dnsdist: Make sure we close the TLS layer before the descriptor

diff --git a/pdns/dnsdist-tcp.cc b/pdns/dnsdist-tcp.cc
index 4aad80570508072fb54584c5bd374a61c71b3e40..b32b81b7c72e94ed4decc7159969928a4525472a 100644 (file)
--- a/pdns/dnsdist-tcp.cc
+++ b/pdns/dnsdist-tcp.cc
@@ -166,6 +166,11 @@ IncomingTCPConnectionState::~IncomingTCPConnectionState()
     auto diff = now - d_connectionStartTime;
     d_ci.cs->updateTCPMetrics(d_queriesCount, diff.tv_sec * 1000.0 + diff.tv_usec / 1000.0);
   }
+
+  // would have been done when the object is destroyed anyway,
+  // but that way we make sure it's done before the ConnectionInfo is destroyed,
+  // closing the descriptor, instead of relying on the declaration order of the objects in the class
+  d_handler.close();
 }
 
 std::shared_ptr<TCPConnectionToBackend> IncomingTCPConnectionState::getDownstreamConnection(std::shared_ptr<DownstreamState>& ds, const std::unique_ptr<std::vector<ProxyProtocolValue>>& tlvs, const struct timeval& now)

diff --git a/pdns/tcpiohandler.hh b/pdns/tcpiohandler.hh
index f326438290f5b09ad842a358d8a912c0a4b5d5f8..3af40566ce2cc402b140b80369c9472783cc2a47 100644 (file)
--- a/pdns/tcpiohandler.hh
+++ b/pdns/tcpiohandler.hh
@@ -197,12 +197,20 @@ public:
   }
 
   ~TCPIOHandler()
+  {
+    close();
+  }
+
+  /* Prepare the connection but does not close the descriptor */
+  void close()
   {
     if (d_conn) {
       d_conn->close();
+      d_conn.reset();
     }
     else if (d_socket != -1) {
       shutdown(d_socket, SHUT_RDWR);
+      d_socket = -1;
     }
   }