From: Andrew Bartlett <abartlet@samba.org>
Date: Wed, 9 Aug 2017 01:57:13 +0000 (+1200)
Subject: py-librpc: Strictly check the type of the incoming sid pointer
X-Git-Url: http://git.samba.org/?p=metze%2Fsamba%2Fwip.git;a=commitdiff_plain;h=0dbcd6a4eafb75e1d888e71ee0fa74f36cc6af62

py-librpc: Strictly check the type of the incoming sid pointer

This avoids casting another type of object to a void* and then to a SID

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>

Autobuild-User(master): Garming Sam <garming@samba.org>
Autobuild-Date(master): Tue Aug 15 12:00:58 CEST 2017 on sn-devel-144
---

diff --git a/source4/librpc/ndr/py_security.c b/source4/librpc/ndr/py_security.c
index 4cc256649966..8288748b2bef 100644
--- a/source4/librpc/ndr/py_security.c
+++ b/source4/librpc/ndr/py_security.c
@@ -249,6 +249,13 @@ static PyObject *py_descriptor_from_sddl(PyObject *self, PyObject *args)
 	if (!PyArg_ParseTuple(args, "sO!", &sddl, &dom_sid_Type, &py_sid))
 		return NULL;
 
+	if (!PyObject_TypeCheck(py_sid, &dom_sid_Type)) {
+		PyErr_SetString(PyExc_TypeError,
+				"expected security.dom_sid "
+				"for second argument to .from_sddl");
+		return NULL;
+	}
+
 	sid = pytalloc_get_ptr(py_sid);
 
 	secdesc = sddl_decode(NULL, sddl, sid);