[nginx] Overflow detection in ngx_inet_addr().

[Maxim Dounin]

details:   http://hg.nginx.org/nginx/rev/b2a2475b2008
branches:  stable-1.6
changeset: 6086:b2a2475b2008
user:      Ruslan Ermilov <ru at nginx.com>
date:      Tue Mar 17 00:26:22 2015 +0300
description:
Overflow detection in ngx_inet_addr().

diffstat:

 src/core/ngx_inet.c |  8 ++++++--
 1 files changed, 6 insertions(+), 2 deletions(-)

diffs (32 lines):

diff --git a/src/core/ngx_inet.c b/src/core/ngx_inet.c
--- a/src/core/ngx_inet.c
+++ b/src/core/ngx_inet.c
@@ -27,6 +27,10 @@ ngx_inet_addr(u_char *text, size_t len)
 
     for (p = text; p < text + len; p++) {
 
+        if (octet > 255) {
+            return INADDR_NONE;
+        }
+
         c = *p;
 
         if (c >= '0' && c <= '9') {
@@ -34,7 +38,7 @@ ngx_inet_addr(u_char *text, size_t len)
             continue;
         }
 
-        if (c == '.' && octet < 256) {
+        if (c == '.') {
             addr = (addr << 8) + octet;
             octet = 0;
             n++;
@@ -44,7 +48,7 @@ ngx_inet_addr(u_char *text, size_t len)
         return INADDR_NONE;
     }
 
-    if (n == 3 && octet < 256) {
+    if (n == 3) {
         addr = (addr << 8) + octet;
         return htonl(addr);
     }