Commit f832dd02 authored by Rémi Denis-Courmont's avatar Rémi Denis-Courmont

SRTP: integer overflow

(cherry picked from commit ab9f28ff688eae845bc2deb62bf50072d4a4690b)
parent 7e421f7c
...@@ -496,7 +496,7 @@ static int srtp_crypt (srtp_session_t *s, uint8_t *buf, size_t len) ...@@ -496,7 +496,7 @@ static int srtp_crypt (srtp_session_t *s, uint8_t *buf, size_t len)
{ {
/* Sequence in the future, good */ /* Sequence in the future, good */
s->rtp.window = s->rtp.window << diff; s->rtp.window = s->rtp.window << diff;
s->rtp.window |= 1; s->rtp.window |= UINT64_C(1);
s->rtp_seq = seq, s->rtp_roc = roc; s->rtp_seq = seq, s->rtp_roc = roc;
} }
else else
...@@ -505,7 +505,7 @@ static int srtp_crypt (srtp_session_t *s, uint8_t *buf, size_t len) ...@@ -505,7 +505,7 @@ static int srtp_crypt (srtp_session_t *s, uint8_t *buf, size_t len)
diff = -diff; diff = -diff;
if ((diff >= 64) || ((s->rtp.window >> diff) & 1)) if ((diff >= 64) || ((s->rtp.window >> diff) & 1))
return EACCES; /* Replay attack */ return EACCES; /* Replay attack */
s->rtp.window |= 1 << diff; s->rtp.window |= UINT64_C(1) << diff;
} }
/* Encrypt/Decrypt */ /* Encrypt/Decrypt */
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment