Bug #4331: libhtp: don't put stream in error state on compression issues - Suricata - Open Information Security Foundation

Actions

Copy link

Bug #4331

closed

libhtp: don't put stream in error state on compression issues

Added by Victor Julien almost 4 years ago. Updated over 3 years ago.

Status:

Closed

Priority:

Normal

Assignee:

Philippe Antoine

Target version:

7.0.0-beta1

Affected Versions:

Effort:

Difficulty:

Label:

Description

If we have a response body that takes too long to unpack we may have someone trying to trick us, but it could also be a bit random due to system load (as we experience in QA currently). We shouldn't put the entire stream in an error state, but instead skip the rest of the body in the offending tx. Perhaps it would make sense to count the number of txs in a stream that trigger this and have some threshold for putting the stream in an error state to reduce the effect of truly malicious streams.

Related issues 2 (0 open — 2 closed)

History
Notes
Property changes

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

Suricata

Custom queries

Bug #4331

libhtp: don't put stream in error state on compression issues

Updated by Philippe Antoine almost 4 years ago

Updated by Philippe Antoine almost 4 years ago

Updated by Philippe Antoine almost 4 years ago

Updated by Philippe Antoine almost 4 years ago

Updated by Philippe Antoine almost 4 years ago

Updated by Philippe Antoine over 3 years ago

	Related to Suricata - Task #4257: libhtp 0.5.37	Closed	Victor Julien				Actions
	Related to Suricata - Feature #4332: Makes libhtp decompression time limit configurable from Suricata	Closed	Philippe Antoine				Actions