python:build: do not allow sizeof(int) != 4

A non-32 bit int will (if the compiler allows it) result in code
where we write into memory adjacent to a target uint32_t value in
many python bindings using the python arg-parsing API. The more
correct thing to do would be to always parse into an unsigned long
long and error if it is greater than UINT32_MAX, but we do this in
so many places that there is reason to believe we'll just keep
adding more.

Note, we already check in lib/replace/wscript that int is at least
32 bits; here we are effectively just checking that it is not more.

There was apparently a version of 64 bit Solaris in the 1990s that
had 64 bit ints.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Jennifer Sutton <jennifersutton@catalyst.net.nz>

diff --git a/python/wscript b/python/wscript
index 7c17e390dc70714963579c59e5617b1c8479fe5d..b5e509bbf1ac7ffa447b3eee2de5c47ad965ea65 100644 (file)
--- a/python/wscript
+++ b/python/wscript
@@ -72,6 +72,19 @@ def configure(conf):
     finally:
         f.close()
 
+    # In many places we fill in a uint32_t with an unsigned int, using
+    # PyArg_ParseTuple("I"), which will overwrite memory if the size
+    # of the int is not 4. There are no systems on which Samba will
+    # compile where int is not 32 bit, but we are testing in case this
+    # changes.
+    if 'SIZEOF_INT' not in conf.env:
+        conf.CHECK_SIZEOF('int uint32_t')
+    sizeof_int = conf.env['SIZEOF_INT']
+    sizeof_uint32 = conf.env['SIZEOF_UINT32_T']
+    if sizeof_int != sizeof_uint32:
+        conf.fatal("Samba python bindings won't work with int bigger than uint32_t "
+                   f"(int: {sizeof_int}, uint32_t: {sizeof_uint32}).")
+
     if conf.CONFIG_GET('ENABLE_SELFTEST'):
         for module, package in selftest_pkgs.items():
             find_third_party_module(conf, module, package)