Author: tridge Date: 2005-08-16 23:19:17 +0000 (Tue, 16 Aug 2005) New Revision: 9335
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=9335 Log: only copy the in side of an array to the out side of an array when the array is a [ref] pointer. For non-ref arrays it is quite valid for a server to return a larger response array then the client gave (as can happen with winreg) in which case this memcpy() will fault. Modified: branches/SAMBA_4_0/source/build/pidl/Parse/Pidl/Samba/NDR/Parser.pm Changeset: Modified: branches/SAMBA_4_0/source/build/pidl/Parse/Pidl/Samba/NDR/Parser.pm =================================================================== --- branches/SAMBA_4_0/source/build/pidl/Parse/Pidl/Samba/NDR/Parser.pm 2005-08-16 22:29:46 UTC (rev 9334) +++ branches/SAMBA_4_0/source/build/pidl/Parse/Pidl/Samba/NDR/Parser.pm 2005-08-16 23:19:17 UTC (rev 9335) @@ -1812,7 +1812,8 @@ } if (grep(/in/,@{$e->{DIRECTION}}) and - grep(/out/,@{$e->{DIRECTION}})) { + grep(/out/,@{$e->{DIRECTION}}) and + $pl->{POINTER_TYPE} eq "ref") { pidl "memcpy(r->out.$e->{NAME},r->in.$e->{NAME},$size * sizeof(*r->in.$e->{NAME}));"; } }