Bommels05/Mozilla
Bommels05/Mozilla
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Bug 1031035: xmlrpc can be DoS'd with billion laughs attack

Browse Source 
r=LpSolit,a=glob


git-svn-id: svn://10.0.0.236/trunk@265924 18797224-902f-48f8-a5cc-f745e15eee43
This commit is contained in:
bzrmirror%bugzilla.org 2015-04-13 06:30:54 +00:00
parent c1cb011b78
commit 8327b6b7bc
4 changed files with 13 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
mozilla/webtools/bugzilla/.bzrrev
View File

@ -1 +1 @@
9377 9378

2
mozilla/webtools/bugzilla/.gitrev
View File

@ -1 +1 @@
6032799c8cd306b7dbdf5958847b371c309bfef3 c3252406b334f83d0f2c03c58cee8a8697fc5c16

8
mozilla/webtools/bugzilla/Bugzilla/WebService/Server/XMLRPC.pm
View File

@ -134,6 +134,14 @@ use Bugzilla::WebService::Constants qw(XMLRPC_CONTENT_TYPE_WHITELIST);
use Bugzilla::WebService::Util qw(fix_credentials); use Bugzilla::WebService::Util qw(fix_credentials);
use Scalar::Util qw(tainted); use Scalar::Util qw(tainted);
sub new {
my $self = shift->SUPER::new(@_);
# Initialise XML::Parser to not expand references to entities, to prevent DoS
require XML::Parser;
$self->{_parser}->parser(parser => XML::Parser->new( NoExpand => 1, Handlers => { Default => sub {} } ));
return $self;
}
sub deserialize { sub deserialize {
my $self = shift; my $self = shift;

3
mozilla/webtools/bugzilla/importxml.pl
View File

@ -1275,6 +1275,9 @@ my $twig = XML::Twig->new(
}, },
start_tag_handlers => { bugzilla => \&init } start_tag_handlers => { bugzilla => \&init }
); );
# Prevent DoS using the billion laughs attack.
$twig->{NoExpand} = 1;
$twig->parse($xml); $twig->parse($xml);
my $root = $twig->root; my $root = $twig->root;
my $maintainer = $root->{'att'}->{'maintainer'}; my $maintainer = $root->{'att'}->{'maintainer'};