socket: Prevent buffer under-read in nxt_inet_addr()

This was found via ASan. Given a listener address like ":" (or any address where the first character is a colon) we can end up under-reading the addr->start buffer here if (nxt_slow_path(*(buf + length - 1) == '.')) { due to length (essentially the position of the ":" in the string) being 0. Seeing as any address that starts with a ":" is invalid Unit config wise, we should simply reject the address if length == 0 in nxt_sockaddr_inet_parse(). Link: <https://clang.llvm.org/docs/AddressSanitizer.html> Signed-off-by: Arjun <[email protected]> [ Commit message - Andrew ] Signed-off-by: Andrew Clayton <[email protected]>
nginx · Aug 24, 2024 · 1e4c425 · 1e4c425
1 parent 69b830b
commit 1e4c425
Showing 1 changed file with 5 additions and 0 deletions.
diff --git a/src/nxt_sockaddr.c b/src/nxt_sockaddr.c
@@ -732,6 +732,11 @@ nxt_sockaddr_inet_parse(nxt_mp_t *mp, nxt_str_t *addr)
         length = p - addr->start;
     }
 
+    if (length == 0) {
+        nxt_thread_log_error(NXT_LOG_ERR, "invalid address \"%V\"", addr);
+        return NULL;
+    }
+
     inaddr = INADDR_ANY;
 
     if (length != 1 || addr->start[0] != '*') {