# HG changeset patch
# User Ruslan Ermilov <ru@nginx.com>
# Date 1333441320 0
# Node ID 98a2518a98dc5973e58b7f1921c5c14fca3b390e
# Parent  67653855682e1c573d48d5b2675b4de1943848fd
In ngx_ptocidr(), check that the supplied prefix length is within
the allowed range.

diff --git a/src/core/ngx_inet.c b/src/core/ngx_inet.c
--- a/src/core/ngx_inet.c
+++ b/src/core/ngx_inet.c
@@ -407,6 +407,10 @@ ngx_ptocidr(ngx_str_t *text, ngx_cidr_t 
 
 #if (NGX_HAVE_INET6)
     case AF_INET6:
+        if (shift > 128) {
+            return NGX_ERROR;
+        }
+
         addr = cidr->u.in6.addr.s6_addr;
         mask = cidr->u.in6.mask.s6_addr;
         rc = NGX_OK;
@@ -428,6 +432,9 @@ ngx_ptocidr(ngx_str_t *text, ngx_cidr_t 
 #endif
 
     default: /* AF_INET */
+        if (shift > 32) {
+            return NGX_ERROR;
+        }
 
         if (shift) {
             cidr->u.in.mask = htonl((ngx_uint_t) (0 - (1 << (32 - shift))));