From: Andrey Volk <andywolk@gmail.com>
Date: Thu, 7 May 2026 17:20:52 +0000 (+0300)
Subject: Merge commit from fork
X-Git-Tag: v1.11.0^2~1
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=1e1cecd474147bd4502ef249d9894d0e822f2c99;p=thirdparty%2Ffreeswitch.git

Merge commit from fork
---

diff --git a/src/switch_stun.c b/src/switch_stun.c
index d58dd6fd93..35c9daed91 100644
--- a/src/switch_stun.c
+++ b/src/switch_stun.c
@@ -239,7 +239,13 @@ SWITCH_DECLARE(switch_stun_packet_t *) switch_stun_packet_parse(uint8_t *buf, ui
 		case SWITCH_STUN_ATTR_DESTINATION_ADDRESS:
 		case SWITCH_STUN_ATTR_PRIORITY:
 			{
-				switch_stun_ip_t *ip = (switch_stun_ip_t *) attr->value;
+				switch_stun_ip_t *ip;
+
+				if (bytes_left < sizeof(switch_stun_ip_t)) {
+					return NULL;
+				}
+
+				ip = (switch_stun_ip_t *) attr->value;
 				ip->port = ntohs(ip->port);
 			}
 			break;
@@ -247,6 +253,11 @@ SWITCH_DECLARE(switch_stun_packet_t *) switch_stun_packet_parse(uint8_t *buf, ui
 			{
 				switch_stun_ip_t *ip;
 				uint32_t addr_length = 0;
+
+				if (bytes_left < sizeof(switch_stun_ip_t)) {
+					return NULL;
+				}
+
 				ip = (switch_stun_ip_t *) attr->value;
 
 				switch (ip->family) {
@@ -277,7 +288,13 @@ SWITCH_DECLARE(switch_stun_packet_t *) switch_stun_packet_parse(uint8_t *buf, ui
 		case SWITCH_STUN_ATTR_BANDWIDTH:
 		case SWITCH_STUN_ATTR_OPTIONS:
 			{
-				uint32_t *val = (uint32_t *) attr->value;
+				uint32_t *val;
+
+				if (bytes_left < sizeof(uint32_t)) {
+					return NULL;
+				}
+
+				val = (uint32_t *)attr->value;
 
 				if (attr->length != sizeof(uint32_t)) {
 					/* Invalid */
@@ -289,7 +306,13 @@ SWITCH_DECLARE(switch_stun_packet_t *) switch_stun_packet_parse(uint8_t *buf, ui
 			break;
 		case SWITCH_STUN_ATTR_ERROR_CODE:	/* ErrorCode */
 			{
-				uint32_t *u = (uint32_t *) attr->value;
+				uint32_t *u;
+
+				if (bytes_left < sizeof(uint32_t)) {
+					return NULL;
+				}
+
+				u = (uint32_t *)attr->value;
 				*u = htonl(*u);
 			}
 			break;