From 00dcf6d10240f95c316d150c56d2af4ff4010fde Mon Sep 17 00:00:00 2001 From: Philippe Antoine Date: Thu, 10 Mar 2022 15:09:57 +0100 Subject: [PATCH] ssl: first pass limit when allocating buffer for certificates With this check, on the first packet of a certificate presenting a length of 16Mbytes, we only allocate up to 65Kb When we get to the point where need more than 65Kb, we realloc to the true size. With this check, it makes it more expensive for an attacket to use this allocation as a way to trigger ressource exhaustion... --- src/app-layer-ssl.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/src/app-layer-ssl.c b/src/app-layer-ssl.c index 30ad2f785628..c69341331ef4 100644 --- a/src/app-layer-ssl.c +++ b/src/app-layer-ssl.c @@ -1431,6 +1431,10 @@ static int EnsureRecordSpace(SSLStateConnp *curr_connp, const uint8_t * const in SCLogDebug("cert_len unknown still, create small buffer to start"); certs_len = 256; } + // Limit in a first time allocation for very large certificates + if (certs_len > 0x10000 && certs_len > curr_connp->trec_pos + input_len) { + certs_len = 0x10000; + } if (curr_connp->trec == NULL) { curr_connp->trec_len = certs_len;