SRTP: check buffer length before sequence

bc3af7e7 · Rémi Denis-Courmont · 74e39ff5 · bc3af7e7
Commit bc3af7e7 authored Jun 15, 2008 by Rémi Denis-Courmont
Hide whitespace changes
Inline Side-by-side

Showing with 8 additions and 4 deletions

libs/srtp/srtp.c libs/srtp/srtp.c +8 -4

No files found.
--- a/libs/srtp/srtp.c
+++ b/libs/srtp/srtp.c
@@ -600,17 +600,21 @@ int
 srtp_send (srtp_session_t *s, uint8_t *buf, size_t *lenp, size_t bufsize)
 {
    size_t len = *lenp;
-    int val = srtp_crypt (s, buf, len);
-    if (val)
-        return val;
+    size_t tag_len = s->tag_len;

    if (!(s->flags & SRTP_UNAUTHENTICATED))
    {
-        size_t tag_len = s->tag_len;
        *lenp = len + tag_len;
        if (bufsize < (len + tag_len))
            return ENOSPC;
+    }
+
+    int val = srtp_crypt (s, buf, len);
+    if (val)
+        return val;

+    if (!(s->flags & SRTP_UNAUTHENTICATED))
+    {
        uint32_t roc = srtp_compute_roc (s, rtp_seq (buf));
        const uint8_t *tag = rtp_digest (s, buf, len, roc);
        if (rcc_mode (s))