From e9cdc224a2f9a9d8a00069d5b03f6ba3c42219cf Mon Sep 17 00:00:00 2001
From: teor <teor@riseup.net>
Date: Thu, 25 Mar 2021 17:47:25 +1000
Subject: [PATCH] Rewrite MetaAddr::sanitize so it's harder to misuse

`sanitize` could be misused in two ways:
* accidentally modifying the addresses in the address book itself
* forgetting to sanitize new fields added to `MetaAddr`

This change prevents accidental modification by taking `&self`, and
explicitly creates a new sanitized `MetaAddr` with all fields listed.
---
 zebra-network/src/address_book.rs |  5 ++++-
 zebra-network/src/meta_addr.rs    | 15 ++++++++++-----
 2 files changed, 14 insertions(+), 6 deletions(-)

diff --git a/zebra-network/src/address_book.rs b/zebra-network/src/address_book.rs
index 3a4dee2aa..997b37c7d 100644
--- a/zebra-network/src/address_book.rs
+++ b/zebra-network/src/address_book.rs
@@ -70,7 +70,10 @@ impl AddressBook {
     pub fn sanitized(&self) -> Vec<MetaAddr> {
         use rand::seq::SliceRandom;
         let _guard = self.span.enter();
-        let mut peers = self.peers().map(MetaAddr::sanitize).collect::<Vec<_>>();
+        let mut peers = self
+            .peers()
+            .map(|a| MetaAddr::sanitize(&a))
+            .collect::<Vec<_>>();
         peers.shuffle(&mut rand::thread_rng());
         peers
     }
diff --git a/zebra-network/src/meta_addr.rs b/zebra-network/src/meta_addr.rs
index 9a066c596..90a17f83e 100644
--- a/zebra-network/src/meta_addr.rs
+++ b/zebra-network/src/meta_addr.rs
@@ -124,13 +124,18 @@ pub struct MetaAddr {
 }
 
 impl MetaAddr {
-    /// Sanitize this `MetaAddr` before sending it to a remote peer.
-    pub fn sanitize(mut self) -> MetaAddr {
+    /// Return a sanitized version of this `MetaAddr`, for sending to a remote peer.
+    pub fn sanitize(&self) -> MetaAddr {
         let interval = crate::constants::TIMESTAMP_TRUNCATION_SECONDS;
         let ts = self.last_seen.timestamp();
-        self.last_seen = Utc.timestamp(ts - ts.rem_euclid(interval), 0);
-        self.last_connection_state = Default::default();
-        self
+        let last_seen = Utc.timestamp(ts - ts.rem_euclid(interval), 0);
+        MetaAddr {
+            addr: self.addr,
+            services: self.services,
+            last_seen,
+            // the state isn't sent to the remote peer, but sanitize it anyway
+            last_connection_state: Default::default(),
+        }
     }
 }