diff options
author | Martin Storsjö <martin@martin.st> | 2013-01-18 12:33:02 +0200 |
---|---|---|
committer | Martin Storsjö <martin@martin.st> | 2013-01-21 00:13:43 +0200 |
commit | a2a991b2ddf951454ffceb7bcedc9db93e26c610 (patch) | |
tree | 4833193e7703cdf16a558813ff8fd4a2d5e385f1 /libavformat/srtp.c | |
parent | e1d0b3d875a2ec713239eda2c3bd79249b9631c7 (diff) | |
download | ffmpeg-a2a991b2ddf951454ffceb7bcedc9db93e26c610.tar.gz |
srtp: Improve the minimum encryption buffer size check
This clarifies where the limit number comes from, and only
requires exactly as much padding space as will be needed.
Signed-off-by: Martin Storsjö <martin@martin.st>
Diffstat (limited to 'libavformat/srtp.c')
-rw-r--r-- | libavformat/srtp.c | 16 |
1 files changed, 10 insertions, 6 deletions
diff --git a/libavformat/srtp.c b/libavformat/srtp.c index d90f8bc618..192285fc98 100644 --- a/libavformat/srtp.c +++ b/libavformat/srtp.c @@ -240,20 +240,24 @@ int ff_srtp_encrypt(struct SRTPContext *s, const uint8_t *in, int len, uint8_t iv[16] = { 0 }, hmac[20]; uint64_t index; uint32_t ssrc; - int rtcp, hmac_size; + int rtcp, hmac_size, padding; uint8_t *buf; - if (len + 14 > outlen) - return 0; if (len < 12) return 0; + rtcp = RTP_PT_IS_RTCP(in[1]); + hmac_size = rtcp ? s->rtcp_hmac_size : s->rtp_hmac_size; + padding = hmac_size; + if (rtcp) + padding += 4; // For the RTCP index + + if (len + padding > outlen) + return 0; + memcpy(out, in, len); buf = out; - rtcp = RTP_PT_IS_RTCP(buf[1]); - hmac_size = rtcp ? s->rtcp_hmac_size : s->rtp_hmac_size; - if (rtcp) { ssrc = AV_RB32(buf + 4); index = s->rtcp_index++; |