Fix CVE-2022-29486

CVE-2022-29486.patch

@@ -0,0 +1,23 @@
+From 3070f11991cc2014685a28c0eaa1e033ffa8fe30 Mon Sep 17 00:00:00 2001
+From: "Hong, Yang A" <yang.a.hong@intel.com>
+Date: Thu, 28 Apr 2022 10:11:32 +0000
+Subject: [PATCH] bugfix: fix overflow risk of strlen function
+
+---
+ src/compiler/compiler.cpp | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/src/compiler/compiler.cpp b/src/compiler/compiler.cpp
+index 6f993ffe..35f46b3f 100644
+--- a/src/compiler/compiler.cpp
++++ b/src/compiler/compiler.cpp
+@@ -323,7 +323,8 @@ void addExpression(NG &ng, unsigned index, const char *expression,
+     }
+ 
+     // Ensure that our pattern isn't too long (in characters).
+-    if (strlen(expression) > cc.grey.limitPatternLength) {
++    size_t maxlen = cc.grey.limitPatternLength + 1;
++    if (strnlen(expression, maxlen) >= maxlen) {
+         throw CompileError("Pattern length exceeds limit.");
+     }
+ 

hyperscan.spec

@@ -1,6 +1,6 @@
 Name:    hyperscan
 Version: 5.4.0
-Release: 2
+Release: 3
 Summary: High-performance regular expression matching library
 
 License: BSD
@@ -12,6 +12,7 @@ Patch1: Fix-build-error-on-x86_64.patch
 Patch2: Fix-hyperscan-gcc10.patch
 # https://github.com/intel/hyperscan/commit/7d644e7ba27eaadda753febf0b142faa9affbbca
 Patch3: backport-Fix-segfaults-on-allocation-failure.patch
+Patch4: CVE-2022-29486.patch
 
 BuildRequires:  gcc-c++
 BuildRequires:  boost-devel
@@ -80,6 +81,9 @@ needed for developing Hyperscan applications.
 %{_includedir}/hs/
 
 %changelog
+* Thu Apr 20 2023 wangkai <13474090681@163.com> - 5.4.0-3
+- Fix CVE-2022-29486
+
 * Thu Oct 20 2022 Liu Zixian <liuzixian4@huawei.com> - 5.4.0-2
 - Sync upstream bugfix and enable regression test