- expat: Fix DoS via malformed XML (CVE-2009-3720).

doko42 · doko42 · commit b8ec8a48ec51 · 2010-01-21T17:43:31.000Z
diff --git a/Misc/NEWS b/Misc/NEWS
@@ -12,7 +12,8 @@ What's New in Python 2.5.5c2?
 Extension Modules
 -----------------
 
-- Fix DoS via XML document with malformed UTF-8 sequences (CVE_2009_3560).
+- expat: Fix DoS via XML document with malformed UTF-8 sequences (CVE_2009_3560).
+- expat: Fix DoS via malformed XML (CVE-2009-3720).
 
 
 What's New in Python 2.5.5c1?
diff --git a/Modules/expat/xmltok_impl.c b/Modules/expat/xmltok_impl.c
@@ -1741,7 +1741,7 @@ PREFIX(updatePosition)(const ENCODING *enc,
                        const char *end,
                        POSITION *pos)
 {
-  while (ptr != end) {
+  while (ptr < end) {
     switch (BYTE_TYPE(enc, ptr)) {
 #define LEAD_CASE(n) \
     case BT_LEAD ## n: \

Original file line number	Diff line number	Diff line change
`@@ -1741,7 +1741,7 @@ PREFIX(updatePosition)(const ENCODING *enc,`
`1741`	`1741`	`const char *end,`
`1742`	`1742`	`POSITION *pos)`
`1743`	`1743`	`{`
`1744`		`- while (ptr != end) {`
	`1744`	`+ while (ptr < end) {`
`1745`	`1745`	`switch (BYTE_TYPE(enc, ptr)) {`
`1746`	`1746`	`#define LEAD_CASE(n) \`
`1747`	`1747`	`case BT_LEAD ## n: \`