[nginx] svn commit: r4574 - trunk/src/core

Tue Apr 3 08:22:00 UTC 2012

Author: ru
Date: 2012-04-03 08:22:00 +0000 (Tue, 03 Apr 2012)
New Revision: 4574
URL: http://trac.nginx.org/nginx/changeset/4574/nginx

Log:
In ngx_ptocidr(), check that the supplied prefix length is within
the allowed range.


Modified:
   trunk/src/core/ngx_inet.c

Modified: trunk/src/core/ngx_inet.c
===================================================================

--- trunk/src/core/ngx_inet.c	2012-04-03 07:37:31 UTC (rev 4573)
+++ trunk/src/core/ngx_inet.c	2012-04-03 08:22:00 UTC (rev 4574)
@@ -407,6 +407,10 @@
 
 #if (NGX_HAVE_INET6)
     case AF_INET6:
+        if (shift > 128) {
+            return NGX_ERROR;
+        }
+
         addr = cidr->u.in6.addr.s6_addr;
         mask = cidr->u.in6.mask.s6_addr;
         rc = NGX_OK;
@@ -428,6 +432,9 @@
 #endif
 
     default: /* AF_INET */
+        if (shift > 32) {
+            return NGX_ERROR;
+        }
 
         if (shift) {
             cidr->u.in.mask = htonl((ngx_uint_t) (0 - (1 << (32 - shift))));

