Commit bc3af7e7 authored by Rémi Denis-Courmont's avatar Rémi Denis-Courmont

SRTP: check buffer length before sequence

parent 74e39ff5
...@@ -600,17 +600,21 @@ int ...@@ -600,17 +600,21 @@ int
srtp_send (srtp_session_t *s, uint8_t *buf, size_t *lenp, size_t bufsize) srtp_send (srtp_session_t *s, uint8_t *buf, size_t *lenp, size_t bufsize)
{ {
size_t len = *lenp; size_t len = *lenp;
int val = srtp_crypt (s, buf, len); size_t tag_len = s->tag_len;
if (val)
return val;
if (!(s->flags & SRTP_UNAUTHENTICATED)) if (!(s->flags & SRTP_UNAUTHENTICATED))
{ {
size_t tag_len = s->tag_len;
*lenp = len + tag_len; *lenp = len + tag_len;
if (bufsize < (len + tag_len)) if (bufsize < (len + tag_len))
return ENOSPC; return ENOSPC;
}
int val = srtp_crypt (s, buf, len);
if (val)
return val;
if (!(s->flags & SRTP_UNAUTHENTICATED))
{
uint32_t roc = srtp_compute_roc (s, rtp_seq (buf)); uint32_t roc = srtp_compute_roc (s, rtp_seq (buf));
const uint8_t *tag = rtp_digest (s, buf, len, roc); const uint8_t *tag = rtp_digest (s, buf, len, roc);
if (rcc_mode (s)) if (rcc_mode (s))
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment