diff options
author | Martin v. Löwis <martin@v.loewis.de> | 2002-08-14 07:46:28 (GMT) |
---|---|---|
committer | Martin v. Löwis <martin@v.loewis.de> | 2002-08-14 07:46:28 (GMT) |
commit | 8a8da798a5a35bb387575d696799be29c4eaa0d3 (patch) | |
tree | 66bb5ad750db964cd527b74b3bd6a4b11b2dcac1 /Modules | |
parent | cffac66393c2af89c6546ab081f9098633273a53 (diff) | |
download | cpython-8a8da798a5a35bb387575d696799be29c4eaa0d3.zip cpython-8a8da798a5a35bb387575d696799be29c4eaa0d3.tar.gz cpython-8a8da798a5a35bb387575d696799be29c4eaa0d3.tar.bz2 |
Patch #505705: Remove eval in pickle and cPickle.
Diffstat (limited to 'Modules')
-rw-r--r-- | Modules/_codecsmodule.c | 46 | ||||
-rw-r--r-- | Modules/cPickle.c | 51 |
2 files changed, 65 insertions, 32 deletions
diff --git a/Modules/_codecsmodule.c b/Modules/_codecsmodule.c index d663293..1e3fc5d 100644 --- a/Modules/_codecsmodule.c +++ b/Modules/_codecsmodule.c @@ -71,7 +71,6 @@ PyObject *codeclookup(PyObject *self, PyObject *args) return NULL; } -#ifdef Py_USING_UNICODE /* --- Helpers ------------------------------------------------------------ */ static @@ -97,6 +96,49 @@ PyObject *codec_tuple(PyObject *unicode, return v; } +/* --- String codecs ------------------------------------------------------ */ +static PyObject * +escape_decode(PyObject *self, + PyObject *args) +{ + const char *errors = NULL; + const char *data; + int size; + + if (!PyArg_ParseTuple(args, "s#|z:escape_decode", + &data, &size, &errors)) + return NULL; + return codec_tuple(PyString_DecodeEscape(data, size, errors, 0, NULL), + size); +} + +static PyObject * +escape_encode(PyObject *self, + PyObject *args) +{ + PyObject *str; + const char *errors = NULL; + char *buf; + int len; + + if (!PyArg_ParseTuple(args, "O!|z:escape_encode", + &PyString_Type, &str, &errors)) + return NULL; + + str = PyString_Repr(str, 0); + if (!str) + return NULL; + + /* The string will be quoted. Unquote, similar to unicode-escape. */ + buf = PyString_AS_STRING (str); + len = PyString_GET_SIZE (str); + memmove(buf, buf+1, len-2); + _PyString_Resize(&str, len-2); + + return codec_tuple(str, PyString_Size(str)); +} + +#ifdef Py_USING_UNICODE /* --- Decoder ------------------------------------------------------------ */ static PyObject * @@ -669,6 +711,8 @@ mbcs_encode(PyObject *self, static PyMethodDef _codecs_functions[] = { {"register", codecregister, METH_VARARGS}, {"lookup", codeclookup, METH_VARARGS}, + {"escape_encode", escape_encode, METH_VARARGS}, + {"escape_decode", escape_decode, METH_VARARGS}, #ifdef Py_USING_UNICODE {"utf_8_encode", utf_8_encode, METH_VARARGS}, {"utf_8_decode", utf_8_decode, METH_VARARGS}, diff --git a/Modules/cPickle.c b/Modules/cPickle.c index d1f7867..14936a6 100644 --- a/Modules/cPickle.c +++ b/Modules/cPickle.c @@ -2864,46 +2864,35 @@ static int load_string(Unpicklerobject *self) { PyObject *str = 0; - int len, res = -1, nslash; - char *s, q, *p; - - static PyObject *eval_dict = 0; + int len, res = -1; + char *s, *p; if ((len = (*self->readline_func)(self, &s)) < 0) return -1; if (len < 2) return bad_readline(); if (!( s=pystrndup(s,len))) return -1; - /* Check for unquoted quotes (evil strings) */ - q=*s; - if (q != '"' && q != '\'') goto insecure; - for (p=s+1, nslash=0; *p; p++) { - if (*p==q && nslash%2==0) break; - if (*p=='\\') nslash++; - else nslash=0; - } - if (*p == q) { - for (p++; *p; p++) - if (*(unsigned char *)p > ' ') - goto insecure; - } - else + + /* Strip outermost quotes */ + while (s[len-1] <= ' ') + len--; + if(s[0]=='"' && s[len-1]=='"'){ + s[len-1] = '\0'; + p = s + 1 ; + len -= 2; + } else if(s[0]=='\'' && s[len-1]=='\''){ + s[len-1] = '\0'; + p = s + 1 ; + len -= 2; + } else goto insecure; /********************************************/ - if (!( eval_dict )) - if (!( eval_dict = Py_BuildValue("{s{}}", "__builtins__"))) - goto finally; - - if (!( str = PyRun_String(s, Py_eval_input, eval_dict, eval_dict))) - goto finally; - - free(s); - PDATA_PUSH(self->stack, str, -1); - return 0; - - finally: + str = PyString_DecodeEscape(p, len, NULL, 0, NULL); + if (str) { + PDATA_PUSH(self->stack, str, -1); + res = 0; + } free(s); - return res; insecure: |