| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2021-10-10 | Minor refactor of CVE-2021-32765 fix. | michael-grunder | |
| Since `hi_calloc` always passes through one of our wrapper functions, we can perform this overflow in the wrapper, and get protection everywhere. Previous commit: 76a7b10005c70babee357a7d0f2becf28ec7ed1e Related vuln ID: CVE-2021-32765 [Full Details](https://github.com/redis/hiredis/security/advisories/GHSA-hfm9-39pp-55p2) | |||
| 2021-10-09 | Remove extra comma from cmake var. | Tongliang Liao | |
| Or it'll be treated as part of the var name. | |||
| 2021-10-07 | Merge branch 'release/v1.0.2' | michael-grunder | |
| 2021-10-07 | Prepare for v1.0.2 GA | michael-grunder | |
| 2021-10-07 | Revert erroneous SONAME bump | michael-grunder | |
| 2021-10-04 | Merge branch 'release/v1.0.1' | michael-grunder | |
| Merge the v1.0.1 release branch and bump the dev version to 1.0.2-dev | |||
| 2021-10-04 | Prepare for v1.0.1 GA | michael-grunder | |
| 2021-10-04 | Fix for integer/buffer overflow CVE-2021-32765 | Yossi Gottlieb | |
| This fix prevents hiredis from trying to allocate more than `SIZE_MAX` bytes, which would result in a buffer overrun. [Full Details](https://github.com/redis/hiredis/security/advisories/GHSA-hfm9-39pp-55p2) | |||
| 2021-10-03 | Allow to override OPENSSL_PREFIX in Linux | Yunier Perez | |
| 2021-08-18 | Don't leak memory if an invalid type is set (#906) | rouzier | |
| Co-authored-by: James Rouzier <jrouzier@inverse.ca> | |||
| 2021-07-11 | Added REDIS_NO_AUTO_FREE_REPLIES flag (#962) | Meir Shpilraien (Spielrein) | |
| When set hiredis will not automatically free replies in an async context, and the replies must be freed instead by the user. Co-authored-by: Michael Grunder <michael.grunder@gmail.com> | |||
| 2021-06-17 | Ensure we curry any connect error to an async context. | michael-grunder | |
| 2021-05-23 | Fix README.md | michael-grunder | |
| Closes #929 | |||
| 2021-05-02 | Merge pull request #935 from kristjanvalur/pr5 | Michael Grunder | |
| Bugfix: Ignore timeout callback from a successful connect (fixes #945) | |||
| 2021-05-02 | Merge pull request #939 from zmartzone/improve_pr_896_ssl_leak | Michael Grunder | |
| improve SSL leak fix redis/hiredis#896 | |||
| 2021-05-02 | Merge pull request #949 from plan-do-break-fix/Typo-corrections | Michael Grunder | |
| fix(docs): corrects typos in project README | |||
| 2021-04-24 | fix(docs): corrects typos in project README | plan-do-break-fix | |
| 2021-04-11 | improve SSL leak fix redis/hiredis#896 | Hans Zandbelt | |
| Free SSL object when redisSSLConnect fails but avoid doing that for callers of redisInitiateSSL who are supposed to manager their own SSL object. Signed-off-by: Hans Zandbelt <hans.zandbelt@zmartzone.eu> | |||
| 2021-04-08 | Ignore timeout callback from a successful connect | Kristján Valur Jónsson | |
| 2021-04-02 | Change order independant push logic to not change behavior. | michael-grunder | |
| Since redisGetReplyFromReader is exposed in a header file, we probably shouldn't modify how it behaves in any way. For this reason, handle the changed logic in an internal static helper method. | |||
| 2021-04-02 | Handle the case where an invalidation is sent second. | michael-grunder | |
| RESP3 invalidation messages always seemed to be sent before the response to a given command, but it appears this is not always the case: In Redis 6.2.0RC1 Redis sends the invalidation after the HSET in the following sequence: ``` hget hash field $5 value hset hash field value :0 >2 $10 invalidate *1 $4 hash ``` To account for this possibility just wrap redisGetReplyFromReader in a loop as it is called twice in redisGetReply. | |||
| 2021-02-25 | Merge branch 'reader-updates' | michael-grunder | |
| Updates and improvements to the RESP3 protocol reader. * Fix the unset len field when creating RESP3 double objects * Fix RESP3 double infinity parsing * Add additional validations when parsing various reply types * Fix the parent type assertions in certain default reply object creation callbacks (mostly to include PUSH as a parent). * Additional reader test cases * Implement RESP3 BIGNUM support * Refactor seekNewline() to use memchr() | |||
| 2021-02-25 | Fix off-by-one error in seekNewline | michael-grunder | |
| 2021-02-25 | read: Validate line items prior to checking for object creation callbacks | Alex Smith | |
| 2021-02-25 | read: Remove obsolete comment on nested multi bulk depth limitation | Alex Smith | |
| 2021-02-25 | read: Add support for the RESP3 bignum type | Alex Smith | |
| 2021-02-25 | read: Ensure no invalid '\r' or '\n' in simple status/error strings | Alex Smith | |
| 2021-02-25 | read: Additional validation and test case for RESP3 double | Alex Smith | |
| This ensures that malformed RESP3 double messages that include an invalid null byte are not parsed as valid. | |||
| 2021-02-25 | redisReply: Fix parent type assertions during double, nil, bool creation | Alex Smith | |
| Per RESP3, push messages are able to contain exactly what array messages can contain (that is, any other type). | |||
| 2021-02-25 | redisReply: Explicitly list nil and bool cases in freeReplyObject() switch. | Alex Smith | |
| 2021-02-25 | test: Add test case for RESP3 set | Alex Smith | |
| 2021-02-25 | test: Add test case for RESP3 map | Alex Smith | |
| 2021-02-25 | read: Use memchr() in seekNewline() instead of looping over entire string | Alex Smith | |
| 2021-02-25 | test: Add test cases for RESP3 bool | Alex Smith | |
| 2021-02-25 | read: Add additional RESP3 bool validation | Alex Smith | |
| RESP3 bools should be only one of "#t\r\n" or "#f\r\n". We also allow capital 'T' and 'F' to be lenient. | |||
| 2021-02-25 | test: Add test cases for RESP3 nil | Alex Smith | |
| 2021-02-25 | read: Add additional RESP3 nil validation | Alex Smith | |
| RESP3 nil should consist of "_\r\n" and nothing else. | |||
| 2021-02-25 | test: Add test cases for infinite and NaN doubles | Alex Smith | |
| 2021-02-25 | read: Fix double validation and infinity parsing | Alex Smith | |
| The ',' protocol byte gets removed in processItem(), so it should not be compared against in processLineItem(). strtod() allows multiple representations of infinity and NaN that are not RESP3 compliant. Since we explicitly check for the two compliant infinity cases, strtod() should only return finite values. | |||
| 2021-02-25 | test: Add test case for doubles | Alex Smith | |
| 2021-02-25 | redisReply: Fix - set len in double objects | Alex Smith | |
| 2021-02-17 | Merge pull request #924 from cheese1/master | Michael Grunder | |
| http -> https | |||
| 2021-02-17 | http -> https | cheese1 | |
| 2021-01-26 | Merge pull request #917 from Nordix/stack-alloc-dict-iter | Michael Grunder | |
| Stack allocate dict iterators | |||
| 2021-01-26 | Handle OOM during async command callback registration | Bjorn Svensson | |
| Unless the callback is pushed to the list it will trigger an assert in redisProcessCallbacks() when the response arrives. This change let the user get an early error instead, available in the async context directly. | |||
| 2021-01-25 | Stack allocate dict iterators | Bjorn Svensson | |
| Replacing the get & release functions with an initiation function. Simplifies the code and will make sure we run subscription callbacks in OOM scenarios. | |||
| 2020-12-12 | Tiny formatting changes + suppress implicit memcpy warning | michael-grunder | |
| 2020-12-12 | Removed 2 typecasts | AdamKorcz | |
| 2020-12-11 | Added fuzzer | AdamKorcz | |
| 2020-11-15 | Merge pull request #896 from ayeganov/bugfix/ssl_leak | Michael Grunder | |
| Free SSL object when redisSSLConnect fails | |||
 |
index : navi/hiredict.git | |
| Unnamed repository; edit this file 'description' to name the repository. |
| summaryrefslogtreecommitdiff |