Project

General

Profile

Actions
Copy link

Bug #4640

closed
JL PA

Quadratic complexity in HTTP2 gzip decompression

Bug #4640: Quadratic complexity in HTTP2 gzip decompression

Added by Jeff Lucovsky over 4 years ago. Updated over 4 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Philippe Antoine
Target version:
6.0.4
Affected Versions:
6.0.3
Effort:
Difficulty:
Label:

Description

Found by oss-fuzz
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=36132

The crate flate2, unlike C zlib library, keeps a buffer of the whole gzip header until it is complete.
And it parses it over and over again (computing the CRC) for each new added bytes.
This header can be indefinitely long thanks to FNAME flag
cf https://github.com/rust-lang/flate2-rs/blob/90d9e5ed866742ce8b3946d156830e300d1e5aab/src/gz/bufread.rs#L75

Related issues 1 (0 open1 closed)

Copied from Suricata - Bug #4560: Quadratic complexity in HTTP2 gzip decompressionClosedPhilippe AntoineActions

JL Updated by Jeff Lucovsky over 4 years ago Actions
Copy link
 #1

  • Copied from Bug #4560: Quadratic complexity in HTTP2 gzip decompression added

SB Updated by Shivani Bhardwaj over 4 years ago Actions
Copy link
 #2

  • Status changed from Assigned to Closed
  • Assignee changed from Shivani Bhardwaj to Philippe Antoine

Fixed in the crate itself.

VJ Updated by Victor Julien over 4 years ago Actions
Copy link
 #3

  • Private changed from Yes to No
Actions
Copy link

Also available in: PDF Atom