Add immediate sanity check on untrusted length

We were actually checking this indirectly in the loop that follows,
but it's more clear to check this immediately and directly.
This commit is contained in:
Travis Cross 2014-04-08 21:04:59 +00:00
parent 711e49c46a
commit 1636550176

View File

@ -129,7 +129,8 @@ SWITCH_DECLARE(switch_stun_packet_t *) switch_stun_packet_parse(uint8_t *buf, ui
packet = (switch_stun_packet_t *) buf;
packet->header.type = ntohs(packet->header.type);
packet->header.length = ntohs(packet->header.length);
bytes_left -= 20;
if (packet->header.length > (bytes_left -= 20))
return NULL;
/*