From e8f317243f3b1d51a71c73119935400539e11e30 Mon Sep 17 00:00:00 2001
From: Sheng Yang <sheng.yang@cloud.com>
Date: Fri, 8 Jul 2011 22:02:49 -0700
Subject: [PATCH] SSL: Fix leaking file descriptor

And bad connection fail handling.
---
 utils/src/com/cloud/utils/nio/Link.java          |  8 ++++++--
 utils/src/com/cloud/utils/nio/NioConnection.java | 14 ++++++++++++--
 2 files changed, 18 insertions(+), 4 deletions(-)

diff --git a/utils/src/com/cloud/utils/nio/Link.java b/utils/src/com/cloud/utils/nio/Link.java
index d353c242bd4..b85da8851ef 100755
--- a/utils/src/com/cloud/utils/nio/Link.java
+++ b/utils/src/com/cloud/utils/nio/Link.java
@@ -21,6 +21,7 @@ import java.io.ByteArrayOutputStream;
 import java.io.File;
 import java.io.FileInputStream;
 import java.io.IOException;
+import java.io.InputStream;
 import java.net.InetSocketAddress;
 import java.nio.ByteBuffer;
 import java.nio.channels.Channels;
@@ -347,16 +348,19 @@ public class Link {
         TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509");
         KeyStore ks = KeyStore.getInstance("JKS");
         TrustManager[] tms;
+        InputStream stream;
         
         if (!isClient) {
         	char[] passphrase = "vmops.com".toCharArray();
         	String keystorePath = "/etc/cloud/management/cloud.keystore";
         	if (new File(keystorePath).exists()) {
-        		ks.load(new FileInputStream(keystorePath), passphrase);
+        	    stream = new FileInputStream(keystorePath);
         	} else {
         		s_logger.warn("SSL: Fail to find the generated keystore. Loading fail-safe one to continue.");
-        		ks.load(NioConnection.class.getResourceAsStream("/cloud.keystore"), passphrase);
+        		stream = NioConnection.class.getResourceAsStream("/cloud.keystore");
         	}
+        	ks.load(stream, passphrase);
+        	stream.close();
         	kmf.init(ks, passphrase);
         	tmf.init(ks);
         	tms = tmf.getTrustManagers();
diff --git a/utils/src/com/cloud/utils/nio/NioConnection.java b/utils/src/com/cloud/utils/nio/NioConnection.java
index b5c4ccd7863..45277e94c64 100755
--- a/utils/src/com/cloud/utils/nio/NioConnection.java
+++ b/utils/src/com/cloud/utils/nio/NioConnection.java
@@ -198,8 +198,18 @@ public abstract class NioConnection implements Runnable {
 
         	Link.doHandshake(socketChannel, sslEngine, false);
         } catch (Exception e) {
-            s_logger.debug("Socket " + socket + " closed on read.  Probably -1 returned: " + e.getMessage());
-            terminate(key);
+            if (s_logger.isDebugEnabled()) {
+                s_logger.debug("Socket " + socket + " closed on read.  Probably -1 returned: " + e.getMessage());
+                s_logger.debug("Closing socket " + socketChannel.socket());
+            }
+            try {
+                socketChannel.close();
+                socket.close();
+            } catch (IOException ignore) {
+            }
+            if (s_logger.isDebugEnabled()) {
+                s_logger.debug("Closed socket " + socketChannel.socket());
+            }
             return;
         }