diff options
| author | Steve Dower <steve.dower@microsoft.com> | 2015-09-06 04:00:33 (GMT) |
|---|---|---|
| committer | Steve Dower <steve.dower@microsoft.com> | 2015-09-06 04:00:33 (GMT) |
| commit | 74a7b8f027ea1c9cef7176e5a2fcced7655bac4c (patch) | |
| tree | 5e4f8db879522f8597e94fb35eefc002bb10af78 | |
| parent | 318c5aef0e4c01ed7b5dacd0daa0fa42b76e5b99 (diff) | |
| parent | faa868aeacb5bfaab116e1de3e4fa906912067e9 (diff) | |
| download | cpython-74a7b8f027ea1c9cef7176e5a2fcced7655bac4c.zip cpython-74a7b8f027ea1c9cef7176e5a2fcced7655bac4c.tar.gz cpython-74a7b8f027ea1c9cef7176e5a2fcced7655bac4c.tar.bz2 | |
Issue #24917: time_strftime() Buffer Over-read. Patch by John Leitch.
| -rw-r--r-- | Lib/test/test_time.py | 6 | ||||
| -rw-r--r-- | Misc/NEWS | 2 | ||||
| -rw-r--r-- | Modules/timemodule.c | 12 |
3 files changed, 20 insertions, 0 deletions
diff --git a/Lib/test/test_time.py b/Lib/test/test_time.py index 75ab666..8d1930d 100644 --- a/Lib/test/test_time.py +++ b/Lib/test/test_time.py @@ -177,6 +177,12 @@ class TimeTestCase(unittest.TestCase): def test_strftime_bounding_check(self): self._bounds_checking(lambda tup: time.strftime('', tup)) + def test_strftime_format_check(self): + for x in [ '', 'A', '%A', '%AA' ]: + for y in range(0x0, 0x10): + for z in [ '%', 'A%', 'AA%', '%A%', 'A%A%', '%#' ]: + self.assertRaises(ValueError, time.strftime, x * y + z) + def test_default_values_for_zero(self): # Make sure that using all zeros uses the proper default # values. No test for daylight savings since strftime() does @@ -179,6 +179,8 @@ Core and Builtins Library ------- +- Issue #24917: time_strftime() Buffer Over-read. Patch by John Leitch. + - Issue #24635: Fixed a bug in typing.py where isinstance([], typing.Iterable) would return True once, then False on subsequent calls. diff --git a/Modules/timemodule.c b/Modules/timemodule.c index 197d2c0..55e26fa 100644 --- a/Modules/timemodule.c +++ b/Modules/timemodule.c @@ -623,6 +623,12 @@ time_strftime(PyObject *self, PyObject *args) Py_DECREF(format); return NULL; } + else if (outbuf[1] == '\0') + { + PyErr_SetString(PyExc_ValueError, "Incomplete format string"); + Py_DECREF(format); + return NULL; + } } #elif (defined(_AIX) || defined(sun)) && defined(HAVE_WCSFTIME) for(outbuf = wcschr(fmt, '%'); @@ -636,6 +642,12 @@ time_strftime(PyObject *self, PyObject *args) "format %y requires year >= 1900 on AIX"); return NULL; } + else if (outbuf[1] == '\0') + { + PyErr_SetString(PyExc_ValueError, "Incomplete format string"); + Py_DECREF(format); + return NULL; + } } #endif |