- expat: Fix DoS via malformed XML (CVE-2009-3720).

2010-01-21 17:43:31 +00:00 · 2010-01-21 17:43:31 +00:00 · b8ec8a48ec
parent 166f80860e
commit b8ec8a48ec
2 changed files with 3 additions and 2 deletions
--- a/Misc/NEWS
+++ b/Misc/NEWS
@ -12,7 +12,8 @@ What's New in Python 2.5.5c2?
 Extension Modules
 -----------------

- Fix DoS via XML document with malformed UTF-8 sequences (CVE_2009_3560).
+- expat: Fix DoS via XML document with malformed UTF-8 sequences (CVE_2009_3560).
+- expat: Fix DoS via malformed XML (CVE-2009-3720).


 What's New in Python 2.5.5c1?
--- a/Modules/expat/xmltok_impl.c
+++ b/Modules/expat/xmltok_impl.c
@ -1741,7 +1741,7 @@ PREFIX(updatePosition)(const ENCODING *enc,
                       const char *end,
                       POSITION *pos)
 {
-  while (ptr != end) {
+  while (ptr < end) {
    switch (BYTE_TYPE(enc, ptr)) {
 #define LEAD_CASE(n) \
    case BT_LEAD ## n: \