mirror of
https://github.com/coturn/coturn.git
synced 2026-04-09 14:21:22 +02:00
c85248fb7a
… TCP channel framing bypass stun_get_message_len_str (line 931) — widened bret from uint16_t to uint32_t. 4 + 0xFFFF = 65539 now fits without truncation; the buffer check bret <= blen correctly returns -1 when the full message hasn't arrived. stun_is_channel_message_str (lines 791–795) — replaced the silent mutation of the caller's *blen with a local blen16 variable. The original code wrote *blen = 65535 before the function even confirmed a valid channel message, leaving the caller's buffer-length corrupted on a false return. Fixes #1837