From 20a88f7ecdb73868cd098d8dab0de867065cc567 Mon Sep 17 00:00:00 2001 From: wk333 <13474090681@163.com> Date: Thu, 20 Apr 2023 17:22:57 +0800 Subject: [PATCH] Fix CVE-2022-29486 --- CVE-2022-29486.patch | 23 +++++++++++++++++++++++ hyperscan.spec | 6 +++++- 2 files changed, 28 insertions(+), 1 deletion(-) create mode 100644 CVE-2022-29486.patch diff --git a/CVE-2022-29486.patch b/CVE-2022-29486.patch new file mode 100644 index 0000000..8cfe0a5 --- /dev/null +++ b/CVE-2022-29486.patch @@ -0,0 +1,23 @@ +From 3070f11991cc2014685a28c0eaa1e033ffa8fe30 Mon Sep 17 00:00:00 2001 +From: "Hong, Yang A" +Date: Thu, 28 Apr 2022 10:11:32 +0000 +Subject: [PATCH] bugfix: fix overflow risk of strlen function + +--- + src/compiler/compiler.cpp | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/src/compiler/compiler.cpp b/src/compiler/compiler.cpp +index 6f993ffe..35f46b3f 100644 +--- a/src/compiler/compiler.cpp ++++ b/src/compiler/compiler.cpp +@@ -323,7 +323,8 @@ void addExpression(NG &ng, unsigned index, const char *expression, + } + + // Ensure that our pattern isn't too long (in characters). +- if (strlen(expression) > cc.grey.limitPatternLength) { ++ size_t maxlen = cc.grey.limitPatternLength + 1; ++ if (strnlen(expression, maxlen) >= maxlen) { + throw CompileError("Pattern length exceeds limit."); + } + diff --git a/hyperscan.spec b/hyperscan.spec index d02dc10..9624011 100644 --- a/hyperscan.spec +++ b/hyperscan.spec @@ -1,6 +1,6 @@ Name: hyperscan Version: 5.4.0 -Release: 2 +Release: 3 Summary: High-performance regular expression matching library License: BSD @@ -12,6 +12,7 @@ Patch1: Fix-build-error-on-x86_64.patch Patch2: Fix-hyperscan-gcc10.patch # https://github.com/intel/hyperscan/commit/7d644e7ba27eaadda753febf0b142faa9affbbca Patch3: backport-Fix-segfaults-on-allocation-failure.patch +Patch4: CVE-2022-29486.patch BuildRequires: gcc-c++ BuildRequires: boost-devel @@ -80,6 +81,9 @@ needed for developing Hyperscan applications. %{_includedir}/hs/ %changelog +* Thu Apr 20 2023 wangkai <13474090681@163.com> - 5.4.0-3 +- Fix CVE-2022-29486 + * Thu Oct 20 2022 Liu Zixian - 5.4.0-2 - Sync upstream bugfix and enable regression test