zecfoundation
/
zebra
mirror of https://github.com/ZcashFoundation/zebra.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Security: Stop panicking when serializing out-of-range times 

Zebra assumes that deserialized times are always able to be serialized.

But this assumption is wrong because:
- sanitization can modify times
- gossiped `MetaAddr` validation can modify times
This commit is contained in:
teor 2021-05-26 13:19:17 +10:00 committed by Deirdre Connolly
parent 7894cec814
commit c0114a2c5f
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
zebra-network/src/meta_addr.rs
View File

@ -325,7 +325,7 @@ impl ZcashSerialize for MetaAddr {
self.get_last_seen() self.get_last_seen()
.timestamp() .timestamp()
.try_into() .try_into()
.expect("time is in range"), .map_err(|e| std::io::Error::new(std::io::ErrorKind::InvalidData, e))?,
)?; )?;
writer.write_u64::<LittleEndian>(self.services.bits())?; writer.write_u64::<LittleEndian>(self.services.bits())?;
writer.write_socket_addr(self.addr)?; writer.write_socket_addr(self.addr)?;