packages/redis
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

package init

Browse Source
This commit is contained in:
yeah_wang 2020-03-17 15:54:52 +08:00
parent a83732a19b
commit bf1d44eeef
3 changed files with 77 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

33
CVE-2019-10192.patch Normal file
View File

@ -0,0 +1,33 @@
From 9f13b2bd4967334b1701c6eccdf53760cb13f79e Mon Sep 17 00:00:00 2001
From: John Sully <john@csquare.ca>
Date: Thu, 14 Mar 2019 14:02:16 -0400
Subject: [PATCH] Fix hyperloglog corruption
---
src/hyperloglog.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/src/hyperloglog.c b/src/hyperloglog.c
index fc21ea0065d..e993bf26e1d 100644
--- a/src/hyperloglog.c
+++ b/src/hyperloglog.c
@@ -614,6 +614,10 @@ int hllSparseToDense(robj *o) {
} else {
runlen = HLL_SPARSE_VAL_LEN(p);
regval = HLL_SPARSE_VAL_VALUE(p);
+ if ((runlen + idx) > HLL_REGISTERS) {
+ sdsfree(dense);
+ return C_ERR;
+ }
while(runlen--) {
HLL_DENSE_SET_REGISTER(hdr->registers,idx,regval);
idx++;
@@ -1088,6 +1092,8 @@ int hllMerge(uint8_t *max, robj *hll) {
} else {
runlen = HLL_SPARSE_VAL_LEN(p);
regval = HLL_SPARSE_VAL_VALUE(p);
+ if ((runlen + i) > HLL_REGISTERS)
+ return C_ERR;
while(runlen--) {
if (regval > max[i]) max[i] = regval;
i++;

35
cve-2019-10192.patch Normal file
View File

@ -0,0 +1,35 @@
From e216ceaf0e099536fe3658a29dcb725d812364e0 Mon Sep 17 00:00:00 2001
From: antirez <antirez@gmail.com>
Date: Fri, 15 Mar 2019 17:16:06 +0100
Subject: [PATCH] HyperLogLog: handle wrong offset in the base case.
---
src/hyperloglog.c | 8 ++------
1 file changed, 2 insertions(+), 6 deletions(-)
diff --git a/src/hyperloglog.c b/src/hyperloglog.c
index 526510b43b9..1e7ce3dceb7 100644
--- a/src/hyperloglog.c
+++ b/src/hyperloglog.c
@@ -614,10 +614,7 @@ int hllSparseToDense(robj *o) {
} else {
runlen = HLL_SPARSE_VAL_LEN(p);
regval = HLL_SPARSE_VAL_VALUE(p);
- if ((runlen + idx) > HLL_REGISTERS) {
- sdsfree(dense);
- return C_ERR;
- }
+ if ((runlen + idx) > HLL_REGISTERS) break; /* Overflow. */
while(runlen--) {
HLL_DENSE_SET_REGISTER(hdr->registers,idx,regval);
idx++;
@@ -1097,8 +1094,7 @@ int hllMerge(uint8_t *max, robj *hll) {
} else {
runlen = HLL_SPARSE_VAL_LEN(p);
regval = HLL_SPARSE_VAL_VALUE(p);
- if ((runlen + i) > HLL_REGISTERS)
- return C_ERR;
+ if ((runlen + i) > HLL_REGISTERS) break; /* Overflow. */
while(runlen--) {
if (regval > max[i]) max[i] = regval;
i++;

10
redis.spec
View File

@ -1,6 +1,6 @@
Name: redis
Version: 4.0.11
Release: 3
Release: 4
Summary: A persistent key-value database
License: BSD and MIT
URL: https://redis.io
@ -9,6 +9,11 @@ Source1: %{name}.logrotate
Source2: %{name}-sentinel.service
Source3: %{name}.service
#CVE fix
Patch0001: CVE-2019-10192.patch
#Optimization of the above problem
Patch0002: cve-2019-10192.patch
%description
Redis is an advanced key-value store. It is often referred to as a dattructure server since keys can contain strings, hashes
,lists, sets anorted sets.
@ -55,6 +60,9 @@ install -pDm640 sentinel.conf %{buildroot}%{_sysconfdir}/%{name}-sentinel.conf
%{_unitdir}/%{name}-sentinel.service
%changelog
* Tue Mar 17 2020 wangye <wangye54@huawei.com> - 4.0.11-4
- CVE fix
* Wed Jan 15 2020 zhujunhao <zhujunhao5@huawei.com> - 4.0.11-3
- Modify redis service