srtp: fix bad memory access

* fix non-initialized memory at SRTP session creation. * fix invalid access when SRTP session is free in some conditions. Change-Id: I95a1e2cd45b8007cb20445ca219f8e667e977656 Reviewed-by: Anthony Léonard <anthony.leonard@savoirfairelinux.com>

srtp: fix bad memory access
567d6432 · Guillaume Roguez · Anthony Léonard · 52093687 · 567d6432 · 567d6432
Commit 567d6432 authored 7 years ago by Guillaume Roguez Committed by Anthony Léonard 7 years ago
--- a/src/media/socket_pair.cpp
+++ b/src/media/socket_pair.cpp
@@ -25,6 +25,7 @@
 #include "ice_socket.h"
 #include "libav_utils.h"
 #include "logger.h"
+#include "security/memory.h"

 #include <iostream>
 #include <string>
@@ -69,6 +70,8 @@ class SRTPProtoContext {
 public:
    SRTPProtoContext(const char* out_suite, const char* out_key,
                     const char* in_suite, const char* in_key) {
+        ring_secure_memzero(&srtp_out, sizeof(srtp_out));
+        ring_secure_memzero(&srtp_in, sizeof(srtp_in));
        if (out_suite && out_key) {
            // XXX: see srtp_open from libavformat/srtpproto.c
            if (ff_srtp_set_crypto(&srtp_out, out_suite, out_key) < 0) {

--- a/src/media/srtp.c
+++ b/src/media/srtp.c
@@ -42,10 +42,14 @@ void ff_srtp_free(struct SRTPContext *s)
        return;
    // aes and hmac have an opaque pointer type.
    // No API to safely erase them, so just re-init with "dummy keys" to sanitize them
+    if (s->aes) {
        av_aes_init(s->aes, zero_buffer, 128, 0);
-    av_hmac_init(s->hmac, zero_buffer, sizeof(s->rtp_auth));
        av_freep(&s->aes);
+    }
+    if (s->hmac) {
+        av_hmac_init(s->hmac, zero_buffer, sizeof(s->rtp_auth));
        av_hmac_free(s->hmac);
+    }
    ring_secure_memzero(s, sizeof(*s));
 }