From: Byron Jones <glob@mozilla.com>
Date: Tue, 14 Apr 2015 16:37:05 +0000 (+0800)
Subject: Bug 1031035: xmlrpc can be DoS'd with billion laughs attack
X-Git-Tag: bugzilla-5.0rc3~3
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=d5c47c9aa3325444aeab5d5691b2c911d11c4f94;p=thirdparty%2Fbugzilla.git

Bug 1031035: xmlrpc can be DoS'd with billion laughs attack
r=LpSolit,a=glob
---

diff --git a/Bugzilla/WebService/Server/XMLRPC.pm b/Bugzilla/WebService/Server/XMLRPC.pm
index 56e4dbe58d..98a0ee405d 100644
--- a/Bugzilla/WebService/Server/XMLRPC.pm
+++ b/Bugzilla/WebService/Server/XMLRPC.pm
@@ -135,7 +135,8 @@ sub new {
     my $self = shift->SUPER::new(@_);
     # Initialise XML::Parser to not expand references to entities, to prevent DoS
     require XML::Parser;
-    $self->{_parser}->parser(parser => XML::Parser->new( NoExpand => 1, Handlers => { Default => sub {} } ));
+    my $parser = XML::Parser->new( NoExpand => 1, Handlers => { Default => sub {} } );
+    $self->{_parser}->parser($parser, $parser);
     return $self;
 }