From f4afb215262eabfbad00eeb7997b7e9522911eb3 Mon Sep 17 00:00:00 2001 From: Armin Rigo Date: Mon, 7 Nov 2005 07:15:48 +0000 Subject: similar to SF bug 847019: a quick check in the time() constructor, which accepts strings only for unpickling reasons. This check prevents the honest mistake of passing a string like '2:59.0' to time() and getting an insane object. --- Lib/test/test_datetime.py | 7 +++++++ Modules/datetimemodule.c | 3 ++- 2 files changed, 9 insertions(+), 1 deletion(-) diff --git a/Lib/test/test_datetime.py b/Lib/test/test_datetime.py index 9abfb87..27f42c6 100644 --- a/Lib/test/test_datetime.py +++ b/Lib/test/test_datetime.py @@ -1830,6 +1830,13 @@ class TestTime(HarmlessMixedComparison): self.assertEqual(dt1.isoformat(), dt2.isoformat()) self.assertEqual(dt2.newmeth(-7), dt1.hour + dt1.second - 7) + def test_backdoor_resistance(self): + # see TestDate.test_backdoor_resistance(). + base = '2:59.0' + for hour_byte in ' ', '9', chr(24), '\xff': + self.assertRaises(TypeError, self.theclass, + hour_byte + base[1:]) + # A mixin for classes with a tzinfo= argument. Subclasses must define # theclass as a class atribute, and theclass(1, 1, 1, tzinfo=whatever) # must be legit (which is true for time and datetime). diff --git a/Modules/datetimemodule.c b/Modules/datetimemodule.c index 7c1a6d0..6b44fe5 100644 --- a/Modules/datetimemodule.c +++ b/Modules/datetimemodule.c @@ -3046,7 +3046,8 @@ time_new(PyTypeObject *type, PyObject *args, PyObject *kw) if (PyTuple_GET_SIZE(args) >= 1 && PyTuple_GET_SIZE(args) <= 2 && PyString_Check(state = PyTuple_GET_ITEM(args, 0)) && - PyString_GET_SIZE(state) == _PyDateTime_TIME_DATASIZE) + PyString_GET_SIZE(state) == _PyDateTime_TIME_DATASIZE && + ((unsigned char) (PyString_AS_STRING(state)[0])) < 24) { PyDateTime_Time *me; char aware; -- cgit v0.12