- Fix DoS via XML document with malformed UTF-8 sequences (CVE_2009_3560).

author: Matthias Klose <doko@ubuntu.com> 2010-01-21 17:41:47 +0000
committer: Matthias Klose <doko@ubuntu.com> 2010-01-21 17:41:47 +0000
commit: 166f80860e09697d49969fe88bcf0b598eb98ef4 (patch)
tree: a1397b1d9750dd46a1d668daa047012061fa8daf
parent: 8cd94b4306279959dc6deb73b7e27ab437c71b22 (diff)
download: cpython-git-166f80860e09697d49969fe88bcf0b598eb98ef4.tar.gz
2 files changed, 14 insertions, 0 deletions
diff --git a/Misc/NEWS b/Misc/NEWS
index c17d77033b..638d8e762c 100644
--- a/Misc/NEWS
+++ b/Misc/NEWS
@@ -4,6 +4,17 @@ Python News
 
 (editors: check NEWS.help for information about editing NEWS using ReST.)
 
+What's New in Python 2.5.5c2?
+=============================
+
+*Release date: xx-xxx-2010*
+
+Extension Modules
+-----------------
+
+- Fix DoS via XML document with malformed UTF-8 sequences (CVE_2009_3560).
+
+
 What's New in Python 2.5.5c1?
 =============================
 
diff --git a/Modules/expat/xmlparse.c b/Modules/expat/xmlparse.c
index e04426d0cc..105958b649 100644
--- a/Modules/expat/xmlparse.c
+++ b/Modules/expat/xmlparse.c
@@ -3682,6 +3682,9 @@ doProlog(XML_Parser parser,
         return XML_ERROR_UNCLOSED_TOKEN;
       case XML_TOK_PARTIAL_CHAR:
         return XML_ERROR_PARTIAL_CHAR;
+      case -XML_TOK_PROLOG_S:
+        tok = -tok;
+        break;
       case XML_TOK_NONE:
 #ifdef XML_DTD
         /* for internal PE NOT referenced between declarations */
author	Matthias Klose <doko@ubuntu.com>	2010-01-21 17:41:47 +0000
committer	Matthias Klose <doko@ubuntu.com>	2010-01-21 17:41:47 +0000
commit	166f80860e09697d49969fe88bcf0b598eb98ef4 (patch)
tree	a1397b1d9750dd46a1d668daa047012061fa8daf
parent	8cd94b4306279959dc6deb73b7e27ab437c71b22 (diff)
download	cpython-git-166f80860e09697d49969fe88bcf0b598eb98ef4.tar.gz