[Python-checkins] python/dist/src/Modules datetimemodule.c, 1.70, 1.71

tim_one at users.sourceforge.net tim_one at users.sourceforge.net
Sun Mar 21 18:38:59 EST 2004 

Update of /cvsroot/python/python/dist/src/Modules
In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv24198/Modules

Modified Files:
	datetimemodule.c 
Log Message:
SF bug 847019 datetime.datetime initialization needs more strict checking
It's possible to create insane datetime objects by using the constructor
"backdoor" inserted for fast unpickling.  Doing extensive range checking
would eliminate the backdoor's purpose (speed), but at least a little
checking can stop honest mistakes.

Bugfix candidate.


Index: datetimemodule.c
===================================================================
RCS file: /cvsroot/python/python/dist/src/Modules/datetimemodule.c,v
retrieving revision 1.70
retrieving revision 1.71
diff -C2 -d -r1.70 -r1.71
*** datetimemodule.c	2 Mar 2004 04:38:10 -0000	1.70
--- datetimemodule.c	21 Mar 2004 23:38:41 -0000	1.71
***************
*** 81,84 ****
--- 81,90 ----
  #define HASTZINFO(p)		(((_PyDateTime_BaseTZInfo *)(p))->hastzinfo)
  
+ /* M is a char or int claiming to be a valid month.  The macro is equivalent
+  * to the two-sided Python test
+  *	1 <= M <= 12
+  */
+ #define MONTH_IS_SANE(M) ((unsigned int)(M) - 1 < 12)
+ 
  /* Forward declarations. */
  static PyTypeObject PyDateTime_DateType;
***************
*** 2196,2200 ****
  	if (PyTuple_GET_SIZE(args) == 1 &&
  	    PyString_Check(state = PyTuple_GET_ITEM(args, 0)) &&
! 	    PyString_GET_SIZE(state) == _PyDateTime_DATE_DATASIZE)
  	{
  	    	PyDateTime_Date *me;
--- 2202,2207 ----
  	if (PyTuple_GET_SIZE(args) == 1 &&
  	    PyString_Check(state = PyTuple_GET_ITEM(args, 0)) &&
! 	    PyString_GET_SIZE(state) == _PyDateTime_DATE_DATASIZE &&
! 	    MONTH_IS_SANE(PyString_AS_STRING(state)[2]))
  	{
  	    	PyDateTime_Date *me;
***************
*** 3551,3555 ****
  	    PyTuple_GET_SIZE(args) <= 2 &&
  	    PyString_Check(state = PyTuple_GET_ITEM(args, 0)) &&
! 	    PyString_GET_SIZE(state) == _PyDateTime_DATETIME_DATASIZE)
  	{
  		PyDateTime_DateTime *me;
--- 3558,3563 ----
  	    PyTuple_GET_SIZE(args) <= 2 &&
  	    PyString_Check(state = PyTuple_GET_ITEM(args, 0)) &&
! 	    PyString_GET_SIZE(state) == _PyDateTime_DATETIME_DATASIZE &&
! 	    MONTH_IS_SANE(PyString_AS_STRING(state)[2]))
  	{
  		PyDateTime_DateTime *me;

More information about the Python-checkins mailing list