rpms / libsrtp

Clone
Source Code
GIT

Files

  1.   08d52a93c8dde3d00dd097ad9ba0d75bd246fc26
  2.   SOURCES
  3.   libsrtp-CVE-2015-6360.patch
Blob Blame History Raw 
diff --git a/srtp/srtp.c b/srtp/srtp.c
index 7e6d9e5..3722fc1 100644
--- a/srtp/srtp.c
+++ b/srtp/srtp.c
@@ -1076,6 +1076,8 @@ srtp_unprotect(srtp_ctx_t *ctx, void *srtp_hdr, int *pkt_octet_len) {
       srtp_hdr_xtnd_t *xtn_hdr = (srtp_hdr_xtnd_t *)enc_start;
       enc_start += (ntohs(xtn_hdr->length) + 1);
     }  
+    if (!((uint8_t*)enc_start < (uint8_t*)hdr + (*pkt_octet_len - tag_len)))
+        return err_status_parse_err;
     enc_octet_len = (uint32_t)(*pkt_octet_len - tag_len 
 			       - ((enc_start - (uint32_t *)hdr) << 2));
   } else {

Powered by Pagure 5.13.3

SSH Hostkey/Fingerprint | Documentation