pidl: Generate and consume the switch level token for both NDR_SCALARS and NDR_BUFFERS in ndr_pull()
This means what was previously a list becomes a single variable that
could be passed as a function paraemter, but this is avoided for now
because it would change the ABI and be more intrusive.
Before this, a client could cause a NDR token containing the swith level
to be allocated for each and every element in the array that they
promised they were sending (without having to actually send them).
Found by Michael Hanselmann using Honggfuzz and an fuzzer for Samba's
NDR layer.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13876
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
git.samba.org / amitay / samba.git / commit