caleb-brown/redict
1
0
Fork 0
mirror of https://codeberg.org/redict/redict.git synced 2025-01-22 08:08:53 -05:00
Code Issues Actions Packages Projects Releases Wiki Activity

ACL: Fix parsing issue leading to denail of service

Browse Source 
Fix for CVE-2024-31227

This patch was provided to us by Valkey, who received it from Redis Ltd.

> An authenticated user with sufficient privileges may create a
> malformed ACL selector which, when accessed, triggers a server panic
> and subsequent denial of service.

Fixes: https://codeberg.org/redict/redict/issues/54

Signed-off-by: Drew DeVault <sir@cmpwn.com>
This commit is contained in:
Drew DeVault 2024-09-16 08:54:30 +02:00
parent a4c8110232
commit e035e7b763
2 changed files with 6 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/acl.c
View File

@ -1073,7 +1073,7 @@ int ACLSetSelector(aclSelector *selector, const char* op, size_t oplen) {
flags |= ACL_READ_PERMISSION; flags |= ACL_READ_PERMISSION;
} else if (toupper(op[offset]) == 'W' && !(flags & ACL_WRITE_PERMISSION)) { } else if (toupper(op[offset]) == 'W' && !(flags & ACL_WRITE_PERMISSION)) {
flags |= ACL_WRITE_PERMISSION; flags |= ACL_WRITE_PERMISSION;
} else if (op[offset] == '~') { } else if (op[offset] == '~' && flags) {
offset++; offset++;
break; break;
} else { } else {

5
tests/unit/acl-v2.tcl
View File

@ -122,6 +122,11 @@ start_server {tags {"acl external:skip"}} {
assert_match "*NOPERM*key*" $err assert_match "*NOPERM*key*" $err
} }
test {Validate read and write permissions format} {
catch {r ACL SETUSER key-permission-RW %~} err
set err
} {ERR Error in ACL SETUSER modifier '%~': Syntax error}
test {Test separate read and write permissions on different selectors are not additive} { test {Test separate read and write permissions on different selectors are not additive} {
r ACL SETUSER key-permission-RW-selector on nopass "(%R~read* +@all)" "(%W~write* +@all)" r ACL SETUSER key-permission-RW-selector on nopass "(%R~read* +@all)" "(%W~write* +@all)"
$r2 auth key-permission-RW-selector password $r2 auth key-permission-RW-selector password