]> git.ipfire.org Git - thirdparty/suricata.git/commit
projects / thirdparty / suricata.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 0b39cf0) | patch
detect: limit base64_decode `bytes` to 64KiB
authorPhilippe Antoine <pantoine@oisf.net>
Tue, 17 Dec 2024 14:06:25 +0000 (15:06 +0100)
committerVictor Julien <vjulien@oisf.net>
Tue, 18 Mar 2025 10:31:37 +0000 (11:31 +0100)
commitbab716776ba3561cfbfd1a57fc18ff1f6859f019
tree81c8ba9fbbbb151dd38ebe21ebfbc33344c1d286tree
parent0b39cf06f89878aa6b942bea6fc8a3e9f45fe1e9commit | diff
detect: limit base64_decode `bytes` to 64KiB

Ticket: 7613

Avoids potential large per-thread memory allocation. A buffer with the
size of the largest decode_base64 buffer size setting would be allocated
per thread. As this was a u32, it could mean a per-thread 4GiB memory
allocation.

64KiB was already the built-in default for cases where bytes size wasn't
specified.

(cherry picked from commit 32d0bd2bbb4d486623dec85a94952fde2515f2f0)
doc/userguide/rules/base64-keywords.rst diff | blob | blame | history
src/detect-base64-decode.c diff | blob | blame | history
src/detect.h diff | blob | blame | history
Mirror of https://github.com/OISF/suricata.git