main/libnice: update to 0.1.15

1 files changed, 32 insertions, 0 deletions

diff --git a/main/libnice/0002-avoid-potential-integer-overflow.patch b/main/libnice/0002-avoid-potential-integer-overflow.patch
new file mode 100644
index 0000000000..d1e2fdf3e9
--- /dev/null
+++ b/main/libnice/0002-avoid-potential-integer-overflow.patch
@@ -0,0 +1,32 @@
+From 6b1eec0630516698ac9cd3343ef7eb8515fee231 Mon Sep 17 00:00:00 2001
+From: Jakub Adam <jakub.adam@collabora.com>
+Date: Thu, 3 Jan 2019 21:26:41 +0100
+Subject: [PATCH] udp-turn: Avoid potential integer overflow
+
+---
+ socket/udp-turn.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/socket/udp-turn.c b/socket/udp-turn.c
+index 1bc5e031..c3b152d1 100644
+--- a/socket/udp-turn.c
++++ b/socket/udp-turn.c
+@@ -362,7 +362,7 @@ socket_recv_messages (NiceSocket *sock,
+     guint f_buffer_len = priv->fragment_buffer->len;
+ 
+     for (i = 0; i < n_recv_messages && f_buffer_len >= sizeof (guint16); ++i) {
+-      guint16 msg_len = ((f_buffer[0] << 8) | f_buffer[1]) + sizeof (guint16);
++      guint32 msg_len = ((f_buffer[0] << 8) | f_buffer[1]) + sizeof (guint16);
+ 
+       if (msg_len > f_buffer_len) {
+         /* The next message in the buffer isn't complete yet. Wait for more
+@@ -450,7 +450,7 @@ socket_recv_messages (NiceSocket *sock,
+     if (nice_socket_is_reliable (sock) && parsed_buffer_length > 0) {
+       /* Determine the portion of the current NiceInputMessage we can already
+        * return. */
+-      guint16 msg_len = 0;
++      gint32 msg_len = 0;
+       if (!priv->fragment_buffer) {
+         msg_len = ((buffer[0] << 8) | buffer[1]) + sizeof (guint16);
+         if (msg_len > parsed_buffer_length) {
+