gnovm: *Debugger.Serve leaks the listener and never retains a reference to later close it

[odeke-em]

While auditing and studying some code I noticed this code

gno/gnovm/pkg/gnolang/debugger.go

Lines 227 to 240 in 2838ad1

	func (d *Debugger) Serve(addr string) error {
	l, err := net.Listen("tcp", addr)
	if err != nil {
	return err
	}
	print("Waiting for debugger client to connect at ", addr)
	conn, err := l.Accept()
	if err != nil {
	return err
	}
	println(" connected!")
	d.in, d.out = conn, conn
	return nil
	}

and notice that we create a listener bound to an address and immediately accept a single connection then discard the listener.

Please figure out how to singly create the listener once and then retain it and listen to connections on it each time. If this library is to be put to production and debuggers left on, with the very large surface that it has, it is imperative to avoid such problems that could then cause security issues, especially without automated static analysis and security tools.

Kindly cc-ing @jaekwon

[kristovatlas]

Thanks for the report, @odeke-em. We're looking into it.