Bugs item #847019, was opened at 2003-11-21 21:19 Message generated for change (Comment added) made by gvanrossum You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=105470&aid=847019&group_id=5470

Category: Python Library Group: Python 2.3 Status: Open Resolution: None Priority: 7 Submitted By: Michael Dubner (dubnerm)

Summary: datetime.datetime initialization needs more strict checking

Initial Comment: Friend of mine wrote following program: --------------------------------- import datetime t=datetime.datetime('1995-03-25') print t.ctime() --------------------------------- This is obviously wrong code, but instead of reporting this at second line python crashes on third line (with ctime).

Info: Using Python 2.3.2 on Windows 2000

----------------------------------------------------------------------

Date: 2004-03-20 17:52

Message: Logged In: YES user_id=6380

Not sure why this is assigned to me.

One suggestion: we could do a superficial check that would catch the above honest mistake without claiming to prevent all malicious attacks -- malicious pickles aren't something we try to defend against in general (alas).

----------------------------------------------------------------------

Comment By: Michael Dubner (dubnerm) Date: 2003-11-24 20:17

Message: Logged In: YES user_id=39274

Can we add dummy fields to change size of backdoor string so it will not be same as commonly used formats?

----------------------------------------------------------------------

Comment By: Tim Peters (tim_one) Date: 2003-11-24 18:50

Message: Logged In: YES user_id=31435

Na, it's not that simple. Blazing-fast pickling and unpickling was a design goal for datetime. "Sanity checks" require two- tailed comparisons on 7 distinct fields, and checking of the day field requires month-specific comparison, and may even require determing whether it's a leap year. Doing all that would make sucking datetimes out of pickles enormously slower than it is now (it's merely a 10-byte string copy now).

If we were willing to do all the checks we do on things coming through the front door, we wouldn't call it a back door <wink>.

OTOH, we shouldn't allow a hostile user the ability to crash the system via constructing a damaged datetime pickle either, so maybe the whole "fast back door" idea is impossible to rehabilitate.

----------------------------------------------------------------------

Comment By: Michael Dubner (dubnerm) Date: 2003-11-23 20:36

Message: Logged In: YES user_id=39274

Of cause i've seen that backdoor, but from my point of view constructor is not so time-critical that insertion of sanity chechs will slow down in most (sane) scenarios.

----------------------------------------------------------------------

Comment By: Tim Peters (tim_one) Date: 2003-11-21 22:16

Message: Logged In: YES user_id=31435

LOL! Assigned to Guido for his amusement. One string argument of exactly size 10 triggers the "secret" backdoor to construct a datetime.datetime from a pickle. The datetime constructed here is insane, and provokes Microsoft's library into crashing. In a debug build, it triggers an assertion error in the datetime module:

datetime.datetime(12601, 57, 53, 45, 48, 51, 2961973) [16124 refs]

Assertion failed: month <= 12, file C:\Code\python\Modules\datetimemodule.c, line 189

Boosted priority since it's a way to crash the interpreter on Windows.

----------------------------------------------------------------------