From 4bde42aaa20df0492e45a965ce05d4c20d36a62f Mon Sep 17 00:00:00 2001
From: Rob Shearman <robertshearman@gmail.com>
Date: Fri, 20 Jun 2008 10:15:17 +0100
Subject: [PATCH] rpcrt4: Use abrtitrary pointer identifiers when marshalling
 pointers instead of using pointer values.

This ensures that no information about the server memory layout is
leaked to clients.
---
 dlls/rpcrt4/ndr_marshall.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/dlls/rpcrt4/ndr_marshall.c b/dlls/rpcrt4/ndr_marshall.c
index bdc50986224..15cd2924a96 100644
--- a/dlls/rpcrt4/ndr_marshall.c
+++ b/dlls/rpcrt4/ndr_marshall.c
@@ -110,6 +110,8 @@ WINE_DEFAULT_DEBUG_CHANNEL(ole);
         ERR("buffer overflow %d bytes\n", _Msg->Buffer - ((unsigned char *)_Msg->RpcMsg->Buffer + _Msg->BufferLength)); \
   } while (0)
 
+#define NDR_POINTER_ID_BASE 0x20000
+#define NDR_POINTER_ID(pStubMsg) (NDR_POINTER_ID_BASE + ((pStubMsg)->UniquePtrCount++) * 4)
 #define NDR_TABLE_SIZE 128
 #define NDR_TABLE_MASK 127
 
@@ -1221,7 +1223,7 @@ static void PointerMarshall(PMIDL_STUB_MESSAGE pStubMsg,
       pointer_needs_marshaling = 1;
     else
       pointer_needs_marshaling = 0;
-    pointer_id = (ULONG)Pointer;
+    pointer_id = Pointer ? NDR_POINTER_ID(pStubMsg) : 0;
     TRACE("writing 0x%08x to buffer\n", pointer_id);
     NDR_LOCAL_UINT32_WRITE(Buffer, pointer_id);
     break;
-- 
2.11.4.GIT