Commit c995df45 authored by Pascal Buhler's avatar Pascal Buhler

Validate mki index when looking up keys

If the mki index is not valid then a NULL session
key should be returned not just defaulting to first.
This allows the protect functions to return
with error bad mki.
parent 55626f32
......@@ -800,9 +800,10 @@ srtp_session_keys_t *srtp_get_session_keys_with_mki_index(
unsigned int mki_index)
{
if (use_mki) {
if (mki_index < stream->num_master_keys) {
return &stream->session_keys[mki_index];
if (mki_index >= stream->num_master_keys) {
return NULL;
}
return &stream->session_keys[mki_index];
}
return &stream->session_keys[0];
......@@ -2123,6 +2124,9 @@ srtp_err_status_t srtp_protect_mki(srtp_ctx_t *ctx,
session_keys =
srtp_get_session_keys_with_mki_index(stream, use_mki, mki_index);
if (session_keys == NULL)
return srtp_err_status_bad_mki;
/*
* Check if this is an AEAD stream (GCM mode). If so, then dispatch
* the request to our AEAD handler.
......@@ -3927,6 +3931,9 @@ srtp_err_status_t srtp_protect_rtcp_mki(srtp_t ctx,
session_keys =
srtp_get_session_keys_with_mki_index(stream, use_mki, mki_index);
if (session_keys == NULL)
return srtp_err_status_bad_mki;
/*
* Check if this is an AEAD stream (GCM mode). If so, then dispatch
* the request to our AEAD handler.
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment