diff options
| author | Oran Agra <oran@redislabs.com> | 2023-02-28 15:15:46 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2023-02-28 15:15:46 +0200 |
| commit | b1939b052adc058bd814045a745ec02d3f791d7b (patch) | |
| tree | 62cc6215ed8b78c09b0997838e4260253b433fd6 /tests | |
| parent | dcbfcb916ca1a269b3feef86ee86835294758f84 (diff) | |
| download | redis-b1939b052adc058bd814045a745ec02d3f791d7b.tar.gz | |
Integer Overflow in RAND commands can lead to assertion (CVE-2023-25155) (#11857)
Issue happens when passing a negative long value that greater than
the max positive value that the long can store.
Diffstat (limited to 'tests')
| -rw-r--r-- | tests/unit/type/hash.tcl | 2 | ||||
| -rw-r--r-- | tests/unit/type/set.tcl | 5 | ||||
| -rw-r--r-- | tests/unit/type/zset.tcl | 2 |
3 files changed, 9 insertions, 0 deletions
diff --git a/tests/unit/type/hash.tcl b/tests/unit/type/hash.tcl index 113780ff7..17e3ba40b 100644 --- a/tests/unit/type/hash.tcl +++ b/tests/unit/type/hash.tcl @@ -74,6 +74,8 @@ start_server {tags {"hash"}} { test "HRANDFIELD count overflow" { r hmset myhash a 1 assert_error {*value is out of range*} {r hrandfield myhash -9223372036854770000 withvalues} + assert_error {*value is out of range*} {r hrandfield myhash -9223372036854775808 withvalues} + assert_error {*value is out of range*} {r hrandfield myhash -9223372036854775808} } {} test "HRANDFIELD with <count> against non existing key" { diff --git a/tests/unit/type/set.tcl b/tests/unit/type/set.tcl index 8e02525ae..4885c365e 100644 --- a/tests/unit/type/set.tcl +++ b/tests/unit/type/set.tcl @@ -745,6 +745,11 @@ start_server { r srandmember nonexisting_key 100 } {} + test "SRANDMEMBER count overflow" { + r sadd myset a + assert_error {*value is out of range*} {r srandmember myset -9223372036854775808} + } {} + # Make sure we can distinguish between an empty array and a null response r readraw 1 diff --git a/tests/unit/type/zset.tcl b/tests/unit/type/zset.tcl index eb5cb8432..7a9721905 100644 --- a/tests/unit/type/zset.tcl +++ b/tests/unit/type/zset.tcl @@ -2325,6 +2325,8 @@ start_server {tags {"zset"}} { test "ZRANDMEMBER count overflow" { r zadd myzset 0 a assert_error {*value is out of range*} {r zrandmember myzset -9223372036854770000 withscores} + assert_error {*value is out of range*} {r zrandmember myzset -9223372036854775808 withscores} + assert_error {*value is out of range*} {r zrandmember myzset -9223372036854775808} } {} # Make sure we can distinguish between an empty array and a null response |