Add immediate sanity check on untrusted length

We were actually checking this indirectly in the loop that follows, but it's more clear to check this immediately and directly.

Add immediate sanity check on untrusted length
We were actually checking this indirectly in the loop that follows, but it's more clear to check this immediately and directly.
16365501 · Travis Cross · 711e49c4 · 16365501
--- a/src/switch_stun.c
+++ b/src/switch_stun.c
@@ -129,7 +129,8 @@ SWITCH_DECLARE(switch_stun_packet_t *) switch_stun_packet_parse(uint8_t *buf, ui
 	packet = (switch_stun_packet_t *) buf;
 	packet->header.type = ntohs(packet->header.type);
 	packet->header.length = ntohs(packet->header.length);
-	bytes_left -= 20;
+	if (packet->header.length > (bytes_left -= 20))
+		return NULL;


 	/*