET_MEM_CTX(ndr, r->in.path, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.path)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.path)); - if (ndr_get_array_length(ndr, &r->in.path) > ndr_get_array_size(ndr, &r->in.path)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.path), ndr_get_array_length(ndr, &r->in.path)); + size_path_1 = ndr_get_array_size(ndr, &r->in.path); + length_path_1 = ndr_get_array_length(ndr, &r->in.path); + if (length_path_1 > size_path_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_path_1, length_path_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.path), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.path, ndr_get_array_length(ndr, &r->in.path), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_path_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.path, length_path_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_path_0, 0); } NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_user)); @@ -14534,11 +14946,13 @@ static enum ndr_err_code ndr_pull_srvsvc_NetFileEnum(struct ndr_pull *ndr, int f NDR_PULL_SET_MEM_CTX(ndr, r->in.user, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.user)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.user)); - if (ndr_get_array_length(ndr, &r->in.user) > ndr_get_array_size(ndr, &r->in.user)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.user), ndr_get_array_length(ndr, &r->in.user)); + size_user_1 = ndr_get_array_size(ndr, &r->in.user); + length_user_1 = ndr_get_array_length(ndr, &r->in.user); + if (length_user_1 > size_user_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_user_1, length_user_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.user), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.user, ndr_get_array_length(ndr, &r->in.user), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_user_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.user, length_user_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_user_0, 0); } if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) { @@ -14689,6 +15103,8 @@ static enum ndr_err_code ndr_push_srvsvc_NetFileGetInfo(struct ndr_push *ndr, in static enum ndr_err_code ndr_pull_srvsvc_NetFileGetInfo(struct ndr_pull *ndr, int flags, struct srvsvc_NetFileGetInfo *r) { uint32_t _ptr_server_unc; + uint32_t size_server_unc_1 = 0; + uint32_t length_server_unc_1 = 0; TALLOC_CTX *_mem_save_server_unc_0; TALLOC_CTX *_mem_save_info_0; if (flags & NDR_IN) { @@ -14705,11 +15121,13 @@ static enum ndr_err_code ndr_pull_srvsvc_NetFileGetInfo(struct ndr_pull *ndr, in NDR_PULL_SET_MEM_CTX(ndr, r->in.server_unc, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.server_unc)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.server_unc)); - if (ndr_get_array_length(ndr, &r->in.server_unc) > ndr_get_array_size(ndr, &r->in.server_unc)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.server_unc), ndr_get_array_length(ndr, &r->in.server_unc)); + size_server_unc_1 = ndr_get_array_size(ndr, &r->in.server_unc); + length_server_unc_1 = ndr_get_array_length(ndr, &r->in.server_unc); + if (length_server_unc_1 > size_server_unc_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_unc_1, length_server_unc_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.server_unc), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_unc, ndr_get_array_length(ndr, &r->in.server_unc), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_unc_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_unc, length_server_unc_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_unc_0, 0); } NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.fid)); @@ -14786,6 +15204,8 @@ static enum ndr_err_code ndr_push_srvsvc_NetFileClose(struct ndr_push *ndr, int static enum ndr_err_code ndr_pull_srvsvc_NetFileClose(struct ndr_pull *ndr, int flags, struct srvsvc_NetFileClose *r) { uint32_t _ptr_server_unc; + uint32_t size_server_unc_1 = 0; + uint32_t length_server_unc_1 = 0; TALLOC_CTX *_mem_save_server_unc_0; if (flags & NDR_IN) { NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_server_unc)); @@ -14799,11 +15219,13 @@ static enum ndr_err_code ndr_pull_srvsvc_NetFileClose(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->in.server_unc, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.server_unc)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.server_unc)); - if (ndr_get_array_length(ndr, &r->in.server_unc) > ndr_get_array_size(ndr, &r->in.server_unc)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.server_unc), ndr_get_array_length(ndr, &r->in.server_unc)); + size_server_unc_1 = ndr_get_array_size(ndr, &r->in.server_unc); + length_server_unc_1 = ndr_get_array_length(ndr, &r->in.server_unc); + if (length_server_unc_1 > size_server_unc_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_unc_1, length_server_unc_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.server_unc), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_unc, ndr_get_array_length(ndr, &r->in.server_unc), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_unc_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_unc, length_server_unc_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_unc_0, 0); } NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.fid)); @@ -14897,8 +15319,14 @@ static enum ndr_err_code ndr_push_srvsvc_NetSessEnum(struct ndr_push *ndr, int f static enum ndr_err_code ndr_pull_srvsvc_NetSessEnum(struct ndr_pull *ndr, int flags, struct srvsvc_NetSessEnum *r) { uint32_t _ptr_server_unc; + uint32_t size_server_unc_1 = 0; + uint32_t length_server_unc_1 = 0; uint32_t _ptr_client; + uint32_t size_client_1 = 0; + uint32_t length_client_1 = 0; uint32_t _ptr_user; + uint32_t size_user_1 = 0; + uint32_t length_user_1 = 0; uint32_t _ptr_resume_handle; TALLOC_CTX *_mem_save_server_unc_0; TALLOC_CTX *_mem_save_client_0; @@ -14920,11 +15348,13 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSessEnum(struct ndr_pull *ndr, int f NDR_PULL_SET_MEM_CTX(ndr, r->in.server_unc, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.server_unc)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.server_unc)); - if (ndr_get_array_length(ndr, &r->in.server_unc) > ndr_get_array_size(ndr, &r->in.server_unc)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.server_unc), ndr_get_array_length(ndr, &r->in.server_unc)); + size_server_unc_1 = ndr_get_array_size(ndr, &r->in.server_unc); + length_server_unc_1 = ndr_get_array_length(ndr, &r->in.server_unc); + if (length_server_unc_1 > size_server_unc_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_unc_1, length_server_unc_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.server_unc), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_unc, ndr_get_array_length(ndr, &r->in.server_unc), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_unc_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_unc, length_server_unc_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_unc_0, 0); } NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_client)); @@ -14938,11 +15368,13 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSessEnum(struct ndr_pull *ndr, int f NDR_PULL_SET_MEM_CTX(ndr, r->in.client, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.client)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.client)); - if (ndr_get_array_length(ndr, &r->in.client) > ndr_get_array_size(ndr, &r->in.client)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.client), ndr_get_array_length(ndr, &r->in.client)); + size_client_1 = ndr_get_array_size(ndr, &r->in.client); + length_client_1 = ndr_get_array_length(ndr, &r->in.client); + if (length_client_1 > size_client_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_client_1, length_client_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.client), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.client, ndr_get_array_length(ndr, &r->in.client), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_client_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.client, length_client_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_client_0, 0); } NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_user)); @@ -14956,11 +15388,13 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSessEnum(struct ndr_pull *ndr, int f NDR_PULL_SET_MEM_CTX(ndr, r->in.user, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.user)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.user)); - if (ndr_get_array_length(ndr, &r->in.user) > ndr_get_array_size(ndr, &r->in.user)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.user), ndr_get_array_length(ndr, &r->in.user)); + size_user_1 = ndr_get_array_size(ndr, &r->in.user); + length_user_1 = ndr_get_array_length(ndr, &r->in.user); + if (length_user_1 > size_user_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_user_1, length_user_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.user), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.user, ndr_get_array_length(ndr, &r->in.user), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_user_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.user, length_user_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_user_0, 0); } if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) { @@ -15118,8 +15552,14 @@ static enum ndr_err_code ndr_push_srvsvc_NetSessDel(struct ndr_push *ndr, int fl static enum ndr_err_code ndr_pull_srvsvc_NetSessDel(struct ndr_pull *ndr, int flags, struct srvsvc_NetSessDel *r) { uint32_t _ptr_server_unc; + uint32_t size_server_unc_1 = 0; + uint32_t length_server_unc_1 = 0; uint32_t _ptr_client; + uint32_t size_client_1 = 0; + uint32_t length_client_1 = 0; uint32_t _ptr_user; + uint32_t size_user_1 = 0; + uint32_t length_user_1 = 0; TALLOC_CTX *_mem_save_server_unc_0; TALLOC_CTX *_mem_save_client_0; TALLOC_CTX *_mem_save_user_0; @@ -15135,11 +15575,13 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSessDel(struct ndr_pull *ndr, int fl NDR_PULL_SET_MEM_CTX(ndr, r->in.server_unc, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.server_unc)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.server_unc)); - if (ndr_get_array_length(ndr, &r->in.server_unc) > ndr_get_array_size(ndr, &r->in.server_unc)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.server_unc), ndr_get_array_length(ndr, &r->in.server_unc)); + size_server_unc_1 = ndr_get_array_size(ndr, &r->in.server_unc); + length_server_unc_1 = ndr_get_array_length(ndr, &r->in.server_unc); + if (length_server_unc_1 > size_server_unc_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_unc_1, length_server_unc_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.server_unc), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_unc, ndr_get_array_length(ndr, &r->in.server_unc), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_unc_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_unc, length_server_unc_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_unc_0, 0); } NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_client)); @@ -15153,11 +15595,13 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSessDel(struct ndr_pull *ndr, int fl NDR_PULL_SET_MEM_CTX(ndr, r->in.client, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.client)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.client)); - if (ndr_get_array_length(ndr, &r->in.client) > ndr_get_array_size(ndr, &r->in.client)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.client), ndr_get_array_length(ndr, &r->in.client)); + size_client_1 = ndr_get_array_size(ndr, &r->in.client); + length_client_1 = ndr_get_array_length(ndr, &r->in.client); + if (length_client_1 > size_client_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_client_1, length_client_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.client), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.client, ndr_get_array_length(ndr, &r->in.client), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_client_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.client, length_client_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_client_0, 0); } NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_user)); @@ -15171,11 +15615,13 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSessDel(struct ndr_pull *ndr, int fl NDR_PULL_SET_MEM_CTX(ndr, r->in.user, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.user)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.user)); - if (ndr_get_array_length(ndr, &r->in.user) > ndr_get_array_size(ndr, &r->in.user)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.user), ndr_get_array_length(ndr, &r->in.user)); + size_user_1 = ndr_get_array_size(ndr, &r->in.user); + length_user_1 = ndr_get_array_length(ndr, &r->in.user); + if (length_user_1 > size_user_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_user_1, length_user_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.user), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.user, ndr_get_array_length(ndr, &r->in.user), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_user_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.user, length_user_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_user_0, 0); } } @@ -15258,6 +15704,8 @@ static enum ndr_err_code ndr_push_srvsvc_NetShareAdd(struct ndr_push *ndr, int f static enum ndr_err_code ndr_pull_srvsvc_NetShareAdd(struct ndr_pull *ndr, int flags, struct srvsvc_NetShareAdd *r) { uint32_t _ptr_server_unc; + uint32_t size_server_unc_1 = 0; + uint32_t length_server_unc_1 = 0; uint32_t _ptr_parm_error; TALLOC_CTX *_mem_save_server_unc_0; TALLOC_CTX *_mem_save_info_0; @@ -15276,11 +15724,13 @@ static enum ndr_err_code ndr_pull_srvsvc_NetShareAdd(struct ndr_pull *ndr, int f NDR_PULL_SET_MEM_CTX(ndr, r->in.server_unc, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.server_unc)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.server_unc)); - if (ndr_get_array_length(ndr, &r->in.server_unc) > ndr_get_array_size(ndr, &r->in.server_unc)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.server_unc), ndr_get_array_length(ndr, &r->in.server_unc)); + size_server_unc_1 = ndr_get_array_size(ndr, &r->in.server_unc); + length_server_unc_1 = ndr_get_array_length(ndr, &r->in.server_unc); + if (length_server_unc_1 > size_server_unc_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_unc_1, length_server_unc_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.server_unc), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_unc, ndr_get_array_length(ndr, &r->in.server_unc), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_unc_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_unc, length_server_unc_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_unc_0, 0); } NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.level)); @@ -15409,6 +15859,8 @@ static enum ndr_err_code ndr_push_srvsvc_NetShareEnumAll(struct ndr_push *ndr, i static enum ndr_err_code ndr_pull_srvsvc_NetShareEnumAll(struct ndr_pull *ndr, int flags, struct srvsvc_NetShareEnumAll *r) { uint32_t _ptr_server_unc; + uint32_t size_server_unc_1 = 0; + uint32_t length_server_unc_1 = 0; uint32_t _ptr_resume_handle; TALLOC_CTX *_mem_save_server_unc_0; TALLOC_CTX *_mem_save_info_ctr_0; @@ -15428,11 +15880,13 @@ static enum ndr_err_code ndr_pull_srvsvc_NetShareEnumAll(struct ndr_pull *ndr, i NDR_PULL_SET_MEM_CTX(ndr, r->in.server_unc, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.server_unc)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.server_unc)); - if (ndr_get_array_length(ndr, &r->in.server_unc) > ndr_get_array_size(ndr, &r->in.server_unc)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.server_unc), ndr_get_array_length(ndr, &r->in.server_unc)); + size_server_unc_1 = ndr_get_array_size(ndr, &r->in.server_unc); + length_server_unc_1 = ndr_get_array_length(ndr, &r->in.server_unc); + if (length_server_unc_1 > size_server_unc_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_unc_1, length_server_unc_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.server_unc), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_unc, ndr_get_array_length(ndr, &r->in.server_unc), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_unc_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_unc, length_server_unc_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_unc_0, 0); } if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) { @@ -15574,6 +16028,10 @@ static enum ndr_err_code ndr_push_srvsvc_NetShareGetInfo(struct ndr_push *ndr, i static enum ndr_err_code ndr_pull_srvsvc_NetShareGetInfo(struct ndr_pull *ndr, int flags, struct srvsvc_NetShareGetInfo *r) { uint32_t _ptr_server_unc; + uint32_t size_server_unc_1 = 0; + uint32_t length_server_unc_1 = 0; + uint32_t size_share_name_0 = 0; + uint32_t length_share_name_0 = 0; TALLOC_CTX *_mem_save_server_unc_0; TALLOC_CTX *_mem_save_info_0; if (flags & NDR_IN) { @@ -15590,20 +16048,24 @@ static enum ndr_err_code ndr_pull_srvsvc_NetShareGetInfo(struct ndr_pull *ndr, i NDR_PULL_SET_MEM_CTX(ndr, r->in.server_unc, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.server_unc)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.server_unc)); - if (ndr_get_array_length(ndr, &r->in.server_unc) > ndr_get_array_size(ndr, &r->in.server_unc)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.server_unc), ndr_get_array_length(ndr, &r->in.server_unc)); + size_server_unc_1 = ndr_get_array_size(ndr, &r->in.server_unc); + length_server_unc_1 = ndr_get_array_length(ndr, &r->in.server_unc); + if (length_server_unc_1 > size_server_unc_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_unc_1, length_server_unc_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.server_unc), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_unc, ndr_get_array_length(ndr, &r->in.server_unc), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_unc_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_unc, length_server_unc_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_unc_0, 0); } NDR_CHECK(ndr_pull_array_size(ndr, &r->in.share_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.share_name)); - if (ndr_get_array_length(ndr, &r->in.share_name) > ndr_get_array_size(ndr, &r->in.share_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.share_name), ndr_get_array_length(ndr, &r->in.share_name)); + size_share_name_0 = ndr_get_array_size(ndr, &r->in.share_name); + length_share_name_0 = ndr_get_array_length(ndr, &r->in.share_name); + if (length_share_name_0 > size_share_name_0) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_share_name_0, length_share_name_0); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.share_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.share_name, ndr_get_array_length(ndr, &r->in.share_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_share_name_0, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.share_name, length_share_name_0, sizeof(uint16_t), CH_UTF16)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.level)); NDR_PULL_ALLOC(ndr, r->out.info); ZERO_STRUCTP(r->out.info); @@ -15694,6 +16156,10 @@ static enum ndr_err_code ndr_push_srvsvc_NetShareSetInfo(struct ndr_push *ndr, i static enum ndr_err_code ndr_pull_srvsvc_NetShareSetInfo(struct ndr_pull *ndr, int flags, struct srvsvc_NetShareSetInfo *r) { uint32_t _ptr_server_unc; + uint32_t size_server_unc_1 = 0; + uint32_t length_server_unc_1 = 0; + uint32_t size_share_name_0 = 0; + uint32_t length_share_name_0 = 0; uint32_t _ptr_parm_error; TALLOC_CTX *_mem_save_server_unc_0; TALLOC_CTX *_mem_save_info_0; @@ -15712,20 +16178,24 @@ static enum ndr_err_code ndr_pull_srvsvc_NetShareSetInfo(struct ndr_pull *ndr, i NDR_PULL_SET_MEM_CTX(ndr, r->in.server_unc, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.server_unc)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.server_unc)); - if (ndr_get_array_length(ndr, &r->in.server_unc) > ndr_get_array_size(ndr, &r->in.server_unc)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.server_unc), ndr_get_array_length(ndr, &r->in.server_unc)); + size_server_unc_1 = ndr_get_array_size(ndr, &r->in.server_unc); + length_server_unc_1 = ndr_get_array_length(ndr, &r->in.server_unc); + if (length_server_unc_1 > size_server_unc_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_unc_1, length_server_unc_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.server_unc), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_unc, ndr_get_array_length(ndr, &r->in.server_unc), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_unc_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_unc, length_server_unc_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_unc_0, 0); } NDR_CHECK(ndr_pull_array_size(ndr, &r->in.share_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.share_name)); - if (ndr_get_array_length(ndr, &r->in.share_name) > ndr_get_array_size(ndr, &r->in.share_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.share_name), ndr_get_array_length(ndr, &r->in.share_name)); + size_share_name_0 = ndr_get_array_size(ndr, &r->in.share_name); + length_share_name_0 = ndr_get_array_length(ndr, &r->in.share_name); + if (length_share_name_0 > size_share_name_0) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_share_name_0, length_share_name_0); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.share_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.share_name, ndr_get_array_length(ndr, &r->in.share_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_share_name_0, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.share_name, length_share_name_0, sizeof(uint16_t), CH_UTF16)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.level)); if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) { NDR_PULL_ALLOC(ndr, r->in.info); @@ -15837,6 +16307,10 @@ static enum ndr_err_code ndr_push_srvsvc_NetShareDel(struct ndr_push *ndr, int f static enum ndr_err_code ndr_pull_srvsvc_NetShareDel(struct ndr_pull *ndr, int flags, struct srvsvc_NetShareDel *r) { uint32_t _ptr_server_unc; + uint32_t size_server_unc_1 = 0; + uint32_t length_server_unc_1 = 0; + uint32_t size_share_name_0 = 0; + uint32_t length_share_name_0 = 0; TALLOC_CTX *_mem_save_server_unc_0; if (flags & NDR_IN) { NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_server_unc)); @@ -15850,20 +16324,24 @@ static enum ndr_err_code ndr_pull_srvsvc_NetShareDel(struct ndr_pull *ndr, int f NDR_PULL_SET_MEM_CTX(ndr, r->in.server_unc, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.server_unc)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.server_unc)); - if (ndr_get_array_length(ndr, &r->in.server_unc) > ndr_get_array_size(ndr, &r->in.server_unc)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.server_unc), ndr_get_array_length(ndr, &r->in.server_unc)); + size_server_unc_1 = ndr_get_array_size(ndr, &r->in.server_unc); + length_server_unc_1 = ndr_get_array_length(ndr, &r->in.server_unc); + if (length_server_unc_1 > size_server_unc_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_unc_1, length_server_unc_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.server_unc), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_unc, ndr_get_array_length(ndr, &r->in.server_unc), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_unc_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_unc, length_server_unc_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_unc_0, 0); } NDR_CHECK(ndr_pull_array_size(ndr, &r->in.share_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.share_name)); - if (ndr_get_array_length(ndr, &r->in.share_name) > ndr_get_array_size(ndr, &r->in.share_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.share_name), ndr_get_array_length(ndr, &r->in.share_name)); + size_share_name_0 = ndr_get_array_size(ndr, &r->in.share_name); + length_share_name_0 = ndr_get_array_length(ndr, &r->in.share_name); + if (length_share_name_0 > size_share_name_0) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_share_name_0, length_share_name_0); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.share_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.share_name, ndr_get_array_length(ndr, &r->in.share_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_share_name_0, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.share_name, length_share_name_0, sizeof(uint16_t), CH_UTF16)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.reserved)); } if (flags & NDR_OUT) { @@ -15926,6 +16404,10 @@ static enum ndr_err_code ndr_push_srvsvc_NetShareDelSticky(struct ndr_push *ndr, static enum ndr_err_code ndr_pull_srvsvc_NetShareDelSticky(struct ndr_pull *ndr, int flags, struct srvsvc_NetShareDelSticky *r) { uint32_t _ptr_server_unc; + uint32_t size_server_unc_1 = 0; + uint32_t length_server_unc_1 = 0; + uint32_t size_share_name_0 = 0; + uint32_t length_share_name_0 = 0; TALLOC_CTX *_mem_save_server_unc_0; if (flags & NDR_IN) { NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_server_unc)); @@ -15939,20 +16421,24 @@ static enum ndr_err_code ndr_pull_srvsvc_NetShareDelSticky(struct ndr_pull *ndr, NDR_PULL_SET_MEM_CTX(ndr, r->in.server_unc, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.server_unc)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.server_unc)); - if (ndr_get_array_length(ndr, &r->in.server_unc) > ndr_get_array_size(ndr, &r->in.server_unc)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.server_unc), ndr_get_array_length(ndr, &r->in.server_unc)); + size_server_unc_1 = ndr_get_array_size(ndr, &r->in.server_unc); + length_server_unc_1 = ndr_get_array_length(ndr, &r->in.server_unc); + if (length_server_unc_1 > size_server_unc_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_unc_1, length_server_unc_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.server_unc), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_unc, ndr_get_array_length(ndr, &r->in.server_unc), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_unc_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_unc, length_server_unc_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_unc_0, 0); } NDR_CHECK(ndr_pull_array_size(ndr, &r->in.share_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.share_name)); - if (ndr_get_array_length(ndr, &r->in.share_name) > ndr_get_array_size(ndr, &r->in.share_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.share_name), ndr_get_array_length(ndr, &r->in.share_name)); + size_share_name_0 = ndr_get_array_size(ndr, &r->in.share_name); + length_share_name_0 = ndr_get_array_length(ndr, &r->in.share_name); + if (length_share_name_0 > size_share_name_0) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_share_name_0, length_share_name_0); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.share_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.share_name, ndr_get_array_length(ndr, &r->in.share_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_share_name_0, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.share_name, length_share_name_0, sizeof(uint16_t), CH_UTF16)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.reserved)); } if (flags & NDR_OUT) { @@ -16018,6 +16504,10 @@ static enum ndr_err_code ndr_push_srvsvc_NetShareCheck(struct ndr_push *ndr, int static enum ndr_err_code ndr_pull_srvsvc_NetShareCheck(struct ndr_pull *ndr, int flags, struct srvsvc_NetShareCheck *r) { uint32_t _ptr_server_unc; + uint32_t size_server_unc_1 = 0; + uint32_t length_server_unc_1 = 0; + uint32_t size_device_name_0 = 0; + uint32_t length_device_name_0 = 0; TALLOC_CTX *_mem_save_server_unc_0; TALLOC_CTX *_mem_save_type_0; if (flags & NDR_IN) { @@ -16034,20 +16524,24 @@ static enum ndr_err_code ndr_pull_srvsvc_NetShareCheck(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->in.server_unc, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.server_unc)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.server_unc)); - if (ndr_get_array_length(ndr, &r->in.server_unc) > ndr_get_array_size(ndr, &r->in.server_unc)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.server_unc), ndr_get_array_length(ndr, &r->in.server_unc)); + size_server_unc_1 = ndr_get_array_size(ndr, &r->in.server_unc); + length_server_unc_1 = ndr_get_array_length(ndr, &r->in.server_unc); + if (length_server_unc_1 > size_server_unc_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_unc_1, length_server_unc_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.server_unc), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_unc, ndr_get_array_length(ndr, &r->in.server_unc), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_unc_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_unc, length_server_unc_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_unc_0, 0); } NDR_CHECK(ndr_pull_array_size(ndr, &r->in.device_name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.device_name)); - if (ndr_get_array_length(ndr, &r->in.device_name) > ndr_get_array_size(ndr, &r->in.device_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.device_name), ndr_get_array_length(ndr, &r->in.device_name)); + size_device_name_0 = ndr_get_array_size(ndr, &r->in.device_name); + length_device_name_0 = ndr_get_array_length(ndr, &r->in.device_name); + if (length_device_name_0 > size_device_name_0) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_device_name_0, length_device_name_0); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.device_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.device_name, ndr_get_array_length(ndr, &r->in.device_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_device_name_0, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.device_name, length_device_name_0, sizeof(uint16_t), CH_UTF16)); NDR_PULL_ALLOC(ndr, r->out.type); ZERO_STRUCTP(r->out.type); } @@ -16122,6 +16616,8 @@ static enum ndr_err_code ndr_push_srvsvc_NetSrvGetInfo(struct ndr_push *ndr, int static enum ndr_err_code ndr_pull_srvsvc_NetSrvGetInfo(struct ndr_pull *ndr, int flags, struct srvsvc_NetSrvGetInfo *r) { uint32_t _ptr_server_unc; + uint32_t size_server_unc_1 = 0; + uint32_t length_server_unc_1 = 0; TALLOC_CTX *_mem_save_server_unc_0; TALLOC_CTX *_mem_save_info_0; if (flags & NDR_IN) { @@ -16138,11 +16634,13 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSrvGetInfo(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->in.server_unc, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.server_unc)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.server_unc)); - if (ndr_get_array_length(ndr, &r->in.server_unc) > ndr_get_array_size(ndr, &r->in.server_unc)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.server_unc), ndr_get_array_length(ndr, &r->in.server_unc)); + size_server_unc_1 = ndr_get_array_size(ndr, &r->in.server_unc); + length_server_unc_1 = ndr_get_array_length(ndr, &r->in.server_unc); + if (length_server_unc_1 > size_server_unc_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_unc_1, length_server_unc_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.server_unc), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_unc, ndr_get_array_length(ndr, &r->in.server_unc), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_unc_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_unc, length_server_unc_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_unc_0, 0); } NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.level)); @@ -16230,6 +16728,8 @@ static enum ndr_err_code ndr_push_srvsvc_NetSrvSetInfo(struct ndr_push *ndr, int static enum ndr_err_code ndr_pull_srvsvc_NetSrvSetInfo(struct ndr_pull *ndr, int flags, struct srvsvc_NetSrvSetInfo *r) { uint32_t _ptr_server_unc; + uint32_t size_server_unc_1 = 0; + uint32_t length_server_unc_1 = 0; uint32_t _ptr_parm_error; TALLOC_CTX *_mem_save_server_unc_0; TALLOC_CTX *_mem_save_info_0; @@ -16248,11 +16748,13 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSrvSetInfo(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->in.server_unc, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.server_unc)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.server_unc)); - if (ndr_get_array_length(ndr, &r->in.server_unc) > ndr_get_array_size(ndr, &r->in.server_unc)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.server_unc), ndr_get_array_length(ndr, &r->in.server_unc)); + size_server_unc_1 = ndr_get_array_size(ndr, &r->in.server_unc); + length_server_unc_1 = ndr_get_array_length(ndr, &r->in.server_unc); + if (length_server_unc_1 > size_server_unc_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_unc_1, length_server_unc_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.server_unc), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_unc, ndr_get_array_length(ndr, &r->in.server_unc), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_unc_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_unc, length_server_unc_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_unc_0, 0); } NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.level)); @@ -16382,6 +16884,8 @@ static enum ndr_err_code ndr_push_srvsvc_NetDiskEnum(struct ndr_push *ndr, int f static enum ndr_err_code ndr_pull_srvsvc_NetDiskEnum(struct ndr_pull *ndr, int flags, struct srvsvc_NetDiskEnum *r) { uint32_t _ptr_server_unc; + uint32_t size_server_unc_1 = 0; + uint32_t length_server_unc_1 = 0; uint32_t _ptr_resume_handle; TALLOC_CTX *_mem_save_server_unc_0; TALLOC_CTX *_mem_save_info_0; @@ -16401,11 +16905,13 @@ static enum ndr_err_code ndr_pull_srvsvc_NetDiskEnum(struct ndr_pull *ndr, int f NDR_PULL_SET_MEM_CTX(ndr, r->in.server_unc, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.server_unc)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.server_unc)); - if (ndr_get_array_length(ndr, &r->in.server_unc) > ndr_get_array_size(ndr, &r->in.server_unc)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.server_unc), ndr_get_array_length(ndr, &r->in.server_unc)); + size_server_unc_1 = ndr_get_array_size(ndr, &r->in.server_unc); + length_server_unc_1 = ndr_get_array_length(ndr, &r->in.server_unc); + if (length_server_unc_1 > size_server_unc_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_unc_1, length_server_unc_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.server_unc), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_unc, ndr_get_array_length(ndr, &r->in.server_unc), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_unc_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_unc, length_server_unc_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_unc_0, 0); } NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.level)); @@ -16555,7 +17061,11 @@ static enum ndr_err_code ndr_push_srvsvc_NetServerStatisticsGet(struct ndr_push static enum ndr_err_code ndr_pull_srvsvc_NetServerStatisticsGet(struct ndr_pull *ndr, int flags, struct srvsvc_NetServerStatisticsGet *r) { uint32_t _ptr_server_unc; + uint32_t size_server_unc_1 = 0; + uint32_t length_server_unc_1 = 0; uint32_t _ptr_service; + uint32_t size_service_1 = 0; + uint32_t length_service_1 = 0; uint32_t _ptr_stats; TALLOC_CTX *_mem_save_server_unc_0; TALLOC_CTX *_mem_save_service_0; @@ -16575,11 +17085,13 @@ static enum ndr_err_code ndr_pull_srvsvc_NetServerStatisticsGet(struct ndr_pull NDR_PULL_SET_MEM_CTX(ndr, r->in.server_unc, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.server_unc)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.server_unc)); - if (ndr_get_array_length(ndr, &r->in.server_unc) > ndr_get_array_size(ndr, &r->in.server_unc)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.server_unc), ndr_get_array_length(ndr, &r->in.server_unc)); + size_server_unc_1 = ndr_get_array_size(ndr, &r->in.server_unc); + length_server_unc_1 = ndr_get_array_length(ndr, &r->in.server_unc); + if (length_server_unc_1 > size_server_unc_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_unc_1, length_server_unc_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.server_unc), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_unc, ndr_get_array_length(ndr, &r->in.server_unc), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_unc_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_unc, length_server_unc_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_unc_0, 0); } NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_service)); @@ -16593,11 +17105,13 @@ static enum ndr_err_code ndr_pull_srvsvc_NetServerStatisticsGet(struct ndr_pull NDR_PULL_SET_MEM_CTX(ndr, r->in.service, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.service)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.service)); - if (ndr_get_array_length(ndr, &r->in.service) > ndr_get_array_size(ndr, &r->in.service)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.service), ndr_get_array_length(ndr, &r->in.service)); + size_service_1 = ndr_get_array_size(ndr, &r->in.service); + length_service_1 = ndr_get_array_length(ndr, &r->in.service); + if (length_service_1 > size_service_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_service_1, length_service_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.service), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.service, ndr_get_array_length(ndr, &r->in.service), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_service_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.service, length_service_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_service_0, 0); } NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.level)); @@ -16696,6 +17210,8 @@ static enum ndr_err_code ndr_push_srvsvc_NetTransportAdd(struct ndr_push *ndr, i static enum ndr_err_code ndr_pull_srvsvc_NetTransportAdd(struct ndr_pull *ndr, int flags, struct srvsvc_NetTransportAdd *r) { uint32_t _ptr_server_unc; + uint32_t size_server_unc_1 = 0; + uint32_t length_server_unc_1 = 0; TALLOC_CTX *_mem_save_server_unc_0; if (flags & NDR_IN) { NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_server_unc)); @@ -16709,11 +17225,13 @@ static enum ndr_err_code ndr_pull_srvsvc_NetTransportAdd(struct ndr_pull *ndr, i NDR_PULL_SET_MEM_CTX(ndr, r->in.server_unc, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.server_unc)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.server_unc)); - if (ndr_get_array_length(ndr, &r->in.server_unc) > ndr_get_array_size(ndr, &r->in.server_unc)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.server_unc), ndr_get_array_length(ndr, &r->in.server_unc)); + size_server_unc_1 = ndr_get_array_size(ndr, &r->in.server_unc); + length_server_unc_1 = ndr_get_array_length(ndr, &r->in.server_unc); + if (length_server_unc_1 > size_server_unc_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_unc_1, length_server_unc_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.server_unc), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_unc, ndr_get_array_length(ndr, &r->in.server_unc), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_unc_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_unc, length_server_unc_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_unc_0, 0); } NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.level)); @@ -16797,6 +17315,8 @@ static enum ndr_err_code ndr_push_srvsvc_NetTransportEnum(struct ndr_push *ndr, static enum ndr_err_code ndr_pull_srvsvc_NetTransportEnum(struct ndr_pull *ndr, int flags, struct srvsvc_NetTransportEnum *r) { uint32_t _ptr_server_unc; + uint32_t size_server_unc_1 = 0; + uint32_t length_server_unc_1 = 0; uint32_t _ptr_resume_handle; TALLOC_CTX *_mem_save_server_unc_0; TALLOC_CTX *_mem_save_transports_0; @@ -16816,11 +17336,13 @@ static enum ndr_err_code ndr_pull_srvsvc_NetTransportEnum(struct ndr_pull *ndr, NDR_PULL_SET_MEM_CTX(ndr, r->in.server_unc, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.server_unc)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.server_unc)); - if (ndr_get_array_length(ndr, &r->in.server_unc) > ndr_get_array_size(ndr, &r->in.server_unc)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.server_unc), ndr_get_array_length(ndr, &r->in.server_unc)); + size_server_unc_1 = ndr_get_array_size(ndr, &r->in.server_unc); + length_server_unc_1 = ndr_get_array_length(ndr, &r->in.server_unc); + if (length_server_unc_1 > size_server_unc_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_unc_1, length_server_unc_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.server_unc), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_unc, ndr_get_array_length(ndr, &r->in.server_unc), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_unc_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_unc, length_server_unc_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_unc_0, 0); } if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) { @@ -16957,6 +17479,8 @@ static enum ndr_err_code ndr_push_srvsvc_NetTransportDel(struct ndr_push *ndr, i static enum ndr_err_code ndr_pull_srvsvc_NetTransportDel(struct ndr_pull *ndr, int flags, struct srvsvc_NetTransportDel *r) { uint32_t _ptr_server_unc; + uint32_t size_server_unc_1 = 0; + uint32_t length_server_unc_1 = 0; TALLOC_CTX *_mem_save_server_unc_0; TALLOC_CTX *_mem_save_info0_0; if (flags & NDR_IN) { @@ -16971,11 +17495,13 @@ static enum ndr_err_code ndr_pull_srvsvc_NetTransportDel(struct ndr_pull *ndr, i NDR_PULL_SET_MEM_CTX(ndr, r->in.server_unc, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.server_unc)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.server_unc)); - if (ndr_get_array_length(ndr, &r->in.server_unc) > ndr_get_array_size(ndr, &r->in.server_unc)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.server_unc), ndr_get_array_length(ndr, &r->in.server_unc)); + size_server_unc_1 = ndr_get_array_size(ndr, &r->in.server_unc); + length_server_unc_1 = ndr_get_array_length(ndr, &r->in.server_unc); + if (length_server_unc_1 > size_server_unc_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_unc_1, length_server_unc_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.server_unc), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_unc, ndr_get_array_length(ndr, &r->in.server_unc), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_unc_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_unc, length_server_unc_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_unc_0, 0); } NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.level)); @@ -17052,6 +17578,8 @@ static enum ndr_err_code ndr_push_srvsvc_NetRemoteTOD(struct ndr_push *ndr, int static enum ndr_err_code ndr_pull_srvsvc_NetRemoteTOD(struct ndr_pull *ndr, int flags, struct srvsvc_NetRemoteTOD *r) { uint32_t _ptr_server_unc; + uint32_t size_server_unc_1 = 0; + uint32_t length_server_unc_1 = 0; uint32_t _ptr_info; TALLOC_CTX *_mem_save_server_unc_0; TALLOC_CTX *_mem_save_info_0; @@ -17070,11 +17598,13 @@ static enum ndr_err_code ndr_pull_srvsvc_NetRemoteTOD(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->in.server_unc, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.server_unc)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.server_unc)); - if (ndr_get_array_length(ndr, &r->in.server_unc) > ndr_get_array_size(ndr, &r->in.server_unc)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.server_unc), ndr_get_array_length(ndr, &r->in.server_unc)); + size_server_unc_1 = ndr_get_array_size(ndr, &r->in.server_unc); + length_server_unc_1 = ndr_get_array_length(ndr, &r->in.server_unc); + if (length_server_unc_1 > size_server_unc_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_unc_1, length_server_unc_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.server_unc), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_unc, ndr_get_array_length(ndr, &r->in.server_unc), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_unc_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_unc, length_server_unc_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_unc_0, 0); } NDR_PULL_ALLOC(ndr, r->out.info); @@ -17169,7 +17699,11 @@ static enum ndr_err_code ndr_push_srvsvc_NetSetServiceBits(struct ndr_push *ndr, static enum ndr_err_code ndr_pull_srvsvc_NetSetServiceBits(struct ndr_pull *ndr, int flags, struct srvsvc_NetSetServiceBits *r) { uint32_t _ptr_server_unc; + uint32_t size_server_unc_1 = 0; + uint32_t length_server_unc_1 = 0; uint32_t _ptr_transport; + uint32_t size_transport_1 = 0; + uint32_t length_transport_1 = 0; TALLOC_CTX *_mem_save_server_unc_0; TALLOC_CTX *_mem_save_transport_0; if (flags & NDR_IN) { @@ -17184,11 +17718,13 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSetServiceBits(struct ndr_pull *ndr, NDR_PULL_SET_MEM_CTX(ndr, r->in.server_unc, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.server_unc)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.server_unc)); - if (ndr_get_array_length(ndr, &r->in.server_unc) > ndr_get_array_size(ndr, &r->in.server_unc)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.server_unc), ndr_get_array_length(ndr, &r->in.server_unc)); + size_server_unc_1 = ndr_get_array_size(ndr, &r->in.server_unc); + length_server_unc_1 = ndr_get_array_length(ndr, &r->in.server_unc); + if (length_server_unc_1 > size_server_unc_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_unc_1, length_server_unc_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.server_unc), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_unc, ndr_get_array_length(ndr, &r->in.server_unc), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_unc_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_unc, length_server_unc_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_unc_0, 0); } NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_transport)); @@ -17202,11 +17738,13 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSetServiceBits(struct ndr_pull *ndr, NDR_PULL_SET_MEM_CTX(ndr, r->in.transport, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.transport)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.transport)); - if (ndr_get_array_length(ndr, &r->in.transport) > ndr_get_array_size(ndr, &r->in.transport)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.transport), ndr_get_array_length(ndr, &r->in.transport)); + size_transport_1 = ndr_get_array_size(ndr, &r->in.transport); + length_transport_1 = ndr_get_array_length(ndr, &r->in.transport); + if (length_transport_1 > size_transport_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_transport_1, length_transport_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.transport), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.transport, ndr_get_array_length(ndr, &r->in.transport), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_transport_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.transport, length_transport_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_transport_0, 0); } NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.servicebits)); @@ -17282,6 +17820,10 @@ static enum ndr_err_code ndr_push_srvsvc_NetPathType(struct ndr_push *ndr, int f static enum ndr_err_code ndr_pull_srvsvc_NetPathType(struct ndr_pull *ndr, int flags, struct srvsvc_NetPathType *r) { uint32_t _ptr_server_unc; + uint32_t size_server_unc_1 = 0; + uint32_t length_server_unc_1 = 0; + uint32_t size_path_0 = 0; + uint32_t length_path_0 = 0; TALLOC_CTX *_mem_save_server_unc_0; TALLOC_CTX *_mem_save_pathtype_0; if (flags & NDR_IN) { @@ -17298,20 +17840,24 @@ static enum ndr_err_code ndr_pull_srvsvc_NetPathType(struct ndr_pull *ndr, int f NDR_PULL_SET_MEM_CTX(ndr, r->in.server_unc, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.server_unc)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.server_unc)); - if (ndr_get_array_length(ndr, &r->in.server_unc) > ndr_get_array_size(ndr, &r->in.server_unc)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.server_unc), ndr_get_array_length(ndr, &r->in.server_unc)); + size_server_unc_1 = ndr_get_array_size(ndr, &r->in.server_unc); + length_server_unc_1 = ndr_get_array_length(ndr, &r->in.server_unc); + if (length_server_unc_1 > size_server_unc_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_unc_1, length_server_unc_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.server_unc), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_unc, ndr_get_array_length(ndr, &r->in.server_unc), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_unc_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_unc, length_server_unc_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_unc_0, 0); } NDR_CHECK(ndr_pull_array_size(ndr, &r->in.path)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.path)); - if (ndr_get_array_length(ndr, &r->in.path) > ndr_get_array_size(ndr, &r->in.path)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.path), ndr_get_array_length(ndr, &r->in.path)); + size_path_0 = ndr_get_array_size(ndr, &r->in.path); + length_path_0 = ndr_get_array_length(ndr, &r->in.path); + if (length_path_0 > size_path_0) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_path_0, length_path_0); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.path), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.path, ndr_get_array_length(ndr, &r->in.path), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_path_0, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.path, length_path_0, sizeof(uint16_t), CH_UTF16)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.pathflags)); NDR_PULL_ALLOC(ndr, r->out.pathtype); ZERO_STRUCTP(r->out.pathtype); @@ -17402,6 +17948,13 @@ static enum ndr_err_code ndr_push_srvsvc_NetPathCanonicalize(struct ndr_push *nd static enum ndr_err_code ndr_pull_srvsvc_NetPathCanonicalize(struct ndr_pull *ndr, int flags, struct srvsvc_NetPathCanonicalize *r) { uint32_t _ptr_server_unc; + uint32_t size_server_unc_1 = 0; + uint32_t length_server_unc_1 = 0; + uint32_t size_path_0 = 0; + uint32_t length_path_0 = 0; + uint32_t size_can_path_0 = 0; + uint32_t size_prefix_0 = 0; + uint32_t length_prefix_0 = 0; TALLOC_CTX *_mem_save_server_unc_0; TALLOC_CTX *_mem_save_pathtype_0; if (flags & NDR_IN) { @@ -17418,28 +17971,34 @@ static enum ndr_err_code ndr_pull_srvsvc_NetPathCanonicalize(struct ndr_pull *nd NDR_PULL_SET_MEM_CTX(ndr, r->in.server_unc, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.server_unc)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.server_unc)); - if (ndr_get_array_length(ndr, &r->in.server_unc) > ndr_get_array_size(ndr, &r->in.server_unc)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.server_unc), ndr_get_array_length(ndr, &r->in.server_unc)); + size_server_unc_1 = ndr_get_array_size(ndr, &r->in.server_unc); + length_server_unc_1 = ndr_get_array_length(ndr, &r->in.server_unc); + if (length_server_unc_1 > size_server_unc_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_unc_1, length_server_unc_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.server_unc), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_unc, ndr_get_array_length(ndr, &r->in.server_unc), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_unc_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_unc, length_server_unc_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_unc_0, 0); } NDR_CHECK(ndr_pull_array_size(ndr, &r->in.path)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.path)); - if (ndr_get_array_length(ndr, &r->in.path) > ndr_get_array_size(ndr, &r->in.path)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.path), ndr_get_array_length(ndr, &r->in.path)); + size_path_0 = ndr_get_array_size(ndr, &r->in.path); + length_path_0 = ndr_get_array_length(ndr, &r->in.path); + if (length_path_0 > size_path_0) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_path_0, length_path_0); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.path), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.path, ndr_get_array_length(ndr, &r->in.path), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_path_0, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.path, length_path_0, sizeof(uint16_t), CH_UTF16)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.maxbuf)); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.prefix)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.prefix)); - if (ndr_get_array_length(ndr, &r->in.prefix) > ndr_get_array_size(ndr, &r->in.prefix)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.prefix), ndr_get_array_length(ndr, &r->in.prefix)); + size_prefix_0 = ndr_get_array_size(ndr, &r->in.prefix); + length_prefix_0 = ndr_get_array_length(ndr, &r->in.prefix); + if (length_prefix_0 > size_prefix_0) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_prefix_0, length_prefix_0); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.prefix), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.prefix, ndr_get_array_length(ndr, &r->in.prefix), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_prefix_0, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.prefix, length_prefix_0, sizeof(uint16_t), CH_UTF16)); if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) { NDR_PULL_ALLOC(ndr, r->in.pathtype); } @@ -17453,8 +18012,9 @@ static enum ndr_err_code ndr_pull_srvsvc_NetPathCanonicalize(struct ndr_pull *nd } if (flags & NDR_OUT) { NDR_CHECK(ndr_pull_array_size(ndr, &r->out.can_path)); - NDR_PULL_ALLOC_N(ndr, r->out.can_path, ndr_get_array_size(ndr, &r->out.can_path)); - NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->out.can_path, ndr_get_array_size(ndr, &r->out.can_path))); + size_can_path_0 = ndr_get_array_size(ndr, &r->out.can_path); + NDR_PULL_ALLOC_N(ndr, r->out.can_path, size_can_path_0); + NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->out.can_path, size_can_path_0)); if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) { NDR_PULL_ALLOC(ndr, r->out.pathtype); } @@ -17540,6 +18100,12 @@ static enum ndr_err_code ndr_push_srvsvc_NetPathCompare(struct ndr_push *ndr, in static enum ndr_err_code ndr_pull_srvsvc_NetPathCompare(struct ndr_pull *ndr, int flags, struct srvsvc_NetPathCompare *r) { uint32_t _ptr_server_unc; + uint32_t size_server_unc_1 = 0; + uint32_t length_server_unc_1 = 0; + uint32_t size_path1_0 = 0; + uint32_t length_path1_0 = 0; + uint32_t size_path2_0 = 0; + uint32_t length_path2_0 = 0; TALLOC_CTX *_mem_save_server_unc_0; if (flags & NDR_IN) { NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_server_unc)); @@ -17553,27 +18119,33 @@ static enum ndr_err_code ndr_pull_srvsvc_NetPathCompare(struct ndr_pull *ndr, in NDR_PULL_SET_MEM_CTX(ndr, r->in.server_unc, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.server_unc)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.server_unc)); - if (ndr_get_array_length(ndr, &r->in.server_unc) > ndr_get_array_size(ndr, &r->in.server_unc)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.server_unc), ndr_get_array_length(ndr, &r->in.server_unc)); + size_server_unc_1 = ndr_get_array_size(ndr, &r->in.server_unc); + length_server_unc_1 = ndr_get_array_length(ndr, &r->in.server_unc); + if (length_server_unc_1 > size_server_unc_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_unc_1, length_server_unc_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.server_unc), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_unc, ndr_get_array_length(ndr, &r->in.server_unc), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_unc_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_unc, length_server_unc_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_unc_0, 0); } NDR_CHECK(ndr_pull_array_size(ndr, &r->in.path1)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.path1)); - if (ndr_get_array_length(ndr, &r->in.path1) > ndr_get_array_size(ndr, &r->in.path1)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.path1), ndr_get_array_length(ndr, &r->in.path1)); + size_path1_0 = ndr_get_array_size(ndr, &r->in.path1); + length_path1_0 = ndr_get_array_length(ndr, &r->in.path1); + if (length_path1_0 > size_path1_0) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_path1_0, length_path1_0); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.path1), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.path1, ndr_get_array_length(ndr, &r->in.path1), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_path1_0, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.path1, length_path1_0, sizeof(uint16_t), CH_UTF16)); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.path2)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.path2)); - if (ndr_get_array_length(ndr, &r->in.path2) > ndr_get_array_size(ndr, &r->in.path2)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.path2), ndr_get_array_length(ndr, &r->in.path2)); + size_path2_0 = ndr_get_array_size(ndr, &r->in.path2); + length_path2_0 = ndr_get_array_length(ndr, &r->in.path2); + if (length_path2_0 > size_path2_0) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_path2_0, length_path2_0); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.path2), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.path2, ndr_get_array_length(ndr, &r->in.path2), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_path2_0, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.path2, length_path2_0, sizeof(uint16_t), CH_UTF16)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.pathtype)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.pathflags)); } @@ -17640,6 +18212,10 @@ static enum ndr_err_code ndr_push_srvsvc_NetNameValidate(struct ndr_push *ndr, i static enum ndr_err_code ndr_pull_srvsvc_NetNameValidate(struct ndr_pull *ndr, int flags, struct srvsvc_NetNameValidate *r) { uint32_t _ptr_server_unc; + uint32_t size_server_unc_1 = 0; + uint32_t length_server_unc_1 = 0; + uint32_t size_name_0 = 0; + uint32_t length_name_0 = 0; TALLOC_CTX *_mem_save_server_unc_0; if (flags & NDR_IN) { NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_server_unc)); @@ -17653,20 +18229,24 @@ static enum ndr_err_code ndr_pull_srvsvc_NetNameValidate(struct ndr_pull *ndr, i NDR_PULL_SET_MEM_CTX(ndr, r->in.server_unc, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.server_unc)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.server_unc)); - if (ndr_get_array_length(ndr, &r->in.server_unc) > ndr_get_array_size(ndr, &r->in.server_unc)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.server_unc), ndr_get_array_length(ndr, &r->in.server_unc)); + size_server_unc_1 = ndr_get_array_size(ndr, &r->in.server_unc); + length_server_unc_1 = ndr_get_array_length(ndr, &r->in.server_unc); + if (length_server_unc_1 > size_server_unc_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_unc_1, length_server_unc_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.server_unc), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_unc, ndr_get_array_length(ndr, &r->in.server_unc), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_unc_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_unc, length_server_unc_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_unc_0, 0); } NDR_CHECK(ndr_pull_array_size(ndr, &r->in.name)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.name)); - if (ndr_get_array_length(ndr, &r->in.name) > ndr_get_array_size(ndr, &r->in.name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.name), ndr_get_array_length(ndr, &r->in.name)); + size_name_0 = ndr_get_array_size(ndr, &r->in.name); + length_name_0 = ndr_get_array_length(ndr, &r->in.name); + if (length_name_0 > size_name_0) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_name_0, length_name_0); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.name, ndr_get_array_length(ndr, &r->in.name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_name_0, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.name, length_name_0, sizeof(uint16_t), CH_UTF16)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.name_type)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.flags)); } @@ -17777,6 +18357,12 @@ static enum ndr_err_code ndr_push_srvsvc_NetPRNameCompare(struct ndr_push *ndr, static enum ndr_err_code ndr_pull_srvsvc_NetPRNameCompare(struct ndr_pull *ndr, int flags, struct srvsvc_NetPRNameCompare *r) { uint32_t _ptr_server_unc; + uint32_t size_server_unc_1 = 0; + uint32_t length_server_unc_1 = 0; + uint32_t size_name1_0 = 0; + uint32_t length_name1_0 = 0; + uint32_t size_name2_0 = 0; + uint32_t length_name2_0 = 0; TALLOC_CTX *_mem_save_server_unc_0; if (flags & NDR_IN) { NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_server_unc)); @@ -17790,27 +18376,33 @@ static enum ndr_err_code ndr_pull_srvsvc_NetPRNameCompare(struct ndr_pull *ndr, NDR_PULL_SET_MEM_CTX(ndr, r->in.server_unc, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.server_unc)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.server_unc)); - if (ndr_get_array_length(ndr, &r->in.server_unc) > ndr_get_array_size(ndr, &r->in.server_unc)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.server_unc), ndr_get_array_length(ndr, &r->in.server_unc)); + size_server_unc_1 = ndr_get_array_size(ndr, &r->in.server_unc); + length_server_unc_1 = ndr_get_array_length(ndr, &r->in.server_unc); + if (length_server_unc_1 > size_server_unc_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_unc_1, length_server_unc_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.server_unc), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_unc, ndr_get_array_length(ndr, &r->in.server_unc), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_unc_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_unc, length_server_unc_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_unc_0, 0); } NDR_CHECK(ndr_pull_array_size(ndr, &r->in.name1)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.name1)); - if (ndr_get_array_length(ndr, &r->in.name1) > ndr_get_array_size(ndr, &r->in.name1)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.name1), ndr_get_array_length(ndr, &r->in.name1)); + size_name1_0 = ndr_get_array_size(ndr, &r->in.name1); + length_name1_0 = ndr_get_array_length(ndr, &r->in.name1); + if (length_name1_0 > size_name1_0) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_name1_0, length_name1_0); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.name1), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.name1, ndr_get_array_length(ndr, &r->in.name1), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_name1_0, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.name1, length_name1_0, sizeof(uint16_t), CH_UTF16)); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.name2)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.name2)); - if (ndr_get_array_length(ndr, &r->in.name2) > ndr_get_array_size(ndr, &r->in.name2)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.name2), ndr_get_array_length(ndr, &r->in.name2)); + size_name2_0 = ndr_get_array_size(ndr, &r->in.name2); + length_name2_0 = ndr_get_array_length(ndr, &r->in.name2); + if (length_name2_0 > size_name2_0) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_name2_0, length_name2_0); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.name2), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.name2, ndr_get_array_length(ndr, &r->in.name2), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_name2_0, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.name2, length_name2_0, sizeof(uint16_t), CH_UTF16)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.name_type)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.flags)); } @@ -17892,6 +18484,8 @@ static enum ndr_err_code ndr_push_srvsvc_NetShareEnum(struct ndr_push *ndr, int static enum ndr_err_code ndr_pull_srvsvc_NetShareEnum(struct ndr_pull *ndr, int flags, struct srvsvc_NetShareEnum *r) { uint32_t _ptr_server_unc; + uint32_t size_server_unc_1 = 0; + uint32_t length_server_unc_1 = 0; uint32_t _ptr_resume_handle; TALLOC_CTX *_mem_save_server_unc_0; TALLOC_CTX *_mem_save_info_ctr_0; @@ -17911,11 +18505,13 @@ static enum ndr_err_code ndr_pull_srvsvc_NetShareEnum(struct ndr_pull *ndr, int NDR_PULL_SET_MEM_CTX(ndr, r->in.server_unc, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.server_unc)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.server_unc)); - if (ndr_get_array_length(ndr, &r->in.server_unc) > ndr_get_array_size(ndr, &r->in.server_unc)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.server_unc), ndr_get_array_length(ndr, &r->in.server_unc)); + size_server_unc_1 = ndr_get_array_size(ndr, &r->in.server_unc); + length_server_unc_1 = ndr_get_array_length(ndr, &r->in.server_unc); + if (length_server_unc_1 > size_server_unc_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_unc_1, length_server_unc_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.server_unc), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_unc, ndr_get_array_length(ndr, &r->in.server_unc), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_unc_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_unc, length_server_unc_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_unc_0, 0); } if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) { @@ -18056,6 +18652,10 @@ static enum ndr_err_code ndr_push_srvsvc_NetShareDelStart(struct ndr_push *ndr, static enum ndr_err_code ndr_pull_srvsvc_NetShareDelStart(struct ndr_pull *ndr, int flags, struct srvsvc_NetShareDelStart *r) { uint32_t _ptr_server_unc; + uint32_t size_server_unc_1 = 0; + uint32_t length_server_unc_1 = 0; + uint32_t size_share_0 = 0; + uint32_t length_share_0 = 0; uint32_t _ptr_hnd; TALLOC_CTX *_mem_save_server_unc_0; TALLOC_CTX *_mem_save_hnd_0; @@ -18073,20 +18673,24 @@ static enum ndr_err_code ndr_pull_srvsvc_NetShareDelStart(struct ndr_pull *ndr, NDR_PULL_SET_MEM_CTX(ndr, r->in.server_unc, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.server_unc)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.server_unc)); - if (ndr_get_array_length(ndr, &r->in.server_unc) > ndr_get_array_size(ndr, &r->in.server_unc)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.server_unc), ndr_get_array_length(ndr, &r->in.server_unc)); + size_server_unc_1 = ndr_get_array_size(ndr, &r->in.server_unc); + length_server_unc_1 = ndr_get_array_length(ndr, &r->in.server_unc); + if (length_server_unc_1 > size_server_unc_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_unc_1, length_server_unc_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.server_unc), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_unc, ndr_get_array_length(ndr, &r->in.server_unc), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_unc_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_unc, length_server_unc_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_unc_0, 0); } NDR_CHECK(ndr_pull_array_size(ndr, &r->in.share)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.share)); - if (ndr_get_array_length(ndr, &r->in.share) > ndr_get_array_size(ndr, &r->in.share)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.share), ndr_get_array_length(ndr, &r->in.share)); + size_share_0 = ndr_get_array_size(ndr, &r->in.share); + length_share_0 = ndr_get_array_length(ndr, &r->in.share); + if (length_share_0 > size_share_0) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_share_0, length_share_0); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.share), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.share, ndr_get_array_length(ndr, &r->in.share), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_share_0, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.share, length_share_0, sizeof(uint16_t), CH_UTF16)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.reserved)); } if (flags & NDR_OUT) { @@ -18270,7 +18874,13 @@ static enum ndr_err_code ndr_push_srvsvc_NetGetFileSecurity(struct ndr_push *ndr static enum ndr_err_code ndr_pull_srvsvc_NetGetFileSecurity(struct ndr_pull *ndr, int flags, struct srvsvc_NetGetFileSecurity *r) { uint32_t _ptr_server_unc; + uint32_t size_server_unc_1 = 0; + uint32_t length_server_unc_1 = 0; uint32_t _ptr_share; + uint32_t size_share_1 = 0; + uint32_t length_share_1 = 0; + uint32_t size_file_0 = 0; + uint32_t length_file_0 = 0; uint32_t _ptr_sd_buf; TALLOC_CTX *_mem_save_server_unc_0; TALLOC_CTX *_mem_save_share_0; @@ -18290,11 +18900,13 @@ static enum ndr_err_code ndr_pull_srvsvc_NetGetFileSecurity(struct ndr_pull *ndr NDR_PULL_SET_MEM_CTX(ndr, r->in.server_unc, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.server_unc)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.server_unc)); - if (ndr_get_array_length(ndr, &r->in.server_unc) > ndr_get_array_size(ndr, &r->in.server_unc)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.server_unc), ndr_get_array_length(ndr, &r->in.server_unc)); + size_server_unc_1 = ndr_get_array_size(ndr, &r->in.server_unc); + length_server_unc_1 = ndr_get_array_length(ndr, &r->in.server_unc); + if (length_server_unc_1 > size_server_unc_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_unc_1, length_server_unc_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.server_unc), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_unc, ndr_get_array_length(ndr, &r->in.server_unc), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_unc_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_unc, length_server_unc_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_unc_0, 0); } NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_share)); @@ -18308,20 +18920,24 @@ static enum ndr_err_code ndr_pull_srvsvc_NetGetFileSecurity(struct ndr_pull *ndr NDR_PULL_SET_MEM_CTX(ndr, r->in.share, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.share)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.share)); - if (ndr_get_array_length(ndr, &r->in.share) > ndr_get_array_size(ndr, &r->in.share)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.share), ndr_get_array_length(ndr, &r->in.share)); + size_share_1 = ndr_get_array_size(ndr, &r->in.share); + length_share_1 = ndr_get_array_length(ndr, &r->in.share); + if (length_share_1 > size_share_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_share_1, length_share_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.share), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.share, ndr_get_array_length(ndr, &r->in.share), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_share_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.share, length_share_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_share_0, 0); } NDR_CHECK(ndr_pull_array_size(ndr, &r->in.file)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.file)); - if (ndr_get_array_length(ndr, &r->in.file) > ndr_get_array_size(ndr, &r->in.file)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.file), ndr_get_array_length(ndr, &r->in.file)); + size_file_0 = ndr_get_array_size(ndr, &r->in.file); + length_file_0 = ndr_get_array_length(ndr, &r->in.file); + if (length_file_0 > size_file_0) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_file_0, length_file_0); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.file), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.file, ndr_get_array_length(ndr, &r->in.file), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_file_0, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.file, length_file_0, sizeof(uint16_t), CH_UTF16)); NDR_CHECK(ndr_pull_security_secinfo(ndr, NDR_SCALARS, &r->in.securityinformation)); NDR_PULL_ALLOC(ndr, r->out.sd_buf); ZERO_STRUCTP(r->out.sd_buf); @@ -18430,7 +19046,13 @@ static enum ndr_err_code ndr_push_srvsvc_NetSetFileSecurity(struct ndr_push *ndr static enum ndr_err_code ndr_pull_srvsvc_NetSetFileSecurity(struct ndr_pull *ndr, int flags, struct srvsvc_NetSetFileSecurity *r) { uint32_t _ptr_server_unc; + uint32_t size_server_unc_1 = 0; + uint32_t length_server_unc_1 = 0; uint32_t _ptr_share; + uint32_t size_share_1 = 0; + uint32_t length_share_1 = 0; + uint32_t size_file_0 = 0; + uint32_t length_file_0 = 0; TALLOC_CTX *_mem_save_server_unc_0; TALLOC_CTX *_mem_save_share_0; TALLOC_CTX *_mem_save_sd_buf_0; @@ -18446,11 +19068,13 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSetFileSecurity(struct ndr_pull *ndr NDR_PULL_SET_MEM_CTX(ndr, r->in.server_unc, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.server_unc)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.server_unc)); - if (ndr_get_array_length(ndr, &r->in.server_unc) > ndr_get_array_size(ndr, &r->in.server_unc)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.server_unc), ndr_get_array_length(ndr, &r->in.server_unc)); + size_server_unc_1 = ndr_get_array_size(ndr, &r->in.server_unc); + length_server_unc_1 = ndr_get_array_length(ndr, &r->in.server_unc); + if (length_server_unc_1 > size_server_unc_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_unc_1, length_server_unc_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.server_unc), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_unc, ndr_get_array_length(ndr, &r->in.server_unc), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_unc_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_unc, length_server_unc_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_unc_0, 0); } NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_share)); @@ -18464,20 +19088,24 @@ static enum ndr_err_code ndr_pull_srvsvc_NetSetFileSecurity(struct ndr_pull *ndr NDR_PULL_SET_MEM_CTX(ndr, r->in.share, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.share)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.share)); - if (ndr_get_array_length(ndr, &r->in.share) > ndr_get_array_size(ndr, &r->in.share)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.share), ndr_get_array_length(ndr, &r->in.share)); + size_share_1 = ndr_get_array_size(ndr, &r->in.share); + length_share_1 = ndr_get_array_length(ndr, &r->in.share); + if (length_share_1 > size_share_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_share_1, length_share_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.share), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.share, ndr_get_array_length(ndr, &r->in.share), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_share_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.share, length_share_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_share_0, 0); } NDR_CHECK(ndr_pull_array_size(ndr, &r->in.file)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.file)); - if (ndr_get_array_length(ndr, &r->in.file) > ndr_get_array_size(ndr, &r->in.file)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.file), ndr_get_array_length(ndr, &r->in.file)); + size_file_0 = ndr_get_array_size(ndr, &r->in.file); + length_file_0 = ndr_get_array_length(ndr, &r->in.file); + if (length_file_0 > size_file_0) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_file_0, length_file_0); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.file), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.file, ndr_get_array_length(ndr, &r->in.file), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_file_0, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.file, length_file_0, sizeof(uint16_t), CH_UTF16)); NDR_CHECK(ndr_pull_security_secinfo(ndr, NDR_SCALARS, &r->in.securityinformation)); if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) { NDR_PULL_ALLOC(ndr, r->in.sd_buf); @@ -18555,6 +19183,8 @@ static enum ndr_err_code ndr_push_srvsvc_NetServerTransportAddEx(struct ndr_push static enum ndr_err_code ndr_pull_srvsvc_NetServerTransportAddEx(struct ndr_pull *ndr, int flags, struct srvsvc_NetServerTransportAddEx *r) { uint32_t _ptr_server_unc; + uint32_t size_server_unc_1 = 0; + uint32_t length_server_unc_1 = 0; TALLOC_CTX *_mem_save_server_unc_0; if (flags & NDR_IN) { NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_server_unc)); @@ -18568,11 +19198,13 @@ static enum ndr_err_code ndr_pull_srvsvc_NetServerTransportAddEx(struct ndr_pull NDR_PULL_SET_MEM_CTX(ndr, r->in.server_unc, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.server_unc)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.server_unc)); - if (ndr_get_array_length(ndr, &r->in.server_unc) > ndr_get_array_size(ndr, &r->in.server_unc)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.server_unc), ndr_get_array_length(ndr, &r->in.server_unc)); + size_server_unc_1 = ndr_get_array_size(ndr, &r->in.server_unc); + length_server_unc_1 = ndr_get_array_length(ndr, &r->in.server_unc); + if (length_server_unc_1 > size_server_unc_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_unc_1, length_server_unc_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.server_unc), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_unc, ndr_get_array_length(ndr, &r->in.server_unc), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_unc_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_unc, length_server_unc_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_unc_0, 0); } NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.level)); @@ -18652,8 +19284,14 @@ static enum ndr_err_code ndr_push_srvsvc_NetServerSetServiceBitsEx(struct ndr_pu static enum ndr_err_code ndr_pull_srvsvc_NetServerSetServiceBitsEx(struct ndr_pull *ndr, int flags, struct srvsvc_NetServerSetServiceBitsEx *r) { uint32_t _ptr_server_unc; + uint32_t size_server_unc_1 = 0; + uint32_t length_server_unc_1 = 0; uint32_t _ptr_emulated_server_unc; + uint32_t size_emulated_server_unc_1 = 0; + uint32_t length_emulated_server_unc_1 = 0; uint32_t _ptr_transport; + uint32_t size_transport_1 = 0; + uint32_t length_transport_1 = 0; TALLOC_CTX *_mem_save_server_unc_0; TALLOC_CTX *_mem_save_emulated_server_unc_0; TALLOC_CTX *_mem_save_transport_0; @@ -18669,11 +19307,13 @@ static enum ndr_err_code ndr_pull_srvsvc_NetServerSetServiceBitsEx(struct ndr_pu NDR_PULL_SET_MEM_CTX(ndr, r->in.server_unc, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.server_unc)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.server_unc)); - if (ndr_get_array_length(ndr, &r->in.server_unc) > ndr_get_array_size(ndr, &r->in.server_unc)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.server_unc), ndr_get_array_length(ndr, &r->in.server_unc)); + size_server_unc_1 = ndr_get_array_size(ndr, &r->in.server_unc); + length_server_unc_1 = ndr_get_array_length(ndr, &r->in.server_unc); + if (length_server_unc_1 > size_server_unc_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_server_unc_1, length_server_unc_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.server_unc), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_unc, ndr_get_array_length(ndr, &r->in.server_unc), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_server_unc_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_unc, length_server_unc_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_unc_0, 0); } NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_emulated_server_unc)); @@ -18687,11 +19327,13 @@ static enum ndr_err_code ndr_pull_srvsvc_NetServerSetServiceBitsEx(struct ndr_pu NDR_PULL_SET_MEM_CTX(ndr, r->in.emulated_server_unc, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.emulated_server_unc)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.emulated_server_unc)); - if (ndr_get_array_length(ndr, &r->in.emulated_server_unc) > ndr_get_array_size(ndr, &r->in.emulated_server_unc)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.emulated_server_unc), ndr_get_array_length(ndr, &r->in.emulated_server_unc)); + size_emulated_server_unc_1 = ndr_get_array_size(ndr, &r->in.emulated_server_unc); + length_emulated_server_unc_1 = ndr_get_array_length(ndr, &r->in.emulated_server_unc); + if (length_emulated_server_unc_1 > size_emulated_server_unc_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_emulated_server_unc_1, length_emulated_server_unc_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.emulated_server_unc), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.emulated_server_unc, ndr_get_array_length(ndr, &r->in.emulated_server_unc), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_emulated_server_unc_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.emulated_server_unc, length_emulated_server_unc_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_emulated_server_unc_0, 0); } NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_transport)); @@ -18705,11 +19347,13 @@ static enum ndr_err_code ndr_pull_srvsvc_NetServerSetServiceBitsEx(struct ndr_pu NDR_PULL_SET_MEM_CTX(ndr, r->in.transport, 0); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.transport)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.transport)); - if (ndr_get_array_length(ndr, &r->in.transport) > ndr_get_array_size(ndr, &r->in.transport)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.transport), ndr_get_array_length(ndr, &r->in.transport)); + size_transport_1 = ndr_get_array_size(ndr, &r->in.transport); + length_transport_1 = ndr_get_array_length(ndr, &r->in.transport); + if (length_transport_1 > size_transport_1) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", size_transport_1, length_transport_1); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.transport), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.transport, ndr_get_array_length(ndr, &r->in.transport), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, length_transport_1, sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.transport, length_transport_1, sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_transport_0, 0); } NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.servicebitsofinterest)); |