Fix OOB read in key generation for encrypted headers with GCM ciphers.
The salt of the GCM cipher is shorter than the salt required for the ICM cipher
which is used for the encrypted headers.
diff --git a/srtp/srtp.c b/srtp/srtp.c
index 7d3f4af..117e4f8 100644
--- a/srtp/srtp.c
+++ b/srtp/srtp.c
@@ -1006,6 +1006,10 @@
rtp_xtn_hdr_base_key_len = base_key_length(session_keys->rtp_xtn_hdr_cipher->type,
rtp_xtn_hdr_keylen);
rtp_xtn_hdr_salt_len = rtp_xtn_hdr_keylen - rtp_xtn_hdr_base_key_len;
+ if (rtp_xtn_hdr_salt_len > rtp_salt_len) {
+ // The shorter GCM salt is padded to the required ICM salt length.
+ rtp_xtn_hdr_salt_len = rtp_salt_len;
+ }
memset(tmp_xtn_hdr_key, 0x0, MAX_SRTP_KEY_LEN);
memcpy(tmp_xtn_hdr_key, key, (rtp_xtn_hdr_base_key_len + rtp_xtn_hdr_salt_len));
xtn_hdr_kdf = &tmp_kdf;
diff --git a/test/srtp_driver.c b/test/srtp_driver.c
index 1dfa640..287f1ce 100644
--- a/test/srtp_driver.c
+++ b/test/srtp_driver.c
@@ -2096,12 +2096,12 @@
uint8_t srtp_ciphertext[64] = {
0x90, 0x0f, 0x12, 0x34, 0xde, 0xca, 0xfb, 0xad,
0xca, 0xfe, 0xba, 0xbe, 0xBE, 0xDE, 0x00, 0x06,
- 0x17, 0x58, 0x8A, 0x92, 0x70, 0xF4, 0xE1, 0x5E,
- 0x1C, 0x22, 0x00, 0x00, 0xC8, 0x30, 0x95, 0x46,
- 0xA9, 0x94, 0xF0, 0xBC, 0x54, 0x78, 0x97, 0x00,
+ 0x17, 0x12, 0xe0, 0x20, 0x5b, 0xfa, 0x94, 0x9b,
+ 0x1C, 0x22, 0x00, 0x00, 0xC8, 0x30, 0xbb, 0x46,
+ 0x73, 0x27, 0x78, 0xd9, 0x92, 0x9a, 0xab, 0x00,
0x0e, 0xca, 0x0c, 0xf9, 0x5e, 0xe9, 0x55, 0xb2,
0x6c, 0xd3, 0xd2, 0x88, 0xb4, 0x9f, 0x6c, 0xa9,
- 0xbb, 0x4e, 0x15, 0xc2, 0xe9, 0xf2, 0x66, 0x78
+ 0xf4, 0xb1, 0xb7, 0x59, 0x71, 0x9e, 0xb5, 0xbc
};
srtp_t srtp_snd, srtp_recv;
srtp_err_status_t status;