In ngx_ptocidr(), check that the supplied prefix length is within

the allowed range.
author: Ruslan Ermilov <ru@nginx.com> 2012-04-03 08:22:00 +0000
committer: Ruslan Ermilov <ru@nginx.com> 2012-04-03 08:22:00 +0000
commit: bffbbeb73f6b4b9a183c1c54b7db1d8c3b1fc1bb (patch)
tree: eede5e1629a438711ea189304969c5ce9d249cc2 /src/core/ngx_inet.c
parent: 47a04aaa275d1a9b4a51997910f2b2a881464943 (diff)
download: nginx-bffbbeb73f6b4b9a183c1c54b7db1d8c3b1fc1bb.tar.gz
nginx-bffbbeb73f6b4b9a183c1c54b7db1d8c3b1fc1bb.zip
1 files changed, 7 insertions, 0 deletions
diff --git a/src/core/ngx_inet.c b/src/core/ngx_inet.c
index cfc06e48d..a6ce9f395 100644
--- a/src/core/ngx_inet.c
+++ b/src/core/ngx_inet.c
@@ -407,6 +407,10 @@ ngx_ptocidr(ngx_str_t *text, ngx_cidr_t *cidr)
 
 #if (NGX_HAVE_INET6)
     case AF_INET6:
+        if (shift > 128) {
+            return NGX_ERROR;
+        }
+
         addr = cidr->u.in6.addr.s6_addr;
         mask = cidr->u.in6.mask.s6_addr;
         rc = NGX_OK;
@@ -428,6 +432,9 @@ ngx_ptocidr(ngx_str_t *text, ngx_cidr_t *cidr)
 #endif
 
     default: /* AF_INET */
+        if (shift > 32) {
+            return NGX_ERROR;
+        }
 
         if (shift) {
             cidr->u.in.mask = htonl((ngx_uint_t) (0 - (1 << (32 - shift))));
author	Ruslan Ermilov <ru@nginx.com>	2012-04-03 08:22:00 +0000
committer	Ruslan Ermilov <ru@nginx.com>	2012-04-03 08:22:00 +0000
commit	bffbbeb73f6b4b9a183c1c54b7db1d8c3b1fc1bb (patch)
tree	eede5e1629a438711ea189304969c5ce9d249cc2 /src/core/ngx_inet.c
parent	47a04aaa275d1a9b4a51997910f2b2a881464943 (diff)
download	nginx-bffbbeb73f6b4b9a183c1c54b7db1d8c3b1fc1bb.tar.gz nginx-bffbbeb73f6b4b9a183c1c54b7db1d8c3b1fc1bb.zip