Uploaded image for project: 'Guacamole'
  1. Guacamole
  2. GUACAMOLE-117

File descriptor leak if SSL/TLS negotiation fails

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 0.9.11-incubating
    • Component/s: guacd
    • Labels:
      None

      Description

      From downstream GUAC-1572:

      In guacd's SSL/TLS socket implementation, the file descriptor is not closed if SSL_accept() fails, resulting in a leak. See:

      https://github.com/apache/incubator-guacamole-server/blob/16a8b9b94bfe35e5eba0079965856e46533c79c0/src/guacd/connection.c#L377-L382

      guac_socket_open_secure() should not free the file descriptor itself (having a failed allocation do anything but return an error code would violate the Principle of Least Surprise), but callers of guac_socket_open_secure() should handle error conditions properly and clean up after themselves.

        Attachments

          Activity

            People

            • Assignee:
              mike.jumper Michael Jumper
              Reporter:
              mike.jumper Michael Jumper
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: