Age | Commit message (Collapse) | Author |
|
Resolves #963.
Add additional check to `hi_malloc` for `r->str` when len equals to
SIZE_MAX.
|
|
* Exclude includes from /usr in coverage reporting
* Correct build target `coverage` for enabled ssl
`USE_SSL=1 make coverage` will now build the test binary with the
forwarded define HIREDIS_TEST_SSL. This avoids inconsistency between
built test binary and the testrunner `test.sh`.
This enables test coverage measurements for SSL too.
|
|
|
|
|
|
I'm sure this can be done with a container matrix but figuring that out
is left for another day.
|
|
|
|
|
|
See: #992
TODO: MinGW/cygwin tests
|
|
Since TravisCI.org was deprecated we've been without any tests. This
commit adds back basic tests in Ubuntu, CentOS, and MacOS.
More sophisticated tests/platforms to come in the future (e.g. 32bit
tests).
See: #992
|
|
|
|
Since `hi_calloc` always passes through one of our wrapper functions,
we can perform this overflow in the wrapper, and get protection
everywhere.
Previous commit: 76a7b10005c70babee357a7d0f2becf28ec7ed1e
Related vuln ID: CVE-2021-32765
[Full Details](https://github.com/redis/hiredis/security/advisories/GHSA-hfm9-39pp-55p2)
|
|
Or it'll be treated as part of the var name.
|
|
|
|
|
|
|
|
Merge the v1.0.1 release branch and bump the dev version to 1.0.2-dev
|
|
|
|
This fix prevents hiredis from trying to allocate more than `SIZE_MAX`
bytes, which would result in a buffer overrun.
[Full Details](https://github.com/redis/hiredis/security/advisories/GHSA-hfm9-39pp-55p2)
|
|
|
|
Co-authored-by: James Rouzier <jrouzier@inverse.ca>
|
|
When set hiredis will not automatically free replies in an async context, and the replies must be freed instead by the user.
Co-authored-by: Michael Grunder <michael.grunder@gmail.com>
|
|
|
|
Closes #929
|
|
Bugfix: Ignore timeout callback from a successful connect (fixes #945)
|
|
improve SSL leak fix redis/hiredis#896
|
|
fix(docs): corrects typos in project README
|
|
|
|
Free SSL object when redisSSLConnect fails but avoid doing that for
callers of redisInitiateSSL who are supposed to manager their own SSL
object.
Signed-off-by: Hans Zandbelt <hans.zandbelt@zmartzone.eu>
|
|
|
|
Since redisGetReplyFromReader is exposed in a header file, we probably
shouldn't modify how it behaves in any way. For this reason, handle the
changed logic in an internal static helper method.
|
|
RESP3 invalidation messages always seemed to be sent before the response
to a given command, but it appears this is not always the case:
In Redis 6.2.0RC1 Redis sends the invalidation after the HSET in the
following sequence:
```
hget hash field
$5
value
hset hash field value
:0
>2
$10
invalidate
*1
$4
hash
```
To account for this possibility just wrap redisGetReplyFromReader in a
loop as it is called twice in redisGetReply.
|
|
Updates and improvements to the RESP3 protocol reader.
* Fix the unset len field when creating RESP3 double objects
* Fix RESP3 double infinity parsing
* Add additional validations when parsing various reply types
* Fix the parent type assertions in certain default reply object
creation callbacks (mostly to include PUSH as a parent).
* Additional reader test cases
* Implement RESP3 BIGNUM support
* Refactor seekNewline() to use memchr()
|
|
|
|
|
|
|
|
|
|
|
|
This ensures that malformed RESP3 double messages that include an
invalid null byte are not parsed as valid.
|
|
Per RESP3, push messages are able to contain exactly what array
messages can contain (that is, any other type).
|
|
|
|
|
|
|
|
|
|
|
|
RESP3 bools should be only one of "#t\r\n" or "#f\r\n". We also allow
capital 'T' and 'F' to be lenient.
|
|
|
|
RESP3 nil should consist of "_\r\n" and nothing else.
|
|
|
|
The ',' protocol byte gets removed in processItem(), so it should not
be compared against in processLineItem().
strtod() allows multiple representations of infinity and NaN that are
not RESP3 compliant. Since we explicitly check for the two compliant
infinity cases, strtod() should only return finite values.
|
|
|