diff options
| author | Byron Jones <glob@mozilla.com> | 2015-04-13 14:16:10 +0800 |
|---|---|---|
| committer | Byron Jones <glob@mozilla.com> | 2015-04-13 14:16:10 +0800 |
| commit | 2ca129b9c3ddab54df2e3c1f268b424028e20261 (patch) | |
| tree | 8737d54dbf6081a29c896ec77c12c1de959b6d58 /importxml.pl | |
| parent | 05c0a40a304e28aad4c379b02f94a147182f44d1 (diff) | |
| download | bugs-2ca129b9c3ddab54df2e3c1f268b424028e20261.tar bugs-2ca129b9c3ddab54df2e3c1f268b424028e20261.tar.gz bugs-2ca129b9c3ddab54df2e3c1f268b424028e20261.tar.bz2 bugs-2ca129b9c3ddab54df2e3c1f268b424028e20261.tar.xz bugs-2ca129b9c3ddab54df2e3c1f268b424028e20261.zip | |
Bug 1031035: xmlrpc can be DoS'd with billion laughs attack
r=LpSolit,a=glob
Diffstat (limited to 'importxml.pl')
| -rwxr-xr-x | importxml.pl | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/importxml.pl b/importxml.pl index 8750c63a1..12831e0b9 100755 --- a/importxml.pl +++ b/importxml.pl @@ -1275,6 +1275,9 @@ my $twig = XML::Twig->new( }, start_tag_handlers => { bugzilla => \&init } ); +# Prevent DoS using the billion laughs attack. +$twig->{NoExpand} = 1; + $twig->parse($xml); my $root = $twig->root; my $maintainer = $root->{'att'}->{'maintainer'}; |