diff options
author | Andrew Bartlett <abartlet@samba.org> | 2015-07-30 14:28:48 +1200 |
---|---|---|
committer | Stefan Metzmacher <metze@samba.org> | 2015-09-03 09:11:35 +0200 |
commit | 429db9527866fea464f4f1f7b06107c28e2ef30d (patch) | |
tree | 386485adc927101aeda01817c01d6905beef1100 | |
parent | 1e432b9fd4796474888d66c30614ec5a8ae2059b (diff) | |
download | samba-429db9527866fea464f4f1f7b06107c28e2ef30d.tar.gz |
pidl: Assert that python arrays will not overflow the C array
We do not write network services in Python, so this is not a security issue, but would cause
a crash or other odd behaviour if the length was changed
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11430
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit e3cf25bdc04795f884fe2a4ce0605d5175b45e93)
-rw-r--r-- | pidl/lib/Parse/Pidl/Samba4/Python.pm | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/pidl/lib/Parse/Pidl/Samba4/Python.pm b/pidl/lib/Parse/Pidl/Samba4/Python.pm index a84c6f6ba1e..ad9ff88fd58 100644 --- a/pidl/lib/Parse/Pidl/Samba4/Python.pm +++ b/pidl/lib/Parse/Pidl/Samba4/Python.pm @@ -1223,6 +1223,13 @@ sub ConvertObjectFromPythonLevel($$$$$$$$) $self->pidl("$var_name = talloc_array_ptrtype($mem_ctx, $var_name, PyList_GET_SIZE($py_var));"); $self->pidl("if (!$var_name) { $fail; }"); $self->pidl("talloc_set_name_const($var_name, \"ARRAY: $var_name\");"); + } else { + $self->pidl("if (ARRAY_SIZE($var_name) != PyList_GET_SIZE($py_var)) {"); + $self->indent; + $self->pidl("PyErr_Format(PyExc_TypeError, \"Expected list of type %s, length %zu, got %zd\", Py_TYPE($py_var)->tp_name, ARRAY_SIZE($var_name), PyList_GET_SIZE($py_var));"); + $self->pidl("$fail"); + $self->deindent; + $self->pidl("}"); } $self->pidl("for ($counter = 0; $counter < PyList_GET_SIZE($py_var); $counter++) {"); $self->indent; |