Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix: bugs in stream code #4239

Merged
merged 4 commits into from
Dec 2, 2024
Merged

fix: bugs in stream code #4239

merged 4 commits into from
Dec 2, 2024

Conversation

romange
Copy link
Collaborator

@romange romange commented Dec 2, 2024

  1. Memory leak in streamGetEdgeID
  2. Addresses CVE-2022-31144 (fixes Unpatched Redis Sources (CVE-2022-33105) #3830)
  3. Fixes XAUTOCLAIM bugs and adds tests.
  4. Limits the count argument in XAUTOCLAIM command to 2^18 (CVE-2022-35951)

@romange romange requested a review from chakaz December 2, 2024 09:59
1. Memory leak in streamGetEdgeID
2. Addresses CVE-2022-31144
3. Fixes XAUTOCLAIM bugs and adds tests.
4. Limits the count argument in XAUTOCLAIM command to 2^18 (CVE-2022-35951)

Also fixes #3830

Signed-off-by: Roman Gershman <[email protected]>
Copy link
Collaborator

@chakaz chakaz left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

stream commands are complicated 🤦
Please see some very minor nits

Comment on lines +86 to +89
template <typename... Args> auto RespElementsAre(const Args&... matchers) {
return RespArray(::testing::ElementsAre(matchers...));
}

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ooh nice!

src/server/stream_family.cc Outdated Show resolved Hide resolved
src/server/stream_family_test.cc Outdated Show resolved Hide resolved
src/server/stream_family_test.cc Outdated Show resolved Hide resolved
romange and others added 3 commits December 2, 2024 14:08
Co-authored-by: Shahar Mike <[email protected]>
Signed-off-by: Roman Gershman <[email protected]>
Co-authored-by: Shahar Mike <[email protected]>
Signed-off-by: Roman Gershman <[email protected]>
Co-authored-by: Shahar Mike <[email protected]>
Signed-off-by: Roman Gershman <[email protected]>
@romange romange requested a review from chakaz December 2, 2024 12:50
@romange romange enabled auto-merge (squash) December 2, 2024 12:50
@romange romange merged commit dcee9a9 into main Dec 2, 2024
9 checks passed
@romange romange deleted the Pr2 branch December 2, 2024 13:12
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Unpatched Redis Sources (CVE-2022-33105)
2 participants