Core: fixed port handling in ngx_parse_inet6_url(). This fixes buffer over-read when no port is specified in cases similar to 5df5d7d771f6, and catches missing port separator.

commit: d61fb5d271daea3c05f539d84e2ba2e7e59daad5 [log] [tgz]
author: Valentin Bartenev <vbart@nginx.com> Wed May 11 17:55:20 2016 +0300
committer: Valentin Bartenev <vbart@nginx.com> Wed May 11 17:55:20 2016 +0300
tree: 1dabde9db5b136cb3d237e571bc70997850208e5
parent: 0a98e2ae004e2416dfade39ba1c4e608754279f0 [diff]
diff --git a/src/core/ngx_inet.c b/src/core/ngx_inet.c
index 33b303d..d5b7cf9 100644
--- a/src/core/ngx_inet.c
+++ b/src/core/ngx_inet.c

@@ -861,7 +861,12 @@
             last = uri;
         }
 
-        if (*port == ':') {
+        if (port < last) {
+            if (*port != ':') {
+                u->err = "invalid host";
+                return NGX_ERROR;
+            }
+
             port++;
 
             len = last - port;
commit	d61fb5d271daea3c05f539d84e2ba2e7e59daad5	[log] [tgz]
author	Valentin Bartenev <vbart@nginx.com>	Wed May 11 17:55:20 2016 +0300
committer	Valentin Bartenev <vbart@nginx.com>	Wed May 11 17:55:20 2016 +0300
tree	1dabde9db5b136cb3d237e571bc70997850208e5
parent	0a98e2ae004e2416dfade39ba1c4e608754279f0 [diff]