Security: Stop panicking when serializing out-of-range times
Zebra assumes that deserialized times are always able to be serialized. But this assumption is wrong because: - sanitization can modify times - gossiped `MetaAddr` validation can modify times
This commit is contained in:
parent
7894cec814
commit
c0114a2c5f
|
@ -325,7 +325,7 @@ impl ZcashSerialize for MetaAddr {
|
|||
self.get_last_seen()
|
||||
.timestamp()
|
||||
.try_into()
|
||||
.expect("time is in range"),
|
||||
.map_err(|e| std::io::Error::new(std::io::ErrorKind::InvalidData, e))?,
|
||||
)?;
|
||||
writer.write_u64::<LittleEndian>(self.services.bits())?;
|
||||
writer.write_socket_addr(self.addr)?;
|
||||
|
|
Loading…
Reference in New Issue