[Bug 1605732] Re: Entering a long, invalid command to the terminal freezes the system

Launchpad Bug Tracker 1605732 at bugs.launchpad.net
Thu Feb 15 11:08:29 UTC 2018 

This bug was fixed in the package command-not-found -
0.3ubuntu18.04.0~pre3

---------------
command-not-found (0.3ubuntu18.04.0~pre3) bionic; urgency=medium

  * CommandNotFound/CommandNotFound.py:
    - limit input to 256 chars to avoid DoS (LP: #1605732)
    - add support for suggesting commands snap from snaps
      (needs snapd 2.31+ to work)
    - add "snapd" to suggests

 -- Michael Vogt <michael.vogt at ubuntu.com>  Thu, 15 Feb 2018 09:15:40
+0100

** Changed in: command-not-found (Ubuntu)
       Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to command-not-found in Ubuntu.
https://bugs.launchpad.net/bugs/1605732

Title:
  Entering a long, invalid command to the terminal freezes the system

Status in command-not-found package in Ubuntu:
  Fix Released

Bug description:
  If I enter an invalid command that is a few thousand characters long
  it goes to the command-not-found program, and it starts to look for it
  in the repositories. This takes up a lot of RAM, and the whole system
  freezes.

  
  By default, /usr/lib/command-not-found contains these lines:

      if len(args) == 1:
          cnf = CommandNotFound(options.data_dir)
          if not cnf.advise(args[0], options.ignore_installed) and not options.no_failure_msg:
              print(_("%s: command not found") % args[0], file=sys.stderr)

  
  Adding a simple length check is enough to completely solve this problem.

      if len(args) == 1:
          # Fix crashing with long commands
          if len(args[0]) > 50:
              print(_("%s: command not found") % args[0], file=sys.stderr)
          else:
              cnf = CommandNotFound(options.data_dir)
              if not cnf.advise(args[0], options.ignore_installed) and not options.no_failure_msg:
                  print(_("%s: command not found") % args[0], file=sys.stderr)

  
  I'm having this issue in Ubuntu 14.04.04 with command-not-found 0.3ubuntu12, but the same code is in 16.10's packages.

  ProblemType: Bug
  DistroRelease: Ubuntu 14.04
  Package: command-not-found 0.3ubuntu12 [modified: usr/lib/command-not-found]
  ProcVersionSignature: Ubuntu 4.2.0-42.49~14.04.1-generic 4.2.8-ckt12
  Uname: Linux 4.2.0-42-generic x86_64
  ApportVersion: 2.14.1-0ubuntu3.21
  Architecture: amd64
  CurrentDesktop: MATE
  Date: Fri Jul 22 19:12:59 2016
  PackageArchitecture: all
  SourcePackage: command-not-found
  UpgradeStatus: No upgrade log present (probably fresh install)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/command-not-found/+bug/1605732/+subscriptions

More information about the foundations-bugs mailing list