From: Douglas Bagnall Date: Tue, 21 Jun 2022 23:12:30 +0000 (+1200) Subject: pyglue: generate_random_[machine]_password: reject negative numbers X-Git-Tag: talloc-2.4.0~1295 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=4f902dba336f9d2aabb31e2ba6acf2b8ad726fcc;p=thirdparty%2Fsamba.git pyglue: generate_random_[machine]_password: reject negative numbers Other range errors (e.g. min > max) are caught in the wrapped functions which returns EINVAL, so we don't recapitulate that logic (see next commit though). Signed-off-by: Douglas Bagnall Reviewed-by: Andreas Schneider --- diff --git a/python/pyglue.c b/python/pyglue.c index 969b35145de..dee3c296e03 100644 --- a/python/pyglue.c +++ b/python/pyglue.c @@ -57,8 +57,20 @@ static PyObject *py_generate_random_password(PyObject *self, PyObject *args) int min, max; PyObject *ret; char *retstr; - if (!PyArg_ParseTuple(args, "ii", &min, &max)) + if (!PyArg_ParseTuple(args, "ii", &min, &max)) { return NULL; + } + if (max < 0 || min < 0) { + /* + * The real range checks happen in generate_random_password(). + * Here we are just checking the values won't overflow into + * numbers when cast to size_t. + */ + PyErr_Format(PyExc_ValueError, + "invalid range: %d - %d", + min, max); + return NULL; + } retstr = generate_random_password(NULL, min, max); if (retstr == NULL) { @@ -74,8 +86,21 @@ static PyObject *py_generate_random_machine_password(PyObject *self, PyObject *a int min, max; PyObject *ret; char *retstr; - if (!PyArg_ParseTuple(args, "ii", &min, &max)) + if (!PyArg_ParseTuple(args, "ii", &min, &max)) { return NULL; + } + if (max < 0 || min < 0) { + /* + * The real range checks happen in + * generate_random_machine_password(). + * Here we are just checking the values won't overflow into + * numbers when cast to size_t. + */ + PyErr_Format(PyExc_ValueError, + "invalid range: %d - %d", + min, max); + return NULL; + } retstr = generate_random_machine_password(NULL, min, max); if (retstr == NULL) {