From bdb4132617ef5082a81fe9247e233ae71e1b91f5 Mon Sep 17 00:00:00 2001 From: Douglas Bagnall Date: Tue, 24 Apr 2018 12:34:50 +1200 Subject: [PATCH] pynbt: catch type errors in PyObject_AsNBTName() This fixes some known segfaults. Signed-off-by: Douglas Bagnall Reviewed-by: Andrew Bartlett --- libcli/nbt/pynbt.c | 20 +++++++++++++++++++- selftest/knownfail.d/python-segfaults | 1 - 2 files changed, 19 insertions(+), 2 deletions(-) diff --git a/libcli/nbt/pynbt.c b/libcli/nbt/pynbt.c index 032561a4bd8..ccd7a039248 100644 --- a/libcli/nbt/pynbt.c +++ b/libcli/nbt/pynbt.c @@ -97,13 +97,28 @@ static bool PyObject_AsNBTName(PyObject *obj, struct nbt_name_socket *name_socke if (PyTuple_Check(obj)) { if (PyTuple_Size(obj) == 2) { name->name = PyStr_AsString(PyTuple_GetItem(obj, 0)); + if (name->name == NULL) { + goto err; + } name->type = PyInt_AsLong(PyTuple_GetItem(obj, 1)); + if (name->type == -1 && PyErr_Occurred()) { + goto err; + } name->scope = NULL; return true; } else if (PyTuple_Size(obj) == 3) { name->name = PyStr_AsString(PyTuple_GetItem(obj, 0)); + if (name->name == NULL) { + goto err; + } name->scope = PyStr_AsString(PyTuple_GetItem(obj, 1)); + if (name->scope == NULL) { + goto err; + } name->type = PyInt_AsLong(PyTuple_GetItem(obj, 2)); + if (name->type == -1 && PyErr_Occurred()) { + goto err; + } return true; } else { PyErr_SetString(PyExc_TypeError, "Invalid tuple size"); @@ -114,11 +129,14 @@ static bool PyObject_AsNBTName(PyObject *obj, struct nbt_name_socket *name_socke if (PyStr_Check(obj) || PyUnicode_Check(obj)) { /* FIXME: Parse string to be able to interpret things like RHONWYN<02> ? */ name->name = PyStr_AsString(obj); + if (name->name == NULL) { + goto err; + } name->scope = NULL; name->type = 0; return true; } - +err: PyErr_SetString(PyExc_TypeError, "Invalid type for object"); return false; } diff --git a/selftest/knownfail.d/python-segfaults b/selftest/knownfail.d/python-segfaults index b1938cd1702..c4f83f36a12 100644 --- a/selftest/knownfail.d/python-segfaults +++ b/selftest/knownfail.d/python-segfaults @@ -5,4 +5,3 @@ samba.tests.segfault.samba.tests.segfault.SegfaultTests.test_hive_open_ldb samba.tests.segfault.samba.tests.segfault.SegfaultTests.test_net_replicate_chunk_1 samba.tests.segfault.samba.tests.segfault.SegfaultTests.test_net_replicate_init__1 samba.tests.segfault.samba.tests.segfault.SegfaultTests.test_net_replicate_init__3 -samba.tests.segfault.samba.tests.segfault.SegfaultTests.test_netbios_query_name