Clear import-source flag on connection state reset#3973
Conversation
clearClientConnectionState() reset the per-connection flags but left c->flag.import_source set. Since CLIENT RESET is NO_AUTH and used by connection pools before handing a socket to another user, the stale flag crossed auth and tenant boundaries, letting a user inherit import-mode expiration semantics and read logically expired data a fresh connection would see as missing. Clear import_source alongside the other connection-state flags, and add a regression test covering RESET clearing the flag and the resulting expiration semantics. Refs trailofbits/ptp-valkey#11 Signed-off-by: Tjaden Hess <tjade273@gmail.com>
|
No actionable comments were generated in the recent review. 🎉 ℹ️ Recent review info⚙️ Run configurationConfiguration used: Repository UI Review profile: CHILL Plan: Pro Plus Run ID: 📒 Files selected for processing (2)
📝 WalkthroughWalkthroughThis PR adds a single-line fix to clear the ChangesImport-source flag reset on client RESET
🎯 1 (Trivial) | ⏱️ ~3 minutes 🚥 Pre-merge checks | ✅ 5✅ Passed checks (5 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
Problem
clearClientConnectionState()resets the per-connection flags (tracking, db, auth, transactions, pub/sub, name, no-touch, no-evict) but leavesc->flag.import_sourceset.That flag is only toggled by
CLIENT IMPORT-SOURCE ON|OFF. When set it makes the connection treat logically expired keys as live (seeobjectIsExpired()/keyIsExpiredWithDictIndex()indb.cand thePOLICY_IGNORE_EXPIREpath inexpire.c).CLIENT RESETisNO_AUTHand is commonly issued by connection pools before handing a socket to another user. Because the flag survives RESET, a pooled connection that was placed in import mode keeps import-mode expiration semantics for whoever reuses it, reading expired data a fresh connection would see as missing.Fix
Clear
c->flag.import_sourcealongside the other flags inclearClientConnectionState()so RESET returns the connection to normal expiration semantics.A bare
AUTH(without a preceding RESET) still does not clear the flag, sinceAUTHdoes not route throughclearClientConnectionState(). The pooling pattern that exposes this always issues RESET before reuse, so it is covered; clearing on the auth path as well would be a reasonable follow-up.Testing
Added regression tests in
tests/unit/expire.tcl: afterCLIENT IMPORT-SOURCE ONthenRESET,CLIENT LISTreportsflags=N, and a logically expired key reads back nil with TTL-2.I verified both fail on pre-fix code (the flag stays
I) and pass after the fix.