Permalink
Browse files

Update documentation for srtp_protect() to warn users of potential bu…

…ffer overflow.
  • Loading branch information...
1 parent e4bba71 commit dfe68eac6beed1efe88ebed84cee0d30fe6e8052 jfigus committed May 28, 2013
Showing with 5 additions and 0 deletions.
  1. BIN doc/libsrtp.pdf
  2. +5 −0 include/srtp.h
View
Binary file not shown.
View
@@ -304,6 +304,11 @@ srtp_shutdown(void);
* packet, and assumes that the RTP packet is aligned on a 32-bit
* boundary.
*
+ * @warning This function assumes that it can write SRTP_MAX_TRAILER_LEN
+ * into the location in memory immediately following the RTP packet.
+ * Callers MUST ensure that this much writable memory is available in
+ * the buffer that holds the RTP packet.
+ *
* @param ctx is the SRTP context to use in processing the packet.
*
* @param rtp_hdr is a pointer to the RTP packet (before the call); after

3 comments on commit dfe68ea

Owner

fluffy replied May 28, 2013

Fix looks fine to me. I will get someone from Mozilla to review.

Contributor

jesup replied May 28, 2013

That looks fine, but I'd also update the srtp_protect_rtcp() docs to indicate that it requires a buffer of SRTP_MAX_TRAILER_LEN+4 (Auth tag plus 4 bytes for 'E' + SRTCP index (see RFC 3711)). You might want to add an SRTCP_MAX_MAX_TRAILER_LEN define.

Please sign in to comment.