From 11b071a22bd1662166213e86f7bb7394a945ea00 Mon Sep 17 00:00:00 2001
From: ranshid <88133677+ranshid@users.noreply.github.com>
Date: Thu, 10 Mar 2022 10:08:41 +0200
Subject: [PATCH] ACL DRYRUN does not validate the verified command args.
 (#10405)

As a result we segfault when parsing and matching the command keys.
---
 src/acl.c             |  7 +++++++
 tests/unit/acl-v2.tcl | 19 ++++++++++++++++---
 2 files changed, 23 insertions(+), 3 deletions(-)

diff --git a/src/acl.c b/src/acl.c
index 5bc063901..206680ac5 100644
--- a/src/acl.c
+++ b/src/acl.c
@@ -2790,6 +2790,13 @@ setuser_cleanup:
             return;
         }
 
+        if ((cmd->arity > 0 && cmd->arity != c->argc-3) ||
+            (c->argc-3 < -cmd->arity))
+        {
+            addReplyErrorFormat(c,"wrong number of arguments for '%s' command", cmd->fullname);
+            return;
+        }
+
         int idx;
         int result = ACLCheckAllUserCommandPerm(u, cmd, c->argv + 3, c->argc - 3, &idx);
         if (result != ACL_OK) {
diff --git a/tests/unit/acl-v2.tcl b/tests/unit/acl-v2.tcl
index 7a8bb099a..1746255c1 100644
--- a/tests/unit/acl-v2.tcl
+++ b/tests/unit/acl-v2.tcl
@@ -315,9 +315,9 @@ start_server {tags {"acl external:skip"}} {
         r ACL setuser command-test +@all %R~read* %W~write* %RW~rw*
 
         # Test migrate, which is marked with incomplete keys
-        assert_equal "OK" [r ACL DRYRUN command-test MIGRATE whatever whatever rw]
-        assert_equal "This user has no permissions to access the 'read' key" [r ACL DRYRUN command-test MIGRATE whatever whatever read]
-        assert_equal "This user has no permissions to access the 'write' key" [r ACL DRYRUN command-test MIGRATE whatever whatever write]
+        assert_equal "OK" [r ACL DRYRUN command-test MIGRATE whatever whatever rw 0 500]
+        assert_equal "This user has no permissions to access the 'read' key" [r ACL DRYRUN command-test MIGRATE whatever whatever read 0 500]
+        assert_equal "This user has no permissions to access the 'write' key" [r ACL DRYRUN command-test MIGRATE whatever whatever write 0 500]
         assert_equal "OK" [r ACL DRYRUN command-test MIGRATE whatever whatever "" 0 5000 KEYS rw]
         assert_equal "This user has no permissions to access the 'read' key" [r ACL DRYRUN command-test MIGRATE whatever whatever "" 0 5000 KEYS read]
         assert_equal "This user has no permissions to access the 'write' key" [r ACL DRYRUN command-test MIGRATE whatever whatever "" 0 5000 KEYS write]
@@ -433,6 +433,19 @@ start_server {tags {"acl external:skip"}} {
         assert_equal "This user has no permissions to access the 'otherchannel' channel" [r ACL DRYRUN test-channels spublish otherchannel foo]
         assert_equal "This user has no permissions to access the 'otherchannel' channel" [r ACL DRYRUN test-channels ssubscribe otherchannel foo]
     }
+    
+    test {Test DRYRUN with wrong number of arguments} {
+        r ACL setuser test-dry-run +@all ~v*
+        
+        assert_equal "OK" [r ACL DRYRUN test-dry-run SET v v]
+        
+        catch {r ACL DRYRUN test-dry-run SET v} e
+        assert_equal "ERR wrong number of arguments for 'set' command" $e
+        
+        catch {r ACL DRYRUN test-dry-run SET} e
+        assert_equal "ERR wrong number of arguments for 'set' command" $e
+        
+    }
 
     $r2 close
 }