From: Victor Julien Date: Thu, 24 Nov 2022 11:01:13 +0000 (+0100) Subject: streaming/buffer: set hard limit on buffer size X-Git-Tag: suricata-7.0.0-rc1~342 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=df7d8d96c95a79425d8ce75dc95da32a177a700a;p=thirdparty%2Fsuricata.git streaming/buffer: set hard limit on buffer size Don't allow the buffer to grow beyond 1GiB. Add a once per thread warning if it does reach it. Bug: #5703. --- diff --git a/src/util-streaming-buffer.c b/src/util-streaming-buffer.c index 5bd0dd6f81..b4bb890d91 100644 --- a/src/util-streaming-buffer.c +++ b/src/util-streaming-buffer.c @@ -440,9 +440,22 @@ static void SBBPrune(StreamingBuffer *sb) } } +static thread_local bool g2s_warn_once = false; + static int WARN_UNUSED GrowToSize(StreamingBuffer *sb, uint32_t size) { + DEBUG_VALIDATE_BUG_ON(sb->buf_size > BIT_U32(30)); + if (size > BIT_U32(30)) { // 1GiB + if (!g2s_warn_once) { + SCLogWarning(SC_ERR_MEM_ALLOC, + "StreamingBuffer::GrowToSize() tried to alloc %u bytes, exceeds limit of %lu", + size, BIT_U32(30)); + g2s_warn_once = true; + } + return -1; + } + /* try to grow in multiples of sb->cfg->buf_size */ uint32_t x = sb->cfg->buf_size ? size % sb->cfg->buf_size : 0; uint32_t base = size - x; @@ -469,6 +482,8 @@ GrowToSize(StreamingBuffer *sb, uint32_t size) return 0; } +static thread_local bool grow_warn_once = false; + /** \internal * \brief try to double the buffer size * \retval 0 ok @@ -476,7 +491,18 @@ GrowToSize(StreamingBuffer *sb, uint32_t size) */ static int WARN_UNUSED Grow(StreamingBuffer *sb) { + DEBUG_VALIDATE_BUG_ON(sb->buf_size > BIT_U32(30)); uint32_t grow = sb->buf_size * 2; + if (grow > BIT_U32(30)) { // 1GiB + if (!grow_warn_once) { + SCLogWarning(SC_ERR_MEM_ALLOC, + "StreamingBuffer::Grow() tried to alloc %u bytes, exceeds limit of %lu", grow, + BIT_U32(30)); + grow_warn_once = true; + } + return -1; + } + void *ptr = REALLOC(sb->cfg, sb->buf, sb->buf_size, grow); if (ptr == NULL) return -1;