diff options
| author |   Tobias Klauser <tklauser@distanz.ch> | 2021-09-23 12:05:13 +0200 |
|---|---|---|
| committer |   Jason A. Donenfeld <Jason@zx2c4.com> | 2021-09-23 09:53:49 -0600 |
| commit | eae5e0f3a3a5b08a843756093dc3bfd0f4068108 (patch) | |
| tree | aa4fc9d7f91740685eb8b99e4a942ba75e407ca0 /tun | |
| parent | global: add new go 1.17 build comments (diff) | |
| download | wireguard-go-eae5e0f3a3a5b08a843756093dc3bfd0f4068108.tar.xz wireguard-go-eae5e0f3a3a5b08a843756093dc3bfd0f4068108.zip | |
tun: avoid leaking sock fd in CreateTUN error cases
At these points, the socket file descriptor is not yet wrapped in an
*os.File, so it needs to be closed explicitly on error.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Diffstat (limited to 'tun')
| -rw-r--r-- | tun/tun_darwin.go | 6 | ||||
| -rw-r--r-- | tun/tun_linux.go | 11 |
2 files changed, 11 insertions, 6 deletions
diff --git a/tun/tun_darwin.go b/tun/tun_darwin.go index a703c8c..35d3085 100644 --- a/tun/tun_darwin.go +++ b/tun/tun_darwin.go @@ -108,7 +108,6 @@ func CreateTUN(name string, mtu int) (Device, error) { } fd, err := unix.Socket(unix.AF_SYSTEM, unix.SOCK_DGRAM, 2) - if err != nil { return nil, err } @@ -117,6 +116,7 @@ func CreateTUN(name string, mtu int) (Device, error) { copy(ctlInfo.Name[:], []byte(utunControlName)) err = unix.IoctlCtlInfo(fd, ctlInfo) if err != nil { + unix.Close(fd) return nil, fmt.Errorf("IoctlGetCtlInfo: %w", err) } @@ -127,11 +127,13 @@ func CreateTUN(name string, mtu int) (Device, error) { err = unix.Connect(fd, sc) if err != nil { + unix.Close(fd) return nil, err } - err = syscall.SetNonblock(fd, true) + err = unix.SetNonblock(fd, true) if err != nil { + unix.Close(fd) return nil, err } tun, err := CreateTUNFromFile(os.NewFile(uintptr(fd), ""), mtu) diff --git a/tun/tun_linux.go b/tun/tun_linux.go index 466a805..1cc84cb 100644 --- a/tun/tun_linux.go +++ b/tun/tun_linux.go @@ -419,6 +419,7 @@ func CreateTUN(name string, mtu int) (Device, error) { var flags uint16 = unix.IFF_TUN // | unix.IFF_NO_PI (disabled for TUN status hack) nameBytes := []byte(name) if len(nameBytes) >= unix.IFNAMSIZ { + unix.Close(nfd) return nil, fmt.Errorf("interface name too long: %w", unix.ENAMETOOLONG) } copy(ifr[:], nameBytes) @@ -431,17 +432,19 @@ func CreateTUN(name string, mtu int) (Device, error) { uintptr(unsafe.Pointer(&ifr[0])), ) if errno != 0 { + unix.Close(nfd) return nil, errno } - err = unix.SetNonblock(nfd, true) - - // Note that the above -- open,ioctl,nonblock -- must happen prior to handing it to netpoll as below this line. - fd := os.NewFile(uintptr(nfd), cloneDevicePath) + err = unix.SetNonblock(nfd, true) if err != nil { + unix.Close(nfd) return nil, err } + // Note that the above -- open,ioctl,nonblock -- must happen prior to handing it to netpoll as below this line. + + fd := os.NewFile(uintptr(nfd), cloneDevicePath) return CreateTUNFromFile(fd, mtu) } |