From mboxrd@z Thu Jan  1 00:00:00 1970
Authentication-Results: passt.top; dmarc=none (p=none dis=none) header.from=gibson.dropbear.id.au
Authentication-Results: passt.top;
	dkim=pass (2048-bit key; secure) header.d=gibson.dropbear.id.au header.i=@gibson.dropbear.id.au header.a=rsa-sha256 header.s=202602 header.b=L972QtdQ;
	dkim-atps=neutral
Received: from mail.ozlabs.org (mail.ozlabs.org [IPv6:2404:9400:2221:ea00::3])
	by passt.top (Postfix) with ESMTPS id 2D3A15A0624
	for <passt-dev@passt.top>; Wed, 13 May 2026 09:18:27 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=gibson.dropbear.id.au; s=202602; t=1778656702;
	bh=cp51YWpkqXN8UCfRCcsOJobRmehzXEV//Y4TTRncRkM=;
	h=From:To:Cc:Subject:Date:In-Reply-To:References:From;
	b=L972QtdQybZ40UJjW24fjPMkNLWKsYjpRz5ifPW8MuGcC7CCF8dFZeA388lHLvndk
	 LTtRgpPHzIgUSknyMebKhh2tu+sG0Q4eHR0ZlulYeUT3+72iWUKXwN3h0aojyKkVjT
	 b4Y/PV6m0dMr4w55yoR25AttPk9HEI8fHzywBhai13uDcASEiIY6zDwzHr8mmX0bvY
	 tovmPOJkj5f+G7wOSHJNmm/jKK3o/wYOh0m875Hhf1Jwop8lD9KjL5RkG3IUEuuKaD
	 w+c1FGJ8I12wJAeGrSpMX0k0eWxXgoca1GvGGKEYxhIhjFmciHdS3xulfZV5BPUsBn
	 KrD+bHofRK2Nw==
Received: by gandalf.ozlabs.org (Postfix, from userid 1007)
	id 4gFlDZ6218z4wJf; Wed, 13 May 2026 17:18:22 +1000 (AEST)
From: David Gibson <david@gibson.dropbear.id.au>
To: passt-dev@passt.top,
	Stefano Brivio <sbrivio@redhat.com>
Subject: [PATCH 2/2] tcp: Don't leak sockets on error paths
Date: Wed, 13 May 2026 17:18:21 +1000
Message-ID: <20260513071821.3137329-3-david@gibson.dropbear.id.au>
X-Mailer: git-send-email 2.54.0
In-Reply-To: <20260513071821.3137329-1-david@gibson.dropbear.id.au>
References: <20260513071821.3137329-1-david@gibson.dropbear.id.au>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Message-ID-Hash: E6UUEFX6QXYYGVVWJ5EZ2BLQDLSDBEZ5
X-Message-ID-Hash: E6UUEFX6QXYYGVVWJ5EZ2BLQDLSDBEZ5
X-MailFrom: dgibson@gandalf.ozlabs.org
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: David Gibson <david@gibson.dropbear.id.au>
X-Mailman-Version: 3.3.8
Precedence: list
List-Id: Development discussion and patches for passt <passt-dev.passt.top>
Archived-At: <https://archives.passt.top/passt-dev/20260513071821.3137329-3-david@gibson.dropbear.id.au/>
Archived-At: <https://passt.top/hyperkitty/list/passt-dev@passt.top/message/E6UUEFX6QXYYGVVWJ5EZ2BLQDLSDBEZ5/>
List-Archive: <https://archives.passt.top/passt-dev/>
List-Archive: <https://passt.top/hyperkitty/list/passt-dev@passt.top/>
List-Help: <mailto:passt-dev-request@passt.top?subject=help>
List-Owner: <mailto:passt-dev-owner@passt.top>
List-Post: <mailto:passt-dev@passt.top>
List-Subscribe: <mailto:passt-dev-join@passt.top>
List-Unsubscribe: <mailto:passt-dev-leave@passt.top>

tcp_listen_handler() has several error paths that will cancel the creation
of a new flow, after having accept()ed an incoming socket connection.
Coverity pointed out that in those cases we leak the new socket.  Correct
this by properly closing the socket.  Make sure to also set SO_LINGER so
that the peer will get an RST.

Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
---
 tcp.c | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/tcp.c b/tcp.c
index 1078bdc3..652c68a5 100644
--- a/tcp.c
+++ b/tcp.c
@@ -2575,11 +2575,11 @@ void tcp_listen_handler(const struct ctx *c, union epoll_ref ref,
 
 		err("Invalid endpoint from TCP accept(): %s",
 		    sockaddr_ntop(&sa, sastr, sizeof(sastr)));
-		goto cancel;
+		goto rst;
 	}
 
 	if (!flow_target(c, flow, ref.listen.rule, IPPROTO_TCP))
-		goto cancel;
+		goto rst;
 
 	switch (flow->f.pif[TGTSIDE]) {
 	case PIF_SPLICE:
@@ -2595,11 +2595,14 @@ void tcp_listen_handler(const struct ctx *c, union epoll_ref ref,
 		flow_err(flow, "No support for forwarding TCP from %s to %s",
 			 pif_name(flow->f.pif[INISIDE]),
 			 pif_name(flow->f.pif[TGTSIDE]));
-		goto cancel;
+		goto rst;
 	}
 
 	return;
 
+rst:
+	tcp_linger0(flow, s);
+	close(s);
 cancel:
 	flow_alloc_cancel(flow);
 }
-- 
2.54.0