From eb71712626f96fc0a7e2803a6b6e6f82bec0a3a2 Mon Sep 17 00:00:00 2001
From: Paul Holzinger <pholzing@redhat.com>
Date: Thu, 21 Apr 2022 14:07:54 +0200
Subject: systemd socker activation: check listener

activation.Listeners() can return an net.Listener array which contains
nil entries if it cannot listen on the given fds. This can cause podman
to panic so we should check the we have non nil net.Listener first.

[NO NEW TESTS NEEDED] No idea how to reproduce this.

Fixes #13911

Signed-off-by: Paul Holzinger <pholzing@redhat.com>
---
 pkg/api/server/server.go | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'pkg/api/server/server.go')

diff --git a/pkg/api/server/server.go b/pkg/api/server/server.go
index 9344101ce..a906a01f1 100644
--- a/pkg/api/server/server.go
+++ b/pkg/api/server/server.go
@@ -79,6 +79,10 @@ func newServer(runtime *libpod.Runtime, listener net.Listener, opts entities.Ser
 			return nil, fmt.Errorf("wrong number of file descriptors for socket activation protocol (%d != 1)", len(listeners))
 		}
 		listener = listeners[0]
+		// note that activation.Listeners() return nil when it cannot listen on the fd (i.e. udp connection)
+		if listener == nil {
+			return nil, fmt.Errorf("unexpected fd received from systemd: cannot listen on it")
+		}
 	}
 	if opts.CorsHeaders == "" {
 		logrus.Debug("CORS Headers were not set")
-- 
cgit v1.2.3-54-g00ecf