projects / suricata.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 6fbc772)
CVE-2024-32663-2
authorPierre Chifflier <pollux@debian.org>
Sun, 30 Mar 2025 10:03:02 +0000 (12:03 +0200)
committerThorsten Alteholz <debian@alteholz.de>
Sun, 30 Mar 2025 10:03:02 +0000 (12:03 +0200)
commit d24b37a103c04bb2667e449e080ba4c8e56bb019
Author: Philippe Antoine <pantoine@oisf.net>
Date:   Thu Mar 28 11:15:51 2024 +0100

    http2: do not log duplicate headers

    Ticket: 6900

    And thus avoid DOS by logging a request using a compressed
    header block repeated many times and having a long value...

    (cherry picked from commit 03442c9071b8d863d26b609d54c6eacf4de9e340)

Gbp-Pq: Name CVE-2024-32663-2.patch

rust/src/http2/logger.rs patch | blob | history

diff --git a/rust/src/http2/logger.rs b/rust/src/http2/logger.rs
index 3e254bf6bb14c329eafa3d8f2e86e9dbc6cc8cd3..0f3498edad54736a27218ba9e36f63748d308ae8 100644 (file)
--- a/rust/src/http2/logger.rs
+++ b/rust/src/http2/logger.rs
@@ -19,7 +19,8 @@ use super::http2::{HTTP2Frame, HTTP2FrameTypeData, HTTP2Transaction};
 use super::parser;
 use crate::jsonbuilder::{JsonBuilder, JsonError};
 use std;
-use std::collections::HashMap;
+use std::collections::{HashMap, HashSet};
+use std::rc::Rc;
 
 #[derive(Hash, PartialEq, Eq)]
 enum HeaderName {
@@ -35,10 +36,20 @@ fn log_http2_headers<'a>(
     blocks: &'a Vec<parser::HTTP2FrameHeaderBlock>, js: &mut JsonBuilder,
     common: &mut HashMap<HeaderName, &'a Vec<u8>>,
 ) -> Result<(), JsonError> {
+    let mut logged_headers = HashSet::new();
     for j in 0..blocks.len() {
-        js.start_object()?;
+        // delay js.start_object() because we skip suplicate headers
         match blocks[j].error {
             parser::HTTP2HeaderDecodeStatus::HTTP2HeaderDecodeSuccess => {
+                if Rc::strong_count(&blocks[j].name) > 2 {
+                    // more than one reference in headers table + current headers
+                    let ptr = Rc::as_ptr(&blocks[j].name) as usize;
+                    if !logged_headers.insert(ptr) {
+                        // only log once
+                        continue;
+                    }
+                }
+                js.start_object()?;
                 js.set_string_from_bytes("name", &blocks[j].name)?;
                 js.set_string_from_bytes("value", &blocks[j].value)?;
                 if let Ok(name) = std::str::from_utf8(&blocks[j].name) {
@@ -66,9 +77,11 @@ fn log_http2_headers<'a>(
                 }
             }
             parser::HTTP2HeaderDecodeStatus::HTTP2HeaderDecodeSizeUpdate => {
+                js.start_object()?;
                 js.set_uint("table_size_update", blocks[j].sizeupdate)?;
             }
             _ => {
+                js.start_object()?;
                 js.set_string("error", &blocks[j].error.to_string())?;
             }
         }
Unnamed repository; edit this file 'description' to name the repository.