Update libsrtp to upstream commit be95365fbb4788b688cab7af61c65b7989055fb4

srtp/srtp/srtp.c

Index: srtp/srtp/srtp.c
diff --git a/srtp/srtp/srtp.c b/srtp/srtp/srtp.c
index e7c25a1e19a84d5193bfda999880b0b371179127..f8e2fc43d35dfb8b624196aaba52de3dde52d5a0 100644
--- a/srtp/srtp/srtp.c
+++ b/srtp/srtp/srtp.c
@@ -1077,7 +1077,7 @@ srtp_unprotect_aead (srtp_ctx_t *ctx, srtp_stream_ctx_t *stream, int delta,
         srtp_hdr_xtnd_t *xtn_hdr = (srtp_hdr_xtnd_t*)enc_start;
         enc_start += (ntohs(xtn_hdr->length) + 1);
     }
-    if (!((uint8_t*)enc_start < (uint8_t*)hdr + *pkt_octet_len))
+    if (!((uint8_t*)enc_start < (uint8_t*)hdr + (*pkt_octet_len - tag_len)))
         return err_status_parse_err;
     /*
      * We pass the tag down to the cipher when doing GCM mode 
@@ -1307,9 +1307,9 @@ srtp_unprotect_aead (srtp_ctx_t *ctx, srtp_stream_ctx_t *stream, int delta,
      if (hdr->x == 1) {
        srtp_hdr_xtnd_t *xtn_hdr = (srtp_hdr_xtnd_t *)enc_start;
        enc_start += (ntohs(xtn_hdr->length) + 1);
-       if (!((uint8_t*)enc_start < (uint8_t*)hdr + *pkt_octet_len))
-         return err_status_parse_err;
      }
+     if (!((uint8_t*)enc_start < (uint8_t*)hdr + *pkt_octet_len))
+       return err_status_parse_err;
      enc_octet_len = (unsigned int)(*pkt_octet_len -
                                     ((uint8_t*)enc_start - (uint8_t*)hdr));
    } else {
@@ -1595,7 +1595,7 @@ srtp_unprotect(srtp_ctx_t *ctx, void *srtp_hdr, int *pkt_octet_len) {
       srtp_hdr_xtnd_t *xtn_hdr = (srtp_hdr_xtnd_t *)enc_start;
       enc_start += (ntohs(xtn_hdr->length) + 1);
     }  
-    if (!((uint8_t*)enc_start < (uint8_t*)hdr + *pkt_octet_len))
+    if (!((uint8_t*)enc_start < (uint8_t*)hdr + (*pkt_octet_len - tag_len)))
       return err_status_parse_err;
     enc_octet_len = (uint32_t)(*pkt_octet_len - tag_len -
                                ((uint8_t*)enc_start - (uint8_t*)hdr));