ipn/ipnlocal: fix panic in driveTransport on network error

When the underlying transport returns a network error, the RoundTrip method returns (nil, error). The defer was attempting to access resp without checking if it was nil first, causing a panic. Fix this by checking for nil in the defer. Also changes driveTransport.tr from *http.Transport to http.RoundTripper and adds a test. Fixes #17306 Signed-off-by: Andrew Dunham <andrew@tailscale.com> Change-Id: Icf38a020b45aaa9cfbc1415d55fd8b70b978f54c
2025-12-04 17:01:58 +01:00 · 2025-11-21 17:25:56 -05:00 · 2025-11-21 17:25:56 -05:00 · 698eecda04
commit 698eecda04
parent a20cdb5c93
2 changed files with 89 additions and 36 deletions
--- a/ipn/ipnlocal/drive.go
+++ b/ipn/ipnlocal/drive.go
@ -433,7 +433,7 @@ func (rbw *responseBodyWrapper) Close() error {
 // b.Dialer().PeerAPITransport() with metrics tracking.
 type driveTransport struct {
 	b  *LocalBackend
-	tr *http.Transport
+	tr http.RoundTripper
 }

 func (b *LocalBackend) newDriveTransport() *driveTransport {
@ -443,7 +443,7 @@ func (b *LocalBackend) newDriveTransport() *driveTransport {
 	}
 }

-func (dt *driveTransport) RoundTrip(req *http.Request) (resp *http.Response, err error) {
+func (dt *driveTransport) RoundTrip(req *http.Request) (*http.Response, error) {
 	// Some WebDAV clients include origin and refer headers, which peerapi does
 	// not like. Remove them.
 	req.Header.Del("origin")
@ -455,7 +455,11 @@ func (dt *driveTransport) RoundTrip(req *http.Request) (resp *http.Response, err
 		req.Body = bw
 	}

-	defer func() {
+	resp, err := dt.tr.RoundTrip(req)
+	if err != nil {
+		return nil, err
+	}
+
 	contentType := "unknown"
 	if ct := req.Header.Get("Content-Type"); ct != "" {
 		contentType = ct
@ -490,7 +494,6 @@ func (dt *driveTransport) RoundTrip(req *http.Request) (resp *http.Response, err
 	} else {
 		resp.Body = &rbw
 	}
-	}()

-	return dt.tr.RoundTrip(req)
+	return resp, nil
 }
--- a/ipn/ipnlocal/drive_test.go
+++ b/ipn/ipnlocal/drive_test.go
@ -0,0 +1,50 @@
+// Copyright (c) Tailscale Inc & AUTHORS
+// SPDX-License-Identifier: BSD-3-Clause
+
+//go:build !ts_omit_drive
+
+package ipnlocal
+
+import (
+	"errors"
+	"net/http"
+	"net/http/httptest"
+	"testing"
+)
+
+// TestDriveTransportRoundTrip_NetworkError tests that driveTransport.RoundTrip
+// doesn't panic when the underlying transport returns a nil response with an
+// error.
+//
+// See: https://github.com/tailscale/tailscale/issues/17306
+func TestDriveTransportRoundTrip_NetworkError(t *testing.T) {
+	b := newTestLocalBackend(t)
+
+	testErr := errors.New("network connection failed")
+	mockTransport := &mockRoundTripper{
+		err: testErr,
+	}
+	dt := &driveTransport{
+		b:  b,
+		tr: mockTransport,
+	}
+
+	req := httptest.NewRequest("GET", "http://100.64.0.1:1234/some/path", nil)
+	resp, err := dt.RoundTrip(req)
+	if err == nil {
+		t.Fatal("got nil error, expected non-nil")
+	} else if !errors.Is(err, testErr) {
+		t.Errorf("got error %v, expected %v", err, testErr)
+	}
+	if resp != nil {
+		t.Errorf("wanted nil response, got %v", resp)
+	}
+}
+
+type mockRoundTripper struct {
+	err error
+}
+
+func (m *mockRoundTripper) RoundTrip(req *http.Request) (*http.Response, error) {
+	return nil, m.err
+}