Commit 2ca129b9 authored by Byron Jones's avatar Byron Jones

Bug 1031035: xmlrpc can be DoS'd with billion laughs attack

r=LpSolit,a=glob
parent 05c0a40a
......@@ -131,6 +131,14 @@ use Bugzilla::WebService::Constants qw(XMLRPC_CONTENT_TYPE_WHITELIST);
use Bugzilla::WebService::Util qw(fix_credentials);
use Scalar::Util qw(tainted);
sub new {
my $self = shift->SUPER::new(@_);
# Initialise XML::Parser to not expand references to entities, to prevent DoS
require XML::Parser;
$self->{_parser}->parser(parser => XML::Parser->new( NoExpand => 1, Handlers => { Default => sub {} } ));
return $self;
}
sub deserialize {
my $self = shift;
......
......@@ -1275,6 +1275,9 @@ my $twig = XML::Twig->new(
},
start_tag_handlers => { bugzilla => \&init }
);
# Prevent DoS using the billion laughs attack.
$twig->{NoExpand} = 1;
$twig->parse($xml);
my $root = $twig->root;
my $maintainer = $root->{'att'}->{'maintainer'};
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment