Merge commit from fork

author Andrey Volk <andywolk@gmail.com>

Thu, 7 May 2026 17:20:52 +0000 (20:20 +0300)

committer GitHub <noreply@github.com>

Thu, 7 May 2026 17:20:52 +0000 (20:20 +0300)
author Andrey Volk <andywolk@gmail.com>
Thu, 7 May 2026 17:20:52 +0000 (20:20 +0300)
committer GitHub <noreply@github.com>
Thu, 7 May 2026 17:20:52 +0000 (20:20 +0300)
diff --git a/src/switch_stun.c b/src/switch_stun.c

index d58dd6fd93db5f2c0af9ce91fac6f64182a19ee2..35c9daed91e1b01abf7c3071e9c1eaaba962be4e 100644 (file)
--- a/src/switch_stun.c
+++ b/src/switch_stun.c
@@ -239,7 +239,13 @@ SWITCH_DECLARE(switch_stun_packet_t *) switch_stun_packet_parse(uint8_t *buf, ui
                 case SWITCH_STUN_ATTR_DESTINATION_ADDRESS:
                 case SWITCH_STUN_ATTR_PRIORITY:
                         {
-                               switch_stun_ip_t *ip = (switch_stun_ip_t *) attr->value;
+                               switch_stun_ip_t *ip;
+
+                               if (bytes_left < sizeof(switch_stun_ip_t)) {
+                                       return NULL;
+                               }
+
+                               ip = (switch_stun_ip_t *) attr->value;
                                 ip->port = ntohs(ip->port);
                         }
                         break;
@@ -247,6 +253,11 @@ SWITCH_DECLARE(switch_stun_packet_t *) switch_stun_packet_parse(uint8_t *buf, ui
                         {
                                 switch_stun_ip_t *ip;
                                 uint32_t addr_length = 0;
+
+                               if (bytes_left < sizeof(switch_stun_ip_t)) {
+                                       return NULL;
+                               }
+
                                 ip = (switch_stun_ip_t *) attr->value;
  
                                 switch (ip->family) {
@@ -277,7 +288,13 @@ SWITCH_DECLARE(switch_stun_packet_t *) switch_stun_packet_parse(uint8_t *buf, ui
                 case SWITCH_STUN_ATTR_BANDWIDTH:
                 case SWITCH_STUN_ATTR_OPTIONS:
                         {
-                               uint32_t *val = (uint32_t *) attr->value;
+                               uint32_t *val;
+
+                               if (bytes_left < sizeof(uint32_t)) {
+                                       return NULL;
+                               }
+
+                               val = (uint32_t *)attr->value;
  
                                 if (attr->length != sizeof(uint32_t)) {
                                         /* Invalid */
@@ -289,7 +306,13 @@ SWITCH_DECLARE(switch_stun_packet_t *) switch_stun_packet_parse(uint8_t *buf, ui
                         break;
                 case SWITCH_STUN_ATTR_ERROR_CODE:       /* ErrorCode */
                         {
-                               uint32_t *u = (uint32_t *) attr->value;
+                               uint32_t *u;
+
+                               if (bytes_left < sizeof(uint32_t)) {
+                                       return NULL;
+                               }
+
+                               u = (uint32_t *)attr->value;
                                 *u = htonl(*u);
                         }
                         break;
author	Andrey Volk <andywolk@gmail.com>
	Thu, 7 May 2026 17:20:52 +0000 (20:20 +0300)
committer	GitHub <noreply@github.com>
	Thu, 7 May 2026 17:20:52 +0000 (20:20 +0300)