[nginx] Core: fixed port handling in ngx_parse_inet6_url().

Valentin Bartenev vbart at nginx.com
Wed May 11 15:01:15 UTC 2016


details:   http://hg.nginx.org/nginx/rev/b358d670c654
branches:  
changeset: 6533:b358d670c654
user:      Valentin Bartenev <vbart at nginx.com>
date:      Wed May 11 17:55:20 2016 +0300
description:
Core: fixed port handling in ngx_parse_inet6_url().

This fixes buffer over-read when no port is specified in cases
similar to 5df5d7d771f6, and catches missing port separator.

diffstat:

 src/core/ngx_inet.c |  7 ++++++-
 1 files changed, 6 insertions(+), 1 deletions(-)

diffs (17 lines):

diff -r 2f98b5709d79 -r b358d670c654 src/core/ngx_inet.c
--- a/src/core/ngx_inet.c	Thu Apr 28 16:30:19 2016 +0300
+++ b/src/core/ngx_inet.c	Wed May 11 17:55:20 2016 +0300
@@ -861,7 +861,12 @@ ngx_parse_inet6_url(ngx_pool_t *pool, ng
             last = uri;
         }
 
-        if (*port == ':') {
+        if (port < last) {
+            if (*port != ':') {
+                u->err = "invalid host";
+                return NGX_ERROR;
+            }
+
             port++;
 
             len = last - port;



More information about the nginx-devel mailing list