tracee: fix panic when ctrl-c after the boot

aquasecurity · Jun 12, 2023 · 1f38612 · 1f38612
1 parent d01ceca
commit 1f38612
Show file tree

Hide file tree

Showing 3 changed files with 21 additions and 0 deletions.
diff --git a/pkg/ebpf/events_enrich.go b/pkg/ebpf/events_enrich.go
@@ -76,6 +76,10 @@ func (t *Tracee) enrichContainerEvents(ctx gocontext.Context, in <-chan *trace.E
 		for { // enqueue events
 			select {
 			case event := <-in:
+				if event == nil {
+					continue // might happen during initialization (ctrl+c seg faults)
+				}
+
 				eventID := events.ID(event.EventID)
 				// send out irrelevant events (non container or already enriched), don't skip the cgroup lifecycle events
 				if (event.Container.ID == "" || event.Container.Name != "") && eventID != events.CgroupMkdir && eventID != events.CgroupRmdir {
@@ -130,6 +134,11 @@ func (t *Tracee) enrichContainerEvents(ctx gocontext.Context, in <-chan *trace.E
 					// de-queue event if queue is enriched
 					if _, ok := queues[cgroupId]; ok {
 						event := <-queues[cgroupId]
+
+						if event == nil {
+							continue // might happen during initialization (ctrl+c seg faults)
+						}
+
 						eventID := events.ID(event.EventID)
 						// check if not enriched, and only enrich regular non cgroup related events
 						if event.Container.Name == "" && eventID != events.CgroupMkdir && eventID != events.CgroupRmdir {

diff --git a/pkg/ebpf/events_pipeline.go b/pkg/ebpf/events_pipeline.go
@@ -420,6 +420,10 @@ func (t *Tracee) processEvents(ctx context.Context, in <-chan *trace.Event) (
 		defer close(errc)
 
 		for event := range in { // For each received event...
+			if event == nil {
+				continue // might happen during initialization (ctrl+c seg faults)
+			}
+
 			// Go through event processors if needed
 			errs := t.processEvent(event)
 			if len(errs) > 0 {
@@ -541,6 +545,10 @@ func (t *Tracee) sinkEvents(ctx context.Context, in <-chan *trace.Event) <-chan
 		defer close(errc)
 
 		for event := range in {
+			if event == nil {
+				continue // might happen during initialization (ctrl+c seg faults)
+			}
+
 			// Only emit events requested by the user and matched by at least one policy.
 			id := events.ID(event.EventID)
 			event.MatchedPoliciesUser &= t.events[id].emit

diff --git a/pkg/ebpf/signature_engine.go b/pkg/ebpf/signature_engine.go
@@ -86,6 +86,10 @@ func (t *Tracee) engineEvents(ctx context.Context, in <-chan *trace.Event) (<-ch
 		for {
 			select {
 			case finding := <-engineOutput:
+				if finding.Event.Payload == nil {
+					continue // might happen during initialization (ctrl+c seg faults)
+				}
+
 				event, err := FindingToEvent(finding)
 				if err != nil {
 					t.handleError(err)