From owner-svn-src-stable-other@FreeBSD.ORG  Mon Dec 14 01:06:55 2009
Return-Path: <owner-svn-src-stable-other@FreeBSD.ORG>
Delivered-To: svn-src-stable-other@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 6882C106566C;
	Mon, 14 Dec 2009 01:06:55 +0000 (UTC)
	(envelope-from delphij@FreeBSD.org)
Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:4f8:fff6::2c])
	by mx1.freebsd.org (Postfix) with ESMTP id 568838FC22;
	Mon, 14 Dec 2009 01:06:55 +0000 (UTC)
Received: from svn.freebsd.org (localhost [127.0.0.1])
	by svn.freebsd.org (8.14.3/8.14.3) with ESMTP id nBE16ttW003215;
	Mon, 14 Dec 2009 01:06:55 GMT (envelope-from delphij@svn.freebsd.org)
Received: (from delphij@localhost)
	by svn.freebsd.org (8.14.3/8.14.3/Submit) id nBE16tn5003212;
	Mon, 14 Dec 2009 01:06:55 GMT (envelope-from delphij@svn.freebsd.org)
Message-Id: <200912140106.nBE16tn5003212@svn.freebsd.org>
From: Xin LI <delphij@FreeBSD.org>
Date: Mon, 14 Dec 2009 01:06:55 +0000 (UTC)
To: src-committers@freebsd.org, svn-src-all@freebsd.org,
	svn-src-stable@freebsd.org, svn-src-stable-other@freebsd.org
X-SVN-Group: stable-other
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Cc: 
Subject: svn commit: r200496 - stable/5/contrib/expat/lib
X-BeenThere: svn-src-stable-other@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: SVN commit messages for the old stable src trees
	<svn-src-stable-other.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/svn-src-stable-other>,
	<mailto:svn-src-stable-other-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-stable-other>
List-Post: <mailto:svn-src-stable-other@freebsd.org>
List-Help: <mailto:svn-src-stable-other-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/svn-src-stable-other>,
	<mailto:svn-src-stable-other-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 14 Dec 2009 01:06:55 -0000

Author: delphij
Date: Mon Dec 14 01:06:55 2009
New Revision: 200496
URL: http://svn.freebsd.org/changeset/base/200496

Log:
  MFC r200392:
  
  Apply two vendor fixes for CVE-2009-3720.
  
  Security:	CVE-2009-3720

Modified:
  stable/5/contrib/expat/lib/xmlparse.c
  stable/5/contrib/expat/lib/xmltok_impl.c
Directory Properties:
  stable/5/contrib/expat/   (props changed)

Modified: stable/5/contrib/expat/lib/xmlparse.c
==============================================================================
--- stable/5/contrib/expat/lib/xmlparse.c	Mon Dec 14 01:06:21 2009	(r200495)
+++ stable/5/contrib/expat/lib/xmlparse.c	Mon Dec 14 01:06:55 2009	(r200496)
@@ -3168,7 +3168,6 @@ doProlog(XML_Parser parser,
         return XML_ERROR_NO_ELEMENTS;
       default:
         tok = -tok;
-        next = end;
         break;
       }
     }

Modified: stable/5/contrib/expat/lib/xmltok_impl.c
==============================================================================
--- stable/5/contrib/expat/lib/xmltok_impl.c	Mon Dec 14 01:06:21 2009	(r200495)
+++ stable/5/contrib/expat/lib/xmltok_impl.c	Mon Dec 14 01:06:55 2009	(r200496)
@@ -1741,7 +1741,7 @@ PREFIX(updatePosition)(const ENCODING *e
                        const char *end,
                        POSITION *pos)
 {
-  while (ptr != end) {
+  while (ptr < end) {
     switch (BYTE_TYPE(enc, ptr)) {
 #define LEAD_CASE(n) \
     case BT_LEAD ## n: \