socket: Prevent buffer under-read in nxt_inet_addr()

This was found via ASan. Given a listener address like ":" (or any address where the first character is a colon) we can end up under-reading the addr->start buffer here if (nxt_slow_path(*(buf + length - 1) == '.')) { due to length (essentially the position of the ":" in the string) being 0. Seeing as any address that starts with a ":" is invalid Unit config wise, we should simply reject the address if length == 0 in nxt_sockaddr_inet_parse(). Link: <https://clang.llvm.org/docs/AddressSanitizer.html> Signed-off-by: Arjun <pkillarjun@protonmail.com> [ Commit message - Andrew ] Signed-off-by: Andrew Clayton <a.clayton@nginx.com>
author: Arjun <pkillarjun@protonmail.com> 2024-08-23 09:15:18 +0530
committer: Andrew Clayton <a.clayton@nginx.com> 2024-08-26 15:18:12 +0100
commit: 932b914618791b6c9648b1066e0cfe4ee6d25cff (patch)
tree: 38d355962e28113cf61415be73589c223e674e9b
parent: 719207693ef42953e50b1422c59fafc497320d41 (diff)
download: unit-932b914618791b6c9648b1066e0cfe4ee6d25cff.tar.gz
unit-932b914618791b6c9648b1066e0cfe4ee6d25cff.tar.bz2
1 files changed, 5 insertions, 0 deletions
diff --git a/src/nxt_sockaddr.c b/src/nxt_sockaddr.c
index 32941893..4d1e723b 100644
--- a/src/nxt_sockaddr.c
+++ b/src/nxt_sockaddr.c
@@ -732,6 +732,11 @@ nxt_sockaddr_inet_parse(nxt_mp_t *mp, nxt_str_t *addr)
         length = p - addr->start;
     }
 
+    if (length == 0) {
+        nxt_thread_log_error(NXT_LOG_ERR, "invalid address \"%V\"", addr);
+        return NULL;
+    }
+
     inaddr = INADDR_ANY;
 
     if (length != 1 || addr->start[0] != '*') {
author	Arjun <pkillarjun@protonmail.com>	2024-08-23 09:15:18 +0530
committer	Andrew Clayton <a.clayton@nginx.com>	2024-08-26 15:18:12 +0100
commit	932b914618791b6c9648b1066e0cfe4ee6d25cff (patch)
tree	38d355962e28113cf61415be73589c223e674e9b
parent	719207693ef42953e50b1422c59fafc497320d41 (diff)
download	unit-932b914618791b6c9648b1066e0cfe4ee6d25cff.tar.gz unit-932b914618791b6c9648b1066e0cfe4ee6d25cff.tar.bz2