Bug 1031035: xmlrpc can be DoS'd with billion laughs attack

r=LpSolit,a=glob
bugzilla · Apr 14, 2015 · bdd9c47 · bdd9c47
1 parent 802a5cc
commit bdd9c47
Showing 1 changed file with 2 additions and 1 deletion.
diff --git a/Bugzilla/WebService/Server/XMLRPC.pm b/Bugzilla/WebService/Server/XMLRPC.pm
@@ -138,7 +138,8 @@ sub new {
     my $self = shift->SUPER::new(@_);
     # Initialise XML::Parser to not expand references to entities, to prevent DoS
     require XML::Parser;
-    $self->{_parser}->parser(parser => XML::Parser->new( NoExpand => 1, Handlers => { Default => sub {} } ));
+    my $parser = XML::Parser->new( NoExpand => 1, Handlers => { Default => sub {} } );
+    $self->{_parser}->parser($parser, $parser);
     return $self;
 }