redis/go-redis
1
0
Fork 0
mirror of https://github.com/redis/go-redis.git synced 2025-06-14 01:21:30 +03:00
Code Activity

fix: handle network error on SETINFO (#3295) (CVE-2025-29923)

Browse Source 
* fix: handle network error on SETINFO

This fix addresses potential out of order responses as described in `CVE-2025-29923`

* fix: deprecate DisableIndentity and introduce DisableIdentity

Both options will work before V10. In v10 DisableIndentity will be dropped. The preferred flag to use is `DisableIdentity`.
This commit is contained in:
Nedyalko Dyakov
2025-03-19 19:02:36 +02:00
committed by GitHub
parent 74d4f08476
commit d236865b0c
9 changed files with 104 additions and 28 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
osscluster.go
View File

@ -90,8 +90,19 @@ type ClusterOptions struct {
ConnMaxIdleTime time.Duration
ConnMaxLifetime time.Duration
TLSConfig *tls.Config
DisableIndentity bool // Disable set-lib on connect. Default is false.
TLSConfig *tls.Config
// DisableIndentity - Disable set-lib on connect.
//
// default: false
//
// Deprecated: Use DisableIdentity instead.
DisableIndentity bool
// DisableIdentity is used to disable CLIENT SETINFO command on connect.
//
// default: false
DisableIdentity bool
IdentitySuffix string // Add suffix to client name. Default is empty.
@ -303,7 +314,8 @@ func (opt *ClusterOptions) clientOptions() *Options {
MaxActiveConns: opt.MaxActiveConns,
ConnMaxIdleTime: opt.ConnMaxIdleTime,
ConnMaxLifetime: opt.ConnMaxLifetime,
DisableIndentity: opt.DisableIndentity,
DisableIdentity: opt.DisableIdentity,
DisableIndentity: opt.DisableIdentity,
IdentitySuffix: opt.IdentitySuffix,
TLSConfig: opt.TLSConfig,
// If ClusterSlots is populated, then we probably have an artificial