Bug 6723 - Python bindings for samba produce a segfault with as_sddl
Summary: Python bindings for samba produce a segfault with as_sddl
Status: RESOLVED FIXED
Alias: None
Product: Samba 4.0
Classification: Unclassified
Component: Tools (show other bugs)
Version: unspecified
Hardware: Other Linux
: P3 normal (vote)
Target Milestone: ---
Assignee: Jelmer Vernooij
QA Contact: Matthias Dieter Wallnöfer
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2009-09-14 09:20 UTC by Matthieu Patou
Modified: 2009-09-18 07:16 UTC (History)
0 users

See Also:


Attachments
Test case for this bug (1.51 KB, text/x-python)
2009-09-14 09:20 UTC, Matthieu Patou
no flags Details
Patch for the pb (2.79 KB, patch)
2009-09-17 10:59 UTC, Matthieu Patou
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description Matthieu Patou 2009-09-14 09:20:28 UTC
Calling as_sddl with a bad parameter type produce a segfault

Program received signal SIGSEGV, Segmentation fault.
0xb4989012 in dom_sid_in_domain (domain_sid=0x4b79f19c, sid=0x89f08a8) at ../libcli/security/dom_sid.c:268
268		if (domain_sid->num_auths > sid->num_auths) {
(gdb) bt
#0  0xb4989012 in dom_sid_in_domain (domain_sid=0x4b79f19c, sid=0x89f08a8) at ../libcli/security/dom_sid.c:268
#1  0xb49882b0 in sddl_encode_sid (mem_ctx=0x89f0a88, sid=0x89f08a8, domain_sid=0x4b79f19c) at libcli/security/sddl.c:468
#2  0xb498877d in sddl_encode (mem_ctx=0x0, sd=0x89f07f8, domain_sid=0x4b79f19c) at libcli/security/sddl.c:586
#3  0xb442a720 in py_descriptor_as_sddl (self=0xb7d73360, args=0xb7c508cc) at ./librpc/ndr/py_security.c:206
#4  0x080de562 in PyEval_EvalFrameEx ()
#5  0x080e00b8 in PyEval_EvalCodeEx ()
#6  0x080e0217 in PyEval_EvalCode ()
#7  0x080fe0e1 in PyRun_FileExFlags ()
#8  0x080fe43a in PyRun_SimpleFileExFlags ()
#9  0x0805c882 in Py_Main ()
#10 0x0805b972 in main ()
Comment 1 Matthieu Patou 2009-09-14 09:20:46 UTC
Created attachment 4689 [details]
Test case for this bug
Comment 2 Matthias Dieter Wallnöfer 2009-09-16 04:50:09 UTC
This problem isn't such easy to fix: It's due to "py_talloc_get_ptr". This is a macro which gets the pointer attribute "ptr" from a "PyObject" object. And nothing more - so no type check is going to be performed (consider pytalloc.h line 42).
To fix this (it's a far bigger problem - there isn't only affected the mentioned call) we would have to do quite some work.

I personally don't know if it's worth the effort to generate a python exception, since SIGSEGVs are basically a form of C exceptions; they mean that something went wrong. So I'd vote for a "WONTFIX" and live with the type problems.

But I'd like to see also Jelmer's comment here.
Comment 3 Matthieu Patou 2009-09-17 10:59:06 UTC
Created attachment 4713 [details]
Patch for the pb
Comment 4 Matthias Dieter Wallnöfer 2009-09-18 07:16:43 UTC
Thanks for this wonderful patch. Didn't know that there exists such an elegant idea/approach (I personally am not such skilled in python). Merged to master!