From: Pieter Noordhuis <pcnoordhuis@gmail.com>
Date: Fri, 15 Oct 2010 17:15:38 +0000 (+0200)
Subject: Prevent clients from making too large multibulk requests
X-Git-Url: https://git.saurik.com/redis.git/commitdiff_plain/b19c33d48a3b5456b87f84c85fdd85592e0c0562?hp=ea5b70924d444c5ebf32afdd577ddc7c1328a674

Prevent clients from making too large multibulk requests
---

diff --git a/src/networking.c b/src/networking.c
index e2e25207..46d49bf6 100644
--- a/src/networking.c
+++ b/src/networking.c
@@ -724,6 +724,10 @@ int processMultibulkBuffer(redisClient *c) {
         if (c->multibulklen <= 0) {
             c->querybuf = sdsrange(c->querybuf,pos,-1);
             return REDIS_OK;
+        } else if (c->multibulklen > 1024*1024) {
+            addReplyError(c,"Protocol error: invalid multibulk length");
+            setProtocolError(c,pos);
+            return REDIS_ERR;
         }
 
         /* Setup argv array on client structure */
diff --git a/tests/unit/protocol.tcl b/tests/unit/protocol.tcl
index d1fadffb..b0faf5dd 100644
--- a/tests/unit/protocol.tcl
+++ b/tests/unit/protocol.tcl
@@ -13,6 +13,13 @@ start_server {tags {"protocol"}} {
         assert_equal PONG [r ping]
     }
 
+    test "Out of range multibulk length" {
+        reconnect
+        r write "*20000000\r\n"
+        r flush
+        assert_error "*invalid multibulk length*" {r read}
+    }
+
     test "Wrong multibulk payload header" {
         reconnect
         r write "*3\r\n\$3\r\nSET\r\n\$1\r\nx\r\nfooz\r\n"