Mercurial > hg > nginx-vendor-current
comparison src/core/ngx_inet.c @ 670:ad45b044f1e5 NGINX_1_1_19
nginx 1.1.19
*) Security: specially crafted mp4 file might allow to overwrite memory
locations in a worker process if the ngx_http_mp4_module was used,
potentially resulting in arbitrary code execution (CVE-2012-2089).
Thanks to Matthew Daley.
*) Bugfix: nginx/Windows might be terminated abnormally.
Thanks to Vincent Lee.
*) Bugfix: nginx hogged CPU if all servers in an upstream were marked as
"backup".
*) Bugfix: the "allow" and "deny" directives might be inherited
incorrectly if they were used with IPv6 addresses.
*) Bugfix: the "modern_browser" and "ancient_browser" directives might
be inherited incorrectly.
*) Bugfix: timeouts might be handled incorrectly on Solaris/SPARC.
*) Bugfix: in the ngx_http_mp4_module.
author | Igor Sysoev <http://sysoev.ru> |
---|---|
date | Thu, 12 Apr 2012 00:00:00 +0400 |
parents | d0f7a625f27c |
children | bfa81a0490a2 |
comparison
equal
deleted
inserted
replaced
669:3f5d0be5ee74 | 670:ad45b044f1e5 |
---|---|
42 } | 42 } |
43 | 43 |
44 return INADDR_NONE; | 44 return INADDR_NONE; |
45 } | 45 } |
46 | 46 |
47 if (n != 3) { | 47 if (n == 3 && octet < 256) { |
48 return INADDR_NONE; | |
49 } | |
50 | |
51 if (octet < 256) { | |
52 addr = (addr << 8) + octet; | 48 addr = (addr << 8) + octet; |
53 return htonl(addr); | 49 return htonl(addr); |
54 } | 50 } |
55 | 51 |
56 return INADDR_NONE; | 52 return INADDR_NONE; |
405 | 401 |
406 switch (cidr->family) { | 402 switch (cidr->family) { |
407 | 403 |
408 #if (NGX_HAVE_INET6) | 404 #if (NGX_HAVE_INET6) |
409 case AF_INET6: | 405 case AF_INET6: |
406 if (shift > 128) { | |
407 return NGX_ERROR; | |
408 } | |
409 | |
410 addr = cidr->u.in6.addr.s6_addr; | 410 addr = cidr->u.in6.addr.s6_addr; |
411 mask = cidr->u.in6.mask.s6_addr; | 411 mask = cidr->u.in6.mask.s6_addr; |
412 rc = NGX_OK; | 412 rc = NGX_OK; |
413 | 413 |
414 for (i = 0; i < 16; i++) { | 414 for (i = 0; i < 16; i++) { |
415 | 415 |
416 s = (shift > 8) ? 8 : shift; | 416 s = (shift > 8) ? 8 : shift; |
417 shift -= s; | 417 shift -= s; |
418 | 418 |
419 mask[i] = (u_char) (0 - (1 << (8 - s))); | 419 mask[i] = (u_char) (0xffu << (8 - s)); |
420 | 420 |
421 if (addr[i] != (addr[i] & mask[i])) { | 421 if (addr[i] != (addr[i] & mask[i])) { |
422 rc = NGX_DONE; | 422 rc = NGX_DONE; |
423 addr[i] &= mask[i]; | 423 addr[i] &= mask[i]; |
424 } | 424 } |
426 | 426 |
427 return rc; | 427 return rc; |
428 #endif | 428 #endif |
429 | 429 |
430 default: /* AF_INET */ | 430 default: /* AF_INET */ |
431 if (shift > 32) { | |
432 return NGX_ERROR; | |
433 } | |
431 | 434 |
432 if (shift) { | 435 if (shift) { |
433 cidr->u.in.mask = htonl((ngx_uint_t) (0 - (1 << (32 - shift)))); | 436 cidr->u.in.mask = htonl((uint32_t) (0xffffffffu << (32 - shift))); |
434 | 437 |
435 } else { | 438 } else { |
436 /* x86 compilers use a shl instruction that shifts by modulo 32 */ | 439 /* x86 compilers use a shl instruction that shifts by modulo 32 */ |
437 cidr->u.in.mask = 0; | 440 cidr->u.in.mask = 0; |
438 } | 441 } |
457 #if (NGX_HAVE_INET6) | 460 #if (NGX_HAVE_INET6) |
458 struct in6_addr inaddr6; | 461 struct in6_addr inaddr6; |
459 struct sockaddr_in6 *sin6; | 462 struct sockaddr_in6 *sin6; |
460 | 463 |
461 /* | 464 /* |
462 * prevent MSVC8 waring: | 465 * prevent MSVC8 warning: |
463 * potentially uninitialized local variable 'inaddr6' used | 466 * potentially uninitialized local variable 'inaddr6' used |
464 */ | 467 */ |
465 ngx_memzero(inaddr6.s6_addr, sizeof(struct in6_addr)); | 468 ngx_memzero(inaddr6.s6_addr, sizeof(struct in6_addr)); |
466 #endif | 469 #endif |
467 | 470 |