[OpenSIPS-Devel] [OpenSIPS/opensips] e0ead4: cachedb_redis: fix safety issues in cluster redire...

Liviu Chircu noreply at github.com
Wed Apr 22 12:07:27 UTC 2026 

  Branch: refs/heads/master
  Home:   https://github.com/OpenSIPS/opensips
  Commit: e0ead4f57b4468c9d453622d8245d0166d27c74d
      https://github.com/OpenSIPS/opensips/commit/e0ead4f57b4468c9d453622d8245d0166d27c74d
  Author: Debian <gator at opensips-1.goes.com>
  Date:   2026-03-30 (Mon, 30 Mar 2026)

  Changed paths:
    M modules/cachedb_redis/cachedb_redis_dbase.c
    M modules/cachedb_redis/cachedb_redis_utils.c

  Log Message:
  -----------
  cachedb_redis: fix safety issues in cluster redirect parsing

Fix several correctness and safety issues in parse_moved_reply()
and the MOVED redirect handler:

- Add slot value overflow protection: return ERR_INVALID_SLOT
  when parsed slot exceeds 16383 during digit accumulation,
  preventing signed integer overflow on malformed MOVED replies.

- Add port value overflow protection: return ERR_INVALID_PORT
  when parsed port exceeds 65535 during digit accumulation,
  complementing the existing post-loop range check and preventing
  signed integer overflow on malformed input.

- Fix undefined behavior in the no-colon endpoint fallback path:
  replace comparison of potentially-NULL out->endpoint.s against
  end pointer with (p < end), which achieves the same logic using
  the scan position variable that is always valid.

- Replace pkg_malloc heap allocation of redis_moved struct with
  stack allocation in the MOVED handler. The struct is small
  (~24 bytes) and never outlives the enclosing scope, making heap
  allocation unnecessary. This eliminates the OOM error path and
  two pkg_free() calls.


  Commit: 6ff699d26b93beca83c7c693015e30a049c1afbc
      https://github.com/OpenSIPS/opensips/commit/6ff699d26b93beca83c7c693015e30a049c1afbc
  Author: Liviu Chircu <liviu at opensips.org>
  Date:   2026-04-22 (Wed, 22 Apr 2026)

  Changed paths:
    M modules/cachedb_redis/cachedb_redis_dbase.c
    M modules/cachedb_redis/cachedb_redis_utils.c

  Log Message:
  -----------
  Merge branch 'mr/fix-redis-cluster-safety' of github.com:NormB/opensips into NormB-mr/fix-redis-cluster-safety


Compare: https://github.com/OpenSIPS/opensips/compare/1444c40a7d15...6ff699d26b93

To unsubscribe from these emails, change your notification settings at https://github.com/OpenSIPS/opensips/settings/notifications

More information about the Devel mailing list