Bommels05/Mozilla
Bommels05/Mozilla
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Bug 1031035: xmlrpc can be DoS'd with billion laughs attack

Browse Source 
r=LpSolit,a=glob


git-svn-id: svn://10.0.0.236/trunk@265932 18797224-902f-48f8-a5cc-f745e15eee43
This commit is contained in:
bzrmirror%bugzilla.org 2015-04-14 17:00:50 +00:00
parent 65055265c8
commit ae44a90c82
3 changed files with 4 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
mozilla/webtools/bugzilla/.bzrrev
View File

@ -1 +1 @@
9384 9385

2
mozilla/webtools/bugzilla/.gitrev
View File

@ -1 +1 @@
802a5cccd273b9c9bc25d3251452147cb84f5571 bdd9c47cc031109dc606e99fc3bc424f0f6521a3

3
mozilla/webtools/bugzilla/Bugzilla/WebService/Server/XMLRPC.pm
View File

@ -138,7 +138,8 @@ sub new {
my $self = shift->SUPER::new(@_); my $self = shift->SUPER::new(@_);
# Initialise XML::Parser to not expand references to entities, to prevent DoS # Initialise XML::Parser to not expand references to entities, to prevent DoS
require XML::Parser; require XML::Parser;
$self->{_parser}->parser(parser => XML::Parser->new( NoExpand => 1, Handlers => { Default => sub {} } )); my $parser = XML::Parser->new( NoExpand => 1, Handlers => { Default => sub {} } );
$self->{_parser}->parser($parser, $parser);
return $self; return $self;
} }