From 8327b6b7bccfb0ca2869fa8dcac4fb3d4c590fea Mon Sep 17 00:00:00 2001
From: "bzrmirror%bugzilla.org"
 <bzrmirror%bugzilla.org@18797224-902f-48f8-a5cc-f745e15eee43>
Date: Mon, 13 Apr 2015 06:30:54 +0000
Subject: [PATCH] Bug 1031035: xmlrpc can be DoS'd with billion laughs attack
 r=LpSolit,a=glob

git-svn-id: svn://10.0.0.236/trunk@265924 18797224-902f-48f8-a5cc-f745e15eee43
---
 mozilla/webtools/bugzilla/.bzrrev                         | 2 +-
 mozilla/webtools/bugzilla/.gitrev                         | 2 +-
 .../bugzilla/Bugzilla/WebService/Server/XMLRPC.pm         | 8 ++++++++
 mozilla/webtools/bugzilla/importxml.pl                    | 3 +++
 4 files changed, 13 insertions(+), 2 deletions(-)

diff --git a/mozilla/webtools/bugzilla/.bzrrev b/mozilla/webtools/bugzilla/.bzrrev
index d2cd4eb8148..4bd71c2b1e3 100644
--- a/mozilla/webtools/bugzilla/.bzrrev
+++ b/mozilla/webtools/bugzilla/.bzrrev
@@ -1 +1 @@
-9377
\ No newline at end of file
+9378
\ No newline at end of file
diff --git a/mozilla/webtools/bugzilla/.gitrev b/mozilla/webtools/bugzilla/.gitrev
index be8074d641f..474fa67bd9a 100644
--- a/mozilla/webtools/bugzilla/.gitrev
+++ b/mozilla/webtools/bugzilla/.gitrev
@@ -1 +1 @@
-6032799c8cd306b7dbdf5958847b371c309bfef3
\ No newline at end of file
+c3252406b334f83d0f2c03c58cee8a8697fc5c16
\ No newline at end of file
diff --git a/mozilla/webtools/bugzilla/Bugzilla/WebService/Server/XMLRPC.pm b/mozilla/webtools/bugzilla/Bugzilla/WebService/Server/XMLRPC.pm
index f3d95ef3daa..03d93b59775 100644
--- a/mozilla/webtools/bugzilla/Bugzilla/WebService/Server/XMLRPC.pm
+++ b/mozilla/webtools/bugzilla/Bugzilla/WebService/Server/XMLRPC.pm
@@ -134,6 +134,14 @@ use Bugzilla::WebService::Constants qw(XMLRPC_CONTENT_TYPE_WHITELIST);
 use Bugzilla::WebService::Util qw(fix_credentials);
 use Scalar::Util qw(tainted);
 
+sub new {
+    my $self = shift->SUPER::new(@_);
+    # Initialise XML::Parser to not expand references to entities, to prevent DoS
+    require XML::Parser;
+    $self->{_parser}->parser(parser => XML::Parser->new( NoExpand => 1, Handlers => { Default => sub {} } ));
+    return $self;
+}
+
 sub deserialize {
     my $self = shift;
 
diff --git a/mozilla/webtools/bugzilla/importxml.pl b/mozilla/webtools/bugzilla/importxml.pl
index 8750c63a110..12831e0b949 100755
--- a/mozilla/webtools/bugzilla/importxml.pl
+++ b/mozilla/webtools/bugzilla/importxml.pl
@@ -1275,6 +1275,9 @@ my $twig = XML::Twig->new(
     },
     start_tag_handlers => { bugzilla => \&init }
 );
+# Prevent DoS using the billion laughs attack.
+$twig->{NoExpand} = 1;
+
 $twig->parse($xml);
 my $root       = $twig->root;
 my $maintainer = $root->{'att'}->{'maintainer'};