From 3519a5a026be50022fb4e103ddc602ffd59daf42 Mon Sep 17 00:00:00 2001
From: antirez <antirez@gmail.com>
Date: Wed, 15 Apr 2020 16:12:06 +0200
Subject: Don't allow empty spaces in ACL key patterns.

Fixes issue #6418.
---
 src/acl.c | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

(limited to 'src/acl.c')

diff --git a/src/acl.c b/src/acl.c
index 6847130ad..a5e35c4d1 100644
--- a/src/acl.c
+++ b/src/acl.c
@@ -30,6 +30,7 @@
 #include "server.h"
 #include "sha256.h"
 #include <fcntl.h>
+#include <ctype.h>
 
 /* =============================================================================
  * Global state for ACLs
@@ -690,7 +691,8 @@ void ACLAddAllowedSubcommand(user *u, unsigned long id, const char *sub) {
  *
  * When an error is returned, errno is set to the following values:
  *
- * EINVAL: The specified opcode is not understood.
+ * EINVAL: The specified opcode is not understood or the key pattern is
+ *         invalid (contains non allowed characters).
  * ENOENT: The command name or command category provided with + or - is not
  *         known.
  * EBUSY:  The subcommand you want to add is about a command that is currently
@@ -789,6 +791,15 @@ int ACLSetUser(user *u, const char *op, ssize_t oplen) {
             errno = EEXIST;
             return C_ERR;
         }
+        /* Validate the pattern: no spaces nor null characters
+         * are allowed, for simpler rewriting of the ACLs without
+         * using quoting. */
+        for (int i = 1; i < oplen; i++) {
+            if (isspace(op[i]) || op[i] == 0) {
+                errno = EINVAL;
+                return C_ERR;
+            }
+        }
         sds newpat = sdsnewlen(op+1,oplen-1);
         listNode *ln = listSearchKey(u->patterns,newpat);
         /* Avoid re-adding the same pattern multiple times. */
-- 
cgit v1.2.1