Module: kamailio Branch: master Commit: 31138dd4966bf2e03da330f729851e3f019762ae URL: https://github.com/kamailio/kamailio/commit/31138dd4966bf2e03da330f729851e3f019762ae
Author: Jack Cao <[email protected]> Committer: Henning Westerholt <[email protected]> Date: 2025-11-17T10:24:18+01:00 ndb_redis: fix tls parsing, set timeout before AUTH, bound sentinel copy, prep dyn-node attrs Signed-off-by: Jack Cao <[email protected]> --- Modified: src/modules/ndb_redis/redis_client.c --- Diff: https://github.com/kamailio/kamailio/commit/31138dd4966bf2e03da330f729851e3f019762ae.diff Patch: https://github.com/kamailio/kamailio/commit/31138dd4966bf2e03da330f729851e3f019762ae.patch --- diff --git a/src/modules/ndb_redis/redis_client.c b/src/modules/ndb_redis/redis_client.c index 24cff78e751..4afb0b96158 100644 --- a/src/modules/ndb_redis/redis_client.c +++ b/src/modules/ndb_redis/redis_client.c @@ -69,7 +69,7 @@ extern char *ndb_redis_ca_path; #endif /* backwards compatibility with hiredis < 0.12 */ -#if(HIREDIS_MAJOR == 0) && (HIREDIS_MINOR < 12) +#if (HIREDIS_MAJOR == 0) && (HIREDIS_MINOR < 12) typedef char *sds; sds sdscatlen(sds s, const void *t, size_t len); int redis_append_formatted_command( @@ -153,8 +153,7 @@ int redisc_init(void) #ifdef WITH_SSL } else if(pit->name.len == 3 && strncmp(pit->name.s, "tls", 3) == 0) { - snprintf(pass, sizeof(pass) - 1, "%.*s", pit->body.len, - pit->body.s); + /* parse tls flag only; do not overwrite password buffer */ if(str2int(&pit->body, &enable_ssl) < 0) enable_ssl = 0; #endif @@ -205,8 +204,12 @@ int redisc_init(void) sentinel_group); if(res && (res->type == REDIS_REPLY_ARRAY) && (res->elements == 2)) { - strncpy(addr, res->element[0]->str, - res->element[0]->len + 1); + /* safe-bounded copy of address */ + size_t alen = (size_t)res->element[0]->len; + if(alen >= sizeof(addr)) + alen = sizeof(addr) - 1; + memcpy(addr, res->element[0]->str, alen); + addr[alen] = '\0'; port = atoi(res->element[1]->str); LM_DBG("sentinel replied: %s:%d\n", addr, port); srvfound = 1; @@ -288,14 +291,15 @@ int redisc_init(void) rsrv->ctxRedis->errstr); goto err2; } - if((haspass != 0) && redisc_check_auth(rsrv, pass)) { - LM_ERR("Authentication failed.\n"); - goto err2; - } + /* set command timeout before any command including AUTH */ if(redisSetTimeout(rsrv->ctxRedis, tv_cmd)) { LM_ERR("Failed to set timeout.\n"); goto err2; } + if((haspass != 0) && redisc_check_auth(rsrv, pass)) { + LM_ERR("Authentication failed.\n"); + goto err2; + } if(redisCommandNR(rsrv->ctxRedis, "PING")) { LM_ERR("Failed to send PING (REDIS returned %s).\n", rsrv->ctxRedis->errstr); @@ -524,8 +528,7 @@ int redisc_reconnect_server(redisc_server_t *rsrv) haspass = 1; #ifdef WITH_SSL } else if(pit->name.len == 3 && strncmp(pit->name.s, "tls", 3) == 0) { - snprintf( - pass, sizeof(pass) - 1, "%.*s", pit->body.len, pit->body.s); + /* parse tls flag only; do not overwrite password buffer */ if(str2int(&pit->body, &enable_ssl) < 0) enable_ssl = 0; #endif @@ -653,10 +656,11 @@ int redisc_reconnect_server(redisc_server_t *rsrv) goto err; if(rsrv->ctxRedis->err) goto err2; - if((haspass) && redisc_check_auth(rsrv, pass)) - goto err2; + /* set command timeout before any command including AUTH */ if(redisSetTimeout(rsrv->ctxRedis, tv_cmd)) goto err2; + if((haspass) && redisc_check_auth(rsrv, pass)) + goto err2; if(redisCommandNR(rsrv->ctxRedis, "PING")) goto err2; if((redis_cluster_param == 0) @@ -961,12 +965,10 @@ int check_cluster_reply(redisReply *reply, redisc_server_t **rsrv) char *server_new; memset(spec_new, 0, sizeof(spec_new)); - /* For now the only way this can work is if - * the new node is accessible with default - * parameters for sock and db */ + /* For now, also include db=0 to prepare attribute inheritance */ server_len = snprintf(spec_new, sizeof(spec_new) - 1, - "name=%.*s;addr=%.*s;port=%i", name.len, name.s, - addr.len, addr.s, port); + "name=%.*s;addr=%.*s;port=%i;db=%d", name.len, name.s, + addr.len, addr.s, port, 0); if(server_len < 0 || server_len > sizeof(spec_new) - 1) { LM_ERR("failed to print server spec string (%d)\n", @@ -1340,7 +1342,7 @@ int redisc_check_auth(redisc_server_t *rsrv, char *pass) } /* backwards compatibility with hiredis < 0.12 */ -#if(HIREDIS_MAJOR == 0) && (HIREDIS_MINOR < 12) +#if (HIREDIS_MAJOR == 0) && (HIREDIS_MINOR < 12) int redis_append_formatted_command(redisContext *c, const char *cmd, size_t len) { sds newbuf; _______________________________________________ Kamailio - Development Mailing List -- [email protected] To unsubscribe send an email to [email protected] Important: keep the mailing list in the recipients, do not reply only to the sender!
