[Python-checkins] python/dist/src/Modules timemodule.c, 2.139,
2.140 datetimemodule.c, 1.69, 1.70
bcannon at users.sourceforge.net
bcannon at users.sourceforge.net
Mon Mar 1 23:38:12 EST 2004
Update of /cvsroot/python/python/dist/src/Modules
In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv29826/Modules
Modified Files:
timemodule.c datetimemodule.c
Log Message:
Have strftime() check its time tuple argument to make sure the tuple's values
are within proper boundaries as specified in the docs.
This can break possible code (datetime module needed changing, for instance)
that uses 0 for values that need to be greater 1 or greater (month, day, and
day of year).
Fixes bug #897625.
Index: timemodule.c
===================================================================
RCS file: /cvsroot/python/python/dist/src/Modules/timemodule.c,v
retrieving revision 2.139
retrieving revision 2.140
diff -C2 -d -r2.139 -r2.140
*** timemodule.c 20 Nov 2003 01:44:59 -0000 2.139
--- timemodule.c 2 Mar 2004 04:38:10 -0000 2.140
***************
*** 347,350 ****
--- 347,392 ----
return NULL;
+ /* Checks added to make sure strftime() does not crash Python by
+ indexing blindly into some array for a textual representation
+ by some bad index (fixes bug #897625).
+
+ No check for year since handled in gettmarg().
+ */
+ if (buf.tm_mon < 0 || buf.tm_mon > 11) {
+ PyErr_SetString(PyExc_ValueError, "month out of range");
+ return NULL;
+ }
+ if (buf.tm_mday < 1 || buf.tm_mday > 31) {
+ PyErr_SetString(PyExc_ValueError, "day of month out of range");
+ return NULL;
+ }
+ if (buf.tm_hour < 0 || buf.tm_hour > 23) {
+ PyErr_SetString(PyExc_ValueError, "hour out of range");
+ return NULL;
+ }
+ if (buf.tm_min < 0 || buf.tm_min > 59) {
+ PyErr_SetString(PyExc_ValueError, "minute out of range");
+ return NULL;
+ }
+ if (buf.tm_sec < 0 || buf.tm_sec > 61) {
+ PyErr_SetString(PyExc_ValueError, "seconds out of range");
+ return NULL;
+ }
+ /* tm_wday does not need checking of its upper-bound since taking
+ ``% 7`` in gettmarg() automatically restricts the range. */
+ if (buf.tm_wday < 0) {
+ PyErr_SetString(PyExc_ValueError, "day of week out of range");
+ return NULL;
+ }
+ if (buf.tm_yday < 0 || buf.tm_yday > 365) {
+ PyErr_SetString(PyExc_ValueError, "day of year out of range");
+ return NULL;
+ }
+ if (buf.tm_isdst < -1 || buf.tm_isdst > 1) {
+ PyErr_SetString(PyExc_ValueError,
+ "daylight savings flag out of range");
+ return NULL;
+ }
+
fmtlen = strlen(fmt);
Index: datetimemodule.c
===================================================================
RCS file: /cvsroot/python/python/dist/src/Modules/datetimemodule.c,v
retrieving revision 1.69
retrieving revision 1.70
diff -C2 -d -r1.69 -r1.70
*** datetimemodule.c 20 Oct 2003 14:01:53 -0000 1.69
--- datetimemodule.c 2 Mar 2004 04:38:10 -0000 1.70
***************
*** 3190,3198 ****
*/
tuple = Py_BuildValue("iiiiiiiii",
! 1900, 0, 0, /* year, month, day */
TIME_GET_HOUR(self),
TIME_GET_MINUTE(self),
TIME_GET_SECOND(self),
! 0, 0, -1); /* weekday, daynum, dst */
if (tuple == NULL)
return NULL;
--- 3190,3198 ----
*/
tuple = Py_BuildValue("iiiiiiiii",
! 1900, 1, 1, /* year, month, day */
TIME_GET_HOUR(self),
TIME_GET_MINUTE(self),
TIME_GET_SECOND(self),
! 0, 1, -1); /* weekday, daynum, dst */
if (tuple == NULL)
return NULL;
More information about the Python-checkins
mailing list