Project

General

Profile

Actions

Bug #4530

closed

DOS Quadratic complexity when having too many transactions

Added by Philippe Antoine over 1 year ago. Updated 7 months ago.

Status:
Closed
Priority:
Normal
Target version:
Affected Versions:
Effort:
Difficulty:
Label:

Description

Kind of found by oss-fuzz
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=35195

This is true for protocols such as MQTT, Modbus or HTTP2, where each packet/PDU has a transaction identifier (called stream for HTTP2), and we loop over our whole list of transactions to find the right one.
Attack si to start many requests, and do not finish them, so that Suricata keeps them.

There may be more protocols


Related issues 1 (0 open1 closed)

Related to Task #4721: http2: enable by defaultClosedPhilippe AntoineActions
Actions #1

Updated by Philippe Antoine over 1 year ago

  • Status changed from New to In Review

Gitlab

Actions #2

Updated by Philippe Antoine over 1 year ago

  • Private changed from Yes to No
Actions #3

Updated by Philippe Antoine 12 months ago

  • Related to Task #4721: http2: enable by default added
Actions #5

Updated by Philippe Antoine 12 months ago

Another fix could be to have a hash table instead of a list for transactions for MQTT and such...

Actions #6

Updated by Shivani Bhardwaj 9 months ago

Philippe Antoine wrote in #note-5:

Another fix could be to have a hash table instead of a list for transactions for MQTT and such...

I remember having come up with this and then Jeff also suggested it long ago. Don't recall the reason why it was not considered though. Maybe Jeff does..

Actions #7

Updated by Philippe Antoine 8 months ago

https://github.com/OISF/suricata/pull/6906 got merged
Now, we still need to add this check to the fuzz target and fix the other protocols cf https://github.com/OISF/suricata/pull/6863

Actions #8

Updated by Philippe Antoine 7 months ago

  • Status changed from In Review to Closed
Actions

Also available in: Atom PDF