Skip to content
Permalink
Browse files Browse the repository at this point in the history
Avoid assertion when MSETNX is used with the same key twice (CVE-2023…
…-28425) (#11940)

Using the same key twice in MSETNX command would trigger an assertion.

This reverts #11594 (introduced in Redis 7.0.8)
  • Loading branch information
oranagra committed Mar 20, 2023
1 parent c912414 commit 48e0d47
Show file tree
Hide file tree
Showing 2 changed files with 10 additions and 3 deletions.
4 changes: 1 addition & 3 deletions src/t_string.c
Expand Up @@ -559,7 +559,6 @@ void mgetCommand(client *c) {

void msetGenericCommand(client *c, int nx) {
int j;
int setkey_flags = 0;

if ((c->argc % 2) == 0) {
addReplyErrorArity(c);
Expand All @@ -575,12 +574,11 @@ void msetGenericCommand(client *c, int nx) {
return;
}
}
setkey_flags |= SETKEY_DOESNT_EXIST;
}

for (j = 1; j < c->argc; j += 2) {
c->argv[j+1] = tryObjectEncoding(c->argv[j+1]);
setKey(c, c->db, c->argv[j], c->argv[j + 1], setkey_flags);
setKey(c, c->db, c->argv[j], c->argv[j + 1], 0);
notifyKeyspaceEvent(NOTIFY_STRING,"set",c->argv[j],c->db->id);
}
server.dirty += (c->argc-1)/2;
Expand Down
9 changes: 9 additions & 0 deletions tests/unit/type/string.tcl
Expand Up @@ -234,6 +234,15 @@ start_server {tags {"string"}} {
list [r msetnx x1{t} xxx y2{t} yyy] [r get x1{t}] [r get y2{t}]
} {1 xxx yyy}

test {MSETNX with not existing keys - same key twice} {
r del x1{t}
list [r msetnx x1{t} xxx x1{t} yyy] [r get x1{t}]
} {1 yyy}

test {MSETNX with already existing keys - same key twice} {
list [r msetnx x1{t} xxx x1{t} zzz] [r get x1{t}]
} {0 yyy}

test "STRLEN against non-existing key" {
assert_equal 0 [r strlen notakey]
}
Expand Down

0 comments on commit 48e0d47

Please sign in to comment.