- Expat: Fix DoS via XML document with malformed UTF-8 sequences

(CVE_2009_3560).

- Expat: Fix DoS via XML document with malformed UTF-8 sequences
(CVE_2009_3560).
0d948ac9 · Matthias Klose · 3b0f9b01 · 0d948ac9 · 0d948ac9
Kaydet (Commit) 0d948ac9 authored Ock 22, 2010 tarafından Matthias Klose
Hide whitespace changes
Inline Side-by-side

Showing with 9 additions and 0 deletions

NEWS Misc/NEWS +6 -0

xmlparse.c Modules/expat/xmlparse.c +3 -0

No files found.
--- a/Misc/NEWS
+++ b/Misc/NEWS
@@ -66,6 +66,12 @@ Library
  Extension extra options may change the output without changing the .c
  file). Initial patch by Collin Winter.
+Extension Modules
+-----------------
+- Expat: Fix DoS via XML document with malformed UTF-8 sequences
+  (CVE_2009_3560).
 Build
 -----

--- a/Modules/expat/xmlparse.c
+++ b/Modules/expat/xmlparse.c
@@ -3682,6 +3682,9 @@ doProlog(XML_Parser parser,
        return XML_ERROR_UNCLOSED_TOKEN;
      case XML_TOK_PARTIAL_CHAR:
        return XML_ERROR_PARTIAL_CHAR;
+      case -XML_TOK_PROLOG_S:
+        tok = -tok;
+        break;
      case XML_TOK_NONE:
 #ifdef XML_DTD
        /* for internal PE NOT referenced between declarations */