git-hulk commented on code in PR #2765:
URL: https://github.com/apache/kvrocks/pull/2765#discussion_r1940328731
##########
src/server/redis_connection.cc:
##########
@@ -385,10 +385,17 @@ void
Connection::ExecuteCommands(std::deque<CommandTokens> *to_process_cmds) {
auto cmd_s = Server::LookupAndCreateCommand(cmd_tokens.front());
if (!cmd_s.IsOK()) {
+ auto cmd_name = cmd_tokens.front();
+ if (util::EqualICase(cmd_name, "host:") || util::EqualICase(cmd_name,
"post")) {
+ LOG(WARNING) << "A likely HTTP request is detected in the RESP
connection, indicating a potential "
+ "Cross-Protocol Scripting attack. Connection aborted.";
+ Close();
Review Comment:
```suggestion
EnableFlag(kCloseAsync);
```
Sorry for misleading. Should use the `kCloseAsync` flag to avoid
use-heap-after-free error due to `ExecuteCommands` was called inside conn
s read callback.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
