From fe4e77979de6cdc6eb5fad254a4188eefaa821e4 Mon Sep 17 00:00:00 2001
From: fanyang <fanyang89@outlook.com>
Date: Sat, 14 Feb 2026 17:10:29 +0800
Subject: [PATCH] fix: avoid panic for quic peer urls using port 0 (#1905)

Prevent crashes when users input quic://...:0 by rejecting port 0 explicitly and propagating connect setup errors. Add a regression test to ensure invalid QUIC targets fail gracefully.

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
---
 easytier/src/tunnel/quic.rs | 22 ++++++++++++++++++++--
 1 file changed, 20 insertions(+), 2 deletions(-)

diff --git a/easytier/src/tunnel/quic.rs b/easytier/src/tunnel/quic.rs
index 8512d048..bec306f3 100644
--- a/easytier/src/tunnel/quic.rs
+++ b/easytier/src/tunnel/quic.rs
@@ -245,6 +245,12 @@ impl TunnelConnector for QUICTunnelConnector {
         let addr =
             check_scheme_and_get_socket_addr::<SocketAddr>(&self.addr, "quic", self.ip_version)
                 .await?;
+        if addr.port() == 0 {
+            return Err(TunnelError::InvalidAddr(format!(
+                "invalid remote QUIC port 0 in url: {} (port 0 is not a valid QUIC port)",
+                self.addr
+            )));
+        }
         let local_addr = if addr.is_ipv4() {
             "0.0.0.0:0"
         } else {
@@ -257,7 +263,12 @@ impl TunnelConnector for QUICTunnelConnector {
         // connect to server
         let connection = endpoint
             .connect(addr, "localhost")
-            .unwrap()
+            .map_err(|e| {
+                TunnelError::InvalidAddr(format!(
+                    "failed to create QUIC connection, url: {}, error: {}",
+                    self.addr, e
+                ))
+            })?
             .await
             .with_context(|| "connect failed")?;
         tracing::info!("[client] connected: addr={}", connection.remote_address());
@@ -300,7 +311,7 @@ impl TunnelConnector for QUICTunnelConnector {
 mod tests {
     use crate::tunnel::{
         common::tests::{_tunnel_bench, _tunnel_pingpong},
-        IpVersion,
+        IpVersion, TunnelConnector,
     };
 
     use super::*;
@@ -355,4 +366,11 @@ mod tests {
         let port = listener.local_url().port().unwrap();
         assert!(port > 0);
     }
+
+    #[tokio::test]
+    async fn quic_connector_reject_port_zero() {
+        let mut connector = QUICTunnelConnector::new("quic://127.0.0.1:0".parse().unwrap());
+        let err = connector.connect().await.unwrap_err().to_string();
+        assert!(err.contains("port 0"), "unexpected error: {}", err);
+    }
 }