diff options
| author | Arjun <pkillarjun@protonmail.com> | 2024-08-23 09:15:18 +0530 |
|---|---|---|
| committer | Andrew Clayton <a.clayton@nginx.com> | 2024-08-26 15:18:12 +0100 |
| commit | 932b914618791b6c9648b1066e0cfe4ee6d25cff (patch) | |
| tree | 38d355962e28113cf61415be73589c223e674e9b /src | |
| parent | 719207693ef42953e50b1422c59fafc497320d41 (diff) | |
| download | unit-932b914618791b6c9648b1066e0cfe4ee6d25cff.tar.gz unit-932b914618791b6c9648b1066e0cfe4ee6d25cff.tar.bz2 | |
socket: Prevent buffer under-read in nxt_inet_addr()
This was found via ASan.
Given a listener address like ":" (or any address where the first
character is a colon) we can end up under-reading the addr->start
buffer here
if (nxt_slow_path(*(buf + length - 1) == '.')) {
due to length (essentially the position of the ":" in the string) being
0.
Seeing as any address that starts with a ":" is invalid Unit config
wise, we should simply reject the address if length == 0 in
nxt_sockaddr_inet_parse().
Link: <https://clang.llvm.org/docs/AddressSanitizer.html>
Signed-off-by: Arjun <pkillarjun@protonmail.com>
[ Commit message - Andrew ]
Signed-off-by: Andrew Clayton <a.clayton@nginx.com>
Diffstat (limited to 'src')
| -rw-r--r-- | src/nxt_sockaddr.c | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/src/nxt_sockaddr.c b/src/nxt_sockaddr.c index 32941893..4d1e723b 100644 --- a/src/nxt_sockaddr.c +++ b/src/nxt_sockaddr.c @@ -732,6 +732,11 @@ nxt_sockaddr_inet_parse(nxt_mp_t *mp, nxt_str_t *addr) length = p - addr->start; } + if (length == 0) { + nxt_thread_log_error(NXT_LOG_ERR, "invalid address \"%V\"", addr); + return NULL; + } + inaddr = INADDR_ANY; if (length != 1 || addr->start[0] != '*') { |