From d8272b16e90c9536130bd259b0fc6edc5917eb5f Mon Sep 17 00:00:00 2001
From: Xiaocc <598887962@qq.com>
Date: Wed, 19 Jul 2023 12:45:54 +0800
Subject: [PATCH] [fix](fe) fd leak of ssl #19645

---
 .../java/org/apache/doris/mysql/MysqlSslContext.java     | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/fe/fe-core/src/main/java/org/apache/doris/mysql/MysqlSslContext.java b/fe/fe-core/src/main/java/org/apache/doris/mysql/MysqlSslContext.java
index cda57d6b4f..f4abdbc5cd 100644
--- a/fe/fe-core/src/main/java/org/apache/doris/mysql/MysqlSslContext.java
+++ b/fe/fe-core/src/main/java/org/apache/doris/mysql/MysqlSslContext.java
@@ -23,6 +23,7 @@ import org.apache.logging.log4j.LogManager;
 import org.apache.logging.log4j.Logger;
 
 import java.io.IOException;
+import java.io.InputStream;
 import java.nio.ByteBuffer;
 import java.nio.file.Files;
 import java.nio.file.Paths;
@@ -72,8 +73,12 @@ public class MysqlSslContext {
             char[] serverPassword = serverCertificatePassword.toCharArray();
             char[] caPassword = caCertificatePassword.toCharArray();
 
-            ks.load(Files.newInputStream(Paths.get(keyStoreFile)), serverPassword);
-            ts.load(Files.newInputStream(Paths.get(trustStoreFile)), caPassword);
+            try (InputStream stream = Files.newInputStream(Paths.get(keyStoreFile))) {
+                ks.load(stream, serverPassword);
+            }
+            try (InputStream stream = Files.newInputStream(Paths.get(trustStoreFile))) {
+                ts.load(stream, caPassword);
+            }
 
             KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
             kmf.init(ks, serverPassword);