From da1d064648ef7f69a84e4c1b7e0a7c301492157e Mon Sep 17 00:00:00 2001
From: Marcel De Kogel <mdekogel@cisco.com>
Date: Tue, 30 Oct 2018 18:28:09 -0700
Subject: [PATCH] check buffer length before copying into fixed-length buffer

---
 AUTHORS       | 1 +
 src/stunlib.c | 4 ++++
 2 files changed, 5 insertions(+)

diff --git a/AUTHORS b/AUTHORS
index 6b809b8..0a763ae 100644
--- a/AUTHORS
+++ b/AUTHORS
@@ -3,3 +3,4 @@
 
 Pål-Erik Martinsen <palmarti@cisco.com>
 Vladislav Volkov   <wwwvladislav@gmail.com>
+Marcel De Kogel    <mdekogel@cisco.com>
diff --git a/src/stunlib.c b/src/stunlib.c
index cb37997..1cd6288 100644
--- a/src/stunlib.c
+++ b/src/stunlib.c
@@ -2553,6 +2553,10 @@ stunlib_checkIntegrity(const uint8_t* buf,
       msgIntLength =  msgIntLength - 8;
     }
 
+    if (bufLen > STUN_MAX_PACKET_SIZE)
+    {
+      return false;
+    }
     memcpy(&bufCopy, buf, bufLen);
 
     /*Write new packet length in header*/