From: Rémi Denis-Courmont <rdenis@simphalempin.com>
Date: Sun, 15 Jun 2008 19:40:33 +0000 (+0300)
Subject: SRTP: check buffer length before sequence
X-Git-Tag: 0.9.0-test0~5
X-Git-Url: https://git.sesse.net/?p=vlc;a=commitdiff_plain;h=bc3af7e7aadb33cb0940e50fa270a165192a06bc

SRTP: check buffer length before sequence
---

diff --git a/libs/srtp/srtp.c b/libs/srtp/srtp.c
index dcde338eaa..ec49101494 100644
--- a/libs/srtp/srtp.c
+++ b/libs/srtp/srtp.c
@@ -600,17 +600,21 @@ int
 srtp_send (srtp_session_t *s, uint8_t *buf, size_t *lenp, size_t bufsize)
 {
     size_t len = *lenp;
-    int val = srtp_crypt (s, buf, len);
-    if (val)
-        return val;
+    size_t tag_len = s->tag_len;
 
     if (!(s->flags & SRTP_UNAUTHENTICATED))
     {
-        size_t tag_len = s->tag_len;
         *lenp = len + tag_len;
         if (bufsize < (len + tag_len))
             return ENOSPC;
+    }
+
+    int val = srtp_crypt (s, buf, len);
+    if (val)
+        return val;
 
+    if (!(s->flags & SRTP_UNAUTHENTICATED))
+    {
         uint32_t roc = srtp_compute_roc (s, rtp_seq (buf));
         const uint8_t *tag = rtp_digest (s, buf, len, roc);
         if (rcc_mode (s))