From 0705be4c3a02ecca8917c85b9057c715eddc74ec Mon Sep 17 00:00:00 2001
From: Dmitry Verenitsin <morbit85@gmail.com>
Date: Wed, 30 Jul 2025 18:40:46 +0500
Subject: [PATCH] [core] Invalidate received encrypted RTCP packet if we can't
 decrypt it.

---
 src/switch_rtp.c | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/src/switch_rtp.c b/src/switch_rtp.c
index ffda173752..403652a021 100644
--- a/src/switch_rtp.c
+++ b/src/switch_rtp.c
@@ -6104,11 +6104,16 @@ static switch_status_t read_rtp_packet(switch_rtp_t *rtp_session, switch_size_t
 					if (stat) {
 						//++rtp_session->srtp_errs[rtp_session->srtp_idx_rtp]++;
 						switch_log_printf(SWITCH_CHANNEL_SESSION_LOG(rtp_session->session), SWITCH_LOG_ERROR, "RTCP UNPROTECT ERR\n");
+						sbytes = 0;
 					} else {
 						//rtp_session->srtp_errs[rtp_session->srtp_idx_rtp] = 0;
 					}
 
-					*bytes = sbytes;
+					if (sbytes > 0) {
+						*bytes = sbytes;
+					} else {
+						invalidate_received_packet(rtp_session, bytes);
+					}
 				}
 #endif
 				switch_mutex_unlock(rtp_session->ice_mutex);
-- 
2.47.2