Closed Bug 620234 Opened 15 years ago Closed 15 years ago

buglist.cgi runs forever with bogus

Categories

(Bugzilla :: Query/Bug List, defect)

Product:
Bugzilla
Component:
Query/Bug List
Platform:
x86
Linux
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED WONTFIX

People

(Reporter: decoder, Unassigned)

Details

When I go to https://bugzilla.mozilla.org/buglist.cgi I get the usual error "You may not search, or create saved searches, without any search terms.", most likely to prevent DoS with large search results. However, when changing the URL to https://bugzilla.mozilla.org/buglist.cgi?cmdtype=foo then Bugzilla seems to start searching. I'm not sure what search query is executed but it didn't terminate for me. In case the empty search checks where omitted here, this might be a DoS condition.
It's very easy to generate a query which will return thousands of bugs. There isn't a lot we can do about this. Bugzilla won't runs forever, it simply collects all existing bugs.
Status: NEW → RESOLVED
Closed: 15 years ago
Resolution: --- → WONTFIX
I think that this is also actually a duplicate. We do intend to provide a fix for the DoS/overload aspect of this.
You need to log in before you can comment on or make changes to this bug.