From 8a531cedb01215e367d88b600bb9178ebb9eb4b2 Mon Sep 17 00:00:00 2001
From: antirez <antirez@gmail.com>
Date: Wed, 25 Sep 2019 17:45:05 +0200
Subject: [PATCH] ACL: fix ##6408, default user state affecting all the
 connections.

---
 src/server.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/src/server.c b/src/server.c
index 7882b0d99..2bdfd1640 100644
--- a/src/server.c
+++ b/src/server.c
@@ -3341,9 +3341,10 @@ int processCommand(client *c) {
 
     /* Check if the user is authenticated. This check is skipped in case
      * the default user is flagged as "nopass" and is active. */
-    int auth_required = !(DefaultUser->flags & USER_FLAG_NOPASS) &&
+    int auth_required = (!(DefaultUser->flags & USER_FLAG_NOPASS) ||
+                           DefaultUser->flags & USER_FLAG_DISABLED) &&
                         !c->authenticated;
-    if (auth_required || DefaultUser->flags & USER_FLAG_DISABLED) {
+    if (auth_required) {
         /* AUTH and HELLO are valid even in non authenticated state. */
         if (c->cmd->proc != authCommand || c->cmd->proc == helloCommand) {
             flagTransaction(c);