diff options
| author | Byron Jones <glob@mozilla.com> | 2015-04-14 18:36:17 +0200 |
|---|---|---|
| committer | Byron Jones <glob@mozilla.com> | 2015-04-14 18:36:17 +0200 |
| commit | bdd9c47cc031109dc606e99fc3bc424f0f6521a3 (patch) | |
| tree | e35863ee90c106da42c7c75c06f4398377237041 /Bugzilla/WebService | |
| parent | 802a5cccd273b9c9bc25d3251452147cb84f5571 (diff) | |
| download | bugzilla-bdd9c47cc031109dc606e99fc3bc424f0f6521a3.tar.gz bugzilla-bdd9c47cc031109dc606e99fc3bc424f0f6521a3.tar.xz | |
Bug 1031035: xmlrpc can be DoS'd with billion laughs attack
r=LpSolit,a=glob
Diffstat (limited to 'Bugzilla/WebService')
| -rw-r--r-- | Bugzilla/WebService/Server/XMLRPC.pm | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/Bugzilla/WebService/Server/XMLRPC.pm b/Bugzilla/WebService/Server/XMLRPC.pm index 03d93b597..c28c3e10c 100644 --- a/Bugzilla/WebService/Server/XMLRPC.pm +++ b/Bugzilla/WebService/Server/XMLRPC.pm @@ -138,7 +138,8 @@ sub new { my $self = shift->SUPER::new(@_); # Initialise XML::Parser to not expand references to entities, to prevent DoS require XML::Parser; - $self->{_parser}->parser(parser => XML::Parser->new( NoExpand => 1, Handlers => { Default => sub {} } )); + my $parser = XML::Parser->new( NoExpand => 1, Handlers => { Default => sub {} } ); + $self->{_parser}->parser($parser, $parser); return $self; } |