diff options
author | Madelyn Olson <34459052+madolson@users.noreply.github.com> | 2022-09-13 16:19:29 -0500 |
---|---|---|
committer | GitHub <noreply@github.com> | 2022-09-13 16:19:29 -0500 |
commit | 6c03786b66d27a53629cac21d5b89b17bfad6b65 (patch) | |
tree | b2c146b099ea3a3122dca8d8caec4b5ecf620deb /src | |
parent | 36abc0fa8f50a0c5bbe8b5ddcca657d6ada94363 (diff) | |
download | redis-6c03786b66d27a53629cac21d5b89b17bfad6b65.tar.gz |
Prevent use after free for inbound cluster link (#11255)
Diffstat (limited to 'src')
-rw-r--r-- | src/cluster.c | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/src/cluster.c b/src/cluster.c index 6d111500f..862c3c572 100644 --- a/src/cluster.c +++ b/src/cluster.c @@ -845,10 +845,15 @@ void setClusterNodeToInboundClusterLink(clusterNode *node, clusterLink *link) { /* A peer may disconnect and then reconnect with us, and it's not guaranteed that * we would always process the disconnection of the existing inbound link before * accepting a new existing inbound link. Therefore, it's possible to have more than - * one inbound link from the same node at the same time. */ + * one inbound link from the same node at the same time. Our cleanup logic assumes + * a one to one relationship between nodes and inbound links, so we need to kill + * one of the links. The existing link is more likely the outdated one, but it's + * possible the the other node may need to open another link. */ serverLog(LL_DEBUG, "Replacing inbound link fd %d from node %.40s with fd %d", node->inbound_link->conn->fd, node->name, link->conn->fd); + freeClusterLink(node->inbound_link); } + serverAssert(!node->inbound_link); node->inbound_link = link; link->node = node; } |