Skip to content

GitLab omnibus DoS crash via OOM with CI Catalogs

Steps to reproduce

On a self-hosted instance:

  • create a new repository,
  • git clone https://gitlab.com/emoji-ops/gitlab-ci and push it to the new repository (master was b4cb8e996e03cd when this happened)
  • create a branch
  • edit .gitlab-ci.yml and change CI_PROJECT_PATH for CI_CATALOG_PATH (which isn't set and doesn't exist.)
  • commit
  • push to repository.
  • go to Run Pipeline UI,
  • click run.
  • memory usage will go up until OOM>

Impact

Denial of service because gitlab omnibus will crash

What is the expected correct behavior?

No crash.

Results of GitLab environment info

$ sudo gitlab-rake gitlab:env:info
System information
System:		Debian 11
Proxy:		no
Current User:	git
Using RVM:	no
Ruby Version:	3.0.6p216
Gem Version:	3.4.19
Bundler Version:2.4.19
Rake Version:	13.0.6
Redis Version:	7.0.13
Sidekiq Version:6.5.7
Go Version:	unknown
GitLab information
Version:	16.4.1-ee
Revision:	229bc5f5985
Directory:	/opt/gitlab/embedded/service/gitlab-rails
DB Adapter:	PostgreSQL
DB Version:	13.11
URL:		https://gitlab.ateme.net
HTTP Clone URL:	https://gitlab.ateme.net/some-group/some-project.git
SSH Clone URL:	git@gitlab.ateme.net:some-group/some-project.git
Elasticsearch:	no
Geo:		no
Using LDAP:	yes
Using Omniauth:	yes
Omniauth Providers: 
GitLab Shell
Version:	14.28.0
Repository storages:

    default: unix:/var/opt/gitlab/gitaly/gitaly.socket GitLab Shell path: /opt/gitlab/embedded/service/gitlab-shell

Gitaly

    default Address: unix:/var/opt/gitlab/gitaly/gitaly.socket
    default Version: 16.4.1
    default Git Version: 2.42.0
Edited by Julien Lecomte