diff options
| author | Matthias Klose <doko@ubuntu.com> | 2010-01-22 01:10:19 (GMT) |
|---|---|---|
| committer | Matthias Klose <doko@ubuntu.com> | 2010-01-22 01:10:19 (GMT) |
| commit | a50ffe5389d5a0f98a35dec1ce1a35b616706199 (patch) | |
| tree | 6c6a7501d5472d0f8f707171070b362d21a497cf | |
| parent | b660599fda5e848c2da5265f6f47177659c0da26 (diff) | |
| download | cpython-a50ffe5389d5a0f98a35dec1ce1a35b616706199.zip cpython-a50ffe5389d5a0f98a35dec1ce1a35b616706199.tar.gz cpython-a50ffe5389d5a0f98a35dec1ce1a35b616706199.tar.bz2 | |
Merged revisions 77680 via svnmerge from
svn+ssh://pythondev@svn.python.org/python/trunk
........
r77680 | matthias.klose | 2010-01-22 01:39:04 +0100 (Fr, 22 Jan 2010) | 3 lines
- Expat: Fix DoS via XML document with malformed UTF-8 sequences
(CVE_2009_3560).
........
| -rw-r--r-- | Misc/NEWS | 3 | ||||
| -rw-r--r-- | Modules/expat/xmlparse.c | 3 |
2 files changed, 6 insertions, 0 deletions
@@ -610,6 +610,9 @@ Extension Modules - Issue #2389: Array objects are now pickled in a portable manner. +- Expat: Fix DoS via XML document with malformed UTF-8 sequences + (CVE_2009_3560). + Build ----- diff --git a/Modules/expat/xmlparse.c b/Modules/expat/xmlparse.c index e04426d..105958b 100644 --- a/Modules/expat/xmlparse.c +++ b/Modules/expat/xmlparse.c @@ -3682,6 +3682,9 @@ doProlog(XML_Parser parser, return XML_ERROR_UNCLOSED_TOKEN; case XML_TOK_PARTIAL_CHAR: return XML_ERROR_PARTIAL_CHAR; + case -XML_TOK_PROLOG_S: + tok = -tok; + break; case XML_TOK_NONE: #ifdef XML_DTD /* for internal PE NOT referenced between declarations */ |