packages/hiredis
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix up CVE-2020-7105

Browse Source
This commit is contained in:
lkx690 2020-03-17 10:36:49 +08:00
parent 58b12f21c7
commit 74e9149be5
2 changed files with 47 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

42
CVE-2020-7105.patch Normal file
View File

@ -0,0 +1,42 @@
diff -Nur hiredis-0.13.3.orig/async.c hiredis-0.13.3/async.c
--- hiredis-0.13.3.orig/async.c 2015-09-16 18:25:02.000000000 +0800
+++ hiredis-0.13.3/async.c 2020-03-17 11:28:02.927579511 +0800
@@ -69,6 +69,8 @@
static void *callbackValDup(void *privdata, const void *src) {
((void) privdata);
redisCallback *dup = malloc(sizeof(*dup));
+ if(dup == NULL)
+ abort();
memcpy(dup,src,sizeof(*dup));
return dup;
}
diff -Nur hiredis-0.13.3.orig/dict.c hiredis-0.13.3/dict.c
--- hiredis-0.13.3.orig/dict.c 2015-09-16 18:25:02.000000000 +0800
+++ hiredis-0.13.3/dict.c 2020-03-17 11:29:44.708321131 +0800
@@ -72,6 +72,8 @@
/* Create a new hash table */
static dict *dictCreate(dictType *type, void *privDataPtr) {
dict *ht = malloc(sizeof(*ht));
+ if (ht == NULL)
+ abort();
_dictInit(ht,type,privDataPtr);
return ht;
}
@@ -143,6 +145,8 @@
/* Allocates the memory and stores key */
entry = malloc(sizeof(*entry));
+ if (entry == NULL)
+ abort();
entry->next = ht->table[index];
ht->table[index] = entry;
@@ -258,6 +262,8 @@
static dictIterator *dictGetIterator(dict *ht) {
dictIterator *iter = malloc(sizeof(*iter));
+ if(iter == NULL)
+ abort();
iter->ht = ht;
iter->index = -1;
iter->entry = NULL;

6
hiredis.spec
View File

@ -1,6 +1,6 @@
Name: hiredis Name: hiredis
Version: 0.13.3 Version: 0.13.3
Release: 10 Release: 11
Summary: A minimalistic C client library for the Redis database Summary: A minimalistic C client library for the Redis database
License: BSD License: BSD
URL: https://github.com/redis/hiredis URL: https://github.com/redis/hiredis
@ -8,6 +8,7 @@ Source0: https://github.com/redis/hiredis/archive/v0.13.3.tar.gz#/hiredis
BuildRequires: gcc redis BuildRequires: gcc redis
Patch0001: 0001-build-do-not-assume-that-INSTALL-is-cp.patch Patch0001: 0001-build-do-not-assume-that-INSTALL-is-cp.patch
Patch0002: CVE-2020-7105.patch
%description %description
Hiredis is a minimalistic C client library for the Redis database. Hiredis is a minimalistic C client library for the Redis database.
@ -60,5 +61,8 @@ make check || true
%{_libdir}/pkgconfig/hiredis.pc %{_libdir}/pkgconfig/hiredis.pc
%changelog %changelog
* Thu Mar 17 2020 likexin<likexin4@huawei.com> - 0.13.3-11
- fix up cve-2020-7105
* Tue Dec 31 2019 liujing<liujing144@huawei.com> - 0.13.3-10 * Tue Dec 31 2019 liujing<liujing144@huawei.com> - 0.13.3-10
- Package init - Package init