diff options
| author | David Gibson <david@gibson.dropbear.id.au> | 2026-05-13 17:18:21 +1000 |
|---|---|---|
| committer | Stefano Brivio <sbrivio@redhat.com> | 2026-05-27 10:17:42 +0200 |
| commit | 4b2823784aab04a70dfc295b16fd6f0592955790 (patch) | |
| tree | 83c1d11e3153ce91954805a217f56a331d59b0bc | |
| parent | 98e3c015b3791ff55381e5ee687f541721d1695e (diff) | |
| download | passt-4b2823784aab04a70dfc295b16fd6f0592955790.tar passt-4b2823784aab04a70dfc295b16fd6f0592955790.tar.gz passt-4b2823784aab04a70dfc295b16fd6f0592955790.tar.bz2 passt-4b2823784aab04a70dfc295b16fd6f0592955790.tar.lz passt-4b2823784aab04a70dfc295b16fd6f0592955790.tar.xz passt-4b2823784aab04a70dfc295b16fd6f0592955790.tar.zst passt-4b2823784aab04a70dfc295b16fd6f0592955790.zip | |
tcp_listen_handler() has several error paths that will cancel the creation
of a new flow, after having accept()ed an incoming socket connection.
Coverity pointed out that in those cases we leak the new socket. Correct
this by properly closing the socket. Make sure to also set SO_LINGER so
that the peer will get an RST.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
| -rw-r--r-- | tcp.c | 9 |
1 files changed, 6 insertions, 3 deletions
@@ -2578,11 +2578,11 @@ void tcp_listen_handler(const struct ctx *c, union epoll_ref ref, err("Invalid endpoint from TCP accept(): %s", sockaddr_ntop(&sa, sastr, sizeof(sastr))); - goto cancel; + goto rst; } if (!flow_target(c, flow, ref.listen.rule, IPPROTO_TCP)) - goto cancel; + goto rst; switch (flow->f.pif[TGTSIDE]) { case PIF_SPLICE: @@ -2598,11 +2598,14 @@ void tcp_listen_handler(const struct ctx *c, union epoll_ref ref, flow_err(flow, "No support for forwarding TCP from %s to %s", pif_name(flow->f.pif[INISIDE]), pif_name(flow->f.pif[TGTSIDE])); - goto cancel; + goto rst; } return; +rst: + tcp_linger0(flow, s); + close(s); cancel: flow_alloc_cancel(flow); } |