[vlc-commits] SRTP: integer overflow
Rémi Denis-Courmont
git at videolan.org
Thu Jan 22 16:20:15 CET 2015
vlc/vlc-2.1 | branch: master | Rémi Denis-Courmont <remi at remlab.net> | Sat Nov 15 12:49:22 2014 +0200| [b5e009a486e42a1483d0ff053b4196a1f8eb9dec] | committer: Jean-Baptiste Kempf
SRTP: integer overflow
(cherry picked from commit e76f990e0ba00a9f573c23627ecd66cb9ae9bdd5)
Signed-off-by: Jean-Baptiste Kempf <jb at videolan.org>
> http://git.videolan.org/gitweb.cgi/vlc/vlc-2.1.git/?a=commit;h=b5e009a486e42a1483d0ff053b4196a1f8eb9dec
---
modules/access/rtp/srtp.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/modules/access/rtp/srtp.c b/modules/access/rtp/srtp.c
index 9447f34..883e553 100644
--- a/modules/access/rtp/srtp.c
+++ b/modules/access/rtp/srtp.c
@@ -738,7 +738,7 @@ static int srtcp_crypt (srtp_session_t *s, uint8_t *buf, size_t len)
{
/* Packet in the future, good */
s->rtcp.window = s->rtcp.window << diff;
- s->rtcp.window |= 1;
+ s->rtcp.window |= UINT64_C(1);
s->rtcp_index = index;
}
else
@@ -747,7 +747,7 @@ static int srtcp_crypt (srtp_session_t *s, uint8_t *buf, size_t len)
diff = -diff;
if ((diff >= 64) || ((s->rtcp.window >> diff) & 1))
return EACCES; // replay attack!
- s->rtp.window |= 1 << diff;
+ s->rtp.window |= UINT64_C(1) << diff;
}
/* Crypts SRTCP */
More information about the vlc-commits
mailing list