Update upstream source from tag 'upstream/0.28'

Update to upstream version '0.28' with Debian dir 7a02c2834344c95321a99c90461991ea443bd4d2
author: gregor herrmann <gregoa@debian.org> 2020-03-18 18:18:09 +0100
committer: gregor herrmann <gregoa@debian.org> 2020-03-18 18:18:09 +0100
commit: dc2f045c087cc9378fd9758efdb62e635ccd6e8e (patch)
tree: 55073cb95d33b9766139f748e659de57a7eb76d4
parent: 7662779823ab00e21dd33b4c1deb3a90cd5415c9 (diff)
parent: eafd01a59bd37774bc1e5a47891228d7a71ab0ea (diff)
5 files changed, 30 insertions, 12 deletions
diff --git a/Changes b/Changes
index fa55fc0..8959ad8 100644
--- a/Changes
+++ b/Changes
@@ -68,4 +68,15 @@ Revision history for Perl extension Authen::TacacsPlus.
 
 0.27 2020-02-09  Mike McCauley
      - Patch from Jacob Farkas via RT to allow building under on Alpine Linux
-     under Docker on armv7l, and possibly others
-\ No newline at end of file
+     under Docker on armv7l, and possibly others
+
+0.28 2020-03-14 Mike McCauley
+     - Patch from Heikki Vatiainen:
+     - File descriptor leak introduced in release 0.25 where check for open 
+     connection was added to TacacsPlus::close() before calling tacpluslib's 
+     deinit_tac_session()
+     - File descriptor leak in tacpluslib's init_tac_session where close() 
+     was not called for the newly created socket if, for example, destination 
+     host was unreachable
+     - Port and Timeout TacacsPlus::new() parameters were documented 
+     incorrectly. The are not passed within array references.
diff --git a/META.json b/META.json
index d1761cd..d32a289 100644
--- a/META.json
+++ b/META.json
@@ -32,6 +32,6 @@
       }
    },
    "release_status" : "stable",
-   "version" : "0.27",
+   "version" : "0.28",
    "x_serialization_backend" : "JSON::PP version 2.97001"
 }
diff --git a/META.yml b/META.yml
index 71419b8..240c9b9 100644
--- a/META.yml
+++ b/META.yml
@@ -17,5 +17,5 @@ no_index:
   directory:
     - t
     - inc
-version: '0.27'
+version: '0.28'
 x_serialization_backend: 'CPAN::Meta::YAML version 0.018'
diff --git a/TacacsPlus.pm b/TacacsPlus.pm
index 1ce775d..64bba41 100644
--- a/TacacsPlus.pm
+++ b/TacacsPlus.pm
@@ -17,7 +17,7 @@ require DynaLoader;
 @EXPORT_OK = qw(
 	TACPLUS_CLIENT
 );
-$VERSION = '0.27';
+$VERSION = '0.28';
 
 sub new
 {
@@ -50,10 +50,10 @@ if ($res<0) {
                                $h{'Key'},
                                $h{'Timeout'} ? $h{'Timeout'} : 15
                               );
-	$self->{'open'} = 1 if ($res >= 0);
         last if ($res >= 0);
     }
 }
+$self->{'open'} = 1 if ($res >= 0);
 undef $self if ($res < 0);
 $self;
 }
@@ -146,15 +146,15 @@ Authen::TacacsPlus - Perl extension for authentication using tacacs+ server
 
   $tac = new Authen::TacacsPlus(Host=>$server,
 			Key=>$key,
-			[Port=>'tacacs'],
-			[Timeout=>15]);
+			Port=>'tacacs',
+			Timeout=>15);
 
   or
 
   $tac = new Authen::TacacsPlus(
-     [ Host=>$server1, Key=>$key1, [Port=>'tacacs'], [Timeout=>15] ],
-     [ Host=>$server2, Key=>$key2, [Port=>'tacacs'], [Timeout=>15] ],
-     [ Host=>$server3, Key=>$key3, [Port=>'tacacs'], [Timeout=>15] ],
+     [ Host=>$server1, Key=>$key1, Port=>'tacacs', Timeout=>15 ],
+     [ Host=>$server2, Key=>$key2, Port=>'tacacs', Timeout=>15 ],
+     [ Host=>$server3, Key=>$key3, Port=>'tacacs', Timeout=>15 ],
      ...  );
 
   $tac->authen($username,$passwords);
@@ -170,8 +170,8 @@ Authen::TacacsPlus allows you to authenticate using tacacs+ server.
 
   $tac = new Authen::TacacsPlus(Host=>$server,      
  	                Key=>$key,          
-                        [Port=>'tacacs'],   
-                        [Timeout=>15]);     
+                        Port=>'tacacs',   
+                        Timeout=>15);     
 
 Opens new session with tacacs+ server on host $server, encrypted
 with key $key. Undefined object is returned if something wrong
diff --git a/tacpluslib/tac_client.c b/tacpluslib/tac_client.c
index d26c151..a52904c 100644
--- a/tacpluslib/tac_client.c
+++ b/tacpluslib/tac_client.c
@@ -209,6 +209,7 @@ flags = fcntl(tac_fd, F_GETFL, 0);
 if( flags < 0 ) {
 	//fprintf( stderr, "fcntl: %s\n", strerror(errno) );
 	tac_err = "socket error";
+	close(tac_fd);
 	return -1;
 }
 
@@ -217,6 +218,7 @@ res = fcntl( tac_fd, F_SETFL, flags | O_NONBLOCK );
 if( res < 0 ) {
 	//fprintf( stderr, "fcntl: %s\n", strerror(errno) );
 	tac_err = "socket error";
+	close(tac_fd);
 	return -1;
 }
 
@@ -226,6 +228,7 @@ res = connect (tac_fd, (struct sockaddr *) &tac_port, sizeof tac_port);
 // connection not established, but in progress
 if( res < 0 && (errno != EINPROGRESS) ) {
 	tac_err = "connection failed";
+	close(tac_fd);
 	return -1;
 }
 
@@ -239,10 +242,12 @@ if( res != 0 ) {
 	res = select( tac_fd+1, NULL, &wset, NULL, &tv );
 	if( res < 0 ) {
 		tac_err = "select failed";
+		close(tac_fd);
 		return -1;
 	}
 	else if( res == 0 ) {
 		tac_err = "timeout";
+		close(tac_fd);
 		return -1;
 	}
 	if( res > 0 ) {
@@ -251,10 +256,12 @@ if( res != 0 ) {
 		len = sizeof(optval);
 		if( getsockopt( tac_fd, SOL_SOCKET, SO_ERROR, (void *)&optval, &len ) > 0 ) {
 			tac_err = "getsockopt failed";
+			close(tac_fd);
 			return -1;
 		}
 		if( optval != 0 ) {
 			tac_err = "connection failed";
+			close(tac_fd);
 			return -1;
 		}
 		// optval == 0 --> no error, connection established
author	gregor herrmann <gregoa@debian.org>	2020-03-18 18:18:09 +0100
committer	gregor herrmann <gregoa@debian.org>	2020-03-18 18:18:09 +0100
commit	dc2f045c087cc9378fd9758efdb62e635ccd6e8e (patch)
tree	55073cb95d33b9766139f748e659de57a7eb76d4
parent	7662779823ab00e21dd33b4c1deb3a90cd5415c9 (diff)
parent	eafd01a59bd37774bc1e5a47891228d7a71ab0ea (diff)