rpms / libsrtp

Clone
Source Code
GIT

Blame SOURCES/libsrtp-CVE-2015-6360.patch

c4 c5 c5-plus c6 c6-plus c7 c7-beta c8 c8-beta c8s c9 c9-beta
  1.   98e5b525f671564bc5ca6e3f67cc61aee4a5b833
  2.   SOURCES
  3.   libsrtp-CVE-2015-6360.patch
Blob History Raw
98e5b5 
diff --git a/srtp/srtp.c b/srtp/srtp.c
98e5b5 
index 7e6d9e5..3722fc1 100644
98e5b5 
--- a/srtp/srtp.c
98e5b5 
+++ b/srtp/srtp.c
98e5b5 
@@ -1076,6 +1076,8 @@ srtp_unprotect(srtp_ctx_t *ctx, void *srtp_hdr, int *pkt_octet_len) {
98e5b5 
       srtp_hdr_xtnd_t *xtn_hdr = (srtp_hdr_xtnd_t *)enc_start;
98e5b5 
       enc_start += (ntohs(xtn_hdr->length) + 1);
98e5b5 
     }
98e5b5 
+    if (!((uint8_t*)enc_start < (uint8_t*)hdr + (*pkt_octet_len - tag_len)))
98e5b5 
+        return err_status_parse_err;
98e5b5 
     enc_octet_len = (uint32_t)(*pkt_octet_len - tag_len
98e5b5 
 			       - ((enc_start - (uint32_t *)hdr) << 2));
98e5b5 
   } else {

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation