mirror of
https://github.com/fluencelabs/redis
synced 2025-03-18 08:30:51 +00:00
Fixed a theoretical non exploitable security bug reported by @chrisrohlf. In theory if we undefine SDS_ABORT_ON_OOM from sds.c AND modify zmalloc.c in order to don't quit on out of memory (but this would break every other part of Redis), on out of memory there is a possible heap overflow.
This commit is contained in:
parent
cc9f0eee71
commit
be86082be4
@ -305,7 +305,10 @@ sds *sdssplitlen(char *s, int len, char *sep, int seplen, int *count) {
|
||||
#ifdef SDS_ABORT_ON_OOM
|
||||
if (tokens == NULL) sdsOomAbort();
|
||||
#endif
|
||||
if (seplen < 1 || len < 0 || tokens == NULL) return NULL;
|
||||
if (seplen < 1 || len < 0 || tokens == NULL) {
|
||||
*count = 0;
|
||||
return NULL;
|
||||
}
|
||||
if (len == 0) {
|
||||
*count = 0;
|
||||
return tokens;
|
||||
@ -360,6 +363,7 @@ cleanup:
|
||||
int i;
|
||||
for (i = 0; i < elements; i++) sdsfree(tokens[i]);
|
||||
zfree(tokens);
|
||||
*count = 0;
|
||||
return NULL;
|
||||
}
|
||||
#endif
|
||||
|
Loading…
x
Reference in New Issue
Block a user