diff options
Diffstat (limited to 'CVE-2023-28856.patch')
| -rw-r--r-- | CVE-2023-28856.patch | 49 |
1 files changed, 49 insertions, 0 deletions
diff --git a/CVE-2023-28856.patch b/CVE-2023-28856.patch new file mode 100644 index 0000000..43ceb81 --- /dev/null +++ b/CVE-2023-28856.patch @@ -0,0 +1,49 @@ +From c924ac3fdf8fe544891dc66c88018e259ee4be87 Mon Sep 17 00:00:00 2001 +From: chendianqiang <c.d_q@163.com> +Date: Sun, 28 Aug 2022 16:33:41 +0800 +Subject: [PATCH] fix hincrbyfloat not to create a key if the new value is + invalid (#11149) + +Check the validity of the value before performing the create operation, +prevents new data from being generated even if the request fails to execute. + +Co-authored-by: Oran Agra <oran@redislabs.com> +Co-authored-by: chendianqiang <chendianqiang@meituan.com> +Co-authored-by: Binbin <binloveplay1314@qq.com> +(cherry picked from commit bc7fe41e5857a0854d524e2a63a028e9394d2a5c) +(cherry picked from commit 606a385935363ea46c0df4f40f8a949d85f7a20a) +(cherry picked from commit 7df23a5f51488ce002411c9d24b38520ad67b764) +--- + src/t_hash.c | 4 ++++ + tests/unit/type/hash.tcl | 5 +++++ + 2 files changed, 9 insertions(+) + +diff --git a/src/t_hash.c b/src/t_hash.c +index 3cdfdd169abf..13e65502f145 100644 +--- a/src/t_hash.c ++++ b/src/t_hash.c +@@ -605,6 +605,10 @@ void hincrbyfloatCommand(client *c) { + unsigned int vlen; + + if (getLongDoubleFromObjectOrReply(c,c->argv[3],&incr,NULL) != C_OK) return; ++ if (isnan(incr) || isinf(incr)) { ++ addReplyError(c,"value is NaN or Infinity"); ++ return; ++ } + if ((o = hashTypeLookupWriteOrCreate(c,c->argv[1])) == NULL) return; + if (hashTypeGetValue(o,c->argv[2]->ptr,&vstr,&vlen,&ll) == C_OK) { + if (vstr) { +diff --git a/tests/unit/type/hash.tcl b/tests/unit/type/hash.tcl +index 9f8a21b1ce11..931662989d82 100644 +--- a/tests/unit/type/hash.tcl ++++ b/tests/unit/type/hash.tcl +@@ -540,4 +540,9 @@ start_server {tags {"hash"}} { + assert {[r hincrbyfloat myhash float -0.1] eq {1.9}} + } + } ++ ++ test {HINCRBYFLOAT does not allow NaN or Infinity} { ++ assert_error "*value is NaN or Infinity*" {r hincrbyfloat hfoo field +inf} ++ assert_equal 0 [r exists hfoo] ++ } + } |