Skip to content

Clear import-source flag on connection state reset#3973

Open
tjade273 wants to merge 1 commit into
valkey-io:unstablefrom
trail-of-forks:fix/reset-import-source
Open

Clear import-source flag on connection state reset#3973
tjade273 wants to merge 1 commit into
valkey-io:unstablefrom
trail-of-forks:fix/reset-import-source

Conversation

@tjade273

Copy link
Copy Markdown

Problem

clearClientConnectionState() resets the per-connection flags (tracking, db, auth, transactions, pub/sub, name, no-touch, no-evict) but leaves c->flag.import_source set.

That flag is only toggled by CLIENT IMPORT-SOURCE ON|OFF. When set it makes the connection treat logically expired keys as live (see objectIsExpired() / keyIsExpiredWithDictIndex() in db.c and the POLICY_IGNORE_EXPIRE path in expire.c).

CLIENT RESET is NO_AUTH and is commonly issued by connection pools before handing a socket to another user. Because the flag survives RESET, a pooled connection that was placed in import mode keeps import-mode expiration semantics for whoever reuses it, reading expired data a fresh connection would see as missing.

Fix

Clear c->flag.import_source alongside the other flags in clearClientConnectionState() so RESET returns the connection to normal expiration semantics.

A bare AUTH (without a preceding RESET) still does not clear the flag, since AUTH does not route through clearClientConnectionState(). The pooling pattern that exposes this always issues RESET before reuse, so it is covered; clearing on the auth path as well would be a reasonable follow-up.

Testing

Added regression tests in tests/unit/expire.tcl: after CLIENT IMPORT-SOURCE ON then RESET, CLIENT LIST reports flags=N, and a logically expired key reads back nil with TTL -2.

I verified both fail on pre-fix code (the flag stays I) and pass after the fix.

clearClientConnectionState() reset the per-connection flags but left
c->flag.import_source set. Since CLIENT RESET is NO_AUTH and used by
connection pools before handing a socket to another user, the stale flag
crossed auth and tenant boundaries, letting a user inherit import-mode
expiration semantics and read logically expired data a fresh connection
would see as missing.

Clear import_source alongside the other connection-state flags, and add a
regression test covering RESET clearing the flag and the resulting
expiration semantics.

Refs trailofbits/ptp-valkey#11

Signed-off-by: Tjaden Hess <tjade273@gmail.com>
@coderabbitai

coderabbitai Bot commented Jun 11, 2026

Copy link
Copy Markdown

Review Change Stack

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info
⚙️ Run configuration

Configuration used: Repository UI

Review profile: CHILL

Plan: Pro Plus

Run ID: c2dc19df-908d-4a73-a931-e73d4ab9ddc7

📥 Commits

Reviewing files that changed from the base of the PR and between f3bdf50 and f0ab044.

📒 Files selected for processing (2)
  • src/networking.c
  • tests/unit/expire.tcl

📝 Walkthrough

Walkthrough

This PR adds a single-line fix to clear the import_source client flag during connection reset, preventing this state from persisting across client reinitialization. Two new tests verify that the RESET command correctly removes import-source privilege and its associated expiration semantics.

Changes

Import-source flag reset on client RESET

Layer / File(s) Summary
Clear import_source flag in connection reset
src/networking.c
clearClientConnectionState() now resets the import_source flag to 0 during client reinitialization.
Test RESET command behavior in import-mode
tests/unit/expire.tcl
Two new tests verify that RESET removes the import-source privilege (client flag change) and drops import-source expiration semantics, ensuring expired keys behave normally after reset.

🎯 1 (Trivial) | ⏱️ ~3 minutes

🚥 Pre-merge checks | ✅ 5
✅ Passed checks (5 passed)
Check name Status Explanation
Title check ✅ Passed The title directly and clearly describes the main change: clearing the import-source flag during connection state reset, which is the core fix in this PR.
Description check ✅ Passed The description is comprehensive and directly related to the changeset, explaining the problem, the fix, and the testing approach for the import-source flag clearing issue.
Docstring Coverage ✅ Passed Docstring coverage is 100.00% which is sufficient. The required threshold is 80.00%.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.

✏️ Tip: You can configure your own custom pre-merge checks in the settings.


Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant