-
由 Travis Cross 提交于
In the defined AEAD modes, SRTP packets must always be encrypted and authenticated, but SRTCP packets may be only authenticated. It's possible, therefore, for us to end up in `srtp_protect_aead()` without the `sec_serv_conf` bit being set. We should just ignore this and encrypt the RTP packet anyway. What we are doing instead is encrypting the packet anyway, but setting `enc_start` to NULL first. This causes `aad_len` to underflow which will cause us to over-read in `cipher_set_aad()`. If we could get past that, we would try to read and write memory starting at 0x0 down in `cipher_encrypt()`. This commit causes us to not check the `sec_serv_conf` bit and never set `enc_start` to NULL in `srtp_protect_aead()`. `srtp_unprotect_aead()` does not contain a similar error.
9ea93c4c
