Details
-
Bug
-
Status: Resolved
-
Major
-
Resolution: Fixed
-
None
-
None
Description
From downstream GUAC-1572:
In guacd's SSL/TLS socket implementation, the file descriptor is not closed if SSL_accept() fails, resulting in a leak. See:
guac_socket_open_secure() should not free the file descriptor itself (having a failed allocation do anything but return an error code would violate the Principle of Least Surprise), but callers of guac_socket_open_secure() should handle error conditions properly and clean up after themselves.