From 36a0168cfd6c335f9a2ce8ff8d0814e7dfd87722 Mon Sep 17 00:00:00 2001 From: antirez Date: Wed, 30 Jan 2019 08:25:08 +0100 Subject: [PATCH] ACL: return error when adding subcommands of fully added commands. It's almost certainly an error from the user side. --- src/acl.c | 18 +++++++++++++++++- 1 file changed, 17 insertions(+), 1 deletion(-) diff --git a/src/acl.c b/src/acl.c index cc5f17cbf..5f4185170 100644 --- a/src/acl.c +++ b/src/acl.c @@ -485,7 +485,10 @@ void ACLAddAllowedSubcommand(user *u, unsigned long id, const char *sub) { * * EINVAL: The specified opcode is not understood. * ENOENT: The command name or command category provided with + or - is not - * known. */ + * known. + * EBUSY: The subcommand you want to add is about a command that is currently + * fully added. + */ int ACLSetUser(user *u, const char *op, ssize_t oplen) { if (oplen == -1) oplen = strlen(op); if (!strcasecmp(op,"on")) { @@ -568,6 +571,15 @@ int ACLSetUser(user *u, const char *op, ssize_t oplen) { return C_ERR; } + /* The command should not be set right now in the command + * bitmap, because adding a subcommand of a fully added + * command is probably an error on the user side. */ + if (ACLGetUserCommandBit(u,id) == 1) { + zfree(copy); + errno = EBUSY; + return C_ERR; + } + /* Add the subcommand to the list of valid ones. */ ACLAddAllowedSubcommand(u,id,sub); @@ -809,6 +821,10 @@ void aclCommand(client *c) { errmsg = "unknown command or category name in ACL"; else if (errno == EINVAL) errmsg = "syntax error"; + else if (errno == EBUSY) + errmsg = "adding a subcommand of a command already fully " + "added is not allowed. Remove the command to start. " + "Example: -DEBUG +DEBUG|DIGEST"; addReplyErrorFormat(c, "Error in ACL SETUSER modifier '%s': %s", (char*)c->argv[j]->ptr, errmsg);