Google Git
Sign in
nginx/nginx/d61fb5d271daea3c05f539d84e2ba2e7e59daad5^!/.
commit
d61fb5d271daea3c05f539d84e2ba2e7e59daad5
[log] [tgz]
author
Valentin Bartenev <vbart@nginx.com>
Wed May 11 17:55:20 2016 +0300
committer
Valentin Bartenev <vbart@nginx.com>
Wed May 11 17:55:20 2016 +0300
tree
1dabde9db5b136cb3d237e571bc70997850208e5
parent
0a98e2ae004e2416dfade39ba1c4e608754279f0 [diff]
Core: fixed port handling in ngx_parse_inet6_url().

This fixes buffer over-read when no port is specified in cases
similar to 5df5d7d771f6, and catches missing port separator.

diff --git a/src/core/ngx_inet.c b/src/core/ngx_inet.c
index 33b303d..d5b7cf9 100644
--- a/src/core/ngx_inet.c
+++ b/src/core/ngx_inet.c

@@ -861,7 +861,12 @@
             last = uri;
         }
 
-        if (*port == ':') {
+        if (port < last) {
+            if (*port != ':') {
+                u->err = "invalid host";
+                return NGX_ERROR;
+            }
+
             port++;
 
             len = last - port;