diff options
Diffstat (limited to 'meta-oe/recipes-extended/redis/redis/CVE-2021-41099.patch')
-rw-r--r-- | meta-oe/recipes-extended/redis/redis/CVE-2021-41099.patch | 47 |
1 files changed, 47 insertions, 0 deletions
diff --git a/meta-oe/recipes-extended/redis/redis/CVE-2021-41099.patch b/meta-oe/recipes-extended/redis/redis/CVE-2021-41099.patch new file mode 100644 index 0000000000..ce0e112aeb --- /dev/null +++ b/meta-oe/recipes-extended/redis/redis/CVE-2021-41099.patch @@ -0,0 +1,47 @@ +From fd25ce2108994b7781269143bdfb3403faa2f1d1 Mon Sep 17 00:00:00 2001 +From: YiyuanGUO <yguoaz@gmail.com> +Date: Wed, 29 Sep 2021 10:20:35 +0300 +Subject: [PATCH] Fix integer overflow in _sdsMakeRoomFor (CVE-2021-41099) + +CVE: CVE-2021-41099 +Upstream-Status: Backport[https://github.com/redis/redis/commit/c6ad876774f3cc11e32681ea02a2eead00f2c521] + +Signed-off-by: Changqing Li <changqing.li@windriver.com> +--- + src/sds.c | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/src/sds.c b/src/sds.c +index 2ec3aa7..5eadae5 100644 +--- a/src/sds.c ++++ b/src/sds.c +@@ -233,7 +233,7 @@ void sdsclear(sds s) { + sds sdsMakeRoomFor(sds s, size_t addlen) { + void *sh, *newsh; + size_t avail = sdsavail(s); +- size_t len, newlen; ++ size_t len, newlen, reqlen; + char type, oldtype = s[-1] & SDS_TYPE_MASK; + int hdrlen; + size_t usable; +@@ -243,7 +243,7 @@ sds sdsMakeRoomFor(sds s, size_t addlen) { + + len = sdslen(s); + sh = (char*)s-sdsHdrSize(oldtype); +- newlen = (len+addlen); ++ reqlen = newlen = (len+addlen); + assert(newlen > len); /* Catch size_t overflow */ + if (newlen < SDS_MAX_PREALLOC) + newlen *= 2; +@@ -258,7 +258,7 @@ sds sdsMakeRoomFor(sds s, size_t addlen) { + if (type == SDS_TYPE_5) type = SDS_TYPE_8; + + hdrlen = sdsHdrSize(type); +- assert(hdrlen + newlen + 1 > len); /* Catch size_t overflow */ ++ assert(hdrlen + newlen + 1 > reqlen); /* Catch size_t overflow */ + if (oldtype==type) { + newsh = s_realloc_usable(sh, hdrlen+newlen+1, &usable); + if (newsh == NULL) return NULL; +-- +2.17.1 + |