Bug #4530
closed
DOS Quadratic complexity when having too many transactions
Added by Philippe Antoine almost 3 years ago.
Updated about 2 years ago.
Description
Kind of found by oss-fuzz
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=35195
This is true for protocols such as MQTT, Modbus or HTTP2, where each packet/PDU has a transaction identifier (called stream for HTTP2), and we loop over our whole list of transactions to find the right one.
Attack si to start many requests, and do not finish them, so that Suricata keeps them.
There may be more protocols
- Status changed from New to In Review
- Private changed from Yes to No
- Related to Task #4721: http2: enable by default added
Another fix could be to have a hash table instead of a list for transactions for MQTT and such...
Philippe Antoine wrote in #note-5:
Another fix could be to have a hash table instead of a list for transactions for MQTT and such...
I remember having come up with this and then Jeff also suggested it long ago. Don't recall the reason why it was not considered though. Maybe Jeff does..
- Status changed from In Review to Closed
- Related to Security #5399: mqtt: DOS by quadratic with too many transactions in one parse added
Also available in: Atom
PDF