From 7380ea9ae11764633a4b6e64850da2d84b2aaeb2 Mon Sep 17 00:00:00 2001 From: "mkanat%bugzilla.org" <> Date: Fri, 11 Sep 2009 16:10:13 +0000 Subject: Bug 515191: [SECURITY] SQL Injection via Bug.search (CVE-2009-3125) and Bug.create (CVE-2009-3165) Patch by Max Kanat-Alexander r=LpSolit, a=mkanat --- Bugzilla/WebService/Bug.pm | 1 + Bugzilla/WebService/Constants.pm | 2 ++ 2 files changed, 3 insertions(+) (limited to 'Bugzilla/WebService') diff --git a/Bugzilla/WebService/Bug.pm b/Bugzilla/WebService/Bug.pm index c6d620976..44382e79f 100644 --- a/Bugzilla/WebService/Bug.pm +++ b/Bugzilla/WebService/Bug.pm @@ -258,6 +258,7 @@ sub search { } $params = _map_fields($params); + delete $params->{WHERE}; # Do special search types for certain fields. if ( my $bug_when = delete $params->{delta_ts} ) { diff --git a/Bugzilla/WebService/Constants.pm b/Bugzilla/WebService/Constants.pm index bdfe24f0a..7fd7e2ae8 100644 --- a/Bugzilla/WebService/Constants.pm +++ b/Bugzilla/WebService/Constants.pm @@ -53,7 +53,9 @@ use constant WS_ERROR_CODE => { param_required => 50, params_required => 50, object_does_not_exist => 51, + param_must_be_numeric => 52, xmlrpc_invalid_value => 52, + param_invalid => 53, # Bug errors usually occupy the 100-200 range. improper_bug_id_field_value => 100, bug_id_does_not_exist => 101, -- cgit v1.2.3-24-g4f1b