From 51e693f4fd54d6a9dfbdafa1b361f6618e4f7ba3 Mon Sep 17 00:00:00 2001 From: Alex Smith Date: Thu, 15 Oct 2020 17:55:30 -0400 Subject: read: Add additional RESP3 bool validation RESP3 bools should be only one of "#t\r\n" or "#f\r\n". We also allow capital 'T' and 'F' to be lenient. --- read.c | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/read.c b/read.c index 57da853..1378671 100644 --- a/read.c +++ b/read.c @@ -331,7 +331,15 @@ static int processLineItem(redisReader *r) { else obj = (void*)REDIS_REPLY_NIL; } else if (cur->type == REDIS_REPLY_BOOL) { - int bval = p[0] == 't' || p[0] == 'T'; + int bval; + + if (len != 1 || !strchr("tTfF", p[0])) { + __redisReaderSetError(r,REDIS_ERR_PROTOCOL, + "Bad bool value"); + return REDIS_ERR; + } + + bval = p[0] == 't' || p[0] == 'T'; if (r->fn && r->fn->createBool) obj = r->fn->createBool(cur,bval); else -- cgit v1.2.3