Actions
Bug #4560
closedQuadratic complexity in HTTP2 gzip decompression
Affected Versions:
Effort:
Difficulty:
Label:
Needs backport to 6.0
Description
Found by oss-fuzz
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=36132
The crate flate2, unlike C zlib library, keeps a buffer of the whole gzip header until it is complete.
And it parses it over and over again (computing the CRC) for each new added bytes.
This header can be indefinitely long thanks to FNAME
flag
cf https://github.com/rust-lang/flate2-rs/blob/90d9e5ed866742ce8b3946d156830e300d1e5aab/src/gz/bufread.rs#L75
Updated by Philippe Antoine over 3 years ago
- Status changed from New to In Review
Updated by Jeff Lucovsky over 3 years ago
- Copied to Bug #4640: Quadratic complexity in HTTP2 gzip decompression added
Updated by Philippe Antoine over 3 years ago
Updated by Philippe Antoine over 3 years ago
- Status changed from In Review to Closed
Actions