From 5efb56a1d4f6f908cd6c04a3f7843d20bc91d6ac Mon Sep 17 00:00:00 2001
From: Matthew Holt <Matthew.Holt+git@gmail.com>
Date: Wed, 21 Oct 2015 22:16:29 -0600
Subject: [PATCH] Fix file descriptor leaks

---
 acme/client.go                     | 12 +++++++++++-
 acme/simple_http_challenge.go      | 16 +++++++++-------
 acme/simple_http_challenge_test.go |  2 ++
 3 files changed, 22 insertions(+), 8 deletions(-)

diff --git a/acme/client.go b/acme/client.go
index c8ba338f..f2fb4318 100644
--- a/acme/client.go
+++ b/acme/client.go
@@ -73,6 +73,8 @@ func NewClient(caURL string, usr User, keyBits int, optPort string, devMode bool
 	if err != nil {
 		logger().Fatalf("Could not get directory from CA URL. Please check the URL.\n\t%v", err)
 	}
+	defer dirResp.Body.Close()
+
 	var dir directory
 	decoder := json.NewDecoder(dirResp.Body)
 	err = decoder.Decode(&dir)
@@ -98,6 +100,7 @@ func (c *Client) Register() (*RegistrationResource, error) {
 	if err != nil {
 		return nil, err
 	}
+	defer resp.Body.Close()
 
 	if resp.StatusCode == http.StatusConflict {
 		// REVIEW: should this return an error?
@@ -142,6 +145,7 @@ func (c *Client) AgreeToTos() error {
 	if err != nil {
 		return err
 	}
+	defer resp.Body.Close()
 
 	if resp.StatusCode != http.StatusAccepted {
 		return fmt.Errorf("The server returned %d but we expected %d", resp.StatusCode, http.StatusAccepted)
@@ -184,6 +188,7 @@ func (c *Client) RevokeCertificate(certificate []byte) error {
 	if err != nil {
 		return err
 	}
+	defer resp.Body.Close()
 
 	if resp.StatusCode != 200 {
 		body, _ := ioutil.ReadAll(resp.Body)
@@ -213,6 +218,10 @@ func (c *Client) RenewCertificate(cert CertificateResource, revokeOld bool) (Cer
 	// The first step of renewal is to check if we get a renewed cert
 	// directly from the cert URL.
 	resp, err := http.Get(cert.CertURL)
+	if err != nil {
+		return CertificateResource{}, err
+	}
+	defer resp.Body.Close()
 	serverCertBytes, err := ioutil.ReadAll(resp.Body)
 	if err != nil {
 		return CertificateResource{}, err
@@ -323,9 +332,9 @@ func (c *Client) getChallenges(domains []string) []*authorizationResource {
 			if err != nil {
 				errc <- err
 			}
+			resp.Body.Close()
 
 			resc <- &authorizationResource{Body: authz, NewCertURL: links["next"], AuthURL: resp.Header.Get("Location"), Domain: domain}
-
 		}(domain)
 	}
 
@@ -409,6 +418,7 @@ func (c *Client) requestCertificate(authz *authorizationResource, result chan Ce
 		case 201:
 
 			cert, err := ioutil.ReadAll(resp.Body)
+			resp.Body.Close()
 			if err != nil {
 				errc <- err
 				return
diff --git a/acme/simple_http_challenge.go b/acme/simple_http_challenge.go
index f270042a..0193bdf2 100644
--- a/acme/simple_http_challenge.go
+++ b/acme/simple_http_challenge.go
@@ -29,6 +29,7 @@ func (s *simpleHTTPChallenge) CanSolve(domain string) bool {
 		logger().Printf("Could not get public IP -> %v", err)
 		return false
 	}
+	defer resp.Body.Close()
 
 	ip, err := ioutil.ReadAll(resp.Body)
 	if err != nil {
@@ -66,6 +67,7 @@ func (s *simpleHTTPChallenge) Solve(chlng challenge, domain string) error {
 	if err != nil {
 		return fmt.Errorf("Could not start HTTPS server for challenge -> %v", err)
 	}
+	defer listener.Close()
 
 	// Tell the server about the generated random path
 	jsonBytes, err := json.Marshal(challenge{Resource: "challenge", Type: chlng.Type, Token: chlng.Token})
@@ -81,24 +83,24 @@ func (s *simpleHTTPChallenge) Solve(chlng challenge, domain string) error {
 	// After the path is sent, the ACME server will access our server.
 	// Repeatedly check the server for an updated status on our request.
 	var challengeResponse challenge
-loop:
+Loop:
 	for {
-		decoder := json.NewDecoder(resp.Body)
-		decoder.Decode(&challengeResponse)
+		err = json.NewDecoder(resp.Body).Decode(&challengeResponse)
+		resp.Body.Close()
+		if err != nil {
+			return err
+		}
 
 		switch challengeResponse.Status {
 		case "valid":
 			logger().Print("The server validated our request")
-			listener.Close()
-			break loop
+			break Loop
 		case "pending":
 			break
 		case "invalid":
-			listener.Close()
 			logger().Print("The server could not validate our request.")
 			return errors.New("The server could not validate our request.")
 		default:
-			listener.Close()
 			logger().Print("The server returned an unexpected state.")
 			return errors.New("The server returned an unexpected state.")
 		}
diff --git a/acme/simple_http_challenge_test.go b/acme/simple_http_challenge_test.go
index 282f296c..ddd7ac24 100644
--- a/acme/simple_http_challenge_test.go
+++ b/acme/simple_http_challenge_test.go
@@ -20,6 +20,7 @@ func TestSimpleHTTPCanSolve(t *testing.T) {
 	if err != nil {
 		t.Errorf("Could not get public IP -> %v", err)
 	}
+	defer resp.Body.Close()
 
 	ip, err := ioutil.ReadAll(resp.Body)
 	if err != nil {
@@ -119,6 +120,7 @@ func TestSimpleHTTP(t *testing.T) {
 		if err != nil {
 			t.Errorf("Expected the solver to listen on port 23456 -> %v", err)
 		}
+		defer resp.Body.Close()
 
 		body, _ := ioutil.ReadAll(resp.Body)
 		bodyStr := string(body)