From af01c7c2a6fd7a4a7a907a373b07ca5aa28e8195 Mon Sep 17 00:00:00 2001 From: Delta Yeh Date: Mon, 3 May 2010 22:08:33 +0800 Subject: [PATCH] [BUG] cttproxy: socket fd leakage in check_cttproxy_version in cttproxy.c check_cttproxy_version socket is not closed before function returned. Although it is called only once, I think it is better to close the socket. --- src/cttproxy.c | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/src/cttproxy.c b/src/cttproxy.c index 9faed881e..0cfd834de 100644 --- a/src/cttproxy.c +++ b/src/cttproxy.c @@ -33,7 +33,7 @@ */ int check_cttproxy_version() { struct in_tproxy itp1; - int fd; + int fd, ret; memset(&itp1, 0, sizeof(itp1)); @@ -43,14 +43,16 @@ int check_cttproxy_version() { itp1.op = TPROXY_VERSION; itp1.v.version = 0x02000000; /* CTTPROXY version 2.0 expected */ - + + ret = 0; if (setsockopt(fd, SOL_IP, IP_TPROXY, &itp1, sizeof(itp1)) == -1) { if (errno == -EINVAL) - return -1; /* wrong version */ + ret = -1; /* wrong version */ else - return -2; /* not supported or other error */ + ret = -2; /* not supported or other error */ } - return 0; + close(fd); + return ret; }