Before validating a STUN packet, check it's big enough for a header.

Otherwise, we'll read out of bounds if the packet is too small. NOTRY=true Review-Url: https://codereview.webrtc.org/2040953003 Cr-Commit-Position: refs/heads/master@{#13093}
2016-06-09 08:45:45 -07:00 · 2016-06-09 08:45:45 -07:00 · e4bda24376
commit e4bda24376
parent 101f250a30
1 changed files with 1 additions and 1 deletions
--- a/webrtc/p2p/base/stun.cc
+++ b/webrtc/p2p/base/stun.cc
@ -132,7 +132,7 @@ const StunUInt16ListAttribute* StunMessage::GetUnknownAttributes() const {
 bool StunMessage::ValidateMessageIntegrity(const char* data, size_t size,
                                           const std::string& password) {
  // Verifying the size of the message.
-  if ((size % 4) != 0) {
+  if ((size % 4) != 0 || size < kStunHeaderSize) {
    return false;
  }