fix: close HijackedResponse in attach() to prevent connection leak#6117
Open
SebTardif wants to merge 1 commit into
Open
fix: close HijackedResponse in attach() to prevent connection leak#6117SebTardif wants to merge 1 commit into
SebTardif wants to merge 1 commit into
Conversation
The attach() method creates a HijackedResponse via ContainerAttach but never closes it. The goroutine reading from out.Reader keeps the underlying TCP connection open even after the read completes. The sibling exec() method at line 600 in the same file correctly uses defer resp.Close() for the same resource type. Add defer out.Close() inside the goroutine so the connection is released after the container output stream ends. This bug has been present since commit 532af98 (2020-02-06).
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
The
attach()method creates aHijackedResponseviaContainerAttachbut never closes it. The goroutine reading fromout.Readerkeeps the underlying TCP connection open even after the read completes with EOF.The sibling
exec()method in the same file correctly usesdefer resp.Close()for the same resource type (line 600).This adds
defer out.Close()inside the reader goroutine so the connection is released after the container output stream ends. The placement inside the goroutine (rather than at function level) is intentional:attach()returns immediately after spawning the goroutine, so a function-level defer would close the connection prematurely.This leak has been present since commit 532af98 (2020-02-06).