Age | Commit message (Collapse) | Author |
|
Redis responds to an unsubscribe with one or many replies, depending
on the current subscribe state. When channels/patterns names are
provided in a command each given name will trigger a reply even if
duplicated or not subscribed to.
To know when we can return from the subscribed state we need to do
bookkeeping on pending additional unsubscribe replies, and make sure
we receive them all before switching state.
|
|
|
|
* No reuse of the previous reply callback
When multiple replies are parsed from a socket in one read
a previously found callback might get reused when the current
reply has no known callback.
This can be triggered by the added testcase which unsubscribe to
subscribed (A,B) and a non-subscribed channel (X).
Without this correction a callback for wrong channel is called.
- In 'unsubscribe B X A', B's callback is called when handling X.
- Now this is not done, i.e. there is no callback called for X.
* Re-push monitor callback for each reply
MONITORING used the same callback for all replies while parsing
multiple responses. This handling was changed to avoid calling
the wrong callback in some scenarios.
Now also change monitorings repush to work with this change.
Includes an added async monitoring testcase.
|
|
* Add test of async commands after unsubscribe
Verify that commands are handled after unsubscribing from a channel.
A command is sent before the `unsubscribe` response is received,
which currently triggers an assert in async.c:567:
`redisProcessCallbacks: Assertion `(c->flags & REDIS_SUBSCRIBED || c->flags & REDIS_MONITORING)' failed.`
* Handle async commands after an unsubscribe
When unsubscribing from the last channel we move from the `subscribe`
state to a normal state. These states uses different holders for the
command callback information.
By moving the callback info during the state change the callback order
can be maintained.
|
|
* Add test of command timeout during pubsub
A timeout of a non-subscribe command will be ignored during pubsub.
It will be handled as an idle timeout and a response is awaited for.
* Correction for command timeout during pubsub
Disconnect when a sent non-subscribe command triggers a timeout.
|
|
RESP3 allows sending commands in parallell with pubsub handling
and these commands might get responded with a REDIS_REPLY_ARRAY.
This conflicts with the pubsub response handling for RESP2 and
results in a faulty state when using RESP3.
Add functionality to keep track of PUSH/RESP3 support on the connection
and only expect the message type REDIS_REPLY_PUSH as subscribe messages
when once seen.
|
|
* Handle PING during pubsub in RESP2
* Rename invalid callback list
Some commands are valid to send during a subscribe in RESP2, and
most in RESP3. Renaming the callback list from `invalid` to `replies`
to detail this fact.
* Fix review comment
|
|
* Include `unsubscribe` as a subscribe reply in RESP3
By providing the (p)unsubscribe message via the subscribe callback,
instead of via the push callback, we get the same behavior in RESP3
as in RESP2.
* Add asynchronous test for pubsub using RESP3
The testcase will subscribe to a channel, and via a second client
a message is published to the channel. After receiving the message
the testcase will unsubscribe and disconnect.
This RESP3 testcase reuses the subscribe callback from the RESP2
testcase to make sure we have a common behavior.
|
|
|
|
The testcase will subscribe to a channel, and via a second client
a message is published to the channel. After receiving the message
the testcase will unsubscribe and disconnect.
|
|
|
|
Since `hi_calloc` always passes through one of our wrapper functions,
we can perform this overflow in the wrapper, and get protection
everywhere.
Previous commit: 76a7b10005c70babee357a7d0f2becf28ec7ed1e
Related vuln ID: CVE-2021-32765
[Full Details](https://github.com/redis/hiredis/security/advisories/GHSA-hfm9-39pp-55p2)
|
|
Merge the v1.0.1 release branch and bump the dev version to 1.0.2-dev
|
|
This fix prevents hiredis from trying to allocate more than `SIZE_MAX`
bytes, which would result in a buffer overrun.
[Full Details](https://github.com/redis/hiredis/security/advisories/GHSA-hfm9-39pp-55p2)
|
|
|
|
This ensures that malformed RESP3 double messages that include an
invalid null byte are not parsed as valid.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
When CLIENT TRACKING is enabled, Redis will send an invalidation message
with a NIL payload to all tracking clients after a FLUSHDB is executed.
We didn't account for REDIS_REPLY_PUSH being a valid parent object to a
NIL payload, and were failing an assertion.
Additionally this commit adds a regression test for the logic.
|
|
We need to allow our users to use redisContext->privdata as context
for any RESP3 PUSH messages, which means we can't use it for managing
SSL connections.
Bulletpoints:
* Create a secondary redisContext member for internal use only called
privctx and rename the redisContextFuncs->free_privdata accordingly.
* Adds a `free_privdata` function pointer so the user can tie allocated
memory to the lifetime of a redisContext (like they can already do
with redisAsyncContext)
* Enables SSL tests in .travis.yml
|
|
Proper support for RESP3 PUSH messages.
By default, PUSH messages are now intercepted and the reply memory freed.
This means existing code should work unchanged when connecting to Redis
>= 6.0.0 even if `CLIENT TRACKING` were then enabled.
Additionally, we define two callbacks users can configure if they wish to handle
these messages in a custom way:
void redisPushFn(void *privdata, void *reply);
void redisAsyncPushFn(redisAsyncContext *ac, void *reply);
See #825
|
|
|
|
|
|
Using `strdup` as a struct member causes issues in older gcc
|
|
|
|
* Adds an indirection to every allocation/deallocation to allow users to
plug in ones of their choosing (use custom functions, jemalloc, etc).
* Gracefully handle OOM everywhere in hiredis. This should make it possible
for users of the library to have more flexibility in how they handle such situations.
* Changes `redisReaderTask->elements` from an `int` to a `long long` to prevent
a possible overflow when transferring the task elements into a `redisReply`.
* Adds a configurable `max elements` member to `redisReader` that defaults to
2^32 - 1. This can be set to "unlimited" by setting the value to zero.
|
|
Fixes #815
|
|
Pull RESP3 verbatim string handling from Redis
Fixes #802
|
|
* Remove nested depth limitation.
This commit removes the nested multi-bulk depth limitation of 7.
We do this by switching to pointer to pointer indirection and
growing the stack in chunks when needed.
See: #794, #421
|
|
Unit tests in Windows and a Windows timeout fix
This commit gets our unit tests compiling and running on Windows as well as removes a duplicated `timeval` -> `DWORD` conversion logic in sockcompat.c
There are minor differences in behavior between Linux and Windows to note:
1. In Windows, opening a non-existent hangs forever in WSAPoll whereas
it correctly returns with a "Connection refused" error on Linux.
For that reason, I simply skip this test in Windows.
It may be related to this known issue:
https://daniel.haxx.se/blog/2012/10/10/wsapoll-is-broken/
2. Timeouts are handled slightly differently in Windows and Linux.
In Linux, we intentionally set REDIS_ERR_IO for connection
timeouts whereas in Windows we set REDIS_ERR_TIMEOUT. It may be
prudent to fix this discrepancy although there are almost certainly
users relying on the current behavior.
|
|
We currently perform a NULL check in redisGetReply and don't push the
reply back to the caller, but we don't free any reply meaning that this
will leak memory:
redisGetReply(context, NULL);
This change simply frees the reply if we were passed NULL.
Addresses #740
|
|
redisFormatSdsCommandArgv takes an sds* and calls sdsempty() for us.
Addresses #714
|
|
This repeats all existing tests in SSL mode, but does not yet provide
SSL-specific tests.
|
|
|
|
This makes the tests pass on musl[1] based distros like Alpine Linux.
[1]: https://www.musl-libc.org/
|
|
As it turns out 'idontexist.com' actually does exist.
|
|
|
|
Some ISPs like to inject their own "Suggestions" page whenever you hit
NXDOMAIN. This confuses Redis as well as addrinfo (black-holing the
route).
|
|
This makes createArray consistent with createString, which also takes
size_t. Bounds-check and unit tests are updated to allow up to
min(SIZE_MAX,LLONG_MAX).
Changelog is updated to mention this API break.
Signed-off-by: Justin Brewer <jzb0012@auburn.edu>
|
|
|
|
|
|
processMultiBulkItem truncates the value read from readLongLong,
resulting in a corrupted state when the next item is read.
createArray takes an int, so bound to INT_MAX.
Inspection showed that processBulkItem had the same truncation issue.
createString takes size_t, so bound to SIZE_MAX. This only has an
effect on 32-bit platforms.
A strict lower bound is also added, since negative lengths other
than -1 are invalid according to RESP.
Signed-off-by: Justin Brewer <jzb0012@auburn.edu>
|
|
Badly formatted or out-of-range integers are now protocol errors.
Signed-off-by: Justin Brewer <jzb0012@auburn.edu>
|
|
|
|
Fix potential race in 'invalid timeout' tests
It's possible for the call to connect() to succeed on the very first try, in which case the logic for checking for invalid timeout fields is never executed. When this happens, the tests fail because they expect a REDIS_ERR_IO but no such failure has occurred.
Tests aside, this is a potential source of irritating and hard-to-find intermittent bugs.
This patch forces the validation to occur early so that we get predictable behavior whenever an invalid timeout is specified.
|
|
- fix macro problem in mingw-gcc
- fix typedef in cygwin
|