spm/hs: don't exit on bad patterns

A bad pattern in a rule that hyperscan would fail to compile would
exit Suricata. This could happen during a rule reload as well.

In case of a untrusted ruleset, this could potentially be used to
shut down the sensor.

Commit 7d0851b0c2 already blocks the only know case, but this patch
is more defensive.

Ticket: #6195.

diff --git a/src/util-spm-hs.c b/src/util-spm-hs.c
index 62862be230ca05acc69e5c9c54d6289020c24358..cfcb8acd52a9a31fd8fc1005d93238d2a8c8f9bb 100644 (file)
--- a/src/util-spm-hs.c
+++ b/src/util-spm-hs.c
@@ -1,4 +1,4 @@
-/* Copyright (C) 2016 Open Information Security Foundation
+/* Copyright (C) 2016-2023 Open Information Security Foundation
  *
  * You can copy, redistribute or modify this Program under the terms of
  * the GNU General Public License version 2 as published by the Free
@@ -84,7 +84,7 @@ static int HSBuildDatabase(const uint8_t *needle, uint16_t needle_len,
         SCLogError("Unable to compile '%s' with Hyperscan, "
                    "returned %d.",
                 expr, err);
-        exit(EXIT_FAILURE);
+        return -1;
     }
 
     SCFree(expr);
@@ -96,7 +96,7 @@ static int HSBuildDatabase(const uint8_t *needle, uint16_t needle_len,
         /* If scratch allocation failed, this is not recoverable:  other SPM
          * contexts may need this scratch space. */
         SCLogError("Unable to alloc scratch for Hyperscan, returned %d.", err);
-        exit(EXIT_FAILURE);
+        return -1;
     }
     global_thread_ctx->ctx = scratch;
     sctx->db = db;