From c83bdf8354675cbe98d96157b31604b4be911f75 Mon Sep 17 00:00:00 2001 From: yanghuan <673020559@qq.com> Date: Wed, 18 May 2022 11:03:57 +0800 Subject: [PATCH 1/2] [sync] PR-19: fix CVE-2022-24736 --- CVE-2022-24736.patch | 36 ++++++++++++++++++++++++++++++++++++ redis6.spec | 7 ++++++- 2 files changed, 42 insertions(+), 1 deletion(-) create mode 100644 CVE-2022-24736.patch diff --git a/CVE-2022-24736.patch b/CVE-2022-24736.patch new file mode 100644 index 0000000..e59ffd1 --- /dev/null +++ b/CVE-2022-24736.patch @@ -0,0 +1,36 @@ +diff -Naru redis-6.0.11/src/scripting.c redis-6.0.11-new/src/scripting.c +--- redis-6.0.11/src/scripting.c 2021-02-23 07:35:37.000000000 +0800 ++++ redis-6.0.11-new/src/scripting.c 2022-05-17 15:04:15.490592000 +0800 +@@ -559,6 +559,10 @@ + return raise_error ? luaRaiseError(lua) : 1; + } + ++ /* Pop all arguments from the stack, we do not need them anymore ++ * and this way we guaranty we will have room on the stack for the result. */ ++ lua_pop(lua, argc); ++ + /* Setup our fake client for command execution */ + c->argv = argv; + c->argc = argc; +@@ -624,6 +628,7 @@ + * command marked as non-deterministic was already called in the context + * of this script. */ + if (cmd->flags & CMD_WRITE) { ++ /* Deny writes if we're unale to persist. */ + int deny_write_type = writeCommandsDeniedByDiskError(); + if (server.lua_random_dirty && !server.lua_replicate_commands) { + luaPushError(lua, +@@ -646,6 +651,13 @@ + sdsfree(aof_write_err); + } + goto cleanup; ++ } else if (server.masterhost == NULL && ++ server.repl_min_slaves_max_lag && ++ server.repl_min_slaves_to_write && ++ server.repl_good_slaves_count < server.repl_min_slaves_to_write) ++ { ++ luaPushError(lua, shared.noreplicaserr->ptr); ++ goto cleanup; + } + } + diff --git a/redis6.spec b/redis6.spec index fd86354..37a7d32 100644 --- a/redis6.spec +++ b/redis6.spec @@ -6,7 +6,7 @@ %global Pname redis Name: redis6 Version: 6.0.11 -Release: 4 +Release: 5 Summary: A persistent key-value database License: BSD and MIT URL: https://redis.io @@ -22,6 +22,7 @@ Source10: https://github.com/%{Pname}/%{Pname}-doc/archive/%{doc_comm Patch0001: Modify-aarch64-architecture-jemalloc-page-size-from-from-4k-to-64k.patch Patch0002: CVE-2021-32626.patch +Patch0003: CVE-2022-24736.patch BuildRequires: make gcc %if %{with tests} BuildRequires: procps-ng tcl @@ -81,6 +82,7 @@ tar -xvf %{SOURCE10} %ifarch aarch64 %patch0001 -p1 %patch0002 -p1 +%patch0003 -p1 %endif mv ../%{Pname}-doc-%{doc_commit} doc mv deps/lua/COPYRIGHT COPYRIGHT-lua @@ -210,6 +212,9 @@ fi %{_docdir}/%{Pname} %changelog +* Mon May 16 2022 yanghuan - 6.0.11-7 +- Fix CVE-2022-24736 + * Thu Nov 04 2021 liwu - 6.0.11-4 - Fix CVE-2021-32626 -- Gitee From 3a178a8cbf374e5b969741e766cde1b8394895b4 Mon Sep 17 00:00:00 2001 From: yanghuan <673020559@qq.com> Date: Thu, 19 May 2022 09:10:28 +0800 Subject: [PATCH 2/2] fix CVE-2022-24736 --- redis6.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/redis6.spec b/redis6.spec index 37a7d32..fccd0cd 100644 --- a/redis6.spec +++ b/redis6.spec @@ -212,7 +212,7 @@ fi %{_docdir}/%{Pname} %changelog -* Mon May 16 2022 yanghuan - 6.0.11-7 +* Mon May 16 2022 yanghuan - 6.0.11-5 - Fix CVE-2022-24736 * Thu Nov 04 2021 liwu - 6.0.11-4 -- Gitee