From: Remi Gacogne <remi.gacogne@powerdns.com>
Date: Fri, 9 Dec 2016 16:09:25 +0000 (+0100)
Subject: dnsdist: Don't leak a FD if the TCP connection to the backend fails
X-Git-Tag: dnsdist-1.1.0-beta2~7^2
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=578fc6e57f9361a093670014e847a17eef103137;p=thirdparty%2Fpdns.git

dnsdist: Don't leak a FD if the TCP connection to the backend fails
---

diff --git a/pdns/dnsdist-tcp.cc b/pdns/dnsdist-tcp.cc
index a805b8906e..13d2c8d331 100644
--- a/pdns/dnsdist-tcp.cc
+++ b/pdns/dnsdist-tcp.cc
@@ -51,12 +51,19 @@ static int setupTCPDownstream(shared_ptr<DownstreamState> ds)
 {  
   vinfolog("TCP connecting to downstream %s", ds->remote.toStringWithPort());
   int sock = SSocket(ds->remote.sin4.sin_family, SOCK_STREAM, 0);
-  if (!IsAnyAddress(ds->sourceAddr)) {
-    SSetsockopt(sock, SOL_SOCKET, SO_REUSEADDR, 1);
-    SBind(sock, ds->sourceAddr);
+  try {
+    if (!IsAnyAddress(ds->sourceAddr)) {
+      SSetsockopt(sock, SOL_SOCKET, SO_REUSEADDR, 1);
+      SBind(sock, ds->sourceAddr);
+    }
+    SConnect(sock, ds->remote);
+    setNonBlocking(sock);
+  }
+  catch(const std::runtime_error& e) {
+    /* don't leak our file descriptor if SConnect() (for example) throws */
+    close(sock);
+    throw;
   }
-  SConnect(sock, ds->remote);
-  setNonBlocking(sock);
   return sock;
 }