kenmirrors
/
freeswitch
mirror of https://github.com/signalwire/freeswitch.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
freeswitch/libs
History
Travis Cross aa4261d11f Avoid buffer-overflow on short RTCP/SRTCP packets 
In `srtp_unprotect_rtcp()` we are not validating that the packet
length is as long as the minimum required.  This would cause
`enc_octet_len` to underflow, which would cause us to try to decrypt
data past the end of the packet in memory -- a buffer over-read and
buffer overflow.

In `srtp_protect_rtcp()`, we were similarly not validating the packet
length.  Here we were also polluting the address of the SRTCP
encrypted flag and index (the `trailer`), causing us to write one word
to a bogus memory address before getting to the encryption where we
would also overflow.

In this commit we add checks to appropriately validate the RTCP/SRTCP
packet lengths.

`srtp_unprotect_rtcp_aead()` (but not protect) did correctly validate
the packet length; this check would now be redundant as the check in
`srtcp_unprotect_rtcp()` will also run first, so it has been removed.
 		2014-06-30 19:00:35 +00:00
..
apr FS-6294 FS-6308 NetBSD support should work test and report back please. 2014-03-19 14:34:07 -05:00
apr-util put this back for now to test 2014-03-09 14:46:06 -04:00
broadvoice remove generated file from git 2014-03-08 08:51:58 -06:00
esl FS-6604: fix this same issue in esl too 2014-06-17 12:10:47 -05:00
freetdm freetdm: Fix raw GSM AT command execution not returning the proper token count 2014-05-11 03:22:27 -04:00
iksemel clean up some bootstrap warnings 2014-03-07 18:36:26 -05:00
ilbc fix autoconf syntax issue 2014-03-07 19:19:53 -05:00
js FS-5920 --resolve 2013-12-16 11:54:15 -05:00
libcodec2 remove generated file from tree 2014-04-30 10:34:08 -04:00
libdingaling remove DYNAMIC_LIB_EXTEN because we use libtool to figure this all out now 2014-03-14 18:04:07 -04:00
libg722_1 autoconf syntax error 2014-03-07 19:35:51 -05:00
libks update copyright header for 2014 2014-02-12 12:08:56 -06:00
libnatpmp FS-4071 --resolve 2012-04-04 16:18:53 -05:00
libscgi its logically impossible for this to be null, we are looping through an array on the stack 2014-05-07 12:54:40 -04:00
libsndfile Tweak sndfile for args 2014-03-19 17:37:02 +00:00
libteletone Cleanup bad whitespace 2014-05-21 17:25:32 +00:00
libtpl-1.5 silence unused var warnings 2014-03-19 14:17:09 -04:00
libzrtp clean up some bootstrap warnings 2014-03-07 18:36:26 -05:00
miniupnpc try to fix miniwget on suse (FSBUILD-258) 2010-03-08 17:14:04 +00:00
portaudio clean up some bootstrap warnings 2014-03-07 18:36:26 -05:00
silk FS-6293: fix mod_silk srcdir build 2014-03-17 08:32:17 -04:00
sofia-sip date would have done the same thing 2014-06-18 08:58:49 -05:00
spandsp FAX tweaks 2014-06-29 02:11:25 +08:00
srtp Avoid buffer-overflow on short RTCP/SRTCP packets 2014-06-30 19:00:35 +00:00
tiff-4.0.2 FS-6375 fix till we switch to system tiff 2014-03-19 12:32:23 +00:00
unimrcp FS-6293: unimrcp srcdir build working 2014-03-19 15:04:41 -04:00
win32 FS-6505 download custom ldns lib for windows for now 2014-05-20 17:07:52 -05:00
xmlrpc-c FS-6293: abandon xmlrpc-c build system entirely. We can revist this when we try to pull this lib out of tree, in the mean time, this fixes a ton of problems. 2014-03-18 09:50:12 -04:00
.gitignore Add ldns to .gitignore 2014-06-15 13:51:56 +02:00