Bug 1031035: xmlrpc can be DoS'd with billion laughs attack

r=LpSolit,a=glob

diff --git a/Bugzilla/WebService/Server/XMLRPC.pm b/Bugzilla/WebService/Server/XMLRPC.pm
index 03d93b597758265cb42c49a7ebec484302742dcc..c28c3e10cbbc995faae9599663326c9104ec104a 100644 (file)
--- a/Bugzilla/WebService/Server/XMLRPC.pm
+++ b/Bugzilla/WebService/Server/XMLRPC.pm
@@ -138,7 +138,8 @@ sub new {
     my $self = shift->SUPER::new(@_);
     # Initialise XML::Parser to not expand references to entities, to prevent DoS
     require XML::Parser;
-    $self->{_parser}->parser(parser => XML::Parser->new( NoExpand => 1, Handlers => { Default => sub {} } ));
+    my $parser = XML::Parser->new( NoExpand => 1, Handlers => { Default => sub {} } );
+    $self->{_parser}->parser($parser, $parser);
     return $self;
 }