commands_utils: fix socket leak when adding state client

If lxc_add_state_client() is called with the container already being in the desired state the client fd will never be closed and is leaking. This is due to setting stay_connected in lxc_cmd for LXC_CMD_ADD_STATE_CLIENT. If the desired state isn't already achieved the client fd will later be closed by calling lxc_cmd_fd_cleanup() but in the other case the client configuration isn't added to the handlers
state clients. So the client fd has to be closed explicitely.

This is simply tested by starting container A and calling lxc-wait -n A -s RUNNING.

Signed-off-by: Matthias Hardt <matthias.hardt@gmail.com>

diff --git a/src/lxc/commands.c b/src/lxc/commands.c
index cb67e71902562bee6f56ab4395774746cfc41897..729139a6e5f1734ae5c5c6f0c300432058d44fbd 100644 (file)
--- a/src/lxc/commands.c
+++ b/src/lxc/commands.c
@@ -863,7 +863,7 @@ int lxc_cmd_add_state_client(const char *name, const char *lxcpath,
        return MAX_STATE;
 }
 
-static int lxc_cmd_add_state_client_callback(int fd, struct lxc_cmd_req *req,
+static int lxc_cmd_add_state_client_callback(__owns int fd, struct lxc_cmd_req *req,
                                             struct lxc_handler *handler,
                                             struct lxc_epoll_descr *descr)
 {
@@ -889,6 +889,10 @@ static int lxc_cmd_add_state_client_callback(int fd, struct lxc_cmd_req *req,
        if (ret < 0)
                goto reap_client_fd;
 
+       /* close fd if state is already achieved to avoid leakage */
+       if (rsp.ret != MAX_STATE)
+               close(fd);
+
        return 0;
 
 reap_client_fd:

diff --git a/src/lxc/compiler.h b/src/lxc/compiler.h
index ad9ac9033aabc3940819eb3b42e67d7761fc5179..92cd9fd141df999c85bd6ade784c4aa070bb7dfe 100644 (file)
--- a/src/lxc/compiler.h
+++ b/src/lxc/compiler.h
@@ -52,6 +52,9 @@
 #define __lxc_unused
 #endif
 
+/* Indicates taking ownership */
+#define __owns
+
 #define __cgfsng_ops
 
 #endif /* __LXC_COMPILER_H */