Date: Thu, 13 Nov 2025 10:28:09 +0000 From: bugzilla-noreply@freebsd.org To: bugs@FreeBSD.org Subject: [Bug 290992] Denial of Service in `quot` via Improper Input Validation in `donames()` (`-n` mode) Message-ID: <bug-290992-227-RDCld00UEd@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-290992-227@https.bugs.freebsd.org/bugzilla/>
index | next in thread | previous in thread | raw e-mail
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=290992 Dag-Erling Smørgrav <des@FreeBSD.org> changed: What |Removed |Added ---------------------------------------------------------------------------- URL| |https://reviews.freebsd.org | |/D53726 Assignee|bugs@FreeBSD.org |des@FreeBSD.org Status|New |In Progress Flags| |mfc-stable15?, | |mfc-stable14?, | |mfc-stable13? --- Comment #1 from Dag-Erling Smørgrav <des@FreeBSD.org> --- 1. Negative inode numbers aren't valid either, so I don't see what difference this makes. 2. Aborting on invalid input is an implementation choice, not a bug. 3. As you've already been told, quot is not a security boundary. 4. When reporting a bug, “expected output” usually means the output one would expect if the program worked correctly. That being said, donames() is wildly inconsistent in how it handles different types of invalid input, so it's worth rewriting. -- You are receiving this mail because: You are the assignee for the bug.home | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-290992-227-RDCld00UEd>