Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
V
vlc-2-2
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Redmine
Redmine
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Operations
Operations
Metrics
Environments
Analytics
Analytics
CI / CD
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
videolan
vlc-2-2
Commits
f832dd02
Commit
f832dd02
authored
Nov 15, 2014
by
Rémi Denis-Courmont
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
SRTP: integer overflow
(cherry picked from commit ab9f28ff688eae845bc2deb62bf50072d4a4690b)
parent
7e421f7c
Changes
1
Hide whitespace changes
Inline
Side-by-side
Showing
1 changed file
with
2 additions
and
2 deletions
+2
-2
modules/access/rtp/srtp.c
modules/access/rtp/srtp.c
+2
-2
No files found.
modules/access/rtp/srtp.c
View file @
f832dd02
...
@@ -496,7 +496,7 @@ static int srtp_crypt (srtp_session_t *s, uint8_t *buf, size_t len)
...
@@ -496,7 +496,7 @@ static int srtp_crypt (srtp_session_t *s, uint8_t *buf, size_t len)
{
{
/* Sequence in the future, good */
/* Sequence in the future, good */
s
->
rtp
.
window
=
s
->
rtp
.
window
<<
diff
;
s
->
rtp
.
window
=
s
->
rtp
.
window
<<
diff
;
s
->
rtp
.
window
|=
1
;
s
->
rtp
.
window
|=
UINT64_C
(
1
)
;
s
->
rtp_seq
=
seq
,
s
->
rtp_roc
=
roc
;
s
->
rtp_seq
=
seq
,
s
->
rtp_roc
=
roc
;
}
}
else
else
...
@@ -505,7 +505,7 @@ static int srtp_crypt (srtp_session_t *s, uint8_t *buf, size_t len)
...
@@ -505,7 +505,7 @@ static int srtp_crypt (srtp_session_t *s, uint8_t *buf, size_t len)
diff
=
-
diff
;
diff
=
-
diff
;
if
((
diff
>=
64
)
||
((
s
->
rtp
.
window
>>
diff
)
&
1
))
if
((
diff
>=
64
)
||
((
s
->
rtp
.
window
>>
diff
)
&
1
))
return
EACCES
;
/* Replay attack */
return
EACCES
;
/* Replay attack */
s
->
rtp
.
window
|=
1
<<
diff
;
s
->
rtp
.
window
|=
UINT64_C
(
1
)
<<
diff
;
}
}
/* Encrypt/Decrypt */
/* Encrypt/Decrypt */
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment