Core: fixed port handling in ngx_parse_inet6_url().

This fixes buffer over-read when no port is specified in cases
similar to 5df5d7d771f6, and catches missing port separator.

diff --git a/src/core/ngx_inet.c b/src/core/ngx_inet.c
index 33b303dd06510502a31946b539ced8835e53bd41..d5b7cf96a1ff904ae4c62994b5da7c468c6a4118 100644 (file)
--- a/src/core/ngx_inet.c
+++ b/src/core/ngx_inet.c
@@ -861,7 +861,12 @@ ngx_parse_inet6_url(ngx_pool_t *pool, ngx_url_t *u)
             last = uri;
         }
 
-        if (*port == ':') {
+        if (port < last) {
+            if (*port != ':') {
+                u->err = "invalid host";
+                return NGX_ERROR;
+            }
+
             port++;
 
             len = last - port;