diff options
| author | Valentin Bartenev <vbart@nginx.com> | 2015-04-28 18:55:03 +0300 |
|---|---|---|
| committer | Valentin Bartenev <vbart@nginx.com> | 2015-04-28 18:55:03 +0300 |
| commit | 89ad9ea30946dacb2fcf088a97f5a40d3b408d2c (patch) | |
| tree | 34e815d3001bb84eb9cabdfbde3b8dc9407f5bdd | |
| parent | 8568baef1fd2ade8bc4ce3cdf9515c90f0046d83 (diff) | |
| download | nginx-89ad9ea30946dacb2fcf088a97f5a40d3b408d2c.tar.gz nginx-89ad9ea30946dacb2fcf088a97f5a40d3b408d2c.zip | |
Fixed overflow detection in ngx_inet_addr().
Overflow detection of the last octet might not work.
Reported by Sergey Polovko.
| -rw-r--r-- | src/core/ngx_inet.c | 10 |
1 files changed, 5 insertions, 5 deletions
diff --git a/src/core/ngx_inet.c b/src/core/ngx_inet.c index 2c84daf6e..96a04fded 100644 --- a/src/core/ngx_inet.c +++ b/src/core/ngx_inet.c @@ -26,15 +26,15 @@ ngx_inet_addr(u_char *text, size_t len) n = 0; for (p = text; p < text + len; p++) { - - if (octet > 255) { - return INADDR_NONE; - } - c = *p; if (c >= '0' && c <= '9') { octet = octet * 10 + (c - '0'); + + if (octet > 255) { + return INADDR_NONE; + } + continue; } |