caleb-brown/redict
1
0
Fork 0
mirror of https://codeberg.org/redict/redict.git synced 2025-01-23 00:28:26 -05:00
Code Issues Actions Packages Projects Releases Wiki Activity

Merge pull request #4922 from 0xtonyxia/enhance-cli-security

Browse Source 
Enhance security for redis-cli
This commit is contained in:
Salvatore Sanfilippo 2018-05-24 16:14:42 +02:00 committed by GitHub
commit ef7ccad180
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 31 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

40
src/redis-cli.c
View File

@ -1058,7 +1058,7 @@ static int cliReadReply(int output_raw_strings) {
return REDIS_OK; return REDIS_OK;
} }
static int cliSendCommand(int argc, char **argv, int repeat) { static int cliSendCommand(int argc, char **argv, long repeat) {
char *command = argv[0]; char *command = argv[0];
size_t *argvlen; size_t *argvlen;
int j, output_raw; int j, output_raw;
@ -1121,7 +1121,7 @@ static int cliSendCommand(int argc, char **argv, int repeat) {
for (j = 0; j < argc; j++) for (j = 0; j < argc; j++)
argvlen[j] = sdslen(argv[j]); argvlen[j] = sdslen(argv[j]);
while(repeat--) { while(repeat-- > 0) {
redisAppendCommandArgv(context,argc,(const char**)argv,argvlen); redisAppendCommandArgv(context,argc,(const char**)argv,argvlen);
while (config.monitor_mode) { while (config.monitor_mode) {
if (cliReadReply(output_raw) != REDIS_OK) exit(1); if (cliReadReply(output_raw) != REDIS_OK) exit(1);
@ -1229,6 +1229,7 @@ static int parseOptions(int argc, char **argv) {
} else if (!strcmp(argv[i],"-n") && !lastarg) { } else if (!strcmp(argv[i],"-n") && !lastarg) {
config.dbnum = atoi(argv[++i]); config.dbnum = atoi(argv[++i]);
} else if (!strcmp(argv[i],"-a") && !lastarg) { } else if (!strcmp(argv[i],"-a") && !lastarg) {
fputs("Warning: Using a password with '-a' option on the command line interface may not be safe.\n", stderr);
config.auth = argv[++i]; config.auth = argv[++i];
} else if (!strcmp(argv[i],"-u") && !lastarg) { } else if (!strcmp(argv[i],"-u") && !lastarg) {
parseRedisUri(argv[++i]); parseRedisUri(argv[++i]);
@ -1621,9 +1622,35 @@ static void repl(void) {
cliRefreshPrompt(); cliRefreshPrompt();
while((line = linenoise(context ? config.prompt : "not connected> ")) != NULL) { while((line = linenoise(context ? config.prompt : "not connected> ")) != NULL) {
if (line[0] != '\0') { if (line[0] != '\0') {
long repeat = 1;
int skipargs = 0;
char *endptr = NULL;
argv = cliSplitArgs(line,&argc); argv = cliSplitArgs(line,&argc);
/* check if we have a repeat command option and
* need to skip the first arg */
if (argv && argc > 0) {
errno = 0;
repeat = strtol(argv[0], &endptr, 10);
if (argc > 1 && *endptr == '\0') {
if (errno == ERANGE || errno == EINVAL || repeat <= 0) {
fputs("Invalid redis-cli repeat command option value.\n", stdout);
sdsfreesplitres(argv, argc);
linenoiseFree(line);
continue;
}
skipargs = 1;
} else {
repeat = 1;
}
}
/* Won't save auth command in history file */
if (!(argv && argc > 0 && !strcasecmp(argv[0+skipargs], "auth"))) {
if (history) linenoiseHistoryAdd(line); if (history) linenoiseHistoryAdd(line);
if (historyfile) linenoiseHistorySave(historyfile); if (historyfile) linenoiseHistorySave(historyfile);
}
if (argv == NULL) { if (argv == NULL) {
printf("Invalid argument(s)\n"); printf("Invalid argument(s)\n");
@ -1655,15 +1682,6 @@ static void repl(void) {
linenoiseClearScreen(); linenoiseClearScreen();
} else { } else {
long long start_time = mstime(), elapsed; long long start_time = mstime(), elapsed;
int repeat, skipargs = 0;
char *endptr;
repeat = strtol(argv[0], &endptr, 10);
if (argc > 1 && *endptr == '\0' && repeat) {
skipargs = 1;
} else {
repeat = 1;
}
issueCommandRepeat(argc-skipargs, argv+skipargs, repeat); issueCommandRepeat(argc-skipargs, argv+skipargs, repeat);