From c6646cb19242b0e0966760b38e7df74742b3a7b2 Mon Sep 17 00:00:00 2001
From: Alex Smith <aes7mv@virginia.edu>
Date: Fri, 16 Oct 2020 17:38:38 -0400
Subject: [PATCH] read: Ensure no invalid '\r' or '\n' in simple status/error
 strings

---
 read.c | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/read.c b/read.c
index 01fa9dc..89b5b5a 100644
--- a/read.c
+++ b/read.c
@@ -339,6 +339,13 @@ static int processLineItem(redisReader *r) {
                 obj = (void*)REDIS_REPLY_BOOL;
         } else {
             /* Type will be error or status. */
+            for (int i = 0; i < len; i++) {
+                if (p[i] == '\r' || p[i] == '\n') {
+                    __redisReaderSetError(r,REDIS_ERR_PROTOCOL,
+                            "Bad simple string value");
+                    return REDIS_ERR;
+                }
+            }
             if (r->fn && r->fn->createString)
                 obj = r->fn->createString(cur,p,len);
             else