diff options
Diffstat (limited to 'googlepatches/google-7-srtp-security-fix.patch')
-rw-r--r-- | googlepatches/google-7-srtp-security-fix.patch | 91 |
1 files changed, 91 insertions, 0 deletions
diff --git a/googlepatches/google-7-srtp-security-fix.patch b/googlepatches/google-7-srtp-security-fix.patch new file mode 100644 index 0000000..54e3e9e --- /dev/null +++ b/googlepatches/google-7-srtp-security-fix.patch @@ -0,0 +1,91 @@ +diff --git a/google3/third_party/libsrtp/crypto/include/integers.h b/google3/third_party/libsrtp/crypto/include/integers.h +index 7010efd..3515d13 100644 +--- a/google3/third_party/libsrtp/crypto/include/integers.h ++++ b/google3/third_party/libsrtp/crypto/include/integers.h +@@ -98,7 +98,6 @@ typedef unsigned short int uint16_t; + typedef unsigned int uint32_t; + #endif + +- + #ifdef NO_64BIT_MATH + typedef double uint64_t; + /* assert that sizeof(double) == 8 */ +diff --git a/google3/third_party/libsrtp/include/srtp.h b/google3/third_party/libsrtp/include/srtp.h +index 7f17853..bbaac95 100644 +--- a/google3/third_party/libsrtp/include/srtp.h ++++ b/google3/third_party/libsrtp/include/srtp.h +@@ -50,10 +50,6 @@ + extern "C" { + #endif + +-#ifdef _MSC_VER +-#pragma pack(4) +-#endif +- + #include "crypto_kernel.h" + + /** +@@ -930,10 +926,6 @@ srtp_install_event_handler(srtp_event_handler_func_t func); + #define SRTCP_E_BYTE_BIT 0x80 + #define SRTCP_INDEX_MASK 0x7fffffff + +-#ifdef _MSC_VER +-#pragma pack() +-#endif +- + #ifdef __cplusplus + } + #endif +diff --git a/google3/third_party/libsrtp/srtp/srtp.c b/google3/third_party/libsrtp/srtp/srtp.c +index 6010dd4..3fc52ee 100644 +--- a/google3/third_party/libsrtp/srtp/srtp.c ++++ b/google3/third_party/libsrtp/srtp/srtp.c +@@ -1657,6 +1657,8 @@ srtp_unprotect_rtcp(srtp_t ctx, void *srtcp_hdr, int *pkt_octet_len) { + srtp_stream_ctx_t *stream; + int prefix_len; + uint32_t seq_num; ++ int e_bit_in_packet; /* whether the E-bit was found in the packet */ ++ int sec_serv_confidentiality; /* whether confidentiality was requested */ + + /* we assume the hdr is 32-bit aligned to start */ + /* +@@ -1694,7 +1696,10 @@ srtp_unprotect_rtcp(srtp_t ctx, void *srtcp_hdr, int *pkt_octet_len) { + return err_status_no_ctx; + } + } +- ++ ++ sec_serv_confidentiality = stream->rtcp_services == sec_serv_conf || ++ stream->rtcp_services == sec_serv_conf_and_auth; ++ + /* get tag length from stream context */ + tag_len = auth_get_tag_length(stream->rtcp_auth); + +@@ -1714,8 +1719,12 @@ srtp_unprotect_rtcp(srtp_t ctx, void *srtcp_hdr, int *pkt_octet_len) { + */ + trailer = (uint32_t *) ((char *) hdr + + *pkt_octet_len -(tag_len + sizeof(srtcp_trailer_t))); +- if (*((unsigned char *) trailer) & SRTCP_E_BYTE_BIT) { +- enc_start = (uint32_t *)hdr + uint32s_in_rtcp_header; ++ e_bit_in_packet = (*((unsigned char *) trailer) & SRTCP_E_BYTE_BIT) == SRTCP_E_BYTE_BIT; ++ if (e_bit_in_packet != sec_serv_confidentiality) { ++ return err_status_cant_check; ++ } ++ if (sec_serv_confidentiality) { ++ enc_start = (uint32_t *)hdr + uint32s_in_rtcp_header; + } else { + enc_octet_len = 0; + enc_start = NULL; /* this indicates that there's no encryption */ +diff --git a/google3/third_party/libsrtp/test/srtp_driver.c b/google3/third_party/libsrtp/test/srtp_driver.c +index f6a84f9..3c97072 100644 +--- a/google3/third_party/libsrtp/test/srtp_driver.c ++++ b/google3/third_party/libsrtp/test/srtp_driver.c +@@ -1246,7 +1246,7 @@ srtp_create_big_policy(srtp_policy_t **list) { + * loop over policy list, mallocing a new list and copying values + * into it (and incrementing the SSRC value as we go along) + */ +- tmp = NULL; ++ tmp = p = NULL; + while (policy_array[i] != NULL) { + p = (srtp_policy_t*) malloc(sizeof(srtp_policy_t)); + if (p == NULL) |