MINOR: dns: dns_connect_nameserver: fix fd leak at error path

This fixes the commit 2c7e05f80e3b
("MEDIUM: dns: don't call connect to dest socket for AF_INET*"). If we fail to
bind AF_INET sockets or the address family of the nameserver protocol isn't
something, what we expect, we need to close the fd, obtained by
connect.

This fixes the issue GitHub #3085
This must be backported along with the commit 2c7e05f80e3b.

(cherry picked from commit 0dc8d8d027114262bc470d94ecc2664523961446)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
(cherry picked from commit 8452cf3ea382d381e6dfc496374d4da2c862909f)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>

diff --git a/src/dns.c b/src/dns.c
index f3c3a57..18cb79c 100644 (file)
--- a/src/dns.c
+++ b/src/dns.c
@@ -77,6 +77,7 @@ static int dns_connect_nameserver(struct dns_nameserver *ns)
                        send_log(NULL, LOG_WARNING,
                                 "DNS : section '%s': can't bind socket for nameserver '%s' on 0.0.0.0:0.\n",
                                 ns->counters->pid, ns->id);
+                       close(fd);
                        return -1;
                }
                break;
@@ -93,6 +94,7 @@ static int dns_connect_nameserver(struct dns_nameserver *ns)
                        send_log(NULL, LOG_WARNING,
                                 "DNS : section '%s': can't bind socket for nameserver '%s' on :::0.\n",
                                 ns->counters->pid, ns->id);
+                       close(fd);
                        return -1;
                }
                break;
@@ -110,6 +112,7 @@ static int dns_connect_nameserver(struct dns_nameserver *ns)
                }
                break;
        default:
+               close(fd);
                BUG_ON(1, "DNS: Unsupported address family.");
        }