Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

conf/yaml: limit recursion depth while paring YAML - v1 #4799

Closed
wants to merge 1 commit into from
Closed

conf/yaml: limit recursion depth while paring YAML - v1 #4799

wants to merge 1 commit into from

Conversation

jasonish
Copy link
Member

@jasonish jasonish commented Apr 9, 2020

A deeply nested YAML file can cause a stack-overflow while
reading in the configuration to do the recursive parser. Limit
the recursion level to something sane (128) to prevent this
from happening.

The default Suricata configuration has a recursion level of 128
so there is still lots of room to grow (not that we should).

Redmine ticket:
https://redmine.openinfosecfoundation.org/issues/3630

PRScript output (if applicable):

@jasonish jasonish requested a review from a team as a code owner April 9, 2020 23:11
@jasonish
conf/yaml: limit recursion depth while paring YAML
6913ccf 
A deeply nested YAML file can cause a stack-overflow while
reading in the configuration to do the recursive parser. Limit
the recursion level to something sane (128) to prevent this
from happening.

The default Suricata configuration has a recursion level of 128
so there is still lots of room to grow (not that we should).

Redmine ticket:
https://redmine.openinfosecfoundation.org/issues/3630
@jasonish jasonish force-pushed the conf-yaml-recursion-limit/v1 branch from 06259ab to 6913ccf Compare April 9, 2020 23:12
satta
satta reviewed Apr 10, 2020
View reviewed changes
src/conf-yaml-loader.c
int retval = 0;

if (rlevel++ > RECURSION_LIMIT) {
FatalError(SC_ERR_FATAL, "Recusion limit hit while parsing configuration file, aborting.");
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

FYI: There's a typo here: Recusion.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks, fixing this before merge.

@victorjulien victorjulien mentioned this pull request Apr 10, 2020
Merged
@victorjulien
Copy link
Member

Merged with typo-fix in #4802, thanks!

@jasonish jasonish deleted the conf-yaml-recursion-limit/v1 branch July 1, 2021 17:16
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@satta satta satta left review comments

@victorjulien victorjulien victorjulien left review comments

Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@jasonish @victorjulien @satta