Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
V
vlc-2-2
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Redmine
Redmine
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Operations
Operations
Metrics
Environments
Analytics
Analytics
CI / CD
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
videolan
vlc-2-2
Commits
da9a1a29
Commit
da9a1a29
authored
Nov 15, 2014
by
Rémi Denis-Courmont
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
SRTP: integer overflow
(cherry picked from commit e76f990e0ba00a9f573c23627ecd66cb9ae9bdd5)
parent
f832dd02
Changes
1
Hide whitespace changes
Inline
Side-by-side
Showing
1 changed file
with
2 additions
and
2 deletions
+2
-2
modules/access/rtp/srtp.c
modules/access/rtp/srtp.c
+2
-2
No files found.
modules/access/rtp/srtp.c
View file @
da9a1a29
...
@@ -738,7 +738,7 @@ static int srtcp_crypt (srtp_session_t *s, uint8_t *buf, size_t len)
...
@@ -738,7 +738,7 @@ static int srtcp_crypt (srtp_session_t *s, uint8_t *buf, size_t len)
{
{
/* Packet in the future, good */
/* Packet in the future, good */
s
->
rtcp
.
window
=
s
->
rtcp
.
window
<<
diff
;
s
->
rtcp
.
window
=
s
->
rtcp
.
window
<<
diff
;
s
->
rtcp
.
window
|=
1
;
s
->
rtcp
.
window
|=
UINT64_C
(
1
)
;
s
->
rtcp_index
=
index
;
s
->
rtcp_index
=
index
;
}
}
else
else
...
@@ -747,7 +747,7 @@ static int srtcp_crypt (srtp_session_t *s, uint8_t *buf, size_t len)
...
@@ -747,7 +747,7 @@ static int srtcp_crypt (srtp_session_t *s, uint8_t *buf, size_t len)
diff
=
-
diff
;
diff
=
-
diff
;
if
((
diff
>=
64
)
||
((
s
->
rtcp
.
window
>>
diff
)
&
1
))
if
((
diff
>=
64
)
||
((
s
->
rtcp
.
window
>>
diff
)
&
1
))
return
EACCES
;
// replay attack!
return
EACCES
;
// replay attack!
s
->
rtp
.
window
|=
1
<<
diff
;
s
->
rtp
.
window
|=
UINT64_C
(
1
)
<<
diff
;
}
}
/* Crypts SRTCP */
/* Crypts SRTCP */
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment