Project

General

Profile

Actions
Copy link

Bug #3652

closed

Recursion stack-overflow in parsing YAML configuration

Added by Jeff Lucovsky about 4 years ago. Updated almost 4 years ago.

Status:
Closed
Priority:
Immediate
Assignee:
Shivani Bhardwaj
Target version:
4.1.8
Affected Versions:
Effort:
Difficulty:
Label:

Description

A YAML configuration can be crafted (for example, by a fuzzer) that causes the YAML parser to recurse to a depth where a stack-overflow occurs. This appears to be at about 180. Our default configuration goes to a depth of about 16.

Suggested fix: track the recursion limit and abort at some level, for example 128 should be OK.

Longer term fix if we every have a config that needs more recursion would be to refactor into a loop.

Related issues 1 (0 open1 closed)

Copied from Suricata - Bug #3630: Recursion stack-overflow in parsing YAML configurationClosedJason IshActions
Actions
Copy link
 #1

Updated by Jeff Lucovsky about 4 years ago

  • Copied from Bug #3630: Recursion stack-overflow in parsing YAML configuration added
Actions
Copy link
 #2

Updated by Shivani Bhardwaj about 4 years ago

  • Priority changed from Normal to Immediate
Actions
Copy link
 #4

Updated by Shivani Bhardwaj about 4 years ago

  • Status changed from Assigned to In Review
Actions
Copy link
 #5

Updated by Shivani Bhardwaj almost 4 years ago

  • Status changed from In Review to Closed
Actions
Copy link

Also available in: Atom PDF