- Fix DoS via XML document with malformed UTF-8 sequences (CVE_2009_3560).

author Matthias Klose <doko@ubuntu.com>

Thu, 21 Jan 2010 17:41:47 +0000 (17:41 +0000)

committer Matthias Klose <doko@ubuntu.com>

Thu, 21 Jan 2010 17:41:47 +0000 (17:41 +0000)
author Matthias Klose <doko@ubuntu.com>
Thu, 21 Jan 2010 17:41:47 +0000 (17:41 +0000)
committer Matthias Klose <doko@ubuntu.com>
Thu, 21 Jan 2010 17:41:47 +0000 (17:41 +0000)
diff --git a/Misc/NEWS b/Misc/NEWS

index c17d77033b49d7adf167bcc82fccd150c78065ac..638d8e762c45d69ee7b037f6e5e0958eeee9a959 100644 (file)
--- a/Misc/NEWS
+++ b/Misc/NEWS
@@ -4,6 +4,17 @@ Python News
  
  (editors: check NEWS.help for information about editing NEWS using ReST.)
  
+What's New in Python 2.5.5c2?
+=============================
+
+*Release date: xx-xxx-2010*
+
+Extension Modules
+-----------------
+
+- Fix DoS via XML document with malformed UTF-8 sequences (CVE_2009_3560).
+
+
  What's New in Python 2.5.5c1?
  =============================
  
diff --git a/Modules/expat/xmlparse.c b/Modules/expat/xmlparse.c

index e04426d0cc1591e5d45be5b0f0dcb335226af500..105958b64965463f510ef0ff6c4b57478bbcffb2 100644 (file)
--- a/Modules/expat/xmlparse.c
+++ b/Modules/expat/xmlparse.c
@@ -3682,6 +3682,9 @@ doProlog(XML_Parser parser,
          return XML_ERROR_UNCLOSED_TOKEN;
        case XML_TOK_PARTIAL_CHAR:
          return XML_ERROR_PARTIAL_CHAR;
+      case -XML_TOK_PROLOG_S:
+        tok = -tok;
+        break;
        case XML_TOK_NONE:
  #ifdef XML_DTD
          /* for internal PE NOT referenced between declarations */
author	Matthias Klose <doko@ubuntu.com>
	Thu, 21 Jan 2010 17:41:47 +0000 (17:41 +0000)
committer	Matthias Klose <doko@ubuntu.com>
	Thu, 21 Jan 2010 17:41:47 +0000 (17:41 +0000)
Misc/NEWS		patch \| blob \| history
Modules/expat/xmlparse.c		patch \| blob \| history