From 52ca0cd1e973e68b8ba2273a0e0ea23cb5a65d9b Mon Sep 17 00:00:00 2001
From: Richard Fuchs <rfuchs@sipwise.com>
Date: Tue, 4 May 2021 13:55:42 -0400
Subject: [PATCH] TT#108551 fix AEAD kernel encryption of small packets

closes #1230

Change-Id: I26cae7b53eed1ff8155d2fa1e1aa5283a9c37d36
(cherry picked from commit e70d2038026d01c4002d232b7618f6a67142e3a6)
---
 daemon/crypto.c              | 3 +++
 kernel-module/xt_RTPENGINE.c | 2 --
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/daemon/crypto.c b/daemon/crypto.c
index cddb66f53..3d727affc 100644
--- a/daemon/crypto.c
+++ b/daemon/crypto.c
@@ -593,6 +593,9 @@ static int aes_gcm_decrypt_rtp(struct crypto_context *c, struct rtp_header *r, s
 	unsigned char iv[12];
 	int len, plaintext_len;
 
+	if (s->len < 16)
+		return -1;
+
 	memcpy(iv, c->session_salt, 12);
 
 	*(u_int32_t*)(iv+2) ^= r->ssrc;
diff --git a/kernel-module/xt_RTPENGINE.c b/kernel-module/xt_RTPENGINE.c
index 339e458a2..82b8005cc 100644
--- a/kernel-module/xt_RTPENGINE.c
+++ b/kernel-module/xt_RTPENGINE.c
@@ -3914,8 +3914,6 @@ static int srtp_encrypt_aes_gcm(struct re_crypto_context *c,
 
 	if (s->session_salt_len != 12)
 		return -EINVAL;
-	if (r->payload_len < 16)
-		return -EINVAL;
 
 	memcpy(iv, c->session_salt, 12);