srtp: Don't require more input data than what actually is needed

The theoretical minimum for a (not totally well formed) RTCP packet is 8 bytes, so we shouldn't require 12 bytes as minimum input. Also return AVERROR_INVALIDDATA instead of 0 if something that is not a proper packet is given. Signed-off-by: Martin Storsjö <martin@martin.st>
author: Martin Storsjö <martin@martin.st> 2013-01-18 12:35:31 +0200
committer: Martin Storsjö <martin@martin.st> 2013-01-21 00:13:43 +0200
commit: b4bb1d493c44853e0140b26eb2c0bbaac15e0db3 (patch)
tree: 6591fd30801318e4884e30f95c790e1bd562ec97 /libavformat/srtp.c
parent: a2a991b2ddf951454ffceb7bcedc9db93e26c610 (diff)
1 files changed, 6 insertions, 2 deletions
diff --git a/libavformat/srtp.c b/libavformat/srtp.c
index 192285fc98..d826b4e9bc 100644
--- a/libavformat/srtp.c
+++ b/libavformat/srtp.c
@@ -243,8 +243,8 @@ int ff_srtp_encrypt(struct SRTPContext *s, const uint8_t *in, int len,
     int rtcp, hmac_size, padding;
     uint8_t *buf;
 
-    if (len < 12)
-        return 0;
+    if (len < 8)
+        return AVERROR_INVALIDDATA;
 
     rtcp = RTP_PT_IS_RTCP(in[1]);
     hmac_size = rtcp ? s->rtcp_hmac_size : s->rtp_hmac_size;
@@ -267,6 +267,10 @@ int ff_srtp_encrypt(struct SRTPContext *s, const uint8_t *in, int len,
     } else {
         int ext, csrc;
         int seq = AV_RB16(buf + 2);
+
+        if (len < 12)
+            return AVERROR_INVALIDDATA;
+
         ssrc = AV_RB32(buf + 8);
 
         if (seq < s->seq_largest)
author	Martin Storsjö <martin@martin.st>	2013-01-18 12:35:31 +0200
committer	Martin Storsjö <martin@martin.st>	2013-01-21 00:13:43 +0200
commit	b4bb1d493c44853e0140b26eb2c0bbaac15e0db3 (patch)
tree	6591fd30801318e4884e30f95c790e1bd562ec97 /libavformat/srtp.c
parent	a2a991b2ddf951454ffceb7bcedc9db93e26c610 (diff)