New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix: file handle leak in KeyUtil (SSL) #2808

Merged
merged 1 commit into from Sep 12, 2016

Conversation

Projects
None yet
3 participants
@gbu-censhare
Contributor

gbu-censhare commented Sep 12, 2016

TLS/SSL mode of connector with Client-Certificates:
make sure files & input streams are closed

Description

TLS/SSL mode of connector with Client-Certificates:
make sure files & input streams are closed

due to bug in org.graylog2.plugin.inputs.transports.util.KeyUtil#loadCertificates opened files were not closed again.
wrapping these in an try-auto-close statement to ensure closing of the streams / handles

2016-09-11T21:24:19.369+02:00 WARN [AbstractNioSelector] Failed to initialize an accepted socket.
java.nio.file.FileSystemException: /etc/graylog/connector/client-certs: Too many open files
at sun.nio.fs.UnixException.translateToIOException(UnixException.java:91) ~[?:1.8.0_101]
at sun.nio.fs.UnixException.rethrowAsIOException(UnixException.java:102) ~[?:1.8.0_101]
at sun.nio.fs.UnixException.rethrowAsIOException(UnixException.java:107) ~[?:1.8.0_101]
at sun.nio.fs.UnixFileSystemProvider.newDirectoryStream(UnixFileSystemProvider.java:427) ~[?:1.8.0_101]
at java.nio.file.Files.newDirectoryStream(Files.java:457) ~[?:1.8.0_101]
at org.graylog2.plugin.inputs.transports.util.KeyUtil.loadCertificates(KeyUtil.java:99) ~[graylog.jar:?]

Motivation and Context

we use many client certificates (self-signed ones) and we ran into a out of file handles.

do you need a seperate pull request for fixing this in 2.1 ?

How Has This Been Tested?

Screenshots (if appropriate):

Types of changes

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to change)

Checklist:

  • My code follows the code style of this project.
  • My change requires a change to the documentation.
  • I have updated the documentation accordingly.
  • I have read the CONTRIBUTING document.
  • I have added tests to cover my changes.
  • All new and existing tests passed.
@CLAassistant

This comment has been minimized.

CLAassistant commented Sep 12, 2016

CLA assistant check
All committers have signed the CLA.

@gbu-censhare

This comment has been minimized.

Contributor

gbu-censhare commented Sep 12, 2016

i've tested this on our graylog-server

@joschi joschi self-assigned this Sep 12, 2016

@joschi joschi added this to the 2.1.1 milestone Sep 12, 2016

@joschi

This comment has been minimized.

Contributor

joschi commented Sep 12, 2016

LGTM, thanks! 👍

@joschi joschi merged commit 92da224 into Graylog2:master Sep 12, 2016

4 checks passed

ci-server-integration Jenkins build graylog2-server-integration-pr 1354 has succeeded
Details
ci-web-linter Jenkins build graylog-pr-linter-check 837 has succeeded
Details
continuous-integration/travis-ci/pr The Travis CI build passed
Details
licence/cla Contributor License Agreement is signed.
Details

joschi added a commit that referenced this pull request Sep 12, 2016

Fix file handle leak in KeyUtil (#2808)
(cherry picked from commit 92da224)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment