Merge pull request #1350 from p12tic/fix-file-handles-leak

Fix file descriptor leak on incomplete connections [SECURITY VULNERABILITY CVE-2021-42075]
2026-02-07 12:25:07 +08:00 · 2021-11-01 14:04:45 +02:00
parent aaa0e4d2e0 deefecc262
commit caeebf6c36
2 changed files with 11 additions and 0 deletions
--- a/doc/newsfragments/close-failed-handshake-connections.bugfix
+++ b/doc/newsfragments/close-failed-handshake-connections.bugfix
@@ -0,0 +1,6 @@
+SECURITY ISSUE
+
+Barrier will now correctly close connections when the app-level handshake fails (fixes CVE-2021-42075).
+
+Previously repeated failing connections would leak file descriptors leading to Barrier being unable
+to receive new connections from clients.
--- a/src/lib/server/ClientListener.cpp
+++ b/src/lib/server/ClientListener.cpp
@@ -194,6 +194,11 @@ ClientListener::handleUnknownClient(const Event&, void* vclient)
                            new TMethodEventJob<ClientListener>(this,
                                &ClientListener::handleClientDisconnected,
                                client));
+    } else {
+        auto* stream = unknownClient->getStream();
+        if (stream) {
+            stream->close();
+        }
    }

    // now finished with unknown client