From e4bda2437691dc57a8ab62500801ed0d487b0f80 Mon Sep 17 00:00:00 2001
From: katrielc <katrielc@webrtc.org>
Date: Thu, 9 Jun 2016 08:45:45 -0700
Subject: [PATCH] Before validating a STUN packet, check it's big enough for a
 header.

Otherwise, we'll read out of bounds if the packet is too small.

NOTRY=true

Review-Url: https://codereview.webrtc.org/2040953003
Cr-Commit-Position: refs/heads/master@{#13093}
---
 webrtc/p2p/base/stun.cc | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/webrtc/p2p/base/stun.cc b/webrtc/p2p/base/stun.cc
index ac3fd5f936..180597ee77 100644
--- a/webrtc/p2p/base/stun.cc
+++ b/webrtc/p2p/base/stun.cc
@@ -132,7 +132,7 @@ const StunUInt16ListAttribute* StunMessage::GetUnknownAttributes() const {
 bool StunMessage::ValidateMessageIntegrity(const char* data, size_t size,
                                            const std::string& password) {
   // Verifying the size of the message.
-  if ((size % 4) != 0) {
+  if ((size % 4) != 0 || size < kStunHeaderSize) {
     return false;
   }