changeset: 97697:6fc744ac3953 parent: 97691:abc416ca59fc parent: 97696:7cdadcc1002d user: Steve Dower date: Sat Sep 05 21:00:33 2015 -0700 files: Lib/test/test_time.py Misc/NEWS description: Issue #24917: time_strftime() Buffer Over-read. Patch by John Leitch. diff -r abc416ca59fc -r 6fc744ac3953 Lib/test/test_time.py --- a/Lib/test/test_time.py Sat Sep 05 17:06:18 2015 -0700 +++ b/Lib/test/test_time.py Sat Sep 05 21:00:33 2015 -0700 @@ -177,6 +177,12 @@ def test_strftime_bounding_check(self): self._bounds_checking(lambda tup: time.strftime('', tup)) + def test_strftime_format_check(self): + for x in [ '', 'A', '%A', '%AA' ]: + for y in range(0x0, 0x10): + for z in [ '%', 'A%', 'AA%', '%A%', 'A%A%', '%#' ]: + self.assertRaises(ValueError, time.strftime, x * y + z) + def test_default_values_for_zero(self): # Make sure that using all zeros uses the proper default # values. No test for daylight savings since strftime() does diff -r abc416ca59fc -r 6fc744ac3953 Misc/NEWS --- a/Misc/NEWS Sat Sep 05 17:06:18 2015 -0700 +++ b/Misc/NEWS Sat Sep 05 21:00:33 2015 -0700 @@ -179,6 +179,8 @@ Library ------- +- Issue #24917: time_strftime() Buffer Over-read. Patch by John Leitch. + - Issue #24635: Fixed a bug in typing.py where isinstance([], typing.Iterable) would return True once, then False on subsequent calls. diff -r abc416ca59fc -r 6fc744ac3953 Modules/timemodule.c --- a/Modules/timemodule.c Sat Sep 05 17:06:18 2015 -0700 +++ b/Modules/timemodule.c Sat Sep 05 21:00:33 2015 -0700 @@ -623,6 +623,12 @@ Py_DECREF(format); return NULL; } + else if (outbuf[1] == '\0') + { + PyErr_SetString(PyExc_ValueError, "Incomplete format string"); + Py_DECREF(format); + return NULL; + } } #elif (defined(_AIX) || defined(sun)) && defined(HAVE_WCSFTIME) for(outbuf = wcschr(fmt, '%'); @@ -636,6 +642,12 @@ "format %y requires year >= 1900 on AIX"); return NULL; } + else if (outbuf[1] == '\0') + { + PyErr_SetString(PyExc_ValueError, "Incomplete format string"); + Py_DECREF(format); + return NULL; + } } #endif