String pattern matching had exponential time complexity on pathological patterns (CVE-2022-36021) (#11858)

Authenticated users can use string matching commands with a specially crafted pattern to trigger a denial-of-service attack on Redis, causing it to hang and consume 100% CPU time. Co-authored-by: Tom Levy <tomlevy93@gmail.com>
author: Oran Agra <oran@redislabs.com> 2023-02-28 15:15:26 +0200
committer: GitHub <noreply@github.com> 2023-02-28 15:15:26 +0200
commit: dcbfcb916ca1a269b3feef86ee86835294758f84 (patch)
tree: 2df3290d73d6a1bfe68fdcfe546dbc7a18e19912 /tests/unit
parent: 18017df7c1407bc025741c64a90f20f4a8098bd2 (diff)
download: redis-dcbfcb916ca1a269b3feef86ee86835294758f84.tar.gz
1 files changed, 6 insertions, 0 deletions
diff --git a/tests/unit/keyspace.tcl b/tests/unit/keyspace.tcl
index b173e0efc..43690d06b 100644
--- a/tests/unit/keyspace.tcl
+++ b/tests/unit/keyspace.tcl
@@ -493,4 +493,10 @@ foreach {type large} [array get largevalue] {
         r keys *
         r keys *
     } {dlskeriewrioeuwqoirueioqwrueoqwrueqw}
+
+    test {Regression for pattern matching long nested loops} {
+        r flushdb
+        r SET aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa 1
+        r KEYS "a*a*a*a*a*a*a*a*a*a*a*a*a*a*a*a*a*a*a*a*b"
+    } {}
 }
author	Oran Agra <oran@redislabs.com>	2023-02-28 15:15:26 +0200
committer	GitHub <noreply@github.com>	2023-02-28 15:15:26 +0200
commit	dcbfcb916ca1a269b3feef86ee86835294758f84 (patch)
tree	2df3290d73d6a1bfe68fdcfe546dbc7a18e19912 /tests/unit
parent	18017df7c1407bc025741c64a90f20f4a8098bd2 (diff)
download	redis-dcbfcb916ca1a269b3feef86ee86835294758f84.tar.gz