upstream/redis
1
0
Fork 0
mirror of https://github.com/redis/redis.git synced 2026-05-28 04:02:46 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

Initialize c->user before clientSetDefaultAuth to avoid undefined behavior

Browse source 
clientSetUser() reads c->user to pass the old value to
trackingBroadcastPostUserSwitch(). In createClient(), c->user was never
initialized before clientSetDefaultAuth() called clientSetUser(),
resulting in a read of indeterminate memory. While harmless in practice
(trackingBroadcastPostUserSwitch returns early on c->flags == 0), the
read itself is undefined behavior and would be flagged by MSAN/Valgrind.

Initialize c->user to DefaultUser before the call, so the subsequent
clientSetUser(c, DefaultUser) sees old == new and the post-switch hook
is a no-op.
This commit is contained in:
Hristo Staykov 2026-05-26 15:45:56 +03:00
parent 52fed302ca
commit 6790d6efbd
1 changed files with 1 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
src/networking.c
View file

@ -193,6 +193,7 @@ client *createClient(connection *conn) {
c->ctime = c->lastinteraction = server.unixtime;
c->io_lastinteraction = 0;
c->duration = 0;
c->user = DefaultUser; /* Set a safe default value: clientSetDefaultAuth reads c->user. */
clientSetDefaultAuth(c);
c->replstate = REPL_STATE_NONE;
c->repl_start_cmd_stream_on_ack = 0;