witness.idl: Change array type in IDL for the print function

It is important that the generated print function checks r->messages
before de-referencing r->messages[num] as r->num can be non-zero
while r->messages is NULL.

There is not witness server in Samba and print functions are only
used during debugging and ndrdump in any case.

The change in the IDL does not change the header and the IDL
function is already nopull,nopush so only the print function changes.

Found by Douglas Bagnall using Honggfuzz and a new fuzzer for
Samba's NDR layer.

Signed-off-by: Andrew Bartlett <[email protected]>
Reviewed-by: Andreas Schneider <[email protected]>

Author: abartlet

Diff for: librpc/idl/witness.idl

@@ -123,7 +123,7 @@ interface witness
 		witness_notifyResponse_type type;
 		[value(ndr_size_witness_notifyResponse(r, ndr->flags)-20)] uint32 length;
 		uint32 num;
-		[subcontext(4), subcontext_size(length), flag(NDR_REMAINING), switch_is(type)] witness_notifyResponse_message messages[num];
+	        [subcontext(4), subcontext_size(length), flag(NDR_REMAINING), switch_is(type), size_is(num)] witness_notifyResponse_message *messages;
 	} witness_notifyResponse;
 
 	[public] WERROR witness_AsyncNotify(