pidl/NDR/Parser: use ParseArrayPullGetLength() to get the number of array elements...

An anonymous researcher and Brian Gorenc (HP DVLabs) working
with HP's Zero Day Initiative program have found this and notified us.

metze

diff --git a/pidl/lib/Parse/Pidl/Samba4/NDR/Parser.pm b/pidl/lib/Parse/Pidl/Samba4/NDR/Parser.pm
index eaf673bbd74455ffe3c489b503ddb03ff49b19f8..fe93ae19a4bbdc7c69dea07ba0f733945c55aa52 100644 (file)
--- a/pidl/lib/Parse/Pidl/Samba4/NDR/Parser.pm
+++ b/pidl/lib/Parse/Pidl/Samba4/NDR/Parser.pm
@@ -1157,14 +1157,10 @@ sub ParseElementPullLevel
                }
        } elsif ($l->{TYPE} eq "ARRAY" and 
                        not has_fast_array($e,$l) and not is_charset_array($e, $l)) {
-               my $length = ParseExpr($l->{LENGTH_IS}, $env, $e->{ORIGINAL});
+               my $length = $self->ParseArrayPullGetLength($e, $l, $ndr, $var_name, $env);
                my $counter = "cntr_$e->{NAME}_$l->{LEVEL_INDEX}";
                my $array_name = $var_name;
 
-               if ($l->{IS_VARYING}) {
-                       $length = "ndr_get_array_length($ndr, " . get_pointer_to($var_name) .")";
-               }
-
                if (my $range = has_property($e, "range")) {
                        my ($low, $high) = split(/,/, $range, 2);
                        if ($low < 0) {