From b38bd36766994715ac5226bfa361cd2f8f29e31e Mon Sep 17 00:00:00 2001
From: Wade Simmons <wsimmons@slack-corp.com>
Date: Mon, 4 Apr 2022 13:38:36 -0400
Subject: [PATCH] fix connection manager check when disconnect_invalid set
 (#658)

This restores the hostMap.QueryVpnIP block to how it looked before #370
was merged. I'm not sure why the patch from #370 wanted to continue on
if there was no match found in the hostmap, since there isn't anything
to do at that point (the tunnel has already been closed).

This was causing a crash because the handleInvalidCertificate check
expects the hostinfo to be passed in (but it is nil since there was no
hostinfo in the hostmap).

Fixes: #657
---
 connection_manager.go | 9 +++------
 1 file changed, 3 insertions(+), 6 deletions(-)

diff --git a/connection_manager.go b/connection_manager.go
index c480bbb..9a51fa2 100644
--- a/connection_manager.go
+++ b/connection_manager.go
@@ -179,12 +179,9 @@ func (n *connectionManager) HandleMonitorTick(now time.Time, p, nb, out []byte)
 		hostinfo, err := n.hostMap.QueryVpnIp(vpnIp)
 		if err != nil {
 			n.l.Debugf("Not found in hostmap: %s", vpnIp)
-
-			if !n.intf.disconnectInvalid {
-				n.ClearIP(vpnIp)
-				n.ClearPendingDeletion(vpnIp)
-				continue
-			}
+			n.ClearIP(vpnIp)
+			n.ClearPendingDeletion(vpnIp)
+			continue
 		}
 
 		if n.handleInvalidCertificate(now, vpnIp, hostinfo) {