diff options
author | David Rothstein <drothstein@gmail.com> | 2016-02-24 14:26:52 -0500 |
---|---|---|
committer | David Rothstein <drothstein@gmail.com> | 2016-02-24 14:26:52 -0500 |
commit | 7b2dc7936e2566c711159f75634cbb60ddacb340 (patch) | |
tree | 9fdf1d34a03ec83b95a4fbcced22bb1b599f76d0 /includes/xmlrpcs.inc | |
parent | b8d9c44f83eca57039f648a0edb0f369f8d3e6b4 (diff) | |
download | brdo-7b2dc7936e2566c711159f75634cbb60ddacb340.tar.gz brdo-7b2dc7936e2566c711159f75634cbb60ddacb340.tar.bz2 |
Drupal 7.43 (SA-CORE-2016-001) by agerard, Alan Evans, benjy, berdir, catch, Damien Tournoud, DamienMcKenna, Dave Cohen, Dave Reid, David_Rothstein, dsnopek, effulgentsia, FengWen, fgm, fnqgpc, greggles, Gábor Hojtsy, Juho Nurminen 2NS, klausi, larowlan, nagba, Pere Orga, plach, pwolanin, quicksketch, rickmanelius, scor, stefan.r, StryKaizer, YesCT
Diffstat (limited to 'includes/xmlrpcs.inc')
-rw-r--r-- | includes/xmlrpcs.inc | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/includes/xmlrpcs.inc b/includes/xmlrpcs.inc index 8655c05b0..c334de159 100644 --- a/includes/xmlrpcs.inc +++ b/includes/xmlrpcs.inc @@ -264,6 +264,10 @@ function xmlrpc_server_call($xmlrpc_server, $methodname, $args) { */ function xmlrpc_server_multicall($methodcalls) { // See http://www.xmlrpc.com/discuss/msgReader$1208 + // To avoid multicall expansion attacks, limit the number of duplicate method + // calls allowed with a default of 1. Set to -1 for unlimited. + $duplicate_method_limit = variable_get('xmlrpc_multicall_duplicate_method_limit', 1); + $method_count = array(); $return = array(); $xmlrpc_server = xmlrpc_server_get(); foreach ($methodcalls as $call) { @@ -273,10 +277,14 @@ function xmlrpc_server_multicall($methodcalls) { $ok = FALSE; } $method = $call['methodName']; + $method_count[$method] = isset($method_count[$method]) ? $method_count[$method] + 1 : 1; $params = $call['params']; if ($method == 'system.multicall') { $result = xmlrpc_error(-32600, t('Recursive calls to system.multicall are forbidden.')); } + elseif ($duplicate_method_limit > 0 && $method_count[$method] > $duplicate_method_limit) { + $result = xmlrpc_error(-156579, t('Too many duplicate method calls in system.multicall.')); + } elseif ($ok) { $result = xmlrpc_server_call($xmlrpc_server, $method, $params); } |