diff options
author | Pascal Buhler <pabuhler@cisco.com> | 2018-02-07 23:57:58 +0100 |
---|---|---|
committer | Pascal Buhler <pabuhler@cisco.com> | 2018-02-09 11:33:34 +0100 |
commit | c995df45427efb149701548ea2d77a4d155b04e5 (patch) | |
tree | 1827ea07460a9e6c7ef1a2893be4640f348549cd /srtp | |
parent | 55626f32ff9ffe8beabc5511d5b94590236aa55a (diff) | |
download | libsrtp2-c995df45427efb149701548ea2d77a4d155b04e5.tar.gz |
Validate mki index when looking up keys
If the mki index is not valid then a NULL session
key should be returned not just defaulting to first.
This allows the protect functions to return
with error bad mki.
Diffstat (limited to 'srtp')
-rw-r--r-- | srtp/srtp.c | 11 |
1 files changed, 9 insertions, 2 deletions
diff --git a/srtp/srtp.c b/srtp/srtp.c index 70a93a0..1c449fe 100644 --- a/srtp/srtp.c +++ b/srtp/srtp.c @@ -800,9 +800,10 @@ srtp_session_keys_t *srtp_get_session_keys_with_mki_index( unsigned int mki_index) { if (use_mki) { - if (mki_index < stream->num_master_keys) { - return &stream->session_keys[mki_index]; + if (mki_index >= stream->num_master_keys) { + return NULL; } + return &stream->session_keys[mki_index]; } return &stream->session_keys[0]; @@ -2123,6 +2124,9 @@ srtp_err_status_t srtp_protect_mki(srtp_ctx_t *ctx, session_keys = srtp_get_session_keys_with_mki_index(stream, use_mki, mki_index); + if (session_keys == NULL) + return srtp_err_status_bad_mki; + /* * Check if this is an AEAD stream (GCM mode). If so, then dispatch * the request to our AEAD handler. @@ -3927,6 +3931,9 @@ srtp_err_status_t srtp_protect_rtcp_mki(srtp_t ctx, session_keys = srtp_get_session_keys_with_mki_index(stream, use_mki, mki_index); + if (session_keys == NULL) + return srtp_err_status_bad_mki; + /* * Check if this is an AEAD stream (GCM mode). If so, then dispatch * the request to our AEAD handler. |