Redis Backporting Redis 5 patch for CVE-2021-32675 back to Redis 4

I wanted to backport commit https://github.com/redis/redis/commit/71be97294 for Redis 4 back to Redis 4 and it applied cleanly, but the build failed because the third argument for setProtocolError is missing. AFAIU, this can either be pos or 0.

My open questions: 1) Which value should be provided for setProtocolError? 2) Is that enough to fix CVE-2021-32675 for Redis 4?

Appendix: My current diff to fix the build after the backport of commit 71be97294 to Redis 4:

```diff diff --git a/src/networking.c b/src/networking.c index 4b7f03c3c..f2bc21c98 100644 --- a/src/networking.c +++ b/src/networking.c @@ -1218,7 +1218,7 @@ int processMultibulkBuffer(client *c) { return C_ERR; } else if (ll > 10 && server.requirepass && !c->authenticated) { addReplyError(c, "Protocol error: unauthenticated multibulk length"); - setProtocolError("unauth mbulk count", c); + setProtocolError("unauth mbulk count", c, pos); return C_ERR; }

@@ -1269,7 +1269,7 @@ int processMultibulkBuffer(client *c) { return C_ERR; } else if (ll > 16384 && server.requirepass && !c->authenticated) { addReplyError(c, "Protocol error: unauthenticated bulk length"); - setProtocolError("unauth bulk length", c); + setProtocolError("unauth bulk length", c, pos); return C_ERR; }

-- 2.17.1

Comment From: markuszoeller

It's a different CVE

Am Fr., 22. Okt. 2021 um 20:00 Uhr schrieb Itamar Haber ***@***.***:

xref: #9650 https://github.com/redis/redis/issues/9650

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/redis/redis/issues/9667#issuecomment-949850788, or unsubscribe https://github.com/notifications/unsubscribe-auth/AB3G4FIKELFTVLWZ5ERBX73UIGRFJANCNFSM5GQIK3RQ . Triage notifications on the go with GitHub Mobile for iOS https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675 or Android https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub.

Comment From: itamarhaber

🤦

Comment From: oranagra

@markuszoeller your diff (using pos) seems fine. note that the lines just above these that do similar checks for authenticated clients, use pos too.

Comment From: markuszoeller

Thanks for your help Oran!

Am So., 24. Okt. 2021 um 11:47 Uhr schrieb Oran Agra ***@***.***:

Closed #9667 https://github.com/redis/redis/issues/9667.

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/redis/redis/issues/9667#event-5509308436, or unsubscribe https://github.com/notifications/unsubscribe-auth/AB3G4FMUPDYNEPPYKBVXVD3UIPI33ANCNFSM5GQIK3RQ . Triage notifications on the go with GitHub Mobile for iOS https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675 or Android https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub.