Bug 14067 - crash in security.descriptor().dacl_add(1): need real python types
Summary: crash in security.descriptor().dacl_add(1): need real python types
Status: NEW
Alias: None
Product: Samba 4.1 and newer
Classification: Unclassified
Component: Python (show other bugs)
Version: unspecified
Hardware: All All
: P5 normal (vote)
Target Milestone: ---
Assignee: Douglas Bagnall
QA Contact: Samba QA Contact
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2019-08-04 10:48 UTC by Douglas Bagnall
Modified: 2019-08-05 22:31 UTC (History)
0 users

See Also:


Attachments
patch that shifts the problem, avoiding the crash but defeating legitimate use (1.25 KB, patch)
2019-08-04 10:48 UTC, Douglas Bagnall
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description Douglas Bagnall 2019-08-04 10:48:41 UTC
Created attachment 15372 [details]
patch that shifts the problem, avoiding the crash but defeating legitimate use

This is tricky to fix.

The crash happens with something like this:

python3 -c'from samba.dcerpc import security;security.descriptor().dacl_add(1)'

because dacl_add() just assumes its argument is of the right type. But we 
can't use pytalloc_get_type() because the object is often not a talloc object
 -- it is an offset into a talloced array. Specifically, struct security_acl has

 	uint32_t num_aces;
	struct security_ace *aces;

not "struct security_ace **aces", which we would need to have a talloc type
for each.


We need a means of specifying a python type for an object that doesn't rely on it
a talloc name.
Comment 1 Douglas Bagnall 2019-08-05 22:31:03 UTC
A simple along these lines:

   	ace = pytalloc_get_ptr(py_ace);
+	if (ace == NULL) { }

fixes the segfault when python is fed a non-talloc object where it expected a talloc one, but does not ensure it is the right kind of talloc object.