From 5879876d6eea2cde067b087281432140332551ad Mon Sep 17 00:00:00 2001
From: epro <yang.yang@epro.com.cn>
Date: Wed, 18 May 2022 11:22:43 +0800
Subject: [PATCH] =?UTF-8?q?=E4=BF=AE=E6=94=B9CVE=5F2022-24736=E6=BC=8F?=
 =?UTF-8?q?=E6=B4=9E?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 CVE-2022-24736.patch | 30 ++++++++++++++++++++++++++++++
 redis5.spec          |  8 +++++++-
 2 files changed, 37 insertions(+), 1 deletion(-)
 create mode 100644 CVE-2022-24736.patch

diff --git a/CVE-2022-24736.patch b/CVE-2022-24736.patch
new file mode 100644
index 0000000..27862a0
--- /dev/null
+++ b/CVE-2022-24736.patch
@@ -0,0 +1,30 @@
+diff -Naru redis-5.0.14/src/scripting.c redis-5.0.14-new/src/scripting.c
+--- redis-5.0.14/src/scripting.c	2021-10-04 18:58:43.000000000 +0800
++++ redis-5.0.14-new/src/scripting.c	2022-05-17 10:36:15.851022000 +0800
+@@ -463,6 +463,10 @@
+         inuse--;
+         return raise_error ? luaRaiseError(lua) : 1;
+     }
++    
++    /* Pop all arguments from the stack, we do not need them anymore
++     * and this way we guaranty we will have room on the stack for the result. */
++    lua_pop(lua, argc);
+ 
+     /* Setup our fake client for command execution */
+     c->argv = argv;
+@@ -536,7 +540,14 @@
+             }
+             goto cleanup;
+         }
+-    }
++    } else if (server.masterhost == NULL &&
++                   server.repl_min_slaves_max_lag &&
++                   server.repl_min_slaves_to_write &&
++                   server.repl_good_slaves_count < server.repl_min_slaves_to_write)
++        {
++            luaPushError(lua, shared.noreplicaserr->ptr);
++            goto cleanup;
++        }
+ 
+     /* If we reached the memory limit configured via maxmemory, commands that
+      * could enlarge the memory usage are not allowed, but only if this is the
diff --git a/redis5.spec b/redis5.spec
index 16c0ab4..5feec1d 100644
--- a/redis5.spec
+++ b/redis5.spec
@@ -6,7 +6,7 @@
 %global Pname redis
 Name:                redis5
 Version:             5.0.14
-Release:             2
+Release:             3
 Summary:             A persistent key-value database
 License:             BSD and MIT
 URL:                 https://redis.io
@@ -24,6 +24,7 @@ Source10:            https://github.com/antirez/%{Pname}-doc/archive/%{doc_commi
 
 Patch0001:           Modify-aarch64-architecture-jemalloc-page-size-from-from-4k-to-64k.patch
 Patch0002:           Fix-display-error-message.patch
+Patch0003:           CVE-2022-24736.patch
 
 BuildRequires:       gcc
 %if %{with tests}
@@ -83,6 +84,7 @@ tar -xvf  %{SOURCE10}
 %setup -n %{Pname}-%{version}
 %ifarch aarch64
 %patch0001 -p1
+%patch0003 -p1
 %endif
 %patch0002 -p1
 mv ../%{Pname}-doc-%{doc_commit} doc
@@ -189,6 +191,10 @@ exit 0
 %{_docdir}/%{Pname}
 
 %changelog
+
+* Tue May 17 2022 yangyang <yangyang480@huawei.com> - 5.0.7-3
+- Fix missing patch in source package
+
 * Sat Dec 04 2021 xu_ping <xuping33@huawei.com> - 5.0.14-2
 - Fix display error message
 
-- 
Gitee