mirror of
https://git.yoctoproject.org/meta-security
synced 2026-07-16 15:57:21 +00:00
f0deac3787
Upstream-Status: Backport from [https://github.com/OISF/suricata/commit/aab7f35c76721df19403a7c0c0025feae12f3b6b, https://github.com/OISF/suricata/commit/a753cdbe84caee3b66d0bf49b2712d29a50d67ae, https://github.com/OISF/suricata/commit/c82fa5ca0d1ce0bd8f936e0b860707a6571373b2, https://github.com/OISF/suricata/commit/2bd3bd0e318f19008e9fe068ab17277c530ffb92] CVE's Fixed: CVE-2024-37151 suricata: suricata: packet reassembly failure, which can lead to policy bypass CVE-2024-38534 suricata: suricata: Crafted modbus traffic can lead to unlimited resource accumulation within a flow CVE-2024-38535 suricata: Suricata: can run out of memory when parsing crafted HTTP/2 traffic CVE-2024-38536 suricata: NULL pointer dereference when http.memcap is reached Signed-off-by: Siddharth Doshi <sdoshi@mvista.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
58 lines
2.4 KiB
Diff
58 lines
2.4 KiB
Diff
From 6b00dc36d7527f051c2346f03d20f8d9e5a60138 Mon Sep 17 00:00:00 2001
|
|
From: Philippe Antoine <pantoine@oisf.net>
|
|
Date: Mon, 17 Jun 2024 16:30:49 +0200
|
|
Subject: [PATCH 3/4] http2: do not expand duplicate headers
|
|
|
|
Ticket: 7104
|
|
|
|
As this can cause a big mamory allocation due to the quadratic
|
|
nature of the HPACK compression.
|
|
|
|
(cherry picked from commit 5bd17934df321b88f502d48afdd6cc8bad4787a7)
|
|
|
|
Upstream-Status: Backport from [https://github.com/OISF/suricata/commit/c82fa5ca0d1ce0bd8f936e0b860707a6571373b2]
|
|
CVE: CVE-2024-38535
|
|
Signed-off-by: Siddharth Doshi <sdoshi@mvista.com>
|
|
---
|
|
rust/src/http2/detect.rs | 8 ++++----
|
|
1 file changed, 4 insertions(+), 4 deletions(-)
|
|
|
|
diff --git a/rust/src/http2/detect.rs b/rust/src/http2/detect.rs
|
|
index 99261ad..9c2f8ab 100644
|
|
--- a/rust/src/http2/detect.rs
|
|
+++ b/rust/src/http2/detect.rs
|
|
@@ -432,11 +432,11 @@ pub fn http2_frames_get_header_value_vec(
|
|
if found == 0 {
|
|
vec.extend_from_slice(&block.value);
|
|
found = 1;
|
|
- } else if found == 1 {
|
|
+ } else if found == 1 && Rc::strong_count(&block.name) <= 2 {
|
|
vec.extend_from_slice(&[b',', b' ']);
|
|
vec.extend_from_slice(&block.value);
|
|
found = 2;
|
|
- } else {
|
|
+ } else if Rc::strong_count(&block.name) <= 2 {
|
|
vec.extend_from_slice(&[b',', b' ']);
|
|
vec.extend_from_slice(&block.value);
|
|
}
|
|
@@ -469,14 +469,14 @@ fn http2_frames_get_header_value<'a>(
|
|
if found == 0 {
|
|
single = Ok(&block.value);
|
|
found = 1;
|
|
- } else if found == 1 {
|
|
+ } else if found == 1 && Rc::strong_count(&block.name) <= 2 {
|
|
if let Ok(s) = single {
|
|
vec.extend_from_slice(s);
|
|
}
|
|
vec.extend_from_slice(&[b',', b' ']);
|
|
vec.extend_from_slice(&block.value);
|
|
found = 2;
|
|
- } else {
|
|
+ } else if Rc::strong_count(&block.name) <= 2 {
|
|
vec.extend_from_slice(&[b',', b' ']);
|
|
vec.extend_from_slice(&block.value);
|
|
}
|
|
--
|
|
2.44.0
|
|
|