From f5c253e43c6b950de6f140c124b6d23e9a57e178 Mon Sep 17 00:00:00 2001
From: Maks Mishin <maks.mishinFZ@gmail.com>
Date: Thu, 14 Dec 2023 00:10:19 +0300
Subject: [PATCH] Add error handling for descriptor leak(CWE-403)

---
 src/iperf_server_api.c | 31 +++++++++++++++++--------------
 1 file changed, 17 insertions(+), 14 deletions(-)

diff --git a/src/iperf_server_api.c b/src/iperf_server_api.c
index 77e9c355c..1781e5af8 100644
--- a/src/iperf_server_api.c
+++ b/src/iperf_server_api.c
@@ -137,6 +137,7 @@ int
 iperf_accept(struct iperf_test *test)
 {
     int s;
+    int ret = -1;
     signed char rbuf = ACCESS_DENIED;
     socklen_t len;
     struct sockaddr_storage addr;
@@ -144,7 +145,7 @@ iperf_accept(struct iperf_test *test)
     len = sizeof(addr);
     if ((s = accept(test->listener, (struct sockaddr *) &addr, &len)) < 0) {
         i_errno = IEACCEPT;
-        return -1;
+        return ret;
     }
 
     if (test->ctrl_sck == -1) {
@@ -154,7 +155,7 @@ iperf_accept(struct iperf_test *test)
         int flag = 1;
         if (setsockopt(test->ctrl_sck, IPPROTO_TCP, TCP_NODELAY, (char *) &flag, sizeof(int))) {
             i_errno = IESETNODELAY;
-            return -1;
+            goto error_handling;
         }
 
 #if defined(HAVE_TCP_USER_TIMEOUT)
@@ -162,7 +163,7 @@ iperf_accept(struct iperf_test *test)
         if ((opt = test->settings->snd_timeout)) {
             if (setsockopt(s, IPPROTO_TCP, TCP_USER_TIMEOUT, &opt, sizeof(opt)) < 0) {
                 i_errno = IESETUSERTIMEOUT;
-                return -1;
+                goto error_handling;
             }
         }
 #endif /* HAVE_TCP_USER_TIMEOUT */
@@ -174,18 +175,18 @@ iperf_accept(struct iperf_test *test)
              * (i.e. timed out).
              */
             i_errno = IERECVCOOKIE;
-            return -1;
+            goto error_handling;
         }
-	FD_SET(test->ctrl_sck, &test->read_set);
-	if (test->ctrl_sck > test->max_fd) test->max_fd = test->ctrl_sck;
+    FD_SET(test->ctrl_sck, &test->read_set);
+    if (test->ctrl_sck > test->max_fd) test->max_fd = test->ctrl_sck;
 
-	if (iperf_set_send_state(test, PARAM_EXCHANGE) != 0)
-            return -1;
-        if (iperf_exchange_parameters(test) < 0)
-            return -1;
-	if (test->server_affinity != -1)
-	    if (iperf_setaffinity(test, test->server_affinity) != 0)
-		return -1;
+    if (iperf_set_send_state(test, PARAM_EXCHANGE) != 0)
+        goto error_handling;
+    if (iperf_exchange_parameters(test) < 0)
+        goto error_handling;
+    if (test->server_affinity != -1)
+        if (iperf_setaffinity(test, test->server_affinity) != 0)
+            goto error_handling;
         if (test->on_connect)
             test->on_connect(test);
     } else {
@@ -204,8 +205,10 @@ iperf_accept(struct iperf_test *test)
         }
         close(s);
     }
-
     return 0;
+    error_handling:
+        close(s);
+        return ret;
 }