Two changes:

load_inst(): Implement the security hook that cPickle already had.
When unpickling callables which are not classes, we look to see if the
object has an attribute __safe_for_unpickling__.  If this exists and
has a true value, then we can call it to create the unpickled object.
Otherwise we raise an UnpicklingError.

find_class(): We no longer mask ImportError, KeyError, and
AttributeError by transforming them into SystemError.  The latter is
definitely not the right thing to do, so we let the former three
exceptions simply propagate up if they occur, i.e. we remove the
try/except!

diff --git a/Lib/pickle.py b/Lib/pickle.py
index a22580b7bdc5a4ee6d307974bee0e56f913743c2..8a079255f13052ff975e3d1f7a08278c01c6de2e 100644 (file)
--- a/Lib/pickle.py
+++ b/Lib/pickle.py
@@ -769,6 +769,9 @@ class Unpickler:
                 pass
         if not instantiated:
             try:
+                if not hasattr(klass, '__safe_for_unpickling__'):
+                    raise UnpicklingError('%s is not safe for unpickling' %
+                                          klass)
                 value = apply(klass, args)
             except TypeError, err:
                 raise TypeError, "in constructor for %s: %s" % (
@@ -807,14 +810,9 @@ class Unpickler:
     dispatch[GLOBAL] = load_global
 
     def find_class(self, module, name):
-        try:
-            __import__(module)
-            mod = sys.modules[module]
-            klass = getattr(mod, name)
-        except (ImportError, KeyError, AttributeError):
-            raise SystemError, \
-                  "Failed to import class %s from module %s" % \
-                  (name, module)
+        __import__(module)
+        mod = sys.modules[module]
+        klass = getattr(mod, name)
         return klass
 
     def load_reduce(self):