diff options
| -rw-r--r-- | Misc/NEWS | 6 | ||||
| -rw-r--r-- | Modules/expat/xmlparse.c | 3 |
2 files changed, 9 insertions, 0 deletions
@@ -66,6 +66,12 @@ Library Extension extra options may change the output without changing the .c file). Initial patch by Collin Winter. +Extension Modules +----------------- + +- Expat: Fix DoS via XML document with malformed UTF-8 sequences + (CVE_2009_3560). + Build ----- diff --git a/Modules/expat/xmlparse.c b/Modules/expat/xmlparse.c index e04426d0cc..105958b649 100644 --- a/Modules/expat/xmlparse.c +++ b/Modules/expat/xmlparse.c @@ -3682,6 +3682,9 @@ doProlog(XML_Parser parser, return XML_ERROR_UNCLOSED_TOKEN; case XML_TOK_PARTIAL_CHAR: return XML_ERROR_PARTIAL_CHAR; + case -XML_TOK_PROLOG_S: + tok = -tok; + break; case XML_TOK_NONE: #ifdef XML_DTD /* for internal PE NOT referenced between declarations */ |