pickle: Replace exec() with eval(), smaller surface for security issues.

2018-01-21 14:42:49 +02:00 · 2018-01-21 14:42:49 +02:00 · 4328dde8f8
commit 4328dde8f8
--- a/pickle/pickle.py
+++ b/pickle/pickle.py
@ -18,5 +18,4 @@ def loads(s):
            pkg = qualname.rsplit(".", 1)[0]
            mod = __import__(pkg)
            d[pkg] = mod
-    exec("v=" + s, d)
-    return d["v"]
+    return eval(s, d)