Don't allow empty spaces in ACL key patterns.

Fixes issue #6418.

Don't allow empty spaces in ACL key patterns.
Fixes issue #6418.
b86140ac · antirez · a7ee3c3e · b86140ac
隐藏空白更改
内联并排

Showing with 12 addition and 1 deletion

src/acl.c src/acl.c +12 -1

未找到文件。
--- a/src/acl.c
+++ b/src/acl.c
@@ -30,6 +30,7 @@
 #include "server.h"
 #include "sha256.h"
 #include <fcntl.h>
+#include <ctype.h>

 /* =============================================================================
 * Global state for ACLs
@@ -690,7 +691,8 @@ void ACLAddAllowedSubcommand(user *u, unsigned long id, const char *sub) {
 *
 * When an error is returned, errno is set to the following values:
 *
- * EINVAL: The specified opcode is not understood.
+ * EINVAL: The specified opcode is not understood or the key pattern is
+ *         invalid (contains non allowed characters).
 * ENOENT: The command name or command category provided with + or - is not
 *         known.
 * EBUSY:  The subcommand you want to add is about a command that is currently
@@ -789,6 +791,15 @@ int ACLSetUser(user *u, const char *op, ssize_t oplen) {
            errno = EEXIST;
            return C_ERR;
        }
+        /* Validate the pattern: no spaces nor null characters
+         * are allowed, for simpler rewriting of the ACLs without
+         * using quoting. */
+        for (int i = 1; i < oplen; i++) {
+            if (isspace(op[i]) || op[i] == 0) {
+                errno = EINVAL;
+                return C_ERR;
+            }
+        }
        sds newpat = sdsnewlen(op+1,oplen-1);
        listNode *ln = listSearchKey(u->patterns,newpat);
        /* Avoid re-adding the same pattern multiple times. */