diff options
| author | Ruslan Ermilov <ru@nginx.com> | 2015-03-17 00:26:22 +0300 |
|---|---|---|
| committer | Ruslan Ermilov <ru@nginx.com> | 2015-03-17 00:26:22 +0300 |
| commit | 166a3a13a497c7218d052a7fae4a9a5456268575 (patch) | |
| tree | 5d8cfe0008d517f5a37d9fe8834e0a395bf232a6 | |
| parent | 7523e71888d3f2b62e4752c8b7df7c554ae679f6 (diff) | |
| download | nginx-166a3a13a497c7218d052a7fae4a9a5456268575.tar.gz nginx-166a3a13a497c7218d052a7fae4a9a5456268575.tar.bz2 | |
Overflow detection in ngx_inet_addr().
| -rw-r--r-- | src/core/ngx_inet.c | 8 |
1 files changed, 6 insertions, 2 deletions
diff --git a/src/core/ngx_inet.c b/src/core/ngx_inet.c index 26c5bc4b0..2c84daf6e 100644 --- a/src/core/ngx_inet.c +++ b/src/core/ngx_inet.c @@ -27,6 +27,10 @@ ngx_inet_addr(u_char *text, size_t len) for (p = text; p < text + len; p++) { + if (octet > 255) { + return INADDR_NONE; + } + c = *p; if (c >= '0' && c <= '9') { @@ -34,7 +38,7 @@ ngx_inet_addr(u_char *text, size_t len) continue; } - if (c == '.' && octet < 256) { + if (c == '.') { addr = (addr << 8) + octet; octet = 0; n++; @@ -44,7 +48,7 @@ ngx_inet_addr(u_char *text, size_t len) return INADDR_NONE; } - if (n == 3 && octet < 256) { + if (n == 3) { addr = (addr << 8) + octet; return htonl(addr); } |