Prevent use after free for inbound cluster link (#11255)

2022-09-13 16:19:29 -05:00 · 2022-09-13 16:19:29 -05:00 · 6c03786b66
commit 6c03786b66
parent 36abc0fa8f
1 changed files with 6 additions and 1 deletions
--- a/src/cluster.c
+++ b/src/cluster.c
@ -845,10 +845,15 @@ void setClusterNodeToInboundClusterLink(clusterNode *node, clusterLink *link) {
        /* A peer may disconnect and then reconnect with us, and it's not guaranteed that
         * we would always process the disconnection of the existing inbound link before
         * accepting a new existing inbound link. Therefore, it's possible to have more than
-         * one inbound link from the same node at the same time. */
+         * one inbound link from the same node at the same time. Our cleanup logic assumes
+         * a one to one relationship between nodes and inbound links, so we need to kill
+         * one of the links. The existing link is more likely the outdated one, but it's
+         * possible the the other node may need to open another link. */
        serverLog(LL_DEBUG, "Replacing inbound link fd %d from node %.40s with fd %d",
                node->inbound_link->conn->fd, node->name, link->conn->fd);
+        freeClusterLink(node->inbound_link);
    }
+    serverAssert(!node->inbound_link);
    node->inbound_link = link;
    link->node = node;
 }