Merged revisions 77680 via svnmerge from

svn+ssh://pythondev@svn.python.org/python/trunk ........ r77680 | matthias.klose | 2010-01-22 01:39:04 +0100 (Fr, 22 Jan 2010) | 3 lines - Expat: Fix DoS via XML document with malformed UTF-8 sequences (CVE_2009_3560). ........
author: Matthias Klose <doko@ubuntu.com> 2010-01-22 01:05:13 +0000
committer: Matthias Klose <doko@ubuntu.com> 2010-01-22 01:05:13 +0000
commit: 690d13ab553f4921d44e419ccf939cccc939690a (patch)
tree: f46cf72fb802e0efa3a5969f1c8fdc69012581e9
parent: b5ff9faceca8568d3bf53d617902d56e849c4155 (diff)
download: cpython-git-690d13ab553f4921d44e419ccf939cccc939690a.tar.gz
2 files changed, 12 insertions, 0 deletions
diff --git a/Misc/NEWS b/Misc/NEWS
index 9d4387447f..2275be26cf 100644
--- a/Misc/NEWS
+++ b/Misc/NEWS
@@ -169,6 +169,15 @@ Library
 - Issue #5037: Proxy the __unicode__ special method to __unicode__ instead of
   __str__.
 
+Extension Modules
+-----------------
+
+- Expat: Fix DoS via XML document with malformed UTF-8 sequences
+  (CVE_2009_3560).
+
+Build
+-----
+>>>>>>> .merge-right.r77680
 Build
 -----
 
diff --git a/Modules/expat/xmlparse.c b/Modules/expat/xmlparse.c
index e04426d0cc..105958b649 100644
--- a/Modules/expat/xmlparse.c
+++ b/Modules/expat/xmlparse.c
@@ -3682,6 +3682,9 @@ doProlog(XML_Parser parser,
         return XML_ERROR_UNCLOSED_TOKEN;
       case XML_TOK_PARTIAL_CHAR:
         return XML_ERROR_PARTIAL_CHAR;
+      case -XML_TOK_PROLOG_S:
+        tok = -tok;
+        break;
       case XML_TOK_NONE:
 #ifdef XML_DTD
         /* for internal PE NOT referenced between declarations */
author	Matthias Klose <doko@ubuntu.com>	2010-01-22 01:05:13 +0000
committer	Matthias Klose <doko@ubuntu.com>	2010-01-22 01:05:13 +0000
commit	690d13ab553f4921d44e419ccf939cccc939690a (patch)
tree	f46cf72fb802e0efa3a5969f1c8fdc69012581e9
parent	b5ff9faceca8568d3bf53d617902d56e849c4155 (diff)
download	cpython-git-690d13ab553f4921d44e419ccf939cccc939690a.tar.gz