From 25a4699a9ea321062fc44e651f49fe82174dc2f1 Mon Sep 17 00:00:00 2001
From: Matt Stancliff <matt@genges.com>
Date: Fri, 1 Aug 2014 14:55:24 -0400
Subject: [PATCH] Reject MOVE to non-integer DBs

Previously, "MOVE key somestring" would move the key to
DB 0 which is just unexpected and wrong.
String as DB == error.

Test added too.

Modified by @antirez in order to use the getLongLongFromObject() API
instead of strtol().

Fixes #1428
---
 src/db.c             | 7 ++++++-
 tests/unit/basic.tcl | 6 ++++++
 2 files changed, 12 insertions(+), 1 deletion(-)

diff --git a/src/db.c b/src/db.c
index 18a93f1c..f8f5ef8e 100644
--- a/src/db.c
+++ b/src/db.c
@@ -697,11 +697,16 @@ void moveCommand(redisClient *c) {
     robj *o;
     redisDb *src, *dst;
     int srcid;
+    long long dbid;
 
     /* Obtain source and target DB pointers */
     src = c->db;
     srcid = c->db->id;
-    if (selectDb(c,atoi(c->argv[2]->ptr)) == REDIS_ERR) {
+
+    if (getLongLongFromObject(c->argv[2],&dbid) == REDIS_ERR ||
+        dbid < INT_MIN || dbid > INT_MAX ||
+        selectDb(c,dbid) == REDIS_ERR)
+    {
         addReply(c,shared.outofrangeerr);
         return;
     }
diff --git a/tests/unit/basic.tcl b/tests/unit/basic.tcl
index 2579cc9d..11037608 100644
--- a/tests/unit/basic.tcl
+++ b/tests/unit/basic.tcl
@@ -404,6 +404,12 @@ start_server {tags {"basic"}} {
         r move mykey 10
     } {0}
 
+    test {MOVE against non-integer DB (#1428)} {
+        r set mykey hello
+        catch {r move mykey notanumber} e
+        set e
+    } {*ERR*index out of range}
+
     test {SET/GET keys in different DBs} {
         r set a hello
         r set b world