Changes for version 0.11.0 - 2013-04-02
- Cache AUTOLOAD functions by Songmu
- Bump hiredis version to latest by Songmu
Modules
interact with Redis using the hiredis client.
async.c and dict.c in libhiredis.a in hiredis through 0.14.0 allow a NULL pointer dereference because malloc return values are unchecked.
Hiredis is a minimalistic C client library for the Redis database. In affected versions Hiredis is vulnurable to integer overflow if provided maliciously crafted or corrupted `RESP` `mult-bulk` protocol data. When parsing `multi-bulk` (array-like) replies, hiredis fails to check if `count * sizeof(redisReply*)` can be represented in `SIZE_MAX`. If it can not, and the `calloc()` call doesn't itself make this check, it would result in a short allocation and subsequent buffer overflow. Users of hiredis who are unable to update may set the [maxelements](https://github.com/redis/hiredis#reader-max-array-elements) context option to a value small enough that no overflow is possible.
To install Redis::hiredis, copy and paste the appropriate command in to your terminal.
cpanm Redis::hiredisperl -MCPAN -e shell
install Redis::hiredisFor more information on module installation, please visit the detailed CPAN module installation guide.
| Global | |
|---|---|
| s | Focus search bar |
| ? | Bring up this help dialog |
| GitHub | |
|---|---|
| g p | Go to pull requests |
| g i | Go to GitHub issues (only if GitHub is preferred repository) |
| POD | |
|---|---|
| g a | Go to author |
| g c | Go to changes |
| g i | Go to issues |
| g d | Go to dist |
| g r | Go to repository/SCM |
| g s | Go to source |
| g b | Go to file browse |
| Search terms | |
|---|---|
| module: (e.g. module:Plugin) | |
| distribution: (e.g. distribution:Dancer auth) | |
| author: (e.g. author:SONGMU Redis) | |
| version: (e.g. version:1.00) |