diff options
author | antirez <antirez@gmail.com> | 2020-04-15 16:12:06 +0200 |
---|---|---|
committer | antirez <antirez@gmail.com> | 2020-04-15 18:40:11 +0200 |
commit | b86140ac5fb30b0dd4e36ca71b27c2ca1275d8da (patch) | |
tree | 417e2b181828fcfa5db3171f3070adede84e8461 | |
parent | a7ee3c3e77d04ac98c68b43ef18231eefd1f2615 (diff) | |
download | redis-b86140ac5fb30b0dd4e36ca71b27c2ca1275d8da.tar.gz |
Don't allow empty spaces in ACL key patterns.
Fixes issue #6418.
-rw-r--r-- | src/acl.c | 13 |
1 files changed, 12 insertions, 1 deletions
@@ -30,6 +30,7 @@ #include "server.h" #include "sha256.h" #include <fcntl.h> +#include <ctype.h> /* ============================================================================= * Global state for ACLs @@ -690,7 +691,8 @@ void ACLAddAllowedSubcommand(user *u, unsigned long id, const char *sub) { * * When an error is returned, errno is set to the following values: * - * EINVAL: The specified opcode is not understood. + * EINVAL: The specified opcode is not understood or the key pattern is + * invalid (contains non allowed characters). * ENOENT: The command name or command category provided with + or - is not * known. * EBUSY: The subcommand you want to add is about a command that is currently @@ -789,6 +791,15 @@ int ACLSetUser(user *u, const char *op, ssize_t oplen) { errno = EEXIST; return C_ERR; } + /* Validate the pattern: no spaces nor null characters + * are allowed, for simpler rewriting of the ACLs without + * using quoting. */ + for (int i = 1; i < oplen; i++) { + if (isspace(op[i]) || op[i] == 0) { + errno = EINVAL; + return C_ERR; + } + } sds newpat = sdsnewlen(op+1,oplen-1); listNode *ln = listSearchKey(u->patterns,newpat); /* Avoid re-adding the same pattern multiple times. */ |