From 0d948ac90cc92aa7724a20b47226bf2e512e30ab Mon Sep 17 00:00:00 2001
From: Matthias Klose <doko@ubuntu.com>
Date: Fri, 22 Jan 2010 00:39:04 +0000
Subject: [PATCH] - Expat: Fix DoS via XML document with malformed UTF-8
 sequences   (CVE_2009_3560).

---
 Misc/NEWS                | 6 ++++++
 Modules/expat/xmlparse.c | 3 +++
 2 files changed, 9 insertions(+)

diff --git a/Misc/NEWS b/Misc/NEWS
index 7501e874aec..fa5df7dcfbb 100644
--- a/Misc/NEWS
+++ b/Misc/NEWS
@@ -66,6 +66,12 @@ Library
   Extension extra options may change the output without changing the .c
   file). Initial patch by Collin Winter.
 
+Extension Modules
+-----------------
+
+- Expat: Fix DoS via XML document with malformed UTF-8 sequences
+  (CVE_2009_3560).
+
 Build
 -----
 
diff --git a/Modules/expat/xmlparse.c b/Modules/expat/xmlparse.c
index e04426d0cc1..105958b6496 100644
--- a/Modules/expat/xmlparse.c
+++ b/Modules/expat/xmlparse.c
@@ -3682,6 +3682,9 @@ doProlog(XML_Parser parser,
         return XML_ERROR_UNCLOSED_TOKEN;
       case XML_TOK_PARTIAL_CHAR:
         return XML_ERROR_PARTIAL_CHAR;
+      case -XML_TOK_PROLOG_S:
+        tok = -tok;
+        break;
       case XML_TOK_NONE:
 #ifdef XML_DTD
         /* for internal PE NOT referenced between declarations */