Before validating a STUN packet, check it's big enough for a header. Otherwise, we'll read out of bounds if the packet is too small. NOTRY=true Review-Url: https://codereview.webrtc.org/2040953003 Cr-Commit-Position: refs/heads/master@{#13093}

commit: e4bda2437691dc57a8ab62500801ed0d487b0f80 [log] [tgz]
author: katrielc <katrielc@webrtc.org> Thu Jun 09 15:45:45 2016
committer: Commit bot <commit-bot@chromium.org> Thu Jun 09 15:45:52 2016
tree: 04635e04694d193789e60cbd2e3857a5d7b1570b
parent: 101f250a30d3f5d0e157cf4569af9384a98f6696 [diff]
diff --git a/webrtc/p2p/base/stun.cc b/webrtc/p2p/base/stun.cc
index ac3fd5f..180597e 100644
--- a/webrtc/p2p/base/stun.cc
+++ b/webrtc/p2p/base/stun.cc

@@ -132,7 +132,7 @@
 bool StunMessage::ValidateMessageIntegrity(const char* data, size_t size,
                                            const std::string& password) {
   // Verifying the size of the message.
-  if ((size % 4) != 0) {
+  if ((size % 4) != 0 || size < kStunHeaderSize) {
     return false;
   }
commit	e4bda2437691dc57a8ab62500801ed0d487b0f80	[log] [tgz]
author	katrielc <katrielc@webrtc.org>	Thu Jun 09 15:45:45 2016
committer	Commit bot <commit-bot@chromium.org>	Thu Jun 09 15:45:52 2016
tree	04635e04694d193789e60cbd2e3857a5d7b1570b
parent	101f250a30d3f5d0e157cf4569af9384a98f6696 [diff]