Coturn: Stack buffer overflow in decode_oauth_token_gcm()

An attacker who can reach a coturn server running in `--oauth` mode (non-default but commonly recommended for WebRTC REST API authentication) and knows or can guess a valid OAuth `kid` can send a crafted STUN packet. The attacker first obtains a NONCE unauthenticated via a 401 challenge (one network round-trip). Then they send an ALLOCATE request with a crafted `OAUTH_ACCESS_TOKEN` containing a `nonce_len` of up to 990 (overflow of 734 bytes) and an arbitrary 20-byte `MESSAGE-INTEGRITY` (HMAC is not verified before the overflow). The overflow occurs before AES-GCM authentication is verified, so no valid key material is needed. This is a classic stack buffer overflow [CWE-121] where the length field is not validated against the destination buffer size.

The vulnerability resides in `decode_oauth_token_gcm()` in `src/client/ns_turn_msg.c` (around line 2358). A `uint16_t nonce_len` read from an attacker-supplied OAuth access token is passed directly to `memcpy()` as the copy length into a 256-byte stack buffer (`oauth_encrypted_block.nonce[256]`) without bounds checking. The overflow occurs before AES-GCM authentication is verified, so the attacker does not need to know the OAuth key or produce a valid AES-GCM token. Up to 735 bytes of attacker-controlled data are written past the buffer, potentially corrupting adjacent stack data including control-flow data depending on compiler, ABI, and mitigations.

The fix adds a bounds check before the `memcpy` in `decode_oauth_token_gcm()`: if `nonce_len > OAUTH_MAX_NONCE_SIZE` (256), the function returns false with an error log. This prevents the overflow by ensuring that the attacker-supplied length never exceeds the destination buffer capacity. The check is placed before the `memcpy` and after the token size validation, closing the gap where a large `nonce_len` would pass the source-size check but overflow the destination buffer.

A Python network PoC (poc.py) sends crafted STUN/TURN packets: sends bare ALLOCATE to obtain NONCE from 401 challenge, then sends ALLOCATE with crafted OAUTH_ACCESS_TOKEN containing nonce_len=990 (overflow of 734 bytes) and arbitrary 20-byte MESSAGE-INTEGRITY. Command: `python3 poc.py <server_ip> [port]`. ASan output confirms a stack-buffer-overflow WRITE of size 990 at `decode_oauth_token_gcm` in `ns_turn_msg.c:2358`.