Overflow detection in ngx_inet_addr().

author: Ruslan Ermilov <ru@nginx.com> 2015-03-17 00:26:22 +0300
committer: Ruslan Ermilov <ru@nginx.com> 2015-03-17 00:26:22 +0300
commit: a43f1bcf6e9c926cf6949d1a936f99243d672510 (patch)
tree: 102c66521fee375510ada3d70c3837b52a26030b /src
parent: 3ad3f4ae0a7ad64ded4ad4bebf156526deaf95a2 (diff)
download: nginx-a43f1bcf6e9c926cf6949d1a936f99243d672510.tar.gz
nginx-a43f1bcf6e9c926cf6949d1a936f99243d672510.zip
1 files changed, 6 insertions, 2 deletions
diff --git a/src/core/ngx_inet.c b/src/core/ngx_inet.c
index 26c5bc4b0..2c84daf6e 100644
--- a/src/core/ngx_inet.c
+++ b/src/core/ngx_inet.c
@@ -27,6 +27,10 @@ ngx_inet_addr(u_char *text, size_t len)
 
     for (p = text; p < text + len; p++) {
 
+        if (octet > 255) {
+            return INADDR_NONE;
+        }
+
         c = *p;
 
         if (c >= '0' && c <= '9') {
@@ -34,7 +38,7 @@ ngx_inet_addr(u_char *text, size_t len)
             continue;
         }
 
-        if (c == '.' && octet < 256) {
+        if (c == '.') {
             addr = (addr << 8) + octet;
             octet = 0;
             n++;
@@ -44,7 +48,7 @@ ngx_inet_addr(u_char *text, size_t len)
         return INADDR_NONE;
     }
 
-    if (n == 3 && octet < 256) {
+    if (n == 3) {
         addr = (addr << 8) + octet;
         return htonl(addr);
     }
author	Ruslan Ermilov <ru@nginx.com>	2015-03-17 00:26:22 +0300
committer	Ruslan Ermilov <ru@nginx.com>	2015-03-17 00:26:22 +0300
commit	a43f1bcf6e9c926cf6949d1a936f99243d672510 (patch)
tree	102c66521fee375510ada3d70c3837b52a26030b /src
parent	3ad3f4ae0a7ad64ded4ad4bebf156526deaf95a2 (diff)
download	nginx-a43f1bcf6e9c926cf6949d1a936f99243d672510.tar.gz nginx-a43f1bcf6e9c926cf6949d1a936f99243d672510.zip