Fix #1074: Fixed SRTP crypto parser to preverify the key length.

git-svn-id: http://svn.pjsip.org/repos/pjproject/trunk@3191 74dad513-b988-da41-8d7b-12977e46ad98
author: Nanang Izzuddin <nanang@teluu.com> 2010-06-02 09:32:42 +0000
committer: Nanang Izzuddin <nanang@teluu.com> 2010-06-02 09:32:42 +0000
commit: 721b577e0c0be61d2c8507a74156813aeabbe3a7 (patch)
tree: 0b52893e8ffbbccfa32b8ebca9f58390c27084e5 /pjmedia
parent: 4dc0593088419a73f1551a6d690e1cd5bfe1cc0e (diff)
1 files changed, 5 insertions, 1 deletions
diff --git a/pjmedia/src/pjmedia/transport_srtp.c b/pjmedia/src/pjmedia/transport_srtp.c
index 9e03f594..20005c39 100644
--- a/pjmedia/src/pjmedia/transport_srtp.c
+++ b/pjmedia/src/pjmedia/transport_srtp.c
@@ -1054,9 +1054,13 @@ static pj_status_t parse_attr_crypto(pj_pool_t *pool,
 	return PJMEDIA_SDP_EINATTR;
     }
     tmp = pj_str(token);
-    crypto->key.ptr = (char*) pj_pool_zalloc(pool, MAX_KEY_LEN);
+    if (PJ_BASE64_TO_BASE256_LEN(tmp.slen) > MAX_KEY_LEN) {
+	PJ_LOG(4,(THIS_FILE, "Key too long"));
+	return PJMEDIA_SRTP_EINKEYLEN;
+    }
 
     /* Decode key */
+    crypto->key.ptr = (char*) pj_pool_zalloc(pool, MAX_KEY_LEN);
     itmp = MAX_KEY_LEN;
     status = pj_base64_decode(&tmp, (pj_uint8_t*)crypto->key.ptr, 
 			      &itmp);
author	Nanang Izzuddin <nanang@teluu.com>	2010-06-02 09:32:42 +0000
committer	Nanang Izzuddin <nanang@teluu.com>	2010-06-02 09:32:42 +0000
commit	721b577e0c0be61d2c8507a74156813aeabbe3a7 (patch)
tree	0b52893e8ffbbccfa32b8ebca9f58390c27084e5 /pjmedia
parent	4dc0593088419a73f1551a6d690e1cd5bfe1cc0e (diff)