Fix CVE-2022-29486

CVE-2022-29486.patch

@@ -0,0 +1,23 @@
+From 3070f11991cc2014685a28c0eaa1e033ffa8fe30 Mon Sep 17 00:00:00 2001
+From: "Hong, Yang A" <yang.a.hong@intel.com>
+Date: Thu, 28 Apr 2022 10:11:32 +0000
+Subject: [PATCH] bugfix: fix overflow risk of strlen function
+
+---
+ src/compiler/compiler.cpp | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/src/compiler/compiler.cpp b/src/compiler/compiler.cpp
+index 6f993ffe..35f46b3f 100644
+--- a/src/compiler/compiler.cpp
++++ b/src/compiler/compiler.cpp
+@@ -323,7 +323,8 @@ void addExpression(NG &ng, unsigned index, const char *expression,
+     }
+ 
+     // Ensure that our pattern isn't too long (in characters).
+-    if (strlen(expression) > cc.grey.limitPatternLength) {
++    size_t maxlen = cc.grey.limitPatternLength + 1;
++    if (strnlen(expression, maxlen) >= maxlen) {
+         throw CompileError("Pattern length exceeds limit.");
+     }
+ 

hyperscan.spec

@@ -1,6 +1,6 @@
 Name:    hyperscan
 Version: 5.2.1
-Release: 2
+Release: 3
 Summary: High-performance regular expression matching library
 
 License: BSD
@@ -8,6 +8,7 @@ URL:     https://www.hyperscan.io/
 Source0: https://github.com/intel/%{name}/archive/v%{version}.tar.gz#/%{name}-%{version}.tar.gz
 
 Patch0: hyperscan-aarch64-support.patch
+Patch1: CVE-2022-29486.patch
 
 BuildRequires:  gcc-c++
 BuildRequires:  boost-devel
@@ -73,6 +74,9 @@ needed for developing Hyperscan applications.
 %{_includedir}/hs/
 
 %changelog
+* Thu Apr 20 2023 wangkai <13474090681@163.com> - 5.2.1-3
+- Fix CVE-2022-29486
+
 * Mon Jul 20 2020 Yikun Jiang <yikunkero@gmail.com> - 5.2.1-2
 - Add aarch64 support