From: Victor Julien Date: Tue, 5 Sep 2023 12:49:34 +0000 (+0200) Subject: spm/hs: don't exit on bad patterns X-Git-Tag: suricata-7.0.1~2 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=00e00254eae205bad5d4cfbf6c9e69f944faaf69;p=thirdparty%2Fsuricata.git spm/hs: don't exit on bad patterns A bad pattern in a rule that hyperscan would fail to compile would exit Suricata. This could happen during a rule reload as well. In case of a untrusted ruleset, this could potentially be used to shut down the sensor. Commit 7d0851b0c2 already blocks the only know case, but this patch is more defensive. Ticket: #6195. --- diff --git a/src/util-spm-hs.c b/src/util-spm-hs.c index 62862be230..cfcb8acd52 100644 --- a/src/util-spm-hs.c +++ b/src/util-spm-hs.c @@ -1,4 +1,4 @@ -/* Copyright (C) 2016 Open Information Security Foundation +/* Copyright (C) 2016-2023 Open Information Security Foundation * * You can copy, redistribute or modify this Program under the terms of * the GNU General Public License version 2 as published by the Free @@ -84,7 +84,7 @@ static int HSBuildDatabase(const uint8_t *needle, uint16_t needle_len, SCLogError("Unable to compile '%s' with Hyperscan, " "returned %d.", expr, err); - exit(EXIT_FAILURE); + return -1; } SCFree(expr); @@ -96,7 +96,7 @@ static int HSBuildDatabase(const uint8_t *needle, uint16_t needle_len, /* If scratch allocation failed, this is not recoverable: other SPM * contexts may need this scratch space. */ SCLogError("Unable to alloc scratch for Hyperscan, returned %d.", err); - exit(EXIT_FAILURE); + return -1; } global_thread_ctx->ctx = scratch; sctx->db = db;