An integer overflow bug in Redis 6.2 could be exploited to corrupt the heap and
potentially result with remote code execution.
The vulnerability involves changing the default set-max-intset-entries
configuration value, creating a large set key that consists of integer values
and using the COPY command to duplicate it.
The integer overflow bug exists in all versions of Redis starting with 2.6,
where it could result with a corrupted RDB or DUMP payload, but not exploited
through COPY (which did not exist before 6.2).
(cherry picked from commit 29900d4e6bccdf3691bedf0ea9a5d84863fa3592)
An integer overflow bug in Redis 6.2 could be exploited to corrupt the heap and
potentially result with remote code execution.
The vulnerability involves changing the default set-max-intset-entries
configuration value, creating a large set key that consists of integer values
and using the COPY command to duplicate it.
The integer overflow bug exists in all versions of Redis starting with 2.6,
where it could result with a corrupted RDB or DUMP payload, but not exploited
through COPY (which did not exist before 6.2).
(cherry picked from commit 29900d4e6bccdf3691bedf0ea9a5d84863fa3592)
prefix args not all args. So when we help commands with subcommands,
all subcommands will be output.
(cherry picked from commit 0b1b9edb2843730b03f78b6073cdd30873dbba95)
prefix args not all args. So when we help commands with subcommands,
all subcommands will be output.
(cherry picked from commit 0b1b9edb2843730b03f78b6073cdd30873dbba95)
missing zfree(data) in redis-benchmark.
And also correct the wrong size in lrange.
the text mentioned 500, but size was 450, changed to 500
(cherry picked from commit 1eff8564c78011f7257e485796990a0d4d607a5b)
missing zfree(data) in redis-benchmark.
And also correct the wrong size in lrange.
the text mentioned 500, but size was 450, changed to 500
(cherry picked from commit 1eff8564c78011f7257e485796990a0d4d607a5b)
When redis-cli was used with both -c (cluster) and -s (unix socket),
it would have kept trying to use that unix socket, even if it got
redirected by the cluster (resulting in an infinite loop).
(cherry picked from commit 416f2773395ffcd72d8d8408e1558f49d59a0077)
When redis-cli was used with both -c (cluster) and -s (unix socket),
it would have kept trying to use that unix socket, even if it got
redirected by the cluster (resulting in an infinite loop).
(cherry picked from commit 416f2773395ffcd72d8d8408e1558f49d59a0077)
- Immediately exit on errors that are not related to topology updates.
- Deprecates the `-e` option ( retro compatible ) and warns that we now
exit immediately on errors that are not related to topology updates.
- Fixed wrongfully failing on config fetch error (warning only). This only affects RE.
Bottom line:
- MOVED and ASK errors will not show any warning (unlike the throttled error with `-e` before).
- CLUSTERDOWN still prints an error unconditionally and sleeps for 1 second.
- other errors are fatal.
(cherry picked from commit ef6f902372d4646b1894ec5dbd5f857dea5688d6)
- Immediately exit on errors that are not related to topology updates.
- Deprecates the `-e` option ( retro compatible ) and warns that we now
exit immediately on errors that are not related to topology updates.
- Fixed wrongfully failing on config fetch error (warning only). This only affects RE.
Bottom line:
- MOVED and ASK errors will not show any warning (unlike the throttled error with `-e` before).
- CLUSTERDOWN still prints an error unconditionally and sleeps for 1 second.
- other errors are fatal.
(cherry picked from commit ef6f902372d4646b1894ec5dbd5f857dea5688d6)
This solves an issue reported in #8712 in which a replica would bypass
the client write pause check and cause an assertion due to executing a
write command during failover.
The fact is that we don't expect replicas to execute any command other
than maybe REPLCONF and PING, etc. but matching against the ADMIN
command flag is insufficient, so instead i just block keyspace access
for now.
(cherry picked from commit 46f4ebbe842620f0976a36741a72482620aa4b48)
This solves an issue reported in #8712 in which a replica would bypass
the client write pause check and cause an assertion due to executing a
write command during failover.
The fact is that we don't expect replicas to execute any command other
than maybe REPLCONF and PING, etc. but matching against the ADMIN
command flag is insufficient, so instead i just block keyspace access
for now.
(cherry picked from commit 46f4ebbe842620f0976a36741a72482620aa4b48)
This prevents a case where NTP moves the system clock
forward resulting in a false detection of a busy script.
Signed-off-by: zyxwvu Shi <i@shiyc.cn>
(cherry picked from commit f61c37cec900ba391541f20f7655aad44a26bafc)
This prevents a case where NTP moves the system clock
forward resulting in a false detection of a busy script.
Signed-off-by: zyxwvu Shi <i@shiyc.cn>
(cherry picked from commit f61c37cec900ba391541f20f7655aad44a26bafc)
Modules event subscribers may get wrong things in notifyKeyspaceEvent callback,
such as wrong number of keys, or be able to lookup this key.
This commit changes the order to be like the one in evict.c.
Cleanup:
Since we know the key exists (it expires now), db*Delete is sure to return 1,
so there's no need to check it's output (misleading).
(cherry picked from commit 63acfe4b00b9d3e34a53559f965c0bc44c03db61)
Modules event subscribers may get wrong things in notifyKeyspaceEvent callback,
such as wrong number of keys, or be able to lookup this key.
This commit changes the order to be like the one in evict.c.
Cleanup:
Since we know the key exists (it expires now), db*Delete is sure to return 1,
so there's no need to check it's output (misleading).
(cherry picked from commit 63acfe4b00b9d3e34a53559f965c0bc44c03db61)
When redis-check-aof finds an error, it prints the line number for faster troubleshooting.
(cherry picked from commit 761d7d27711edfbf737def41ff28f5b325fb16c8)
When redis-check-aof finds an error, it prints the line number for faster troubleshooting.
(cherry picked from commit 761d7d27711edfbf737def41ff28f5b325fb16c8)
This scene is hard to happen. When first attempt some keys expired,
only kv position is updated not ov. Then socket err happens, second
attempt is taken. This time kv items may be mismatching with ov items.
(cherry picked from commit 080d4579db40d965f8392af5b1da7a99d1a817d5)
This scene is hard to happen. When first attempt some keys expired,
only kv position is updated not ov. Then socket err happens, second
attempt is taken. This time kv items may be mismatching with ov items.
(cherry picked from commit 080d4579db40d965f8392af5b1da7a99d1a817d5)
