[vlc-commits] SRTP: integer overflow
Rémi Denis-Courmont
git at videolan.org
Sat Nov 15 11:48:21 CET 2014
vlc/vlc-2.2 | branch: master | Rémi Denis-Courmont <remi at remlab.net> | Sat Nov 15 12:47:29 2014 +0200| [f832dd0210c959d48a7486040b4d177107447c2a] | committer: Rémi Denis-Courmont
SRTP: integer overflow
(cherry picked from commit ab9f28ff688eae845bc2deb62bf50072d4a4690b)
> http://git.videolan.org/gitweb.cgi/vlc/vlc-2.2.git/?a=commit;h=f832dd0210c959d48a7486040b4d177107447c2a
---
modules/access/rtp/srtp.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/modules/access/rtp/srtp.c b/modules/access/rtp/srtp.c
index 1f8de38..9447f34 100644
--- a/modules/access/rtp/srtp.c
+++ b/modules/access/rtp/srtp.c
@@ -496,7 +496,7 @@ static int srtp_crypt (srtp_session_t *s, uint8_t *buf, size_t len)
{
/* Sequence in the future, good */
s->rtp.window = s->rtp.window << diff;
- s->rtp.window |= 1;
+ s->rtp.window |= UINT64_C(1);
s->rtp_seq = seq, s->rtp_roc = roc;
}
else
@@ -505,7 +505,7 @@ static int srtp_crypt (srtp_session_t *s, uint8_t *buf, size_t len)
diff = -diff;
if ((diff >= 64) || ((s->rtp.window >> diff) & 1))
return EACCES; /* Replay attack */
- s->rtp.window |= 1 << diff;
+ s->rtp.window |= UINT64_C(1) << diff;
}
/* Encrypt/Decrypt */
More information about the vlc-commits
mailing list