summaryrefslogtreecommitdiff
path: root/python
diff options
context:
space:
mode:
authorDouglas Bagnall <douglas.bagnall@catalyst.net.nz>2022-06-22 11:12:30 +1200
committerAndreas Schneider <asn@cryptomilk.org>2022-08-26 07:59:32 +0000
commit4f902dba336f9d2aabb31e2ba6acf2b8ad726fcc (patch)
treefaf6225c679802f1022f4355c406c9b0f2667b92 /python
parentb7b4d6da5fa81635e71c5e5e84dbdd13e7915b4b (diff)
downloadsamba-4f902dba336f9d2aabb31e2ba6acf2b8ad726fcc.tar.gz
samba-4f902dba336f9d2aabb31e2ba6acf2b8ad726fcc.tar.bz2
samba-4f902dba336f9d2aabb31e2ba6acf2b8ad726fcc.zip
pyglue: generate_random_[machine]_password: reject negative numbers
Other range errors (e.g. min > max) are caught in the wrapped functions which returns EINVAL, so we don't recapitulate that logic (see next commit though). Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andreas Schneider <asn@samba.org>
Diffstat (limited to 'python')
-rw-r--r--python/pyglue.c29
1 files changed, 27 insertions, 2 deletions
diff --git a/python/pyglue.c b/python/pyglue.c
index 969b35145de..dee3c296e03 100644
--- a/python/pyglue.c
+++ b/python/pyglue.c
@@ -57,8 +57,20 @@ static PyObject *py_generate_random_password(PyObject *self, PyObject *args)
int min, max;
PyObject *ret;
char *retstr;
- if (!PyArg_ParseTuple(args, "ii", &min, &max))
+ if (!PyArg_ParseTuple(args, "ii", &min, &max)) {
return NULL;
+ }
+ if (max < 0 || min < 0) {
+ /*
+ * The real range checks happen in generate_random_password().
+ * Here we are just checking the values won't overflow into
+ * numbers when cast to size_t.
+ */
+ PyErr_Format(PyExc_ValueError,
+ "invalid range: %d - %d",
+ min, max);
+ return NULL;
+ }
retstr = generate_random_password(NULL, min, max);
if (retstr == NULL) {
@@ -74,8 +86,21 @@ static PyObject *py_generate_random_machine_password(PyObject *self, PyObject *a
int min, max;
PyObject *ret;
char *retstr;
- if (!PyArg_ParseTuple(args, "ii", &min, &max))
+ if (!PyArg_ParseTuple(args, "ii", &min, &max)) {
return NULL;
+ }
+ if (max < 0 || min < 0) {
+ /*
+ * The real range checks happen in
+ * generate_random_machine_password().
+ * Here we are just checking the values won't overflow into
+ * numbers when cast to size_t.
+ */
+ PyErr_Format(PyExc_ValueError,
+ "invalid range: %d - %d",
+ min, max);
+ return NULL;
+ }
retstr = generate_random_machine_password(NULL, min, max);
if (retstr == NULL) {
generated by cgit v1.2.3 (git 2.25.1) at 2026-06-11 01:22:36 +0000