search

dakrone / clj-http

An idiomatic clojure http client wrapping the apache client. Officially supported version.
http://clojars.org/clj-http
MIT License
1.78k stars 409 forks source link

connection leak on gzip/deflate responses #588

Open jefimm opened 3 years ago

jefimm commented 3 years ago

It looks like https://github.com/dakrone/clj-http/blob/3.x/src/clj_http/util.clj#L45 and https://github.com/dakrone/clj-http/blob/3.x/src/clj_http/util.clj#L99 are leaking connections - the input stream argument is not closed

rymndhng commented 3 years ago

These helper functions are intended to wrap an InputStream which is consumed by the client which is why they're not closed here.

The pattern: wrap with a buffered reader and call .read is used to check if the stream is open, to avoid wrapping closed streams.

jefimm commented 3 years ago

The usage of the function https://github.com/dakrone/clj-http/blob/master/src/clj_http/client.clj#L280 leaks the stream

rymndhng commented 3 years ago

At the point of code you've highlighted, it's decorating the body so that it can be consumed output-coercion-response middleware.

It's the client's responsibility to close the stream (through a coercion or explicitly by requesting the response as a stream). See https://github.com/dakrone/clj-http#output-coercion

jefimm commented 3 years ago

Please compare this to code in force-string and force-byte-array - both close the stream