]> git.ipfire.org Git - thirdparty/suricata.git/commit
projects / thirdparty / suricata.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: b9b797f) | patch
detect: limit base64_decode `bytes` to 64KiB
authorPhilippe Antoine <pantoine@oisf.net>
Tue, 17 Dec 2024 14:06:25 +0000 (15:06 +0100)
committerVictor Julien <vjulien@oisf.net>
Tue, 18 Mar 2025 09:49:25 +0000 (10:49 +0100)
commit32d0bd2bbb4d486623dec85a94952fde2515f2f0
tree05f2f08fea6ed978156a96ddac416a515a3e9d9atree
parentb9b797f1f4fcea02da5b051281e6f7d8d7786260commit | diff
detect: limit base64_decode `bytes` to 64KiB

Ticket: 7613

Avoids potential large per-thread memory allocation. A buffer with the
size of the largest decode_base64 buffer size setting would be allocated
per thread. As this was a u32, it could mean a per-thread 4GiB memory
allocation.

64KiB was already the built-in default for cases where bytes size wasn't
specified.
doc/userguide/rules/base64-keywords.rst diff | blob | blame | history
src/detect-base64-decode.c diff | blob | blame | history
src/detect.h diff | blob | blame | history
Mirror of https://github.com/OISF/suricata.git