Validate mki index when looking up keys

If the mki index is not valid then a NULL session
key should be returned not just defaulting to first.
This allows the protect functions to return
with error bad mki.

1 files changed, 9 insertions, 2 deletions

diff --git a/srtp/srtp.c b/srtp/srtp.c
index 70a93a0..1c449fe 100644
--- a/srtp/srtp.c
+++ b/srtp/srtp.c
@@ -800,9 +800,10 @@ srtp_session_keys_t *srtp_get_session_keys_with_mki_index(
     unsigned int mki_index)
 {
     if (use_mki) {
-        if (mki_index < stream->num_master_keys) {
-            return &stream->session_keys[mki_index];
+        if (mki_index >= stream->num_master_keys) {
+            return NULL;
         }
+        return &stream->session_keys[mki_index];
     }
 
     return &stream->session_keys[0];
@@ -2123,6 +2124,9 @@ srtp_err_status_t srtp_protect_mki(srtp_ctx_t *ctx,
     session_keys =
         srtp_get_session_keys_with_mki_index(stream, use_mki, mki_index);
 
+    if (session_keys == NULL)
+        return srtp_err_status_bad_mki;
+
     /*
      * Check if this is an AEAD stream (GCM mode).  If so, then dispatch
      * the request to our AEAD handler.
@@ -3927,6 +3931,9 @@ srtp_err_status_t srtp_protect_rtcp_mki(srtp_t ctx,
     session_keys =
         srtp_get_session_keys_with_mki_index(stream, use_mki, mki_index);
 
+    if (session_keys == NULL)
+        return srtp_err_status_bad_mki;
+
     /*
      * Check if this is an AEAD stream (GCM mode).  If so, then dispatch
      * the request to our AEAD handler.