25 lines
933 B
Diff
25 lines
933 B
Diff
From b351d5a3210e61cc3b22ba38a723d6da8f3c298a Mon Sep 17 00:00:00 2001
|
|
From: Oran Agra <oran@redislabs.com>
|
|
Date: Wed, 2 Oct 2024 20:01:14 +0300
|
|
Subject: [PATCH] Fix ACL SETUSER Read/Write key pattern selector
|
|
(CVE-2024-31227)
|
|
|
|
The '%' rule must contain one or both of R/W
|
|
---
|
|
src/acl.c | 2 +-
|
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
|
|
diff --git a/src/acl.c b/src/acl.c
|
|
index 5fd956d2320..af58684e272 100644
|
|
--- a/src/acl.c
|
|
+++ b/src/acl.c
|
|
@@ -1051,7 +1051,7 @@ int ACLSetSelector(aclSelector *selector, const char* op, size_t oplen) {
|
|
flags |= ACL_READ_PERMISSION;
|
|
} else if (toupper(op[offset]) == 'W' && !(flags & ACL_WRITE_PERMISSION)) {
|
|
flags |= ACL_WRITE_PERMISSION;
|
|
- } else if (op[offset] == '~') {
|
|
+ } else if (op[offset] == '~' && flags) {
|
|
offset++;
|
|
break;
|
|
} else {
|