On 7/17/21 11:09 AM, Randy MacLeod wrote: > On 2021-07-17 9:50 a.m., akuster808 wrote: >> >> On 7/16/21 11:47 AM, Tony Tascioglu wrote: >>> This patch backports the fix for CVE-2021-29477. >>> >>> CVE: CVE-2021-29477 >>> Upstream-Status: Backport >>> [https://github.com/redis/redis/commit/f0c5f920d0f88bd8aa376a2c05af4902789d1ef9] >>> >> Thanks for the fixes. Any reason why updating to the latest stable 6.2.4 >> is not an option? >> https://raw.githubusercontent.com/redis/redis/6.2/00-RELEASENOTES > > This commit adds a public function: > > 1916:void redactClientCommandArgument(client *c, int argc); > in: > https://github.com/redis/redis/commit/875a1f07d821dc5abe737b064018a27bbc7175d2 > > > probably not a show stopper but it does affect the API in server.h. > > I didn't check the rest of the commit carefully but we really need an > API/ABI > checker. I'm not sure how redis clients usually interact with the > server, are you? > > It would be nice if this site were up to date: > https://abi-laboratory.pro/?view=timeline&l=hiredis > > I guess Tony could try the tools that the site points to if > you like Armin.
Thanks for the info. Patches in this case are appropriate. - Armin > > ../Randy > > >> - Armin >>> An integer overflow bug in Redis version 6.0 or newer could be >>> exploited using >>> the STRALGO LCS command to corrupt the heap and potentially result >>> with remote >>> code execution. >>> >>> Signed-off-by: Tony Tascioglu <[email protected]> >>> --- >>> .../redis/redis/fix-CVE-2021-29477.patch | 35 >>> +++++++++++++++++++ >>> meta-oe/recipes-extended/redis/redis_6.2.2.bb | 1 + >>> 2 files changed, 36 insertions(+) >>> create mode 100644 >>> meta-oe/recipes-extended/redis/redis/fix-CVE-2021-29477.patch >>> >>> diff --git >>> a/meta-oe/recipes-extended/redis/redis/fix-CVE-2021-29477.patch >>> b/meta-oe/recipes-extended/redis/redis/fix-CVE-2021-29477.patch >>> new file mode 100644 >>> index 000000000..a5e5a1ba5 >>> --- /dev/null >>> +++ b/meta-oe/recipes-extended/redis/redis/fix-CVE-2021-29477.patch >>> @@ -0,0 +1,35 @@ >>> +From f0c5f920d0f88bd8aa376a2c05af4902789d1ef9 Mon Sep 17 00:00:00 2001 >>> +From: Oran Agra <[email protected]> >>> +Date: Mon, 3 May 2021 08:32:31 +0300 >>> +Subject: [PATCH] Fix integer overflow in STRALGO LCS (CVE-2021-29477) >>> + >>> +An integer overflow bug in Redis version 6.0 or newer could be >>> exploited using >>> +the STRALGO LCS command to corrupt the heap and potentially result >>> with remote >>> +code execution. >>> + >>> +CVE: CVE-2021-29477 >>> +Upstream-Status: Backport >>> +[https://github.com/redis/redis/commit/f0c5f920d0f88bd8aa376a2c05af4902789d1ef9] >>> >>> + >>> +Signed-off-by: Tony Tascioglu <[email protected]> >>> + >>> +--- >>> + src/t_string.c | 2 +- >>> + 1 file changed, 1 insertion(+), 1 deletion(-) >>> + >>> +diff --git a/src/t_string.c b/src/t_string.c >>> +index 9228c5ed0..db6f7042e 100644 >>> +--- a/src/t_string.c >>> ++++ b/src/t_string.c >>> +@@ -805,7 +805,7 @@ void stralgoLCS(client *c) { >>> + /* Setup an uint32_t array to store at LCS[i,j] the length of the >>> + * LCS A0..i-1, B0..j-1. Note that we have a linear array >>> here, so >>> + * we index it as LCS[j+(blen+1)*j] */ >>> +- uint32_t *lcs = zmalloc((alen+1)*(blen+1)*sizeof(uint32_t)); >>> ++ uint32_t *lcs = >>> zmalloc((size_t)(alen+1)*(blen+1)*sizeof(uint32_t)); >>> + #define LCS(A,B) lcs[(B)+((A)*(blen+1))] >>> + >>> + /* Start building the LCS table. */ >>> +-- >>> +2.32.0 >>> + >>> diff --git a/meta-oe/recipes-extended/redis/redis_6.2.2.bb >>> b/meta-oe/recipes-extended/redis/redis_6.2.2.bb >>> index 65b525709..e89bb50f1 100644 >>> --- a/meta-oe/recipes-extended/redis/redis_6.2.2.bb >>> +++ b/meta-oe/recipes-extended/redis/redis_6.2.2.bb >>> @@ -16,6 +16,7 @@ SRC_URI = >>> "http://download.redis.io/releases/${BP}.tar.gz \ >>> file://0001-src-Do-not-reset-FINAL_LIBS.patch \ >>> file://GNU_SOURCE.patch \ >>> file://0006-Define-correct-gregs-for-RISCV32.patch \ >>> + file://fix-CVE-2021-29477.patch \ >>> " >>> SRC_URI[sha256sum] = >>> "7a260bb74860f1b88c3d5942bf8ba60ca59f121c6dce42d3017bed6add0b9535" >>> >>> >>> >
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#92260): https://lists.openembedded.org/g/openembedded-devel/message/92260 Mute This Topic: https://lists.openembedded.org/mt/84255896/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
