Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
home:dirkmueller:acdc:as_python3_module
redis
redis-CVE-2023-25155.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File redis-CVE-2023-25155.patch of Package redis
From fe4eb9b10f31e132640f88edee08c96715a7cd8b Mon Sep 17 00:00:00 2001 From: Oran Agra <oran@redislabs.com> Date: Tue, 21 Feb 2023 15:16:13 +0200 Subject: [PATCH] Integer Overflow in RAND commands can lead to assertion (CVE-2023-25155) Issue happens when passing a negative long value that greater than the max positive value that the long can store. (cherry picked from commit 41430af6a821c551abb862666ef896f2c196dea6) (cherry picked from commit f335f9c55e76c76531780c5bbf8805410b7b3ba4) --- src/t_set.c | 4 ++++ tests/unit/type/set.tcl | 5 +++++ 2 files changed, 9 insertions(+) Index: src/t_set.c =================================================================== --- redis-6.2.6.orig/src/t_set.c +++ redis-6.2.6/src/t_set.c @@ -668,6 +668,10 @@ void srandmemberWithCountCommand(client dict *d; if (getLongFromObjectOrReply(c,c->argv[2],&l,NULL) != C_OK) return; + if (l<-LONG_MAX) { + addReplyError(c, "value is out of range"); + return; + } if (l >= 0) { count = (unsigned long) l; } else { Index: tests/unit/type/set.tcl =================================================================== --- redis-6.2.6.orig/tests/unit/type/set.tcl +++ redis-6.2.6/tests/unit/type/set.tcl @@ -601,6 +601,11 @@ start_server { r readraw 0 + test "SRANDMEMBER count overflow" { + r sadd myset a + assert_error {*value is out of range*} {r srandmember myset -9223372036854775808} + } {} + foreach {type contents} { hashtable { 1 5 10 50 125 50000 33959417 4775547 65434162
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor