aboutsummaryrefslogtreecommitdiffstats
path: root/libavformat/srtp.c
diff options
context:
space:
mode:
authorMartin Storsjö <martin@martin.st>2013-01-18 12:33:02 +0200
committerMartin Storsjö <martin@martin.st>2013-01-21 00:13:43 +0200
commita2a991b2ddf951454ffceb7bcedc9db93e26c610 (patch)
tree4833193e7703cdf16a558813ff8fd4a2d5e385f1 /libavformat/srtp.c
parente1d0b3d875a2ec713239eda2c3bd79249b9631c7 (diff)
downloadffmpeg-a2a991b2ddf951454ffceb7bcedc9db93e26c610.tar.gz
srtp: Improve the minimum encryption buffer size check
This clarifies where the limit number comes from, and only requires exactly as much padding space as will be needed. Signed-off-by: Martin Storsjö <martin@martin.st>
Diffstat (limited to 'libavformat/srtp.c')
-rw-r--r--libavformat/srtp.c16
1 files changed, 10 insertions, 6 deletions
diff --git a/libavformat/srtp.c b/libavformat/srtp.c
index d90f8bc618..192285fc98 100644
--- a/libavformat/srtp.c
+++ b/libavformat/srtp.c
@@ -240,20 +240,24 @@ int ff_srtp_encrypt(struct SRTPContext *s, const uint8_t *in, int len,
uint8_t iv[16] = { 0 }, hmac[20];
uint64_t index;
uint32_t ssrc;
- int rtcp, hmac_size;
+ int rtcp, hmac_size, padding;
uint8_t *buf;
- if (len + 14 > outlen)
- return 0;
if (len < 12)
return 0;
+ rtcp = RTP_PT_IS_RTCP(in[1]);
+ hmac_size = rtcp ? s->rtcp_hmac_size : s->rtp_hmac_size;
+ padding = hmac_size;
+ if (rtcp)
+ padding += 4; // For the RTCP index
+
+ if (len + padding > outlen)
+ return 0;
+
memcpy(out, in, len);
buf = out;
- rtcp = RTP_PT_IS_RTCP(buf[1]);
- hmac_size = rtcp ? s->rtcp_hmac_size : s->rtp_hmac_size;
-
if (rtcp) {
ssrc = AV_RB32(buf + 4);
index = s->rtcp_index++;