[bug #64229] [troff] I haz a DoS attack

Follow-up Comment #5, bug #64229 (project groff): Learned today that _mandoc_(1) isn't susceptible to this. Because it doesn't support diversions at all. https://lists.gnu.org/archive/html/groff/2023-08/msg00080.html ___ Reply to this it

[bug #64229] [troff] I haz a DoS attack

Follow-up Comment #4, bug #64229 (project groff): [comment #3 comment #3:] > "Infinite input causes infinite execution time and consumes infinite resources" doesn't particularly surprise me. Do other command-line utilities fare any better? Things like "cat" and "grep" have the luxury of being a

[bug #64229] [troff] I haz a DoS attack

Follow-up Comment #3, bug #64229 (project groff): "Infinite input causes infinite execution time and consumes infinite resources" doesn't particularly surprise me. Do other command-line utilities fare any better? Things like "cat" and "grep" have the luxury of being able to emit output before al

[bug #64229] [troff] I haz a DoS attack

Follow-up Comment #2, bug #64229 (project groff): I'm impressed with how badly Heirloom handled that. $ time { printf '.di foo\n.nf\n'; yes abcdefghijklm; } | ./bin/nroff Killed real1519m49.629s user1518m54.699s sys 0m40.179s _

[bug #64229] [troff] I haz a DoS attack

Follow-up Comment #1, bug #64229 (project groff): Over 7 hours later, RSS now 8.4 GB and growing, and Heirloom _still_ hasn't been killed. I guess a slow algorithm is one defense against attack, like rate-limiting login attempts... ___ Re

[bug #64229] [troff] I haz a DoS attack

URL: Summary: [troff] I haz a DoS attack Group: GNU roff Submitter: gbranden Submitted: Sun 21 May 2023 03:29:57 PM UTC Category: Core Severity: 4 - Important