tridge at tridge at
Thu Aug 11 16:08:11 GMT 2005


I've hit a problem with ParseArrayPullHeader() in PIDL and the winreg
pipe. The EnumValue() call looks like this:

	WERROR winreg_EnumValue(
		[in,ref]        policy_handle *handle,
		[in]            uint32 enum_index,
		[in,out,ref]    winreg_StringBuf *name,
		[in,out,unique] uint32 *type,
		[in,out,unique,size_is(*size),length_is(*length)] uint8 *value,
		[in,out,unique] uint32 *size,
		[in,out,unique] uint32 *length

the problem is that the size_is() and length_is() elements appear
before the elements they reference. This means that the
ndr_check_array_size() and ndr_check_array_length() checks in
ParseArrayPullHeader() always fail, as they check the size and length
against variables that have not been parsed yet.

In an earlier version of PIDL I think we had it arranged so that the
array size and length checks were done at the end of the whole
structure (or the function in this case). Can that be made to fit with
the new code?

Cheers, Tridge

More information about the samba-technical mailing list