From b4bb1d493c44853e0140b26eb2c0bbaac15e0db3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Martin=20Storsj=C3=B6?= Date: Fri, 18 Jan 2013 12:35:31 +0200 Subject: [PATCH 1/2] srtp: Don't require more input data than what actually is needed MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The theoretical minimum for a (not totally well formed) RTCP packet is 8 bytes, so we shouldn't require 12 bytes as minimum input. Also return AVERROR_INVALIDDATA instead of 0 if something that is not a proper packet is given. Signed-off-by: Martin Storsjö --- libavformat/srtp.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/libavformat/srtp.c b/libavformat/srtp.c index 192285fc98..d826b4e9bc 100644 --- a/libavformat/srtp.c +++ b/libavformat/srtp.c @@ -243,8 +243,8 @@ int ff_srtp_encrypt(struct SRTPContext *s, const uint8_t *in, int len, int rtcp, hmac_size, padding; uint8_t *buf; - if (len < 12) - return 0; + if (len < 8) + return AVERROR_INVALIDDATA; rtcp = RTP_PT_IS_RTCP(in[1]); hmac_size = rtcp ? s->rtcp_hmac_size : s->rtp_hmac_size; @@ -267,6 +267,10 @@ int ff_srtp_encrypt(struct SRTPContext *s, const uint8_t *in, int len, } else { int ext, csrc; int seq = AV_RB16(buf + 2); + + if (len < 12) + return AVERROR_INVALIDDATA; + ssrc = AV_RB32(buf + 8); if (seq < s->seq_largest) From 3ef6d22e1ba544ab37c73e8fc61382f13aac250f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Martin=20Storsj=C3=B6?= Date: Fri, 18 Jan 2013 13:46:16 +0200 Subject: [PATCH 2/2] srtp: cosmetics: Use fewer lines for the test vectors MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Martin Storsjö --- libavformat/srtp.c | 30 ++++++++---------------------- 1 file changed, 8 insertions(+), 22 deletions(-) diff --git a/libavformat/srtp.c b/libavformat/srtp.c index d826b4e9bc..0fa0d19671 100644 --- a/libavformat/srtp.c +++ b/libavformat/srtp.c @@ -330,9 +330,7 @@ static const char *aes128_80_key = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmn"; static const uint8_t rtp_aes128_80[] = { // RTP header - 0x80, 0xe0, 0x12, 0x34, - 0x12, 0x34, 0x56, 0x78, - 0x12, 0x34, 0x56, 0x78, + 0x80, 0xe0, 0x12, 0x34, 0x12, 0x34, 0x56, 0x78, 0x12, 0x34, 0x56, 0x78, // encrypted payload 0x62, 0x69, 0x76, 0xca, 0xc5, // HMAC @@ -341,15 +339,10 @@ static const uint8_t rtp_aes128_80[] = { static const uint8_t rtcp_aes128_80[] = { // RTCP header - 0x81, 0xc9, 0x00, 0x07, - 0x12, 0x34, 0x56, 0x78, + 0x81, 0xc9, 0x00, 0x07, 0x12, 0x34, 0x56, 0x78, // encrypted payload - 0x8a, 0xac, 0xdc, 0xa5, - 0x4c, 0xf6, 0x78, 0xa6, - 0x62, 0x8f, 0x24, 0xda, - 0x6c, 0x09, 0x3f, 0xa9, - 0x28, 0x7a, 0xb5, 0x7f, - 0x1f, 0x0f, 0xc9, 0x35, + 0x8a, 0xac, 0xdc, 0xa5, 0x4c, 0xf6, 0x78, 0xa6, 0x62, 0x8f, 0x24, 0xda, + 0x6c, 0x09, 0x3f, 0xa9, 0x28, 0x7a, 0xb5, 0x7f, 0x1f, 0x0f, 0xc9, 0x35, // RTCP index 0x80, 0x00, 0x00, 0x03, // HMAC @@ -360,9 +353,7 @@ static const char *aes128_32_key = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmn"; static const uint8_t rtp_aes128_32[] = { // RTP header - 0x80, 0xe0, 0x12, 0x34, - 0x12, 0x34, 0x56, 0x78, - 0x12, 0x34, 0x56, 0x78, + 0x80, 0xe0, 0x12, 0x34, 0x12, 0x34, 0x56, 0x78, 0x12, 0x34, 0x56, 0x78, // encrypted payload 0x62, 0x69, 0x76, 0xca, 0xc5, // HMAC @@ -371,15 +362,10 @@ static const uint8_t rtp_aes128_32[] = { static const uint8_t rtcp_aes128_32[] = { // RTCP header - 0x81, 0xc9, 0x00, 0x07, - 0x12, 0x34, 0x56, 0x78, + 0x81, 0xc9, 0x00, 0x07, 0x12, 0x34, 0x56, 0x78, // encrypted payload - 0x35, 0xe9, 0xb5, 0xff, - 0x0d, 0xd1, 0xde, 0x70, - 0x74, 0x10, 0xaa, 0x1b, - 0xb2, 0x8d, 0xf0, 0x20, - 0x02, 0x99, 0x6b, 0x1b, - 0x0b, 0xd0, 0x47, 0x34, + 0x35, 0xe9, 0xb5, 0xff, 0x0d, 0xd1, 0xde, 0x70, 0x74, 0x10, 0xaa, 0x1b, + 0xb2, 0x8d, 0xf0, 0x20, 0x02, 0x99, 0x6b, 0x1b, 0x0b, 0xd0, 0x47, 0x34, // RTCP index 0x80, 0x00, 0x00, 0x04, // HMAC