summaryrefslogtreecommitdiffhomepage
path: root/pkg
diff options
context:
space:
mode:
authorKevin Krakauer <krakauer@google.com>2020-08-28 10:33:44 -0700
committergVisor bot <gvisor-bot@google.com>2020-08-28 10:35:18 -0700
commitb3ff31d041c9455614a2a9f2a7be10afb6613357 (patch)
tree8a7e9e6785655bb6fb6b925642c9763fc0167f64 /pkg
parent7bc9f9b47f61faa21c6504cde215ece5e07a9f5e (diff)
fix panic when calling SO_ORIGINAL_DST without initializing iptables
Reported-by: syzbot+074ec22c42305725b79f@syzkaller.appspotmail.com PiperOrigin-RevId: 328963899
Diffstat (limited to 'pkg')
-rw-r--r--pkg/tcpip/stack/iptables.go5
1 files changed, 5 insertions, 0 deletions
diff --git a/pkg/tcpip/stack/iptables.go b/pkg/tcpip/stack/iptables.go
index 30aa41db2..0e33cbe92 100644
--- a/pkg/tcpip/stack/iptables.go
+++ b/pkg/tcpip/stack/iptables.go
@@ -427,5 +427,10 @@ func (it *IPTables) checkRule(hook Hook, pkt *PacketBuffer, table Table, ruleIdx
// OriginalDst returns the original destination of redirected connections. It
// returns an error if the connection doesn't exist or isn't redirected.
func (it *IPTables) OriginalDst(epID TransportEndpointID) (tcpip.Address, uint16, *tcpip.Error) {
+ it.mu.RLock()
+ defer it.mu.RUnlock()
+ if !it.modified {
+ return "", 0, tcpip.ErrNotConnected
+ }
return it.connections.originalDst(epID)
}