Bug 1031035: xmlrpc can be DoS'd with billion laughs attack

r=LpSolit,a=glob git-svn-id: svn://10.0.0.236/trunk@265924 18797224-902f-48f8-a5cc-f745e15eee43
2015-04-13 06:30:54 +00:00 · 2015-04-13 06:30:54 +00:00 · 8327b6b7bc
commit 8327b6b7bc
parent c1cb011b78
4 changed files with 13 additions and 2 deletions
--- a/mozilla/webtools/bugzilla/.bzrrev
+++ b/mozilla/webtools/bugzilla/.bzrrev
@ -1 +1 @@
-9377
+9378
--- a/mozilla/webtools/bugzilla/.gitrev
+++ b/mozilla/webtools/bugzilla/.gitrev
@ -1 +1 @@
-6032799c8cd306b7dbdf5958847b371c309bfef3
+c3252406b334f83d0f2c03c58cee8a8697fc5c16
--- a/mozilla/webtools/bugzilla/Bugzilla/WebService/Server/XMLRPC.pm
+++ b/mozilla/webtools/bugzilla/Bugzilla/WebService/Server/XMLRPC.pm
@ -134,6 +134,14 @@ use Bugzilla::WebService::Constants qw(XMLRPC_CONTENT_TYPE_WHITELIST);
 use Bugzilla::WebService::Util qw(fix_credentials);
 use Scalar::Util qw(tainted);

+sub new {
+    my $self = shift->SUPER::new(@_);
+    # Initialise XML::Parser to not expand references to entities, to prevent DoS
+    require XML::Parser;
+    $self->{_parser}->parser(parser => XML::Parser->new( NoExpand => 1, Handlers => { Default => sub {} } ));
+    return $self;
+}
+
 sub deserialize {
    my $self = shift;

--- a/mozilla/webtools/bugzilla/importxml.pl
+++ b/mozilla/webtools/bugzilla/importxml.pl
@ -1275,6 +1275,9 @@ my $twig = XML::Twig->new(
    },
    start_tag_handlers => { bugzilla => \&init }
 );
+# Prevent DoS using the billion laughs attack.
+$twig->{NoExpand} = 1;
+
 $twig->parse($xml);
 my $root       = $twig->root;
 my $maintainer = $root->{'att'}->{'maintainer'};