Patch wrong UNICODE_STRING in [MS-NRPC] (reported)

Author: gpotter2

midl-to-scapy/idl/patches/ms-nrpc.patch

@@ -0,0 +1,13 @@
+diff --git a/midl-to-scapy/idl/win/ms-nrpc.idl b/midl-to-scapy/idl/win/ms-nrpc.idl
+index b00daf8..84bc88e 100644
+--- a/midl-to-scapy/idl/win/ms-nrpc.idl
++++ b/midl-to-scapy/idl/win/ms-nrpc.idl
+@@ -18,7 +18,7 @@
+     typedef struct _UNICODE_STRING {
+            USHORT Length;
+            USHORT MaximumLength;
+-           PWSTR  Buffer;
++           [size_is(MaximumLength/2), length_is(Length/2)] PWSTR  Buffer;
+     } UNICODE_STRING, * PUNICODE_STRING;
+   
+     typedef struct _OLD_LARGE_INTEGER {

midl-to-scapy/idl/win/ms-nrpc.idl

@@ -18,7 +18,7 @@
     typedef struct _UNICODE_STRING {
            USHORT Length;
            USHORT MaximumLength;
-           PWSTR  Buffer;
+           [size_is(MaximumLength/2), length_is(Length/2)] PWSTR  Buffer;
     } UNICODE_STRING, * PUNICODE_STRING;
 
     typedef struct _OLD_LARGE_INTEGER {

scapy-rpc/msrpcs/ms_nrpc.py

@@ -23,6 +23,7 @@
     NDRConfPacketListField,
     NDRConfStrLenField,
     NDRConfVarStrLenField,
+    NDRConfVarStrLenFieldUtf16,
     NDRConfVarStrNullField,
     NDRConfVarStrNullFieldUtf16,
     NDRFieldListField,
@@ -131,9 +132,18 @@ class NETLOGON_LOGON_INFO_CLASS(IntEnum):
 class UNICODE_STRING(NDRPacket):
     ALIGNMENT = (4, 8)
     fields_desc = [
-        NDRShortField("Length", 0),
-        NDRShortField("MaximumLength", 0),
-        NDRFullEmbPointerField(NDRShortField("Buffer", 0)),
+        NDRShortField("Length", None, size_of="Buffer", adjust=lambda _, x: (x * 2)),
+        NDRShortField(
+            "MaximumLength", None, size_of="Buffer", adjust=lambda _, x: (x * 2)
+        ),
+        NDRFullEmbPointerField(
+            NDRConfVarStrLenFieldUtf16(
+                "Buffer",
+                "",
+                size_is=lambda pkt: (pkt.MaximumLength // 2),
+                length_is=lambda pkt: (pkt.Length // 2),
+            )
+        ),
     ]
 
 
@@ -1455,9 +1465,18 @@ class PNETLOGON_DELTA_POLICY(NDRPacket):
 class PUNICODE_STRING(NDRPacket):
     ALIGNMENT = (4, 8)
     fields_desc = [
-        NDRShortField("Length", 0),
-        NDRShortField("MaximumLength", 0),
-        NDRFullEmbPointerField(NDRShortField("Buffer", 0)),
+        NDRShortField("Length", None, size_of="Buffer", adjust=lambda _, x: (x * 2)),
+        NDRShortField(
+            "MaximumLength", None, size_of="Buffer", adjust=lambda _, x: (x * 2)
+        ),
+        NDRFullEmbPointerField(
+            NDRConfVarStrLenFieldUtf16(
+                "Buffer",
+                "",
+                size_is=lambda pkt: (pkt.MaximumLength // 2),
+                length_is=lambda pkt: (pkt.Length // 2),
+            )
+        ),
     ]