From: antirez <antirez@gmail.com>
Date: Tue, 11 Sep 2012 08:32:04 +0000 (+0200)
Subject: Make sure that SELECT argument is an integer or return an error.
X-Git-Url: https://git.saurik.com/redis.git/commitdiff_plain/bfc197c3b604baf0dba739ea174d5054284133f0?ds=sidebyside;hp=978e5177fdd33bfc638b6aa7e82bd61b3487afed

Make sure that SELECT argument is an integer or return an error.

Unfortunately we had still the lame atoi() without any error checking in
place, so "SELECT foo" would work as "SELECT 0". This was not an huge
problem per se but some people expected that DB can be strings and not
just numbers, and without errors you get the feeling that they can be
numbers, but not the behavior.

Now getLongFromObjectOrReply() is used as almost everybody else across
the code, generating an error if the number is not an integer or
overflows the long type.

Thanks to @mipearson for reporting that on Twitter.
---

diff --git a/src/db.c b/src/db.c
index 6447838c..5f07e2b6 100644
--- a/src/db.c
+++ b/src/db.c
@@ -228,7 +228,11 @@ void existsCommand(redisClient *c) {
 }
 
 void selectCommand(redisClient *c) {
-    int id = atoi(c->argv[1]->ptr);
+    long id;
+
+    if (getLongFromObjectOrReply(c, c->argv[1], &id,
+        "invalid DB index") != REDIS_OK)
+        return;
 
     if (server.cluster_enabled && id != 0) {
         addReplyError(c,"SELECT is not allowed in cluster mode");