BUG/MEDIUM: mworker: avoid leak of client socket

If the master was reloaded and there was a established connection to a
server, the FD resulting from the accept was leaking.

There was no CLOEXEC flag set on the FD of the socketpair created during
a connect call. This is specific to the socketpair in the master process
but it should be applied to every protocol in case we use them in the
master at some point.

No backport needed.

diff --git a/src/proto_sockpair.c b/src/proto_sockpair.c
index ef0e725639295ef00a37093fa2d244519baa3613..f83c51b86c9b1062cf0bc8275cc9e39000a1b726 100644 (file)
--- a/src/proto_sockpair.c
+++ b/src/proto_sockpair.c
@@ -280,6 +280,15 @@ static int sockpair_connect_server(struct connection *conn, int data, int delack
                return SF_ERR_INTERNAL;
        }
 
+       if (master == 1 && (fcntl(fd, F_SETFD, FD_CLOEXEC) == -1)) {
+               ha_alert("Cannot set CLOEXEC on client socket.\n");
+               close(sv[0]);
+               close(sv[1]);
+               conn->err_code = CO_ER_SOCK_ERR;
+               conn->flags |= CO_FL_ERROR;
+               return SF_ERR_INTERNAL;
+       }
+
        /* if a send_proxy is there, there are data */
        data |= conn->send_proxy_ofs;
 

diff --git a/src/proto_tcp.c b/src/proto_tcp.c
index 0c531e6ec9d0554355bffcb15588188faf80fa36..9bc048b9c823a5d268201a3fdb02bff4186db84e 100644 (file)
--- a/src/proto_tcp.c
+++ b/src/proto_tcp.c
@@ -364,6 +364,14 @@ int tcp_connect_server(struct connection *conn, int data, int delack)
                return SF_ERR_INTERNAL;
        }
 
+       if (master == 1 && (fcntl(fd, F_SETFD, FD_CLOEXEC) == -1)) {
+               ha_alert("Cannot set CLOEXEC on client socket.\n");
+               close(fd);
+               conn->err_code = CO_ER_SOCK_ERR;
+               conn->flags |= CO_FL_ERROR;
+               return SF_ERR_INTERNAL;
+       }
+
        if (be->options & PR_O_TCP_SRV_KA)
                setsockopt(fd, SOL_SOCKET, SO_KEEPALIVE, &one, sizeof(one));
 

diff --git a/src/proto_uxst.c b/src/proto_uxst.c
index 878a10db5985e8c135bff08dd55bbe8f440a0d1f..965b7cb84f4c9dd4bee34256679b4fdfddf53a39 100644 (file)
--- a/src/proto_uxst.c
+++ b/src/proto_uxst.c
@@ -502,6 +502,14 @@ static int uxst_connect_server(struct connection *conn, int data, int delack)
                return SF_ERR_INTERNAL;
        }
 
+       if (master == 1 && (fcntl(fd, F_SETFD, FD_CLOEXEC) == -1)) {
+               ha_alert("Cannot set CLOEXEC on client socket.\n");
+               close(fd);
+               conn->err_code = CO_ER_SOCK_ERR;
+               conn->flags |= CO_FL_ERROR;
+               return SF_ERR_INTERNAL;
+       }
+
        /* if a send_proxy is there, there are data */
        data |= conn->send_proxy_ofs;