Uploaded image for project: 'Guacamole'
  1. Guacamole
  2. GUACAMOLE-117

File descriptor leak if SSL/TLS negotiation fails

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 0.9.11-incubating
    • Component/s: guacd
    • Labels:
      None

      Description

      From downstream GUAC-1572:

      In guacd's SSL/TLS socket implementation, the file descriptor is not closed if SSL_accept() fails, resulting in a leak. See:

      https://github.com/apache/incubator-guacamole-server/blob/16a8b9b94bfe35e5eba0079965856e46533c79c0/src/guacd/connection.c#L377-L382

      guac_socket_open_secure() should not free the file descriptor itself (having a failed allocation do anything but return an error code would violate the Principle of Least Surprise), but callers of guac_socket_open_secure() should handle error conditions properly and clean up after themselves.

        Activity

        There are no comments yet on this issue.

          People

          • Assignee:
            mike.jumper Michael Jumper
            Reporter:
            mike.jumper Michael Jumper
          • Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development