Fix file descriptor leak in pipe-bootstrap on error paths by vigneshakaviki · Pull Request #23623 · hashicorp/consul

vigneshakaviki · 2026-06-02T08:44:04Z

Summary

Fixes a file descriptor leak in the pipe-bootstrap command where file descriptors were not closed on error paths.

Problem

The Run() function in command/connect/envoy/pipe-bootstrap/connect_envoy_pipe-bootstrap.go opened a file descriptor via os.OpenFile() but failed to close it when either:

The os.OpenFile() call returned an error (line 62)
The buf.WriteTo(f) call returned an error (line 67)

This caused file descriptor leaks under error conditions, which can lead to resource exhaustion and process instability.

Solution

Added defer f.Close() immediately after successful file opening, ensuring the descriptor is closed in all code paths including error cases.

Changes

Added single line: defer f.Close() after successful os.OpenFile() call
Minimal, focused change with no behavioral modifications
Idiomatic Go error handling pattern

Testing

Existing tests cover the error paths and will verify the fix
No new tests required (defer behavior is standard Go semantics)

Impact

Risk: Minimal - single line addition with no logic changes
Benefit: Prevents file descriptor exhaustion during bootstrap failures
Scope: Internal Envoy bootstrap mechanism only

The Run function opened a file descriptor via os.OpenFile but failed to close it on error paths (lines 62 and 67 in the original code). This caused file descriptor leaks when either the open() call or buf.WriteTo() call failed. Fixed by adding defer f.Close() immediately after successful file opening, ensuring the descriptor is closed in all code paths including errors. Fixes: hashicorp#23256

hashicorp-cla-app · 2026-06-02T08:44:19Z

Thank you for your submission! We require that all contributors sign our Contributor License Agreement ("CLA") before we can accept the contribution. Read and sign the agreement

Learn more about why HashiCorp requires a CLA and what the CLA includes

Test User seems not to be a GitHub user.
You need a GitHub account to be able to sign the CLA.
If you have already a GitHub account, please add the email address used for this commit to your account.

_{Have you signed the CLA already but the status is still pending? Recheck it.}

hashicorp-cla-app · 2026-06-02T08:44:19Z

Thank you for your submission! We require that all contributors sign our Contributor License Agreement ("CLA") before we can accept the contribution. Read and sign the agreement

Learn more about why HashiCorp requires a CLA and what the CLA includes

Test User seems not to be a GitHub user.
You need a GitHub account to be able to sign the CLA.
If you have already a GitHub account, please add the email address used for this commit to your account.

_{Have you signed the CLA already but the status is still pending? Recheck it.}

vigneshakaviki requested review from a team as code owners June 2, 2026 08:44

github-actions Bot added the theme/cli Flags and documentation for the CLI interface label Jun 2, 2026

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Fix file descriptor leak in pipe-bootstrap on error paths#23623

Fix file descriptor leak in pipe-bootstrap on error paths#23623
vigneshakaviki wants to merge 1 commit into
hashicorp:mainfrom
vigneshakaviki:fd-leak-fix

vigneshakaviki commented Jun 2, 2026

Uh oh!

hashicorp-cla-app Bot commented Jun 2, 2026

Uh oh!

hashicorp-cla-app Bot commented Jun 2, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

Conversation

vigneshakaviki commented Jun 2, 2026

Summary

Problem

Solution

Changes

Testing

Impact

Uh oh!

hashicorp-cla-app Bot commented Jun 2, 2026

Uh oh!

hashicorp-cla-app Bot commented Jun 2, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant