From ecb187ff8e6d7d330e617cb9ad4ee42ececc3306 Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Fri, 15 Nov 2019 16:59:12 +1300
Subject: [PATCH] pidl: Generate and consume the switch level token for both
 NDR_SCALARS and NDR_BUFFERS

This means what was previously a list becomes a single variable that
could be passed as a function paraemter, but this is avoided for now
because it would change the ABI and be more intrusive.

Before this, a client could cause a NDR token containing the swith level
to be allocated for each and every element in the array that they
promised they were sending (without having to actually send them).

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13876
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
---
 pidl/lib/Parse/Pidl/Samba4/NDR/Parser.pm | 37 ++++++++++++++++--------
 1 file changed, 25 insertions(+), 12 deletions(-)

diff --git a/pidl/lib/Parse/Pidl/Samba4/NDR/Parser.pm b/pidl/lib/Parse/Pidl/Samba4/NDR/Parser.pm
index 222a8b8c7b4..87cfe4498f6 100644
--- a/pidl/lib/Parse/Pidl/Samba4/NDR/Parser.pm
+++ b/pidl/lib/Parse/Pidl/Samba4/NDR/Parser.pm
@@ -647,8 +647,6 @@ sub ParseElementPushLevel
 				$self->pidl("NDR_CHECK(ndr_push_array_$nl->{DATA_TYPE}($ndr, $ndr_flags, $var_name, $length));");
 				return;
 			} 
-		} elsif ($l->{TYPE} eq "SWITCH") {
-			$self->ParseSwitchPush($e, $l, $ndr, $var_name, $env);
 		} elsif ($l->{TYPE} eq "DATA") {
 			$self->ParseDataPush($e, $l, $ndr, $var_name, $primitives, $deferred);
 		} elsif ($l->{TYPE} eq "TYPEDEF") {
@@ -709,6 +707,14 @@ sub ParseElementPushLevel
 			$self->pidl("}");
 		}
 	} elsif ($l->{TYPE} eq "SWITCH") {
+		my $nl = GetNextLevel($e,$l);
+		my $needs_deferred_switch = is_deferred_switch_non_empty($nl);
+
+		# Avoid setting a switch value if it will not be
+		# consumed again in the NDR_BUFFERS pull
+		if ($needs_deferred_switch or !$deferred) {
+			$self->ParseSwitchPush($e, $l, $ndr, $var_name, $env);
+		}
 		$self->ParseElementPushLevel($e, GetNextLevel($e, $l), $ndr, $var_name, $env, $primitives, $deferred);
 	}
 }
@@ -1174,8 +1180,6 @@ sub ParseElementPullLevel
 			}
 		} elsif ($l->{TYPE} eq "POINTER") {
 			$self->ParsePtrPull($e, $l, $ndr, $var_name);
-		} elsif ($l->{TYPE} eq "SWITCH") {
-			$self->ParseSwitchPull($e, $l, $ndr, $var_name, $env);
 		} elsif ($l->{TYPE} eq "DATA") {
 			$self->ParseDataPull($e, $l, $ndr, $var_name, $primitives, $deferred);
 		} elsif ($l->{TYPE} eq "TYPEDEF") {
@@ -1256,7 +1260,15 @@ sub ParseElementPullLevel
 		$self->ParseMemCtxPullEnd($e, $l, $ndr);
 
 	} elsif ($l->{TYPE} eq "SWITCH") {
-		$self->ParseElementPullLevel($e, GetNextLevel($e,$l), $ndr, $var_name, $env, $primitives, $deferred);
+		my $nl = GetNextLevel($e,$l);
+		my $needs_deferred_switch = is_deferred_switch_non_empty($nl);
+
+		# Avoid setting a switch value if it will not be
+		# consumed again in the NDR_BUFFERS pull
+		if ($needs_deferred_switch or !$deferred) {
+			$self->ParseSwitchPull($e, $l, $ndr, $var_name, $env);
+		}
+		$self->ParseElementPullLevel($e, $nl, $ndr, $var_name, $env, $primitives, $deferred);
 	}
 }
 
@@ -2152,20 +2164,21 @@ sub ParseUnionPull($$$$)
 	$self->pidl("NDR_PULL_CHECK_FLAGS(ndr, ndr_flags);");
 	$self->pidl("if (ndr_flags & NDR_SCALARS) {");
 	$self->indent;
-	if (! $needs_deferred_switch) {
-		$self->pidl("/* This token is not used again */");
-		$self->pidl("level = ndr_pull_steal_switch_value($ndr, $varname);");
-	} else {
-		$self->pidl("level = ndr_pull_get_switch_value($ndr, $varname);");
-	}
+	$self->pidl("/* This token is not used again (except perhaps below in the NDR_BUFFERS case) */");
+	$self->pidl("level = ndr_pull_steal_switch_value($ndr, $varname);");
 	$self->ParseUnionPullPrimitives($e,$ndr,$varname,$switch_type);
 	$self->deindent;
 	$self->pidl("}");
 	if ($needs_deferred_switch) {
 		$self->pidl("if (ndr_flags & NDR_BUFFERS) {");
 		$self->indent;
-		$self->pidl("/* The token is not needed after this. */");
+		# In case we had ndr_flags of NDR_SCALERS|NDR_BUFFERS
+		$self->pidl("if (!(ndr_flags & NDR_SCALARS)) {");
+		$self->indent;
+		$self->pidl("/* We didn't get it above, and the token is not needed after this. */");
 		$self->pidl("level = ndr_pull_steal_switch_value($ndr, $varname);");
+		$self->deindent;
+		$self->pidl("}");
 		$self->ParseUnionPullDeferred($e,$ndr,$varname);
 		$self->deindent;
 		$self->pidl("}");
-- 
2.17.1