Uploaded image for project: 'Guacamole'
  1. Guacamole
  2. GUACAMOLE-117

File descriptor leak if SSL/TLS negotiation fails

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Resolved
    • Major
    • Resolution: Fixed
    • None
    • 0.9.11-incubating
    • guacd
    • None

    Description

      From downstream GUAC-1572:

      In guacd's SSL/TLS socket implementation, the file descriptor is not closed if SSL_accept() fails, resulting in a leak. See:

      https://github.com/apache/incubator-guacamole-server/blob/16a8b9b94bfe35e5eba0079965856e46533c79c0/src/guacd/connection.c#L377-L382

      guac_socket_open_secure() should not free the file descriptor itself (having a failed allocation do anything but return an error code would violate the Principle of Least Surprise), but callers of guac_socket_open_secure() should handle error conditions properly and clean up after themselves.

      Attachments

        Activity

          People

            mjumper Mike Jumper
            mjumper Mike Jumper
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: