- expat: Fix DoS via malformed XML (CVE-2009-3720).

b8ec8a48 · Matthias Klose · 166f8086 · b8ec8a48 · b8ec8a48
Commit b8ec8a48 authored Jan 21, 2010 by Matthias Klose
Hide whitespace changes
Inline Side-by-side

Showing with 3 additions and 2 deletions

Misc/NEWS Misc/NEWS +2 -1

Modules/expat/xmltok_impl.c Modules/expat/xmltok_impl.c +1 -1

No files found.
--- a/Misc/NEWS
+++ b/Misc/NEWS
@@ -12,7 +12,8 @@ What's New in Python 2.5.5c2?
 Extension Modules
 -----------------

- Fix DoS via XML document with malformed UTF-8 sequences (CVE_2009_3560).
+- expat: Fix DoS via XML document with malformed UTF-8 sequences (CVE_2009_3560).
+- expat: Fix DoS via malformed XML (CVE-2009-3720).


 What's New in Python 2.5.5c1?

--- a/Modules/expat/xmltok_impl.c
+++ b/Modules/expat/xmltok_impl.c
@@ -1741,7 +1741,7 @@ PREFIX(updatePosition)(const ENCODING *enc,
                       const char *end,
                       POSITION *pos)
 {
-  while (ptr != end) {
+  while (ptr < end) {
    switch (BYTE_TYPE(enc, ptr)) {
 #define LEAD_CASE(n) \
    case BT_LEAD ## n: \