Ticket #2035 (closed defect: fixed)

Opened 3 months ago

Last modified 2 months ago

Make sure transport SRTP buf size is sufficient before calling srtp_protect() and srtp_protect_rtcp()

Reported by: riza Owned by: nanang
Priority: normal Milestone: release-2.7
Component: pjmedia Version: trunk
Keywords: Cc:
Backport to 1.x milestone: Backported: no

Description

From srtp doc (srtp.h)

/**
 * SRTP_MAX_TRAILER_LEN is the maximum length of the SRTP trailer
 * (authentication tag and MKI) supported by libSRTP.  This value is
 * the maixmum number of octets that will be added to an RTP packet by
 * srtp_protect().
 *
 * @brief the maximum number of octets added by srtp_protect().
 */
#define SRTP_MAX_TRAILER_LEN (SRTP_MAX_TAG_LEN + SRTP_MAX_MKI_LEN)
...
 * @warning This function assumes that it can write SRTP_MAX_TRAILER_LEN 
 * into the location in memory immediately following the RTP packet.   
 * Callers MUST ensure that this much writable memory is available in 
 * the buffer that holds the RTP packet.
...
srtp_err_status_t srtp_protect(srtp_t ctx, void *rtp_hdr, int *len_ptr);

Currently, transport SRTP use hardcoded value to check if the space is sufficient.

This ticket will use SRTP_MAX_TRAILER_LEN instead to check the required buffer space.

Thanks to Chris Panayis for the report.

Change History

comment:1 Changed 3 months ago by riza

  • Status changed from new to closed
  • Resolution set to fixed

In 5639:

Fix #2035: Make sure transport SRTP buf size is sufficient before calling
srtp_protect() and srtp_protect_rtcp().

comment:2 Changed 3 months ago by riza

In 5640:

Re #2035: Should check enough space for (MAX_TRAILER_LEN+4) before srtp_protect_rtcp().

comment:3 Changed 2 months ago by riza

In 5643:

Re #2035: Don't include srtp.h on pjmedia config.h, which raise error when including PJSIP from install dir.
Thanks to Peter Koletzki for the report.

Note: See TracTickets for help on using tickets.