Age | Commit message (Collapse) | Author |
|
|
|
A command with a faulty formatting string that lacks the
conversion specifier results in a ASAN heap-buffer-overflow.
This was due to that strchr() matches on null-termination,
which triggers a continuation of the string parsing.
|
|
Fix potential fault at createDoubleObject
|
|
|
|
Resolves #963.
Add additional check to `hi_malloc` for `r->str` when len equals to
SIZE_MAX.
|
|
Since `hi_calloc` always passes through one of our wrapper functions,
we can perform this overflow in the wrapper, and get protection
everywhere.
Previous commit: 76a7b10005c70babee357a7d0f2becf28ec7ed1e
Related vuln ID: CVE-2021-32765
[Full Details](https://github.com/redis/hiredis/security/advisories/GHSA-hfm9-39pp-55p2)
|
|
Merge the v1.0.1 release branch and bump the dev version to 1.0.2-dev
|
|
This fix prevents hiredis from trying to allocate more than `SIZE_MAX`
bytes, which would result in a buffer overrun.
[Full Details](https://github.com/redis/hiredis/security/advisories/GHSA-hfm9-39pp-55p2)
|
|
Co-authored-by: James Rouzier <jrouzier@inverse.ca>
|
|
When set hiredis will not automatically free replies in an async context, and the replies must be freed instead by the user.
Co-authored-by: Michael Grunder <michael.grunder@gmail.com>
|
|
Since redisGetReplyFromReader is exposed in a header file, we probably
shouldn't modify how it behaves in any way. For this reason, handle the
changed logic in an internal static helper method.
|
|
RESP3 invalidation messages always seemed to be sent before the response
to a given command, but it appears this is not always the case:
In Redis 6.2.0RC1 Redis sends the invalidation after the HSET in the
following sequence:
```
hget hash field
$5
value
hset hash field value
:0
>2
$10
invalidate
*1
$4
hash
```
To account for this possibility just wrap redisGetReplyFromReader in a
loop as it is called twice in redisGetReply.
|
|
|
|
Per RESP3, push messages are able to contain exactly what array
messages can contain (that is, any other type).
|
|
|
|
|
|
When CLIENT TRACKING is enabled, Redis will send an invalidation message
with a NIL payload to all tracking clients after a FLUSHDB is executed.
We didn't account for REDIS_REPLY_PUSH being a valid parent object to a
NIL payload, and were failing an assertion.
Additionally this commit adds a regression test for the logic.
|
|
|
|
We need to allow our users to use redisContext->privdata as context
for any RESP3 PUSH messages, which means we can't use it for managing
SSL connections.
Bulletpoints:
* Create a secondary redisContext member for internal use only called
privctx and rename the redisContextFuncs->free_privdata accordingly.
* Adds a `free_privdata` function pointer so the user can tie allocated
memory to the lifetime of a redisContext (like they can already do
with redisAsyncContext)
* Enables SSL tests in .travis.yml
|
|
Add an additional timeout so the user has a convenient way of controlling distinct connect and command timeouts
|
|
Proper support for RESP3 PUSH messages.
By default, PUSH messages are now intercepted and the reply memory freed.
This means existing code should work unchanged when connecting to Redis
>= 6.0.0 even if `CLIENT TRACKING` were then enabled.
Additionally, we define two callbacks users can configure if they wish to handle
these messages in a custom way:
void redisPushFn(void *privdata, void *reply);
void redisAsyncPushFn(redisAsyncContext *ac, void *reply);
See #825
|
|
When connecting with a timeout, we shouldn't also call `redisSetTimeout` which will implement a timeout for commands.
See related issue #722
|
|
Fix overflow bug in `sdsrange`
|
|
* Adds an indirection to every allocation/deallocation to allow users to
plug in ones of their choosing (use custom functions, jemalloc, etc).
* Gracefully handle OOM everywhere in hiredis. This should make it possible
for users of the library to have more flexibility in how they handle such situations.
* Changes `redisReaderTask->elements` from an `int` to a `long long` to prevent
a possible overflow when transferring the task elements into a `redisReply`.
* Adds a configurable `max elements` member to `redisReader` that defaults to
2^32 - 1. This can be set to "unlimited" by setting the value to zero.
|
|
Fixes #815
|
|
Pull RESP3 verbatim string handling from Redis
Fixes #802
|
|
We currently perform a NULL check in redisGetReply and don't push the
reply back to the caller, but we don't free any reply meaning that this
will leak memory:
redisGetReply(context, NULL);
This change simply frees the reply if we were passed NULL.
Addresses #740
|
|
We should not attempt to keep the context and re-establish the
TLS connection for several reasons:
1. Maintain symmetry between redisConnect() and redisReconnect(), so in
both cases an extra step is required to initiate SSL.
2. The caller may also wish to reconfigure the SSL session and needs a
chance to do that.
3. It is not a practical thing to do on an async non-blocking connection
context.
|
|
|
|
Port RESP3 support from Redis.
|
|
|
|
This corresponds to commits d5c54f0b..bea09a7f in the redis repository.
|
|
|
|
With this change, Hiredis builds with MinGW and runs on Windows.
|
|
The redisFD type should be equal to the system native socket file
desciptor type (for POSIX, this is a plain int).
We also introduce the REDIS_INVALID_FD value, which maps to -1 on POSIX
systems.
|
|
This makes hiredis.c free from system calls related to socket I/O. This
is also makes the treatment of raw socket connections more similar to
the SSL backend.
|
|
|
|
|
|
This helps us detect use-after-free
|
|
|
|
|
|
also, clean up redisContextInit -- we're just zeoring the struct
|
|
This reduces the boilerplate of all the redisConnectXXX functions, and
allows us to provide more connection options in the future.
|
|
|
|
Referred to redisContextReadReply which I cannot find in this codebase
nor the old redis-tools one. Presumably this meant to say
redisGetReplyFromReader which is how redisBufferRead is used in this
file. Could've also meant the interface function redisReaderGetReply.
|
|
This retrieves the actual error which occurred, as getsockopt is not
always reliable in this regard.
|
|
This makes createArray consistent with createString, which also takes
size_t. Bounds-check and unit tests are updated to allow up to
min(SIZE_MAX,LLONG_MAX).
Changelog is updated to mention this API break.
Signed-off-by: Justin Brewer <jzb0012@auburn.edu>
|
|
free(NULL) is a valid NOP. Most of the hiredis free functions behave the
same way. redisReaderFree is updated to also be NULL-safe.
There is one redundant NULL check at sds.c:1036, but it's left as is
since sds is imported from upstream.
Signed-off-by: Justin Brewer <jzb0012@auburn.edu>
|
|
calloc is guaranteed to provide a zero-initialized buffer. There is
no need to set fields to zero explicitly.
Signed-off-by: Justin Brewer <jzb0012@auburn.edu>
|
|
Since _GNU_SOURCE is now guaranteed to be unset, it is no longer
necessary to support the GNU-specific version of strerror_r.
Drop __redis_strerror_r from the header, and call strerror_r directly.
This breaks any external users of this macro, but they shouldn't have
been using it in the first place.
Signed-off-by: Justin Brewer <jzb0012@auburn.edu>
|