tcp_listen_handler() has several error paths that will cancel the creation
of a new flow, after having accept()ed an incoming socket connection.
Coverity pointed out that in those cases we leak the new socket. Correct
this by properly closing the socket. Make sure to also set SO_LINGER so
that the peer will get an RST.
Signed-off-by: David Gibson
---
tcp.c | 9 ++++++---
1 file changed, 6 insertions(+), 3 deletions(-)
diff --git a/tcp.c b/tcp.c
index 1078bdc3..652c68a5 100644
--- a/tcp.c
+++ b/tcp.c
@@ -2575,11 +2575,11 @@ void tcp_listen_handler(const struct ctx *c, union epoll_ref ref,
err("Invalid endpoint from TCP accept(): %s",
sockaddr_ntop(&sa, sastr, sizeof(sastr)));
- goto cancel;
+ goto rst;
}
if (!flow_target(c, flow, ref.listen.rule, IPPROTO_TCP))
- goto cancel;
+ goto rst;
switch (flow->f.pif[TGTSIDE]) {
case PIF_SPLICE:
@@ -2595,11 +2595,14 @@ void tcp_listen_handler(const struct ctx *c, union epoll_ref ref,
flow_err(flow, "No support for forwarding TCP from %s to %s",
pif_name(flow->f.pif[INISIDE]),
pif_name(flow->f.pif[TGTSIDE]));
- goto cancel;
+ goto rst;
}
return;
+rst:
+ tcp_linger0(flow, s);
+ close(s);
cancel:
flow_alloc_cancel(flow);
}
--
2.54.0