From f981b1d9da97844c290e60dabfe973e9cd6dd782 Mon Sep 17 00:00:00 2001 From: Emmanuel T Odeke Date: Tue, 20 Sep 2022 21:27:47 -0700 Subject: [PATCH] all: fix resource leaks with missing .Close() calls Fixes #5706 Signed-off-by: Emmanuel T Odeke --- chirp/chirp.go | 8 +++++++- cmd/tailscale/cli/configure-host.go | 2 +- net/netcheck/netcheck.go | 2 ++ net/nettest/listener.go | 9 ++++++++- wgengine/netstack/netstack.go | 3 +++ 5 files changed, 21 insertions(+), 3 deletions(-) diff --git a/chirp/chirp.go b/chirp/chirp.go index eb879df1d..58c84fb1c 100644 --- a/chirp/chirp.go +++ b/chirp/chirp.go @@ -24,11 +24,17 @@ func New(socket string) (*BIRDClient, error) { return newWithTimeout(socket, responseTimeout) } -func newWithTimeout(socket string, timeout time.Duration) (*BIRDClient, error) { +func newWithTimeout(socket string, timeout time.Duration) (_ *BIRDClient, err error) { conn, err := net.Dial("unix", socket) if err != nil { return nil, fmt.Errorf("failed to connect to BIRD: %w", err) } + defer func() { + if err != nil { + conn.Close() + } + }() + b := &BIRDClient{ socket: socket, conn: conn, diff --git a/cmd/tailscale/cli/configure-host.go b/cmd/tailscale/cli/configure-host.go index bd19d9d3a..a68d3eb07 100644 --- a/cmd/tailscale/cli/configure-host.go +++ b/cmd/tailscale/cli/configure-host.go @@ -48,7 +48,7 @@ func runConfigureHost(ctx context.Context, args []string) error { if uid := os.Getuid(); uid != 0 { return fmt.Errorf("must be run as root, not %q (%v)", os.Getenv("USER"), uid) } - hi:= hostinfo.New() + hi := hostinfo.New() isDSM6 := strings.HasPrefix(hi.DistroVersion, "6.") isDSM7 := strings.HasPrefix(hi.DistroVersion, "7.") if !isDSM6 && !isDSM7 { diff --git a/net/netcheck/netcheck.go b/net/netcheck/netcheck.go index e89ad65b3..3b3a4f672 100644 --- a/net/netcheck/netcheck.go +++ b/net/netcheck/netcheck.go @@ -1188,6 +1188,8 @@ func (c *Client) measureHTTPSLatency(ctx context.Context, reg *tailcfg.DERPRegio var ip netip.Addr dc := derphttp.NewNetcheckClient(c.logf) + defer dc.Close() + tlsConn, tcpConn, node, err := dc.DialRegionTLS(ctx, reg) if err != nil { return 0, ip, err diff --git a/net/nettest/listener.go b/net/nettest/listener.go index 31e16c0a9..7a9a47fba 100644 --- a/net/nettest/listener.go +++ b/net/nettest/listener.go @@ -61,7 +61,7 @@ func (l *Listener) Accept() (net.Conn, error) { // The provided Context must be non-nil. If the context expires before the // connection is complete, an error is returned. Once successfully connected // any expiration of the context will not affect the connection. -func (l *Listener) Dial(ctx context.Context, network, addr string) (net.Conn, error) { +func (l *Listener) Dial(ctx context.Context, network, addr string) (_ net.Conn, err error) { if !strings.HasSuffix(network, "tcp") { return nil, net.UnknownNetworkError(network) } @@ -72,6 +72,13 @@ func (l *Listener) Dial(ctx context.Context, network, addr string) (net.Conn, er } } c, s := NewConn(addr, bufferSize) + defer func() { + if err != nil { + c.Close() + s.Close() + } + }() + select { case <-ctx.Done(): return nil, ctx.Err() diff --git a/wgengine/netstack/netstack.go b/wgengine/netstack/netstack.go index fdbc05145..374058a47 100644 --- a/wgengine/netstack/netstack.go +++ b/wgengine/netstack/netstack.go @@ -987,16 +987,19 @@ func (ns *Impl) acceptUDP(r *udp.ForwarderRequest) { } dstAddr, ok := ipPortOfNetstackAddr(sess.LocalAddress, sess.LocalPort) if !ok { + ep.Close() return } srcAddr, ok := ipPortOfNetstackAddr(sess.RemoteAddress, sess.RemotePort) if !ok { + ep.Close() return } // Handle magicDNS traffic (via UDP) here. if dst := dstAddr.Addr(); dst == magicDNSIP || dst == magicDNSIPv6 { if dstAddr.Port() != 53 { + ep.Close() return // Only MagicDNS traffic runs on the service IPs for now. }