diff options
author | Oran Agra <oran@redislabs.com> | 2021-10-04 12:11:02 +0300 |
---|---|---|
committer | GitHub <noreply@github.com> | 2021-10-04 12:11:02 +0300 |
commit | c5e6a6204c4cf57f85e7c83a9b4e99f1a7204fd2 (patch) | |
tree | 9f55ffb0f03b07391b4796331aabcb7881ba80ae /src/listpack.h | |
parent | fba15850e5c31666e4c3560a3be7fd034fa7e2b6 (diff) | |
download | redis-c5e6a6204c4cf57f85e7c83a9b4e99f1a7204fd2.tar.gz |
Fix ziplist and listpack overflows and truncations (CVE-2021-32627, CVE-2021-32628) (#9589)
- fix possible heap corruption in ziplist and listpack resulting by trying to
allocate more than the maximum size of 4GB.
- prevent ziplist (hash and zset) from reaching size of above 1GB, will be
converted to HT encoding, that's not a useful size.
- prevent listpack (stream) from reaching size of above 1GB.
- XADD will start a new listpack if the new record may cause the previous
listpack to grow over 1GB.
- XADD will respond with an error if a single stream record is over 1GB
- List type (ziplist in quicklist) was truncating strings that were over 4GB,
now it'll respond with an error.
Co-authored-by: sundb <sundbcn@gmail.com>
Diffstat (limited to 'src/listpack.h')
-rw-r--r-- | src/listpack.h | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/src/listpack.h b/src/listpack.h index 535513ac2..2ac7ac16b 100644 --- a/src/listpack.h +++ b/src/listpack.h @@ -87,6 +87,7 @@ unsigned int lpCompare(unsigned char *p, unsigned char *s, uint32_t slen); void lpRandomPair(unsigned char *lp, unsigned long total_count, listpackEntry *key, listpackEntry *val); void lpRandomPairs(unsigned char *lp, unsigned int count, listpackEntry *keys, listpackEntry *vals); unsigned int lpRandomPairsUnique(unsigned char *lp, unsigned int count, listpackEntry *keys, listpackEntry *vals); +int lpSafeToAdd(unsigned char* lp, size_t add); #ifdef REDIS_TEST int listpackTest(int argc, char *argv[], int accurate); |