Prevent clients from making too large multibulk requests

2025-03-17 16:10:50 +00:00 · 2010-10-15 19:15:38 +02:00 · 2010-10-15 19:15:38 +02:00 · b19c33d48a
commit b19c33d48a
parent ea5b70924d
2 changed files with 11 additions and 0 deletions
--- a/src/networking.c
+++ b/src/networking.c
@ -724,6 +724,10 @@ int processMultibulkBuffer(redisClient *c) {
        if (c->multibulklen <= 0) {
            c->querybuf = sdsrange(c->querybuf,pos,-1);
            return REDIS_OK;
+        } else if (c->multibulklen > 1024*1024) {
+            addReplyError(c,"Protocol error: invalid multibulk length");
+            setProtocolError(c,pos);
+            return REDIS_ERR;
        }

        /* Setup argv array on client structure */
--- a/tests/unit/protocol.tcl
+++ b/tests/unit/protocol.tcl
@ -13,6 +13,13 @@ start_server {tags {"protocol"}} {
        assert_equal PONG [r ping]
    }

+    test "Out of range multibulk length" {
+        reconnect
+        r write "*20000000\r\n"
+        r flush
+        assert_error "*invalid multibulk length*" {r read}
+    }
+
    test "Wrong multibulk payload header" {
        reconnect
        r write "*3\r\n\$3\r\nSET\r\n\$1\r\nx\r\nfooz\r\n"