From: Delta Yeh <delta.yeh@gmail.com>
Date: Mon, 3 May 2010 14:08:33 +0000 (+0800)
Subject: [BUG] cttproxy: socket fd leakage in check_cttproxy_version
X-Git-Tag: v1.4.5~11
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=af01c7c2a6fd7a4a7a907a373b07ca5aa28e8195;p=thirdparty%2Fhaproxy.git

[BUG] cttproxy: socket fd leakage in check_cttproxy_version

in cttproxy.c check_cttproxy_version socket is not closed before function
returned. Although it is called only once, I think it is better to close
the socket.
---

diff --git a/src/cttproxy.c b/src/cttproxy.c
index 9faed881e5..0cfd834dea 100644
--- a/src/cttproxy.c
+++ b/src/cttproxy.c
@@ -33,7 +33,7 @@
  */
 int check_cttproxy_version() {
 	struct in_tproxy itp1;
-	int fd;
+	int fd, ret;
 
 	memset(&itp1, 0, sizeof(itp1));
 		
@@ -43,14 +43,16 @@ int check_cttproxy_version() {
 
 	itp1.op = TPROXY_VERSION;
 	itp1.v.version = 0x02000000; /* CTTPROXY version 2.0 expected */
-	
+
+	ret = 0;
 	if (setsockopt(fd, SOL_IP, IP_TPROXY, &itp1, sizeof(itp1)) == -1) {
 		if (errno == -EINVAL)
-			return -1; /* wrong version */
+			ret = -1; /* wrong version */
 		else
-			return -2; /* not supported or other error */
+			ret = -2; /* not supported or other error */
 	}
-	return 0;
+	close(fd);
+	return ret;
 }