[issue6608] asctime does not check its input
Alexander Belopolsky
report at bugs.python.org
Sat Jun 12 01:13:20 CEST 2010
Alexander Belopolsky <belopolsky at users.sourceforge.net> added the comment:
That's what CERT recommends. Their code can be reused as is:
int validate_tm(struct tm* time) {
/*
* The range of valid values of the tm_sec member is [0, 60]
* inclusive (to allow for leap seconds).
*/
if (time->tm_sec < 0 || time->tm_sec > 60) return 0;
if (time->tm_min < 0 || time->tm_min >= 60) return 0;
if (time->tm_hour < 0 || time->tm_hour >= 24) return 0;
if (time->tm_mday <= 0 || time->tm_mday > 31) return 0;
if (time->tm_mon < 0 || time->tm_mon >= 12) return 0;
/* While other years are legit, they may overflow asctime()'s buffer */
if (time->tm_year < -999 || time->tm_year > 9999) return 0;
if (time->tm_wday < 0 || time->tm_wday >= 7) return 0;
if (time->tm_yday < 0 || time->tm_yday >= 366) return 0;
return 1;
}
----------
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue6608>
_______________________________________
More information about the Python-bugs-list
mailing list