CVE-2023-41053: Fix sort_ro get-keys function return wrong key number (#12522) · redis/redis@9e505e6

Commit

Permalink

Browse files

Browse the repository at this point in the history

Fix sort_ro get-keys function return wrong key number (#12522)

Before： ``` 127.0.0.1:6379> command getkeys sort_ro key (empty array) 127.0.0.1:6379> ``` After: ``` 127.0.0.1:6379> command getkeys sort_ro key

1. “key” 127.0.0.1:6379> ```

(cherry picked from commit b59f53e)

• Loading branch information

Showing 2 changed files with 6 additions and 1 deletion.

• • db.c
• • sort.tcl

3 changes: 2 additions & 1 deletion src/db.c

Expand Up

@@ -2294,7 +2294,8 @@ int sortROGetKeys(struct redisCommand *cmd, robj **argv, int argc, getKeysResult

keys = getKeysPrepareResult(result, 1);

keys[0].pos = 1; /* <sort-key> is always present. */

keys[0].flags = CMD_KEY_RO | CMD_KEY_ACCESS;

return 1;

result->numkeys = 1;

return result->numkeys;

}

/* Helper function to extract keys from the SORT command.

Expand Down

4 changes: 4 additions & 0 deletions tests/unit/sort.tcl

Expand Up

@@ -109,6 +109,10 @@ start_server {

test “SORT extracts STORE correctly” {

r command getkeys sort abc store def

} {abc def}

test “SORT_RO get keys” {

r command getkeys sort_ro abc

} {abc}

test “SORT extracts multiple STORE correctly” {

r command getkeys sort abc store invalid store stillbad store def

Expand Down

0 comments on commit 9e505e6

Please sign in to comment.