From: Claudio Jeker <cjeker@diehard.n-r-g.com>
Subject: Re: bgpd: plug leaks in bgpd_rtr_conn_setup()
To: Theo Buehler <tb@theobuehler.org>
Cc: tech@openbsd.org
Date: Mon, 3 Nov 2025 11:43:28 +0100

On Mon, Nov 03, 2025 at 11:19:14AM +0100, Theo Buehler wrote:
> If one of the setsockopt() fails, we leak the socket and ce, so use the
> cleanup path. Fix copy-paste in a log_warn() while there.
> 
> CID 492362

OK claudio@
 
> Index: bgpd.c
> ===================================================================
> RCS file: /cvs/src/usr.sbin/bgpd/bgpd.c,v
> diff -u -p -r1.283 bgpd.c
> --- bgpd.c	24 Apr 2025 20:24:12 -0000	1.283
> +++ bgpd.c	3 Nov 2025 10:08:17 -0000
> @@ -1404,14 +1404,14 @@ bgpd_rtr_conn_setup(struct rtr_config *r
>  		if (setsockopt(ce->fd, IPPROTO_IP, IP_TOS, &pre, sizeof(pre)) ==
>  		    -1) {
>  			log_warn("rtr %s: setsockopt IP_TOS", r->descr);
> -			return;
> +			goto fail;
>  		}
>  		break;
>  	case AID_INET6:
>  		if (setsockopt(ce->fd, IPPROTO_IPV6, IPV6_TCLASS, &pre,
>  		    sizeof(pre)) == -1) {
> -			log_warn("rtr %s: setsockopt IP_TOS", r->descr);
> -			return;
> +			log_warn("rtr %s: setsockopt IPV6_TCLASS", r->descr);
> +			goto fail;
>  		}
>  		break;
>  	}
> @@ -1419,7 +1419,7 @@ bgpd_rtr_conn_setup(struct rtr_config *r
>  	if (setsockopt(ce->fd, IPPROTO_TCP, TCP_NODELAY, &nodelay,
>  	    sizeof(nodelay)) == -1) {
>  		log_warn("rtr %s: setsockopt TCP_NODELAY", r->descr);
> -		return;
> +		goto fail;
>  	}
>  
>  	if (tcp_md5_set(ce->fd, &r->auth, &r->remote_addr) == -1)
> 

-- 
:wq Claudio