Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

Update documentation for srtp_protect() to warn users of potential bu…

…ffer overflow.
commit dfe68eac6beed1efe88ebed84cee0d30fe6e8052 1 parent e4bba71
jfigus authored
Showing with 5 additions and 0 deletions.
  1. BIN  doc/libsrtp.pdf
  2. +5 −0 include/srtp.h
View
BIN  doc/libsrtp.pdf
Binary file not shown
View
5 include/srtp.h
@@ -304,6 +304,11 @@ srtp_shutdown(void);
* packet, and assumes that the RTP packet is aligned on a 32-bit
* boundary.
*
+ * @warning This function assumes that it can write SRTP_MAX_TRAILER_LEN
+ * into the location in memory immediately following the RTP packet.
+ * Callers MUST ensure that this much writable memory is available in
+ * the buffer that holds the RTP packet.
+ *
* @param ctx is the SRTP context to use in processing the packet.
*
* @param rtp_hdr is a pointer to the RTP packet (before the call); after

3 comments on commit dfe68ea

@fluffy
Owner

Fix looks fine to me. I will get someone from Mozilla to review.

@jesup
Collaborator

That looks fine, but I'd also update the srtp_protect_rtcp() docs to indicate that it requires a buffer of SRTP_MAX_TRAILER_LEN+4 (Auth tag plus 4 bytes for 'E' + SRTCP index (see RFC 3711)). You might want to add an SRTCP_MAX_MAX_TRAILER_LEN define.

@davidmcgrew
Collaborator
Please sign in to comment.
Something went wrong with that request. Please try again.