droid icon indicating copy to clipboard operation
droid copied to clipboard

Published 20 hours ago verified publisher icon digital-preservation

DoS on quines

Open tballison opened this issue 3 years ago • 1 comments

On Tika we've gathered two quines with their creators' permissions. One is a zip file that when unzipped is exactly the same file; the other is a gz file with the same behavior.

I can't imagine DROID would run into these in the wild, but it might be useful to add some max depth checks to prevent runaway processing.

Links to the files: https://github.com/apache/tika/blob/main/tika-parsers/tika-parsers-standard/tika-parsers-standard-modules/tika-parser-pkg-module/src/test/resources/test-documents/droste.zip https://github.com/apache/tika/blob/main/tika-parsers/tika-parsers-standard/tika-parsers-standard-modules/tika-parser-pkg-module/src/test/resources/test-documents/quine.gz

tballison avatar Feb 09 '22 16:02 tballison

Oh, and if you're on a mac, double-click the quine.gz for entertainment. I've reported it to Apple, but they haven't fixed it yet that I'm aware. Make sure to have kill process at the ready.

tballison avatar Feb 09 '22 16:02 tballison