From 6b00dc36d7527f051c2346f03d20f8d9e5a60138 Mon Sep 17 00:00:00 2001 From: Philippe Antoine Date: Mon, 17 Jun 2024 16:30:49 +0200 Subject: [PATCH 3/4] http2: do not expand duplicate headers Ticket: 7104 As this can cause a big mamory allocation due to the quadratic nature of the HPACK compression. (cherry picked from commit 5bd17934df321b88f502d48afdd6cc8bad4787a7) Upstream-Status: Backport from [https://github.com/OISF/suricata/commit/c82fa5ca0d1ce0bd8f936e0b860707a6571373b2] CVE: CVE-2024-38535 Signed-off-by: Siddharth Doshi --- rust/src/http2/detect.rs | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/rust/src/http2/detect.rs b/rust/src/http2/detect.rs index 99261ad..9c2f8ab 100644 --- a/rust/src/http2/detect.rs +++ b/rust/src/http2/detect.rs @@ -432,11 +432,11 @@ pub fn http2_frames_get_header_value_vec( if found == 0 { vec.extend_from_slice(&block.value); found = 1; - } else if found == 1 { + } else if found == 1 && Rc::strong_count(&block.name) <= 2 { vec.extend_from_slice(&[b',', b' ']); vec.extend_from_slice(&block.value); found = 2; - } else { + } else if Rc::strong_count(&block.name) <= 2 { vec.extend_from_slice(&[b',', b' ']); vec.extend_from_slice(&block.value); } @@ -469,14 +469,14 @@ fn http2_frames_get_header_value<'a>( if found == 0 { single = Ok(&block.value); found = 1; - } else if found == 1 { + } else if found == 1 && Rc::strong_count(&block.name) <= 2 { if let Ok(s) = single { vec.extend_from_slice(s); } vec.extend_from_slice(&[b',', b' ']); vec.extend_from_slice(&block.value); found = 2; - } else { + } else if Rc::strong_count(&block.name) <= 2 { vec.extend_from_slice(&[b',', b' ']); vec.extend_from_slice(&block.value); } -- 2.44.0