2 files changed, 63 insertions, 0 deletions
diff --git a/meta-oe/recipes-extended/redis/redis-7.0.13/CVE-2025-21605.patch b/meta-oe/recipes-extended/redis/redis-7.0.13/CVE-2025-21605.patch
new file mode 100644
index 0000000000..68ea481861
--- /dev/null
+++ b/meta-oe/recipes-extended/redis/redis-7.0.13/CVE-2025-21605.patch
@@ -0,0 +1,62 @@
+From 42fb340ce426364d64f5dccc9c2549e58f48ac6f Mon Sep 17 00:00:00 2001
+From: YaacovHazan <yaacov.hazan@redis.com>
+Date: Wed, 23 Apr 2025 08:09:40 +0000
+Subject: [PATCH] Limiting output buffer for unauthenticated client
+ (CVE-2025-21605)
+For unauthenticated clients the output buffer is limited to prevent
+them from abusing it by not reading the replies
+Upstream-Status: Backport [https://github.com/redis/redis/commit/42fb340ce426364d64f5dccc9c2549e58f48ac6f]
+CVE: CVE-2025-21605
+Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
+---
+ src/networking.c    |  5 +++++
+ tests/unit/auth.tcl | 18 ++++++++++++++++++
+ 2 files changed, 23 insertions(+)
+diff --git a/src/networking.c b/src/networking.c
+index 7007141a867..bb1a72b9fb4 100644
+--- a/src/networking.c
+++ b/src/networking.c
+@@ -3858,6 +3858,11 @@ int checkClientOutputBufferLimits(client *c) {
+     int soft = 0, hard = 0, class;
+     unsigned long used_mem = getClientOutputBufferMemoryUsage(c);
+ 
+    /* For unauthenticated clients the output buffer is limited to prevent
+     * them from abusing it by not reading the replies */
+    if (used_mem > 1024 && authRequired(c))
+        return 1;
+
+     class = getClientType(c);
+     /* For the purpose of output buffer limiting, masters are handled
+      * like normal clients. */
+diff --git a/tests/unit/auth.tcl b/tests/unit/auth.tcl
+index 9532e0bd2eb..0d25f5dea2d 100644
+--- a/tests/unit/auth.tcl
+++ b/tests/unit/auth.tcl
+@@ -45,6 +45,24 @@ start_server {tags {"auth external:skip"} overrides {requirepass foobar}} {
+         assert_match {*unauthenticated bulk length*} $e
+         $rr close
+     }
+
+    test {For unauthenticated clients output buffer is limited} {
+        set rr [redis [srv "host"] [srv "port"] 1 $::tls]
+        $rr SET x 5
+        catch {[$rr read]} e
+        assert_match {*NOAUTH Authentication required*} $e
+
+        # Fill the output buffer in a loop without reading it and make
+        # sure the client disconnected.
+        # Considering the socket eat some of the replies, we are testing
+        # that such client can't consume more than few MB's.
+        catch {
+            for {set j 0} {$j < 1000000} {incr j} {
+                    $rr SET x 5
+            }
+        } e
+        assert_match {I/O error reading reply} $e
+    }
+ }
+ 
+ start_server {tags {"auth_binary_password external:skip"}} {
diff --git a/meta-oe/recipes-extended/redis/redis_7.0.13.bb b/meta-oe/recipes-extended/redis/redis_7.0.13.bb
index e7bff9b4ec..f22d65462a 100644
--- a/meta-oe/recipes-extended/redis/redis_7.0.13.bb
+++ b/meta-oe/recipes-extended/redis/redis_7.0.13.bb
@@ -23,6 +23,7 @@ SRC_URI = "http://download.redis.io/releases/${BP}.tar.gz \
           file://CVE-2024-31449.patch \
           file://CVE-2024-46981.patch \
           file://CVE-2024-51741.patch \
+           file://CVE-2025-21605.patch \
           "
 SRC_URI[sha256sum] = "97065774d5fb8388eb0d8913458decfcb167d356e40d31dd01cd30c1cc391673"

diff --git a/meta-oe/recipes-extended/redis/redis-7.0.13/CVE-2025-21605.patch b/meta-oe/recipes-extended/redis/redis-7.0.13/CVE-2025-21605.patch new file mode 100644 index 0000000000..68ea481861 --- /dev/null +++ b/meta-oe/recipes-extended/redis/redis-7.0.13/CVE-2025-21605.patch
@@ -0,0 +1,62 @@
		1	From 42fb340ce426364d64f5dccc9c2549e58f48ac6f Mon Sep 17 00:00:00 2001
		2	From: YaacovHazan <yaacov.hazan@redis.com>
		3	Date: Wed, 23 Apr 2025 08:09:40 +0000
		4	Subject: [PATCH] Limiting output buffer for unauthenticated client
		5	(CVE-2025-21605)
		6
		7	For unauthenticated clients the output buffer is limited to prevent
		8	them from abusing it by not reading the replies
		9
		10	Upstream-Status: Backport [https://github.com/redis/redis/commit/42fb340ce426364d64f5dccc9c2549e58f48ac6f]
		11	CVE: CVE-2025-21605
		12	Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
		13	---
		14	src/networking.c \| 5 +++++
		15	tests/unit/auth.tcl \| 18 ++++++++++++++++++
		16	2 files changed, 23 insertions(+)
		17
		18	diff --git a/src/networking.c b/src/networking.c
		19	index 7007141a867..bb1a72b9fb4 100644
		20	--- a/src/networking.c
		21	+++ b/src/networking.c
		22	@@ -3858,6 +3858,11 @@ int checkClientOutputBufferLimits(client *c) {
		23	int soft = 0, hard = 0, class;
		24	unsigned long used_mem = getClientOutputBufferMemoryUsage(c);
		25
		26	+ /* For unauthenticated clients the output buffer is limited to prevent
		27	+ * them from abusing it by not reading the replies */
		28	+ if (used_mem > 1024 && authRequired(c))
		29	+ return 1;
		30	+
		31	class = getClientType(c);
		32	/* For the purpose of output buffer limiting, masters are handled
		33	* like normal clients. */
		34	diff --git a/tests/unit/auth.tcl b/tests/unit/auth.tcl
		35	index 9532e0bd2eb..0d25f5dea2d 100644
		36	--- a/tests/unit/auth.tcl
		37	+++ b/tests/unit/auth.tcl
		38	@@ -45,6 +45,24 @@ start_server {tags {"auth external:skip"} overrides {requirepass foobar}} {
		39	assert_match {unauthenticated bulk length} $e
		40	$rr close
		41	}
		42	+
		43	+ test {For unauthenticated clients output buffer is limited} {
		44	+ set rr [redis [srv "host"] [srv "port"] 1 $::tls]
		45	+ $rr SET x 5
		46	+ catch {[$rr read]} e
		47	+ assert_match {NOAUTH Authentication required} $e
		48	+
		49	+ # Fill the output buffer in a loop without reading it and make
		50	+ # sure the client disconnected.
		51	+ # Considering the socket eat some of the replies, we are testing
		52	+ # that such client can't consume more than few MB's.
		53	+ catch {
		54	+ for {set j 0} {$j < 1000000} {incr j} {
		55	+ $rr SET x 5
		56	+ }
		57	+ } e
		58	+ assert_match {I/O error reading reply} $e
		59	+ }
		60	}
		61
		62	start_server {tags {"auth_binary_password external:skip"}} {


diff --git a/meta-oe/recipes-extended/redis/redis_7.0.13.bb b/meta-oe/recipes-extended/redis/redis_7.0.13.bb index e7bff9b4ec..f22d65462a 100644 --- a/meta-oe/recipes-extended/redis/redis_7.0.13.bb +++ b/meta-oe/recipes-extended/redis/redis_7.0.13.bb
@@ -23,6 +23,7 @@ SRC_URI = "http://download.redis.io/releases/${BP}.tar.gz \
23	file://CVE-2024-31449.patch \	23	file://CVE-2024-31449.patch \
24	file://CVE-2024-46981.patch \	24	file://CVE-2024-46981.patch \
25	file://CVE-2024-51741.patch \	25	file://CVE-2024-51741.patch \
		26	file://CVE-2025-21605.patch \
26	"	27	"
27	SRC_URI[sha256sum] = "97065774d5fb8388eb0d8913458decfcb167d356e40d31dd01cd30c1cc391673"	28	SRC_URI[sha256sum] = "97065774d5fb8388eb0d8913458decfcb167d356e40d31dd01cd30c1cc391673"
28		29