Security #5921
closedhttp1: configurable limit for maximum number of live transactions per flow
8f63a8f3bffbbaf8fae4985ee5f974ab326b08c0
4175680a8a1c0dfaa491ee63d6e36c011d498473
Description
Kind of found by oss-fuzz:
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=55582
See also libhtp-rs oom
PA Updated by Philippe Antoine about 3 years ago
Investigation shows that `http_state->conn->transactions` does not shrink as `VecDeque` when one transaction should get removed (the transaction is freed and replaced by NULL)
Need to think on this first...
PA Updated by Philippe Antoine about 3 years ago
- Related to Feature #2696: http: implement parser in rust added
PA Updated by Philippe Antoine almost 3 years ago
I thought I had a Suricata-only fix, but libhtp uses htp_list_get(connp->conn->transactions, connp->out_next_tx_index);
and tx->index = htp_list_size(tx->conn->transactions);
So, I may have a Suricata+libhtp fix...
PA Updated by Philippe Antoine almost 3 years ago
- Status changed from New to In Review
POC Gitlab MRs
PA Updated by Philippe Antoine over 2 years ago
- Related to Security #6299: mqtt: pcap with anomalies takes too long to process because of app-layer-event detection added
PA Updated by Philippe Antoine over 2 years ago
- Target version changed from TBD to 7.0.2
PA Updated by Philippe Antoine over 2 years ago
- Tracker changed from Bug to Security
- Severity set to MODERATE
PA Updated by Philippe Antoine over 2 years ago
So, I see 2 sub tasks here :
- do not have an ever growing list of HTTP1 transactions per flow
- configurable limit for maximum number of live HTTP1 transactions per flow
The current MR is for the first one
Another thing could be to have a configurable limit for maximum number of live transactions per flow whatever the app-layer protocol
The slowness of DetectRunTx when there are multiple live transactions per flow is to be tracked on #6299
See also https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=62416&q=label%3AProj-suricata
VJ Updated by Victor Julien over 2 years ago
- Target version changed from 7.0.2 to 7.0.3
VJ Updated by Victor Julien over 2 years ago
- Target version changed from 7.0.3 to 8.0.0-beta1
- Label Needs backport to 7.0 added
OT Updated by OISF Ticketbot over 2 years ago
- Subtask #6540 added
OT Updated by OISF Ticketbot over 2 years ago
- Label deleted (
Needs backport to 7.0)
PA Updated by Philippe Antoine over 2 years ago
- Disclosure Date set to 12/25/2023
VJ Updated by Victor Julien over 2 years ago
- Severity changed from MODERATE to CRITICAL
Easy to trigger, so CRITICAL.
VJ Updated by Victor Julien over 2 years ago
- Label Needs backport to 6.0 added
OT Updated by OISF Ticketbot over 2 years ago
- Subtask #6658 added
OT Updated by OISF Ticketbot over 2 years ago
- Label deleted (
Needs backport to 6.0)
VJ Updated by Victor Julien about 2 years ago
- Status changed from In Review to Resolved
VJ Updated by Victor Julien about 2 years ago
- CVE set to 2024-23836
PA Updated by Philippe Antoine about 2 years ago
- Status changed from Resolved to Closed
- Git IDs updated (diff)
VJ Updated by Victor Julien about 2 years ago
- Private changed from Yes to No