packages/redis
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix CVE-2023-28856

Browse Source
This commit is contained in:
starlet-dx 2023-05-15 10:52:22 +08:00
parent 7bcca38888
commit 5c6d9241e5
2 changed files with 56 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

49
CVE-2023-28856.patch Normal file
View File

@ -0,0 +1,49 @@
From c924ac3fdf8fe544891dc66c88018e259ee4be87 Mon Sep 17 00:00:00 2001
From: chendianqiang <c.d_q@163.com>
Date: Sun, 28 Aug 2022 16:33:41 +0800
Subject: [PATCH] fix hincrbyfloat not to create a key if the new value is
invalid (#11149)
Check the validity of the value before performing the create operation,
prevents new data from being generated even if the request fails to execute.
Co-authored-by: Oran Agra <oran@redislabs.com>
Co-authored-by: chendianqiang <chendianqiang@meituan.com>
Co-authored-by: Binbin <binloveplay1314@qq.com>
(cherry picked from commit bc7fe41e5857a0854d524e2a63a028e9394d2a5c)
(cherry picked from commit 606a385935363ea46c0df4f40f8a949d85f7a20a)
(cherry picked from commit 7df23a5f51488ce002411c9d24b38520ad67b764)
---
src/t_hash.c | 4 ++++
tests/unit/type/hash.tcl | 5 +++++
2 files changed, 9 insertions(+)
diff --git a/src/t_hash.c b/src/t_hash.c
index 3cdfdd169abf..13e65502f145 100644
--- a/src/t_hash.c
+++ b/src/t_hash.c
@@ -605,6 +605,10 @@ void hincrbyfloatCommand(client *c) {
unsigned int vlen;
if (getLongDoubleFromObjectOrReply(c,c->argv[3],&incr,NULL) != C_OK) return;
+ if (isnan(incr) || isinf(incr)) {
+ addReplyError(c,"value is NaN or Infinity");
+ return;
+ }
if ((o = hashTypeLookupWriteOrCreate(c,c->argv[1])) == NULL) return;
if (hashTypeGetValue(o,c->argv[2]->ptr,&vstr,&vlen,&ll) == C_OK) {
if (vstr) {
diff --git a/tests/unit/type/hash.tcl b/tests/unit/type/hash.tcl
index 9f8a21b1ce11..931662989d82 100644
--- a/tests/unit/type/hash.tcl
+++ b/tests/unit/type/hash.tcl
@@ -540,4 +540,9 @@ start_server {tags {"hash"}} {
assert {[r hincrbyfloat myhash float -0.1] eq {1.9}}
}
}
+
+ test {HINCRBYFLOAT does not allow NaN or Infinity} {
+ assert_error "*value is NaN or Infinity*" {r hincrbyfloat hfoo field +inf}
+ assert_equal 0 [r exists hfoo]
+ }
}

9
redis.spec
View File

@ -1,6 +1,6 @@
Name: redis Name: redis
Version: 4.0.14 Version: 4.0.14
Release: 3 Release: 4
Summary: A persistent key-value database Summary: A persistent key-value database
License: BSD and MIT License: BSD and MIT
URL: https://redis.io URL: https://redis.io
@ -21,6 +21,7 @@ Patch0009: CVE-2021-29478.patch
Patch0010: CVE-2021-32672.patch Patch0010: CVE-2021-32672.patch
Patch0011: redis-4.0.14-sw.patch Patch0011: redis-4.0.14-sw.patch
Patch0012: CVE-2022-36021.patch Patch0012: CVE-2022-36021.patch
Patch0013: CVE-2023-28856.patch
BuildRequires: systemd gcc BuildRequires: systemd gcc
Requires: /bin/awk Requires: /bin/awk
@ -52,6 +53,7 @@ Redis is an advanced key-value store. It is often referred to as a dattructure s
%patch0011 -p1 %patch0011 -p1
%endif %endif
%patch0012 -p1 %patch0012 -p1
%patch0013 -p1
sed -i -e 's|^logfile .*$|logfile /var/log/redis/redis.log|g' redis.conf sed -i -e 's|^logfile .*$|logfile /var/log/redis/redis.log|g' redis.conf
sed -i -e '$ alogfile /var/log/redis/sentinel.log' sentinel.conf sed -i -e '$ alogfile /var/log/redis/sentinel.log' sentinel.conf
@ -109,8 +111,11 @@ exit 0
%{_unitdir}/%{name}-sentinel.service %{_unitdir}/%{name}-sentinel.service
%changelog %changelog
* Mon May 15 2023 yaoxin <yao_xin001@hoperun.com> - 4.0.14-4
- Fix CVE-2023-28856
* Mon Mar 27 2023 wushaozheng<wushaozheng@ncti-gba.cn> - 4.0.14-3 * Mon Mar 27 2023 wushaozheng<wushaozheng@ncti-gba.cn> - 4.0.14-3
- Fix CVE-2022-36021.patch - Fix CVE-2022-36021
* Wed Oct 26 2022 wuzx<wuzx1226@qq.com> - 4.0.14-2 * Wed Oct 26 2022 wuzx<wuzx1226@qq.com> - 4.0.14-2
- Add sw64 architecture - Add sw64 architecture