Age | Commit message (Collapse) | Author |
|
|
|
Since `hi_calloc` always passes through one of our wrapper functions,
we can perform this overflow in the wrapper, and get protection
everywhere.
Previous commit: 76a7b10005c70babee357a7d0f2becf28ec7ed1e
Related vuln ID: CVE-2021-32765
[Full Details](https://github.com/redis/hiredis/security/advisories/GHSA-hfm9-39pp-55p2)
|
|
Merge the v1.0.1 release branch and bump the dev version to 1.0.2-dev
|
|
This fix prevents hiredis from trying to allocate more than `SIZE_MAX`
bytes, which would result in a buffer overrun.
[Full Details](https://github.com/redis/hiredis/security/advisories/GHSA-hfm9-39pp-55p2)
|
|
|
|
This ensures that malformed RESP3 double messages that include an
invalid null byte are not parsed as valid.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
When CLIENT TRACKING is enabled, Redis will send an invalidation message
with a NIL payload to all tracking clients after a FLUSHDB is executed.
We didn't account for REDIS_REPLY_PUSH being a valid parent object to a
NIL payload, and were failing an assertion.
Additionally this commit adds a regression test for the logic.
|
|
We need to allow our users to use redisContext->privdata as context
for any RESP3 PUSH messages, which means we can't use it for managing
SSL connections.
Bulletpoints:
* Create a secondary redisContext member for internal use only called
privctx and rename the redisContextFuncs->free_privdata accordingly.
* Adds a `free_privdata` function pointer so the user can tie allocated
memory to the lifetime of a redisContext (like they can already do
with redisAsyncContext)
* Enables SSL tests in .travis.yml
|
|
Proper support for RESP3 PUSH messages.
By default, PUSH messages are now intercepted and the reply memory freed.
This means existing code should work unchanged when connecting to Redis
>= 6.0.0 even if `CLIENT TRACKING` were then enabled.
Additionally, we define two callbacks users can configure if they wish to handle
these messages in a custom way:
void redisPushFn(void *privdata, void *reply);
void redisAsyncPushFn(redisAsyncContext *ac, void *reply);
See #825
|
|
|
|
|
|
Using `strdup` as a struct member causes issues in older gcc
|
|
|
|
* Adds an indirection to every allocation/deallocation to allow users to
plug in ones of their choosing (use custom functions, jemalloc, etc).
* Gracefully handle OOM everywhere in hiredis. This should make it possible
for users of the library to have more flexibility in how they handle such situations.
* Changes `redisReaderTask->elements` from an `int` to a `long long` to prevent
a possible overflow when transferring the task elements into a `redisReply`.
* Adds a configurable `max elements` member to `redisReader` that defaults to
2^32 - 1. This can be set to "unlimited" by setting the value to zero.
|
|
Fixes #815
|
|
Pull RESP3 verbatim string handling from Redis
Fixes #802
|
|
* Remove nested depth limitation.
This commit removes the nested multi-bulk depth limitation of 7.
We do this by switching to pointer to pointer indirection and
growing the stack in chunks when needed.
See: #794, #421
|
|
Unit tests in Windows and a Windows timeout fix
This commit gets our unit tests compiling and running on Windows as well as removes a duplicated `timeval` -> `DWORD` conversion logic in sockcompat.c
There are minor differences in behavior between Linux and Windows to note:
1. In Windows, opening a non-existent hangs forever in WSAPoll whereas
it correctly returns with a "Connection refused" error on Linux.
For that reason, I simply skip this test in Windows.
It may be related to this known issue:
https://daniel.haxx.se/blog/2012/10/10/wsapoll-is-broken/
2. Timeouts are handled slightly differently in Windows and Linux.
In Linux, we intentionally set REDIS_ERR_IO for connection
timeouts whereas in Windows we set REDIS_ERR_TIMEOUT. It may be
prudent to fix this discrepancy although there are almost certainly
users relying on the current behavior.
|
|
We currently perform a NULL check in redisGetReply and don't push the
reply back to the caller, but we don't free any reply meaning that this
will leak memory:
redisGetReply(context, NULL);
This change simply frees the reply if we were passed NULL.
Addresses #740
|
|
redisFormatSdsCommandArgv takes an sds* and calls sdsempty() for us.
Addresses #714
|
|
This repeats all existing tests in SSL mode, but does not yet provide
SSL-specific tests.
|
|
|
|
This makes the tests pass on musl[1] based distros like Alpine Linux.
[1]: https://www.musl-libc.org/
|
|
As it turns out 'idontexist.com' actually does exist.
|
|
|
|
Some ISPs like to inject their own "Suggestions" page whenever you hit
NXDOMAIN. This confuses Redis as well as addrinfo (black-holing the
route).
|
|
This makes createArray consistent with createString, which also takes
size_t. Bounds-check and unit tests are updated to allow up to
min(SIZE_MAX,LLONG_MAX).
Changelog is updated to mention this API break.
Signed-off-by: Justin Brewer <jzb0012@auburn.edu>
|
|
|
|
|
|
processMultiBulkItem truncates the value read from readLongLong,
resulting in a corrupted state when the next item is read.
createArray takes an int, so bound to INT_MAX.
Inspection showed that processBulkItem had the same truncation issue.
createString takes size_t, so bound to SIZE_MAX. This only has an
effect on 32-bit platforms.
A strict lower bound is also added, since negative lengths other
than -1 are invalid according to RESP.
Signed-off-by: Justin Brewer <jzb0012@auburn.edu>
|
|
Badly formatted or out-of-range integers are now protocol errors.
Signed-off-by: Justin Brewer <jzb0012@auburn.edu>
|
|
|
|
Fix potential race in 'invalid timeout' tests
It's possible for the call to connect() to succeed on the very first try, in which case the logic for checking for invalid timeout fields is never executed. When this happens, the tests fail because they expect a REDIS_ERR_IO but no such failure has occurred.
Tests aside, this is a potential source of irritating and hard-to-find intermittent bugs.
This patch forces the validation to occur early so that we get predictable behavior whenever an invalid timeout is specified.
|
|
- fix macro problem in mingw-gcc
- fix typedef in cygwin
|
|
|
|
It's possible for the call to connect() to succeed on the very first
try, in which case the logic for checking for invalid timeout fields is
never executed. When this happens, the tests fail because they expect a
REDIS_ERR_IO but no such failure has occurred.
Tests aside, this is a potential source of irritating and hard-to-find
intermittent bugs.
This patch forces the validation to occur early so that we get
predictable behavior whenever an invalid timeout is specified.
|
|
|
|
Originally implemented by @abedra as part of #306.
In case a write or read times out, we force an error state, because we
can't guarantuee that the next read will get the right data.
Instead we need to reconnect to have a clean-state connection, which is
now easily possible with this method.
|
|
|
|
Closes #309
(such as when -DNDEBUG disables all assert() macros)
Inspired by keith-bennett-gbg, but re-rewritten to be more concise.
|
|
|
|
Suggested at
https://github.com/redis/hiredis/issues/294#issuecomment-69153074
This change also makes the test stop hanging for 10 to 30 seconds
waiting for the resolver to timeout. Now the resolver immediately
sees the hostname is bad and returns error without waiting for timeout.
|
|
Fixes #294
|
|
Test that redisFree() and freeReplyObject() do not crash when NULL is
passed in.
|