From 6f40be793013649d2b9086d7b3aa52b57f7b02a8 Mon Sep 17 00:00:00 2001
From: Fabian Keil <fk@fabiankeil.de>
Date: Tue, 9 Dec 2014 14:16:47 +0100
Subject: [PATCH 290/325] ggated: Prevent c_diskfd leaks through
 connection_remove()

Should help against DoS:

     [...]
     debug: Connection created [127.0.0.1, /tank/scratch/testfile].
     debug: New connection created (token=2197914058).
     debug: exports[/tank/scratch/testfile2]: Path mismatch.
     debug: Sending initial packet.
     error: accept(): Too many open files.
     error: Exiting.

Reported to security-officer@FreeBSD.org on 2014-12-09.

Obtained from: ElectroBSD
---
 sbin/ggate/ggated/ggated.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/sbin/ggate/ggated/ggated.c b/sbin/ggate/ggated/ggated.c
index 147d41cc49bd..ae5308e7af34 100644
--- a/sbin/ggate/ggated/ggated.c
+++ b/sbin/ggate/ggated/ggated.c
@@ -527,6 +527,8 @@ connection_remove(struct ggd_connection *conn)
 		close(conn->c_sendfd);
 	if (conn->c_recvfd != -1)
 		close(conn->c_recvfd);
+	if (conn->c_diskfd != -1)
+		close(conn->c_diskfd);
 	free(conn->c_path);
 	free(conn);
 }
-- 
2.32.0