From 01042e7fcc0d48472ce0fc0a773720d63a57b0f5 Mon Sep 17 00:00:00 2001
From: epro <yang.yang@epro.com.cn>
Date: Wed, 18 May 2022 11:18:53 +0800
Subject: [PATCH] =?UTF-8?q?=E4=BF=AE=E6=94=B9CVE=5F2022-24736=E6=BC=8F?=
 =?UTF-8?q?=E6=B4=9E?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 CVE_2022-24736.patch | 30 ++++++++++++++++++++++++++++++
 redis5.spec          |  7 +++++--
 2 files changed, 35 insertions(+), 2 deletions(-)
 create mode 100644 CVE_2022-24736.patch

diff --git a/CVE_2022-24736.patch b/CVE_2022-24736.patch
new file mode 100644
index 0000000..aecf0d1
--- /dev/null
+++ b/CVE_2022-24736.patch
@@ -0,0 +1,30 @@
+diff -Naru redis-5.0.14/src/scripting.c "redis-5.0.14 copy/src/scripting.c"
+--- redis-5.0.14/src/scripting.c	2021-10-04 18:58:43.000000000 +0800
++++ "redis-5.0.14 copy/src/scripting.c"	2022-05-17 15:01:00.003280000 +0800
+@@ -464,6 +464,10 @@
+         return raise_error ? luaRaiseError(lua) : 1;
+     }
+ 
++    /* Pop all arguments from the stack, we do not need them anymore
++     * and this way we guaranty we will have room on the stack for the result. */
++    lua_pop(lua, argc);
++
+     /* Setup our fake client for command execution */
+     c->argv = argv;
+     c->argc = argc;
+@@ -536,7 +540,14 @@
+             }
+             goto cleanup;
+         }
+-    }
++    } else if (server.masterhost == NULL &&
++                   server.repl_min_slaves_max_lag &&
++                   server.repl_min_slaves_to_write &&
++                   server.repl_good_slaves_count < server.repl_min_slaves_to_write)
++        {
++            luaPushError(lua, shared.noreplicaserr->ptr);
++            goto cleanup;
++        }
+ 
+     /* If we reached the memory limit configured via maxmemory, commands that
+      * could enlarge the memory usage are not allowed, but only if this is the
diff --git a/redis5.spec b/redis5.spec
index 16c0ab4..55c44b0 100644
--- a/redis5.spec
+++ b/redis5.spec
@@ -6,7 +6,7 @@
 %global Pname redis
 Name:                redis5
 Version:             5.0.14
-Release:             2
+Release:             3
 Summary:             A persistent key-value database
 License:             BSD and MIT
 URL:                 https://redis.io
@@ -24,7 +24,7 @@ Source10:            https://github.com/antirez/%{Pname}-doc/archive/%{doc_commi
 
 Patch0001:           Modify-aarch64-architecture-jemalloc-page-size-from-from-4k-to-64k.patch
 Patch0002:           Fix-display-error-message.patch
-
+Patch0003:           CVE_2022-24736.patch
 BuildRequires:       gcc
 %if %{with tests}
 BuildRequires:       procps-ng tcl
@@ -83,6 +83,7 @@ tar -xvf  %{SOURCE10}
 %setup -n %{Pname}-%{version}
 %ifarch aarch64
 %patch0001 -p1
+%patch0003 -p1
 %endif
 %patch0002 -p1
 mv ../%{Pname}-doc-%{doc_commit} doc
@@ -189,6 +190,8 @@ exit 0
 %{_docdir}/%{Pname}
 
 %changelog
+* Tue May 17 2022 yangyang <yangyang480@huawei.com> - 5.0.14-3
+
 * Sat Dec 04 2021 xu_ping <xuping33@huawei.com> - 5.0.14-2
 - Fix display error message
 
-- 
Gitee