A comment between two rules triggers an infinite loop and maxes out on memory consumption #12

verovaleros · 2022-11-29T21:49:29Z

In the label's configuration of netflowlabeler, comments are allowed. Usually they are placed at the beginning of the section, like shown below:

# Valid and ok comment
Malicious, Network-service-discovery-telnet:
    - srcIP=192.168.100.103 & Proto=tcp & dstPort=23
    - srcIP=192.168.100.103 & Proto=tcp & dstPort=2323
    - srcIP=192.168.100.103 & Proto=tcp & dstPort=9527

If, however, a comment is placed between the rules, it will enter netflowlabeler in an infinite loop, which will make it consume all available memory and then crash:

# Valid and ok comment
Malicious, Network-service-discovery-telnet:
    - srcIP=192.168.100.103 & Proto=tcp & dstPort=23
    - srcIP=192.168.100.103 & Proto=tcp & dstPort=2323
# this is a comment that is not caught properly and will trigger an unwanted behavior
    - srcIP=192.168.100.103 & Proto=tcp & dstPort=9527

verovaleros added the bug Something isn't working label Nov 29, 2022

verovaleros added this to the v0.6 milestone Nov 29, 2022

verovaleros assigned eldraco Nov 29, 2022

verovaleros added this to Netflow Labeler Nov 29, 2022

verovaleros moved this to 📋 Backlog in Netflow Labeler Nov 29, 2022

verovaleros removed this from the v0.6 milestone Mar 12, 2023

verovaleros added this to the v1.0.0 milestone May 19, 2023

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

A comment between two rules triggers an infinite loop and maxes out on memory consumption #12

A comment between two rules triggers an infinite loop and maxes out on memory consumption #12

verovaleros commented Nov 29, 2022

A comment between two rules triggers an infinite loop and maxes out on memory consumption #12

A comment between two rules triggers an infinite loop and maxes out on memory consumption #12

Comments

verovaleros commented Nov 29, 2022