redis/go-redis
1
0
Fork 0
mirror of https://github.com/redis/go-redis.git synced 2025-06-15 12:41:41 +03:00
Code Activity

fix: handle network error on SETINFO (#3295) (CVE-2025-29923)

Browse Source 
* fix: handle network error on SETINFO

This fix addresses potential out of order responses as described in `CVE-2025-29923`

* fix: deprecate DisableIndentity and introduce DisableIdentity

Both options will work before V10. In v10 DisableIndentity will be dropped. The preferred flag to use is `DisableIdentity`.
This commit is contained in:
Nedyalko Dyakov
2025-03-19 19:02:36 +02:00
committed by GitHub
parent 74d4f08476
commit d236865b0c
9 changed files with 104 additions and 28 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
bench_decode_test.go
View File

@ -30,7 +30,7 @@ func NewClientStub(resp []byte) *ClientStub {
Dialer: func(ctx context.Context, network, addr string) (net.Conn, error) {
return stub.stubConn(initHello), nil
},
DisableIndentity: true,
DisableIdentity: true,
})
return stub
}
@ -46,7 +46,7 @@ func NewClusterClientStub(resp []byte) *ClientStub {
Dialer: func(ctx context.Context, network, addr string) (net.Conn, error) {
return stub.stubConn(initHello), nil
},
DisableIndentity: true,
DisableIdentity: true,
ClusterSlots: func(_ context.Context) ([]ClusterSlot, error) {
return []ClusterSlot{