Project

General

Profile

Actions

Bug #3652

closed

Recursion stack-overflow in parsing YAML configuration

Added by Jeff Lucovsky over 4 years ago. Updated over 4 years ago.

Status:
Closed
Priority:
Immediate
Target version:
Affected Versions:
Effort:
Difficulty:
Label:

Description

A YAML configuration can be crafted (for example, by a fuzzer) that causes the YAML parser to recurse to a depth where a stack-overflow occurs. This appears to be at about 180. Our default configuration goes to a depth of about 16.

Suggested fix: track the recursion limit and abort at some level, for example 128 should be OK.

Longer term fix if we every have a config that needs more recursion would be to refactor into a loop.


Related issues 1 (0 open1 closed)

Copied from Suricata - Bug #3630: Recursion stack-overflow in parsing YAML configurationClosedJason IshActions
Actions #1

Updated by Jeff Lucovsky over 4 years ago

  • Copied from Bug #3630: Recursion stack-overflow in parsing YAML configuration added
Actions #2

Updated by Shivani Bhardwaj over 4 years ago

  • Priority changed from Normal to Immediate
Actions #4

Updated by Shivani Bhardwaj over 4 years ago

  • Status changed from Assigned to In Review
Actions #5

Updated by Shivani Bhardwaj over 4 years ago

  • Status changed from In Review to Closed
Actions

Also available in: Atom PDF