diff options
| author | Oran Agra <oran@redislabs.com> | 2021-10-04 12:11:02 +0300 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2021-10-04 12:11:02 +0300 |
| commit | c5e6a6204c4cf57f85e7c83a9b4e99f1a7204fd2 (patch) | |
| tree | 9f55ffb0f03b07391b4796331aabcb7881ba80ae /src/ziplist.h | |
| parent | fba15850e5c31666e4c3560a3be7fd034fa7e2b6 (diff) | |
| download | redis-c5e6a6204c4cf57f85e7c83a9b4e99f1a7204fd2.tar.gz | |
Fix ziplist and listpack overflows and truncations (CVE-2021-32627, CVE-2021-32628) (#9589)
- fix possible heap corruption in ziplist and listpack resulting by trying to
allocate more than the maximum size of 4GB.
- prevent ziplist (hash and zset) from reaching size of above 1GB, will be
converted to HT encoding, that's not a useful size.
- prevent listpack (stream) from reaching size of above 1GB.
- XADD will start a new listpack if the new record may cause the previous
listpack to grow over 1GB.
- XADD will respond with an error if a single stream record is over 1GB
- List type (ziplist in quicklist) was truncating strings that were over 4GB,
now it'll respond with an error.
Co-authored-by: sundb <sundbcn@gmail.com>
Diffstat (limited to 'src/ziplist.h')
| -rw-r--r-- | src/ziplist.h | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/src/ziplist.h b/src/ziplist.h index f13f4bf30..6a02e570e 100644 --- a/src/ziplist.h +++ b/src/ziplist.h @@ -65,6 +65,7 @@ int ziplistValidateIntegrity(unsigned char *zl, size_t size, int deep, void ziplistRandomPair(unsigned char *zl, unsigned long total_count, ziplistEntry *key, ziplistEntry *val); void ziplistRandomPairs(unsigned char *zl, unsigned int count, ziplistEntry *keys, ziplistEntry *vals); unsigned int ziplistRandomPairsUnique(unsigned char *zl, unsigned int count, ziplistEntry *keys, ziplistEntry *vals); +int ziplistSafeToAdd(unsigned char* zl, size_t add); #ifdef REDIS_TEST int ziplistTest(int argc, char *argv[], int accurate); |