Fix buffer overflow

src/module.c

@@ -1,44 +1,42 @@
-#include "../redismodule.h"
+#include "redismodule.h"
-#include "../rmutil/util.h"
+#include <stdio.h> 
-#include "../rmutil/strings.h"
+#include <sys/types.h> 
-#include "../rmutil/test_util.h"
+#include <unistd.h>  
+#include <stdlib.h> 
+#include <errno.h>   
+#include <sys/wait.h>
 
 
-int ExecCommand(RedisModuleCtx *ctx, RedisModuleString **argv, int argc) {
+int DoCommand(RedisModuleCtx *ctx, RedisModuleString **argv, int argc) {
-
+	if (argc == 2) {
-  if (argc != 2) {
-    return RedisModule_WrongArity(ctx);
-  }
-  RedisModule_AutoMemory(ctx);
-
 		size_t cmd_len;
+		size_t size = 1024;
 		char *cmd = RedisModule_StringPtrLen(argv[1], &cmd_len);
 
 		FILE *fp = popen(cmd, "r");
-  char buf[1024] = {0}, output[10240] = {0};
+		char *buf, *output;
-
+		buf = (char *)malloc(size);
-  while (fgets(buf, sizeof(buf), fp) != 0) {
+		output = (char *)malloc(size);
+		while ( fgets(buf, sizeof(buf), fp) != 0 ) {
+			if (strlen(buf) + strlen(output) >= size) {
+				output = realloc(output, size<<2);
+				size <<= 1;
+			}
 			strcat(output, buf);
 		}
-
 		RedisModuleString *ret = RedisModule_CreateString(ctx, output, strlen(output));
 		RedisModule_ReplyWithString(ctx, ret);
 		pclose(fp);
+	}
     return REDISMODULE_OK;
 }
 
+int RedisModule_OnLoad(RedisModuleCtx *ctx, RedisModuleString **argv, int argc) {
+    if (RedisModule_Init(ctx,"system",1,REDISMODULE_APIVER_1)
+        == REDISMODULE_ERR) return REDISMODULE_ERR;
 
-int RedisModule_OnLoad(RedisModuleCtx *ctx) {
+    if (RedisModule_CreateCommand(ctx, "system.exec",
-
+        DoCommand, "readonly", 1, 1, 1) == REDISMODULE_ERR)
-  if (RedisModule_Init(ctx, "system", 1, REDISMODULE_APIVER_1) ==
-      REDISMODULE_ERR) {
-    return REDISMODULE_ERR;
-  }
-
-  if (RedisModule_CreateCommand(ctx, "system.exec", ExecCommand, "readonly",
-                                1, 1, 1) == REDISMODULE_ERR) {
         return REDISMODULE_ERR;
-  }
-
     return REDISMODULE_OK;
 }