spm/hs: don't exit on bad patterns

A bad pattern in a rule that hyperscan would fail to compile would exit Suricata. This could happen during a rule reload as well. In case of a untrusted ruleset, this could potentially be used to shut down the sensor. Commit 7d0851b0c2 already blocks the only know case, but this patch is more defensive. Ticket: #6195.
2 years ago · 00e00254ea
parent 2b57179d65
commit 00e00254ea
1 changed files with 3 additions and 3 deletions
--- a/src/util-spm-hs.c
+++ b/src/util-spm-hs.c
@ -1,4 +1,4 @@
-/* Copyright (C) 2016 Open Information Security Foundation
+/* Copyright (C) 2016-2023 Open Information Security Foundation
 *
 * You can copy, redistribute or modify this Program under the terms of
 * the GNU General Public License version 2 as published by the Free
@ -84,7 +84,7 @@ static int HSBuildDatabase(const uint8_t *needle, uint16_t needle_len,
        SCLogError("Unable to compile '%s' with Hyperscan, "
                   "returned %d.",
                expr, err);
-        exit(EXIT_FAILURE);
+        return -1;
    }
    SCFree(expr);
@ -96,7 +96,7 @@ static int HSBuildDatabase(const uint8_t *needle, uint16_t needle_len,
        /* If scratch allocation failed, this is not recoverable:  other SPM
         * contexts may need this scratch space. */
        SCLogError("Unable to alloc scratch for Hyperscan, returned %d.", err);
-        exit(EXIT_FAILURE);
+        return -1;
    }
    global_thread_ctx->ctx = scratch;
    sctx->db = db;