summaryrefslogtreecommitdiffstats
path: root/Bugzilla
diff options
context:
space:
mode:
authorByron Jones <glob@mozilla.com>2015-04-14 18:36:17 +0200
committerByron Jones <glob@mozilla.com>2015-04-14 18:36:17 +0200
commitbdd9c47cc031109dc606e99fc3bc424f0f6521a3 (patch)
treee35863ee90c106da42c7c75c06f4398377237041 /Bugzilla
parent802a5cccd273b9c9bc25d3251452147cb84f5571 (diff)
downloadbugzilla-bdd9c47cc031109dc606e99fc3bc424f0f6521a3.tar.gz
bugzilla-bdd9c47cc031109dc606e99fc3bc424f0f6521a3.tar.xz
Bug 1031035: xmlrpc can be DoS'd with billion laughs attack
r=LpSolit,a=glob
Diffstat (limited to 'Bugzilla')
-rw-r--r--Bugzilla/WebService/Server/XMLRPC.pm3
1 files changed, 2 insertions, 1 deletions
diff --git a/Bugzilla/WebService/Server/XMLRPC.pm b/Bugzilla/WebService/Server/XMLRPC.pm
index 03d93b597..c28c3e10c 100644
--- a/Bugzilla/WebService/Server/XMLRPC.pm
+++ b/Bugzilla/WebService/Server/XMLRPC.pm
@@ -138,7 +138,8 @@ sub new {
my $self = shift->SUPER::new(@_);
# Initialise XML::Parser to not expand references to entities, to prevent DoS
require XML::Parser;
- $self->{_parser}->parser(parser => XML::Parser->new( NoExpand => 1, Handlers => { Default => sub {} } ));
+ my $parser = XML::Parser->new( NoExpand => 1, Handlers => { Default => sub {} } );
+ $self->{_parser}->parser($parser, $parser);
return $self;
}