diff options
| -rw-r--r-- | Modules/timemodule.c | 18 |
1 files changed, 18 insertions, 0 deletions
diff --git a/Modules/timemodule.c b/Modules/timemodule.c index 7e18086..2727297 100644 --- a/Modules/timemodule.c +++ b/Modules/timemodule.c @@ -513,6 +513,24 @@ time_strftime(PyObject *self, PyObject *args) if (format == NULL) return NULL; fmt = PyBytes_AS_STRING(format); + +#ifdef MS_WINDOWS + /* check that the format string contains only valid directives */ + for(outbuf = strchr(fmt, '%'); + outbuf != NULL; + outbuf = strchr(outbuf+2, '%')) + { + if (outbuf[1]=='#') + ++outbuf; /* not documented by python, */ + if (outbuf[1]=='\0' || + !strchr("aAbBcdfHIjmMpSUwWxXyYzZ%", outbuf[1])) + { + PyErr_SetString(PyExc_ValueError, "Invalid format string"); + return 0; + } + } +#endif + fmtlen = strlen(fmt); /* I hate these functions that presume you know how big the output |