]> git.ipfire.org Git - thirdparty/suricata.git/commitdiff
projects / thirdparty / suricata.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: a765cfd)
mpm-hs: make errors from hs_scan() fatal
authorJustin Viiret <justin.viiret@intel.com>
Mon, 23 May 2016 03:57:50 +0000 (13:57 +1000)
committerVictor Julien <victor@inliniac.net>
Fri, 27 May 2016 13:13:54 +0000 (15:13 +0200)
Hyperscan will only return an error at scan time if the database or
scratch region are corrupted, which should provoke a fatal error.

src/util-mpm-hs.c patch | blob | blame | history

diff --git a/src/util-mpm-hs.c b/src/util-mpm-hs.c
index ae0de5e0a9f06e45efa645cc742db44bbd72df3a..61a6c4cf89cc3e939bbf30c84bc84a0a3754c570 100644 (file)
--- a/src/util-mpm-hs.c
+++ b/src/util-mpm-hs.c
@@ -933,8 +933,11 @@ uint32_t SCHSSearch(const MpmCtx *mpm_ctx, MpmThreadCtx *mpm_thread_ctx,
     hs_error_t err = hs_scan(pd->hs_db, (const char *)buf, buflen, 0, scratch,
                              SCHSMatchEvent, &cctx);
     if (err != HS_SUCCESS) {
-        SCLogError(SC_ERR_FATAL, "Scanning with Hyperscan returned error %d",
-                   err);
+        /* An error value (other than HS_SCAN_TERMINATED) from hs_scan()
+         * indicates that it was passed an invalid database or scratch region,
+         * which is not something we can recover from at scan time. */
+        SCLogError(SC_ERR_FATAL, "Hyperscan returned error %d", err);
+        exit(EXIT_FAILURE);
     } else {
         ret = cctx.match_count;
     }
Mirror of https://github.com/OISF/suricata.git