From b8ec8a48ec519b12727cddcef196f45302886f10 Mon Sep 17 00:00:00 2001
From: Matthias Klose <doko@ubuntu.com>
Date: Thu, 21 Jan 2010 17:43:31 +0000
Subject: - expat: Fix DoS via malformed XML (CVE-2009-3720).

---
 Misc/NEWS                   | 3 ++-
 Modules/expat/xmltok_impl.c | 2 +-
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/Misc/NEWS b/Misc/NEWS
index 638d8e7..ce333a5 100644
--- a/Misc/NEWS
+++ b/Misc/NEWS
@@ -12,7 +12,8 @@ What's New in Python 2.5.5c2?
 Extension Modules
 -----------------
 
-- Fix DoS via XML document with malformed UTF-8 sequences (CVE_2009_3560).
+- expat: Fix DoS via XML document with malformed UTF-8 sequences (CVE_2009_3560).
+- expat: Fix DoS via malformed XML (CVE-2009-3720).
 
 
 What's New in Python 2.5.5c1?
diff --git a/Modules/expat/xmltok_impl.c b/Modules/expat/xmltok_impl.c
index 0ee57ab..f793a6b 100644
--- a/Modules/expat/xmltok_impl.c
+++ b/Modules/expat/xmltok_impl.c
@@ -1741,7 +1741,7 @@ PREFIX(updatePosition)(const ENCODING *enc,
                        const char *end,
                        POSITION *pos)
 {
-  while (ptr != end) {
+  while (ptr < end) {
     switch (BYTE_TYPE(enc, ptr)) {
 #define LEAD_CASE(n) \
     case BT_LEAD ## n: \
-- 
cgit v0.12