Microsoft APIs like CryptStringToBinary and structs like SecBuffer and SEC_WINNT_AUTH_IDENTITY expect string length as ULONG. Python string length is defined as Py_ssize_t (ssize_t on platforms that define it). We should raise ValueError if the length of input strings exceeds ULONG_MAX. Currently these strings are truncated on 64 bit systems. Raising an explicit exception will make debugging much easier than authentication failing.
behackett
commented
8 years ago
Microsoft APIs like CryptStringToBinary and structs like SecBuffer and SEC_WINNT_AUTH_IDENTITY expect string length as ULONG. Python string length is defined as Py_ssize_t (ssize_t on platforms that define it). We should raise ValueError if the length of input strings exceeds ULONG_MAX. Currently these strings are truncated on 64 bit systems. Raising an explicit exception will make debugging much easier than authentication failing.