diff options
| author | Salvatore Sanfilippo <antirez@gmail.com> | 2018-05-24 16:14:42 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2018-05-24 16:14:42 +0200 |
| commit | ef7ccad180decf89f8e378b86813af2984804d27 (patch) | |
| tree | c3dcc5a8f74cadd933f8b0f212b6b87b49259a7b /src/redis-cli.c | |
| parent | 8a200b04c3bf71888815d35ea0a84904bced8a91 (diff) | |
| parent | 95b988b6c69083fff3e00271653c2239d482ea0d (diff) | |
| download | redis-ef7ccad180decf89f8e378b86813af2984804d27.tar.gz | |
Merge pull request #4922 from 0xtonyxia/enhance-cli-security
Enhance security for redis-cli
Diffstat (limited to 'src/redis-cli.c')
| -rw-r--r-- | src/redis-cli.c | 44 |
1 files changed, 31 insertions, 13 deletions
diff --git a/src/redis-cli.c b/src/redis-cli.c index 850b10241..b7d963a0b 100644 --- a/src/redis-cli.c +++ b/src/redis-cli.c @@ -1058,7 +1058,7 @@ static int cliReadReply(int output_raw_strings) { return REDIS_OK; } -static int cliSendCommand(int argc, char **argv, int repeat) { +static int cliSendCommand(int argc, char **argv, long repeat) { char *command = argv[0]; size_t *argvlen; int j, output_raw; @@ -1121,7 +1121,7 @@ static int cliSendCommand(int argc, char **argv, int repeat) { for (j = 0; j < argc; j++) argvlen[j] = sdslen(argv[j]); - while(repeat--) { + while(repeat-- > 0) { redisAppendCommandArgv(context,argc,(const char**)argv,argvlen); while (config.monitor_mode) { if (cliReadReply(output_raw) != REDIS_OK) exit(1); @@ -1229,6 +1229,7 @@ static int parseOptions(int argc, char **argv) { } else if (!strcmp(argv[i],"-n") && !lastarg) { config.dbnum = atoi(argv[++i]); } else if (!strcmp(argv[i],"-a") && !lastarg) { + fputs("Warning: Using a password with '-a' option on the command line interface may not be safe.\n", stderr); config.auth = argv[++i]; } else if (!strcmp(argv[i],"-u") && !lastarg) { parseRedisUri(argv[++i]); @@ -1621,9 +1622,35 @@ static void repl(void) { cliRefreshPrompt(); while((line = linenoise(context ? config.prompt : "not connected> ")) != NULL) { if (line[0] != '\0') { + long repeat = 1; + int skipargs = 0; + char *endptr = NULL; + argv = cliSplitArgs(line,&argc); - if (history) linenoiseHistoryAdd(line); - if (historyfile) linenoiseHistorySave(historyfile); + + /* check if we have a repeat command option and + * need to skip the first arg */ + if (argv && argc > 0) { + errno = 0; + repeat = strtol(argv[0], &endptr, 10); + if (argc > 1 && *endptr == '\0') { + if (errno == ERANGE || errno == EINVAL || repeat <= 0) { + fputs("Invalid redis-cli repeat command option value.\n", stdout); + sdsfreesplitres(argv, argc); + linenoiseFree(line); + continue; + } + skipargs = 1; + } else { + repeat = 1; + } + } + + /* Won't save auth command in history file */ + if (!(argv && argc > 0 && !strcasecmp(argv[0+skipargs], "auth"))) { + if (history) linenoiseHistoryAdd(line); + if (historyfile) linenoiseHistorySave(historyfile); + } if (argv == NULL) { printf("Invalid argument(s)\n"); @@ -1655,15 +1682,6 @@ static void repl(void) { linenoiseClearScreen(); } else { long long start_time = mstime(), elapsed; - int repeat, skipargs = 0; - char *endptr; - - repeat = strtol(argv[0], &endptr, 10); - if (argc > 1 && *endptr == '\0' && repeat) { - skipargs = 1; - } else { - repeat = 1; - } issueCommandRepeat(argc-skipargs, argv+skipargs, repeat); |