py-librpc: Strictly check the type of the incoming sid pointer

This avoids casting another type of object to a void* and then to a SID

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Autobuild-User(master): Garming Sam <garming@samba.org>
Autobuild-Date(master): Tue Aug 15 12:00:58 CEST 2017 on sn-devel-144

diff --git a/source4/librpc/ndr/py_security.c b/source4/librpc/ndr/py_security.c
index 4cc256649966dc8b2baf3528eddc5d04445d116e..8288748b2befab34ef98455247c7a870f587d1c1 100644 (file)
--- a/source4/librpc/ndr/py_security.c
+++ b/source4/librpc/ndr/py_security.c
@@ -249,6 +249,13 @@ static PyObject *py_descriptor_from_sddl(PyObject *self, PyObject *args)
        if (!PyArg_ParseTuple(args, "sO!", &sddl, &dom_sid_Type, &py_sid))
                return NULL;
 
+       if (!PyObject_TypeCheck(py_sid, &dom_sid_Type)) {
+               PyErr_SetString(PyExc_TypeError,
+                               "expected security.dom_sid "
+                               "for second argument to .from_sddl");
+               return NULL;
+       }
+
        sid = pytalloc_get_ptr(py_sid);
 
        secdesc = sddl_decode(NULL, sddl, sid);