Merge pull request #1021 from PurpleI2P/openssl

2.17.0

ChangeLog

@@ -1,6 +1,23 @@
 # for this file format description,
 # see https://github.com/olivierlacan/keep-a-changelog
 
+## [2.17.0] - 2017-12-04
+### Added
+- Reseed through HTTP and SOCKS proxy
+- Show status of client services through web console
+- Change log level through web connsole
+- transient keys for tunnels
+- i2p.streaming.initialAckDelay parameter
+- CRYPTO_TYPE for SAM destination
+- signature and crypto type for newkeys BOB command
+### Changed
+- Correct publication of ECIES destinations
+- Disable RSA signatures completely
+### Fixed
+- CVE-2017-17066
+- Possible buffer overflow for RSA-4096
+- Shutdown from web console for Windows
+- Web console page layout
 ## [2.16.0] - 2017-11-13
 ### Added
 - https and "Connect" method for HTTP proxy

Win32/installer.iss

@@ -1,5 +1,5 @@
 #define I2Pd_AppName "i2pd"
-#define I2Pd_ver "2.16.0"
+#define I2Pd_ver "2.17.0"
 #define I2Pd_Publisher "PurpleI2P"
 
 [Setup]

android/AndroidManifest.xml

@@ -2,7 +2,7 @@
 <manifest xmlns:android="http://schemas.android.com/apk/res/android"
       package="org.purplei2p.i2pd"
       android:versionCode="1"
-      android:versionName="2.16.0"
+      android:versionName="2.17.0"
 	  android:installLocation="auto">
     <uses-sdk android:minSdkVersion="14" android:targetSdkVersion="25"/>
 	<uses-permission android:name="android.permission.WRITE_EXTERNAL_STORAGE"/>

appveyor.yml

@@ -1,4 +1,4 @@
-version: 2.16.{build}
+version: 2.17.{build}
 pull_requests:
   do_not_increment_build_number: true
 branches:

contrib/rpm/i2pd.spec

@@ -1,7 +1,7 @@
 %define build_timestamp %(date +"%Y%m%d")
 
 Name:           i2pd
-Version:        2.16.0
+Version:        2.17.0
 Release:        %{build_timestamp}git%{?dist}
 Summary:        I2P router written in C++
 
@@ -103,6 +103,21 @@ getent passwd i2pd >/dev/null || \
 
 
 %changelog
+* Mon Dec 04 2017 orignal <i2porignal@yandex.ru> - 2.17.0
+- Added reseed through HTTP and SOCKS proxy
+- Added show status of client services through web console
+- Added change log level through web connsole
+- Added transient keys for tunnels
+- Added i2p.streaming.initialAckDelay parameter
+- Added CRYPTO_TYPE for SAM destination
+- Added signature and crypto type for newkeys BOB command
+- Changed - correct publication of ECIES destinations
+- Changed - disable RSA signatures completely
+- Fixed CVE-2017-17066
+- Fixed possible buffer overflow for RSA-4096
+- Fixed shutdown from web console for Windows
+- Fixed web console page layout
+
 * Mon Nov 13 2017 orignal <i2porignal@yandex.ru> - 2.16.0
 - Added https and "Connect" method for HTTP proxy
 - Added outproxy for HTTP proxy

daemon/HTTPServer.cpp

@@ -51,8 +51,8 @@ namespace http {
 	const char *cssStyles =
 		"<style>\r\n"
 		"  body { font: 100%/1.5em sans-serif; margin: 0; padding: 1.5em; background: #FAFAFA; color: #103456; }\r\n"
-		"  a { text-decoration: none; color: #894C84; }\r\n"
+		"  a, .slide label { text-decoration: none; color: #894C84; }\r\n"
-		"  a:hover { color: #FAFAFA; background: #894C84; }\r\n"
+		"  a:hover, .slide label:hover { color: #FAFAFA; background: #894C84; }\r\n"
 		"  .header { font-size: 2.5em; text-align: center; margin: 1.5em 0; color: #894C84; }\r\n"
 		"  .wrapper { margin: 0 auto; padding: 1em; max-width: 60em; }\r\n"
 		"  .left  { float: left; position: absolute; }\r\n"
@@ -63,7 +63,6 @@ namespace http {
 		"  .tunnel.building    { color: #434343; }\r\n"
 		"  caption { font-size: 1.5em; text-align: center; color: #894C84; }\r\n"
 		"  table { width: 100%; border-collapse: collapse; text-align: center; }\r\n"
-		"  .slide label { color: #894C84 }\r\n"
 		"  .slide p, .slide [type='checkbox']{ display:none; }\r\n"
 		"  .slide [type='checkbox']:checked ~ p { display:block; margin-top: 0; padding: 0; }\r\n"
 		"  .disabled:after { color: #D33F3F; content: \"Disabled\" }\r\n"
@@ -88,6 +87,7 @@ namespace http {
 	const char HTTP_COMMAND_SHUTDOWN_NOW[] = "terminate";
 	const char HTTP_COMMAND_RUN_PEER_TEST[] = "run_peer_test";
 	const char HTTP_COMMAND_RELOAD_CONFIG[] = "reload_config";
+	const char HTTP_COMMAND_LOGLEVEL[] = "set_loglevel";
 	const char HTTP_PARAM_SAM_SESSION_ID[] = "id";
 	const char HTTP_PARAM_ADDRESS[] = "address";
 
@@ -122,7 +122,7 @@ namespace http {
 			s << numKBytes / 1024 / 1024 << " GiB";
 	}
 
-	static void ShowTunnelDetails (std::stringstream& s, enum i2p::tunnel::TunnelState eState, int bytes)
+	static void ShowTunnelDetails (std::stringstream& s, enum i2p::tunnel::TunnelState eState, bool explr, int bytes)
 	{
 		std::string state;
 		switch (eState) {
@@ -135,10 +135,21 @@ namespace http {
 			case i2p::tunnel::eTunnelStateEstablished : state = "established"; break;
 			default: state = "unknown"; break;
 		}
-		s << "<span class=\"tunnel " << state << "\"> " << state << "</span>, ";
+		s << "<span class=\"tunnel " << state << "\"> " << state << ((explr) ? " (exploratory)" : "") << "</span>, ";
 		s << " " << (int) (bytes / 1024) << "&nbsp;KiB<br>\r\n";
 	}
 
+	static void SetLogLevel (const std::string& level)
+	{
+		if (level == "none" || level == "error" || level == "warn" || level == "info" || level == "debug")
+			i2p::log::Logger().SetLogLevel(level);
+		else {
+			LogPrint(eLogError, "HTTPServer: unknown loglevel set attempted");
+			return;
+		}
+		i2p::log::Logger().Reopen ();
+	}
+
 	static void ShowPageHead (std::stringstream& s)
 	{
 		s <<
@@ -234,7 +245,7 @@ namespace http {
 		ShowTraffic (s, i2p::transport::transports.GetTotalTransitTransmittedBytes ());
 		s << " (" << (double) i2p::transport::transports.GetTransitBandwidth () / 1024 << " KiB/s)<br>\r\n";
 		s << "<b>Data path:</b> " << i2p::fs::GetDataDir() << "<br>\r\n";
-		s << "<div class='slide'\r\n><label for='slide1'>Hidden content. Press on text to see.</label>\r\n<input type='checkbox' id='slide1'/>\r\n<p class='content'>\r\n";
+		s << "<div class='slide'><label for='slide-info'>Hidden content. Press on text to see.</label>\r\n<input type='checkbox' id='slide-info'/>\r\n<p class='content'>\r\n";
 		if(includeHiddenContent) {
 			s << "<b>Router Ident:</b> " << i2p::context.GetRouterInfo().GetIdentHashBase64() << "<br>\r\n";
 			s << "<b>Router Family:</b> " << i2p::context.GetRouterInfo().GetProperty("family") << "<br>\r\n";
@@ -318,7 +329,7 @@ namespace http {
 		s << dest->GetIdentity ()->ToBase64 () << "</textarea><br>\r\n<br>\r\n";
 		if(dest->GetNumRemoteLeaseSets())
 		{
-			s << "<div class='slide'\r\n><label for='slide1'><b>LeaseSets:</b> <i>" << dest->GetNumRemoteLeaseSets () << "</i></label>\r\n<input type='checkbox' id='slide1'/>\r\n<p class='content'>\r\n";
+			s << "<div class='slide'><label for='slide-lease'><b>LeaseSets:</b> <i>" << dest->GetNumRemoteLeaseSets () << "</i></label>\r\n<input type='checkbox' id='slide-lease'/>\r\n<p class='content'>\r\n";
 			for(auto& it: dest->GetLeaseSets ())
 				s << it.second->GetIdentHash ().ToBase32 () << "<br>\r\n";
 			s << "</p>\r\n</div>\r\n";
@@ -332,7 +343,7 @@ namespace http {
 				it->Print(s);
 				if(it->LatencyIsKnown())
 					s << " ( " << it->GetMeanLatency() << "ms )";
-				ShowTunnelDetails(s, it->GetState (), it->GetNumReceivedBytes ());
+				ShowTunnelDetails(s, it->GetState (), false, it->GetNumReceivedBytes ());
 			}
 			s << "<br>\r\n";
 			s << "<b>Outbound tunnels:</b><br>\r\n";
@@ -340,17 +351,19 @@ namespace http {
 				it->Print(s);
 				if(it->LatencyIsKnown())
 					s << " ( " << it->GetMeanLatency() << "ms )";
-				ShowTunnelDetails(s, it->GetState (), it->GetNumSentBytes ());
+				ShowTunnelDetails(s, it->GetState (), false, it->GetNumSentBytes ());
 			}
 		}
 		s << "<br>\r\n";
-		s << "<b>Tags</b><br>Incoming: " << dest->GetNumIncomingTags () << "<br>Outgoing:<br>" << std::endl;
+		s << "<b>Tags</b><br>Incoming: <i>" << dest->GetNumIncomingTags () << "</i><br>";
-		for (const auto& it: dest->GetSessions ())
+		if (!dest->GetSessions ().empty ()) {
-		{
+			s << "<div class='slide'><label for='slide-tags'>Outgoing:</label>\r\n<input type='checkbox' id='slide-tags'/>\r\n<p class='content'>\r\n";
-			s << i2p::client::context.GetAddressBook ().ToAddress(it.first) << " ";
+			for (const auto& it: dest->GetSessions ())
-			s << it.second->GetNumOutgoingTags () << "<br>" << std::endl;
+				s << i2p::client::context.GetAddressBook ().ToAddress(it.first) << " " << it.second->GetNumOutgoingTags () << "<br>\r\n";
-		}
+			s << "</p>\r\n</div>\r\n";
-		s << "<br>" << std::endl;
+		} else
+			s << "Outgoing: <i>0</i><br>\r\n";
+		s << "<br>\r\n";
 	}
 
 	void ShowLocalDestination (std::stringstream& s, const std::string& b32)
@@ -363,7 +376,7 @@ namespace http {
 		{
 			ShowLeaseSetDestination (s, dest);
 			// show streams
-			s << "<br>\r\n<table><caption>Streams</caption><tr>";
+			s << "<table><caption>Streams</caption>\r\n<tr>";
 			s << "<th>StreamID</th>";
 			s << "<th>Destination</th>";
 			s << "<th>Sent</th>";
@@ -374,7 +387,7 @@ namespace http {
 			s << "<th>RTT</th>";
 			s << "<th>Window</th>";
 			s << "<th>Status</th>";
-			s << "</tr>";
+			s << "</tr>\r\n";
 
 			for (const auto& it: dest->GetAllStreams ())
 			{
@@ -389,8 +402,8 @@ namespace http {
 				s << "<td>" << it->GetRTT () << "</td>";
 				s << "<td>" << it->GetWindowSize () << "</td>";
 				s << "<td>" << (int)it->GetStatus () << "</td>";
-				s << "</tr><br>\r\n" << std::endl;
+				s << "</tr>\r\n";
-		}
+			}
 			s << "</table>";
 		}
 	}
@@ -449,12 +462,14 @@ namespace http {
 		s << "<b>Tunnels:</b><br>\r\n<br>\r\n";
 		s << "<b>Queue size:</b> " << i2p::tunnel::tunnels.GetQueueSize () << "<br>\r\n";
 
+		auto ExplPool = i2p::tunnel::tunnels.GetExploratoryPool ();
+
 		s << "<b>Inbound tunnels:</b><br>\r\n";
 		for (auto & it : i2p::tunnel::tunnels.GetInboundTunnels ()) {
 			it->Print(s);
 			if(it->LatencyIsKnown())
 				s << " ( " << it->GetMeanLatency() << "ms )";
-			ShowTunnelDetails(s, it->GetState (), it->GetNumReceivedBytes ());
+			ShowTunnelDetails(s, it->GetState (), (it->GetTunnelPool () == ExplPool), it->GetNumReceivedBytes ());
 		}
 		s << "<br>\r\n";
 		s << "<b>Outbound tunnels:</b><br>\r\n";
@@ -462,7 +477,7 @@ namespace http {
 			it->Print(s);
 			if(it->LatencyIsKnown())
 				s << " ( " << it->GetMeanLatency() << "ms )";
-			ShowTunnelDetails(s, it->GetState (), it->GetNumSentBytes ());
+			ShowTunnelDetails(s, it->GetState (), (it->GetTunnelPool () == ExplPool), it->GetNumSentBytes ());
 		}
 		s << "<br>\r\n";
 	}
@@ -489,6 +504,13 @@ namespace http {
 			s << "  <a href=\"/?cmd=" << HTTP_COMMAND_SHUTDOWN_START << "&token=" << token << "\">Graceful shutdown</a><br>\r\n";
 #endif
 		s << "  <a href=\"/?cmd=" << HTTP_COMMAND_SHUTDOWN_NOW << "&token=" << token << "\">Force shutdown</a><br>\r\n";
+		
+		s << "<br>\r\n<b>Logging level</b><br>\r\n";
+		s << "  <a href=\"/?cmd=" << HTTP_COMMAND_LOGLEVEL << "&level=none&token=" << token << "\">[none]</a> ";
+		s << "  <a href=\"/?cmd=" << HTTP_COMMAND_LOGLEVEL << "&level=error&token=" << token << "\">[error]</a> ";
+		s << "  <a href=\"/?cmd=" << HTTP_COMMAND_LOGLEVEL << "&level=warn&token=" << token << "\">[warn]</a> ";
+		s << "  <a href=\"/?cmd=" << HTTP_COMMAND_LOGLEVEL << "&level=info&token=" << token << "\">[info]</a> ";
+		s << "  <a href=\"/?cmd=" << HTTP_COMMAND_LOGLEVEL << "&level=debug&token=" << token << "\">[debug]</a><br>\r\n";
 	}
 
 	void ShowTransitTunnels (std::stringstream& s)
@@ -542,12 +564,12 @@ namespace http {
 				}
 				if (!tmp_s.str ().empty ())
 				{
-					s << "<div class='slide'\r\n><label for='slide_ntcp'><b>NTCP</b> ( " << cnt << " )</label>\r\n<input type='checkbox' id='slide_ntcp'/>\r\n<p class='content'>";
+					s << "<div class='slide'><label for='slide_ntcp'><b>NTCP</b> ( " << cnt << " )</label>\r\n<input type='checkbox' id='slide_ntcp'/>\r\n<p class='content'>";
 					s << tmp_s.str () << "</p>\r\n</div>\r\n";
 				}
 				if (!tmp_s6.str ().empty ())
 				{
-					s << "<div class='slide'\r\n><label for='slide_ntcp6'><b>NTCP6</b> ( " << cnt6 << " )</label>\r\n<input type='checkbox' id='slide_ntcp6'/>\r\n<p class='content'>";
+					s << "<div class='slide'><label for='slide_ntcp6'><b>NTCP6</b> ( " << cnt6 << " )</label>\r\n<input type='checkbox' id='slide_ntcp6'/>\r\n<p class='content'>";
 					s << tmp_s6.str () << "</p>\r\n</div>\r\n";
 				}
 			}
@@ -558,7 +580,7 @@ namespace http {
 			auto sessions = ssuServer->GetSessions ();
 			if (!sessions.empty ())
 			{
-				s << "<div class='slide'\r\n><label for='slide_ssu'><b>SSU</b> ( " << (int) sessions.size() << " )</label>\r\n<input type='checkbox' id='slide_ssu'/>\r\n<p class='content'>";
+				s << "<div class='slide'><label for='slide_ssu'><b>SSU</b> ( " << (int) sessions.size() << " )</label>\r\n<input type='checkbox' id='slide_ssu'/>\r\n<p class='content'>";
 				for (const auto& it: sessions)
 				{
 					auto endpoint = it.second->GetRemoteEndpoint ();
@@ -575,7 +597,7 @@ namespace http {
 			auto sessions6 = ssuServer->GetSessionsV6 ();
 			if (!sessions6.empty ())
 			{
-				s << "<div class='slide'\r\n><label for='slide_ssu6'><b>SSU6</b> ( " << (int) sessions6.size() << " )</label>\r\n<input type='checkbox' id='slide_ssu6'/>\r\n<p class='content'>";
+				s << "<div class='slide'><label for='slide_ssu6'><b>SSU6</b> ( " << (int) sessions6.size() << " )</label>\r\n<input type='checkbox' id='slide_ssu6'/>\r\n<p class='content'>";
 				for (const auto& it: sessions6)
 				{
 					auto endpoint = it.second->GetRemoteEndpoint ();
@@ -711,7 +733,7 @@ namespace http {
 	}
 
 	HTTPConnection::HTTPConnection (std::shared_ptr<boost::asio::ip::tcp::socket> socket):
-				m_Socket (socket), m_Timer (socket->get_io_service ()), m_BufferLen (0)
+		m_Socket (socket), m_Timer (socket->get_io_service ()), m_BufferLen (0)
 	{
 		/* cache options */
 		i2p::config::GetOption("http.auth", needAuth);
@@ -926,6 +948,9 @@ namespace http {
 #else
 			i2p::win32::StopWin32App ();
 #endif
+		} else if (cmd == HTTP_COMMAND_LOGLEVEL){
+			std::string level = params["level"];
+			SetLogLevel (level);
 		} else {
 			res.code = 400;
 			ShowError(s, "Unknown command: " + cmd);

debian/changelog

@@ -1,3 +1,9 @@
+i2pd (2.17.0-1) unstable; urgency=low
+
+  * updated to version 2.17.0/0.9.32
+
+ -- orignal <orignal@i2pmail.org>  Mon, 4 Dec 2017 18:00:00 +0000
+
 i2pd (2.16.0-1) unstable; urgency=low
 
   * updated to version 2.16.0/0.9.32

libi2pd/Destination.cpp

@@ -283,7 +283,7 @@ namespace client
 			break;
 			case eI2NPDeliveryStatus:
 				// we assume tunnel tests non-encrypted
-				HandleDeliveryStatusMessage (CreateI2NPMessage (buf, GetI2NPMessageLength (buf), from));
+				HandleDeliveryStatusMessage (CreateI2NPMessage (buf, GetI2NPMessageLength (buf, len), from));
 			break;
 			case eI2NPDatabaseStore:
 				HandleDatabaseStoreMessage (buf + I2NP_HEADER_SIZE, bufbe16toh (buf + I2NP_HEADER_SIZE_OFFSET));
@@ -292,7 +292,7 @@ namespace client
 				HandleDatabaseSearchReplyMessage (buf + I2NP_HEADER_SIZE, bufbe16toh (buf + I2NP_HEADER_SIZE_OFFSET));
 			break;
 			default:
-				i2p::HandleI2NPMessage (CreateI2NPMessage (buf, GetI2NPMessageLength (buf), from));
+				i2p::HandleI2NPMessage (CreateI2NPMessage (buf, GetI2NPMessageLength (buf, len), from));
 		}
 	}
 

libi2pd/Garlic.cpp

@@ -512,12 +512,17 @@ namespace garlic
 
 	void GarlicDestination::HandleGarlicPayload (uint8_t * buf, size_t len, std::shared_ptr<i2p::tunnel::InboundTunnel> from)
 	{
-		const uint8_t * buf1 = buf;
+		if (len < 1)
+		{
+			LogPrint (eLogError, "Garlic: payload is too short");
+			return;
+		}
 		int numCloves = buf[0];
 		LogPrint (eLogDebug, "Garlic: ", numCloves," cloves");
-		buf++;
+		buf++; len--;
 		for (int i = 0; i < numCloves; i++)
 		{
+			const uint8_t * buf1 = buf;
 			// delivery instructions
 			uint8_t flag = buf[0];
 			buf++; // flag
@@ -527,17 +532,29 @@ namespace garlic
 				LogPrint (eLogWarning, "Garlic: clove encrypted");
 				buf += 32; 
 			}	
+			ptrdiff_t offset = buf - buf1;
 			GarlicDeliveryType deliveryType = (GarlicDeliveryType)((flag >> 5) & 0x03);
 			switch (deliveryType)
 			{
 				case eGarlicDeliveryTypeLocal:
 					LogPrint (eLogDebug, "Garlic: type local");
-					HandleI2NPMessage (buf, len, from);
+					if (offset > (int)len)
+					{
+						LogPrint (eLogError, "Garlic: message is too short");
+						break;
+					}	
+					HandleI2NPMessage (buf, len - offset, from);
 				break;	
 				case eGarlicDeliveryTypeDestination:	
 					LogPrint (eLogDebug, "Garlic: type destination");
 					buf += 32; // destination. check it later or for multiple destinations
-					HandleI2NPMessage (buf, len, from);
+					offset = buf1 - buf;
+					if (offset > (int)len)
+					{
+						LogPrint (eLogError, "Garlic: message is too short");
+						break;
+					}	
+					HandleI2NPMessage (buf, len - offset, from);		
 				break;
 				case eGarlicDeliveryTypeTunnel:
 				{	
@@ -545,9 +562,15 @@ namespace garlic
 					// gwHash and gwTunnel sequence is reverted
 					uint8_t * gwHash = buf;
 					buf += 32;
+					offset = buf1 - buf;
+					if (offset + 4 > (int)len)
+					{
+						LogPrint (eLogError, "Garlic: message is too short");
+						break;
+					}
 					uint32_t gwTunnel = bufbe32toh (buf);
-					buf += 4;
+					buf += 4; offset += 4;
-					auto msg = CreateI2NPMessage (buf, GetI2NPMessageLength (buf), from);
+					auto msg = CreateI2NPMessage (buf, GetI2NPMessageLength (buf, len - offset), from);
 					if (from) // received through an inbound tunnel
 					{
 						std::shared_ptr<i2p::tunnel::OutboundTunnel> tunnel;
@@ -568,9 +591,17 @@ namespace garlic
 				{
 					uint8_t * ident = buf;
 					buf += 32;
+					offset = buf1 - buf;	
 					if (!from) // received directly
+					{
+						if (offset > (int)len)
+						{
+							LogPrint (eLogError, "Garlic: message is too short");
+							break;
+						}
 						i2p::transport::transports.SendMessage (ident,
-							CreateI2NPMessage (buf, GetI2NPMessageLength (buf)));
+							CreateI2NPMessage (buf, GetI2NPMessageLength (buf, len - offset)));
+					}
 					else
 						LogPrint (eLogWarning, "Garlic: type router for inbound tunnels not supported");
 					break;	
@@ -578,15 +609,22 @@ namespace garlic
 				default:
 					LogPrint (eLogWarning, "Garlic: unknown delivery type ", (int)deliveryType);
 			}
-			buf += GetI2NPMessageLength (buf); //  I2NP
+			if (offset > (int)len)
+			{
+				LogPrint (eLogError, "Garlic: message is too short");
+				break;
+			}
+			buf += GetI2NPMessageLength (buf, len - offset); //  I2NP
 			buf += 4; // CloveID
 			buf += 8; // Date
 			buf += 3; // Certificate
-			if (buf - buf1  > (int)len)
+			offset = buf1 - buf;
+			if (offset > (int)len)
 			{
 				LogPrint (eLogError, "Garlic: clove is too long");
 				break;
 			}	
+			len -= offset;
 		}	
 	}	
 	

libi2pd/I2NPProtocol.cpp

@@ -546,18 +546,40 @@ namespace i2p
 		return msg;
 	}	
 
-	size_t GetI2NPMessageLength (const uint8_t * msg)
+	size_t GetI2NPMessageLength (const uint8_t * msg, size_t len)
 	{
-		return bufbe16toh (msg + I2NP_HEADER_SIZE_OFFSET) + I2NP_HEADER_SIZE;
+		if (len < I2NP_HEADER_SIZE_OFFSET + 2)
+		{
+			LogPrint (eLogError, "I2NP: message length ", len, " is smaller than header");
+			return len;
+		}		
+		auto l = bufbe16toh (msg + I2NP_HEADER_SIZE_OFFSET) + I2NP_HEADER_SIZE;
+		if (l > len)
+		{
+			LogPrint (eLogError, "I2NP: message length ", l, " exceeds buffer length ", len);
+			l = len;
+		}	
+		return l;
 	}	
 	
 	void HandleI2NPMessage (uint8_t * msg, size_t len)
 	{
+		if (len < I2NP_HEADER_SIZE)
+		{
+			LogPrint (eLogError, "I2NP: message length ", len, " is smaller than header");
+			return;
+		}	
 		uint8_t typeID = msg[I2NP_HEADER_TYPEID_OFFSET];
 		uint32_t msgID = bufbe32toh (msg + I2NP_HEADER_MSGID_OFFSET);	
 		LogPrint (eLogDebug, "I2NP: msg received len=", len,", type=", (int)typeID, ", msgID=", (unsigned int)msgID);
 		uint8_t * buf = msg + I2NP_HEADER_SIZE;
-		int size = bufbe16toh (msg + I2NP_HEADER_SIZE_OFFSET);
+		auto size = bufbe16toh (msg + I2NP_HEADER_SIZE_OFFSET);
+		len -= I2NP_HEADER_SIZE;
+		if (size > len)
+		{
+			LogPrint (eLogError, "I2NP: payload size ", size, " exceeds buffer length ", len);
+			size = len;
+		}
 		switch (typeID)
 		{	
 			case eI2NPVariableTunnelBuild:

libi2pd/I2NPProtocol.h

@@ -243,7 +243,7 @@ namespace tunnel
 		const uint8_t * buf, size_t len, uint32_t replyMsgID = 0);
 	std::shared_ptr<I2NPMessage> CreateTunnelGatewayMsg (uint32_t tunnelID, std::shared_ptr<I2NPMessage> msg);
 
-	size_t GetI2NPMessageLength (const uint8_t * msg);
+	size_t GetI2NPMessageLength (const uint8_t * msg, size_t len);
 	void HandleI2NPMessage (uint8_t * msg, size_t len);
 	void HandleI2NPMessage (std::shared_ptr<I2NPMessage> msg);
 

libi2pd/RouterContext.cpp

@@ -454,7 +454,7 @@ namespace i2p
 
 	void RouterContext::HandleI2NPMessage (const uint8_t * buf, size_t len, std::shared_ptr<i2p::tunnel::InboundTunnel> from)
 	{
-		i2p::HandleI2NPMessage (CreateI2NPMessage (buf, GetI2NPMessageLength (buf), from));
+		i2p::HandleI2NPMessage (CreateI2NPMessage (buf, GetI2NPMessageLength (buf, len), from));
 	}
 
 	void RouterContext::ProcessGarlicMessage (std::shared_ptr<I2NPMessage> msg)

libi2pd/version.h

@@ -7,7 +7,7 @@
 #define MAKE_VERSION(a,b,c) STRINGIZE(a) "." STRINGIZE(b) "." STRINGIZE(c)
 
 #define I2PD_VERSION_MAJOR 2
-#define I2PD_VERSION_MINOR 16
+#define I2PD_VERSION_MINOR 17
 #define I2PD_VERSION_MICRO 0
 #define I2PD_VERSION_PATCH 0
 #define I2PD_VERSION MAKE_VERSION(I2PD_VERSION_MAJOR, I2PD_VERSION_MINOR, I2PD_VERSION_MICRO)

libi2pd_client/BOB.cpp

@@ -433,8 +433,29 @@ namespace client
 
 	void BOBCommandSession::NewkeysCommandHandler (const char * operand, size_t len)
 	{
-		LogPrint (eLogDebug, "BOB: newkeys");
+		LogPrint (eLogDebug, "BOB: newkeys");	
-		m_Keys = i2p::data::PrivateKeys::CreateRandomKeys ();
+		i2p::data::SigningKeyType signatureType = i2p::data::SIGNING_KEY_TYPE_DSA_SHA1;
+		i2p::data::CryptoKeyType cryptoType = i2p::data::CRYPTO_KEY_TYPE_ELGAMAL;
+		if (*operand)
+		{
+			try
+			{
+				char * operand1 = (char *)strchr (operand, ' ');
+				if (operand1) 
+				{
+					*operand1 = 0; operand1++;
+					cryptoType = std::stoi(operand1);
+				}
+				signatureType = std::stoi(operand);	
+			}
+			catch (std::invalid_argument& ex)
+			{
+				LogPrint (eLogWarning, "BOB: newkeys ", ex.what ());
+			}
+		}	
+		
+			
+		m_Keys = i2p::data::PrivateKeys::CreateRandomKeys (signatureType, cryptoType);
 		SendReplyOK (m_Keys.GetPublic ()->ToBase64 ().c_str ());
 	}	
 

qt/i2pd_qt/android/AndroidManifest.xml

@@ -1,5 +1,5 @@
 <?xml version="1.0"?>
-<manifest package="org.purplei2p.i2pd" xmlns:android="http://schemas.android.com/apk/res/android" android:versionName="2.16.0" android:versionCode="2" android:installLocation="auto">
+<manifest package="org.purplei2p.i2pd" xmlns:android="http://schemas.android.com/apk/res/android" android:versionName="2.17.0" android:versionCode="2" android:installLocation="auto">
     <uses-sdk android:minSdkVersion="11" android:targetSdkVersion="23"/>
         <supports-screens android:largeScreens="true" android:normalScreens="true" android:anyDensity="true" android:smallScreens="true"/>
     <!-- <application android:hardwareAccelerated="true" -->