Project

General

Profile

Actions

Bug #4560

closed

Quadratic complexity in HTTP2 gzip decompression

Added by Philippe Antoine about 1 year ago. Updated 10 months ago.

Status:
Closed
Priority:
Normal
Target version:
Affected Versions:
Effort:
Difficulty:
Label:
Needs backport to 6.0

Description

Found by oss-fuzz
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=36132

The crate flate2, unlike C zlib library, keeps a buffer of the whole gzip header until it is complete.
And it parses it over and over again (computing the CRC) for each new added bytes.
This header can be indefinitely long thanks to FNAME flag
cf https://github.com/rust-lang/flate2-rs/blob/90d9e5ed866742ce8b3946d156830e300d1e5aab/src/gz/bufread.rs#L75


Related issues 1 (0 open1 closed)

Copied to Bug #4640: Quadratic complexity in HTTP2 gzip decompressionClosedPhilippe AntoineActions
Actions #1

Updated by Philippe Antoine about 1 year ago

  • Private changed from No to Yes
Actions #2

Updated by Philippe Antoine about 1 year ago

  • Status changed from New to In Review
Actions #3

Updated by Jeff Lucovsky about 1 year ago

  • Copied to Bug #4640: Quadratic complexity in HTTP2 gzip decompression added
Actions #5

Updated by Philippe Antoine about 1 year ago

  • Status changed from In Review to Closed
Actions #6

Updated by Victor Julien 10 months ago

  • Private changed from Yes to No
Actions

Also available in: Atom PDF