[pve-devel] [PATCH cluster v2] Free certificate file after reading it

Stoiko Ivanov s.ivanov at proxmox.com
Tue Jul 24 10:42:40 CEST 2018


Fix #1843

Reading https://$host:8006/nodes repeadedly leads to pveproxy keeping a
filedescriptor open for each node-certificate in the cluster and eventually
reaching its NOFile limit..

Signed-off-by: Stoiko Ivanov <s.ivanov at proxmox.com>
---
changes from v1:
incorporated Thomas' feedback - Thanks for the suggestion!

data/PVE/Cluster.pm | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/data/PVE/Cluster.pm b/data/PVE/Cluster.pm
index 7569abc..30c3f48 100644
--- a/data/PVE/Cluster.pm
+++ b/data/PVE/Cluster.pm
@@ -1533,10 +1533,9 @@ sub read_ssl_cert_fingerprint {
 	or die "unable to read '$cert_path' - $!\n";
 
     my $cert = Net::SSLeay::PEM_read_bio_X509($bio);
-    if (!$cert) {
-	Net::SSLeay::BIO_free($bio);
-	die "unable to read certificate from '$cert_path'\n";
-    }
+    Net::SSLeay::BIO_free($bio);
+
+    die "unable to read certificate from '$cert_path'\n" if (!$cert);
 
     my $fp = Net::SSLeay::X509_get_fingerprint($cert, 'sha256');
     Net::SSLeay::X509_free($cert);
-- 
2.11.0





More information about the pve-devel mailing list