command-not-found crash on inreasonably long input
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
command-not-found |
Fix Released
|
High
|
Dominique Ramaekers |
Bug Description
Bash itself won't crash on extraordinarily long input, but the little utilitarian tool will.
With the ulimit set in /etc/bash.bashrc, the crash info is graceful as seen below. However, it ended up crashing my computer out. (Actually it took my computer into the pitfall of swap, as I found out later. That means, it consumes too much MEMORY, not cpu time.)
The source code seems as if the spelling error candidates are O(n^2). (Although actually it is, at least.)
Possibly a denial of service attack on computer without good config on ulimit :)
~# `printf '=%.0s' {1..10000}`
Sorry, command-not-found has crashed! Please file a bug report at:
https:/
Please include the following information with the report:
command-not-found version: 0.3
Python version: 3.5.2 final 0
Distributor ID: Ubuntu
Description: Ubuntu 16.04.1 LTS
Release: 16.04
Codename: xenial
Exception information:
Traceback (most recent call last):
File "/usr/lib/
callback()
File "/usr/lib/
if not cnf.advise(args[0], options.
File "/usr/lib/
self.
File "/usr/lib/
for w in similar_
File "/usr/lib/
replaces = [a + c + b[1:] for a, b in s for c in alphabet if b]
File "/usr/lib/
replaces = [a + c + b[1:] for a, b in s for c in alphabet if b]
MemoryError
Related branches
- Michael Vogt: Approve
-
Diff: 23 lines (+3/-3)1 file modifiedCommandNotFound/CommandNotFound.py (+3/-3)
description: | updated |
Changed in command-not-found: | |
status: | Confirmed → In Progress |
Changed in command-not-found: | |
importance: | Undecided → High |
status: | In Progress → Fix Committed |
Changed in command-not-found: | |
status: | Fix Committed → Fix Released |
information type: | Private Security → Public Security |
Confirm.
I've tested the command in a lxd-container through ssh. My crash is different but it's clear c-n-f consumes 100% of the physical memory.
I'm looking in to this...