pidl: Assert that python arrays will not overflow the C array

We do not write network services in Python, so this is not a security issue, but would cause
a crash or other odd behaviour if the length was changed

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11430

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

diff --git a/pidl/lib/Parse/Pidl/Samba4/Python.pm b/pidl/lib/Parse/Pidl/Samba4/Python.pm
index a84c6f6ba1e30485c88eef4ae2ba3cda7fb1bd2e..ad9ff88fd588970c6eb3ae15b195eb280f3bf280 100644 (file)
--- a/pidl/lib/Parse/Pidl/Samba4/Python.pm
+++ b/pidl/lib/Parse/Pidl/Samba4/Python.pm
@@ -1223,6 +1223,13 @@ sub ConvertObjectFromPythonLevel($$$$$$$$)
                                $self->pidl("$var_name = talloc_array_ptrtype($mem_ctx, $var_name, PyList_GET_SIZE($py_var));");
                                $self->pidl("if (!$var_name) { $fail; }");
                                $self->pidl("talloc_set_name_const($var_name, \"ARRAY: $var_name\");");
+                       } else {
+                               $self->pidl("if (ARRAY_SIZE($var_name) != PyList_GET_SIZE($py_var)) {");
+                               $self->indent;
+                               $self->pidl("PyErr_Format(PyExc_TypeError, \"Expected list of type %s, length %zu, got %zd\", Py_TYPE($py_var)->tp_name, ARRAY_SIZE($var_name),  PyList_GET_SIZE($py_var));");
+                               $self->pidl("$fail");
+                               $self->deindent;
+                               $self->pidl("}");
                        }
                        $self->pidl("for ($counter = 0; $counter < PyList_GET_SIZE($py_var); $counter++) {");
                        $self->indent;