From ca1c182567add4092e9cb6ea829e9c5193e8fd55 Mon Sep 17 00:00:00 2001 From: Oran Agra Date: Thu, 13 Aug 2020 16:41:05 +0300 Subject: Sanitize dump payload: ziplist, listpack, zipmap, intset, stream When loading an encoded payload we will at least do a shallow validation to check that the size that's encoded in the payload matches the size of the allocation. This let's us later use this encoded size to make sure the various offsets inside encoded payload don't reach outside the allocation, if they do, we'll assert/panic, but at least we won't segfault or smear memory. We can also do 'deep' validation which runs on all the records of the encoded payload and validates that they don't contain invalid offsets. This lets us detect corruptions early and reject a RESTORE command rather than accepting it and asserting (crashing) later when accessing that payload via some command. configuration: - adding ACL flag skip-sanitize-payload - adding config sanitize-dump-payload [yes/no/clients] For now, we don't have a good way to ensure MIGRATE in cluster resharding isn't being slowed down by these sanitation, so i'm setting the default value to `no`, but later on it should be set to `clients` by default. changes: - changing rdbReportError not to `exit` in RESTORE command - adding a new stat to be able to later check if cluster MIGRATE isn't being slowed down by sanitation. --- src/intset.h | 1 + 1 file changed, 1 insertion(+) (limited to 'src/intset.h') diff --git a/src/intset.h b/src/intset.h index 8119e6636..4fba339d5 100644 --- a/src/intset.h +++ b/src/intset.h @@ -46,6 +46,7 @@ int64_t intsetRandom(intset *is); uint8_t intsetGet(intset *is, uint32_t pos, int64_t *value); uint32_t intsetLen(const intset *is); size_t intsetBlobLen(intset *is); +int intsetValidateIntegrity(const unsigned char *is, size_t size); #ifdef REDIS_TEST int intsetTest(int argc, char *argv[]); -- cgit v1.2.1