From 78b17e6d41e8bac9b65a0240b56ab3649547566c Mon Sep 17 00:00:00 2001
From: Terry Wilson <twilson@digium.com>
Date: Mon, 19 Dec 2011 01:36:21 +0000
Subject: [PATCH] Add a separate buffer for SRTCP packets

The function ast_srtp_protect used a common buffer for both SRTP and SRTCP
packets. Since this function can be called from multiple threads for the same
SRTP session (scheduler for SRTCP and channel for SRTP) it was possible for the
packets to become corrupted as the buffer was used by both threads
simultaneously.

This patch adds a separate buffer for SRTCP packets to avoid the problem.

(closes issue ASTERISK-18889, Reported/patch by Daniel Collins)
........

Merged revisions 347995 from http://svn.asterisk.org/svn/asterisk/branches/1.8
........

Merged revisions 347996 from http://svn.asterisk.org/svn/asterisk/branches/10


git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@348567 65c4cc65-6c06-0410-ace0-fbb531ad65f3
---
 res/res_srtp.c | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/res/res_srtp.c b/res/res_srtp.c
index fe1ee73ced..a232314fae 100644
--- a/res/res_srtp.c
+++ b/res/res_srtp.c
@@ -56,6 +56,7 @@ struct ast_srtp {
 	void *data;
 	int warned;
 	unsigned char buf[8192 + AST_FRIENDLY_OFFSET];
+	unsigned char rtcpbuf[8192 + AST_FRIENDLY_OFFSET];
 };
 
 struct ast_srtp_policy {
@@ -401,19 +402,22 @@ static int ast_srtp_unprotect(struct ast_srtp *srtp, void *buf, int *len, int rt
 static int ast_srtp_protect(struct ast_srtp *srtp, void **buf, int *len, int rtcp)
 {
 	int res;
+	unsigned char *localbuf;
 
 	if ((*len + SRTP_MAX_TRAILER_LEN) > sizeof(srtp->buf)) {
 		return -1;
 	}
+	
+	localbuf = rtcp ? srtp->rtcpbuf : srtp->buf;
 
-	memcpy(srtp->buf, *buf, *len);
+	memcpy(localbuf, *buf, *len);
 
-	if ((res = rtcp ? srtp_protect_rtcp(srtp->session, srtp->buf, len) : srtp_protect(srtp->session, srtp->buf, len)) != err_status_ok && res != err_status_replay_fail) {
+	if ((res = rtcp ? srtp_protect_rtcp(srtp->session, localbuf, len) : srtp_protect(srtp->session, localbuf, len)) != err_status_ok && res != err_status_replay_fail) {
 		ast_log(LOG_WARNING, "SRTP protect: %s\n", srtp_errstr(res));
 		return -1;
 	}
 
-	*buf = srtp->buf;
+	*buf = localbuf;
 	return *len;
 }
 
-- 
GitLab