8000 Before unserializing a Redis value with igbinary, check if it actuall… · jrtkcoder/phpredis@3266b22 · GitHub
[go: up one dir, main page]
Skip to content

Commit 3266b22

Browse files
mcuelenaeremcuelenaere
committed
Before unserializing a Redis value with igbinary, check if it actually contains the correct header
1 parent 17b1f42 commit 3266b22

File tree

1 file changed

+21
-0
lines changed

1 file changed

+21
-0
lines changed

library.c

Lines changed: 21 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -2156,6 +2156,27 @@ redis_unserialize(RedisSock* redis_sock, const char *val, int val_len,
21562156

21572157
case REDIS_SERIALIZER_IGBINARY:
21582158
#ifdef HAVE_REDIS_IGBINARY
2159+
/*
2160+
* Check if the given string starts with an igbinary header.
2161+
*
2162+
* An igbinary string consists of the following format:
2163+
*
2164+
* +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-
2165+
* | header (4) | type (1) | ... (n) | NUL (1) |
2166+
* +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-
2167+
*
2168+
* With header being either 0x00000001 or 0x00000002
2169+
* (encoded as big endian).
2170+
*/
2171+
if (val_len < 6
2172+
|| (memcmp(val, "\x00\x00\x00\x01", 4) != 0
2173+
&& memcmp(val, "\x00\x00\x00\x02", 4) != 0))
2174+
{
2175+
/* This is most definitely not an igbinary string, so do
2176+
not try to unserialize this as one. */
2177+
return 0;
2178+
}
2179+
21592180
if(!*return_value) {
21602181
MAKE_STD_ZVAL(*return_value);
21612182
rv_free = 1;

0 commit comments

Comments
 (0)
0