Security #5921
closedhttp1: configurable limit for maximum number of live transactions per flow
Added by Philippe Antoine almost 2 years ago. Updated 10 months ago.
8f63a8f3bffbbaf8fae4985ee5f974ab326b08c0
4175680a8a1c0dfaa491ee63d6e36c011d498473
Description
Kind of found by oss-fuzz:
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=55582
See also libhtp-rs oom
Updated by Philippe Antoine almost 2 years ago
Investigation shows that `http_state->conn->transactions` does not shrink as `VecDeque` when one transaction should get removed (the transaction is freed and replaced by NULL)
Need to think on this first...
Updated by Philippe Antoine almost 2 years ago
- Related to Feature #2696: http: implement parser in rust added
Updated by Philippe Antoine over 1 year ago
I thought I had a Suricata-only fix, but libhtp uses htp_list_get(connp->conn->transactions, connp->out_next_tx_index);
and tx->index = htp_list_size(tx->conn->transactions);
So, I may have a Suricata+libhtp fix...
Updated by Philippe Antoine over 1 year ago
- Related to Security #6299: mqtt pcap with anomalies takes too long to process because of app-layer-event detection added
Updated by Philippe Antoine over 1 year ago
- Target version changed from TBD to 7.0.2
Updated by Philippe Antoine over 1 year ago
- Tracker changed from Bug to Security
- Severity set to MODERATE
Updated by Philippe Antoine about 1 year ago
So, I see 2 sub tasks here :
- do not have an ever growing list of HTTP1 transactions per flow
- configurable limit for maximum number of live HTTP1 transactions per flow
The current MR is for the first one
Another thing could be to have a configurable limit for maximum number of live transactions per flow whatever the app-layer protocol
The slowness of DetectRunTx
when there are multiple live transactions per flow is to be tracked on #6299
See also https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=62416&q=label%3AProj-suricata
Updated by Victor Julien about 1 year ago
- Target version changed from 7.0.2 to 7.0.3
Updated by Victor Julien about 1 year ago
- Target version changed from 7.0.3 to 8.0.0-beta1
- Label Needs backport to 7.0 added
Updated by OISF Ticketbot about 1 year ago
- Label deleted (
Needs backport to 7.0)
Updated by Victor Julien 12 months ago
- Severity changed from MODERATE to CRITICAL
Easy to trigger, so CRITICAL.
Updated by Victor Julien 11 months ago
- Status changed from In Review to Resolved
Updated by Philippe Antoine 11 months ago
- Status changed from Resolved to Closed
- Git IDs updated (diff)