From b4bb1d493c44853e0140b26eb2c0bbaac15e0db3 Mon Sep 17 00:00:00 2001
From: Martin Storsjö <martin@martin.st>
Date: Fri, 18 Jan 2013 12:35:31 +0200
Subject: srtp: Don't require more input data than what actually is needed
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

The theoretical minimum for a (not totally well formed) RTCP packet
is 8 bytes, so we shouldn't require 12 bytes as minimum input.

Also return AVERROR_INVALIDDATA instead of 0 if something that is
not a proper packet is given.

Signed-off-by: Martin Storsjö <martin@martin.st>
---
 libavformat/srtp.c | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

(limited to 'libavformat/srtp.c')

diff --git a/libavformat/srtp.c b/libavformat/srtp.c
index 192285fc98..d826b4e9bc 100644
--- a/libavformat/srtp.c
+++ b/libavformat/srtp.c
@@ -243,8 +243,8 @@ int ff_srtp_encrypt(struct SRTPContext *s, const uint8_t *in, int len,
     int rtcp, hmac_size, padding;
     uint8_t *buf;
 
-    if (len < 12)
-        return 0;
+    if (len < 8)
+        return AVERROR_INVALIDDATA;
 
     rtcp = RTP_PT_IS_RTCP(in[1]);
     hmac_size = rtcp ? s->rtcp_hmac_size : s->rtp_hmac_size;
@@ -267,6 +267,10 @@ int ff_srtp_encrypt(struct SRTPContext *s, const uint8_t *in, int len,
     } else {
         int ext, csrc;
         int seq = AV_RB16(buf + 2);
+
+        if (len < 12)
+            return AVERROR_INVALIDDATA;
+
         ssrc = AV_RB32(buf + 8);
 
         if (seq < s->seq_largest)
-- 
cgit v1.2.3