Mercurial > hg > nginx-vendor-current
comparison src/core/ngx_inet.c @ 670:ad45b044f1e5 NGINX_1_1_19
nginx 1.1.19
*) Security: specially crafted mp4 file might allow to overwrite memory
locations in a worker process if the ngx_http_mp4_module was used,
potentially resulting in arbitrary code execution (CVE-2012-2089).
Thanks to Matthew Daley.
*) Bugfix: nginx/Windows might be terminated abnormally.
Thanks to Vincent Lee.
*) Bugfix: nginx hogged CPU if all servers in an upstream were marked as
"backup".
*) Bugfix: the "allow" and "deny" directives might be inherited
incorrectly if they were used with IPv6 addresses.
*) Bugfix: the "modern_browser" and "ancient_browser" directives might
be inherited incorrectly.
*) Bugfix: timeouts might be handled incorrectly on Solaris/SPARC.
*) Bugfix: in the ngx_http_mp4_module.
| author | Igor Sysoev <http://sysoev.ru> |
|---|---|
| date | Thu, 12 Apr 2012 00:00:00 +0400 |
| parents | d0f7a625f27c |
| children | bfa81a0490a2 |
comparison
equal
deleted
inserted
replaced
| 669:3f5d0be5ee74 | 670:ad45b044f1e5 |
|---|---|
| 42 } | 42 } |
| 43 | 43 |
| 44 return INADDR_NONE; | 44 return INADDR_NONE; |
| 45 } | 45 } |
| 46 | 46 |
| 47 if (n != 3) { | 47 if (n == 3 && octet < 256) { |
| 48 return INADDR_NONE; | |
| 49 } | |
| 50 | |
| 51 if (octet < 256) { | |
| 52 addr = (addr << 8) + octet; | 48 addr = (addr << 8) + octet; |
| 53 return htonl(addr); | 49 return htonl(addr); |
| 54 } | 50 } |
| 55 | 51 |
| 56 return INADDR_NONE; | 52 return INADDR_NONE; |
| 405 | 401 |
| 406 switch (cidr->family) { | 402 switch (cidr->family) { |
| 407 | 403 |
| 408 #if (NGX_HAVE_INET6) | 404 #if (NGX_HAVE_INET6) |
| 409 case AF_INET6: | 405 case AF_INET6: |
| 406 if (shift > 128) { | |
| 407 return NGX_ERROR; | |
| 408 } | |
| 409 | |
| 410 addr = cidr->u.in6.addr.s6_addr; | 410 addr = cidr->u.in6.addr.s6_addr; |
| 411 mask = cidr->u.in6.mask.s6_addr; | 411 mask = cidr->u.in6.mask.s6_addr; |
| 412 rc = NGX_OK; | 412 rc = NGX_OK; |
| 413 | 413 |
| 414 for (i = 0; i < 16; i++) { | 414 for (i = 0; i < 16; i++) { |
| 415 | 415 |
| 416 s = (shift > 8) ? 8 : shift; | 416 s = (shift > 8) ? 8 : shift; |
| 417 shift -= s; | 417 shift -= s; |
| 418 | 418 |
| 419 mask[i] = (u_char) (0 - (1 << (8 - s))); | 419 mask[i] = (u_char) (0xffu << (8 - s)); |
| 420 | 420 |
| 421 if (addr[i] != (addr[i] & mask[i])) { | 421 if (addr[i] != (addr[i] & mask[i])) { |
| 422 rc = NGX_DONE; | 422 rc = NGX_DONE; |
| 423 addr[i] &= mask[i]; | 423 addr[i] &= mask[i]; |
| 424 } | 424 } |
| 426 | 426 |
| 427 return rc; | 427 return rc; |
| 428 #endif | 428 #endif |
| 429 | 429 |
| 430 default: /* AF_INET */ | 430 default: /* AF_INET */ |
| 431 if (shift > 32) { | |
| 432 return NGX_ERROR; | |
| 433 } | |
| 431 | 434 |
| 432 if (shift) { | 435 if (shift) { |
| 433 cidr->u.in.mask = htonl((ngx_uint_t) (0 - (1 << (32 - shift)))); | 436 cidr->u.in.mask = htonl((uint32_t) (0xffffffffu << (32 - shift))); |
| 434 | 437 |
| 435 } else { | 438 } else { |
| 436 /* x86 compilers use a shl instruction that shifts by modulo 32 */ | 439 /* x86 compilers use a shl instruction that shifts by modulo 32 */ |
| 437 cidr->u.in.mask = 0; | 440 cidr->u.in.mask = 0; |
| 438 } | 441 } |
| 457 #if (NGX_HAVE_INET6) | 460 #if (NGX_HAVE_INET6) |
| 458 struct in6_addr inaddr6; | 461 struct in6_addr inaddr6; |
| 459 struct sockaddr_in6 *sin6; | 462 struct sockaddr_in6 *sin6; |
| 460 | 463 |
| 461 /* | 464 /* |
| 462 * prevent MSVC8 waring: | 465 * prevent MSVC8 warning: |
| 463 * potentially uninitialized local variable 'inaddr6' used | 466 * potentially uninitialized local variable 'inaddr6' used |
| 464 */ | 467 */ |
| 465 ngx_memzero(inaddr6.s6_addr, sizeof(struct in6_addr)); | 468 ngx_memzero(inaddr6.s6_addr, sizeof(struct in6_addr)); |
| 466 #endif | 469 #endif |
| 467 | 470 |