From 8bd5c7b7ec1000b11d2da274da4d503fc0883f61 Mon Sep 17 00:00:00 2001
From: Ackberry <akbari@usf.edu>
Date: Tue, 23 Jun 2026 08:06:40 -0400
Subject: [PATCH] reverseproxy: close connection on proxy protocol error paths"
 -m "After a successful dial, the four error returns in the ProxyProtocol
 block of dialContext returned without closing the established connection,
 leaking the socket. Close conn on each path.

Fixes one item from #7833."

Signed-off-by: Ackberry <akbari@usf.edu>
---
 modules/caddyhttp/reverseproxy/httptransport.go | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/modules/caddyhttp/reverseproxy/httptransport.go b/modules/caddyhttp/reverseproxy/httptransport.go
index d2645deed..9e8f6974e 100644
--- a/modules/caddyhttp/reverseproxy/httptransport.go
+++ b/modules/caddyhttp/reverseproxy/httptransport.go
@@ -300,6 +300,7 @@ func (h *HTTPTransport) NewTransport(caddyCtx caddy.Context) (*http.Transport, e
 		if h.ProxyProtocol != "" {
 			proxyProtocolInfo, ok := caddyhttp.GetVar(ctx, proxyProtocolInfoVarKey).(ProxyProtocolInfo)
 			if !ok {
+				_ = conn.Close()
 				return nil, fmt.Errorf("failed to get proxy protocol info from context")
 			}
 			var proxyv byte
@@ -309,6 +310,7 @@ func (h *HTTPTransport) NewTransport(caddyCtx caddy.Context) (*http.Transport, e
 			case "v2":
 				proxyv = 2
 			default:
+				_ = conn.Close()
 				return nil, fmt.Errorf("unexpected proxy protocol version")
 			}
 
@@ -326,6 +328,7 @@ func (h *HTTPTransport) NewTransport(caddyCtx caddy.Context) (*http.Transport, e
 					IP: net.IPv6zero,
 				}
 			default:
+				_ = conn.Close()
 				return nil, fmt.Errorf("unexpected remote addr type in proxy protocol info")
 			}
 			sourceAddr := &net.TCPAddr{
@@ -345,6 +348,7 @@ func (h *HTTPTransport) NewTransport(caddyCtx caddy.Context) (*http.Transport, e
 
 			_, err = header.WriteTo(conn)
 			if err != nil {
+				_ = conn.Close()
 				// identify this error as one that occurred during
 				// dialing, which can be important when trying to
 				// decide whether to retry a request