From 6fc6f05a76416ec9ae4cf7933fe5a8639f6bf31c Mon Sep 17 00:00:00 2001
From: lb1107039128 <liubo1@xfusion.com>
Date: Wed, 27 Dec 2023 16:22:58 +0800
Subject: [PATCH] Fix incorrect result of rdb_increment on overflow

Signed-off-by: lb1107039128 <liubo1@xfusion.com>
---
 ...-result-of-rdb_increment-on-overflow.patch | 28 +++++++++++++++++++
 libsrtp.spec                                  |  6 +++-
 2 files changed, 33 insertions(+), 1 deletion(-)
 create mode 100644 0001-Fix-incorrect-result-of-rdb_increment-on-overflow.patch

diff --git a/0001-Fix-incorrect-result-of-rdb_increment-on-overflow.patch b/0001-Fix-incorrect-result-of-rdb_increment-on-overflow.patch
new file mode 100644
index 0000000..72b3543
--- /dev/null
+++ b/0001-Fix-incorrect-result-of-rdb_increment-on-overflow.patch
@@ -0,0 +1,28 @@
+From f2ae5c310c9cc159602e550cc1bf73453eeb6198 Mon Sep 17 00:00:00 2001
+From: Andrey Semashev <Lastique@users.noreply.github.com>
+Date: Mon, 24 Apr 2017 12:18:30 +0300
+Subject: [PATCH] Fix incorrect result of rdb_increment on overflow
+
+The rdb_increment used to return err_status_ok when overflow has happened, which results in undesirable consequences in other parts of the code.
+---
+ crypto/replay/rdb.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/crypto/replay/rdb.c b/crypto/replay/rdb.c
+index c84222f..5202a9b 100644
+--- a/crypto/replay/rdb.c
++++ b/crypto/replay/rdb.c
+@@ -130,8 +130,9 @@ rdb_add_index(rdb_t *rdb, uint32_t p_index) {
+ err_status_t
+ rdb_increment(rdb_t *rdb) {
+ 
+-  if (rdb->window_start++ > 0x7fffffff)
++  if (rdb->window_start >= 0x7fffffff)
+     return err_status_key_expired;
++  ++rdb->window_start;
+   return err_status_ok;
+ }
+ 
+-- 
+2.42.0.windows.2
+
diff --git a/libsrtp.spec b/libsrtp.spec
index b921b81..e84b5a8 100644
--- a/libsrtp.spec
+++ b/libsrtp.spec
@@ -1,6 +1,6 @@
 Name:           libsrtp
 Version:        1.5.4
-Release:        10
+Release:        11
 Summary:        Library for SRTP (Secure Realtime Transport Protocol)
 License:        BSD
 URL:            https://github.com/cisco/libsrtp
@@ -13,6 +13,7 @@ Patch0000:      libsrtp-1.5.4-shared-fix.patch
 Patch0001:      libsrtp-srtp_aes_encrypt.patch
 Patch0002:      libsrtp-sha1-name-fix.patch
 Patch0003:      libsrtp-fix-name-collision-on-MIPS.patch
+Patch0004:      0001-Fix-incorrect-result-of-rdb_increment-on-overflow.patch
 
 %description
 This package provides an implementation of the Secure Real-time Transport Protocol (SRTP),
@@ -56,5 +57,8 @@ install -pm644 %{SOURCE2} %{buildroot}%{_includedir}/srtp/config.h
 %{_libdir}/*.so
 
 %changelog
+* Wed Dec 27 2023 liubo <liubo1@xfusion.com> - 1.5.4-11
+- Fix incorrect result of rdb_increment on overflow
+
 * Tue Oct 23 2019 huzhiyu <huzhiyu1@huawei.com> - 1.5.4-10
 - Package init