OpenStack Identity (keystone)

  1. Bug #1100282
  2. Comment #89

Comment 89 for bug 1100282

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to quantum (master)

Reviewed: https://review.openstack.org/23024
Committed: http://github.com/openstack/quantum/commit/1f716e3effe1ad6eeb042a11f06a5c89498a34b8
Submitter: Jenkins
Branch: master

commit 1f716e3effe1ad6eeb042a11f06a5c89498a34b8
Author: Davanum Srinivas <email address hidden>
Date: Tue Feb 26 15:43:50 2013 -0500

    Prevent DoS through XML entity expansion

    Add a ProtectedXMLParser that overrides the
    doctype declaration handler. The handler simply
    throws an exception and prevents any further
    parsing of the incoming xml.

    Fixes LP Bug #1100282

    Change-Id: I6488e1a6a52326006e7e7927ece5b5939b72e83e