diff options
| author | Oran Agra <oran@redislabs.com> | 2021-10-04 12:10:31 +0300 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2021-10-04 12:10:31 +0300 |
| commit | fba15850e5c31666e4c3560a3be7fd034fa7e2b6 (patch) | |
| tree | c0e13871ecb0301013a1e267c63e2ef686e9cff0 /tests | |
| parent | 0215324a66af949be39b34be2d55143232c1cb71 (diff) | |
| download | redis-fba15850e5c31666e4c3560a3be7fd034fa7e2b6.tar.gz | |
Prevent unauthenticated client from easily consuming lots of memory (CVE-2021-32675) (#9588)
This change sets a low limit for multibulk and bulk length in the
protocol for unauthenticated connections, so that they can't easily
cause redis to allocate massive amounts of memory by sending just a few
characters on the network.
The new limits are 10 arguments of 16kb each (instead of 1m of 512mb)
Diffstat (limited to 'tests')
| -rw-r--r-- | tests/unit/auth.tcl | 16 |
1 files changed, 16 insertions, 0 deletions
diff --git a/tests/unit/auth.tcl b/tests/unit/auth.tcl index 805fcf38c..6fa5e0c13 100644 --- a/tests/unit/auth.tcl +++ b/tests/unit/auth.tcl @@ -24,6 +24,22 @@ start_server {tags {"auth external:skip"} overrides {requirepass foobar}} { r set foo 100 r incr foo } {101} + + test {For unauthenticated clients multibulk and bulk length are limited} { + set rr [redis [srv "host"] [srv "port"] 0 $::tls] + $rr write "*100\r\n" + $rr flush + catch {[$rr read]} e + assert_match {*unauthenticated multibulk length*} $e + $rr close + + set rr [redis [srv "host"] [srv "port"] 0 $::tls] + $rr write "*1\r\n\$100000000\r\n" + $rr flush + catch {[$rr read]} e + assert_match {*unauthenticated bulk length*} $e + $rr close + } } start_server {tags {"auth_binary_password external:skip"}} { |