From ab1b607054b62a1c6139d7ceab697eed2208acf5 Mon Sep 17 00:00:00 2001
From: CentOS Sources <bugs@centos.org>
Date: Tue, 5 Oct 2021 15:26:23 -0400
Subject: [PATCH] import redis-6.0.9-3.module+el8.4.0+10984+ed187465

---
 SOURCES/redis-CVE-2021-26477.patch | 27 +++++++++++++++++++++++++++
 SPECS/redis.spec                   |  8 +++++++-
 2 files changed, 34 insertions(+), 1 deletion(-)
 create mode 100644 SOURCES/redis-CVE-2021-26477.patch

diff --git a/SOURCES/redis-CVE-2021-26477.patch b/SOURCES/redis-CVE-2021-26477.patch
new file mode 100644
index 0000000..6def3db
--- /dev/null
+++ b/SOURCES/redis-CVE-2021-26477.patch
@@ -0,0 +1,27 @@
+From 394614a5f91d88380f480c4610926a865b5b0f16 Mon Sep 17 00:00:00 2001
+From: Oran Agra <oran@redislabs.com>
+Date: Mon, 3 May 2021 08:32:31 +0300
+Subject: [PATCH] Fix integer overflow in STRALGO LCS (CVE-2021-29477)
+
+An integer overflow bug in Redis version 6.0 or newer could be exploited using
+the STRALGO LCS command to corrupt the heap and potentially result with remote
+code execution.
+
+(cherry picked from commit f0c5f920d0f88bd8aa376a2c05af4902789d1ef9)
+---
+ src/t_string.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/t_string.c b/src/t_string.c
+index 4886f7e44388..5310a297db16 100644
+--- a/src/t_string.c
++++ b/src/t_string.c
+@@ -576,7 +576,7 @@ void stralgoLCS(client *c) {
+     /* Setup an uint32_t array to store at LCS[i,j] the length of the
+      * LCS A0..i-1, B0..j-1. Note that we have a linear array here, so
+      * we index it as LCS[j+(blen+1)*j] */
+-    uint32_t *lcs = zmalloc((alen+1)*(blen+1)*sizeof(uint32_t));
++    uint32_t *lcs = zmalloc((size_t)(alen+1)*(blen+1)*sizeof(uint32_t));
+     #define LCS(A,B) lcs[(B)+((A)*(blen+1))]
+ 
+     /* Start building the LCS table. */
diff --git a/SPECS/redis.spec b/SPECS/redis.spec
index b04efdd..3c27384 100644
--- a/SPECS/redis.spec
+++ b/SPECS/redis.spec
@@ -20,7 +20,7 @@
 
 Name:              redis
 Version:           6.0.9
-Release:           2%{?dist}
+Release:           3%{?dist}
 Summary:           A persistent key-value database
 # redis, jemalloc, linenoise, lzf, hiredis are BSD
 # lua is MIT
@@ -52,6 +52,7 @@ Patch0002:         0002-install-redis-check-rdb-as-a-symlink-instead-of-dupl.pat
 Patch0003:         redis-config.patch
 
 # Security patches
+Patch100:          redis-CVE-2021-26477.patch
 
 BuildRequires:     gcc
 %if %{with tests}
@@ -136,6 +137,7 @@ mv ../%{name}-doc-%{doc_commit} doc
 %patch0001 -p1
 %patch0002 -p1
 %patch0003 -p1
+%patch100  -p1 -b .cve29477
 
 mv deps/lua/COPYRIGHT    COPYRIGHT-lua
 mv deps/jemalloc/COPYING COPYING-jemalloc
@@ -284,6 +286,10 @@ exit 0
 
 
 %changelog
+* Wed May 12 2021 Remi Collet <rcollet@redhat.com> - 6.0.9-3
+- fix integer overflow via STRALGO LCS command
+  CVE-2021-29477
+
 * Tue Nov 24 2020 Remi Collet <rcollet@redhat.com> - 6.0.9-2
 - revert "simplify config rewrite file" and keep
   configuration in /etc