security: slot range bound checks

rueian · rueian · commit 4adf99a37d13 · 2024-12-15T18:08:06.000+08:00
Signed-off-by: Rueian &lt;rueiancsie@gmail.com&gt;
diff --git a/cluster.go b/cluster.go
@@ -249,7 +249,7 @@ func (c *clusterClient) _refresh() (err error) {
 		case c.opt.ReplicaOnly && len(g.nodes) > 1:
 			nodesCount := len(g.nodes)
 			for _, slot := range g.slots {
-				for i := slot[0]; i <= slot[1]; i++ {
+				for i := slot[0]; i <= slot[1] && i >= 0 && i < 16384; i++ {
 					pslots[i] = conns[g.nodes[1+util.FastRand(nodesCount-1)].Addr].conn
 				}
 			}
@@ -260,9 +260,8 @@ func (c *clusterClient) _refresh() (err error) {
 			if len(g.nodes) > 1 {
 				n := len(g.nodes) - 1
 				for _, slot := range g.slots {
-					for i := slot[0]; i <= slot[1]; i++ {
+					for i := slot[0]; i <= slot[1] && i >= 0 && i < 16384; i++ {
 						pslots[i] = conns[master].conn
-
 						rIndex := c.opt.ReplicaSelector(uint16(i), g.nodes[1:])
 						if rIndex >= 0 && rIndex < n {
 							rslots[i] = conns[g.nodes[1+rIndex].Addr].conn
@@ -273,15 +272,15 @@ func (c *clusterClient) _refresh() (err error) {
 				}
 			} else {
 				for _, slot := range g.slots {
-					for i := slot[0]; i <= slot[1]; i++ {
+					for i := slot[0]; i <= slot[1] && i >= 0 && i < 16384; i++ {
 						pslots[i] = conns[master].conn
 						rslots[i] = conns[master].conn
 					}
 				}
 			}
 		default:
 			for _, slot := range g.slots {
-				for i := slot[0]; i <= slot[1]; i++ {
+				for i := slot[0]; i <= slot[1] && i >= 0 && i < 16384; i++ {
 					pslots[i] = conns[master].conn
 				}
 			}

Original file line number	Diff line number	Diff line change
`@@ -249,7 +249,7 @@ func (c *clusterClient) _refresh() (err error) {`
`249`	`249`	`case c.opt.ReplicaOnly && len(g.nodes) > 1:`
`250`	`250`	`nodesCount := len(g.nodes)`
`251`	`251`	`for _, slot := range g.slots {`
`252`		`- for i := slot[0]; i <= slot[1]; i++ {`
	`252`	`+ for i := slot[0]; i <= slot[1] && i >= 0 && i < 16384; i++ {`
`253`	`253`	`pslots[i] = conns[g.nodes[1+util.FastRand(nodesCount-1)].Addr].conn`
`254`	`254`	`}`
`255`	`255`	`}`
`@@ -260,9 +260,8 @@ func (c *clusterClient) _refresh() (err error) {`
`260`	`260`	`if len(g.nodes) > 1 {`
`261`	`261`	`n := len(g.nodes) - 1`
`262`	`262`	`for _, slot := range g.slots {`
`263`		`- for i := slot[0]; i <= slot[1]; i++ {`
	`263`	`+ for i := slot[0]; i <= slot[1] && i >= 0 && i < 16384; i++ {`
`264`	`264`	`pslots[i] = conns[master].conn`
`265`		`-`
`266`	`265`	`rIndex := c.opt.ReplicaSelector(uint16(i), g.nodes[1:])`
`267`	`266`	`if rIndex >= 0 && rIndex < n {`
`268`	`267`	`rslots[i] = conns[g.nodes[1+rIndex].Addr].conn`
`@@ -273,15 +272,15 @@ func (c *clusterClient) _refresh() (err error) {`
`273`	`272`	`}`
`274`	`273`	`} else {`
`275`	`274`	`for _, slot := range g.slots {`
`276`		`- for i := slot[0]; i <= slot[1]; i++ {`
	`275`	`+ for i := slot[0]; i <= slot[1] && i >= 0 && i < 16384; i++ {`
`277`	`276`	`pslots[i] = conns[master].conn`
`278`	`277`	`rslots[i] = conns[master].conn`
`279`	`278`	`}`
`280`	`279`	`}`
`281`	`280`	`}`
`282`	`281`	`default:`
`283`	`282`	`for _, slot := range g.slots {`
`284`		`- for i := slot[0]; i <= slot[1]; i++ {`
	`283`	`+ for i := slot[0]; i <= slot[1] && i >= 0 && i < 16384; i++ {`
`285`	`284`	`pslots[i] = conns[master].conn`
`286`	`285`	`}`
`287`	`286`	`}`