File CVE-2023-28856.patch of Package redis7

Overview Repositories Revisions Requests Users Attributes Meta

File CVE-2023-28856.patch of Package redis7

From 1c1bd618c95e26a8ff5c12e70cbf0117233ef073 Mon Sep 17 00:00:00 2001
From: chendianqiang <c.d_q@163.com>
Date: Sun, 28 Aug 2022 16:33:41 +0800
Subject: [PATCH] fix hincrbyfloat not to create a key if the new value is
 invalid (#11149)

Check the validity of the value before performing the create operation,
prevents new data from being generated even if the request fails to execute.

Co-authored-by: Oran Agra <oran@redislabs.com>
Co-authored-by: chendianqiang <chendianqiang@meituan.com>
Co-authored-by: Binbin <binloveplay1314@qq.com>
(cherry picked from commit bc7fe41e5857a0854d524e2a63a028e9394d2a5c)
---
 src/t_hash.c             | 4 ++++
 tests/unit/type/hash.tcl | 4 ++++
 2 files changed, 8 insertions(+)

diff --git a/src/t_hash.c b/src/t_hash.c
index f4ddccc62134..518aeb6b56cf 100644
--- a/src/t_hash.c
+++ b/src/t_hash.c
@@ -670,6 +670,10 @@ void hincrbyfloatCommand(client *c) {
     unsigned int vlen;
 
     if (getLongDoubleFromObjectOrReply(c,c->argv[3],&incr,NULL) != C_OK) return;
+    if (isnan(incr) || isinf(incr)) {
+        addReplyError(c,"value is NaN or Infinity");
+        return;
+    }
     if ((o = hashTypeLookupWriteOrCreate(c,c->argv[1])) == NULL) return;
     if (hashTypeGetValue(o,c->argv[2]->ptr,&vstr,&vlen,&ll) == C_OK) {
         if (vstr) {
diff --git a/tests/unit/type/hash.tcl b/tests/unit/type/hash.tcl
index 4edb146ed5da..721b744c10f4 100644
--- a/tests/unit/type/hash.tcl
+++ b/tests/unit/type/hash.tcl
@@ -826,4 +826,8 @@ start_server {tags {"hash"}} {
         set _ $k
     } {ZIP_INT_8B 127 ZIP_INT_16B 32767 ZIP_INT_32B 2147483647 ZIP_INT_64B 9223372036854775808 ZIP_INT_IMM_MIN 0 ZIP_INT_IMM_MAX 12}
 
+    test {HINCRBYFLOAT does not allow NaN or Infinity} {
+        assert_error "*value is NaN or Infinity*" {r hincrbyfloat hfoo field +inf}
+        assert_equal 0 [r exists hfoo]
+    }
 }

Places

File CVE-2023-28856.patch of Package redis7

Places