[Python-checkins] r77683 - in python/branches/release31-maint: Misc/NEWS Modules/expat/xmlparse.c

matthias.klose python-checkins at python.org
Fri Jan 22 02:13:15 CET 2010


Author: matthias.klose
Date: Fri Jan 22 02:13:15 2010
New Revision: 77683

Log:
Merged revisions 77682 via svnmerge from 
svn+ssh://pythondev@svn.python.org/python/branches/py3k

................
  r77682 | matthias.klose | 2010-01-22 02:10:19 +0100 (Fr, 22 Jan 2010) | 10 lines
  
  Merged revisions 77680 via svnmerge from 
  svn+ssh://pythondev@svn.python.org/python/trunk
  
  ........
    r77680 | matthias.klose | 2010-01-22 01:39:04 +0100 (Fr, 22 Jan 2010) | 3 lines
    
    - Expat: Fix DoS via XML document with malformed UTF-8 sequences 
      (CVE_2009_3560).
  ........
................


Modified:
   python/branches/release31-maint/   (props changed)
   python/branches/release31-maint/Misc/NEWS
   python/branches/release31-maint/Modules/expat/xmlparse.c

Modified: python/branches/release31-maint/Misc/NEWS
==============================================================================
--- python/branches/release31-maint/Misc/NEWS	(original)
+++ python/branches/release31-maint/Misc/NEWS	Fri Jan 22 02:13:15 2010
@@ -272,6 +272,9 @@
 
 - Issue #6848: Fix curses module build failure on OS X 10.6.
 
+- Expat: Fix DoS via XML document with malformed UTF-8 sequences
+  (CVE_2009_3560).
+
 Tests
 -----
 

Modified: python/branches/release31-maint/Modules/expat/xmlparse.c
==============================================================================
--- python/branches/release31-maint/Modules/expat/xmlparse.c	(original)
+++ python/branches/release31-maint/Modules/expat/xmlparse.c	Fri Jan 22 02:13:15 2010
@@ -3682,6 +3682,9 @@
         return XML_ERROR_UNCLOSED_TOKEN;
       case XML_TOK_PARTIAL_CHAR:
         return XML_ERROR_PARTIAL_CHAR;
+      case -XML_TOK_PROLOG_S:
+        tok = -tok;
+        break;
       case XML_TOK_NONE:
 #ifdef XML_DTD
         /* for internal PE NOT referenced between declarations */


More information about the Python-checkins mailing list