File redis-CVE-2023-28856.patch of Package redis

Overview Repositories Revisions Requests Users Attributes Meta

File redis-CVE-2023-28856.patch of Package redis

From bc7fe41e5857a0854d524e2a63a028e9394d2a5c Mon Sep 17 00:00:00 2001
From: chendianqiang <c.d_q@163.com>
Date: Sun, 28 Aug 2022 16:33:41 +0800
Subject: [PATCH] fix hincrbyfloat not to create a key if the new value is
 invalid (#11149)

Check the validity of the value before performing the create operation,
prevents new data from being generated even if the request fails to execute.

Co-authored-by: Oran Agra <oran@redislabs.com>
Co-authored-by: chendianqiang <chendianqiang@meituan.com>
Co-authored-by: Binbin <binloveplay1314@qq.com>
---
 src/t_hash.c             | 4 ++++
 tests/unit/type/hash.tcl | 4 ++++
 2 files changed, 8 insertions(+)

diff --git a/src/t_hash.c b/src/t_hash.c
index 63447a4c1f95..a2af438aee39 100644
--- a/src/t_hash.c
+++ b/src/t_hash.c
@@ -666,6 +666,10 @@ void hincrbyfloatCommand(client *c) {
     unsigned int vlen;
 
     if (getLongDoubleFromObjectOrReply(c,c->argv[3],&incr,NULL) != C_OK) return;
+    if (isnan(incr) || isinf(incr)) {
+        addReplyError(c,"value is NaN or Infinity");
+        return;
+    }
     if ((o = hashTypeLookupWriteOrCreate(c,c->argv[1])) == NULL) return;
     if (hashTypeGetValue(o,c->argv[2]->ptr,&vstr,&vlen,&ll) == C_OK) {
         if (vstr) {
diff --git a/tests/unit/type/hash.tcl b/tests/unit/type/hash.tcl
index ae5677383d62..613134af3475 100644
--- a/tests/unit/type/hash.tcl
+++ b/tests/unit/type/hash.tcl
@@ -819,4 +819,8 @@ start_server {tags {"hash"}} {
         set _ $k
     } {ZIP_INT_8B 127 ZIP_INT_16B 32767 ZIP_INT_32B 2147483647 ZIP_INT_64B 9223372036854775808 ZIP_INT_IMM_MIN 0 ZIP_INT_IMM_MAX 12}
 
+    test {HINCRBYFLOAT does not allow NaN or Infinity} {
+        assert_error "*value is NaN or Infinity*" {r hincrbyfloat hfoo field +inf}
+        assert_equal 0 [r exists hfoo]
+    }
 }

Places

File redis-CVE-2023-28856.patch of Package redis

Places