## 560901_CVE_2009_3560.dpatch by Daniel Leidert (dale) <daniel.leidert@wgdd.de>
##
## All lines beginning with `## DP:' are a description of the patch.
## DP: The big2_toUtf8 function in lib/xmltok.c in libexpat in Expat 2.0.1, as
## DP: used in the XML-Twig module for Perl, allows context-dependent attackers
## DP: to cause a denial of service (application crash) via an XML document
## DP: with malformed UTF-8 sequences that trigger a buffer over-read, related
## DP: to the doProlog function in lib/xmlparse.c, a different vulnerability
## DP: than CVE-2009-2625 and CVE-2009-3720. 
## DP:
## DP: This is the revised patch.
## DP:
## DP: <URL:http://bugs.debian.org/560901>
## DP: <URL:http://bugs.debian.org/561658>
## DP: <URL:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3560>
## DP: <URL:http://expat.cvs.sourceforge.net/viewvc/expat/expat/lib/xmlparse.c?r1=1.164&r2=1.166>
## DP: <URL:http://expat.cvs.sourceforge.net/viewvc/expat/expat/lib/xmlparse.c?view=log#rev1.166>
## DP: <URL:http://expat.cvs.sourceforge.net/viewvc/expat/expat/lib/xmlparse.c?view=log#rev1.165>

diff -urNad lib/xmlparse.c lib/xmlparse.c
--- lib/xmlparse.c
+++ lib/xmlparse.c
@@ -3703,6 +3703,9 @@
         return XML_ERROR_UNCLOSED_TOKEN;
       case XML_TOK_PARTIAL_CHAR:
         return XML_ERROR_PARTIAL_CHAR;
+      case -XML_TOK_PROLOG_S:
+        tok = -tok;
+        break;
       case XML_TOK_NONE:
 #ifdef XML_DTD
         /* for internal PE NOT referenced between declarations */