Bug #4560: Quadratic complexity in HTTP2 gzip decompression - Suricata - Open Information Security Foundation

Actions

Bug #4560

closed

PA PA

Quadratic complexity in HTTP2 gzip decompression

Bug #4560: Quadratic complexity in HTTP2 gzip decompression

Added by Philippe Antoine over 4 years ago. Updated over 4 years ago.

Status:

Closed

Priority:

Normal

Assignee:

Philippe Antoine

Target version:

Affected Versions:

Effort:

Difficulty:

Label:

Needs backport to 6.0

Description

Found by oss-fuzz
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=36132

The crate flate2, unlike C zlib library, keeps a buffer of the whole gzip header until it is complete.
And it parses it over and over again (computing the CRC) for each new added bytes.
This header can be indefinitely long thanks to FNAME flag
cf https://github.com/rust-lang/flate2-rs/blob/90d9e5ed866742ce8b3946d156830e300d1e5aab/src/gz/bufread.rs#L75

Related issues 1 (0 open — 1 closed)

PA Updated by Philippe Antoine over 4 years ago Actions
Copy link
#1

Private changed from No to Yes

PA Updated by Philippe Antoine over 4 years ago Actions
Copy link
#2

Status changed from New to In Review

https://github.com/rust-lang/flate2-rs/pull/278

JL Updated by Jeff Lucovsky over 4 years ago Actions
Copy link
#3

Copied to Bug #4640: Quadratic complexity in HTTP2 gzip decompression added

PA Updated by Philippe Antoine over 4 years ago Actions
Copy link
#4

https://github.com/rust-lang/flate2-rs/pull/280

PA Updated by Philippe Antoine over 4 years ago Actions
Copy link
#5

Status changed from In Review to Closed

https://github.com/rust-lang/flate2-rs/pull/280

VJ Updated by Victor Julien over 4 years ago Actions
Copy link
#6

Private changed from Yes to No

Actions

Also available in: PDF Atom