[SCM] Samba Shared Repository - branch master updated - 0e801722e335c1bd17897848bf63d2acf4576b2e

Günther Deschner gd at samba.org
Mon Nov 17 12:56:48 GMT 2008


The branch, master has been updated
       via  0e801722e335c1bd17897848bf63d2acf4576b2e (commit)
       via  5b4140a99767db9f0dfa02049e4dcff23a7fdb83 (commit)
       via  738d066768a8aebf0d9522e49d30e2df0ad4f07b (commit)
       via  2409f216cfb74079687929d670b8ebc29e54a038 (commit)
       via  abbd539082022166b7e3a222eb3dc050b3ae7279 (commit)
       via  4e0bbb6e7919212572ba66b8808d8cef1ec3e772 (commit)
       via  c0db253507569804e0cc852a58b5fa9117ebc92e (commit)
       via  b43c3a36a7b8950421bd2f4b9c9eea809fd6f0dc (commit)
       via  880e232e7ea57531bd9dcb26f130a174534eea6a (commit)
       via  2d44f72c337f9877ce5931893914d47c437d205a (commit)
      from  2fbdf22541497b56143083863bf1ffe5af7487fd (commit)

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit 0e801722e335c1bd17897848bf63d2acf4576b2e
Author: Günther Deschner <gd at samba.org>
Date:   Fri Nov 14 11:54:46 2008 +0100

    s3-build: re-run make samba3-idl.
    
    Guenther

commit 5b4140a99767db9f0dfa02049e4dcff23a7fdb83
Author: Günther Deschner <gd at samba.org>
Date:   Fri Nov 14 11:54:16 2008 +0100

    svcctl: fill in SERVICE_CONTROL from s3.
    
    Guenther

commit 738d066768a8aebf0d9522e49d30e2df0ad4f07b
Author: Günther Deschner <gd at samba.org>
Date:   Fri Nov 14 11:41:40 2008 +0100

    svcctl: fix idl for svcctl_EnumServicesStatusW.
    
    Guenther

commit 2409f216cfb74079687929d670b8ebc29e54a038
Author: Günther Deschner <gd at samba.org>
Date:   Fri Nov 14 11:36:47 2008 +0100

    s4-smbtorture: add test for svcctl_QueryServiceConfig2W.
    
    Guenther

commit abbd539082022166b7e3a222eb3dc050b3ae7279
Author: Günther Deschner <gd at samba.org>
Date:   Fri Nov 14 11:29:03 2008 +0100

    svcctl: fix idl for svcctl_QueryServiceConfig2W.
    
    Guenther

commit 4e0bbb6e7919212572ba66b8808d8cef1ec3e772
Author: Günther Deschner <gd at samba.org>
Date:   Fri Nov 14 11:26:25 2008 +0100

    svcctl: fix idl for EnumServicesStatusExW.
    
    Guenther

commit c0db253507569804e0cc852a58b5fa9117ebc92e
Author: Günther Deschner <gd at samba.org>
Date:   Fri Nov 14 11:25:30 2008 +0100

    s4-smbtorture: fix test for svcctl_EnumServicesStatusW.
    
    Guenther

commit b43c3a36a7b8950421bd2f4b9c9eea809fd6f0dc
Author: Günther Deschner <gd at samba.org>
Date:   Fri Nov 14 11:24:52 2008 +0100

    s4-smbtorture: add test for svcctl_QueryServiceStatusEx.
    
    Guenther

commit 880e232e7ea57531bd9dcb26f130a174534eea6a
Author: Günther Deschner <gd at samba.org>
Date:   Fri Nov 14 11:24:10 2008 +0100

    svcctl: fix idl for svcctl_QueryServiceStatusEx.
    
    Guenther

commit 2d44f72c337f9877ce5931893914d47c437d205a
Author: Günther Deschner <gd at samba.org>
Date:   Fri Nov 14 10:18:35 2008 +0100

    s4-smbtorture: pure reformatting of svcctl test.
    
    Guenther

-----------------------------------------------------------------------

Summary of changes:
 librpc/idl/svcctl.idl               |   44 ++++---
 source3/include/rpc_svcctl.h        |    8 --
 source3/librpc/gen_ndr/cli_svcctl.c |   36 +++---
 source3/librpc/gen_ndr/cli_svcctl.h |   34 +++---
 source3/librpc/gen_ndr/ndr_svcctl.c |  216 ++++++++++++++++++++++++++---------
 source3/librpc/gen_ndr/ndr_svcctl.h |    1 +
 source3/librpc/gen_ndr/srv_svcctl.c |    6 -
 source3/librpc/gen_ndr/svcctl.h     |   48 +++++----
 source4/torture/rpc/svcctl.c        |  178 ++++++++++++++++++++++++-----
 9 files changed, 397 insertions(+), 174 deletions(-)


Changeset truncated at 500 lines:

diff --git a/librpc/idl/svcctl.idl b/librpc/idl/svcctl.idl
index fa8e109..4b88f5e 100644
--- a/librpc/idl/svcctl.idl
+++ b/librpc/idl/svcctl.idl
@@ -89,13 +89,19 @@ import "misc.idl", "security.idl";
 	/*****************/
 	/* Function 0x01 */
 
-	typedef enum {
-		FIXME=1
+	/* Service Controls */
+
+	typedef [v1_enum] enum {
+		SVCCTL_CONTROL_STOP		= 0x00000001,
+		SVCCTL_CONTROL_PAUSE		= 0x00000002,
+		SVCCTL_CONTROL_CONTINUE		= 0x00000003,
+		SVCCTL_CONTROL_INTERROGATE	= 0x00000004,
+		SVCCTL_CONTROL_SHUTDOWN		= 0x00000005
 	} SERVICE_CONTROL;
 
 	WERROR svcctl_ControlService(
 		[in,ref] policy_handle *handle,
-		[in] uint32 control,
+		[in] SERVICE_CONTROL control,
 		[out,ref] SERVICE_STATUS *service_status
 	);
 
@@ -218,10 +224,10 @@ import "misc.idl", "security.idl";
 		[in,ref] policy_handle *handle,
 		[in] uint32 type,
 		[in] uint32 state,
-		[in] uint32 buf_size,
-		[out,size_is(buf_size)] uint8 service[*],
-		[out,ref] uint32 *bytes_needed,
-		[out,ref] uint32 *services_returned,
+		[out,ref,size_is(buf_size)] uint8 *service,
+		[in] [range(0,262144)] uint32 buf_size,
+		[out,ref] [range(0,262144)] uint32 *bytes_needed,
+		[out,ref] [range(0,262144)] uint32 *services_returned,
 		[in,out,unique] uint32 *resume_handle
 	);
 
@@ -535,9 +541,9 @@ import "misc.idl", "security.idl";
 	WERROR svcctl_QueryServiceConfig2W(
 		[in,ref] policy_handle *handle,
 		[in] uint32 info_level,
-		[out] uint8 buffer[buf_size],
-		[in] uint32 buf_size,
-		[out,ref] uint32 *bytes_needed
+		[out,ref,size_is(buf_size)] uint8 *buffer,
+		[in] [range(0,8192)] uint32 buf_size,
+		[out,ref] [range(0,8192)] uint32 *bytes_needed
 	);
 
 	/*****************/
@@ -545,9 +551,9 @@ import "misc.idl", "security.idl";
 	WERROR svcctl_QueryServiceStatusEx(
 		[in,ref] policy_handle *handle,
 		[in] uint32 info_level,
-		[out] uint8 buffer[buf_size],
-		[in] uint32 buf_size,
-		[out,ref] uint32 *bytes_needed
+		[out,ref,size_is(buf_size)] uint8 *buffer,
+		[in] [range(0,8192)] uint32 buf_size,
+		[out,ref] [range(0,8192)] uint32 *bytes_needed
 	);
 
 	/*****************/
@@ -572,12 +578,12 @@ import "misc.idl", "security.idl";
 		[in] uint32 info_level,
 		[in] uint32 type,
 		[in] uint32 state,
-		[out] uint8 services[buf_size],
-		[in] uint32 buf_size,
-		[out,ref] uint32 *bytes_needed,
-		[out,ref] uint32 *service_returned,
-		[in,out,unique] uint32 *resume_handle,
-		[out,ref] [string,charset(UTF16)] uint16 **group_name
+		[out,ref,size_is(buf_size)] uint8 *services,
+		[in] [range(0,262144)] uint32 buf_size,
+		[out,ref] [range(0,262144)] uint32 *bytes_needed,
+		[out,ref] [range(0,262144)] uint32 *service_returned,
+		[in,out,unique] [range(0,262144)] uint32 *resume_handle,
+		[in,unique] [string,charset(UTF16)] uint16 *group_name
 	);
 
 	/*****************/
diff --git a/source3/include/rpc_svcctl.h b/source3/include/rpc_svcctl.h
index 2785840..7dd849d 100644
--- a/source3/include/rpc_svcctl.h
+++ b/source3/include/rpc_svcctl.h
@@ -103,14 +103,6 @@
 #define SVCCTL_DEMAND_START                        0x00000003
 #define SVCCTL_DISABLED                            0x00000004
 
-/* Service Controls */
-
-#define SVCCTL_CONTROL_STOP			0x00000001
-#define SVCCTL_CONTROL_PAUSE			0x00000002
-#define SVCCTL_CONTROL_CONTINUE			0x00000003
-#define SVCCTL_CONTROL_INTERROGATE		0x00000004
-#define SVCCTL_CONTROL_SHUTDOWN                 0x00000005
-
 #define SVC_HANDLE_IS_SCM			0x0000001
 #define SVC_HANDLE_IS_SERVICE			0x0000002
 #define SVC_HANDLE_IS_DBLOCK			0x0000003
diff --git a/source3/librpc/gen_ndr/cli_svcctl.c b/source3/librpc/gen_ndr/cli_svcctl.c
index e5fd4da..9f11a40 100644
--- a/source3/librpc/gen_ndr/cli_svcctl.c
+++ b/source3/librpc/gen_ndr/cli_svcctl.c
@@ -53,7 +53,7 @@ NTSTATUS rpccli_svcctl_CloseServiceHandle(struct rpc_pipe_client *cli,
 NTSTATUS rpccli_svcctl_ControlService(struct rpc_pipe_client *cli,
 				      TALLOC_CTX *mem_ctx,
 				      struct policy_handle *handle /* [in] [ref] */,
-				      uint32_t control /* [in]  */,
+				      enum SERVICE_CONTROL control /* [in]  */,
 				      struct SERVICE_STATUS *service_status /* [out] [ref] */,
 				      WERROR *werror)
 {
@@ -702,10 +702,10 @@ NTSTATUS rpccli_svcctl_EnumServicesStatusW(struct rpc_pipe_client *cli,
 					   struct policy_handle *handle /* [in] [ref] */,
 					   uint32_t type /* [in]  */,
 					   uint32_t state /* [in]  */,
-					   uint32_t buf_size /* [in]  */,
-					   uint8_t *service /* [out] [size_is(buf_size)] */,
-					   uint32_t *bytes_needed /* [out] [ref] */,
-					   uint32_t *services_returned /* [out] [ref] */,
+					   uint8_t *service /* [out] [ref,size_is(buf_size)] */,
+					   uint32_t buf_size /* [in] [range(0,262144)] */,
+					   uint32_t *bytes_needed /* [out] [ref,range(0,262144)] */,
+					   uint32_t *services_returned /* [out] [ref,range(0,262144)] */,
 					   uint32_t *resume_handle /* [in,out] [unique] */,
 					   WERROR *werror)
 {
@@ -1976,9 +1976,9 @@ NTSTATUS rpccli_svcctl_QueryServiceConfig2W(struct rpc_pipe_client *cli,
 					    TALLOC_CTX *mem_ctx,
 					    struct policy_handle *handle /* [in] [ref] */,
 					    uint32_t info_level /* [in]  */,
-					    uint8_t *buffer /* [out]  */,
-					    uint32_t buf_size /* [in]  */,
-					    uint32_t *bytes_needed /* [out] [ref] */,
+					    uint8_t *buffer /* [out] [ref,size_is(buf_size)] */,
+					    uint32_t buf_size /* [in] [range(0,8192)] */,
+					    uint32_t *bytes_needed /* [out] [ref,range(0,8192)] */,
 					    WERROR *werror)
 {
 	struct svcctl_QueryServiceConfig2W r;
@@ -2027,9 +2027,9 @@ NTSTATUS rpccli_svcctl_QueryServiceStatusEx(struct rpc_pipe_client *cli,
 					    TALLOC_CTX *mem_ctx,
 					    struct policy_handle *handle /* [in] [ref] */,
 					    uint32_t info_level /* [in]  */,
-					    uint8_t *buffer /* [out]  */,
-					    uint32_t buf_size /* [in]  */,
-					    uint32_t *bytes_needed /* [out] [ref] */,
+					    uint8_t *buffer /* [out] [ref,size_is(buf_size)] */,
+					    uint32_t buf_size /* [in] [range(0,8192)] */,
+					    uint32_t *bytes_needed /* [out] [ref,range(0,8192)] */,
 					    WERROR *werror)
 {
 	struct svcctl_QueryServiceStatusEx r;
@@ -2144,12 +2144,12 @@ NTSTATUS rpccli_EnumServicesStatusExW(struct rpc_pipe_client *cli,
 				      uint32_t info_level /* [in]  */,
 				      uint32_t type /* [in]  */,
 				      uint32_t state /* [in]  */,
-				      uint8_t *services /* [out]  */,
-				      uint32_t buf_size /* [in]  */,
-				      uint32_t *bytes_needed /* [out] [ref] */,
-				      uint32_t *service_returned /* [out] [ref] */,
-				      uint32_t *resume_handle /* [in,out] [unique] */,
-				      const char **group_name /* [out] [ref,charset(UTF16)] */,
+				      uint8_t *services /* [out] [ref,size_is(buf_size)] */,
+				      uint32_t buf_size /* [in] [range(0,262144)] */,
+				      uint32_t *bytes_needed /* [out] [ref,range(0,262144)] */,
+				      uint32_t *service_returned /* [out] [ref,range(0,262144)] */,
+				      uint32_t *resume_handle /* [in,out] [unique,range(0,262144)] */,
+				      const char *group_name /* [in] [unique,charset(UTF16)] */,
 				      WERROR *werror)
 {
 	struct EnumServicesStatusExW r;
@@ -2162,6 +2162,7 @@ NTSTATUS rpccli_EnumServicesStatusExW(struct rpc_pipe_client *cli,
 	r.in.state = state;
 	r.in.buf_size = buf_size;
 	r.in.resume_handle = resume_handle;
+	r.in.group_name = group_name;
 
 	if (DEBUGLEVEL >= 10) {
 		NDR_PRINT_IN_DEBUG(EnumServicesStatusExW, &r);
@@ -2192,7 +2193,6 @@ NTSTATUS rpccli_EnumServicesStatusExW(struct rpc_pipe_client *cli,
 	if (resume_handle && r.out.resume_handle) {
 		*resume_handle = *r.out.resume_handle;
 	}
-	*group_name = *r.out.group_name;
 
 	/* Return result */
 	if (werror) {
diff --git a/source3/librpc/gen_ndr/cli_svcctl.h b/source3/librpc/gen_ndr/cli_svcctl.h
index 02abbad..78c9bf4 100644
--- a/source3/librpc/gen_ndr/cli_svcctl.h
+++ b/source3/librpc/gen_ndr/cli_svcctl.h
@@ -8,7 +8,7 @@ NTSTATUS rpccli_svcctl_CloseServiceHandle(struct rpc_pipe_client *cli,
 NTSTATUS rpccli_svcctl_ControlService(struct rpc_pipe_client *cli,
 				      TALLOC_CTX *mem_ctx,
 				      struct policy_handle *handle /* [in] [ref] */,
-				      uint32_t control /* [in]  */,
+				      enum SERVICE_CONTROL control /* [in]  */,
 				      struct SERVICE_STATUS *service_status /* [out] [ref] */,
 				      WERROR *werror);
 NTSTATUS rpccli_svcctl_DeleteService(struct rpc_pipe_client *cli,
@@ -104,10 +104,10 @@ NTSTATUS rpccli_svcctl_EnumServicesStatusW(struct rpc_pipe_client *cli,
 					   struct policy_handle *handle /* [in] [ref] */,
 					   uint32_t type /* [in]  */,
 					   uint32_t state /* [in]  */,
-					   uint32_t buf_size /* [in]  */,
-					   uint8_t *service /* [out] [size_is(buf_size)] */,
-					   uint32_t *bytes_needed /* [out] [ref] */,
-					   uint32_t *services_returned /* [out] [ref] */,
+					   uint8_t *service /* [out] [ref,size_is(buf_size)] */,
+					   uint32_t buf_size /* [in] [range(0,262144)] */,
+					   uint32_t *bytes_needed /* [out] [ref,range(0,262144)] */,
+					   uint32_t *services_returned /* [out] [ref,range(0,262144)] */,
 					   uint32_t *resume_handle /* [in,out] [unique] */,
 					   WERROR *werror);
 NTSTATUS rpccli_svcctl_OpenSCManagerW(struct rpc_pipe_client *cli,
@@ -292,17 +292,17 @@ NTSTATUS rpccli_svcctl_QueryServiceConfig2W(struct rpc_pipe_client *cli,
 					    TALLOC_CTX *mem_ctx,
 					    struct policy_handle *handle /* [in] [ref] */,
 					    uint32_t info_level /* [in]  */,
-					    uint8_t *buffer /* [out]  */,
-					    uint32_t buf_size /* [in]  */,
-					    uint32_t *bytes_needed /* [out] [ref] */,
+					    uint8_t *buffer /* [out] [ref,size_is(buf_size)] */,
+					    uint32_t buf_size /* [in] [range(0,8192)] */,
+					    uint32_t *bytes_needed /* [out] [ref,range(0,8192)] */,
 					    WERROR *werror);
 NTSTATUS rpccli_svcctl_QueryServiceStatusEx(struct rpc_pipe_client *cli,
 					    TALLOC_CTX *mem_ctx,
 					    struct policy_handle *handle /* [in] [ref] */,
 					    uint32_t info_level /* [in]  */,
-					    uint8_t *buffer /* [out]  */,
-					    uint32_t buf_size /* [in]  */,
-					    uint32_t *bytes_needed /* [out] [ref] */,
+					    uint8_t *buffer /* [out] [ref,size_is(buf_size)] */,
+					    uint32_t buf_size /* [in] [range(0,8192)] */,
+					    uint32_t *bytes_needed /* [out] [ref,range(0,8192)] */,
 					    WERROR *werror);
 NTSTATUS rpccli_EnumServicesStatusExA(struct rpc_pipe_client *cli,
 				      TALLOC_CTX *mem_ctx,
@@ -323,12 +323,12 @@ NTSTATUS rpccli_EnumServicesStatusExW(struct rpc_pipe_client *cli,
 				      uint32_t info_level /* [in]  */,
 				      uint32_t type /* [in]  */,
 				      uint32_t state /* [in]  */,
-				      uint8_t *services /* [out]  */,
-				      uint32_t buf_size /* [in]  */,
-				      uint32_t *bytes_needed /* [out] [ref] */,
-				      uint32_t *service_returned /* [out] [ref] */,
-				      uint32_t *resume_handle /* [in,out] [unique] */,
-				      const char **group_name /* [out] [ref,charset(UTF16)] */,
+				      uint8_t *services /* [out] [ref,size_is(buf_size)] */,
+				      uint32_t buf_size /* [in] [range(0,262144)] */,
+				      uint32_t *bytes_needed /* [out] [ref,range(0,262144)] */,
+				      uint32_t *service_returned /* [out] [ref,range(0,262144)] */,
+				      uint32_t *resume_handle /* [in,out] [unique,range(0,262144)] */,
+				      const char *group_name /* [in] [unique,charset(UTF16)] */,
 				      WERROR *werror);
 NTSTATUS rpccli_svcctl_SCSendTSMessage(struct rpc_pipe_client *cli,
 				       TALLOC_CTX *mem_ctx,
diff --git a/source3/librpc/gen_ndr/ndr_svcctl.c b/source3/librpc/gen_ndr/ndr_svcctl.c
index d04c89b..2bccde9 100644
--- a/source3/librpc/gen_ndr/ndr_svcctl.c
+++ b/source3/librpc/gen_ndr/ndr_svcctl.c
@@ -297,6 +297,34 @@ _PUBLIC_ void ndr_print_svcctl_ServerType(struct ndr_print *ndr, const char *nam
 	ndr->depth--;
 }
 
+static enum ndr_err_code ndr_push_SERVICE_CONTROL(struct ndr_push *ndr, int ndr_flags, enum SERVICE_CONTROL r)
+{
+	NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r));
+	return NDR_ERR_SUCCESS;
+}
+
+static enum ndr_err_code ndr_pull_SERVICE_CONTROL(struct ndr_pull *ndr, int ndr_flags, enum SERVICE_CONTROL *r)
+{
+	uint32_t v;
+	NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &v));
+	*r = v;
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_SERVICE_CONTROL(struct ndr_print *ndr, const char *name, enum SERVICE_CONTROL r)
+{
+	const char *val = NULL;
+
+	switch (r) {
+		case SVCCTL_CONTROL_STOP: val = "SVCCTL_CONTROL_STOP"; break;
+		case SVCCTL_CONTROL_PAUSE: val = "SVCCTL_CONTROL_PAUSE"; break;
+		case SVCCTL_CONTROL_CONTINUE: val = "SVCCTL_CONTROL_CONTINUE"; break;
+		case SVCCTL_CONTROL_INTERROGATE: val = "SVCCTL_CONTROL_INTERROGATE"; break;
+		case SVCCTL_CONTROL_SHUTDOWN: val = "SVCCTL_CONTROL_SHUTDOWN"; break;
+	}
+	ndr_print_enum(ndr, name, "ENUM", val, r);
+}
+
 static enum ndr_err_code ndr_push_svcctl_MgrAccessMask(struct ndr_push *ndr, int ndr_flags, uint32_t r)
 {
 	NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r));
@@ -646,7 +674,7 @@ static enum ndr_err_code ndr_push_svcctl_ControlService(struct ndr_push *ndr, in
 			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
 		}
 		NDR_CHECK(ndr_push_policy_handle(ndr, NDR_SCALARS, r->in.handle));
-		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->in.control));
+		NDR_CHECK(ndr_push_SERVICE_CONTROL(ndr, NDR_SCALARS, r->in.control));
 	}
 	if (flags & NDR_OUT) {
 		if (r->out.service_status == NULL) {
@@ -672,7 +700,7 @@ static enum ndr_err_code ndr_pull_svcctl_ControlService(struct ndr_pull *ndr, in
 		NDR_PULL_SET_MEM_CTX(ndr, r->in.handle, LIBNDR_FLAG_REF_ALLOC);
 		NDR_CHECK(ndr_pull_policy_handle(ndr, NDR_SCALARS, r->in.handle));
 		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_handle_0, LIBNDR_FLAG_REF_ALLOC);
-		NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.control));
+		NDR_CHECK(ndr_pull_SERVICE_CONTROL(ndr, NDR_SCALARS, &r->in.control));
 		NDR_PULL_ALLOC(ndr, r->out.service_status);
 		ZERO_STRUCTP(r->out.service_status);
 	}
@@ -703,7 +731,7 @@ _PUBLIC_ void ndr_print_svcctl_ControlService(struct ndr_print *ndr, const char
 		ndr->depth++;
 		ndr_print_policy_handle(ndr, "handle", r->in.handle);
 		ndr->depth--;
-		ndr_print_uint32(ndr, "control", r->in.control);
+		ndr_print_SERVICE_CONTROL(ndr, "control", r->in.control);
 		ndr->depth--;
 	}
 	if (flags & NDR_OUT) {
@@ -2095,6 +2123,9 @@ static enum ndr_err_code ndr_push_svcctl_EnumServicesStatusW(struct ndr_push *nd
 		}
 	}
 	if (flags & NDR_OUT) {
+		if (r->out.service == NULL) {
+			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
+		}
 		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->in.buf_size));
 		NDR_CHECK(ndr_push_array_uint8(ndr, NDR_SCALARS, r->out.service, r->in.buf_size));
 		if (r->out.bytes_needed == NULL) {
@@ -2134,6 +2165,9 @@ static enum ndr_err_code ndr_pull_svcctl_EnumServicesStatusW(struct ndr_pull *nd
 		NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.type));
 		NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.state));
 		NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.buf_size));
+		if (r->in.buf_size < 0 || r->in.buf_size > 262144) {
+			return ndr_pull_error(ndr, NDR_ERR_RANGE, "value out of range");
+		}
 		NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_resume_handle));
 		if (_ptr_resume_handle) {
 			NDR_PULL_ALLOC(ndr, r->in.resume_handle);
@@ -2146,6 +2180,8 @@ static enum ndr_err_code ndr_pull_svcctl_EnumServicesStatusW(struct ndr_pull *nd
 			NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, r->in.resume_handle));
 			NDR_PULL_SET_MEM_CTX(ndr, _mem_save_resume_handle_0, 0);
 		}
+		NDR_PULL_ALLOC_N(ndr, r->out.service, r->in.buf_size);
+		memset(r->out.service, 0, (r->in.buf_size) * sizeof(*r->out.service));
 		NDR_PULL_ALLOC(ndr, r->out.bytes_needed);
 		ZERO_STRUCTP(r->out.bytes_needed);
 		NDR_PULL_ALLOC(ndr, r->out.services_returned);
@@ -2153,7 +2189,9 @@ static enum ndr_err_code ndr_pull_svcctl_EnumServicesStatusW(struct ndr_pull *nd
 	}
 	if (flags & NDR_OUT) {
 		NDR_CHECK(ndr_pull_array_size(ndr, &r->out.service));
-		NDR_PULL_ALLOC_N(ndr, r->out.service, ndr_get_array_size(ndr, &r->out.service));
+		if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
+			NDR_PULL_ALLOC_N(ndr, r->out.service, ndr_get_array_size(ndr, &r->out.service));
+		}
 		NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->out.service, ndr_get_array_size(ndr, &r->out.service)));
 		if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
 			NDR_PULL_ALLOC(ndr, r->out.bytes_needed);
@@ -2161,6 +2199,9 @@ static enum ndr_err_code ndr_pull_svcctl_EnumServicesStatusW(struct ndr_pull *nd
 		_mem_save_bytes_needed_0 = NDR_PULL_GET_MEM_CTX(ndr);
 		NDR_PULL_SET_MEM_CTX(ndr, r->out.bytes_needed, LIBNDR_FLAG_REF_ALLOC);
 		NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, r->out.bytes_needed));
+		if (*r->out.bytes_needed < 0 || *r->out.bytes_needed > 262144) {
+			return ndr_pull_error(ndr, NDR_ERR_RANGE, "value out of range");
+		}
 		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_bytes_needed_0, LIBNDR_FLAG_REF_ALLOC);
 		if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
 			NDR_PULL_ALLOC(ndr, r->out.services_returned);
@@ -2168,6 +2209,9 @@ static enum ndr_err_code ndr_pull_svcctl_EnumServicesStatusW(struct ndr_pull *nd
 		_mem_save_services_returned_0 = NDR_PULL_GET_MEM_CTX(ndr);
 		NDR_PULL_SET_MEM_CTX(ndr, r->out.services_returned, LIBNDR_FLAG_REF_ALLOC);
 		NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, r->out.services_returned));
+		if (*r->out.services_returned < 0 || *r->out.services_returned > 262144) {
+			return ndr_pull_error(ndr, NDR_ERR_RANGE, "value out of range");
+		}
 		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_services_returned_0, LIBNDR_FLAG_REF_ALLOC);
 		NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_resume_handle));
 		if (_ptr_resume_handle) {
@@ -2217,7 +2261,10 @@ _PUBLIC_ void ndr_print_svcctl_EnumServicesStatusW(struct ndr_print *ndr, const
 	if (flags & NDR_OUT) {
 		ndr_print_struct(ndr, "out", "svcctl_EnumServicesStatusW");
 		ndr->depth++;
+		ndr_print_ptr(ndr, "service", r->out.service);
+		ndr->depth++;
 		ndr_print_array_uint8(ndr, "service", r->out.service, r->in.buf_size);
+		ndr->depth--;
 		ndr_print_ptr(ndr, "bytes_needed", r->out.bytes_needed);
 		ndr->depth++;
 		ndr_print_uint32(ndr, "bytes_needed", *r->out.bytes_needed);
@@ -5305,6 +5352,10 @@ static enum ndr_err_code ndr_push_svcctl_QueryServiceConfig2W(struct ndr_push *n
 		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->in.buf_size));
 	}
 	if (flags & NDR_OUT) {
+		if (r->out.buffer == NULL) {
+			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
+		}
+		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->in.buf_size));
 		NDR_CHECK(ndr_push_array_uint8(ndr, NDR_SCALARS, r->out.buffer, r->in.buf_size));
 		if (r->out.bytes_needed == NULL) {
 			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
@@ -5331,20 +5382,34 @@ static enum ndr_err_code ndr_pull_svcctl_QueryServiceConfig2W(struct ndr_pull *n
 		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_handle_0, LIBNDR_FLAG_REF_ALLOC);
 		NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.info_level));
 		NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.buf_size));
+		if (r->in.buf_size < 0 || r->in.buf_size > 8192) {
+			return ndr_pull_error(ndr, NDR_ERR_RANGE, "value out of range");
+		}
+		NDR_PULL_ALLOC_N(ndr, r->out.buffer, r->in.buf_size);
+		memset(r->out.buffer, 0, (r->in.buf_size) * sizeof(*r->out.buffer));
 		NDR_PULL_ALLOC(ndr, r->out.bytes_needed);
 		ZERO_STRUCTP(r->out.bytes_needed);
 	}
 	if (flags & NDR_OUT) {
-		NDR_PULL_ALLOC_N(ndr, r->out.buffer, r->in.buf_size);
-		NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->out.buffer, r->in.buf_size));
+		NDR_CHECK(ndr_pull_array_size(ndr, &r->out.buffer));
+		if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
+			NDR_PULL_ALLOC_N(ndr, r->out.buffer, ndr_get_array_size(ndr, &r->out.buffer));
+		}
+		NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->out.buffer, ndr_get_array_size(ndr, &r->out.buffer)));
 		if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
 			NDR_PULL_ALLOC(ndr, r->out.bytes_needed);
 		}
 		_mem_save_bytes_needed_0 = NDR_PULL_GET_MEM_CTX(ndr);
 		NDR_PULL_SET_MEM_CTX(ndr, r->out.bytes_needed, LIBNDR_FLAG_REF_ALLOC);
 		NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, r->out.bytes_needed));
+		if (*r->out.bytes_needed < 0 || *r->out.bytes_needed > 8192) {
+			return ndr_pull_error(ndr, NDR_ERR_RANGE, "value out of range");
+		}
 		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_bytes_needed_0, LIBNDR_FLAG_REF_ALLOC);
 		NDR_CHECK(ndr_pull_WERROR(ndr, NDR_SCALARS, &r->out.result));
+		if (r->out.buffer) {
+			NDR_CHECK(ndr_check_array_size(ndr, (void*)&r->out.buffer, r->in.buf_size));
+		}
 	}
 	return NDR_ERR_SUCCESS;
 }
@@ -5370,7 +5435,10 @@ _PUBLIC_ void ndr_print_svcctl_QueryServiceConfig2W(struct ndr_print *ndr, const
 	if (flags & NDR_OUT) {
 		ndr_print_struct(ndr, "out", "svcctl_QueryServiceConfig2W");
 		ndr->depth++;
+		ndr_print_ptr(ndr, "buffer", r->out.buffer);
+		ndr->depth++;
 		ndr_print_array_uint8(ndr, "buffer", r->out.buffer, r->in.buf_size);
+		ndr->depth--;
 		ndr_print_ptr(ndr, "bytes_needed", r->out.bytes_needed);
 		ndr->depth++;
 		ndr_print_uint32(ndr, "bytes_needed", *r->out.bytes_needed);
@@ -5392,6 +5460,10 @@ static enum ndr_err_code ndr_push_svcctl_QueryServiceStatusEx(struct ndr_push *n
 		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->in.buf_size));
 	}
 	if (flags & NDR_OUT) {
+		if (r->out.buffer == NULL) {
+			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
+		}
+		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->in.buf_size));
 		NDR_CHECK(ndr_push_array_uint8(ndr, NDR_SCALARS, r->out.buffer, r->in.buf_size));
 		if (r->out.bytes_needed == NULL) {
 			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
@@ -5418,20 +5490,34 @@ static enum ndr_err_code ndr_pull_svcctl_QueryServiceStatusEx(struct ndr_pull *n
 		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_handle_0, LIBNDR_FLAG_REF_ALLOC);
 		NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.info_level));
 		NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.buf_size));
+		if (r->in.buf_size < 0 || r->in.buf_size > 8192) {
+			return ndr_pull_error(ndr, NDR_ERR_RANGE, "value out of range");
+		}
+		NDR_PULL_ALLOC_N(ndr, r->out.buffer, r->in.buf_size);
+		memset(r->out.buffer, 0, (r->in.buf_size) * sizeof(*r->out.buffer));
 		NDR_PULL_ALLOC(ndr, r->out.bytes_needed);
 		ZERO_STRUCTP(r->out.bytes_needed);
 	}
 	if (flags & NDR_OUT) {
-		NDR_PULL_ALLOC_N(ndr, r->out.buffer, r->in.buf_size);
-		NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->out.buffer, r->in.buf_size));
+		NDR_CHECK(ndr_pull_array_size(ndr, &r->out.buffer));
+		if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
+			NDR_PULL_ALLOC_N(ndr, r->out.buffer, ndr_get_array_size(ndr, &r->out.buffer));
+		}
+		NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->out.buffer, ndr_get_array_size(ndr, &r->out.buffer)));
 		if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
 			NDR_PULL_ALLOC(ndr, r->out.bytes_needed);
 		}
 		_mem_save_bytes_needed_0 = NDR_PULL_GET_MEM_CTX(ndr);
 		NDR_PULL_SET_MEM_CTX(ndr, r->out.bytes_needed, LIBNDR_FLAG_REF_ALLOC);
 		NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, r->out.bytes_needed));
+		if (*r->out.bytes_needed < 0 || *r->out.bytes_needed > 8192) {


-- 
Samba Shared Repository


More information about the samba-cvs mailing list