Skip to content

Commit 6e63f12

Browse files
fix(provisioner): close SSH client before reassign, close pipe reader (#659)
provision() overwrote p.Client with a new SSH connection without closing the old one, leaking TCP sockets and goroutines. Also close the io.Pipe reader after wg.Wait() for completeness. Audit findings #14 (MEDIUM), #29 (LOW). Signed-off-by: Carlos Eduardo Arango Gutierrez <eduardoa@nvidia.com>
1 parent 6ed4d7b commit 6e63f12

File tree

1 file changed

+7
-0
lines changed

1 file changed

+7
-0
lines changed

pkg/provisioner/provisioner.go

Lines changed: 7 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -220,6 +220,12 @@ func (p *Provisioner) resetConnection() error {
220220
func (p *Provisioner) provision() error {
221221
var err error
222222

223+
// Close existing client before creating new connection
224+
if p.Client != nil {
225+
_ = p.Client.Close()
226+
p.Client = nil
227+
}
228+
223229
// Create a new ssh connection
224230
p.Client, err = connectOrDie(p.KeyPath, p.UserName, p.HostUrl)
225231
if err != nil {
@@ -263,6 +269,7 @@ func (p *Provisioner) provision() error {
263269

264270
_ = writer.Close()
265271
wg.Wait()
272+
_ = reader.Close()
266273

267274
select {
268275
case copyErr := <-copyErrCh:

0 commit comments

Comments
 (0)