Bug #4560: Quadratic complexity in HTTP2 gzip decompression - Suricata - Open Information Security Foundation

Actions

Bug #4560

closed

Quadratic complexity in HTTP2 gzip decompression

Added by Philippe Antoine over 3 years ago. Updated almost 3 years ago.

Status:

Closed

Priority:

Normal

Assignee:

Philippe Antoine

Target version:

Affected Versions:

Effort:

Difficulty:

Label:

Needs backport to 6.0

Description

Found by oss-fuzz
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=36132

The crate flate2, unlike C zlib library, keeps a buffer of the whole gzip header until it is complete.
And it parses it over and over again (computing the CRC) for each new added bytes.
This header can be indefinitely long thanks to FNAME flag
cf https://github.com/rust-lang/flate2-rs/blob/90d9e5ed866742ce8b3946d156830e300d1e5aab/src/gz/bufread.rs#L75

Related issues 1 (0 open — 1 closed)

Actions

#1

Updated by Philippe Antoine over 3 years ago

Private changed from No to Yes

Actions

#2

Updated by Philippe Antoine over 3 years ago

Status changed from New to In Review

https://github.com/rust-lang/flate2-rs/pull/278

Actions

#3

Updated by Jeff Lucovsky about 3 years ago

Copied to Bug #4640: Quadratic complexity in HTTP2 gzip decompression added

Actions

#4

Updated by Philippe Antoine about 3 years ago

https://github.com/rust-lang/flate2-rs/pull/280

Actions

#5

Updated by Philippe Antoine about 3 years ago

Status changed from In Review to Closed

https://github.com/rust-lang/flate2-rs/pull/280

Actions

#6

Updated by Victor Julien almost 3 years ago

Private changed from Yes to No

Actions

Also available in: Atom PDF