From 8fc0079366fcf7c75cbfd4864c448ca9aae5c835 Mon Sep 17 00:00:00 2001
From: "zhaozhao.zz" <zhaozhao.zz@alibaba-inc.com>
Date: Fri, 25 Jan 2019 19:06:18 +0800
Subject: [PATCH 1/2] ACL: check patterns instead of passwords in
 ACLCheckCommandPerm

---
 src/acl.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/acl.c b/src/acl.c
index 05625956..0456e9f2 100644
--- a/src/acl.c
+++ b/src/acl.c
@@ -555,7 +555,7 @@ int ACLCheckCommandPerm(client *c) {
         for (int j = 0; j < numkeys; j++) {
             listIter li;
             listNode *ln;
-            listRewind(u->passwords,&li);
+            listRewind(u->patterns,&li);
 
             /* Test this key against every pattern. */
             int match = 0;

From 0de83bcc62cec57a3e0bd5912fd3862f25654ddb Mon Sep 17 00:00:00 2001
From: "zhaozhao.zz" <zhaozhao.zz@alibaba-inc.com>
Date: Fri, 25 Jan 2019 19:35:18 +0800
Subject: [PATCH 2/2] ACL: fix memory leak when key patterns no match

---
 src/acl.c | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/src/acl.c b/src/acl.c
index 0456e9f2..7aa7204f 100644
--- a/src/acl.c
+++ b/src/acl.c
@@ -570,9 +570,12 @@ int ACLCheckCommandPerm(client *c) {
                     break;
                 }
             }
-            if (!match) return ACL_DENIED_KEY;
+            if (!match) {
+                getKeysFreeResult(keyidx);
+                return ACL_DENIED_KEY;
+            }
         }
-        getKeysFreeResult(keyidx);
+        if (keyidx) getKeysFreeResult(keyidx);
     }
 
     /* If we survived all the above checks, the user can execute the