Add checks for overflow in redis-check-aof and loadAppendOnlyFile (#9669)

Co-authored-by: guoyiyuan <guoyiyuan@sbrella.com>
2021-11-02 23:03:07 +08:00 · 2021-11-02 23:03:07 +08:00 · 78025c4a26
commit 78025c4a26
parent 87321deb3f
2 changed files with 6 additions and 0 deletions
--- a/src/aof.c
+++ b/src/aof.c
@ -783,6 +783,7 @@ int loadAppendOnlyFile(char *filename) {
        if (buf[1] == '\0') goto readerr;
        argc = atoi(buf+1);
        if (argc < 1) goto fmterr;
+        if ((size_t)argc > SIZE_MAX / sizeof(robj*)) goto fmterr;

        /* Load the next command in the AOF as our fake client
         * argv. */
--- a/src/redis-check-aof.c
+++ b/src/redis-check-aof.c
@ -124,6 +124,11 @@ int readString(FILE *fp, char** target) {
        return 0;
    }

+    if (len < 0 || len > LONG_MAX - 2) {
+        ERROR("Expected to read string of %ld bytes, which is not in the suitable range",len);
+        return 0;
+    }
+
    /* Increase length to also consume \r\n */
    len += 2;
    *target = (char*)zmalloc(len);