mirror of
https://github.com/signalwire/freeswitch.git
synced 2025-04-12 23:40:04 +00:00
9ea93c4c50
In the defined AEAD modes, SRTP packets must always be encrypted and authenticated, but SRTCP packets may be only authenticated. It's possible, therefore, for us to end up in `srtp_protect_aead()` without the `sec_serv_conf` bit being set. We should just ignore this and encrypt the RTP packet anyway. What we are doing instead is encrypting the packet anyway, but setting `enc_start` to NULL first. This causes `aad_len` to underflow which will cause us to over-read in `cipher_set_aad()`. If we could get past that, we would try to read and write memory starting at 0x0 down in `cipher_encrypt()`. This commit causes us to not check the `sec_serv_conf` bit and never set `enc_start` to NULL in `srtp_protect_aead()`. `srtp_unprotect_aead()` does not contain a similar error.