fix: handle network error on SETINFO (#3295) (CVE-2025-29923)

* fix: handle network error on SETINFO This fix addresses potential out of order responses as described in `CVE-2025-29923` * fix: deprecate DisableIndentity and introduce DisableIdentity Both options will work before V10. In v10 DisableIndentity will be dropped. The preferred flag to use is `DisableIdentity`.
2025-04-16 09:23:06 +03:00 · 2025-03-19 19:02:36 +02:00 · 2025-03-19 19:02:36 +02:00 · d236865b0c
commit d236865b0c
parent 74d4f08476
9 changed files with 104 additions and 28 deletions
--- a/README.md
+++ b/README.md
@ -178,16 +178,18 @@ By default, go-redis automatically sends the client library name and version dur

 #### Disabling Identity Verification

-When connection identity verification is not required or needs to be explicitly disabled, a `DisableIndentity` configuration option exists. In V10 of this library, `DisableIndentity` will become `DisableIdentity` in order to fix the associated typo.
+When connection identity verification is not required or needs to be explicitly disabled, a `DisableIdentity` configuration option exists.
+Initially there was a typo and the option was named `DisableIndentity` instead of `DisableIdentity`. The misspelled option is marked as Deprecated and will be removed in V10 of this library.
+Although both options will work at the moment, the correct option is `DisableIdentity`. The deprecated option will be removed in V10 of this library, so please use the correct option name to avoid any issues.

-To disable verification, set the `DisableIndentity` option to `true` in the Redis client options:
+To disable verification, set the `DisableIdentity` option to `true` in the Redis client options:

 ```go
 rdb := redis.NewClient(&redis.Options{
    Addr:            "localhost:6379",
    Password:        "",
    DB:              0,
-    DisableIndentity: true, // Disable set-info on connect
+    DisableIdentity: true, // Disable set-info on connect
 })
 ```

--- a/bench_decode_test.go
+++ b/bench_decode_test.go
@ -30,7 +30,7 @@ func NewClientStub(resp []byte) *ClientStub {
 		Dialer: func(ctx context.Context, network, addr string) (net.Conn, error) {
 			return stub.stubConn(initHello), nil
 		},
-		DisableIndentity: true,
+		DisableIdentity: true,
 	})
 	return stub
 }
@ -46,7 +46,7 @@ func NewClusterClientStub(resp []byte) *ClientStub {
 		Dialer: func(ctx context.Context, network, addr string) (net.Conn, error) {
 			return stub.stubConn(initHello), nil
 		},
-		DisableIndentity: true,
+		DisableIdentity: true,

 		ClusterSlots: func(_ context.Context) ([]ClusterSlot, error) {
 			return []ClusterSlot{
--- a/options.go
+++ b/options.go
@ -148,9 +148,18 @@ type Options struct {
 	// Enables read only queries on slave/follower nodes.
 	readOnly bool

-	// Disable set-lib on connect. Default is false.
+	// DisableIndentity - Disable set-lib on connect.
+	//
+	// default: false
+	//
+	// Deprecated: Use DisableIdentity instead.
 	DisableIndentity bool

+	// DisableIdentity is used to disable CLIENT SETINFO command on connect.
+	//
+	// default: false
+	DisableIdentity bool
+
 	// Add suffix to client name. Default is empty.
 	IdentitySuffix string

--- a/osscluster.go
+++ b/osscluster.go
@ -90,8 +90,19 @@ type ClusterOptions struct {
 	ConnMaxIdleTime time.Duration
 	ConnMaxLifetime time.Duration

-	TLSConfig        *tls.Config
-	DisableIndentity bool // Disable set-lib on connect. Default is false.
+	TLSConfig *tls.Config
+
+	// DisableIndentity - Disable set-lib on connect.
+	//
+	// default: false
+	//
+	// Deprecated: Use DisableIdentity instead.
+	DisableIndentity bool
+
+	// DisableIdentity is used to disable CLIENT SETINFO command on connect.
+	//
+	// default: false
+	DisableIdentity bool

 	IdentitySuffix string // Add suffix to client name. Default is empty.

@ -303,7 +314,8 @@ func (opt *ClusterOptions) clientOptions() *Options {
 		MaxActiveConns:   opt.MaxActiveConns,
 		ConnMaxIdleTime:  opt.ConnMaxIdleTime,
 		ConnMaxLifetime:  opt.ConnMaxLifetime,
-		DisableIndentity: opt.DisableIndentity,
+		DisableIdentity:  opt.DisableIdentity,
+		DisableIndentity: opt.DisableIdentity,
 		IdentitySuffix:   opt.IdentitySuffix,
 		TLSConfig:        opt.TLSConfig,
 		// If ClusterSlots is populated, then we probably have an artificial
--- a/redis.go
+++ b/redis.go
@ -350,7 +350,7 @@ func (c *baseClient) initConn(ctx context.Context, cn *pool.Conn) error {
 		return err
 	}

-	if !c.opt.DisableIndentity {
+	if !c.opt.DisableIdentity && !c.opt.DisableIndentity {
 		libName := ""
 		libVer := Version()
 		if c.opt.IdentitySuffix != "" {
@ -359,7 +359,11 @@ func (c *baseClient) initConn(ctx context.Context, cn *pool.Conn) error {
 		p := conn.Pipeline()
 		p.ClientSetInfo(ctx, WithLibraryName(libName))
 		p.ClientSetInfo(ctx, WithLibraryVersion(libVer))
-		_, _ = p.Exec(ctx)
+		// Handle network errors (e.g. timeouts) in CLIENT SETINFO to avoid
+		// out of order responses later on.
+		if _, err = p.Exec(ctx); err != nil && !isRedisError(err) {
+			return err
+		}
 	}

 	if c.opt.OnConnect != nil {
--- a/redis_test.go
+++ b/redis_test.go
@ -396,6 +396,13 @@ var _ = Describe("Client timeout", func() {
 	})

 	testTimeout := func() {
+		It("SETINFO timeouts", func() {
+			conn := client.Conn()
+			err := conn.Ping(ctx).Err()
+			Expect(err).To(HaveOccurred())
+			Expect(err.(net.Error).Timeout()).To(BeTrue())
+		})
+
 		It("Ping timeouts", func() {
 			err := client.Ping(ctx).Err()
 			Expect(err).To(HaveOccurred())
--- a/ring.go
+++ b/ring.go
@ -98,9 +98,19 @@ type RingOptions struct {
 	TLSConfig *tls.Config
 	Limiter   Limiter

+	// DisableIndentity - Disable set-lib on connect.
+	//
+	// default: false
+	//
+	// Deprecated: Use DisableIdentity instead.
 	DisableIndentity bool
-	IdentitySuffix   string
-	UnstableResp3    bool
+
+	// DisableIdentity is used to disable CLIENT SETINFO command on connect.
+	//
+	// default: false
+	DisableIdentity bool
+	IdentitySuffix  string
+	UnstableResp3   bool
 }

 func (opt *RingOptions) init() {
@ -167,9 +177,11 @@ func (opt *RingOptions) clientOptions() *Options {
 		TLSConfig: opt.TLSConfig,
 		Limiter:   opt.Limiter,

+		DisableIdentity:  opt.DisableIdentity,
 		DisableIndentity: opt.DisableIndentity,
-		IdentitySuffix:   opt.IdentitySuffix,
-		UnstableResp3:    opt.UnstableResp3,
+
+		IdentitySuffix: opt.IdentitySuffix,
+		UnstableResp3:  opt.UnstableResp3,
 	}
 }

--- a/sentinel.go
+++ b/sentinel.go
@ -80,9 +80,20 @@ type FailoverOptions struct {

 	TLSConfig *tls.Config

+	// DisableIndentity - Disable set-lib on connect.
+	//
+	// default: false
+	//
+	// Deprecated: Use DisableIdentity instead.
 	DisableIndentity bool
-	IdentitySuffix   string
-	UnstableResp3    bool
+
+	// DisableIdentity is used to disable CLIENT SETINFO command on connect.
+	//
+	// default: false
+	DisableIdentity bool
+
+	IdentitySuffix string
+	UnstableResp3  bool
 }

 func (opt *FailoverOptions) clientOptions() *Options {
@ -118,9 +129,11 @@ func (opt *FailoverOptions) clientOptions() *Options {

 		TLSConfig: opt.TLSConfig,

+		DisableIdentity:  opt.DisableIdentity,
 		DisableIndentity: opt.DisableIndentity,
-		IdentitySuffix:   opt.IdentitySuffix,
-		UnstableResp3:    opt.UnstableResp3,
+
+		IdentitySuffix: opt.IdentitySuffix,
+		UnstableResp3:  opt.UnstableResp3,
 	}
 }

@ -156,9 +169,11 @@ func (opt *FailoverOptions) sentinelOptions(addr string) *Options {

 		TLSConfig: opt.TLSConfig,

+		DisableIdentity:  opt.DisableIdentity,
 		DisableIndentity: opt.DisableIndentity,
-		IdentitySuffix:   opt.IdentitySuffix,
-		UnstableResp3:    opt.UnstableResp3,
+
+		IdentitySuffix: opt.IdentitySuffix,
+		UnstableResp3:  opt.UnstableResp3,
 	}
 }

@ -197,8 +212,10 @@ func (opt *FailoverOptions) clusterOptions() *ClusterOptions {

 		TLSConfig: opt.TLSConfig,

+		DisableIdentity:  opt.DisableIdentity,
 		DisableIndentity: opt.DisableIndentity,
-		IdentitySuffix:   opt.IdentitySuffix,
+
+		IdentitySuffix: opt.IdentitySuffix,
 	}
 }

--- a/universal.go
+++ b/universal.go
@ -61,14 +61,24 @@ type UniversalOptions struct {
 	RouteByLatency bool
 	RouteRandomly  bool

-	// The sentinel master name.
-	// Only failover clients.
-
+	// MasterName is the sentinel master name.
+	// Only for failover clients.
 	MasterName string

+	// DisableIndentity - Disable set-lib on connect.
+	//
+	// default: false
+	//
+	// Deprecated: Use DisableIdentity instead.
 	DisableIndentity bool
-	IdentitySuffix   string
-	UnstableResp3    bool
+
+	// DisableIdentity is used to disable CLIENT SETINFO command on connect.
+	//
+	// default: false
+	DisableIdentity bool
+
+	IdentitySuffix string
+	UnstableResp3  bool

 	// IsClusterMode can be used when only one Addrs is provided (e.g. Elasticache supports setting up cluster mode with configuration endpoint).
 	IsClusterMode bool
@ -116,6 +126,7 @@ func (o *UniversalOptions) Cluster() *ClusterOptions {

 		TLSConfig: o.TLSConfig,

+		DisableIdentity:  o.DisableIdentity,
 		DisableIndentity: o.DisableIndentity,
 		IdentitySuffix:   o.IdentitySuffix,
 		UnstableResp3:    o.UnstableResp3,
@ -163,8 +174,9 @@ func (o *UniversalOptions) Failover() *FailoverOptions {

 		TLSConfig: o.TLSConfig,

-		ReplicaOnly:     o.ReadOnly,
+		ReplicaOnly: o.ReadOnly,

+		DisableIdentity:  o.DisableIdentity,
 		DisableIndentity: o.DisableIndentity,
 		IdentitySuffix:   o.IdentitySuffix,
 		UnstableResp3:    o.UnstableResp3,
@ -209,6 +221,7 @@ func (o *UniversalOptions) Simple() *Options {

 		TLSConfig: o.TLSConfig,

+		DisableIdentity:  o.DisableIdentity,
 		DisableIndentity: o.DisableIndentity,
 		IdentitySuffix:   o.IdentitySuffix,
 		UnstableResp3:    o.UnstableResp3,