Redis [BUG] Some passwords cannot be entered in redis-cli

Describe the bug

This password:

^8T>6Na{u|jp>+v"55\@_;OU(OR]7mbAYGqsfyu48(j'%hQH7;v*f1H${*gD(Se'

cannot be entered in redis-cli.

To reproduce

Load this ACL from file:

user some_admin_user on allcommands >^8T>6Na{u|jp>+v"55\@_;OU(OR]7mbAYGqsfyu48(j'%hQH7;v*f1H${*gD(Se'

then start redis-cli and try to issue:

auth some_admin_user ^8T>6Na{u|jp>+v"55\@_;OU(OR]7mbAYGqsfyu48(j'%hQH7;v*f1H${*gD(Se'

It won't work, it will say Invalid argument(s). Which means incorrect password, somehow.

Expected behavior

I would expect the password to be accepted.

Additional information

This is probably an escaping issue of some kind, if redis is truly binary safe. Either the database is parsing syntax inside the password while reading from the file, or redis-cli is parsing syntax inside the password when trying to issue the AUTH command. I tried quoting and backslash escaping special characters but I couldn't find any combination that worked. It would be nice to know what is going on and if it can be fixed.

I was able to resolve the issue by generating a different password that did not include quotation marks or backslashes.

Comment From: LoganDark

It's possible to authenticate with this password using redis-cli --user some_admin_user --askpass, so the escaping issue is on redis-cli's end

Comment From: madolson

The problem here is related to character escaping in the cli, not redis itself. Since your password contains a ", the cli is trying to parse a quoted string. The correct way to send the command requires you to escape the argument, like: auth user ">^8T>6Na{u|jp>+v\"55\@_;OU(OR]7mbAYGqsfyu48(j'%hQH7;v*f1H${*gD(Se'".

Comment From: LoganDark

The problem here is related to character escaping in the cli, not redis itself.

Indeed :>

The correct way to send the command requires you to escape the argument, like: auth user ">^8T>6Na{u|jp>+v\"55\@_;OU(OR]7mbAYGqsfyu48(j'%hQH7;v*f1H${*gD(Se'".

Is this documented anywhere?

Comment From: madolson

It doesn't seem like it.

Comment From: LoganDark

I think it would be helpful to document that, so that in the future, users have a resource to learn how this works so they won't have to open an issue about it :)

Comment From: madolson

https://github.com/redis/redis-doc/issues/1930