From c0114a2c5fbfdccea7c0229709e1fd7b46d11af0 Mon Sep 17 00:00:00 2001
From: teor <teor@riseup.net>
Date: Wed, 26 May 2021 13:19:17 +1000
Subject: [PATCH] Security: Stop panicking when serializing out-of-range times

Zebra assumes that deserialized times are always able to be serialized.

But this assumption is wrong because:
- sanitization can modify times
- gossiped `MetaAddr` validation can modify times
---
 zebra-network/src/meta_addr.rs | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/zebra-network/src/meta_addr.rs b/zebra-network/src/meta_addr.rs
index 005669d4..e89c28cc 100644
--- a/zebra-network/src/meta_addr.rs
+++ b/zebra-network/src/meta_addr.rs
@@ -325,7 +325,7 @@ impl ZcashSerialize for MetaAddr {
             self.get_last_seen()
                 .timestamp()
                 .try_into()
-                .expect("time is in range"),
+                .map_err(|e| std::io::Error::new(std::io::ErrorKind::InvalidData, e))?,
         )?;
         writer.write_u64::<LittleEndian>(self.services.bits())?;
         writer.write_socket_addr(self.addr)?;