From 0967ee9be20ea1da55274e2d1f7a2198a1cdc1c9 Mon Sep 17 00:00:00 2001
From: sirzooro <daniel@poradnik-webmastera.com>
Date: Sat, 6 Jul 2024 12:29:01 +0200
Subject: [PATCH] Fix RTP padding length validation

Added validation of RTP padding length in received packets. Also check
for zero padding length when marshaling.
---
 error.go  | 2 ++
 packet.go | 7 +++++++
 2 files changed, 9 insertions(+)

diff --git a/error.go b/error.go
index 4df5d2a..ac3ece4 100644
--- a/error.go
+++ b/error.go
@@ -21,4 +21,6 @@ var (
 	errRFC8285TwoByteHeaderSize    = errors.New("header extension payload must be 255bytes or less for RFC 5285 two byte extensions")
 
 	errRFC3550HeaderIDRange = errors.New("header extension id must be 0 for non-RFC 5285 extensions")
+
+	errInvalidRTPPadding = errors.New("invalid RTP padding")
 )
diff --git a/packet.go b/packet.go
index af88af3..61d341d 100644
--- a/packet.go
+++ b/packet.go
@@ -215,6 +215,9 @@ func (p *Packet) Unmarshal(buf []byte) error {
 
 	end := len(buf)
 	if p.Header.Padding {
+		if end <= n {
+			return errTooSmall
+		}
 		p.PaddingSize = buf[end-1]
 		end -= int(p.PaddingSize)
 	}
@@ -475,6 +478,10 @@ func (p Packet) Marshal() (buf []byte, err error) {
 
 // MarshalTo serializes the packet and writes to the buffer.
 func (p *Packet) MarshalTo(buf []byte) (n int, err error) {
+	if p.Header.Padding && p.PaddingSize == 0 {
+		return 0, errInvalidRTPPadding
+	}
+
 	n, err = p.Header.MarshalTo(buf)
 	if err != nil {
 		return 0, err