From c9842f21ce4a9308dba983fd712cc688b26237d5 Mon Sep 17 00:00:00 2001 From: Kevin Krakauer Date: Fri, 28 Aug 2020 10:33:44 -0700 Subject: fix panic when calling SO_ORIGINAL_DST without initializing iptables Reported-by: syzbot+074ec22c42305725b79f@syzkaller.appspotmail.com PiperOrigin-RevId: 328963899 --- pkg/tcpip/stack/iptables.go | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'pkg/tcpip/stack/iptables.go') diff --git a/pkg/tcpip/stack/iptables.go b/pkg/tcpip/stack/iptables.go index 30aa41db2..0e33cbe92 100644 --- a/pkg/tcpip/stack/iptables.go +++ b/pkg/tcpip/stack/iptables.go @@ -427,5 +427,10 @@ func (it *IPTables) checkRule(hook Hook, pkt *PacketBuffer, table Table, ruleIdx // OriginalDst returns the original destination of redirected connections. It // returns an error if the connection doesn't exist or isn't redirected. func (it *IPTables) OriginalDst(epID TransportEndpointID) (tcpip.Address, uint16, *tcpip.Error) { + it.mu.RLock() + defer it.mu.RUnlock() + if !it.modified { + return "", 0, tcpip.ErrNotConnected + } return it.connections.originalDst(epID) } -- cgit v1.2.3