gvsafronov/futriix
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Cluster: check packets length before accessing far fields.

Browse Source
This commit is contained in:
antirez 2016-01-19 13:16:24 +01:00
parent d2604565ab
commit be9dd0137d
1 changed files with 10 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
src/cluster.c
View File

@ -1542,9 +1542,6 @@ int clusterProcessPacket(clusterLink *link) {
clusterMsg *hdr = (clusterMsg*) link->rcvbuf; clusterMsg *hdr = (clusterMsg*) link->rcvbuf;
uint32_t totlen = ntohl(hdr->totlen); uint32_t totlen = ntohl(hdr->totlen);
uint16_t type = ntohs(hdr->type); uint16_t type = ntohs(hdr->type);
uint16_t flags = ntohs(hdr->flags);
uint64_t senderCurrentEpoch = 0, senderConfigEpoch = 0;
clusterNode *sender;
server.cluster->stats_bus_messages_received++; server.cluster->stats_bus_messages_received++;
serverLog(LL_DEBUG,"--- Processing packet of type %d, %lu bytes", serverLog(LL_DEBUG,"--- Processing packet of type %d, %lu bytes",
@ -1552,9 +1549,17 @@ int clusterProcessPacket(clusterLink *link) {
/* Perform sanity checks */ /* Perform sanity checks */
if (totlen < 16) return 1; /* At least signature, version, totlen, count. */ if (totlen < 16) return 1; /* At least signature, version, totlen, count. */
if (ntohs(hdr->ver) != CLUSTER_PROTO_VER)
return 1; /* Can't handle versions other than the current one.*/
if (totlen > sdslen(link->rcvbuf)) return 1; if (totlen > sdslen(link->rcvbuf)) return 1;
if (ntohs(hdr->ver) != CLUSTER_PROTO_VER) {
/* Can't handle messages of different versions. */
return 1;
}
uint16_t flags = ntohs(hdr->flags);
uint64_t senderCurrentEpoch = 0, senderConfigEpoch = 0;
clusterNode *sender;
if (type == CLUSTERMSG_TYPE_PING || type == CLUSTERMSG_TYPE_PONG || if (type == CLUSTERMSG_TYPE_PING || type == CLUSTERMSG_TYPE_PONG ||
type == CLUSTERMSG_TYPE_MEET) type == CLUSTERMSG_TYPE_MEET)
{ {