Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

sendEmail invokes defer res.Body.Close() in a naked for-loop but those only get invoked when the function is returning; many emails could cause resource exhaustion #13

Open
odeke-em opened this issue Mar 20, 2024 · 0 comments · May be fixed by #14
Open

sendEmail invokes defer res.Body.Close() in a naked for-loop but those only get invoked when the function is returning; many emails could cause resource exhaustion #13

odeke-em opened this issue Mar 20, 2024 · 0 comments · May be fixed by #14

Comments

@odeke-em
Copy link

Noticed in a quick code audit that we've got this code

smtp-proxy-for-notify/notify_client.go

Lines 95 to 102 in b893964

resp, err := client.Client.Do(req)
if err != nil {
log.Error().Msgf("Error sending email: %s", err)
return err
}
defer resp.Body.Close()
and Go's defer per the specification https://go.dev/ref/spec#Defer_statements runs when the surrounding function is returning or panicking.

The surrounding function in this case is sendEmail
Screenshot 2024-03-20 at 9 56 13 AM

This means that those response handles won't be closed until the for loop is done (if there are many emails to be sent, this could cause resource exhaustion problems)

Fix

We can extract that code into a per-email helper function and even better we can rename the calling function from "sendEmail" to "sendEmails" to signify the purpose, and the extracted code would look like this in a diff

diff --git a/notify_client.go b/notify_client.go
index a30a413..00cf956 100644
--- a/notify_client.go
+++ b/notify_client.go
@@ -92,28 +92,35 @@ func sendEmail(client *NotifyClient, email *NotifyEmail) error {
 		req.Header.Set("Content-Type", contentType)
 		req.Header.Set("Authorization", fmt.Sprintf("ApiKey-v1 %s", client.ApiKey))
 
-		resp, err := client.Client.Do(req)
-
-		if err != nil {
-			log.Error().Msgf("Error sending email: %s", err)
+		if err := doSendEmail(client.Client, req); err != nil {
 			return err
 		}
+	}
+
+	return nil
+}
 
-		defer resp.Body.Close()
+func doSendEmail(client *http.Client, req *http.Request) error {
+	resp, err := client.Do(req)
+	if err != nil {
+		log.Error().Msgf("Error sending email: %s", err)
+		return err
+	}
+	defer resp.Body.Close()
 
-		if resp.StatusCode != 201 {
-			log.Error().Msgf("Unexpected status code: %d", resp.StatusCode)
-			respbody, err := io.ReadAll(resp.Body)
+	if resp.StatusCode == 201 {
+		return nil
+	}
 
-			if err != nil {
-				log.Error().Msgf("Error reading response body: %s", err)
-				return err
-			}
-			log.Error().Msgf("Response: %s", respbody)
+	// A non-201 status code so craft the error.
+	log.Error().Msgf("Unexpected status code: %d", resp.StatusCode)
+	respbody, err := io.ReadAll(resp.Body)
 
-			return fmt.Errorf("unexpected status code: %d", resp.StatusCode)
-		}
+	if err != nil {
+		log.Error().Msgf("Error reading response body: %s", err)
+		return err
 	}
+	log.Error().Msgf("Response: %s", respbody)
 
-	return nil
+	return fmt.Errorf("unexpected status code: %d", resp.StatusCode)
 }
odeke-em added a commit to orijtech/smtp-proxy-for-notify that referenced this issue Mar 20, 2024
@odeke-em
fix: properly close HTTP responses after sending each email
748e20b 
This change extracts per-email sending logic into a helper function
for which proper resource closing can be performed. Previously it
invoke defer res.Body.Close in a for-loop but Go's specifications
and operations dictate that the defer will only be invoked when
the surrounding function is returning or panicking: this means then
that if very many emails are being sent, that risks potential
resource exhaustion because so many connections won't be closed yet
nor can they be garbage collected.

Fixes cds-snc#13
@odeke-em odeke-em linked a pull request Mar 20, 2024 that will close this issue
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fix: properly close HTTP responses after sending each email orijtech/smtp-proxy-for-notify
1 participant
@odeke-em