4 files changed, 138 insertions, 0 deletions
diff --git a/meta-oe/recipes-extended/redis/redis-7.0.13/CVE-2024-31228.patch b/meta-oe/recipes-extended/redis/redis-7.0.13/CVE-2024-31228.patch
new file mode 100644
index 0000000000..deb9033c60
--- /dev/null
+++ b/meta-oe/recipes-extended/redis/redis-7.0.13/CVE-2024-31228.patch
@@ -0,0 +1,68 @@
+From 9317bf64659b33166a943ec03d5d9b954e86afb0 Mon Sep 17 00:00:00 2001
+From: Oran Agra <oran@redislabs.com>
+Date: Wed, 2 Oct 2024 20:11:01 +0300
+Subject: [PATCH] Prevent pattern matching abuse (CVE-2024-31228)
+CVE: CVE-2024-31228
+Upstream-Status: Backport[https://github.com/redis/redis/commit/9317bf64659b33166a943ec03d5d9b954e86afb0]
+Signed-off-by: Divya Chellam <divya.chellam@windriver.com>
+---
+ src/util.c              | 9 ++++++---
+ tests/unit/keyspace.tcl | 6 ++++++
+ 2 files changed, 12 insertions(+), 3 deletions(-)
+diff --git a/src/util.c b/src/util.c
+index 8ce2c5f..3a4c9b0 100644
+--- a/src/util.c
+++ b/src/util.c
+@@ -51,8 +51,11 @@
+ 
+ /* Glob-style pattern matching. */
+ static int stringmatchlen_impl(const char *pattern, int patternLen,
+-        const char *string, int stringLen, int nocase, int *skipLongerMatches)
+        const char *string, int stringLen, int nocase, int *skipLongerMatches, int nesting)
+ {
+    /* Protection against abusive patterns. */
+    if (nesting > 1000) return 0;
+
+     while(patternLen && stringLen) {
+         switch(pattern[0]) {
+         case '*':
+@@ -64,7 +67,7 @@ static int stringmatchlen_impl(const char *pattern, int patternLen,
+                 return 1; /* match */
+             while(stringLen) {
+                 if (stringmatchlen_impl(pattern+1, patternLen-1,
+-                            string, stringLen, nocase, skipLongerMatches))
+                            string, stringLen, nocase, skipLongerMatches, nesting+1))
+                     return 1; /* match */
+                 if (*skipLongerMatches)
+                     return 0; /* no match */
+@@ -186,7 +189,7 @@ static int stringmatchlen_impl(const char *pattern, int patternLen,
+ int stringmatchlen(const char *pattern, int patternLen,
+         const char *string, int stringLen, int nocase) {
+     int skipLongerMatches = 0;
+-    return stringmatchlen_impl(pattern,patternLen,string,stringLen,nocase,&skipLongerMatches);
+    return stringmatchlen_impl(pattern,patternLen,string,stringLen,nocase,&skipLongerMatches,0);
+ }
+ 
+ int stringmatch(const char *pattern, const char *string, int nocase) {
+diff --git a/tests/unit/keyspace.tcl b/tests/unit/keyspace.tcl
+index 437f71f..988389f 100644
+--- a/tests/unit/keyspace.tcl
+++ b/tests/unit/keyspace.tcl
+@@ -495,4 +495,10 @@ start_server {tags {"keyspace"}} {
+         r SET aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa 1
+         r KEYS "a*a*a*a*a*a*a*a*a*a*a*a*a*a*a*a*a*a*a*a*b"
+     } {}
+
+    test {Regression for pattern matching very long nested loops} {
+        r flushdb
+        r SET [string repeat "a" 50000] 1
+        r KEYS [string repeat "*?" 50000]
+    } {}
+ }
+-- 
+2.40.0
diff --git a/meta-oe/recipes-extended/redis/redis/CVE-2024-31228.patch b/meta-oe/recipes-extended/redis/redis/CVE-2024-31228.patch
new file mode 100644
index 0000000000..d86e6c9e72
--- /dev/null
+++ b/meta-oe/recipes-extended/redis/redis/CVE-2024-31228.patch
@@ -0,0 +1,68 @@
+From 9317bf64659b33166a943ec03d5d9b954e86afb0 Mon Sep 17 00:00:00 2001
+From: Oran Agra <oran@redislabs.com>
+Date: Wed, 2 Oct 2024 20:11:01 +0300
+Subject: [PATCH] Prevent pattern matching abuse (CVE-2024-31228)
+CVE: CVE-2024-31228
+Upstream-Status: Backport[https://github.com/redis/redis/commit/9317bf64659b33166a943ec03d5d9b954e86afb0]
+Signed-off-by: Divya Chellam <divya.chellam@windriver.com>
+---
+ src/util.c              | 9 ++++++---
+ tests/unit/keyspace.tcl | 6 ++++++
+ 2 files changed, 12 insertions(+), 3 deletions(-)
+diff --git a/src/util.c b/src/util.c
+index e122a26..5763a2b 100644
+--- a/src/util.c
+++ b/src/util.c
+@@ -46,8 +46,11 @@
+ 
+ /* Glob-style pattern matching. */
+ static int stringmatchlen_impl(const char *pattern, int patternLen,
+-        const char *string, int stringLen, int nocase, int *skipLongerMatches)
+        const char *string, int stringLen, int nocase, int *skipLongerMatches, int nesting)
+ {
+    /* Protection against abusive patterns. */
+    if (nesting > 1000) return 0;
+
+     while(patternLen && stringLen) {
+         switch(pattern[0]) {
+         case '*':
+@@ -59,7 +62,7 @@ static int stringmatchlen_impl(const char *pattern, int patternLen,
+                 return 1; /* match */
+             while(stringLen) {
+                 if (stringmatchlen_impl(pattern+1, patternLen-1,
+-                            string, stringLen, nocase, skipLongerMatches))
+                            string, stringLen, nocase, skipLongerMatches, nesting+1))
+                     return 1; /* match */
+                 if (*skipLongerMatches)
+                     return 0; /* no match */
+@@ -181,7 +184,7 @@ static int stringmatchlen_impl(const char *pattern, int patternLen,
+ int stringmatchlen(const char *pattern, int patternLen,
+         const char *string, int stringLen, int nocase) {
+     int skipLongerMatches = 0;
+-    return stringmatchlen_impl(pattern,patternLen,string,stringLen,nocase,&skipLongerMatches);
+    return stringmatchlen_impl(pattern,patternLen,string,stringLen,nocase,&skipLongerMatches,0);
+ }
+ 
+ int stringmatch(const char *pattern, const char *string, int nocase) {
+diff --git a/tests/unit/keyspace.tcl b/tests/unit/keyspace.tcl
+index 92029a7..70bc252 100644
+--- a/tests/unit/keyspace.tcl
+++ b/tests/unit/keyspace.tcl
+@@ -485,4 +485,10 @@ start_server {tags {"keyspace"}} {
+         r SET aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa 1
+         r KEYS "a*a*a*a*a*a*a*a*a*a*a*a*a*a*a*a*a*a*a*a*b"
+     } {}
+
+    test {Regression for pattern matching very long nested loops} {
+        r flushdb
+        r SET [string repeat "a" 50000] 1
+        r KEYS [string repeat "*?" 50000]
+    } {}
+ }
+-- 
+2.40.0
diff --git a/meta-oe/recipes-extended/redis/redis_6.2.12.bb b/meta-oe/recipes-extended/redis/redis_6.2.12.bb
index 52dcffedb8..bea98100a7 100644
--- a/meta-oe/recipes-extended/redis/redis_6.2.12.bb
+++ b/meta-oe/recipes-extended/redis/redis_6.2.12.bb
@@ -17,6 +17,7 @@ SRC_URI = "http://download.redis.io/releases/${BP}.tar.gz \
           file://GNU_SOURCE.patch \
           file://0006-Define-correct-gregs-for-RISCV32.patch \
           file://CVE-2023-45145.patch \
+           file://CVE-2024-31228.patch \
           "
 SRC_URI[sha256sum] = "75352eef41e97e84bfa94292cbac79e5add5345fc79787df5cbdff703353fb1b"
diff --git a/meta-oe/recipes-extended/redis/redis_7.0.13.bb b/meta-oe/recipes-extended/redis/redis_7.0.13.bb
index 6a2a7ce966..249f002a1b 100644
--- a/meta-oe/recipes-extended/redis/redis_7.0.13.bb
+++ b/meta-oe/recipes-extended/redis/redis_7.0.13.bb
@@ -19,6 +19,7 @@ SRC_URI = "http://download.redis.io/releases/${BP}.tar.gz \
           file://CVE-2023-41056.patch \
           file://CVE-2023-45145.patch \
           file://CVE-2024-31227.patch \
+           file://CVE-2024-31228.patch \
           "
 SRC_URI[sha256sum] = "97065774d5fb8388eb0d8913458decfcb167d356e40d31dd01cd30c1cc391673"

diff --git a/meta-oe/recipes-extended/redis/redis-7.0.13/CVE-2024-31228.patch b/meta-oe/recipes-extended/redis/redis-7.0.13/CVE-2024-31228.patch new file mode 100644 index 0000000000..deb9033c60 --- /dev/null +++ b/meta-oe/recipes-extended/redis/redis-7.0.13/CVE-2024-31228.patch
@@ -0,0 +1,68 @@
		1	From 9317bf64659b33166a943ec03d5d9b954e86afb0 Mon Sep 17 00:00:00 2001
		2	From: Oran Agra <oran@redislabs.com>
		3	Date: Wed, 2 Oct 2024 20:11:01 +0300
		4	Subject: [PATCH] Prevent pattern matching abuse (CVE-2024-31228)
		5
		6	CVE: CVE-2024-31228
		7
		8	Upstream-Status: Backport[https://github.com/redis/redis/commit/9317bf64659b33166a943ec03d5d9b954e86afb0]
		9
		10	Signed-off-by: Divya Chellam <divya.chellam@windriver.com>
		11	---
		12	src/util.c \| 9 ++++++---
		13	tests/unit/keyspace.tcl \| 6 ++++++
		14	2 files changed, 12 insertions(+), 3 deletions(-)
		15
		16	diff --git a/src/util.c b/src/util.c
		17	index 8ce2c5f..3a4c9b0 100644
		18	--- a/src/util.c
		19	+++ b/src/util.c
		20	@@ -51,8 +51,11 @@
		21
		22	/* Glob-style pattern matching. */
		23	static int stringmatchlen_impl(const char *pattern, int patternLen,
		24	- const char string, int stringLen, int nocase, int skipLongerMatches)
		25	+ const char string, int stringLen, int nocase, int skipLongerMatches, int nesting)
		26	{
		27	+ /* Protection against abusive patterns. */
		28	+ if (nesting > 1000) return 0;
		29	+
		30	while(patternLen && stringLen) {
		31	switch(pattern[0]) {
		32	case '*':
		33	@@ -64,7 +67,7 @@ static int stringmatchlen_impl(const char *pattern, int patternLen,
		34	return 1; /* match */
		35	while(stringLen) {
		36	if (stringmatchlen_impl(pattern+1, patternLen-1,
		37	- string, stringLen, nocase, skipLongerMatches))
		38	+ string, stringLen, nocase, skipLongerMatches, nesting+1))
		39	return 1; /* match */
		40	if (*skipLongerMatches)
		41	return 0; /* no match */
		42	@@ -186,7 +189,7 @@ static int stringmatchlen_impl(const char *pattern, int patternLen,
		43	int stringmatchlen(const char *pattern, int patternLen,
		44	const char *string, int stringLen, int nocase) {
		45	int skipLongerMatches = 0;
		46	- return stringmatchlen_impl(pattern,patternLen,string,stringLen,nocase,&skipLongerMatches);
		47	+ return stringmatchlen_impl(pattern,patternLen,string,stringLen,nocase,&skipLongerMatches,0);
		48	}
		49
		50	int stringmatch(const char pattern, const char string, int nocase) {
		51	diff --git a/tests/unit/keyspace.tcl b/tests/unit/keyspace.tcl
		52	index 437f71f..988389f 100644
		53	--- a/tests/unit/keyspace.tcl
		54	+++ b/tests/unit/keyspace.tcl
		55	@@ -495,4 +495,10 @@ start_server {tags {"keyspace"}} {
		56	r SET aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa 1
		57	r KEYS "aaaaaaaaaaaaaaaaaaaab"
		58	} {}
		59	+
		60	+ test {Regression for pattern matching very long nested loops} {
		61	+ r flushdb
		62	+ r SET [string repeat "a" 50000] 1
		63	+ r KEYS [string repeat "*?" 50000]
		64	+ } {}
		65	}
		66	--
		67	2.40.0
		68


diff --git a/meta-oe/recipes-extended/redis/redis/CVE-2024-31228.patch b/meta-oe/recipes-extended/redis/redis/CVE-2024-31228.patch new file mode 100644 index 0000000000..d86e6c9e72 --- /dev/null +++ b/meta-oe/recipes-extended/redis/redis/CVE-2024-31228.patch
@@ -0,0 +1,68 @@
		1	From 9317bf64659b33166a943ec03d5d9b954e86afb0 Mon Sep 17 00:00:00 2001
		2	From: Oran Agra <oran@redislabs.com>
		3	Date: Wed, 2 Oct 2024 20:11:01 +0300
		4	Subject: [PATCH] Prevent pattern matching abuse (CVE-2024-31228)
		5
		6	CVE: CVE-2024-31228
		7
		8	Upstream-Status: Backport[https://github.com/redis/redis/commit/9317bf64659b33166a943ec03d5d9b954e86afb0]
		9
		10	Signed-off-by: Divya Chellam <divya.chellam@windriver.com>
		11	---
		12	src/util.c \| 9 ++++++---
		13	tests/unit/keyspace.tcl \| 6 ++++++
		14	2 files changed, 12 insertions(+), 3 deletions(-)
		15
		16	diff --git a/src/util.c b/src/util.c
		17	index e122a26..5763a2b 100644
		18	--- a/src/util.c
		19	+++ b/src/util.c
		20	@@ -46,8 +46,11 @@
		21
		22	/* Glob-style pattern matching. */
		23	static int stringmatchlen_impl(const char *pattern, int patternLen,
		24	- const char string, int stringLen, int nocase, int skipLongerMatches)
		25	+ const char string, int stringLen, int nocase, int skipLongerMatches, int nesting)
		26	{
		27	+ /* Protection against abusive patterns. */
		28	+ if (nesting > 1000) return 0;
		29	+
		30	while(patternLen && stringLen) {
		31	switch(pattern[0]) {
		32	case '*':
		33	@@ -59,7 +62,7 @@ static int stringmatchlen_impl(const char *pattern, int patternLen,
		34	return 1; /* match */
		35	while(stringLen) {
		36	if (stringmatchlen_impl(pattern+1, patternLen-1,
		37	- string, stringLen, nocase, skipLongerMatches))
		38	+ string, stringLen, nocase, skipLongerMatches, nesting+1))
		39	return 1; /* match */
		40	if (*skipLongerMatches)
		41	return 0; /* no match */
		42	@@ -181,7 +184,7 @@ static int stringmatchlen_impl(const char *pattern, int patternLen,
		43	int stringmatchlen(const char *pattern, int patternLen,
		44	const char *string, int stringLen, int nocase) {
		45	int skipLongerMatches = 0;
		46	- return stringmatchlen_impl(pattern,patternLen,string,stringLen,nocase,&skipLongerMatches);
		47	+ return stringmatchlen_impl(pattern,patternLen,string,stringLen,nocase,&skipLongerMatches,0);
		48	}
		49
		50	int stringmatch(const char pattern, const char string, int nocase) {
		51	diff --git a/tests/unit/keyspace.tcl b/tests/unit/keyspace.tcl
		52	index 92029a7..70bc252 100644
		53	--- a/tests/unit/keyspace.tcl
		54	+++ b/tests/unit/keyspace.tcl
		55	@@ -485,4 +485,10 @@ start_server {tags {"keyspace"}} {
		56	r SET aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa 1
		57	r KEYS "aaaaaaaaaaaaaaaaaaaab"
		58	} {}
		59	+
		60	+ test {Regression for pattern matching very long nested loops} {
		61	+ r flushdb
		62	+ r SET [string repeat "a" 50000] 1
		63	+ r KEYS [string repeat "*?" 50000]
		64	+ } {}
		65	}
		66	--
		67	2.40.0
		68


diff --git a/meta-oe/recipes-extended/redis/redis_6.2.12.bb b/meta-oe/recipes-extended/redis/redis_6.2.12.bb index 52dcffedb8..bea98100a7 100644 --- a/meta-oe/recipes-extended/redis/redis_6.2.12.bb +++ b/meta-oe/recipes-extended/redis/redis_6.2.12.bb
@@ -17,6 +17,7 @@ SRC_URI = "http://download.redis.io/releases/${BP}.tar.gz \
17	file://GNU_SOURCE.patch \	17	file://GNU_SOURCE.patch \
18	file://0006-Define-correct-gregs-for-RISCV32.patch \	18	file://0006-Define-correct-gregs-for-RISCV32.patch \
19	file://CVE-2023-45145.patch \	19	file://CVE-2023-45145.patch \
		20	file://CVE-2024-31228.patch \
20	"	21	"
21	SRC_URI[sha256sum] = "75352eef41e97e84bfa94292cbac79e5add5345fc79787df5cbdff703353fb1b"	22	SRC_URI[sha256sum] = "75352eef41e97e84bfa94292cbac79e5add5345fc79787df5cbdff703353fb1b"
22		23


diff --git a/meta-oe/recipes-extended/redis/redis_7.0.13.bb b/meta-oe/recipes-extended/redis/redis_7.0.13.bb index 6a2a7ce966..249f002a1b 100644 --- a/meta-oe/recipes-extended/redis/redis_7.0.13.bb +++ b/meta-oe/recipes-extended/redis/redis_7.0.13.bb
@@ -19,6 +19,7 @@ SRC_URI = "http://download.redis.io/releases/${BP}.tar.gz \
19	file://CVE-2023-41056.patch \	19	file://CVE-2023-41056.patch \
20	file://CVE-2023-45145.patch \	20	file://CVE-2023-45145.patch \
21	file://CVE-2024-31227.patch \	21	file://CVE-2024-31227.patch \
		22	file://CVE-2024-31228.patch \
22	"	23	"
23	SRC_URI[sha256sum] = "97065774d5fb8388eb0d8913458decfcb167d356e40d31dd01cd30c1cc391673"	24	SRC_URI[sha256sum] = "97065774d5fb8388eb0d8913458decfcb167d356e40d31dd01cd30c1cc391673"
24		25