From e10faefd4885dae715e7f2d9c3214cd8b5f847ab Mon Sep 17 00:00:00 2001
From: antirez <antirez@gmail.com>
Date: Fri, 21 Dec 2018 17:24:14 +0100
Subject: ACL: HELLO should stop if the user is not authenticated.

---
 src/networking.c | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/src/networking.c b/src/networking.c
index 0a32f3113..5657a7643 100644
--- a/src/networking.c
+++ b/src/networking.c
@@ -2053,6 +2053,15 @@ void helloCommand(client *c) {
         return;
     }
 
+    /* At this point we need to be authenticated to continue. */
+    if (!c->authenticated) {
+        addReplyError(c,"-NOAUTH HELLO must be called with the client already "
+                        "authenticated, otherwise the HELLO AUTH <user> <pass> "
+                        "option can be used to authenticate the client and "
+                        "select the RESP protocol version at the same time");
+        return;
+    }
+
     /* Let's switch to RESP3 mode. */
     c->resp = 3;
     addReplyMapLen(c,7);
-- 
cgit v1.2.1