pidl/NDR/Parser: use ParseArrayPullGetLength() to get the number of array elements...

An anonymous researcher and Brian Gorenc (HP DVLabs) working
with HP's Zero Day Initiative program have found this and notified us.

metze

diff --git a/pidl/lib/Parse/Pidl/Samba4/NDR/Parser.pm b/pidl/lib/Parse/Pidl/Samba4/NDR/Parser.pm
index f2d74013ea5d831262bdb73c4b3a2226d66d4c82..77223b63916d120d680aafa1af9546bed43217d1 100644 (file)
--- a/pidl/lib/Parse/Pidl/Samba4/NDR/Parser.pm
+++ b/pidl/lib/Parse/Pidl/Samba4/NDR/Parser.pm
@@ -1111,14 +1111,10 @@ sub ParseElementPullLevel
                }
        } elsif ($l->{TYPE} eq "ARRAY" and 
                        not has_fast_array($e,$l) and not is_charset_array($e, $l)) {
-               my $length = ParseExpr($l->{LENGTH_IS}, $env, $e->{ORIGINAL});
+               my $length = $self->ParseArrayPullGetLength($e, $l, $ndr, $var_name, $env);
                my $counter = "cntr_$e->{NAME}_$l->{LEVEL_INDEX}";
                my $array_name = $var_name;
 
-               if ($l->{IS_VARYING}) {
-                       $length = "ndr_get_array_length($ndr, " . get_pointer_to($var_name) .")";
-               }
-
                if (my $range = has_property($e, "range")) {
                        my ($low, $high) = split(/,/, $range, 2);
                        if ($low < 0) {