From: Terry Wilson <twilson@digium.com>
Date: Mon, 12 Dec 2011 19:22:35 +0000 (+0000)
Subject: Add a separate buffer for SRTCP packets
X-Git-Tag: 1.8.9.0-rc1~30
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=607398d4501cf820bba8eb0921d75d2062a9eb4e;p=thirdparty%2Fasterisk.git

Add a separate buffer for SRTCP packets

The function ast_srtp_protect used a common buffer for both SRTP and SRTCP
packets. Since this function can be called from multiple threads for the same
SRTP session (scheduler for SRTCP and channel for SRTP) it was possible for the
packets to become corrupted as the buffer was used by both threads
simultaneously.

This patch adds a separate buffer for SRTCP packets to avoid the problem.

(closes issue ASTERISK-18889, Reported/patch by Daniel Collins)


git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8@347995 65c4cc65-6c06-0410-ace0-fbb531ad65f3
---

diff --git a/res/res_srtp.c b/res/res_srtp.c
index fe1ee73ced..a232314fae 100644
--- a/res/res_srtp.c
+++ b/res/res_srtp.c
@@ -56,6 +56,7 @@ struct ast_srtp {
 	void *data;
 	int warned;
 	unsigned char buf[8192 + AST_FRIENDLY_OFFSET];
+	unsigned char rtcpbuf[8192 + AST_FRIENDLY_OFFSET];
 };
 
 struct ast_srtp_policy {
@@ -401,19 +402,22 @@ static int ast_srtp_unprotect(struct ast_srtp *srtp, void *buf, int *len, int rt
 static int ast_srtp_protect(struct ast_srtp *srtp, void **buf, int *len, int rtcp)
 {
 	int res;
+	unsigned char *localbuf;
 
 	if ((*len + SRTP_MAX_TRAILER_LEN) > sizeof(srtp->buf)) {
 		return -1;
 	}
+	
+	localbuf = rtcp ? srtp->rtcpbuf : srtp->buf;
 
-	memcpy(srtp->buf, *buf, *len);
+	memcpy(localbuf, *buf, *len);
 
-	if ((res = rtcp ? srtp_protect_rtcp(srtp->session, srtp->buf, len) : srtp_protect(srtp->session, srtp->buf, len)) != err_status_ok && res != err_status_replay_fail) {
+	if ((res = rtcp ? srtp_protect_rtcp(srtp->session, localbuf, len) : srtp_protect(srtp->session, localbuf, len)) != err_status_ok && res != err_status_replay_fail) {
 		ast_log(LOG_WARNING, "SRTP protect: %s\n", srtp_errstr(res));
 		return -1;
 	}
 
-	*buf = srtp->buf;
+	*buf = localbuf;
 	return *len;
 }