r9347: this array bounds checking is harder than it looks ...

this copes with 2 more situations:

1) where the array is NULL, which would previously be coped with by a
   if (ptr) check, but now in the deferred array bounds checking needs
   to look at the array variable in the ndr code. Not nice.

2) nest the array checking along with the SCALARS vs BUFFERS checks, ensuring we don't
   do array bounds checking for a buffer when in scalars only mode
(This used to be commit ad1b9867a5a14bc9ed2e1a5eb8f05bb2046bc645)

diff --git a/source4/build/pidl/Parse/Pidl/Samba/NDR/Parser.pm b/source4/build/pidl/Parse/Pidl/Samba/NDR/Parser.pm
index 87b99c5ef8e67a56ef048c49f8125ada5d4be053..65b9ed57bcf93ceac9af27662eecaeb74fe40bc0 100644 (file)
--- a/source4/build/pidl/Parse/Pidl/Samba/NDR/Parser.pm
+++ b/source4/build/pidl/Parse/Pidl/Samba/NDR/Parser.pm
@@ -1330,6 +1330,8 @@ sub ParseStructPull($$)
                ParseElementPull($e, "ndr", "r->", $env, 1, 0);
        }       
 
+       add_deferred();
+
        deindent;
        pidl "}";
        pidl "if (ndr_flags & NDR_BUFFERS) {";
@@ -1343,11 +1345,11 @@ sub ParseStructPull($$)
                ParseElementPull($e, "ndr", "r->", $env, 0, 1);
        }
 
+       add_deferred();
+
        deindent;
        pidl "}";
 
-       add_deferred();
-
        end_flags($struct);
        # restore the old relative_base_offset
        pidl "ndr_pull_restore_relative_base_offset(ndr, _save_relative_base_offset);" if defined($struct->{PROPERTIES}{relative_base});

diff --git a/source4/librpc/ndr/ndr.c b/source4/librpc/ndr/ndr.c
index 3a291c2cf8f41ed81f4ecf12882cd34ba72dd8e8..2cbb83a0f42911376225c233fc6d7cd65bfd1e4b 100644 (file)
--- a/source4/librpc/ndr/ndr.c
+++ b/source4/librpc/ndr/ndr.c
@@ -493,6 +493,10 @@ uint32_t ndr_get_array_size(struct ndr_pull *ndr, const void *p)
 NTSTATUS ndr_check_array_size(struct ndr_pull *ndr, void *p, uint32_t size)
 {
        uint32_t stored;
+       /* a NULL array is OK */
+       if (*(void **)p == NULL) {
+               return NT_STATUS_OK;
+       }
        stored = ndr_token_peek(&ndr->array_size_list, p);
        if (stored != size) {
                return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, 
@@ -531,6 +535,10 @@ uint32_t ndr_get_array_length(struct ndr_pull *ndr, const void *p)
 NTSTATUS ndr_check_array_length(struct ndr_pull *ndr, void *p, uint32_t length)
 {
        uint32_t stored;
+       /* a NULL array is OK */
+       if (*(void **)p == NULL) {
+               return NT_STATUS_OK;
+       }
        stored = ndr_token_peek(&ndr->array_length_list, p);
        if (stored != length) {
                return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE,