From a90661654d14e77b6442c4a34ced900e2cd9953e Mon Sep 17 00:00:00 2001
From: Bhasker Hariharan <bhaskerh@google.com>
Date: Tue, 26 Jan 2021 12:07:16 -0800
Subject: [PATCH] Fix couple of potential route leaks.

connect() can be invoked multiple times on UDP/RAW sockets and in such
a case we should release the cached route from the previous connect.

Fixes #5359

PiperOrigin-RevId: 353919891
---
 pkg/tcpip/transport/raw/endpoint.go | 5 ++++-
 pkg/tcpip/transport/udp/endpoint.go | 5 +++++
 2 files changed, 9 insertions(+), 1 deletion(-)

diff --git a/pkg/tcpip/transport/raw/endpoint.go b/pkg/tcpip/transport/raw/endpoint.go
index 9a5f10263..30644e92d 100644
--- a/pkg/tcpip/transport/raw/endpoint.go
+++ b/pkg/tcpip/transport/raw/endpoint.go
@@ -413,7 +413,10 @@ func (e *endpoint) Connect(addr tcpip.FullAddress) *tcpip.Error {
 		e.RegisterNICID = nic
 	}
 
-	// Save the route we've connected via.
+	if e.route != nil {
+		// If the endpoint was previously connected then release any previous route.
+		e.route.Release()
+	}
 	e.route = route
 	e.connected = true
 
diff --git a/pkg/tcpip/transport/udp/endpoint.go b/pkg/tcpip/transport/udp/endpoint.go
index ea8a7017e..a3e513ff7 100644
--- a/pkg/tcpip/transport/udp/endpoint.go
+++ b/pkg/tcpip/transport/udp/endpoint.go
@@ -1009,6 +1009,11 @@ func (e *endpoint) Connect(addr tcpip.FullAddress) *tcpip.Error {
 
 	e.ID = id
 	e.boundBindToDevice = btd
+	if e.route != nil {
+		// If the endpoint was already connected then make sure we release the
+		// previous route.
+		e.route.Release()
+	}
 	e.route = r
 	e.dstPort = addr.Port
 	e.RegisterNICID = nicID