google-7-srtp-security-fix.patch - Android社区

diff --git a/google3/third_party/libsrtp/crypto/include/integers.h b/google3/third_party/libsrtp/crypto/include/integers.h
index 7010efd..3515d13 100644
--- a/google3/third_party/libsrtp/crypto/include/integers.h
+++ b/google3/third_party/libsrtp/crypto/include/integers.h
@@ -98,7 +98,6 @@ typedef unsigned short int	uint16_t;
 typedef unsigned int		uint32_t;
 #endif
 
-
 #ifdef NO_64BIT_MATH
 typedef double uint64_t;
 /* assert that sizeof(double) == 8 */
diff --git a/google3/third_party/libsrtp/include/srtp.h b/google3/third_party/libsrtp/include/srtp.h
index 7f17853..bbaac95 100644
--- a/google3/third_party/libsrtp/include/srtp.h
+++ b/google3/third_party/libsrtp/include/srtp.h
@@ -50,10 +50,6 @@
 extern "C" {
 #endif
 
-#ifdef _MSC_VER
-#pragma pack(4)
-#endif
-
 #include "crypto_kernel.h" 
 
 /**
@@ -930,10 +926,6 @@ srtp_install_event_handler(srtp_event_handler_func_t func);
 #define SRTCP_E_BYTE_BIT 0x80
 #define SRTCP_INDEX_MASK 0x7fffffff
 
-#ifdef _MSC_VER
-#pragma pack()
-#endif
-
 #ifdef __cplusplus
 }
 #endif
diff --git a/google3/third_party/libsrtp/srtp/srtp.c b/google3/third_party/libsrtp/srtp/srtp.c
index 6010dd4..3fc52ee 100644
--- a/google3/third_party/libsrtp/srtp/srtp.c
+++ b/google3/third_party/libsrtp/srtp/srtp.c
@@ -1657,6 +1657,8 @@ srtp_unprotect_rtcp(srtp_t ctx, void *srtcp_hdr, int *pkt_octet_len) {
   srtp_stream_ctx_t *stream;
   int prefix_len;
   uint32_t seq_num;
+  int e_bit_in_packet;     /* whether the E-bit was found in the packet */
+  int sec_serv_confidentiality; /* whether confidentiality was requested */
 
   /* we assume the hdr is 32-bit aligned to start */
   /*
@@ -1694,7 +1696,10 @@ srtp_unprotect_rtcp(srtp_t ctx, void *srtcp_hdr, int *pkt_octet_len) {
       return err_status_no_ctx;
     } 
   }
-  
+
+  sec_serv_confidentiality = stream->rtcp_services == sec_serv_conf ||
+      stream->rtcp_services == sec_serv_conf_and_auth;
+
   /* get tag length from stream context */
   tag_len = auth_get_tag_length(stream->rtcp_auth); 
 
@@ -1714,8 +1719,12 @@ srtp_unprotect_rtcp(srtp_t ctx, void *srtcp_hdr, int *pkt_octet_len) {
    */
   trailer = (uint32_t *) ((char *) hdr +
 		     *pkt_octet_len -(tag_len + sizeof(srtcp_trailer_t)));
-  if (*((unsigned char *) trailer) & SRTCP_E_BYTE_BIT) {
-    enc_start = (uint32_t *)hdr + uint32s_in_rtcp_header;  
+  e_bit_in_packet = (*((unsigned char *) trailer) & SRTCP_E_BYTE_BIT) == SRTCP_E_BYTE_BIT;
+  if (e_bit_in_packet != sec_serv_confidentiality) {
+    return err_status_cant_check;
+  }
+  if (sec_serv_confidentiality) {
+    enc_start = (uint32_t *)hdr + uint32s_in_rtcp_header;
   } else {
     enc_octet_len = 0;
     enc_start = NULL; /* this indicates that there's no encryption */
diff --git a/google3/third_party/libsrtp/test/srtp_driver.c b/google3/third_party/libsrtp/test/srtp_driver.c
index f6a84f9..3c97072 100644
--- a/google3/third_party/libsrtp/test/srtp_driver.c
+++ b/google3/third_party/libsrtp/test/srtp_driver.c
@@ -1246,7 +1246,7 @@ srtp_create_big_policy(srtp_policy_t **list) {
    * loop over policy list, mallocing a new list and copying values
    * into it (and incrementing the SSRC value as we go along)
    */
-  tmp = NULL;
+  tmp = p = NULL;
   while (policy_array[i] != NULL) {
     p  = (srtp_policy_t*) malloc(sizeof(srtp_policy_t));
     if (p == NULL)