File CVE-2024-31449.patch of Package redis.35906

Overview Repositories Revisions Requests Users Attributes Meta

File CVE-2024-31449.patch of Package redis.35906

From 1f7c148be2cbacf7d50aa461c58b871e87cc5ed9 Mon Sep 17 00:00:00 2001
From: Oran Agra <oran@redislabs.com>
Date: Wed, 2 Oct 2024 19:54:06 +0300
Subject: [PATCH] Fix lua bit.tohex (CVE-2024-31449)

INT_MIN value must be explicitly checked, and cannot be negated.
---
 deps/lua/src/lua_bit.c   | 1 +
 tests/unit/scripting.tcl | 6 ++++++
 2 files changed, 7 insertions(+)

diff --git a/deps/lua/src/lua_bit.c b/deps/lua/src/lua_bit.c
index 690df7d3ce6..a459ca98b18 100644
--- a/deps/lua/src/lua_bit.c
+++ b/deps/lua/src/lua_bit.c
@@ -131,6 +131,7 @@ static int bit_tohex(lua_State *L)
   const char *hexdigits = "0123456789abcdef";
   char buf[8];
   int i;
+  if (n == INT32_MIN) n = INT32_MIN+1;
   if (n < 0) { n = -n; hexdigits = "0123456789ABCDEF"; }
   if (n > 8) n = 8;
   for (i = (int)n; --i >= 0; ) { buf[i] = hexdigits[b & 15]; b >>= 4; }
diff --git a/tests/unit/scripting.tcl b/tests/unit/scripting.tcl
index 2e3a936c4e6..2381927cda2 100644
--- a/tests/unit/scripting.tcl
+++ b/tests/unit/scripting.tcl
@@ -528,6 +528,12 @@ start_server {tags {"scripting"}} {
         set e
     } {ERR*Attempt to modify a readonly table*}
 
+    test {lua bit.tohex bug} {
+        set res [r eval {return bit.tohex(65535, -2147483648)} 0]
+        r ping
+        set res
+    } {0000FFFF}
+
     test {Test an example script DECR_IF_GT} {
         set decr_if_gt {
             local current

Places

File CVE-2024-31449.patch of Package redis.35906

Places