srtp: Don't require more input data than what actually is needed

The theoretical minimum for a (not totally well formed) RTCP packet is 8 bytes, so we shouldn't require 12 bytes as minimum input. Also return AVERROR_INVALIDDATA instead of 0 if something that is not a proper packet is given. Signed-off-by: Martin Storsjö <martin@martin.st>

srtp: Don't require more input data than what actually is needed
The theoretical minimum for a (not totally well formed) RTCP packet is 8 bytes, so we shouldn't require 12 bytes as minimum input. Also return AVERROR_INVALIDDATA instead of 0 if something that is not a proper packet is given. Signed-off-by: Martin Storsjö <martin@martin.st>
b4bb1d49 · Martin Storsjö · a2a991b2 · b4bb1d49
Commit b4bb1d49 authored Jan 18, 2013 by Martin Storsjö
Hide whitespace changes
Inline Side-by-side

Showing with 6 additions and 2 deletions

srtp.c libavformat/srtp.c +6 -2

No files found.
--- a/libavformat/srtp.c
+++ b/libavformat/srtp.c
@@ -243,8 +243,8 @@ int ff_srtp_encrypt(struct SRTPContext *s, const uint8_t *in, int len,
    int rtcp, hmac_size, padding;
    uint8_t *buf;

-    if (len < 12)
-        return 0;
+    if (len < 8)
+        return AVERROR_INVALIDDATA;

    rtcp = RTP_PT_IS_RTCP(in[1]);
    hmac_size = rtcp ? s->rtcp_hmac_size : s->rtp_hmac_size;
@@ -267,6 +267,10 @@ int ff_srtp_encrypt(struct SRTPContext *s, const uint8_t *in, int len,
    } else {
        int ext, csrc;
        int seq = AV_RB16(buf + 2);
+
+        if (len < 12)
+            return AVERROR_INVALIDDATA;
+
        ssrc = AV_RB32(buf + 8);

        if (seq < s->seq_largest)