diff options
| author | Valentin Bartenev <vbart@nginx.com> | 2016-05-11 17:55:20 +0300 |
|---|---|---|
| committer | Valentin Bartenev <vbart@nginx.com> | 2016-05-11 17:55:20 +0300 |
| commit | 66be8c6608edd5d79d24581749e4621df465610d (patch) | |
| tree | 1dabde9db5b136cb3d237e571bc70997850208e5 /src | |
| parent | 2a83e5fa6d8944de8f3ef4907775e3db7409d672 (diff) | |
| download | nginx-66be8c6608edd5d79d24581749e4621df465610d.tar.gz nginx-66be8c6608edd5d79d24581749e4621df465610d.zip | |
Core: fixed port handling in ngx_parse_inet6_url().
This fixes buffer over-read when no port is specified in cases
similar to 5df5d7d771f6, and catches missing port separator.
Diffstat (limited to 'src')
| -rw-r--r-- | src/core/ngx_inet.c | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/src/core/ngx_inet.c b/src/core/ngx_inet.c index 33b303dd0..d5b7cf96a 100644 --- a/src/core/ngx_inet.c +++ b/src/core/ngx_inet.c @@ -861,7 +861,12 @@ ngx_parse_inet6_url(ngx_pool_t *pool, ngx_url_t *u) last = uri; } - if (*port == ':') { + if (port < last) { + if (*port != ':') { + u->err = "invalid host"; + return NGX_ERROR; + } + port++; len = last - port; |