diff options
| author | Byron Jones <glob@mozilla.com> | 2015-04-13 08:16:13 +0200 |
|---|---|---|
| committer | Byron Jones <glob@mozilla.com> | 2015-04-13 08:16:13 +0200 |
| commit | 8342d0f7a04e0956218dbfa687a0f60f358f16da (patch) | |
| tree | 9e608af81c4bcde29eb21c55115263accaf2edc9 /importxml.pl | |
| parent | cb8e12074cbf97d3df25fe490466bfbd84c65676 (diff) | |
| download | bugzilla-8342d0f7a04e0956218dbfa687a0f60f358f16da.tar.gz bugzilla-8342d0f7a04e0956218dbfa687a0f60f358f16da.tar.xz | |
Bug 1031035: xmlrpc can be DoS'd with billion laughs attack
Diffstat (limited to 'importxml.pl')
| -rwxr-xr-x | importxml.pl | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/importxml.pl b/importxml.pl index 19be9a61a..63004af6f 100755 --- a/importxml.pl +++ b/importxml.pl @@ -1278,6 +1278,9 @@ my $twig = XML::Twig->new( }, start_tag_handlers => { bugzilla => \&init } ); +# Prevent DoS using the billion laughs attack. +$twig->{NoExpand} = 1; + $twig->parse($xml); my $root = $twig->root; my $maintainer = $root->{'att'}->{'maintainer'}; |