From 9657f7c1e9aebece8480be20d804dd0fb284ed59 Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze@samba.org>
Date: Thu, 15 Mar 2012 13:14:48 +0100
Subject: pidl/NDR/Parser: do array range validation in
 ParseArrayPullGetLength()

metze
(cherry picked from commit 04355f68753aeb85655b7cbd8677899db0c97764)
---
 pidl/lib/Parse/Pidl/Samba4/NDR/Parser.pm | 42 +++++++++++---------------------
 1 file changed, 14 insertions(+), 28 deletions(-)

diff --git a/pidl/lib/Parse/Pidl/Samba4/NDR/Parser.pm b/pidl/lib/Parse/Pidl/Samba4/NDR/Parser.pm
index 713900f5c67..ce434029598 100644
--- a/pidl/lib/Parse/Pidl/Samba4/NDR/Parser.pm
+++ b/pidl/lib/Parse/Pidl/Samba4/NDR/Parser.pm
@@ -355,6 +355,20 @@ sub ParseArrayPullGetLength($$$$$$;$)
 		$array_length = "length_$e->{NAME}_$l->{LEVEL_INDEX}";
 	}
 
+	if (my $range = has_property($e, "range")) {
+		my ($low, $high) = split(/,/, $range, 2);
+		if ($low < 0) {
+			warning(0, "$low is invalid for the range of an array size");
+		}
+		if ($low == 0) {
+			$self->pidl("if ($array_length > $high) {");
+		} else {
+			$self->pidl("if ($array_length < $low || $array_length > $high) {");
+		}
+		$self->pidl("\treturn ndr_pull_error($ndr, NDR_ERR_RANGE, \"value out of range\");");
+		$self->pidl("}");
+	}
+
 	return $array_length;
 }
 
@@ -1046,20 +1060,6 @@ sub ParseElementPullLevel
 			my $length = $self->ParseArrayPullHeader($e, $l, $ndr, $var_name, $env);
 			$array_length = $length;
 
-			if (my $range = has_property($e, "range")) {
-				my ($low, $high) = split(/,/, $range, 2);
-				if ($low < 0) {
-					warning(0, "$low is invalid for the range of an array size");
-				}
-				if ($low == 0) {
-					$self->pidl("if ($length > $high) {");
-				} else {
-					$self->pidl("if ($length < $low || $length > $high) {");
-				}
-				$self->pidl("\treturn ndr_pull_error($ndr, NDR_ERR_RANGE, \"value out of range\");");
-				$self->pidl("}");
-			}
-
 			my $nl = GetNextLevel($e, $l);
 
 			if (is_charset_array($e,$l)) {
@@ -1123,20 +1123,6 @@ sub ParseElementPullLevel
 			$length = $self->ParseArrayPullGetLength($e, $l, $ndr, $var_name, $env);
 		}
 
-		if (my $range = has_property($e, "range")) {
-			my ($low, $high) = split(/,/, $range, 2);
-			if ($low < 0) {
-				warning(0, "$low is invalid for the range of an array size");
-			}
-			if ($low == 0) {
-				$self->pidl("if ($length > $high) {");
-			} else {
-				$self->pidl("if ($length < $low || $length > $high) {");
-			}
-			$self->pidl("\treturn ndr_pull_error($ndr, NDR_ERR_RANGE, \"value out of range\");");
-			$self->pidl("}");
-		}
-
 		$var_name = get_array_element($var_name, $counter);
 
 		$self->ParseMemCtxPullStart($e, $l, $ndr, $array_name);
-- 
cgit v1.2.1