meta-security/recipes-ids/suricata/files/CVE-2024-32663-002.patch

From c0af92295e833d1db29b184d63cd3b829451d7fd Mon Sep 17 00:00:00 2001
From: Philippe Antoine <pantoine@oisf.net>
Date: Thu, 28 Mar 2024 11:15:51 +0100
Subject: [PATCH] http2: do not log duplicate headers

Ticket: 6900

And thus avoid DOS by logging a request using a compressed
header block repeated many times and having a long value...

(cherry picked from commit 03442c9071b8d863d26b609d54c6eacf4de9e340)

CVE: CVE-2024-32663
Upstream-Status: Backport [https://github.com/OISF/suricata/commit/c0af92295e833d1db29b184d63cd3b829451d7fd]
Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
---
 rust/src/http2/logger.rs | 17 +++++++++++++++--
 1 file changed, 15 insertions(+), 2 deletions(-)

diff --git a/rust/src/http2/logger.rs b/rust/src/http2/logger.rs
index d25f852..a117a54 100644
--- a/rust/src/http2/logger.rs
+++ b/rust/src/http2/logger.rs
@@ -19,7 +19,8 @@ use super::http2::{HTTP2Frame, HTTP2FrameTypeData, HTTP2Transaction};
 use super::parser;
 use crate::jsonbuilder::{JsonBuilder, JsonError};
 use std;
-use std::collections::HashMap;
+use std::collections::{HashMap, HashSet};
+use std::rc::Rc;
 
 #[derive(Hash, PartialEq, Eq, Debug)]
 enum HeaderName {
@@ -35,10 +36,20 @@ fn log_http2_headers<'a>(
     blocks: &'a [parser::HTTP2FrameHeaderBlock], js: &mut JsonBuilder,
     common: &mut HashMap<HeaderName, &'a Vec<u8>>,
 ) -> Result<(), JsonError> {
+    let mut logged_headers = HashSet::new();
     for block in blocks {
-        js.start_object()?;
+        // delay js.start_object() because we skip suplicate headers
         match block.error {
             parser::HTTP2HeaderDecodeStatus::HTTP2HeaderDecodeSuccess => {
+                if Rc::strong_count(&block.name) > 2 {
+                    // more than one reference in headers table + current headers
+                    let ptr = Rc::as_ptr(&block.name) as usize;
+                    if !logged_headers.insert(ptr) {
+                        // only log once
+                        continue;
+                    }
+                }
+                js.start_object()?;
                 js.set_string_from_bytes("name", &block.name)?;
                 js.set_string_from_bytes("value", &block.value)?;
                 if let Ok(name) = std::str::from_utf8(&block.name) {
@@ -66,9 +77,11 @@ fn log_http2_headers<'a>(
                 }
             }
             parser::HTTP2HeaderDecodeStatus::HTTP2HeaderDecodeSizeUpdate => {
+                js.start_object()?;
                 js.set_uint("table_size_update", block.sizeupdate)?;
             }
             _ => {
+                js.start_object()?;
                 js.set_string("error", &block.error.to_string())?;
             }
         }
-- 
2.50.1