srtp: Improve the minimum encryption buffer size check

This clarifies where the limit number comes from, and only requires exactly as much padding space as will be needed. Signed-off-by: Martin Storsjö <martin@martin.st>

srtp: Improve the minimum encryption buffer size check
This clarifies where the limit number comes from, and only requires exactly as much padding space as will be needed. Signed-off-by: Martin Storsjö <martin@martin.st>
a2a991b2 · Martin Storsjö · e1d0b3d8 · a2a991b2
Commit a2a991b2 authored Jan 18, 2013 by Martin Storsjö
Hide whitespace changes
Inline Side-by-side

Showing with 10 additions and 6 deletions

srtp.c libavformat/srtp.c +10 -6

No files found.
--- a/libavformat/srtp.c
+++ b/libavformat/srtp.c
@@ -240,20 +240,24 @@ int ff_srtp_encrypt(struct SRTPContext *s, const uint8_t *in, int len,
    uint8_t iv[16] = { 0 }, hmac[20];
    uint64_t index;
    uint32_t ssrc;
-    int rtcp, hmac_size;
+    int rtcp, hmac_size, padding;
    uint8_t *buf;

-    if (len + 14 > outlen)
-        return 0;
    if (len < 12)
        return 0;

+    rtcp = RTP_PT_IS_RTCP(in[1]);
+    hmac_size = rtcp ? s->rtcp_hmac_size : s->rtp_hmac_size;
+    padding = hmac_size;
+    if (rtcp)
+        padding += 4; // For the RTCP index
+
+    if (len + padding > outlen)
+        return 0;
+
    memcpy(out, in, len);
    buf = out;

-    rtcp = RTP_PT_IS_RTCP(buf[1]);
-    hmac_size = rtcp ? s->rtcp_hmac_size : s->rtp_hmac_size;
-
    if (rtcp) {
        ssrc = AV_RB32(buf + 4);
        index = s->rtcp_index++;