GNOME Bugzilla – Bug 756653
srtpdec: buffer validations may fail if SRTP packets have padding flag set
Last modified: 2016-03-08 05:32:37 UTC
Hello, I have come across that srtpdec may fail when buffers are validated if the SRTP packets have padding flag set. The problem is that srtpdec is using gst_rtp_buffer_map [1] to verify that the incoming GstBuffer is an RTP packet, but gst_rtp_buffer_map tries to map an encrypted RTP packet (SRTP). If the padding flag is set [2], it gets the padding len from the last octet of the packet, but this is not the real padding value because all payload (included the padding) is encrypted [3]. I think that a proper solution is add an extra map function for only mapping the header of the RTP packet and use it into srtpdec. This will solve the problem and, in addition, it will be more efficient that mapping the whole RTP buffer when only header is relevant for the user. Refs: [1] http://cgit.freedesktop.org/gstreamer/gst-plugins-bad/tree/ext/srtp/gstsrtpdec.c?h=1.6#n628 [2] http://cgit.freedesktop.org/gstreamer/gst-plugins-base/tree/gst-libs/gst/rtp/gstrtpbuffer.c?h=1.6#n403 [3] http://tools.ietf.org/html/rfc3711#section-3.1
See bug #752705 for a similar problem. That could also help here
Created attachment 313407 [details] [review] rtpdec: skip padding when mapping RTP packets
I am uploading a patch based on GST_RTP_BUFFER_MAP_FLAG_SKIP_PADDING. This solve the problem, and for now it could be enough. On the other hand, we should start thinking about performance and take into account that in many cases we are mapping all RTP info without needed it. Related issue: #754189
commit f19a789b685e9fb836275d7323d4dea7004084c2 Author: Miguel París Díaz <mparisdiaz@gmail.com> Date: Fri Oct 16 00:23:56 2015 +0200 srtpdec: skip padding when mapping RTP packets https://bugzilla.gnome.org/show_bug.cgi?id=756653