Before validating a STUN packet, check it's big enough for a header.
Otherwise, we'll read out of bounds if the packet is too small.
NOTRY=true
Review-Url: https://codereview.webrtc.org/2040953003
Cr-Commit-Position: refs/heads/master@{#13093}
diff --git a/webrtc/p2p/base/stun.cc b/webrtc/p2p/base/stun.cc
index ac3fd5f..180597e 100644
--- a/webrtc/p2p/base/stun.cc
+++ b/webrtc/p2p/base/stun.cc
@@ -132,7 +132,7 @@
bool StunMessage::ValidateMessageIntegrity(const char* data, size_t size,
const std::string& password) {
// Verifying the size of the message.
- if ((size % 4) != 0) {
+ if ((size % 4) != 0 || size < kStunHeaderSize) {
return false;
}