From 58e8fee8bc8cfd72ffe6b2527c7c1d3b06e16721 Mon Sep 17 00:00:00 2001
From: roy <yupeng@kylinos.cn>
Date: Tue, 8 Oct 2024 11:42:55 +0800
Subject: [PATCH] Fixed CVE-2024-31449.

---
 CVE-2024-31449.patch | 37 +++++++++++++++++++++++++++++++++++++
 redis.spec           |  7 ++++++-
 2 files changed, 43 insertions(+), 1 deletion(-)
 create mode 100644 CVE-2024-31449.patch

diff --git a/CVE-2024-31449.patch b/CVE-2024-31449.patch
new file mode 100644
index 0000000..0613eeb
--- /dev/null
+++ b/CVE-2024-31449.patch
@@ -0,0 +1,37 @@
+commit 1f7c148be2cbacf7d50aa461c58b871e87cc5ed9
+Author: Oran Agra <oran@redislabs.com>
+Date:   Wed Oct 2 19:54:06 2024 +0300
+
+    Fix lua bit.tohex (CVE-2024-31449)
+    
+    INT_MIN value must be explicitly checked, and cannot be negated.
+
+diff --git a/deps/lua/src/lua_bit.c b/deps/lua/src/lua_bit.c
+index 690df7d3c..a459ca98b 100644
+--- a/deps/lua/src/lua_bit.c
++++ b/deps/lua/src/lua_bit.c
+@@ -131,6 +131,7 @@ static int bit_tohex(lua_State *L)
+   const char *hexdigits = "0123456789abcdef";
+   char buf[8];
+   int i;
++  if (n == INT32_MIN) n = INT32_MIN+1;
+   if (n < 0) { n = -n; hexdigits = "0123456789ABCDEF"; }
+   if (n > 8) n = 8;
+   for (i = (int)n; --i >= 0; ) { buf[i] = hexdigits[b & 15]; b >>= 4; }
+diff --git a/tests/unit/scripting.tcl b/tests/unit/scripting.tcl
+index 2e3a936c4..2381927cd 100644
+--- a/tests/unit/scripting.tcl
++++ b/tests/unit/scripting.tcl
+@@ -528,6 +528,12 @@ start_server {tags {"scripting"}} {
+         set e
+     } {ERR*Attempt to modify a readonly table*}
+ 
++    test {lua bit.tohex bug} {
++        set res [r eval {return bit.tohex(65535, -2147483648)} 0]
++        r ping
++        set res
++    } {0000FFFF}
++
+     test {Test an example script DECR_IF_GT} {
+         set decr_if_gt {
+             local current
diff --git a/redis.spec b/redis.spec
index 592fd61..480ec69 100644
--- a/redis.spec
+++ b/redis.spec
@@ -1,6 +1,6 @@
 Name:           redis
 Version:        4.0.11
-Release:        19
+Release:        20
 Summary:        A persistent key-value database
 License:        BSD and MIT
 URL:            https://redis.io
@@ -25,6 +25,7 @@ Patch0011:      CVE-2021-32672.patch
 Patch0012:      CVE-2022-36021.patch
 Patch0013:      CVE-2023-28856.patch
 Patch0014:      CVE-2022-24834.patch
+Patch0015:      CVE-2024-31449.patch
 
 BuildRequires:     systemd
 Requires:          /bin/awk
@@ -56,6 +57,7 @@ Redis is an advanced key-value store. It is often referred to as a dattructure s
 %patch0012 -p1
 %patch0013 -p1
 %patch0014 -p1
+%patch0015 -p1
 
 sed -i -e 's|^logfile .*$|logfile /var/log/redis/redis.log|g' redis.conf
 sed -i -e '$ alogfile /var/log/redis/sentinel.log' sentinel.conf
@@ -113,6 +115,9 @@ exit 0
 %{_unitdir}/%{name}-sentinel.service
 
 %changelog
+* Tue Oct 08 2024 Yu Peng <yupeng@kylinos.cn> - 4.0.14-7
+- Fix CVE-2024-31449
+
 * Mon Jul 31 2023 wangkai <13474090681@163.com> - 4.0.11-19
 - Fix CVE-2022-24834
 
-- 
Gitee