1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
|
From 6b00dc36d7527f051c2346f03d20f8d9e5a60138 Mon Sep 17 00:00:00 2001
From: Philippe Antoine <pantoine@oisf.net>
Date: Mon, 17 Jun 2024 16:30:49 +0200
Subject: [PATCH 3/4] http2: do not expand duplicate headers
Ticket: 7104
As this can cause a big mamory allocation due to the quadratic
nature of the HPACK compression.
(cherry picked from commit 5bd17934df321b88f502d48afdd6cc8bad4787a7)
Upstream-Status: Backport from [https://github.com/OISF/suricata/commit/c82fa5ca0d1ce0bd8f936e0b860707a6571373b2]
CVE: CVE-2024-38535
Signed-off-by: Siddharth Doshi <sdoshi@mvista.com>
---
rust/src/http2/detect.rs | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/rust/src/http2/detect.rs b/rust/src/http2/detect.rs
index 99261ad..9c2f8ab 100644
--- a/rust/src/http2/detect.rs
+++ b/rust/src/http2/detect.rs
@@ -432,11 +432,11 @@ pub fn http2_frames_get_header_value_vec(
if found == 0 {
vec.extend_from_slice(&block.value);
found = 1;
- } else if found == 1 {
+ } else if found == 1 && Rc::strong_count(&block.name) <= 2 {
vec.extend_from_slice(&[b',', b' ']);
vec.extend_from_slice(&block.value);
found = 2;
- } else {
+ } else if Rc::strong_count(&block.name) <= 2 {
vec.extend_from_slice(&[b',', b' ']);
vec.extend_from_slice(&block.value);
}
@@ -469,14 +469,14 @@ fn http2_frames_get_header_value<'a>(
if found == 0 {
single = Ok(&block.value);
found = 1;
- } else if found == 1 {
+ } else if found == 1 && Rc::strong_count(&block.name) <= 2 {
if let Ok(s) = single {
vec.extend_from_slice(s);
}
vec.extend_from_slice(&[b',', b' ']);
vec.extend_from_slice(&block.value);
found = 2;
- } else {
+ } else if Rc::strong_count(&block.name) <= 2 {
vec.extend_from_slice(&[b',', b' ']);
vec.extend_from_slice(&block.value);
}
--
2.44.0
|
