From ae44a90c828e20c2376934a453cc319e9b07282d Mon Sep 17 00:00:00 2001 From: "bzrmirror%bugzilla.org" Date: Tue, 14 Apr 2015 17:00:50 +0000 Subject: [PATCH] Bug 1031035: xmlrpc can be DoS'd with billion laughs attack r=LpSolit,a=glob git-svn-id: svn://10.0.0.236/trunk@265932 18797224-902f-48f8-a5cc-f745e15eee43 --- mozilla/webtools/bugzilla/.bzrrev | 2 +- mozilla/webtools/bugzilla/.gitrev | 2 +- mozilla/webtools/bugzilla/Bugzilla/WebService/Server/XMLRPC.pm | 3 ++- 3 files changed, 4 insertions(+), 3 deletions(-) diff --git a/mozilla/webtools/bugzilla/.bzrrev b/mozilla/webtools/bugzilla/.bzrrev index 9eddccf3466..9c4ec78d940 100644 --- a/mozilla/webtools/bugzilla/.bzrrev +++ b/mozilla/webtools/bugzilla/.bzrrev @@ -1 +1 @@ -9384 \ No newline at end of file +9385 \ No newline at end of file diff --git a/mozilla/webtools/bugzilla/.gitrev b/mozilla/webtools/bugzilla/.gitrev index 1cfa2d9c448..bd8aca86b53 100644 --- a/mozilla/webtools/bugzilla/.gitrev +++ b/mozilla/webtools/bugzilla/.gitrev @@ -1 +1 @@ -802a5cccd273b9c9bc25d3251452147cb84f5571 \ No newline at end of file +bdd9c47cc031109dc606e99fc3bc424f0f6521a3 \ No newline at end of file diff --git a/mozilla/webtools/bugzilla/Bugzilla/WebService/Server/XMLRPC.pm b/mozilla/webtools/bugzilla/Bugzilla/WebService/Server/XMLRPC.pm index 03d93b59775..c28c3e10cbb 100644 --- a/mozilla/webtools/bugzilla/Bugzilla/WebService/Server/XMLRPC.pm +++ b/mozilla/webtools/bugzilla/Bugzilla/WebService/Server/XMLRPC.pm @@ -138,7 +138,8 @@ sub new { my $self = shift->SUPER::new(@_); # Initialise XML::Parser to not expand references to entities, to prevent DoS require XML::Parser; - $self->{_parser}->parser(parser => XML::Parser->new( NoExpand => 1, Handlers => { Default => sub {} } )); + my $parser = XML::Parser->new( NoExpand => 1, Handlers => { Default => sub {} } ); + $self->{_parser}->parser($parser, $parser); return $self; }