ssh: Fix resource leak when spawning git-upload-pack(1) fails

In order to be able to monitor what git-upload-pack(1) is communicating
with the user we create a pipe so that we can intercept the data. And
while make sure to close the reading-side of the pipe in all cases, we
in fact don't close the writing side when spawning git-upload-pack(1)
fails.

Fix this potential resource leak by immediately deferring the close of
the writing side.

1 files changed, 6 insertions, 8 deletions

diff --git a/internal/gitaly/service/ssh/upload_pack.go b/internal/gitaly/service/ssh/upload_pack.go
index 1b0ef278f..89e67e9a9 100644
--- a/internal/gitaly/service/ssh/upload_pack.go
+++ b/internal/gitaly/service/ssh/upload_pack.go
@@ -98,10 +98,14 @@ func (s *server) sshUploadPack(ctx context.Context, req sshUploadPackRequest, st
 		return 0, err
 	}
 
+	var wg sync.WaitGroup
 	pr, pw := io.Pipe()
-	defer pw.Close()
+	defer func() {
+		pw.Close()
+		wg.Wait()
+	}()
+
 	stdin = io.TeeReader(stdin, pw)
-	wg := sync.WaitGroup{}
 
 	wg.Add(1)
 	go func() {
@@ -146,16 +150,10 @@ func (s *server) sshUploadPack(ctx context.Context, req sshUploadPackRequest, st
 	go monitor.Monitor(ctx, pktline.PktDone(), timeoutTicker, cancelCtx)
 
 	if err := cmd.Wait(); err != nil {
-		pw.Close()
-		wg.Wait()
-
 		status, _ := command.ExitStatus(err)
 		return status, fmt.Errorf("cmd wait: %w, stderr: %q", err, stderrBuilder.String())
 	}
 
-	pw.Close()
-	wg.Wait()
-
 	ctxlogrus.Extract(ctx).WithField("response_bytes", stdoutCounter.N).Info("request details")
 
 	return 0, nil