[Python-checkins] r77666 - in python/branches/release25-maint: Misc/NEWS Modules/expat/xmltok_impl.c
matthias.klose
python-checkins at python.org
Thu Jan 21 18:43:31 CET 2010
Author: matthias.klose
Date: Thu Jan 21 18:43:31 2010
New Revision: 77666
Log:
- expat: Fix DoS via malformed XML (CVE-2009-3720).
Modified:
python/branches/release25-maint/Misc/NEWS
python/branches/release25-maint/Modules/expat/xmltok_impl.c
Modified: python/branches/release25-maint/Misc/NEWS
==============================================================================
--- python/branches/release25-maint/Misc/NEWS (original)
+++ python/branches/release25-maint/Misc/NEWS Thu Jan 21 18:43:31 2010
@@ -12,7 +12,8 @@
Extension Modules
-----------------
-- Fix DoS via XML document with malformed UTF-8 sequences (CVE_2009_3560).
+- expat: Fix DoS via XML document with malformed UTF-8 sequences (CVE_2009_3560).
+- expat: Fix DoS via malformed XML (CVE-2009-3720).
What's New in Python 2.5.5c1?
Modified: python/branches/release25-maint/Modules/expat/xmltok_impl.c
==============================================================================
--- python/branches/release25-maint/Modules/expat/xmltok_impl.c (original)
+++ python/branches/release25-maint/Modules/expat/xmltok_impl.c Thu Jan 21 18:43:31 2010
@@ -1741,7 +1741,7 @@
const char *end,
POSITION *pos)
{
- while (ptr != end) {
+ while (ptr < end) {
switch (BYTE_TYPE(enc, ptr)) {
#define LEAD_CASE(n) \
case BT_LEAD ## n: \
More information about the Python-checkins
mailing list