From bfc197c3b604baf0dba739ea174d5054284133f0 Mon Sep 17 00:00:00 2001 From: antirez Date: Tue, 11 Sep 2012 10:32:04 +0200 Subject: [PATCH 1/1] Make sure that SELECT argument is an integer or return an error. Unfortunately we had still the lame atoi() without any error checking in place, so "SELECT foo" would work as "SELECT 0". This was not an huge problem per se but some people expected that DB can be strings and not just numbers, and without errors you get the feeling that they can be numbers, but not the behavior. Now getLongFromObjectOrReply() is used as almost everybody else across the code, generating an error if the number is not an integer or overflows the long type. Thanks to @mipearson for reporting that on Twitter. --- src/db.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/src/db.c b/src/db.c index 6447838c..5f07e2b6 100644 --- a/src/db.c +++ b/src/db.c @@ -228,7 +228,11 @@ void existsCommand(redisClient *c) { } void selectCommand(redisClient *c) { - int id = atoi(c->argv[1]->ptr); + long id; + + if (getLongFromObjectOrReply(c, c->argv[1], &id, + "invalid DB index") != REDIS_OK) + return; if (server.cluster_enabled && id != 0) { addReplyError(c,"SELECT is not allowed in cluster mode"); -- 2.45.2