From 7b9033d678604b7b128eb915eb45132a5557262d Mon Sep 17 00:00:00 2001
From: orignal <i2porignal@yandex.ru>
Date: Thu, 23 May 2019 09:32:07 -0400
Subject: [PATCH] allocate actual RouterInfo's buffer size

---
 libi2pd/NetDb.cpp      |  8 +++----
 libi2pd/RouterInfo.cpp | 47 ++++++++++++++++++++++++++++++------------
 libi2pd/RouterInfo.h   |  4 ++--
 3 files changed, 40 insertions(+), 19 deletions(-)

diff --git a/libi2pd/NetDb.cpp b/libi2pd/NetDb.cpp
index 02ae2ae8..328f8550 100644
--- a/libi2pd/NetDb.cpp
+++ b/libi2pd/NetDb.cpp
@@ -698,14 +698,14 @@ namespace data
 			LogPrint (eLogDebug, "NetDb: store request: RouterInfo");
 			size_t size = bufbe16toh (buf + offset);
 			offset += 2;
-			if (size > 2048 || size > len - offset)
+			if (size > MAX_RI_BUFFER_SIZE || size > len - offset)
 			{
 				LogPrint (eLogError, "NetDb: invalid RouterInfo length ", (int)size);
 				return;
 			}
-			uint8_t uncompressed[2048];
-			size_t uncompressedSize = m_Inflator.Inflate (buf + offset, size, uncompressed, 2048);
-			if (uncompressedSize && uncompressedSize < 2048)
+			uint8_t uncompressed[MAX_RI_BUFFER_SIZE];
+			size_t uncompressedSize = m_Inflator.Inflate (buf + offset, size, uncompressed, MAX_RI_BUFFER_SIZE);
+			if (uncompressedSize && uncompressedSize < MAX_RI_BUFFER_SIZE)
 				updated = AddRouterInfo (ident, uncompressed, uncompressedSize);
 			else
 			{
diff --git a/libi2pd/RouterInfo.cpp b/libi2pd/RouterInfo.cpp
index d1ed3ff8..9366cabf 100644
--- a/libi2pd/RouterInfo.cpp
+++ b/libi2pd/RouterInfo.cpp
@@ -26,7 +26,7 @@ namespace data
 	}
 
 	RouterInfo::RouterInfo (const std::string& fullPath):
-		m_FullPath (fullPath), m_IsUpdated (false), m_IsUnreachable (false),
+		m_FullPath (fullPath), m_Buffer (nullptr), m_IsUpdated (false), m_IsUnreachable (false),
 		m_SupportedTransports (0), m_Caps (0)
 	{
 		m_Addresses = boost::make_shared<Addresses>(); // create empty list
@@ -38,10 +38,19 @@ namespace data
 		m_IsUpdated (true), m_IsUnreachable (false), m_SupportedTransports (0), m_Caps (0)
 	{
 		m_Addresses = boost::make_shared<Addresses>(); // create empty list
-		m_Buffer = new uint8_t[len];
-		memcpy (m_Buffer, buf, len);
-		m_BufferLen = len;
-		ReadFromBuffer (true);
+		if (len <= MAX_RI_BUFFER_SIZE)
+		{	
+			m_Buffer = new uint8_t[len];
+			memcpy (m_Buffer, buf, len);
+			m_BufferLen = len;
+			ReadFromBuffer (true);
+		}
+		else
+		{
+			LogPrint (eLogError, "RouterInfo: Buffer is too long ", len, ". Ignored");
+			m_Buffer = nullptr;
+			m_IsUnreachable = true;
+		}
 	}
 
 	RouterInfo::~RouterInfo ()
@@ -49,7 +58,7 @@ namespace data
 		delete[] m_Buffer;
 	}
 
-	void RouterInfo::Update (const uint8_t * buf, int len)
+	void RouterInfo::Update (const uint8_t * buf, size_t len)
 	{
 		// verify signature since we have identity already
 		int l = len - m_RouterIdentity->GetSignatureLen ();
@@ -62,9 +71,15 @@ namespace data
 			m_Caps = 0;
 			// don't clean up m_Addresses, it will be replaced in ReadFromStream
 			m_Properties.clear ();
+			// check if existing buffer long enough			
+			if (m_Buffer && len > m_BufferLen)
+			{
+				delete[] m_Buffer;
+				m_Buffer = nullptr;
+			}	
 			// copy buffer
 			if (!m_Buffer)
-				m_Buffer = new uint8_t[MAX_RI_BUFFER_SIZE];
+				m_Buffer = new uint8_t[len];
 			memcpy (m_Buffer, buf, len);
 			m_BufferLen = len;
 			// skip identity
@@ -100,8 +115,8 @@ namespace data
 				return false;
 			}
 			s.seekg(0, std::ios::beg);
-			if (!m_Buffer)
-				m_Buffer = new uint8_t[m_BufferLen];
+			if (m_Buffer) delete[] m_Buffer;
+			m_Buffer = new uint8_t[m_BufferLen];
 			s.read((char *)m_Buffer, m_BufferLen);
 		}
 		else
@@ -607,15 +622,21 @@ namespace data
 		std::stringstream s;
 		uint8_t ident[1024];
 		auto identLen = privateKeys.GetPublic ()->ToBuffer (ident, 1024);
+		auto signatureLen = privateKeys.GetPublic ()->GetSignatureLen ();
 		s.write ((char *)ident, identLen);
 		WriteToStream (s);
 		m_BufferLen = s.str ().size ();
 		if (!m_Buffer)
 			m_Buffer = new uint8_t[MAX_RI_BUFFER_SIZE];
-		memcpy (m_Buffer, s.str ().c_str (), m_BufferLen);
-		// signature
-		privateKeys.Sign ((uint8_t *)m_Buffer, m_BufferLen, (uint8_t *)m_Buffer + m_BufferLen);
-		m_BufferLen += privateKeys.GetPublic ()->GetSignatureLen ();
+		if (m_BufferLen + signatureLen < MAX_RI_BUFFER_SIZE)
+		{
+			memcpy (m_Buffer, s.str ().c_str (), m_BufferLen);
+			// signature
+			privateKeys.Sign ((uint8_t *)m_Buffer, m_BufferLen, (uint8_t *)m_Buffer + m_BufferLen);
+			m_BufferLen += signatureLen;
+		}
+		else
+			LogPrint (eLogError, "RouterInfo: Our RouterInfo is too long ", m_BufferLen + signatureLen);
 	}
 
 	bool RouterInfo::SaveToFile (const std::string& fullPath)
diff --git a/libi2pd/RouterInfo.h b/libi2pd/RouterInfo.h
index 084ad8a7..64aaed37 100644
--- a/libi2pd/RouterInfo.h
+++ b/libi2pd/RouterInfo.h
@@ -38,7 +38,7 @@ namespace data
 	const char CAPS_FLAG_SSU_TESTING = 'B';
 	const char CAPS_FLAG_SSU_INTRODUCER = 'C';
 
-	const int MAX_RI_BUFFER_SIZE = 2048;
+	const int MAX_RI_BUFFER_SIZE = 2048; // if RouterInfo exceeds 2048 we consider it as malformed, might be changed later
 	class RouterInfo: public RoutingDestination
 	{
 		public:
@@ -196,7 +196,7 @@ namespace data
 			std::shared_ptr<RouterProfile> GetProfile () const;
 			void SaveProfile () { if (m_Profile) m_Profile->Save (GetIdentHash ()); };
 
-			void Update (const uint8_t * buf, int len);
+			void Update (const uint8_t * buf, size_t len);
 			void DeleteBuffer () { delete[] m_Buffer; m_Buffer = nullptr; };
 			bool IsNewer (const uint8_t * buf, size_t len) const;