From ff92c069475bd6f0ebbaca009ad3168c9d359851 Mon Sep 17 00:00:00 2001 From: antirez Date: Tue, 15 Jan 2019 18:28:43 +0100 Subject: [PATCH] ACL: fix command exec check by returning. --- src/server.c | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/src/server.c b/src/server.c index 0516219d1..edf16917d 100644 --- a/src/server.c +++ b/src/server.c @@ -2596,6 +2596,14 @@ int processCommand(client *c) { return C_OK; } + /* Check if the user can run this command according to the current + * ACLs. */ + if (ACLCheckCommandPerm(c) == C_ERR) { + flagTransaction(c); + addReplyErrorFormat(c,"-NOPERM this user has no permissions to run the %s command", c->cmd->name); + return C_OK; + } + /* If cluster is enabled perform the cluster redirection here. * However we don't perform the redirection if: * 1) The sender of this command is our master. @@ -2688,12 +2696,6 @@ int processCommand(client *c) { return C_OK; } - /* Check if the user can run this command according to the current - * ACLs. */ - if (ACLCheckCommandPerm(c) == C_ERR) { - addReplyErrorFormat(c,"-NOPERM this user has no permissions to run the %s command", c->cmd->name); - } - /* Only allow a subset of commands in the context of Pub/Sub if the * connection is in RESP2 mode. With RESP3 there are no limits. */ if ((c->flags & CLIENT_PUBSUB && c->resp == 2) &&