review.fuel-infra Code Review - openstack-build/neutron-build.git/commit

]> review.fuel-infra Code Review - openstack-build/neutron-build.git/commit

Code Review / openstack-build / neutron-build.git / commit

author	Davanum Srinivas <dims@linux.vnet.ibm.com>
	Tue, 26 Feb 2013 20:43:50 +0000 (15:43 -0500)
committer	Davanum Srinivas <dims@linux.vnet.ibm.com>
	Tue, 5 Mar 2013 20:51:34 +0000 (15:51 -0500)
commit	1f716e3effe1ad6eeb042a11f06a5c89498a34b8
tree	f1898c1ba8a6e5b35dc9bf2ecf5108efbff17b00	tree \| snapshot
parent	4a1a37ce9f8baf2078a1a44380895d144203a876	commit \| diff

Prevent DoS through XML entity expansion

Add a ProtectedXMLParser that overrides the
doctype declaration handler. The handler simply
throws an exception and prevents any further
parsing of the incoming xml.

Fixes LP Bug #1100282

Change-Id: I6488e1a6a52326006e7e7927ece5b5939b72e83e

quantum/tests/unit/test_wsgi.py		diff \| blob \| history
quantum/wsgi.py		diff \| blob \| history

RSS Atom