gvsafronov/futriix
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

Fixed a theoretical non exploitable security bug reported by @chrisrohlf. In theory if we undefine SDS_ABORT_ON_OOM from sds.c AND modify zmalloc.c in order to don't quit on out of memory (but this would break every other part of Redis), on out of memory there is a possible heap overflow.

Browse Source
This commit is contained in:
antirez 2011-01-27 10:27:25 +01:00
parent cc9f0eee71
commit be86082be4
1 changed files with 5 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
src/sds.c
View File

@ -305,7 +305,10 @@ sds *sdssplitlen(char *s, int len, char *sep, int seplen, int *count) {
#ifdef SDS_ABORT_ON_OOM #ifdef SDS_ABORT_ON_OOM
if (tokens == NULL) sdsOomAbort(); if (tokens == NULL) sdsOomAbort();
#endif #endif
if (seplen < 1 || len < 0 || tokens == NULL) return NULL; if (seplen < 1 || len < 0 || tokens == NULL) {
*count = 0;
return NULL;
}
if (len == 0) { if (len == 0) {
*count = 0; *count = 0;
return tokens; return tokens;
@ -360,6 +363,7 @@ cleanup:
int i; int i;
for (i = 0; i < elements; i++) sdsfree(tokens[i]); for (i = 0; i < elements; i++) sdsfree(tokens[i]);
zfree(tokens); zfree(tokens);
*count = 0;
return NULL; return NULL;
} }
#endif #endif