From f64bb2d3ab9f4133bbdcc792b952a5541302ed57 Mon Sep 17 00:00:00 2001
From: anonimal <anonimal@i2pmail.org>
Date: Fri, 8 Dec 2017 04:40:01 +0000
Subject: [PATCH] Streaming: fix overflow if large sig is included

Referencing #767
---
 src/client/api/streaming.cc | 18 +++++++++++-------
 1 file changed, 11 insertions(+), 7 deletions(-)

diff --git a/src/client/api/streaming.cc b/src/client/api/streaming.cc
index 674c6542..a83ac067 100644
--- a/src/client/api/streaming.cc
+++ b/src/client/api/streaming.cc
@@ -268,20 +268,24 @@ void Stream::ProcessPacket(
   }
   if (flags & PACKET_FLAG_SIGNATURE_INCLUDED) {
     LOG(debug) << "Stream: signature";
-    std::uint8_t signature[256];
-    auto signature_len = m_RemoteIdentity.GetSignatureLen();
-    memcpy(signature, option_data, signature_len);
-    memset(const_cast<std::uint8_t *>(option_data), 0, signature_len);
+    // TODO(unassigned): ensure option data isn't overwritten if sig length > 256.
+    //   Note: not relevant once #498 / #755 is resolved (first check if they are resolved).
+    std::vector<std::uint8_t> signature(m_RemoteIdentity.GetSignatureLen());
+    memcpy(signature.data(), option_data, signature.size());
+    memset(const_cast<std::uint8_t*>(option_data), 0, signature.size());
     if (!m_RemoteIdentity.Verify(
           packet->GetBuffer(),
           packet->GetLength(),
-          signature)) {
+          signature.data())) {
       LOG(error) << "Stream: signature verification failed";
       Close();
       flags |= PACKET_FLAG_CLOSE;
     }
-    memcpy(const_cast<std::uint8_t *>(option_data), signature, signature_len);
-    option_data += signature_len;
+    memcpy(
+        const_cast<std::uint8_t*>(option_data),
+        signature.data(),
+        signature.size());
+    option_data += signature.size();
   }
   packet->offset = packet->GetPayload() - packet->buf;
   if (packet->GetLength() > 0) {