From 865e33bb3df3376577db51a8c9392a9d385924fd Mon Sep 17 00:00:00 2001
From: Matthias Klose <doko@ubuntu.com>
Date: Fri, 22 Jan 2010 01:13:15 +0000
Subject: [PATCH] Merged revisions 77682 via svnmerge from
 svn+ssh://pythondev@svn.python.org/python/branches/py3k

................
  r77682 | matthias.klose | 2010-01-22 02:10:19 +0100 (Fr, 22 Jan 2010) | 10 lines

  Merged revisions 77680 via svnmerge from
  svn+ssh://pythondev@svn.python.org/python/trunk

  ........
    r77680 | matthias.klose | 2010-01-22 01:39:04 +0100 (Fr, 22 Jan 2010) | 3 lines

    - Expat: Fix DoS via XML document with malformed UTF-8 sequences
      (CVE_2009_3560).
  ........
................
---
 Misc/NEWS                | 3 +++
 Modules/expat/xmlparse.c | 3 +++
 2 files changed, 6 insertions(+)

diff --git a/Misc/NEWS b/Misc/NEWS
index 2efa767fff4..74a64f0e1e0 100644
--- a/Misc/NEWS
+++ b/Misc/NEWS
@@ -272,6 +272,9 @@ Extension Modules
 
 - Issue #6848: Fix curses module build failure on OS X 10.6.
 
+- Expat: Fix DoS via XML document with malformed UTF-8 sequences
+  (CVE_2009_3560).
+
 Tests
 -----
 
diff --git a/Modules/expat/xmlparse.c b/Modules/expat/xmlparse.c
index e04426d0cc1..105958b6496 100644
--- a/Modules/expat/xmlparse.c
+++ b/Modules/expat/xmlparse.c
@@ -3682,6 +3682,9 @@ doProlog(XML_Parser parser,
         return XML_ERROR_UNCLOSED_TOKEN;
       case XML_TOK_PARTIAL_CHAR:
         return XML_ERROR_PARTIAL_CHAR;
+      case -XML_TOK_PROLOG_S:
+        tok = -tok;
+        break;
       case XML_TOK_NONE:
 #ifdef XML_DTD
         /* for internal PE NOT referenced between declarations */