On 2021-07-17 7:12 p.m., akuster808 wrote:
On 7/17/21 11:09 AM, Randy MacLeod wrote:
On 2021-07-17 9:50 a.m., akuster808 wrote:
On 7/16/21 11:47 AM, Tony Tascioglu wrote:
This patch backports the fix for CVE-2021-29477.
CVE: CVE-2021-29477
Upstream-Status: Backport
[https://github.com/redis/redis/commit/f0c5f920d0f88bd8aa376a2c05af4902789d1ef9]
Thanks for the fixes. Any reason why updating to the latest stable 6.2.4
is not an option?
https://raw.githubusercontent.com/redis/redis/6.2/00-RELEASENOTES
This commit adds a public function:
1916:void redactClientCommandArgument(client *c, int argc);
in:
https://github.com/redis/redis/commit/875a1f07d821dc5abe737b064018a27bbc7175d2
probably not a show stopper but it does affect the API in server.h.
I didn't check the rest of the commit carefully but we really need an
API/ABI
checker. I'm not sure how redis clients usually interact with the
server, are you?
It would be nice if this site were up to date:
https://abi-laboratory.pro/?view=timeline&l=hiredis
I guess Tony could try the tools that the site points to if
you like Armin.
Thanks for the info. Patches in this case are appropriate.
- Armin
Ping? I don't see this in hardknott yet...
../Randy
../Randy
- Armin
An integer overflow bug in Redis version 6.0 or newer could be
exploited using
the STRALGO LCS command to corrupt the heap and potentially result
with remote
code execution.
Signed-off-by: Tony Tascioglu <[email protected]>
---
.../redis/redis/fix-CVE-2021-29477.patch | 35
+++++++++++++++++++
meta-oe/recipes-extended/redis/redis_6.2.2.bb | 1 +
2 files changed, 36 insertions(+)
create mode 100644
meta-oe/recipes-extended/redis/redis/fix-CVE-2021-29477.patch
diff --git
a/meta-oe/recipes-extended/redis/redis/fix-CVE-2021-29477.patch
b/meta-oe/recipes-extended/redis/redis/fix-CVE-2021-29477.patch
new file mode 100644
index 000000000..a5e5a1ba5
--- /dev/null
+++ b/meta-oe/recipes-extended/redis/redis/fix-CVE-2021-29477.patch
@@ -0,0 +1,35 @@
+From f0c5f920d0f88bd8aa376a2c05af4902789d1ef9 Mon Sep 17 00:00:00 2001
+From: Oran Agra <[email protected]>
+Date: Mon, 3 May 2021 08:32:31 +0300
+Subject: [PATCH] Fix integer overflow in STRALGO LCS (CVE-2021-29477)
+
+An integer overflow bug in Redis version 6.0 or newer could be
exploited using
+the STRALGO LCS command to corrupt the heap and potentially result
with remote
+code execution.
+
+CVE: CVE-2021-29477
+Upstream-Status: Backport
+[https://github.com/redis/redis/commit/f0c5f920d0f88bd8aa376a2c05af4902789d1ef9]
+
+Signed-off-by: Tony Tascioglu <[email protected]>
+
+---
+ src/t_string.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/t_string.c b/src/t_string.c
+index 9228c5ed0..db6f7042e 100644
+--- a/src/t_string.c
++++ b/src/t_string.c
+@@ -805,7 +805,7 @@ void stralgoLCS(client *c) {
+ /* Setup an uint32_t array to store at LCS[i,j] the length of the
+ * LCS A0..i-1, B0..j-1. Note that we have a linear array
here, so
+ * we index it as LCS[j+(blen+1)*j] */
+- uint32_t *lcs = zmalloc((alen+1)*(blen+1)*sizeof(uint32_t));
++ uint32_t *lcs =
zmalloc((size_t)(alen+1)*(blen+1)*sizeof(uint32_t));
+ #define LCS(A,B) lcs[(B)+((A)*(blen+1))]
+
+ /* Start building the LCS table. */
+--
+2.32.0
+
diff --git a/meta-oe/recipes-extended/redis/redis_6.2.2.bb
b/meta-oe/recipes-extended/redis/redis_6.2.2.bb
index 65b525709..e89bb50f1 100644
--- a/meta-oe/recipes-extended/redis/redis_6.2.2.bb
+++ b/meta-oe/recipes-extended/redis/redis_6.2.2.bb
@@ -16,6 +16,7 @@ SRC_URI =
"http://download.redis.io/releases/${BP}.tar.gz \
file://0001-src-Do-not-reset-FINAL_LIBS.patch \
file://GNU_SOURCE.patch \
file://0006-Define-correct-gregs-for-RISCV32.patch \
+ file://fix-CVE-2021-29477.patch \
"
SRC_URI[sha256sum] =
"7a260bb74860f1b88c3d5942bf8ba60ca59f121c6dce42d3017bed6add0b9535"
--
# Randy MacLeod
# Wind River Linux
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#92360):
https://lists.openembedded.org/g/openembedded-devel/message/92360
Mute This Topic: https://lists.openembedded.org/mt/84255896/21656
Group Owner: [email protected]
Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub
[[email protected]]
-=-=-=-=-=-=-=-=-=-=-=-
