Skip to content
Permalink
Browse files

Bug 1031035: xmlrpc can be DoS'd with billion laughs attack

r=LpSolit a=justdave
  • Loading branch information...
globau authored and Frédéric Buclin committed Aug 29, 2015
1 parent 79b334d commit 8beabdc137118042ed436a79501636b31a7ac82d
Showing with 12 additions and 0 deletions.
  1. +9 −0 Bugzilla/WebService/Server/XMLRPC.pm
  2. +3 −0 importxml.pl
@@ -96,6 +96,15 @@ use Bugzilla::WebService::Constants qw(XMLRPC_CONTENT_TYPE_WHITELIST);
use Bugzilla::WebService::Util qw(fix_credentials);
use Scalar::Util qw(tainted);

sub new {
my $self = shift->SUPER::new(@_);
# Initialise XML::Parser to not expand references to entities, to prevent DoS
require XML::Parser;
my $parser = XML::Parser->new( NoExpand => 1, Handlers => { Default => sub {} } );
$self->{_parser}->parser($parser, $parser);
return $self;
}

sub deserialize {
my $self = shift;

@@ -1264,6 +1264,9 @@ sub process_bug {
},
start_tag_handlers => { bugzilla => \&init }
);
# Prevent DoS using the billion laughs attack.
$twig->{NoExpand} = 1;

$twig->parse($xml);
my $root = $twig->root;
my $maintainer = $root->{'att'}->{'maintainer'};

0 comments on commit 8beabdc

Please sign in to comment.
You can’t perform that action at this time.