summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorByron Jones <glob@mozilla.com>2015-04-13 08:16:13 +0200
committerByron Jones <glob@mozilla.com>2015-04-13 08:16:13 +0200
commit8342d0f7a04e0956218dbfa687a0f60f358f16da (patch)
tree9e608af81c4bcde29eb21c55115263accaf2edc9
parentcb8e12074cbf97d3df25fe490466bfbd84c65676 (diff)
downloadbugzilla-8342d0f7a04e0956218dbfa687a0f60f358f16da.tar.gz
bugzilla-8342d0f7a04e0956218dbfa687a0f60f358f16da.tar.xz
Bug 1031035: xmlrpc can be DoS'd with billion laughs attack
-rw-r--r--Bugzilla/WebService/Server/XMLRPC.pm8
-rwxr-xr-ximportxml.pl3
2 files changed, 11 insertions, 0 deletions
diff --git a/Bugzilla/WebService/Server/XMLRPC.pm b/Bugzilla/WebService/Server/XMLRPC.pm
index 69ba4c0d8..834ea60bf 100644
--- a/Bugzilla/WebService/Server/XMLRPC.pm
+++ b/Bugzilla/WebService/Server/XMLRPC.pm
@@ -140,6 +140,14 @@ use Bugzilla::WebService::Constants qw(XMLRPC_CONTENT_TYPE_WHITELIST);
use Bugzilla::WebService::Util qw(fix_credentials);
use Scalar::Util qw(tainted);
+sub new {
+ my $self = shift->SUPER::new(@_);
+ # Initialise XML::Parser to not expand references to entities, to prevent DoS
+ require XML::Parser;
+ $self->{_parser}->parser(parser => XML::Parser->new( NoExpand => 1, Handlers => { Default => sub {} } ));
+ return $self;
+}
+
sub deserialize {
my $self = shift;
diff --git a/importxml.pl b/importxml.pl
index 19be9a61a..63004af6f 100755
--- a/importxml.pl
+++ b/importxml.pl
@@ -1278,6 +1278,9 @@ my $twig = XML::Twig->new(
},
start_tag_handlers => { bugzilla => \&init }
);
+# Prevent DoS using the billion laughs attack.
+$twig->{NoExpand} = 1;
+
$twig->parse($xml);
my $root = $twig->root;
my $maintainer = $root->{'att'}->{'maintainer'};