- Fix DoS via XML document with malformed UTF-8 sequences (CVE_2009_3560).

166f8086 · Matthias Klose · 8cd94b43 · 166f8086 · 166f8086
Kaydet (Commit) 166f8086 authored Ock 21, 2010 tarafından Matthias Klose
Hide whitespace changes
Inline Side-by-side

Showing with 14 additions and 0 deletions

NEWS Misc/NEWS +11 -0

xmlparse.c Modules/expat/xmlparse.c +3 -0

No files found.
--- a/Misc/NEWS
+++ b/Misc/NEWS
@@ -4,6 +4,17 @@ Python News

 (editors: check NEWS.help for information about editing NEWS using ReST.)

+What's New in Python 2.5.5c2?
+=============================
+
+*Release date: xx-xxx-2010*
+
+Extension Modules
+-----------------
+
+- Fix DoS via XML document with malformed UTF-8 sequences (CVE_2009_3560).
+
+
 What's New in Python 2.5.5c1?
 =============================


--- a/Modules/expat/xmlparse.c
+++ b/Modules/expat/xmlparse.c
@@ -3682,6 +3682,9 @@ doProlog(XML_Parser parser,
        return XML_ERROR_UNCLOSED_TOKEN;
      case XML_TOK_PARTIAL_CHAR:
        return XML_ERROR_PARTIAL_CHAR;
+      case -XML_TOK_PROLOG_S:
+        tok = -tok;
+        break;
      case XML_TOK_NONE:
 #ifdef XML_DTD
        /* for internal PE NOT referenced between declarations */