From c3252406b334f83d0f2c03c58cee8a8697fc5c16 Mon Sep 17 00:00:00 2001
From: Byron Jones <glob@mozilla.com>
Date: Mon, 13 Apr 2015 14:16:06 +0800
Subject: Bug 1031035: xmlrpc can be DoS'd with billion laughs attack
 r=LpSolit,a=glob

---
 importxml.pl | 3 +++
 1 file changed, 3 insertions(+)

(limited to 'importxml.pl')

diff --git a/importxml.pl b/importxml.pl
index 8750c63a1..12831e0b9 100755
--- a/importxml.pl
+++ b/importxml.pl
@@ -1275,6 +1275,9 @@ my $twig = XML::Twig->new(
     },
     start_tag_handlers => { bugzilla => \&init }
 );
+# Prevent DoS using the billion laughs attack.
+$twig->{NoExpand} = 1;
+
 $twig->parse($xml);
 my $root       = $twig->root;
 my $maintainer = $root->{'att'}->{'maintainer'};
-- 
cgit v1.2.3-24-g4f1b