From 49fdd2055ca6f68fd32f69e5dd3ee3ce047cc2cb Mon Sep 17 00:00:00 2001
From: =?utf8?q?G=C3=BCnther=20Deschner?= <gd@samba.org>
Date: Wed, 29 Apr 2009 01:49:26 +0200
Subject: [PATCH] svcctl: Fix IDL for svcctl_StartServiceW().

Guenther
(cherry picked from commit a23fb4663df11b237e94683510d282c286bbeed6)
(cherry picked from commit d49e69d49a41d193d6e1dd342c653d9a8bc3b140)
---
 librpc/gen_ndr/cli_svcctl.c |   4 +-
 librpc/gen_ndr/cli_svcctl.h |   4 +-
 librpc/gen_ndr/ndr_svcctl.c | 106 +++++++++++++++++++++++++++++++++++++++-----
 librpc/gen_ndr/ndr_svcctl.h |   1 +
 librpc/gen_ndr/svcctl.h     |  10 ++++-
 librpc/idl/svcctl.idl       |  12 ++++-
 6 files changed, 119 insertions(+), 18 deletions(-)

diff --git a/librpc/gen_ndr/cli_svcctl.c b/librpc/gen_ndr/cli_svcctl.c
index f6cedfbc7cf..a95a4e72f71 100644
--- a/librpc/gen_ndr/cli_svcctl.c
+++ b/librpc/gen_ndr/cli_svcctl.c
@@ -956,8 +956,8 @@ NTSTATUS rpccli_svcctl_QueryServiceLockStatusW(struct rpc_pipe_client *cli,
 NTSTATUS rpccli_svcctl_StartServiceW(struct rpc_pipe_client *cli,
 				     TALLOC_CTX *mem_ctx,
 				     struct policy_handle *handle /* [in] [ref] */,
-				     uint32_t NumArgs /* [in]  */,
-				     const char *Arguments /* [in] [unique,charset(UTF16)] */,
+				     uint32_t NumArgs /* [in] [range(0,SC_MAX_ARGUMENTS)] */,
+				     struct svcctl_ArgumentString *Arguments /* [in] [unique,size_is(NumArgs)] */,
 				     WERROR *werror)
 {
 	struct svcctl_StartServiceW r;
diff --git a/librpc/gen_ndr/cli_svcctl.h b/librpc/gen_ndr/cli_svcctl.h
index c656eba530f..fcfb219d388 100644
--- a/librpc/gen_ndr/cli_svcctl.h
+++ b/librpc/gen_ndr/cli_svcctl.h
@@ -141,8 +141,8 @@ NTSTATUS rpccli_svcctl_QueryServiceLockStatusW(struct rpc_pipe_client *cli,
 NTSTATUS rpccli_svcctl_StartServiceW(struct rpc_pipe_client *cli,
 				     TALLOC_CTX *mem_ctx,
 				     struct policy_handle *handle /* [in] [ref] */,
-				     uint32_t NumArgs /* [in]  */,
-				     const char *Arguments /* [in] [unique,charset(UTF16)] */,
+				     uint32_t NumArgs /* [in] [range(0,SC_MAX_ARGUMENTS)] */,
+				     struct svcctl_ArgumentString *Arguments /* [in] [unique,size_is(NumArgs)] */,
 				     WERROR *werror);
 NTSTATUS rpccli_svcctl_GetServiceDisplayNameW(struct rpc_pipe_client *cli,
 					      TALLOC_CTX *mem_ctx,
diff --git a/librpc/gen_ndr/ndr_svcctl.c b/librpc/gen_ndr/ndr_svcctl.c
index ee828ee49d2..1770e1f0baf 100644
--- a/librpc/gen_ndr/ndr_svcctl.c
+++ b/librpc/gen_ndr/ndr_svcctl.c
@@ -907,6 +907,66 @@ _PUBLIC_ size_t ndr_size_QUERY_SERVICE_CONFIG(const struct QUERY_SERVICE_CONFIG
 	return ndr_size_struct(r, flags, (ndr_push_flags_fn_t)ndr_push_QUERY_SERVICE_CONFIG, ic);
 }
 
+static enum ndr_err_code ndr_push_svcctl_ArgumentString(struct ndr_push *ndr, int ndr_flags, const struct svcctl_ArgumentString *r)
+{
+	if (ndr_flags & NDR_SCALARS) {
+		NDR_CHECK(ndr_push_align(ndr, 4));
+		NDR_CHECK(ndr_push_unique_ptr(ndr, r->string));
+	}
+	if (ndr_flags & NDR_BUFFERS) {
+		if (r->string) {
+			NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, ndr_charset_length(r->string, CH_UTF16)));
+			NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, 0));
+			NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, ndr_charset_length(r->string, CH_UTF16)));
+			NDR_CHECK(ndr_push_charset(ndr, NDR_SCALARS, r->string, ndr_charset_length(r->string, CH_UTF16), sizeof(uint16_t), CH_UTF16));
+		}
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+static enum ndr_err_code ndr_pull_svcctl_ArgumentString(struct ndr_pull *ndr, int ndr_flags, struct svcctl_ArgumentString *r)
+{
+	uint32_t _ptr_string;
+	TALLOC_CTX *_mem_save_string_0;
+	if (ndr_flags & NDR_SCALARS) {
+		NDR_CHECK(ndr_pull_align(ndr, 4));
+		NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_string));
+		if (_ptr_string) {
+			NDR_PULL_ALLOC(ndr, r->string);
+		} else {
+			r->string = NULL;
+		}
+	}
+	if (ndr_flags & NDR_BUFFERS) {
+		if (r->string) {
+			_mem_save_string_0 = NDR_PULL_GET_MEM_CTX(ndr);
+			NDR_PULL_SET_MEM_CTX(ndr, r->string, 0);
+			NDR_CHECK(ndr_pull_array_size(ndr, &r->string));
+			NDR_CHECK(ndr_pull_array_length(ndr, &r->string));
+			if (ndr_get_array_length(ndr, &r->string) > ndr_get_array_size(ndr, &r->string)) {
+				return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->string), ndr_get_array_length(ndr, &r->string));
+			}
+			NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->string), sizeof(uint16_t)));
+			NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->string, ndr_get_array_length(ndr, &r->string), sizeof(uint16_t), CH_UTF16));
+			NDR_PULL_SET_MEM_CTX(ndr, _mem_save_string_0, 0);
+		}
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_svcctl_ArgumentString(struct ndr_print *ndr, const char *name, const struct svcctl_ArgumentString *r)
+{
+	ndr_print_struct(ndr, name, "svcctl_ArgumentString");
+	ndr->depth++;
+	ndr_print_ptr(ndr, "string", r->string);
+	ndr->depth++;
+	if (r->string) {
+		ndr_print_string(ndr, "string", r->string);
+	}
+	ndr->depth--;
+	ndr->depth--;
+}
+
 static enum ndr_err_code ndr_push_svcctl_ConfigLevel(struct ndr_push *ndr, int ndr_flags, enum svcctl_ConfigLevel r)
 {
 	NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r));
@@ -3415,6 +3475,7 @@ _PUBLIC_ void ndr_print_svcctl_QueryServiceLockStatusW(struct ndr_print *ndr, co
 
 static enum ndr_err_code ndr_push_svcctl_StartServiceW(struct ndr_push *ndr, int flags, const struct svcctl_StartServiceW *r)
 {
+	uint32_t cntr_Arguments_1;
 	if (flags & NDR_IN) {
 		if (r->in.handle == NULL) {
 			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
@@ -3423,10 +3484,13 @@ static enum ndr_err_code ndr_push_svcctl_StartServiceW(struct ndr_push *ndr, int
 		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->in.NumArgs));
 		NDR_CHECK(ndr_push_unique_ptr(ndr, r->in.Arguments));
 		if (r->in.Arguments) {
-			NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, ndr_charset_length(r->in.Arguments, CH_UTF16)));
-			NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, 0));
-			NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, ndr_charset_length(r->in.Arguments, CH_UTF16)));
-			NDR_CHECK(ndr_push_charset(ndr, NDR_SCALARS, r->in.Arguments, ndr_charset_length(r->in.Arguments, CH_UTF16), sizeof(uint16_t), CH_UTF16));
+			NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->in.NumArgs));
+			for (cntr_Arguments_1 = 0; cntr_Arguments_1 < r->in.NumArgs; cntr_Arguments_1++) {
+				NDR_CHECK(ndr_push_svcctl_ArgumentString(ndr, NDR_SCALARS, &r->in.Arguments[cntr_Arguments_1]));
+			}
+			for (cntr_Arguments_1 = 0; cntr_Arguments_1 < r->in.NumArgs; cntr_Arguments_1++) {
+				NDR_CHECK(ndr_push_svcctl_ArgumentString(ndr, NDR_BUFFERS, &r->in.Arguments[cntr_Arguments_1]));
+			}
 		}
 	}
 	if (flags & NDR_OUT) {
@@ -3438,8 +3502,10 @@ static enum ndr_err_code ndr_push_svcctl_StartServiceW(struct ndr_push *ndr, int
 static enum ndr_err_code ndr_pull_svcctl_StartServiceW(struct ndr_pull *ndr, int flags, struct svcctl_StartServiceW *r)
 {
 	uint32_t _ptr_Arguments;
+	uint32_t cntr_Arguments_1;
 	TALLOC_CTX *_mem_save_handle_0;
 	TALLOC_CTX *_mem_save_Arguments_0;
+	TALLOC_CTX *_mem_save_Arguments_1;
 	if (flags & NDR_IN) {
 		if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
 			NDR_PULL_ALLOC(ndr, r->in.handle);
@@ -3449,6 +3515,9 @@ static enum ndr_err_code ndr_pull_svcctl_StartServiceW(struct ndr_pull *ndr, int
 		NDR_CHECK(ndr_pull_policy_handle(ndr, NDR_SCALARS, r->in.handle));
 		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_handle_0, LIBNDR_FLAG_REF_ALLOC);
 		NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.NumArgs));
+		if (r->in.NumArgs > SC_MAX_ARGUMENTS) {
+			return ndr_pull_error(ndr, NDR_ERR_RANGE, "value out of range");
+		}
 		NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_Arguments));
 		if (_ptr_Arguments) {
 			NDR_PULL_ALLOC(ndr, r->in.Arguments);
@@ -3459,14 +3528,21 @@ static enum ndr_err_code ndr_pull_svcctl_StartServiceW(struct ndr_pull *ndr, int
 			_mem_save_Arguments_0 = NDR_PULL_GET_MEM_CTX(ndr);
 			NDR_PULL_SET_MEM_CTX(ndr, r->in.Arguments, 0);
 			NDR_CHECK(ndr_pull_array_size(ndr, &r->in.Arguments));
-			NDR_CHECK(ndr_pull_array_length(ndr, &r->in.Arguments));
-			if (ndr_get_array_length(ndr, &r->in.Arguments) > ndr_get_array_size(ndr, &r->in.Arguments)) {
-				return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.Arguments), ndr_get_array_length(ndr, &r->in.Arguments));
+			NDR_PULL_ALLOC_N(ndr, r->in.Arguments, ndr_get_array_size(ndr, &r->in.Arguments));
+			_mem_save_Arguments_1 = NDR_PULL_GET_MEM_CTX(ndr);
+			NDR_PULL_SET_MEM_CTX(ndr, r->in.Arguments, 0);
+			for (cntr_Arguments_1 = 0; cntr_Arguments_1 < r->in.NumArgs; cntr_Arguments_1++) {
+				NDR_CHECK(ndr_pull_svcctl_ArgumentString(ndr, NDR_SCALARS, &r->in.Arguments[cntr_Arguments_1]));
 			}
-			NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.Arguments), sizeof(uint16_t)));
-			NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.Arguments, ndr_get_array_length(ndr, &r->in.Arguments), sizeof(uint16_t), CH_UTF16));
+			for (cntr_Arguments_1 = 0; cntr_Arguments_1 < r->in.NumArgs; cntr_Arguments_1++) {
+				NDR_CHECK(ndr_pull_svcctl_ArgumentString(ndr, NDR_BUFFERS, &r->in.Arguments[cntr_Arguments_1]));
+			}
+			NDR_PULL_SET_MEM_CTX(ndr, _mem_save_Arguments_1, 0);
 			NDR_PULL_SET_MEM_CTX(ndr, _mem_save_Arguments_0, 0);
 		}
+		if (r->in.Arguments) {
+			NDR_CHECK(ndr_check_array_size(ndr, (void*)&r->in.Arguments, r->in.NumArgs));
+		}
 	}
 	if (flags & NDR_OUT) {
 		NDR_CHECK(ndr_pull_WERROR(ndr, NDR_SCALARS, &r->out.result));
@@ -3476,6 +3552,7 @@ static enum ndr_err_code ndr_pull_svcctl_StartServiceW(struct ndr_pull *ndr, int
 
 _PUBLIC_ void ndr_print_svcctl_StartServiceW(struct ndr_print *ndr, const char *name, int flags, const struct svcctl_StartServiceW *r)
 {
+	uint32_t cntr_Arguments_1;
 	ndr_print_struct(ndr, name, "svcctl_StartServiceW");
 	ndr->depth++;
 	if (flags & NDR_SET_VALUES) {
@@ -3492,7 +3569,16 @@ _PUBLIC_ void ndr_print_svcctl_StartServiceW(struct ndr_print *ndr, const char *
 		ndr_print_ptr(ndr, "Arguments", r->in.Arguments);
 		ndr->depth++;
 		if (r->in.Arguments) {
-			ndr_print_string(ndr, "Arguments", r->in.Arguments);
+			ndr->print(ndr, "%s: ARRAY(%d)", "Arguments", (int)r->in.NumArgs);
+			ndr->depth++;
+			for (cntr_Arguments_1=0;cntr_Arguments_1<r->in.NumArgs;cntr_Arguments_1++) {
+				char *idx_1=NULL;
+				if (asprintf(&idx_1, "[%d]", cntr_Arguments_1) != -1) {
+					ndr_print_svcctl_ArgumentString(ndr, "Arguments", &r->in.Arguments[cntr_Arguments_1]);
+					free(idx_1);
+				}
+			}
+			ndr->depth--;
 		}
 		ndr->depth--;
 		ndr->depth--;
diff --git a/librpc/gen_ndr/ndr_svcctl.h b/librpc/gen_ndr/ndr_svcctl.h
index 902565d2956..6e765d8b8c7 100644
--- a/librpc/gen_ndr/ndr_svcctl.h
+++ b/librpc/gen_ndr/ndr_svcctl.h
@@ -129,6 +129,7 @@ enum ndr_err_code ndr_push_QUERY_SERVICE_CONFIG(struct ndr_push *ndr, int ndr_fl
 enum ndr_err_code ndr_pull_QUERY_SERVICE_CONFIG(struct ndr_pull *ndr, int ndr_flags, struct QUERY_SERVICE_CONFIG *r);
 void ndr_print_QUERY_SERVICE_CONFIG(struct ndr_print *ndr, const char *name, const struct QUERY_SERVICE_CONFIG *r);
 size_t ndr_size_QUERY_SERVICE_CONFIG(const struct QUERY_SERVICE_CONFIG *r, struct smb_iconv_convenience *ic, int flags);
+void ndr_print_svcctl_ArgumentString(struct ndr_print *ndr, const char *name, const struct svcctl_ArgumentString *r);
 void ndr_print_svcctl_ConfigLevel(struct ndr_print *ndr, const char *name, enum svcctl_ConfigLevel r);
 enum ndr_err_code ndr_push_SERVICE_DESCRIPTION(struct ndr_push *ndr, int ndr_flags, const struct SERVICE_DESCRIPTION *r);
 enum ndr_err_code ndr_pull_SERVICE_DESCRIPTION(struct ndr_pull *ndr, int ndr_flags, struct SERVICE_DESCRIPTION *r);
diff --git a/librpc/gen_ndr/svcctl.h b/librpc/gen_ndr/svcctl.h
index c0daab43d5f..eb48fa0d4fc 100644
--- a/librpc/gen_ndr/svcctl.h
+++ b/librpc/gen_ndr/svcctl.h
@@ -28,6 +28,8 @@
 #define SERVICE_EXECUTE_ACCESS	( (SERVICE_READ_ACCESS|SC_RIGHT_SVC_START|SC_RIGHT_SVC_STOP|SC_RIGHT_SVC_PAUSE_CONTINUE) )
 #define SERVICE_WRITE_ACCESS	( (SEC_STD_REQUIRED|SERVICE_READ_ACCESS|SERVICE_EXECUTE_ACCESS|SC_RIGHT_SVC_CHANGE_CONFIG) )
 #define SERVICE_ALL_ACCESS	( SERVICE_WRITE_ACCESS )
+#define SC_MAX_ARGUMENT_LENGTH	( 1024 )
+#define SC_MAX_ARGUMENTS	( 1024 )
 struct SERVICE_LOCK_STATUS {
 	uint32_t is_locked;
 	const char *lock_owner;/* [unique,charset(UTF16)] */
@@ -226,6 +228,10 @@ struct QUERY_SERVICE_CONFIG {
 	const char *displayname;/* [unique,range(0,8192),charset(UTF16)] */
 }/* [gensize,public] */;
 
+struct svcctl_ArgumentString {
+	const char *string;/* [unique,range(0,SC_MAX_ARGUMENT_LENGTH),charset(UTF16)] */
+};
+
 enum svcctl_ConfigLevel
 #ifndef USE_UINT_ENUMS
  {
@@ -575,8 +581,8 @@ struct svcctl_QueryServiceLockStatusW {
 struct svcctl_StartServiceW {
 	struct {
 		struct policy_handle *handle;/* [ref] */
-		uint32_t NumArgs;
-		const char *Arguments;/* [unique,charset(UTF16)] */
+		uint32_t NumArgs;/* [range(0,SC_MAX_ARGUMENTS)] */
+		struct svcctl_ArgumentString *Arguments;/* [unique,size_is(NumArgs)] */
 	} in;
 
 	struct {
diff --git a/librpc/idl/svcctl.idl b/librpc/idl/svcctl.idl
index a5685e8ae38..19866d273f4 100644
--- a/librpc/idl/svcctl.idl
+++ b/librpc/idl/svcctl.idl
@@ -404,10 +404,18 @@ import "misc.idl", "security.idl";
 
 	/*****************/
 	/* Function 0x13 */
+
+	const int SC_MAX_ARGUMENT_LENGTH = 1024;
+	const int SC_MAX_ARGUMENTS = 1024;
+
+	typedef struct {
+		[string,charset(UTF16),range(0,SC_MAX_ARGUMENT_LENGTH)] uint16 *string;
+	} svcctl_ArgumentString;
+
 	WERROR svcctl_StartServiceW(
 		[in,ref] policy_handle *handle,
-		[in] uint32 NumArgs,
-		[in,unique/*FIXME:,length_is(NumArgs)*/] [string,charset(UTF16)] uint16 *Arguments
+		[in,range(0,SC_MAX_ARGUMENTS)] uint32 NumArgs,
+		[in,unique,size_is(NumArgs)] svcctl_ArgumentString *Arguments
 	);
 
 	/*****************/
-- 
2.11.4.GIT