Bug 725663 - (CVE-2012-0453) [SECURITY] CSRF vulnerability in the XML-RPC API when using mod_perl

r/a=LpSolit
author: Dave Lawrence <dlawrence@mozilla.com> 2012-02-22 16:48:50 +0100
committer: Dave Lawrence <dlawrence@mozilla.com> 2012-02-22 16:48:50 +0100
commit: 0af9c776bc5223556c9140378a7a1ab76d94a7c0 (patch)
tree: d3c98ddad84d0016185362998f7ea6d7bd6141d7 /Bugzilla/WebService/Server/XMLRPC.pm
parent: a50a0814289d7a27acfb6e7ae6308bea5faa072e (diff)
download: bugzilla-0af9c776bc5223556c9140378a7a1ab76d94a7c0.tar.gz
bugzilla-0af9c776bc5223556c9140378a7a1ab76d94a7c0.tar.xz
1 files changed, 8 insertions, 0 deletions
diff --git a/Bugzilla/WebService/Server/XMLRPC.pm b/Bugzilla/WebService/Server/XMLRPC.pm
index 67e7b7555..33a1e92d3 100644
--- a/Bugzilla/WebService/Server/XMLRPC.pm
+++ b/Bugzilla/WebService/Server/XMLRPC.pm
@@ -73,10 +73,18 @@ use XMLRPC::Lite;
 our @ISA = qw(XMLRPC::Deserializer);
 
 use Bugzilla::Error;
+use Bugzilla::WebService::Constants qw(XMLRPC_CONTENT_TYPE_WHITELIST);
 use Scalar::Util qw(tainted);
 
 sub deserialize {
     my $self = shift;
+
+    # Only allow certain content types to protect against CSRF attacks
+    if (!grep($_ eq $ENV{'CONTENT_TYPE'}, XMLRPC_CONTENT_TYPE_WHITELIST)) {
+        ThrowUserError('xmlrpc_illegal_content_type',
+                       { content_type => $ENV{'CONTENT_TYPE'} });
+    }
+
     my ($xml) = @_;
     my $som = $self->SUPER::deserialize(@_);
     if (tainted($xml)) {
author	Dave Lawrence <dlawrence@mozilla.com>	2012-02-22 16:48:50 +0100
committer	Dave Lawrence <dlawrence@mozilla.com>	2012-02-22 16:48:50 +0100
commit	0af9c776bc5223556c9140378a7a1ab76d94a7c0 (patch)
tree	d3c98ddad84d0016185362998f7ea6d7bd6141d7 /Bugzilla/WebService/Server/XMLRPC.pm
parent	a50a0814289d7a27acfb6e7ae6308bea5faa072e (diff)
download	bugzilla-0af9c776bc5223556c9140378a7a1ab76d94a7c0.tar.gz bugzilla-0af9c776bc5223556c9140378a7a1ab76d94a7c0.tar.xz