From 0dc8d8d027114262bc470d94ecc2664523961446 Mon Sep 17 00:00:00 2001 From: Valentine Krasnobaeva Date: Fri, 22 Aug 2025 09:55:40 +0200 Subject: [PATCH] MINOR: dns: dns_connect_nameserver: fix fd leak at error path This fixes the commit 2c7e05f80e3b ("MEDIUM: dns: don't call connect to dest socket for AF_INET*"). If we fail to bind AF_INET sockets or the address family of the nameserver protocol isn't something, what we expect, we need to close the fd, obtained by connect. This fixes the issue GitHub #3085 This must be backported along with the commit 2c7e05f80e3b. --- src/dns.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/src/dns.c b/src/dns.c index e02eb1bdc..ed10b5cae 100644 --- a/src/dns.c +++ b/src/dns.c @@ -77,6 +77,7 @@ static int dns_connect_nameserver(struct dns_nameserver *ns) send_log(NULL, LOG_WARNING, "DNS : section '%s': can't bind socket for nameserver '%s' on 0.0.0.0:0.\n", ns->counters->pid, ns->id); + close(fd); return -1; } break; @@ -93,6 +94,7 @@ static int dns_connect_nameserver(struct dns_nameserver *ns) send_log(NULL, LOG_WARNING, "DNS : section '%s': can't bind socket for nameserver '%s' on :::0.\n", ns->counters->pid, ns->id); + close(fd); return -1; } break; @@ -110,6 +112,7 @@ static int dns_connect_nameserver(struct dns_nameserver *ns) } break; default: + close(fd); BUG_ON(1, "DNS: Unsupported address family."); }