diff options
author | Byron Jones <glob@mozilla.com> | 2015-04-15 00:37:05 +0800 |
---|---|---|
committer | Byron Jones <glob@mozilla.com> | 2015-04-15 00:37:05 +0800 |
commit | d5c47c9aa3325444aeab5d5691b2c911d11c4f94 (patch) | |
tree | c17e6f7dcf350b0825305c11a6acdbb5f3f52a79 /Bugzilla/WebService | |
parent | b09ffb65cb44d366b9cef0ede9d705ba28b9d261 (diff) | |
download | bugs-d5c47c9aa3325444aeab5d5691b2c911d11c4f94.tar bugs-d5c47c9aa3325444aeab5d5691b2c911d11c4f94.tar.gz bugs-d5c47c9aa3325444aeab5d5691b2c911d11c4f94.tar.bz2 bugs-d5c47c9aa3325444aeab5d5691b2c911d11c4f94.tar.xz bugs-d5c47c9aa3325444aeab5d5691b2c911d11c4f94.zip |
Bug 1031035: xmlrpc can be DoS'd with billion laughs attack
r=LpSolit,a=glob
Diffstat (limited to 'Bugzilla/WebService')
-rw-r--r-- | Bugzilla/WebService/Server/XMLRPC.pm | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/Bugzilla/WebService/Server/XMLRPC.pm b/Bugzilla/WebService/Server/XMLRPC.pm index 56e4dbe58..98a0ee405 100644 --- a/Bugzilla/WebService/Server/XMLRPC.pm +++ b/Bugzilla/WebService/Server/XMLRPC.pm @@ -135,7 +135,8 @@ sub new { my $self = shift->SUPER::new(@_); # Initialise XML::Parser to not expand references to entities, to prevent DoS require XML::Parser; - $self->{_parser}->parser(parser => XML::Parser->new( NoExpand => 1, Handlers => { Default => sub {} } )); + my $parser = XML::Parser->new( NoExpand => 1, Handlers => { Default => sub {} } ); + $self->{_parser}->parser($parser, $parser); return $self; } |