issue 4804: Provide checks for the format string of strftime, and for the "mode" string of fopen on Windows. These strings are user provided from python and so we can avoid invoking the C runtime invalid parameter handler by first checking that they are valid.
diff --git a/Modules/timemodule.c b/Modules/timemodule.c
index e8de2c5..2f4092d 100644
--- a/Modules/timemodule.c
+++ b/Modules/timemodule.c
@@ -470,6 +470,23 @@
return NULL;
}
+#ifdef MS_WINDOWS
+ /* check that the format string contains only valid directives */
+ for(outbuf = strchr(fmt, '%');
+ outbuf != NULL;
+ outbuf = strchr(outbuf+2, '%'))
+ {
+ if (outbuf[1]=='#')
+ ++outbuf; /* not documented by python, */
+ if (outbuf[1]=='\0' ||
+ !strchr("aAbBcdfHIjmMpSUwWxXyYzZ%", outbuf[1]))
+ {
+ PyErr_SetString(PyExc_ValueError, "Invalid format string");
+ return 0;
+ }
+ }
+#endif
+
fmtlen = strlen(fmt);
/* I hate these functions that presume you know how big the output