Properly close all SOCKS connection handles
Conjure pluggable transport wrapper fails to close the SOCKS connection in the event of a connection error. This will result in a resource leak that could be abused to deplete the connection resource pool and consequently prevent further connections from being established.
If an attacker is capable of triggering this code path, they will be able to instigate a DoS attack and prevent any further client connections from being made by the Tor Browser. Notably, the standard use case in this scenario stipulates that the Tor Browser connects to the pluggable transport wrapper on localhost. As such, an attacker would already have compromised the host to trigger these connections.
Edited by meskio