DragonFlyBSD Kernel Audit
← dashboard
DF-0411

Infinite loop in ng_parse_skip_value on unclosed quoted string inside brackets: kernel thread hang DoS

Summary

ng_parse_skip_value(:1651-1683): do-while(nbracket>0||nbrace>0). ng_parse_get_token encounters unclosed quote -> ng_get_string_token returns NULL -> T_ERROR default:break(:1676). off+=len uses stale len=0 -> off doesnt advance -> same unclosed quote re-tokenized forever. Trigger: ASCII input {field=[1 \"abc]} via NGM_ASCII2BINARY. Permanent kernel thread hang 100% CPU.