Skip to content

bugzilla
bugzilla
Commit 8beabdc1 authored by Byron Jones's avatar Byron Jones Committed by Frédéric Buclin
Browse files
Options

Bug 1031035: xmlrpc can be DoS'd with billion laughs attack

r=LpSolit a=justdave
parent 79b334dc
Hide whitespace changes
Inline Side-by-side
Showing with 12 additions and 0 deletions
Bugzilla/WebService/Server/XMLRPC.pm
View file @ 8beabdc1
...@@ -96,6 +96,15 @@ use Bugzilla::WebService::Constants qw(XMLRPC_CONTENT_TYPE_WHITELIST); ...@@ -96,6 +96,15 @@ use Bugzilla::WebService::Constants qw(XMLRPC_CONTENT_TYPE_WHITELIST);
use Bugzilla::WebService::Util qw(fix_credentials); use Bugzilla::WebService::Util qw(fix_credentials);
use Scalar::Util qw(tainted); use Scalar::Util qw(tainted);
sub new {
my $self = shift->SUPER::new(@_);
# Initialise XML::Parser to not expand references to entities, to prevent DoS
require XML::Parser;
my $parser = XML::Parser->new( NoExpand => 1, Handlers => { Default => sub {} } );
$self->{_parser}->parser($parser, $parser);
return $self;
}
sub deserialize { sub deserialize {
my $self = shift; my $self = shift;
......
importxml.pl
View file @ 8beabdc1
...@@ -1264,6 +1264,9 @@ my $twig = XML::Twig->new( ...@@ -1264,6 +1264,9 @@ my $twig = XML::Twig->new(
}, },
start_tag_handlers => { bugzilla => \&init } start_tag_handlers => { bugzilla => \&init }
); );
# Prevent DoS using the billion laughs attack.
$twig->{NoExpand} = 1;
$twig->parse($xml); $twig->parse($xml);
my $root = $twig->root; my $root = $twig->root;
my $maintainer = $root->{'att'}->{'maintainer'}; my $maintainer = $root->{'att'}->{'maintainer'};
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment