fix panic when calling SO_ORIGINAL_DST without initializing iptables
Reported-by: syzbot+074ec22c42305725b79f@syzkaller.appspotmail.com PiperOrigin-RevId: 328963899
This commit is contained in:
parent
7bc9f9b47f
commit
b3ff31d041
|
@ -427,5 +427,10 @@ func (it *IPTables) checkRule(hook Hook, pkt *PacketBuffer, table Table, ruleIdx
|
|||
// OriginalDst returns the original destination of redirected connections. It
|
||||
// returns an error if the connection doesn't exist or isn't redirected.
|
||||
func (it *IPTables) OriginalDst(epID TransportEndpointID) (tcpip.Address, uint16, *tcpip.Error) {
|
||||
it.mu.RLock()
|
||||
defer it.mu.RUnlock()
|
||||
if !it.modified {
|
||||
return "", 0, tcpip.ErrNotConnected
|
||||
}
|
||||
return it.connections.originalDst(epID)
|
||||
}
|
||||
|
|
|
@ -104,6 +104,19 @@ TEST(IPTablesBasic, GetEntriesErrorPrecedence) {
|
|||
SyscallFailsWithErrno(EINVAL));
|
||||
}
|
||||
|
||||
TEST(IPTablesBasic, OriginalDstErrors) {
|
||||
SKIP_IF(!ASSERT_NO_ERRNO_AND_VALUE(HaveCapability(CAP_NET_RAW)));
|
||||
|
||||
int sock;
|
||||
ASSERT_THAT(sock = socket(AF_INET, SOCK_STREAM, 0), SyscallSucceeds());
|
||||
|
||||
// Sockets not affected by NAT should fail to find an original destination.
|
||||
struct sockaddr_in addr = {};
|
||||
socklen_t addr_len = sizeof(addr);
|
||||
EXPECT_THAT(getsockopt(sock, SOL_IP, SO_ORIGINAL_DST, &addr, &addr_len),
|
||||
SyscallFailsWithErrno(ENOTCONN));
|
||||
}
|
||||
|
||||
// Fixture for iptables tests.
|
||||
class IPTablesTest : public ::testing::Test {
|
||||
protected:
|
||||
|
|
Loading…
Reference in New Issue