From 0dd1a1cae68f6f431d421c8f7b34c6806ff8ea10 Mon Sep 17 00:00:00 2001
From: ryleung-solana <91908731+ryleung-solana@users.noreply.github.com>
Date: Tue, 19 Jul 2022 20:54:42 +0800
Subject: [PATCH] Merge pull request from GHSA-x236-qc46-7v8j

* Restrict the usable port range of the validator such that adding QUIC_PORT_OFFSET never gets us an invalid port. Also validate this for incoming ContactInfos

* Require the proper port range in ContactInfo::valid_client_facing_addr

* Use asserts instead of panics, and enforce USABLE_PORT_RANGE for all the ports in ContactInfo

* Fix typo

* Make the quic client return errors on the quinn endpoint connect() call,
not just the result of awaiting the connect() call, as the connect()
call can itself fail realistically (e.g. due to expected/invalid IPs, etc)

* Update USABLE_PORT_RANGE to a better range and use port_range_validator to validate dynamic-port-range rather than a panic

* Fall back on UDP when the remote peer's tpu port is too large to have QUIC_PORT_OFFSET added to it

* Get rid of tpu port sanitization in ContactInfo

* Turn USABLE_PORT_RANGE into a Range and make connnection_cache fall back on UDP when the tpu port is out of range

* Fix build

* Dummy commit

* Reert dummy commit

* dummy commit

* revert dummy commit

* Fix typo

* Fix range validation

* Fix formatting

* Fix USABLE_PORT_RANGE

* Remove USABLE_PORT_RANGE

* Avoid creating a QuicLazyInitializedEndpoint when forcing the use of UDP

* Implement test for connection cache overflow
---
 client/src/nonblocking/quic_client.rs | 11 +++--------
 1 file changed, 3 insertions(+), 8 deletions(-)

diff --git a/client/src/nonblocking/quic_client.rs b/client/src/nonblocking/quic_client.rs
index 4e4941d0fff982..834c0a8a563f55 100644
--- a/client/src/nonblocking/quic_client.rs
+++ b/client/src/nonblocking/quic_client.rs
@@ -178,9 +178,7 @@ impl QuicNewConnection {
         let mut make_connection_measure = Measure::start("make_connection_measure");
         let endpoint = endpoint.get_endpoint().await;
 
-        let connecting = endpoint
-            .connect(addr, "connect")
-            .expect("QuicNewConnection::make_connection endpoint.connect");
+        let connecting = endpoint.connect(addr, "connect")?;
         stats.total_connections.fetch_add(1, Ordering::Relaxed);
         if let Ok(connecting_result) = timeout(
             Duration::from_millis(QUIC_CONNECTION_HANDSHAKE_TIMEOUT_MS),
@@ -219,11 +217,8 @@ impl QuicNewConnection {
         &mut self,
         addr: SocketAddr,
         stats: &ClientStats,
-    ) -> Result<Arc<NewConnection>, WriteError> {
-        let connecting = self
-            .endpoint
-            .connect(addr, "connect")
-            .expect("QuicNewConnection::make_connection_0rtt endpoint.connect");
+    ) -> Result<Arc<NewConnection>, QuicError> {
+        let connecting = self.endpoint.connect(addr, "connect")?;
         stats.total_connections.fetch_add(1, Ordering::Relaxed);
         let connection = match connecting.into_0rtt() {
             Ok((connection, zero_rtt)) => {