summaryrefslogtreecommitdiffstats
path: root/Modules/cPickle.c
diff options
context:
space:
mode:
authorMartin v. Löwis <martin@v.loewis.de>2002-08-14 07:46:28 (GMT)
committerMartin v. Löwis <martin@v.loewis.de>2002-08-14 07:46:28 (GMT)
commit8a8da798a5a35bb387575d696799be29c4eaa0d3 (patch)
tree66bb5ad750db964cd527b74b3bd6a4b11b2dcac1 /Modules/cPickle.c
parentcffac66393c2af89c6546ab081f9098633273a53 (diff)
downloadcpython-8a8da798a5a35bb387575d696799be29c4eaa0d3.zip
cpython-8a8da798a5a35bb387575d696799be29c4eaa0d3.tar.gz
cpython-8a8da798a5a35bb387575d696799be29c4eaa0d3.tar.bz2
Patch #505705: Remove eval in pickle and cPickle.
Diffstat (limited to 'Modules/cPickle.c')
-rw-r--r--Modules/cPickle.c51
1 files changed, 20 insertions, 31 deletions
diff --git a/Modules/cPickle.c b/Modules/cPickle.c
index d1f7867..14936a6 100644
--- a/Modules/cPickle.c
+++ b/Modules/cPickle.c
@@ -2864,46 +2864,35 @@ static int
load_string(Unpicklerobject *self)
{
PyObject *str = 0;
- int len, res = -1, nslash;
- char *s, q, *p;
-
- static PyObject *eval_dict = 0;
+ int len, res = -1;
+ char *s, *p;
if ((len = (*self->readline_func)(self, &s)) < 0) return -1;
if (len < 2) return bad_readline();
if (!( s=pystrndup(s,len))) return -1;
- /* Check for unquoted quotes (evil strings) */
- q=*s;
- if (q != '"' && q != '\'') goto insecure;
- for (p=s+1, nslash=0; *p; p++) {
- if (*p==q && nslash%2==0) break;
- if (*p=='\\') nslash++;
- else nslash=0;
- }
- if (*p == q) {
- for (p++; *p; p++)
- if (*(unsigned char *)p > ' ')
- goto insecure;
- }
- else
+
+ /* Strip outermost quotes */
+ while (s[len-1] <= ' ')
+ len--;
+ if(s[0]=='"' && s[len-1]=='"'){
+ s[len-1] = '\0';
+ p = s + 1 ;
+ len -= 2;
+ } else if(s[0]=='\'' && s[len-1]=='\''){
+ s[len-1] = '\0';
+ p = s + 1 ;
+ len -= 2;
+ } else
goto insecure;
/********************************************/
- if (!( eval_dict ))
- if (!( eval_dict = Py_BuildValue("{s{}}", "__builtins__")))
- goto finally;
-
- if (!( str = PyRun_String(s, Py_eval_input, eval_dict, eval_dict)))
- goto finally;
-
- free(s);
- PDATA_PUSH(self->stack, str, -1);
- return 0;
-
- finally:
+ str = PyString_DecodeEscape(p, len, NULL, 0, NULL);
+ if (str) {
+ PDATA_PUSH(self->stack, str, -1);
+ res = 0;
+ }
free(s);
-
return res;
insecure: