From c3525cd54061d3845ccc78ae371b412ebc4e0bb3 Mon Sep 17 00:00:00 2001
From: yaozile <yaozile@xfusion.com>
Date: Thu, 21 Dec 2023 10:24:42 +0800
Subject: [PATCH] Fix CVE-2023-45145

signed-off-by: yaozile <yaozile@xfusion.com>
---
 Fix-CVE-2023-45145.patch | 54 ++++++++++++++++++++++++++++++++++++++++
 redis6.spec              |  7 +++++-
 2 files changed, 60 insertions(+), 1 deletion(-)
 create mode 100644 Fix-CVE-2023-45145.patch

diff --git a/Fix-CVE-2023-45145.patch b/Fix-CVE-2023-45145.patch
new file mode 100644
index 0000000..f2b49d0
--- /dev/null
+++ b/Fix-CVE-2023-45145.patch
@@ -0,0 +1,54 @@
+From 5448495299f30b1560b9c827b5cbec41dc415497 Mon Sep 17 00:00:00 2001
+From: Zile Yao <yaozile@xfusion.com>
+Date: Wed, 20 Dec 2023 21:06:01 -0500
+Subject: [PATCH] cve
+
+---
+ src/anet.c | 11 ++++++-----
+ 1 file changed, 6 insertions(+), 5 deletions(-)
+
+diff --git a/src/anet.c b/src/anet.c
+index a121c27..c16d569 100644
+--- a/src/anet.c
++++ b/src/anet.c
+@@ -397,13 +397,16 @@ int anetUnixGenericConnect(char *err, const char *path, int flags)
+     return s;
+ }
+
+-static int anetListen(char *err, int s, struct sockaddr *sa, socklen_t len, int backlog) {
++static int anetListen(char *err, int s, struct sockaddr *sa, socklen_t len, int backlog, mode_t perm) {
+     if (bind(s,sa,len) == -1) {
+         anetSetError(err, "bind: %s", strerror(errno));
+         close(s);
+         return ANET_ERR;
+     }
+
++if (sa->sa_family == AF_LOCAL && perm)
++    chmod(((struct sockaddr_un *) sa)->sun_path, perm);
++
+     if (listen(s, backlog) == -1) {
+         anetSetError(err, "listen: %s", strerror(errno));
+         close(s);
+@@ -447,7 +450,7 @@ static int _anetTcpServer(char *err, int port, char *bindaddr, int af, int backl
+
+         if (af == AF_INET6 && anetV6Only(err,s) == ANET_ERR) goto error;
+         if (anetSetReuseAddr(err,s) == ANET_ERR) goto error;
+-        if (anetListen(err,s,p->ai_addr,p->ai_addrlen,backlog) == ANET_ERR) s = ANET_ERR;
++        if (anetListen(err,s,p->ai_addr,p->ai_addrlen,backlog, 0) == ANET_ERR) s = ANET_ERR;
+         goto end;
+     }
+     if (p == NULL) {
+@@ -484,10 +487,8 @@ int anetUnixServer(char *err, char *path, mode_t perm, int backlog)
+     memset(&sa,0,sizeof(sa));
+     sa.sun_family = AF_LOCAL;
+     strncpy(sa.sun_path,path,sizeof(sa.sun_path)-1);
+-    if (anetListen(err,s,(struct sockaddr*)&sa,sizeof(sa),backlog) == ANET_ERR)
++    if (anetListen(err,s,(struct sockaddr*)&sa,sizeof(sa),backlog,perm) == ANET_ERR)
+         return ANET_ERR;
+-    if (perm)
+-        chmod(sa.sun_path, perm);
+     return s;
+ }
+
+--
+1.8.3.1
diff --git a/redis6.spec b/redis6.spec
index ea0ae4c..ea8ca2d 100644
--- a/redis6.spec
+++ b/redis6.spec
@@ -6,7 +6,7 @@
 %global Pname redis
 Name:                redis6
 Version:             6.2.7
-Release:             3
+Release:             4
 Summary:             A persistent key-value database
 License:             BSD and MIT
 URL:                 https://redis.io
@@ -23,6 +23,7 @@ Patch0001:           Modify-aarch64-architecture-jemalloc-page-size-from-from-4k
 Patch0003:           Add-loongarch64-support.patch
 Patch0004:           Update-config.guess-and-config.sub.patch
 Patch0005:	     add-sw_64-support.patch
+Patch0006:	     Fix-CVE-2023-45145.patch
 
 BuildRequires:       make gcc
 %if %{with tests}
@@ -90,6 +91,7 @@ tar -xvf  %{SOURCE10}
 %ifarch sw_64
 %patch0005 -p1
 %endif
+%patch0006 -p1
 mv ../%{Pname}-doc-%{doc_commit} doc
 mv deps/lua/COPYRIGHT    COPYRIGHT-lua
 mv deps/jemalloc/COPYING COPYING-jemalloc
@@ -218,6 +220,9 @@ fi
 %{_docdir}/%{Pname}
 
 %changelog
+* Thu Dec 21 2023 ZileYao <yaozile@xfusion.com> - 6.2.7-4
+- Fix CVE-2023-45145
+
 * Sat Aug 12 2023 panchenbo <panchenbo@kylinsec.com.cn> - 6.2.7-3
 - add sw_64 support
 
-- 
Gitee