- Expat: Fix DoS via XML document with malformed UTF-8 sequences

(CVE_2009_3560).
2010-01-22 00:39:04 +00:00 · 2010-01-22 00:39:04 +00:00 · 0d948ac90c
parent 3b0f9b01f6
commit 0d948ac90c
2 changed files with 9 additions and 0 deletions
--- a/Misc/NEWS
+++ b/Misc/NEWS
@ -66,6 +66,12 @@ Library
  Extension extra options may change the output without changing the .c
  file). Initial patch by Collin Winter.

+Extension Modules
+-----------------
+
+- Expat: Fix DoS via XML document with malformed UTF-8 sequences
+  (CVE_2009_3560).
+
 Build
 -----

--- a/Modules/expat/xmlparse.c
+++ b/Modules/expat/xmlparse.c
@ -3682,6 +3682,9 @@ doProlog(XML_Parser parser,
        return XML_ERROR_UNCLOSED_TOKEN;
      case XML_TOK_PARTIAL_CHAR:
        return XML_ERROR_PARTIAL_CHAR;
+      case -XML_TOK_PROLOG_S:
+        tok = -tok;
+        break;
      case XML_TOK_NONE:
 #ifdef XML_DTD
        /* for internal PE NOT referenced between declarations */