diff options
| author | C Charles <TJ_Chen@outlook.com> | 2022-10-13 20:03:54 +0800 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2022-10-13 15:03:54 +0300 |
| commit | 9ab873d9d35e789a228c5281d57c9c4fdc1e4ce1 (patch) | |
| tree | 00f77ddc394eec20baceb8db65b81f509b8cde91 /tests/integration | |
| parent | dd60c6c8d3f605bca2fb45431edadbf0a5da1492 (diff) | |
| download | redis-9ab873d9d35e789a228c5281d57c9c4fdc1e4ce1.tar.gz | |
MIGTATE with AUTH that contains "keys" is getting wrong key names in migrateGetKeys, leads to ACL errors (#11253)
When using the MIGRATE, with a destination Redis that has the user name or password set to the string "keys",
Redis would have determine the wrong set of key names the command is gonna access.
This lead to ACL returning wrong authentication result.
Destination instance:
```
127.0.0.1:6380> acl setuser default >keys
OK
127.0.0.1:6380> acl setuser keys on nopass ~* &* +@all
OK
```
Source instance:
```
127.0.0.1:6379> set a 123
OK
127.0.0.1:6379> acl setuser cc on nopass ~a* +@all
OK
127.0.0.1:6379> auth cc 1
OK
127.0.0.1:6379> migrate 127.0.0.1 6380 "" 0 1000 auth keys keys a
(error) NOPERM this user has no permissions to access one of the keys used as arguments
127.0.0.1:6379> migrate 127.0.0.1 6380 "" 0 1000 auth2 keys pswd keys a
(error) NOPERM this user has no permissions to access one of the keys used as arguments
```
Using `acl dryrun` we know that the parameters of `auth` and `auth2` are mistaken for the `keys` option.
```
127.0.0.1:6379> acl dryrun cc migrate whatever whatever "" 0 1000 auth keys keys a
"This user has no permissions to access the 'keys' key"
127.0.0.1:6379> acl dryrun cc migrate whatever whatever "" 0 1000 auth2 keys pswd keys a
"This user has no permissions to access the 'pswd' key"
```
Fix the bug by editing db.c/migrateGetKeys function, which finds the `keys` option and all the keys following.
Diffstat (limited to 'tests/integration')
0 files changed, 0 insertions, 0 deletions