Free socket on SSL failure

cgzones · cgzones · commit 9595f0e8e7d9 · 2024-10-29T23:34:37.000+01:00
SSL_set_fd(3) does not consume the file descriptor.
diff --git a/src/netlog/netlog-dtls.c b/src/netlog/netlog-dtls.c
@@ -64,7 +64,8 @@ int dtls_connect(DTLSManager *m, SocketAddress *address) {
                 .tv_sec = 3,
                 .tv_usec = 0,
         };
-        int fd, r;
+        _cleanup_close_ int fd = -1;
+        int r;
 
         assert(m);
         assert(address);
@@ -158,7 +159,7 @@ int dtls_connect(DTLSManager *m, SocketAddress *address) {
 
         m->ssl = TAKE_PTR(ssl);
         m->ctx = ctx;
-        m->fd = fd;
+        m->fd = TAKE_FD(fd);
 
         m->connected = true;
         return 0;
@@ -199,6 +200,7 @@ int dtls_manager_init(OpenSSLCertificateAuthMode auth_mode, DTLSManager **ret) {
 
         *m = (DTLSManager) {
            .auth_mode = auth_mode,
+           .fd = -1,
         };
 
         *ret = TAKE_PTR(m);
diff --git a/src/netlog/netlog-tls.c b/src/netlog/netlog-tls.c
@@ -69,7 +69,8 @@ int tls_connect(TLSManager *m, SocketAddress *address) {
         const SSL_CIPHER *cipher;
         socklen_t salen;
         SSL_CTX *ctx;
-        int fd, r;
+        _cleanup_close_ int fd = -1;
+        int r;
 
         assert(m);
         assert(address);
@@ -158,7 +159,7 @@ int tls_connect(TLSManager *m, SocketAddress *address) {
 
         m->ssl = TAKE_PTR(ssl);
         m->ctx = ctx;
-        m->fd = fd;
+        m->fd = TAKE_FD(fd);
 
         m->connected = true;
         return 0;
@@ -199,6 +200,7 @@ int tls_manager_init(OpenSSLCertificateAuthMode auth, TLSManager **ret ) {
 
         *m = (TLSManager) {
            .auth_mode = auth,
+           .fd = -1,
         };
 
         *ret = TAKE_PTR(m);
