mirror of
https://github.com/openembedded/meta-openembedded.git
synced 2026-07-15 16:07:26 +00:00
redis: Fix CVE-2025-48367
import patch from debian to fix CVE-2025-48367 Upstream-Status: Backport [import from debian redis_7.0.15-1~deb12u6.debian.tar.xz Upstream commit https://github.com/redis/redis/commit/0fe67435935cc5724ff6eb9c4ca4120c58a15765] Signed-off-by: Vijay Anusuri <vanusuri@mvista.com> Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
This commit is contained in:
committed by
Gyorgy Sarvari
parent
537ab769ae
commit
b5ec3b12dd
@@ -0,0 +1,111 @@
|
||||
From 0fe67435935cc5724ff6eb9c4ca4120c58a15765 Mon Sep 17 00:00:00 2001
|
||||
From: Ozan Tezcan <ozantezcan@gmail.com>
|
||||
Date: Wed, 14 May 2025 11:02:30 +0300
|
||||
Subject: [PATCH] Retry accept() even if accepted connection reports an error
|
||||
(CVE-2025-48367)
|
||||
|
||||
In case of accept4() returns an error, we should check errno value and
|
||||
decide if we should retry accept4() without waiting next event loop iteration.
|
||||
|
||||
Upstream-Status: Backport [import from debian redis_7.0.15-1~deb12u6.debian.tar.xz
|
||||
Upstream commit
|
||||
https://github.com/redis/redis/commit/0fe67435935cc5724ff6eb9c4ca4120c58a15765]
|
||||
CVE: CVE-2025-48367
|
||||
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
|
||||
---
|
||||
src/anet.c | 24 ++++++++++++++++++++++++
|
||||
src/anet.h | 1 +
|
||||
src/cluster.c | 2 ++
|
||||
src/networking.c | 6 ++++++
|
||||
4 files changed, 33 insertions(+)
|
||||
|
||||
diff --git a/src/anet.c b/src/anet.c
|
||||
index 10840fc..a38ab1b 100644
|
||||
--- a/src/anet.c
|
||||
+++ b/src/anet.c
|
||||
@@ -705,3 +705,27 @@ int anetSetSockMarkId(char *err, int fd, uint32_t id) {
|
||||
return ANET_OK;
|
||||
#endif
|
||||
}
|
||||
+
|
||||
+/* This function must be called after accept4() fails. It returns 1 if 'err'
|
||||
+ * indicates accepted connection faced an error, and it's okay to continue
|
||||
+ * accepting next connection by calling accept4() again. Other errors either
|
||||
+ * indicate programming errors, e.g. calling accept() on a closed fd or indicate
|
||||
+ * a resource limit has been reached, e.g. -EMFILE, open fd limit has been
|
||||
+ * reached. In the latter case, caller might wait until resources are available.
|
||||
+ * See accept4() documentation for details. */
|
||||
+int anetAcceptFailureNeedsRetry(int err) {
|
||||
+ if (err == ECONNABORTED)
|
||||
+ return 1;
|
||||
+
|
||||
+#if defined(__linux__)
|
||||
+ /* For details, see 'Error Handling' section on
|
||||
+ * https://man7.org/linux/man-pages/man2/accept.2.html */
|
||||
+ if (err == ENETDOWN || err == EPROTO || err == ENOPROTOOPT ||
|
||||
+ err == EHOSTDOWN || err == ENONET || err == EHOSTUNREACH ||
|
||||
+ err == EOPNOTSUPP || err == ENETUNREACH)
|
||||
+ {
|
||||
+ return 1;
|
||||
+ }
|
||||
+#endif
|
||||
+ return 0;
|
||||
+}
|
||||
diff --git a/src/anet.h b/src/anet.h
|
||||
index ff86e20..864f756 100644
|
||||
--- a/src/anet.h
|
||||
+++ b/src/anet.h
|
||||
@@ -74,5 +74,6 @@ int anetFormatAddr(char *fmt, size_t fmt_len, char *ip, int port);
|
||||
int anetFormatFdAddr(int fd, char *buf, size_t buf_len, int fd_to_str_type);
|
||||
int anetPipe(int fds[2], int read_flags, int write_flags);
|
||||
int anetSetSockMarkId(char *err, int fd, uint32_t id);
|
||||
+int anetAcceptFailureNeedsRetry(int err);
|
||||
|
||||
#endif
|
||||
diff --git a/src/cluster.c b/src/cluster.c
|
||||
index 70ede5c..cb37160 100644
|
||||
--- a/src/cluster.c
|
||||
+++ b/src/cluster.c
|
||||
@@ -879,6 +879,8 @@ void clusterAcceptHandler(aeEventLoop *el, int fd, void *privdata, int mask) {
|
||||
while(max--) {
|
||||
cfd = anetTcpAccept(server.neterr, fd, cip, sizeof(cip), &cport);
|
||||
if (cfd == ANET_ERR) {
|
||||
+ if (anetAcceptFailureNeedsRetry(errno))
|
||||
+ continue;
|
||||
if (errno != EWOULDBLOCK)
|
||||
serverLog(LL_VERBOSE,
|
||||
"Error accepting cluster node: %s", server.neterr);
|
||||
diff --git a/src/networking.c b/src/networking.c
|
||||
index 386773e..0f9b7bf 100644
|
||||
--- a/src/networking.c
|
||||
+++ b/src/networking.c
|
||||
@@ -1366,6 +1366,8 @@ void acceptTcpHandler(aeEventLoop *el, int fd, void *privdata, int mask) {
|
||||
while(max--) {
|
||||
cfd = anetTcpAccept(server.neterr, fd, cip, sizeof(cip), &cport);
|
||||
if (cfd == ANET_ERR) {
|
||||
+ if (anetAcceptFailureNeedsRetry(errno))
|
||||
+ continue;
|
||||
if (errno != EWOULDBLOCK)
|
||||
serverLog(LL_WARNING,
|
||||
"Accepting client connection: %s", server.neterr);
|
||||
@@ -1386,6 +1388,8 @@ void acceptTLSHandler(aeEventLoop *el, int fd, void *privdata, int mask) {
|
||||
while(max--) {
|
||||
cfd = anetTcpAccept(server.neterr, fd, cip, sizeof(cip), &cport);
|
||||
if (cfd == ANET_ERR) {
|
||||
+ if (anetAcceptFailureNeedsRetry(errno))
|
||||
+ continue;
|
||||
if (errno != EWOULDBLOCK)
|
||||
serverLog(LL_WARNING,
|
||||
"Accepting client connection: %s", server.neterr);
|
||||
@@ -1405,6 +1409,8 @@ void acceptUnixHandler(aeEventLoop *el, int fd, void *privdata, int mask) {
|
||||
while(max--) {
|
||||
cfd = anetUnixAccept(server.neterr, fd);
|
||||
if (cfd == ANET_ERR) {
|
||||
+ if (anetAcceptFailureNeedsRetry(errno))
|
||||
+ continue;
|
||||
if (errno != EWOULDBLOCK)
|
||||
serverLog(LL_WARNING,
|
||||
"Accepting client connection: %s", server.neterr);
|
||||
--
|
||||
2.25.1
|
||||
|
||||
@@ -26,6 +26,7 @@ SRC_URI = "http://download.redis.io/releases/${BP}.tar.gz \
|
||||
file://CVE-2025-21605.patch \
|
||||
file://CVE-2025-27151.patch \
|
||||
file://CVE-2025-32023.patch \
|
||||
file://CVE-2025-48367.patch \
|
||||
"
|
||||
SRC_URI[sha256sum] = "97065774d5fb8388eb0d8913458decfcb167d356e40d31dd01cd30c1cc391673"
|
||||
|
||||
|
||||
Reference in New Issue
Block a user