libhtp: update to 0.5.50

drop CVE-2024-45797.patch now included Signed-off-by: Armin Kuster <akuster808@gmail.com>
author: Armin Kuster <akuster808@gmail.com> 2025-03-29 20:35:08 -0400
committer: Armin Kuster <akuster808@gmail.com> 2025-04-13 14:07:57 -0400
commit: e3a61e6e81194b1fbfd09be0f5559e2ec2c55b8b (patch)
tree: a1cdeec01d88b4394d0337a70e16ee6c1c2860ca
parent: 5b691b317639a614184675bcfbb850c901774511 (diff)
download: meta-security-e3a61e6e81194b1fbfd09be0f5559e2ec2c55b8b.tar.gz
2 files changed, 2 insertions, 152 deletions
diff --git a/recipes-ids/suricata/files/CVE-2024-45797.patch b/recipes-ids/suricata/files/CVE-2024-45797.patch
deleted file mode 100644
index 3db4625..0000000
--- a/recipes-ids/suricata/files/CVE-2024-45797.patch
+++ /dev/null
@@ -1,148 +0,0 @@
-From 0d550de551b91d5e57ba23e2b1e2c6430fad6818 Mon Sep 17 00:00:00 2001
-From: Philippe Antoine <contact@catenacyber.fr>
-Date: Mon, 12 Aug 2024 14:06:40 +0200
-Subject: [PATCH] headers: put a configurable limit on their numbers
-So as to avoid quadratic complexity
-Ticket: 7191
-Upstream-Status: Backport [https://github.com/OISF/libhtp/commit/0d550de551b91d5e57ba23e2b1e2c6430fad6818]
-CVE: CVE-2024-45797
-Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
---
- htp/htp_config.c           |  8 ++++++++
- htp/htp_config.h           |  8 ++++++++
- htp/htp_config_private.h   |  6 ++++++
- htp/htp_core.h             |  1 +
- htp/htp_request_generic.c  | 11 +++++++++++
- htp/htp_response_generic.c | 10 ++++++++++
- 6 files changed, 44 insertions(+)
-diff --git a/htp/htp_config.c b/htp/htp_config.c
-index 767458f..9e0eee3 100644
--- a/htp/htp_config.c
-+++ b/htp/htp_config.c
-@@ -145,6 +145,8 @@ static unsigned char bestfit_1252[] = {
-     0xff, 0x5d, 0x7d, 0xff, 0x5e, 0x7e, 0x00, 0x00, 0x00
- };
- 
-+#define HTP_HEADERS_LIMIT 1024
-+
- htp_cfg_t *htp_config_create(void) {
-     htp_cfg_t *cfg = calloc(1, sizeof (htp_cfg_t));
-     if (cfg == NULL) return NULL;
-@@ -163,6 +165,7 @@ htp_cfg_t *htp_config_create(void) {
-     cfg->response_lzma_layer_limit = 1; // default is only one layer
-     cfg->compression_bomb_limit = HTP_COMPRESSION_BOMB_LIMIT;
-     cfg->compression_time_limit = HTP_COMPRESSION_TIME_LIMIT_USEC;
-+    cfg->number_headers_limit = HTP_HEADERS_LIMIT;
-     cfg->allow_space_uri = 0;
- 
-     // Default settings for URL-encoded data.
-@@ -542,6 +545,11 @@ void htp_config_set_compression_time_limit(htp_cfg_t *cfg, size_t useclimit) {
-     }
- }
- 
-+void htp_config_set_number_headers_limit(htp_cfg_t *cfg, uint32_t limit) {
-+    if (cfg == NULL) return;
-+    cfg->number_headers_limit = limit;
-+}
-+
- void htp_config_set_log_level(htp_cfg_t *cfg, enum htp_log_level_t log_level) {
-     if (cfg == NULL) return;
-     cfg->log_level = log_level;
-diff --git a/htp/htp_config.h b/htp/htp_config.h
-index d1365dc..ed0eaeb 100644
--- a/htp/htp_config.h
-+++ b/htp/htp_config.h
-@@ -466,6 +466,14 @@ void htp_config_set_compression_time_limit(htp_cfg_t *cfg, size_t useclimit);
-  */
- void htp_config_set_log_level(htp_cfg_t *cfg, enum htp_log_level_t log_level);
- 
-+/**
-+ * Configures the maximum number of headers LibHTP will accept per request or response.
-+ *
-+ * @param[in] cfg
-+ * @param[in] limit
-+ */
-+void htp_config_set_number_headers_limit(htp_cfg_t *cfg, uint32_t limit);
-+
- /**
-  * Configures how the server reacts to encoded NUL bytes. Some servers will stop at
-  * at NUL, while some will respond with 400 or 404. When the termination option is not
-diff --git a/htp/htp_config_private.h b/htp/htp_config_private.h
-index 5f1d60d..ecc8717 100644
--- a/htp/htp_config_private.h
-+++ b/htp/htp_config_private.h
-@@ -360,6 +360,12 @@ struct htp_cfg_t {
- 
-     /** Whether to decompress compressed request bodies. */
-     int request_decompression_enabled;
-+
-+    /** Maximum number of transactions. */
-+    uint32_t max_tx;
-+
-+    /** Maximum number of headers. */
-+    uint32_t number_headers_limit;
- };
- 
- #ifdef __cplusplus
-diff --git a/htp/htp_core.h b/htp/htp_core.h
-index e4c933e..7c23212 100644
--- a/htp/htp_core.h
-+++ b/htp/htp_core.h
-@@ -235,6 +235,7 @@ enum htp_file_source_t {
- #define HTP_REQUEST_INVALID                0x100000000ULL
- #define HTP_REQUEST_INVALID_C_L            0x200000000ULL
- #define HTP_AUTH_INVALID                   0x400000000ULL
-+#define HTP_HEADERS_TOO_MANY               0x800000000ULL
- 
- #define HTP_MAX_HEADERS_REPETITIONS 64
- 
-diff --git a/htp/htp_request_generic.c b/htp/htp_request_generic.c
-index 435cf0a..1350e57 100644
--- a/htp/htp_request_generic.c
-+++ b/htp/htp_request_generic.c
-@@ -120,6 +120,17 @@ htp_status_t htp_process_request_header_generic(htp_connp_t *connp, unsigned cha
-         bstr_free(h->value);
-         free(h);
-     } else {
-+        if (htp_table_size(connp->in_tx->request_headers) > connp->cfg->number_headers_limit) {
-+            if (!(connp->in_tx->flags & HTP_HEADERS_TOO_MANY)) {
-+                connp->in_tx->flags |= HTP_HEADERS_TOO_MANY;
-+                htp_log(connp, HTP_LOG_MARK, HTP_LOG_WARNING, 0, "Too many request headers");
-+            }
-+            bstr_free(h->name);
-+            bstr_free(h->value);
-+            free(h);
-+            // give up on what comes next
-+            return HTP_ERROR;
-+        }
-         // Add as a new header.
-         if (htp_table_add(connp->in_tx->request_headers, h->name, h) != HTP_OK) {
-             bstr_free(h->name);
-diff --git a/htp/htp_response_generic.c b/htp/htp_response_generic.c
-index f5fa59e..69da625 100644
--- a/htp/htp_response_generic.c
-+++ b/htp/htp_response_generic.c
-@@ -321,6 +321,16 @@ htp_status_t htp_process_response_header_generic(htp_connp_t *connp, unsigned ch
-         bstr_free(h->value);
-         free(h);       
-     } else {
-+        if (htp_table_size(connp->out_tx->response_headers) > connp->cfg->number_headers_limit) {
-+            if (!(connp->out_tx->flags & HTP_HEADERS_TOO_MANY)) {
-+                connp->out_tx->flags |= HTP_HEADERS_TOO_MANY;
-+                htp_log(connp, HTP_LOG_MARK, HTP_LOG_WARNING, 0, "Too many response headers");
-+            }
-+            bstr_free(h->name);
-+            bstr_free(h->value);
-+            free(h);
-+            return HTP_ERROR;
-+        }
-         // Add as a new header.
-         if (htp_table_add(connp->out_tx->response_headers, h->name, h) != HTP_OK) {
-             bstr_free(h->name);
-- 
-2.25.1
diff --git a/recipes-ids/suricata/libhtp_0.5.45.bb b/recipes-ids/suricata/libhtp_0.5.50.bb
index 74a53df..3a795ae 100644
--- a/recipes-ids/suricata/libhtp_0.5.45.bb
+++ b/recipes-ids/suricata/libhtp_0.5.50.bb
@@ -4,10 +4,8 @@ require suricata.inc
 LIC_FILES_CHKSUM = "file://LICENSE;beginline=1;endline=2;md5=596ab7963a1a0e5198e5a1c4aa621843"
-SRC_URI = "git://github.com/OISF/libhtp.git;protocol=https;branch=0.5.x \
+SRC_URI = "git://github.com/OISF/libhtp.git;protocol=https;branch=0.5.x"
-           file://CVE-2024-45797.patch \
+SRCREV = "ebe480be4a5f3bb1d44be6a9a6c2755bd8ef7e71"
-          "
-SRCREV = "8bdfe7b9d04e5e948c8fbaa7472e14d884cc00af"
 DEPENDS = "zlib"
author	Armin Kuster <akuster808@gmail.com>	2025-03-29 20:35:08 -0400
committer	Armin Kuster <akuster808@gmail.com>	2025-04-13 14:07:57 -0400
commit	e3a61e6e81194b1fbfd09be0f5559e2ec2c55b8b (patch)
tree	a1cdeec01d88b4394d0337a70e16ee6c1c2860ca
parent	5b691b317639a614184675bcfbb850c901774511 (diff)
download	meta-security-e3a61e6e81194b1fbfd09be0f5559e2ec2c55b8b.tar.gz

diff --git a/recipes-ids/suricata/files/CVE-2024-45797.patch b/recipes-ids/suricata/files/CVE-2024-45797.patch deleted file mode 100644 index 3db4625..0000000 --- a/recipes-ids/suricata/files/CVE-2024-45797.patch +++ /dev/null
@@ -1,148 +0,0 @@
1	From 0d550de551b91d5e57ba23e2b1e2c6430fad6818 Mon Sep 17 00:00:00 2001
2	From: Philippe Antoine <contact@catenacyber.fr>
3	Date: Mon, 12 Aug 2024 14:06:40 +0200
4	Subject: [PATCH] headers: put a configurable limit on their numbers
5
6	So as to avoid quadratic complexity
7
8	Ticket: 7191
9
10	Upstream-Status: Backport [https://github.com/OISF/libhtp/commit/0d550de551b91d5e57ba23e2b1e2c6430fad6818]
11	CVE: CVE-2024-45797
12	Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
13	---
14	htp/htp_config.c \| 8 ++++++++
15	htp/htp_config.h \| 8 ++++++++
16	htp/htp_config_private.h \| 6 ++++++
17	htp/htp_core.h \| 1 +
18	htp/htp_request_generic.c \| 11 +++++++++++
19	htp/htp_response_generic.c \| 10 ++++++++++
20	6 files changed, 44 insertions(+)
21
22	diff --git a/htp/htp_config.c b/htp/htp_config.c
23	index 767458f..9e0eee3 100644
24	--- a/htp/htp_config.c
25	+++ b/htp/htp_config.c
26	@@ -145,6 +145,8 @@ static unsigned char bestfit_1252[] = {
27	0xff, 0x5d, 0x7d, 0xff, 0x5e, 0x7e, 0x00, 0x00, 0x00
28	};
29
30	+#define HTP_HEADERS_LIMIT 1024
31	+
32	htp_cfg_t *htp_config_create(void) {
33	htp_cfg_t *cfg = calloc(1, sizeof (htp_cfg_t));
34	if (cfg == NULL) return NULL;
35	@@ -163,6 +165,7 @@ htp_cfg_t *htp_config_create(void) {
36	cfg->response_lzma_layer_limit = 1; // default is only one layer
37	cfg->compression_bomb_limit = HTP_COMPRESSION_BOMB_LIMIT;
38	cfg->compression_time_limit = HTP_COMPRESSION_TIME_LIMIT_USEC;
39	+ cfg->number_headers_limit = HTP_HEADERS_LIMIT;
40	cfg->allow_space_uri = 0;
41
42	// Default settings for URL-encoded data.
43	@@ -542,6 +545,11 @@ void htp_config_set_compression_time_limit(htp_cfg_t *cfg, size_t useclimit) {
44	}
45	}
46
47	+void htp_config_set_number_headers_limit(htp_cfg_t *cfg, uint32_t limit) {
48	+ if (cfg == NULL) return;
49	+ cfg->number_headers_limit = limit;
50	+}
51	+
52	void htp_config_set_log_level(htp_cfg_t *cfg, enum htp_log_level_t log_level) {
53	if (cfg == NULL) return;
54	cfg->log_level = log_level;
55	diff --git a/htp/htp_config.h b/htp/htp_config.h
56	index d1365dc..ed0eaeb 100644
57	--- a/htp/htp_config.h
58	+++ b/htp/htp_config.h
59	@@ -466,6 +466,14 @@ void htp_config_set_compression_time_limit(htp_cfg_t *cfg, size_t useclimit);
60	*/
61	void htp_config_set_log_level(htp_cfg_t *cfg, enum htp_log_level_t log_level);
62
63	+/**
64	+ * Configures the maximum number of headers LibHTP will accept per request or response.
65	+ *
66	+ * @param[in] cfg
67	+ * @param[in] limit
68	+ */
69	+void htp_config_set_number_headers_limit(htp_cfg_t *cfg, uint32_t limit);
70	+
71	/**
72	* Configures how the server reacts to encoded NUL bytes. Some servers will stop at
73	* at NUL, while some will respond with 400 or 404. When the termination option is not
74	diff --git a/htp/htp_config_private.h b/htp/htp_config_private.h
75	index 5f1d60d..ecc8717 100644
76	--- a/htp/htp_config_private.h
77	+++ b/htp/htp_config_private.h
78	@@ -360,6 +360,12 @@ struct htp_cfg_t {
79
80	/** Whether to decompress compressed request bodies. */
81	int request_decompression_enabled;
82	+
83	+ /** Maximum number of transactions. */
84	+ uint32_t max_tx;
85	+
86	+ /** Maximum number of headers. */
87	+ uint32_t number_headers_limit;
88	};
89
90	#ifdef __cplusplus
91	diff --git a/htp/htp_core.h b/htp/htp_core.h
92	index e4c933e..7c23212 100644
93	--- a/htp/htp_core.h
94	+++ b/htp/htp_core.h
95	@@ -235,6 +235,7 @@ enum htp_file_source_t {
96	#define HTP_REQUEST_INVALID 0x100000000ULL
97	#define HTP_REQUEST_INVALID_C_L 0x200000000ULL
98	#define HTP_AUTH_INVALID 0x400000000ULL
99	+#define HTP_HEADERS_TOO_MANY 0x800000000ULL
100
101	#define HTP_MAX_HEADERS_REPETITIONS 64
102
103	diff --git a/htp/htp_request_generic.c b/htp/htp_request_generic.c
104	index 435cf0a..1350e57 100644
105	--- a/htp/htp_request_generic.c
106	+++ b/htp/htp_request_generic.c
107	@@ -120,6 +120,17 @@ htp_status_t htp_process_request_header_generic(htp_connp_t *connp, unsigned cha
108	bstr_free(h->value);
109	free(h);
110	} else {
111	+ if (htp_table_size(connp->in_tx->request_headers) > connp->cfg->number_headers_limit) {
112	+ if (!(connp->in_tx->flags & HTP_HEADERS_TOO_MANY)) {
113	+ connp->in_tx->flags \|= HTP_HEADERS_TOO_MANY;
114	+ htp_log(connp, HTP_LOG_MARK, HTP_LOG_WARNING, 0, "Too many request headers");
115	+ }
116	+ bstr_free(h->name);
117	+ bstr_free(h->value);
118	+ free(h);
119	+ // give up on what comes next
120	+ return HTP_ERROR;
121	+ }
122	// Add as a new header.
123	if (htp_table_add(connp->in_tx->request_headers, h->name, h) != HTP_OK) {
124	bstr_free(h->name);
125	diff --git a/htp/htp_response_generic.c b/htp/htp_response_generic.c
126	index f5fa59e..69da625 100644
127	--- a/htp/htp_response_generic.c
128	+++ b/htp/htp_response_generic.c
129	@@ -321,6 +321,16 @@ htp_status_t htp_process_response_header_generic(htp_connp_t *connp, unsigned ch
130	bstr_free(h->value);
131	free(h);
132	} else {
133	+ if (htp_table_size(connp->out_tx->response_headers) > connp->cfg->number_headers_limit) {
134	+ if (!(connp->out_tx->flags & HTP_HEADERS_TOO_MANY)) {
135	+ connp->out_tx->flags \|= HTP_HEADERS_TOO_MANY;
136	+ htp_log(connp, HTP_LOG_MARK, HTP_LOG_WARNING, 0, "Too many response headers");
137	+ }
138	+ bstr_free(h->name);
139	+ bstr_free(h->value);
140	+ free(h);
141	+ return HTP_ERROR;
142	+ }
143	// Add as a new header.
144	if (htp_table_add(connp->out_tx->response_headers, h->name, h) != HTP_OK) {
145	bstr_free(h->name);
146	--
147	2.25.1
148


diff --git a/recipes-ids/suricata/libhtp_0.5.45.bb b/recipes-ids/suricata/libhtp_0.5.50.bb index 74a53df..3a795ae 100644 --- a/recipes-ids/suricata/libhtp_0.5.45.bb +++ b/recipes-ids/suricata/libhtp_0.5.50.bb
@@ -4,10 +4,8 @@ require suricata.inc
4		4
5	LIC_FILES_CHKSUM = "file://LICENSE;beginline=1;endline=2;md5=596ab7963a1a0e5198e5a1c4aa621843"	5	LIC_FILES_CHKSUM = "file://LICENSE;beginline=1;endline=2;md5=596ab7963a1a0e5198e5a1c4aa621843"
6		6
7	SRC_URI = "git://github.com/OISF/libhtp.git;protocol=https;branch=0.5.x \	7	SRC_URI = "git://github.com/OISF/libhtp.git;protocol=https;branch=0.5.x"
8	file://CVE-2024-45797.patch \	8	SRCREV = "ebe480be4a5f3bb1d44be6a9a6c2755bd8ef7e71"
9	"
10	SRCREV = "8bdfe7b9d04e5e948c8fbaa7472e14d884cc00af"
11		9
12	DEPENDS = "zlib"	10	DEPENDS = "zlib"
13		11