From b7750a936ff4390a8e32ce97ba30c4ca9459452f Mon Sep 17 00:00:00 2001 From: antirez Date: Fri, 25 Jan 2019 13:27:33 +0100 Subject: [PATCH] ACL: remove the ALLCOMMANDS user flag at a safer place. This fixes -@ as a side effect. --- src/acl.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/src/acl.c b/src/acl.c index 586432c6..6d4a82b8 100644 --- a/src/acl.c +++ b/src/acl.c @@ -189,9 +189,12 @@ int ACLUserCanExecuteFutureCommands(user *u) { /* Set the specified command bit for the specified user to 'value' (0 or 1). * If the bit overflows the user internal represetation, no operation - * is performed. */ + * is performed. As a side effect of calling this function with a value of + * zero, the user flag ALLCOMMANDS is cleared since it is no longer possible + * to skip the command bit explicit test. */ void ACLSetUserCommandBit(user *u, unsigned long id, int value) { uint64_t word, bit; + if (value == 0) u->flags &= ~USER_FLAG_ALLCOMMANDS; if (ACLGetCommandBitCoordinates(id,&word,&bit) == C_ERR) return; if (value) u->allowed_commands[word] |= bit; @@ -412,7 +415,6 @@ int ACLSetUser(user *u, const char *op, ssize_t oplen) { } unsigned long id = ACLGetCommandID(op+1); ACLSetUserCommandBit(u,id,0); - u->flags &= ~USER_FLAG_ALLCOMMANDS; ACLResetSubcommandsForCommand(u,id); } else if ((op[0] == '+' || op[0] == '-') && op[1] == '@') { int bitval = op[0] == '+' ? 1 : 0;