diff options
author | antirez <antirez@gmail.com> | 2020-04-15 16:12:06 +0200 |
---|---|---|
committer | antirez <antirez@gmail.com> | 2020-04-15 16:12:07 +0200 |
commit | 3519a5a026be50022fb4e103ddc602ffd59daf42 (patch) | |
tree | a4df0578b82166ae21c1f911ec765dec8ea8b33b /src/acl.c | |
parent | e8dd99fa532d931a980915c8a1abe173f640210c (diff) | |
download | redis-3519a5a026be50022fb4e103ddc602ffd59daf42.tar.gz |
Don't allow empty spaces in ACL key patterns.
Fixes issue #6418.
Diffstat (limited to 'src/acl.c')
-rw-r--r-- | src/acl.c | 13 |
1 files changed, 12 insertions, 1 deletions
@@ -30,6 +30,7 @@ #include "server.h" #include "sha256.h" #include <fcntl.h> +#include <ctype.h> /* ============================================================================= * Global state for ACLs @@ -690,7 +691,8 @@ void ACLAddAllowedSubcommand(user *u, unsigned long id, const char *sub) { * * When an error is returned, errno is set to the following values: * - * EINVAL: The specified opcode is not understood. + * EINVAL: The specified opcode is not understood or the key pattern is + * invalid (contains non allowed characters). * ENOENT: The command name or command category provided with + or - is not * known. * EBUSY: The subcommand you want to add is about a command that is currently @@ -789,6 +791,15 @@ int ACLSetUser(user *u, const char *op, ssize_t oplen) { errno = EEXIST; return C_ERR; } + /* Validate the pattern: no spaces nor null characters + * are allowed, for simpler rewriting of the ACLs without + * using quoting. */ + for (int i = 1; i < oplen; i++) { + if (isspace(op[i]) || op[i] == 0) { + errno = EINVAL; + return C_ERR; + } + } sds newpat = sdsnewlen(op+1,oplen-1); listNode *ln = listSearchKey(u->patterns,newpat); /* Avoid re-adding the same pattern multiple times. */ |