mirror of
https://github.com/openembedded/meta-openembedded.git
synced 2026-07-15 16:07:26 +00:00
redis: Fix CVE-2025-21605
Upstream-Status: Backport from https://github.com/redis/redis/commit/42fb340ce426364d64f5dccc9c2549e58f48ac6f Signed-off-by: Vijay Anusuri <vanusuri@mvista.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
This commit is contained in:
committed by
Armin Kuster
parent
a051b4ae05
commit
8f82c7cc4f
@@ -0,0 +1,62 @@
|
|||||||
|
From 42fb340ce426364d64f5dccc9c2549e58f48ac6f Mon Sep 17 00:00:00 2001
|
||||||
|
From: YaacovHazan <yaacov.hazan@redis.com>
|
||||||
|
Date: Wed, 23 Apr 2025 08:09:40 +0000
|
||||||
|
Subject: [PATCH] Limiting output buffer for unauthenticated client
|
||||||
|
(CVE-2025-21605)
|
||||||
|
|
||||||
|
For unauthenticated clients the output buffer is limited to prevent
|
||||||
|
them from abusing it by not reading the replies
|
||||||
|
|
||||||
|
Upstream-Status: Backport [https://github.com/redis/redis/commit/42fb340ce426364d64f5dccc9c2549e58f48ac6f]
|
||||||
|
CVE: CVE-2025-21605
|
||||||
|
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
|
||||||
|
---
|
||||||
|
src/networking.c | 5 +++++
|
||||||
|
tests/unit/auth.tcl | 18 ++++++++++++++++++
|
||||||
|
2 files changed, 23 insertions(+)
|
||||||
|
|
||||||
|
diff --git a/src/networking.c b/src/networking.c
|
||||||
|
index 7007141a867..bb1a72b9fb4 100644
|
||||||
|
--- a/src/networking.c
|
||||||
|
+++ b/src/networking.c
|
||||||
|
@@ -3858,6 +3858,11 @@ int checkClientOutputBufferLimits(client *c) {
|
||||||
|
int soft = 0, hard = 0, class;
|
||||||
|
unsigned long used_mem = getClientOutputBufferMemoryUsage(c);
|
||||||
|
|
||||||
|
+ /* For unauthenticated clients the output buffer is limited to prevent
|
||||||
|
+ * them from abusing it by not reading the replies */
|
||||||
|
+ if (used_mem > 1024 && authRequired(c))
|
||||||
|
+ return 1;
|
||||||
|
+
|
||||||
|
class = getClientType(c);
|
||||||
|
/* For the purpose of output buffer limiting, masters are handled
|
||||||
|
* like normal clients. */
|
||||||
|
diff --git a/tests/unit/auth.tcl b/tests/unit/auth.tcl
|
||||||
|
index 9532e0bd2eb..0d25f5dea2d 100644
|
||||||
|
--- a/tests/unit/auth.tcl
|
||||||
|
+++ b/tests/unit/auth.tcl
|
||||||
|
@@ -45,6 +45,24 @@ start_server {tags {"auth external:skip"} overrides {requirepass foobar}} {
|
||||||
|
assert_match {*unauthenticated bulk length*} $e
|
||||||
|
$rr close
|
||||||
|
}
|
||||||
|
+
|
||||||
|
+ test {For unauthenticated clients output buffer is limited} {
|
||||||
|
+ set rr [redis [srv "host"] [srv "port"] 1 $::tls]
|
||||||
|
+ $rr SET x 5
|
||||||
|
+ catch {[$rr read]} e
|
||||||
|
+ assert_match {*NOAUTH Authentication required*} $e
|
||||||
|
+
|
||||||
|
+ # Fill the output buffer in a loop without reading it and make
|
||||||
|
+ # sure the client disconnected.
|
||||||
|
+ # Considering the socket eat some of the replies, we are testing
|
||||||
|
+ # that such client can't consume more than few MB's.
|
||||||
|
+ catch {
|
||||||
|
+ for {set j 0} {$j < 1000000} {incr j} {
|
||||||
|
+ $rr SET x 5
|
||||||
|
+ }
|
||||||
|
+ } e
|
||||||
|
+ assert_match {I/O error reading reply} $e
|
||||||
|
+ }
|
||||||
|
}
|
||||||
|
|
||||||
|
start_server {tags {"auth_binary_password external:skip"}} {
|
||||||
@@ -23,6 +23,7 @@ SRC_URI = "http://download.redis.io/releases/${BP}.tar.gz \
|
|||||||
file://CVE-2024-31449.patch \
|
file://CVE-2024-31449.patch \
|
||||||
file://CVE-2024-46981.patch \
|
file://CVE-2024-46981.patch \
|
||||||
file://CVE-2024-51741.patch \
|
file://CVE-2024-51741.patch \
|
||||||
|
file://CVE-2025-21605.patch \
|
||||||
"
|
"
|
||||||
SRC_URI[sha256sum] = "97065774d5fb8388eb0d8913458decfcb167d356e40d31dd01cd30c1cc391673"
|
SRC_URI[sha256sum] = "97065774d5fb8388eb0d8913458decfcb167d356e40d31dd01cd30c1cc391673"
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user