summaryrefslogtreecommitdiffstats
path: root/Modules
diff options
context:
space:
mode:
authorAmaury Forgeot d'Arc <amauryfa@gmail.com>2009-03-02 23:52:57 (GMT)
committerAmaury Forgeot d'Arc <amauryfa@gmail.com>2009-03-02 23:52:57 (GMT)
commitb5be6d48190418a58f0a49b4a4d5f476560f6a64 (patch)
tree9aeca4943e2d420941a10b0b6767c7fa4ac76c61 /Modules
parentf5b52246ed8a1191c3aa1da7d3c63bbe11aee020 (diff)
downloadcpython-b5be6d48190418a58f0a49b4a4d5f476560f6a64.zip
cpython-b5be6d48190418a58f0a49b4a4d5f476560f6a64.tar.gz
cpython-b5be6d48190418a58f0a49b4a4d5f476560f6a64.tar.bz2
re-merge r69268 (issue4804) from trunk:
Now that the C runtime assertions are not silenced any more, we must provide checks for the format string of strftime
Diffstat (limited to 'Modules')
-rw-r--r--Modules/timemodule.c18
1 files changed, 18 insertions, 0 deletions
diff --git a/Modules/timemodule.c b/Modules/timemodule.c
index 7e18086..2727297 100644
--- a/Modules/timemodule.c
+++ b/Modules/timemodule.c
@@ -513,6 +513,24 @@ time_strftime(PyObject *self, PyObject *args)
if (format == NULL)
return NULL;
fmt = PyBytes_AS_STRING(format);
+
+#ifdef MS_WINDOWS
+ /* check that the format string contains only valid directives */
+ for(outbuf = strchr(fmt, '%');
+ outbuf != NULL;
+ outbuf = strchr(outbuf+2, '%'))
+ {
+ if (outbuf[1]=='#')
+ ++outbuf; /* not documented by python, */
+ if (outbuf[1]=='\0' ||
+ !strchr("aAbBcdfHIjmMpSUwWxXyYzZ%", outbuf[1]))
+ {
+ PyErr_SetString(PyExc_ValueError, "Invalid format string");
+ return 0;
+ }
+ }
+#endif
+
fmtlen = strlen(fmt);
/* I hate these functions that presume you know how big the output