1 files changed, 47 insertions, 0 deletions

diff --git a/meta-oe/recipes-extended/redis/redis/CVE-2021-41099.patch b/meta-oe/recipes-extended/redis/redis/CVE-2021-41099.patch
new file mode 100644
index 0000000000..ce0e112aeb
--- /dev/null
+++ b/meta-oe/recipes-extended/redis/redis/CVE-2021-41099.patch
@@ -0,0 +1,47 @@
+From fd25ce2108994b7781269143bdfb3403faa2f1d1 Mon Sep 17 00:00:00 2001
+From: YiyuanGUO <yguoaz@gmail.com>
+Date: Wed, 29 Sep 2021 10:20:35 +0300
+Subject: [PATCH] Fix integer overflow in _sdsMakeRoomFor (CVE-2021-41099)
+
+CVE: CVE-2021-41099
+Upstream-Status: Backport[https://github.com/redis/redis/commit/c6ad876774f3cc11e32681ea02a2eead00f2c521]
+
+Signed-off-by: Changqing Li <changqing.li@windriver.com>
+---
+ src/sds.c | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/src/sds.c b/src/sds.c
+index 2ec3aa7..5eadae5 100644
+--- a/src/sds.c
++++ b/src/sds.c
+@@ -233,7 +233,7 @@ void sdsclear(sds s) {
+ sds sdsMakeRoomFor(sds s, size_t addlen) {
+     void *sh, *newsh;
+     size_t avail = sdsavail(s);
+-    size_t len, newlen;
++    size_t len, newlen, reqlen;
+     char type, oldtype = s[-1] & SDS_TYPE_MASK;
+     int hdrlen;
+     size_t usable;
+@@ -243,7 +243,7 @@ sds sdsMakeRoomFor(sds s, size_t addlen) {
+ 
+     len = sdslen(s);
+     sh = (char*)s-sdsHdrSize(oldtype);
+-    newlen = (len+addlen);
++    reqlen = newlen = (len+addlen);
+     assert(newlen > len);   /* Catch size_t overflow */
+     if (newlen < SDS_MAX_PREALLOC)
+         newlen *= 2;
+@@ -258,7 +258,7 @@ sds sdsMakeRoomFor(sds s, size_t addlen) {
+     if (type == SDS_TYPE_5) type = SDS_TYPE_8;
+ 
+     hdrlen = sdsHdrSize(type);
+-    assert(hdrlen + newlen + 1 > len);  /* Catch size_t overflow */
++    assert(hdrlen + newlen + 1 > reqlen);  /* Catch size_t overflow */
+     if (oldtype==type) {
+         newsh = s_realloc_usable(sh, hdrlen+newlen+1, &usable);
+         if (newsh == NULL) return NULL;
+-- 
+2.17.1
+