Merged revisions 77682 via svnmerge from

doko42 · doko42 · commit 865e33bb3df3 · 2010-01-22T01:13:15.000Z
svn+ssh://pythondev@svn.python.org/python/branches/py3k

................
  r77682 | matthias.klose | 2010-01-22 02:10:19 +0100 (Fr, 22 Jan 2010) | 10 lines

  Merged revisions 77680 via svnmerge from
  svn+ssh://pythondev@svn.python.org/python/trunk

  ........
    r77680 | matthias.klose | 2010-01-22 01:39:04 +0100 (Fr, 22 Jan 2010) | 3 lines

    - Expat: Fix DoS via XML document with malformed UTF-8 sequences
      (CVE_2009_3560).
  ........
................
diff --git a/Misc/NEWS b/Misc/NEWS
@@ -272,6 +272,9 @@ Extension Modules
 
 - Issue #6848: Fix curses module build failure on OS X 10.6.
 
+- Expat: Fix DoS via XML document with malformed UTF-8 sequences
+  (CVE_2009_3560).
+
 Tests
 -----
 
diff --git a/Modules/expat/xmlparse.c b/Modules/expat/xmlparse.c
@@ -3682,6 +3682,9 @@ doProlog(XML_Parser parser,
         return XML_ERROR_UNCLOSED_TOKEN;
       case XML_TOK_PARTIAL_CHAR:
         return XML_ERROR_PARTIAL_CHAR;
+      case -XML_TOK_PROLOG_S:
+        tok = -tok;
+        break;
       case XML_TOK_NONE:
 #ifdef XML_DTD
         /* for internal PE NOT referenced between declarations */
