gvsafronov/futriix
1
0
Fork 0
Code Issues Pull Requests Actions 3 Packages Projects Releases Wiki Activity

Fix a heap-use-after-free bug in cluster bus (#1643)

Browse Source 
https://github.com/valkey-io/valkey/issues/1642

Avoid heap-use-after-free in cluster bus around node cleanup code.

freeClusterNode free the human_nodename.
https://github.com/valkey-io/valkey/blob/unstable/src/cluster_legacy.c#L1725
Then it calls freeClusterLink to free the links.
https://github.com/valkey-io/valkey/blob/unstable/src/cluster_legacy.c#L1730
freeClusterLink print human_nodename here, which just got freed by the
caller freeClusterNode.
https://github.com/valkey-io/valkey/blob/unstable/src/cluster_legacy.c#L1383

Signed-off-by: xingbowang <shawn.xingbo.wang@gmail.com>
This commit is contained in:
xingbowang 2025-01-29 13:13:40 -08:00 committed by GitHub
parent 4b8f3ed9ac
commit ff8a528fd6
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 6 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
src/cluster_legacy.c
View File

@ -1721,14 +1721,16 @@ void freeClusterNode(clusterNode *n) {
nodename = sdsnewlen(n->name, CLUSTER_NAMELEN);
serverAssert(dictDelete(server.cluster->nodes, nodename) == DICT_OK);
sdsfree(nodename);
sdsfree(n->hostname);
sdsfree(n->human_nodename);
sdsfree(n->announce_client_ipv4);
sdsfree(n->announce_client_ipv6);
/* Release links and associated data structures. */
if (n->link) freeClusterLink(n->link);
if (n->inbound_link) freeClusterLink(n->inbound_link);
/* Free these members after links are freed, as freeClusterLink may access them. */
sdsfree(n->hostname);
sdsfree(n->human_nodename);
sdsfree(n->announce_client_ipv4);
sdsfree(n->announce_client_ipv6);
listRelease(n->fail_reports);
zfree(n->replicas);
zfree(n);