From 03608cb46ecdccaf8c340c9390626a9d8fcc3c6b Mon Sep 17 00:00:00 2001 From: Blake Mizerany Date: Thu, 26 Sep 2024 12:00:31 -0700 Subject: [PATCH] server: close response body on error (#6986) This change closes the response body when an error occurs in makeRequestWithRetry. Previously, the first, non-200 response body was not closed before reattempting the request. This change ensures that the response body is closed in all cases where an error occurs, preventing leaks of file descriptors. Fixes #6974 --- server/images.go | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/server/images.go b/server/images.go index b5bf7ad64..c88edc694 100644 --- a/server/images.go +++ b/server/images.go @@ -1025,6 +1025,8 @@ func makeRequestWithRetry(ctx context.Context, method string, requestURL *url.UR switch { case resp.StatusCode == http.StatusUnauthorized: + resp.Body.Close() + // Handle authentication error with one retry challenge := parseRegistryChallenge(resp.Header.Get("www-authenticate")) token, err := getAuthorizationToken(ctx, challenge) @@ -1040,8 +1042,10 @@ func makeRequestWithRetry(ctx context.Context, method string, requestURL *url.UR } } case resp.StatusCode == http.StatusNotFound: + resp.Body.Close() return nil, os.ErrNotExist case resp.StatusCode >= http.StatusBadRequest: + defer resp.Body.Close() responseBody, err := io.ReadAll(resp.Body) if err != nil { return nil, fmt.Errorf("%d: %s", resp.StatusCode, err)