rpms/redis
7
0
Fork 0
Code Issues Pull Requests Releases Activity

import redis-6.0.9-3.module+el8.4.0+10984+ed187465

Browse Source
This commit is contained in:
CentOS Sources 2021-08-18 19:36:02 +00:00 committed by Andrew Lukoshko
parent a1b9494335
commit bf69c71f7e
2 changed files with 34 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
SOURCES/redis-CVE-2021-26477.patch Normal file
View File

@ -0,0 +1,27 @@
From 394614a5f91d88380f480c4610926a865b5b0f16 Mon Sep 17 00:00:00 2001
From: Oran Agra <oran@redislabs.com>
Date: Mon, 3 May 2021 08:32:31 +0300
Subject: [PATCH] Fix integer overflow in STRALGO LCS (CVE-2021-29477)
An integer overflow bug in Redis version 6.0 or newer could be exploited using
the STRALGO LCS command to corrupt the heap and potentially result with remote
code execution.
(cherry picked from commit f0c5f920d0f88bd8aa376a2c05af4902789d1ef9)
---
src/t_string.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/t_string.c b/src/t_string.c
index 4886f7e44388..5310a297db16 100644
--- a/src/t_string.c
+++ b/src/t_string.c
@@ -576,7 +576,7 @@ void stralgoLCS(client *c) {
/* Setup an uint32_t array to store at LCS[i,j] the length of the
* LCS A0..i-1, B0..j-1. Note that we have a linear array here, so
* we index it as LCS[j+(blen+1)*j] */
- uint32_t *lcs = zmalloc((alen+1)*(blen+1)*sizeof(uint32_t));
+ uint32_t *lcs = zmalloc((size_t)(alen+1)*(blen+1)*sizeof(uint32_t));
#define LCS(A,B) lcs[(B)+((A)*(blen+1))]
/* Start building the LCS table. */

8
SPECS/redis.spec
View File

@ -20,7 +20,7 @@
Name: redis Name: redis
Version: 6.0.9 Version: 6.0.9
Release: 2%{?dist} Release: 3%{?dist}
Summary: A persistent key-value database Summary: A persistent key-value database
# redis, jemalloc, linenoise, lzf, hiredis are BSD # redis, jemalloc, linenoise, lzf, hiredis are BSD
# lua is MIT # lua is MIT
@ -52,6 +52,7 @@ Patch0002: 0002-install-redis-check-rdb-as-a-symlink-instead-of-dupl.pat
Patch0003: redis-config.patch Patch0003: redis-config.patch
# Security patches # Security patches
Patch100: redis-CVE-2021-26477.patch
BuildRequires: gcc BuildRequires: gcc
%if %{with tests} %if %{with tests}
@ -136,6 +137,7 @@ mv ../%{name}-doc-%{doc_commit} doc
%patch0001 -p1 %patch0001 -p1
%patch0002 -p1 %patch0002 -p1
%patch0003 -p1 %patch0003 -p1
%patch100 -p1 -b .cve29477
mv deps/lua/COPYRIGHT COPYRIGHT-lua mv deps/lua/COPYRIGHT COPYRIGHT-lua
mv deps/jemalloc/COPYING COPYING-jemalloc mv deps/jemalloc/COPYING COPYING-jemalloc
@ -284,6 +286,10 @@ exit 0
%changelog %changelog
* Wed May 12 2021 Remi Collet <rcollet@redhat.com> - 6.0.9-3
- fix integer overflow via STRALGO LCS command
CVE-2021-29477
* Tue Nov 24 2020 Remi Collet <rcollet@redhat.com> - 6.0.9-2 * Tue Nov 24 2020 Remi Collet <rcollet@redhat.com> - 6.0.9-2
- revert "simplify config rewrite file" and keep - revert "simplify config rewrite file" and keep
configuration in /etc configuration in /etc