Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

Modify proto/nc_redis.c to reject EVAL/EVALSHA with 0 keys.

  • Loading branch information...
commit 48f5e50a69236efc8bb534cc6451a1f89e36b59a 1 parent 0d38b03
@ferenyx ferenyx authored
Showing with 25 additions and 0 deletions.
  1. +25 −0 src/proto/nc_redis.c
View
25 src/proto/nc_redis.c
@@ -1127,6 +1127,10 @@ redis_parse_req(struct msg *r)
break;
case SW_ARG2:
+ if (r->token == NULL) {
+ r->token = p;
+ }
+
m = p + r->rlen;
if (m >= b->last) {
r->rlen -= (uint32_t)(b->last - p);
@@ -1141,6 +1145,27 @@ redis_parse_req(struct msg *r)
p = m; /* move forward by rlen bytes */
r->rlen = 0;
+
+ if (redis_argeval(r)) {
+ // For EVAL/EVALSHA, we need to find the integer value of this
+ // argument. It tells us the number of keys in the script, and
+ // we need to error out if number of keys is 0.
+ // At this point, both p and m point to the end of the argument
+ // and r->token points to the start.
+ if (p - r->token <= 1)
+ goto error;
+ uint32_t nkeys = 0;
+ for (uint8_t *chp = r->token; chp < p; chp++) {
+ if (isdigit(*chp))
+ nkeys = nkeys * 10 + (uint32_t)(*chp - '0');
+ else
+ goto error;
+ }
+ if (nkeys == 0)
+ goto error;
+ }
+
+ r->token = NULL;
state = SW_ARG2_LF;
break;
Please sign in to comment.
Something went wrong with that request. Please try again.