From 27299426389e7fb7eab54994596cae09c0e11ec9 Mon Sep 17 00:00:00 2001
From: Percy Wegmann <percy@tailscale.com>
Date: Sat, 18 Jan 2025 20:41:36 -0600
Subject: [PATCH] prober: fix nil pointer access in tcp-in-tcp probes

If unable to accept a connection from the bandwidth probe listener,
return from the goroutine immediately since the accepted connection
will be nil.

Updates tailscale/corp#25958

Signed-off-by: Percy Wegmann <percy@tailscale.com>
---
 prober/derp.go | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/prober/derp.go b/prober/derp.go
index 995a69626..05cc8f05c 100644
--- a/prober/derp.go
+++ b/prober/derp.go
@@ -1048,6 +1048,7 @@ func derpProbeBandwidthTUN(ctx context.Context, transferTimeSeconds, totalBytesT
 		readConn, err := l.Accept()
 		if err != nil {
 			readFinishedC <- err
+			return
 		}
 		defer readConn.Close()
 		deadline, ok := ctx.Deadline()
@@ -1055,6 +1056,7 @@ func derpProbeBandwidthTUN(ctx context.Context, transferTimeSeconds, totalBytesT
 			// Don't try reading past our context's deadline.
 			if err := readConn.SetReadDeadline(deadline); err != nil {
 				readFinishedC <- fmt.Errorf("unable to set read deadline: %w", err)
+				return
 			}
 		}
 		n, err := io.CopyN(io.Discard, readConn, size)