diff options
author | Yossi Gottlieb <yossigo@gmail.com> | 2021-01-21 19:55:42 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2021-01-21 19:55:42 +0200 |
commit | f28fccd2db929e7034874cf795af0433d8deb467 (patch) | |
tree | b1a0151f448a3ff6f19c8b24240d6e1463190544 | |
parent | 3f3cb9d09b815869764e74dd52af1994fed55fe6 (diff) | |
download | redis-f28fccd2db929e7034874cf795af0433d8deb467.tar.gz |
Fix anetCloexec for Sentinel TLS conns. (#8377)
The flag should be set before TLS negotiation begins to avoid a race
condition where a fork+exec before it is completed ends up leaking the
file descriptor.
-rw-r--r-- | src/sentinel.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/src/sentinel.c b/src/sentinel.c index 9da7732a0..75030df78 100644 --- a/src/sentinel.c +++ b/src/sentinel.c @@ -2126,6 +2126,7 @@ void sentinelReconnectInstance(sentinelRedisInstance *ri) { /* Commands connection. */ if (link->cc == NULL) { link->cc = redisAsyncConnectBind(ri->addr->ip,ri->addr->port,NET_FIRST_BIND_ADDR); + if (!link->cc->err) anetCloexec(link->cc->c.fd); if (!link->cc->err && server.tls_replication && (instanceLinkNegotiateTLS(link->cc) == C_ERR)) { sentinelEvent(LL_DEBUG,"-cmd-link-reconnection",ri,"%@ #Failed to initialize TLS"); @@ -2135,7 +2136,6 @@ void sentinelReconnectInstance(sentinelRedisInstance *ri) { link->cc->errstr); instanceLinkCloseConnection(link,link->cc); } else { - anetCloexec(link->cc->c.fd); link->pending_commands = 0; link->cc_conn_time = mstime(); link->cc->data = link; @@ -2154,6 +2154,7 @@ void sentinelReconnectInstance(sentinelRedisInstance *ri) { /* Pub / Sub */ if ((ri->flags & (SRI_MASTER|SRI_SLAVE)) && link->pc == NULL) { link->pc = redisAsyncConnectBind(ri->addr->ip,ri->addr->port,NET_FIRST_BIND_ADDR); + if (!link->pc->err) anetCloexec(link->pc->c.fd); if (!link->pc->err && server.tls_replication && (instanceLinkNegotiateTLS(link->pc) == C_ERR)) { sentinelEvent(LL_DEBUG,"-pubsub-link-reconnection",ri,"%@ #Failed to initialize TLS"); @@ -2163,7 +2164,6 @@ void sentinelReconnectInstance(sentinelRedisInstance *ri) { instanceLinkCloseConnection(link,link->pc); } else { int retval; - anetCloexec(link->pc->c.fd); link->pc_conn_time = mstime(); link->pc->data = link; redisAeAttach(server.el,link->pc); |