Bug #4640: Quadratic complexity in HTTP2 gzip decompression - Suricata - Open Information Security Foundation

Actions

Bug #4640

closed

Quadratic complexity in HTTP2 gzip decompression

Added by Jeff Lucovsky about 3 years ago. Updated almost 3 years ago.

Status:

Closed

Priority:

Normal

Assignee:

Philippe Antoine

Target version:

Affected Versions:

Effort:

Difficulty:

Label:

Description

Found by oss-fuzz
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=36132

The crate flate2, unlike C zlib library, keeps a buffer of the whole gzip header until it is complete.
And it parses it over and over again (computing the CRC) for each new added bytes.
This header can be indefinitely long thanks to FNAME flag
cf https://github.com/rust-lang/flate2-rs/blob/90d9e5ed866742ce8b3946d156830e300d1e5aab/src/gz/bufread.rs#L75

Related issues 1 (0 open — 1 closed)

Actions

#1

Updated by Jeff Lucovsky about 3 years ago

Copied from Bug #4560: Quadratic complexity in HTTP2 gzip decompression added

Actions

#2

Updated by Shivani Bhardwaj about 3 years ago

Status changed from Assigned to Closed
Assignee changed from Shivani Bhardwaj to Philippe Antoine

Fixed in the crate itself.

Actions

#3

Updated by Victor Julien almost 3 years ago

Private changed from Yes to No

Actions

Also available in: Atom PDF