Merge pull request #2549 from signalwire/stun_overrun

[Core] switch_stun.c: Coverity 1468480: Out-of-bounds access (OVERRUN)

src/include/switch_stun.h

@@ -141,6 +141,13 @@ typedef struct {
 	uint32_t address;
 } switch_stun_ip_t;
 
+typedef struct {
+	uint8_t wasted;
+	uint8_t family;
+	uint16_t port;
+	uint8_t address[16];
+} switch_stun_ipv6_t;
+
 #if SWITCH_BYTE_ORDER == __BIG_ENDIAN
 
 typedef struct {

src/switch_stun.c

@@ -401,13 +401,17 @@ SWITCH_DECLARE(uint8_t) switch_stun_packet_attribute_get_mapped_address(switch_s
 SWITCH_DECLARE(uint8_t) switch_stun_packet_attribute_get_xor_mapped_address(switch_stun_packet_attribute_t *attribute, switch_stun_packet_header_t *header, char *ipstr, switch_size_t iplen, uint16_t *port)
 {
 	switch_stun_ip_t *ip;
+	switch_stun_ipv6_t *ipv6;
 	uint8_t x, *i;
 	char *p = ipstr;
 
 	ip = (switch_stun_ip_t *) attribute->value;
 
 	if (ip->family == 2) {
-		uint8_t *v6addr = (uint8_t *) &ip->address;
+		uint8_t *v6addr;
+
+		ipv6 = (switch_stun_ipv6_t *)attribute->value;
+		v6addr = (uint8_t *) &ipv6->address;
 		v6_xor(v6addr, (uint8_t *)header->id);
 		inet_ntop(AF_INET6, v6addr, ipstr, iplen);
 	} else {