Follow up patch regarding bug #74216, see bug #74429

While the case in bug #74429 is not documented and is only worky due to an implementation bug, the strength seems to breach some real world apps. Given this patch doesn't impact the initial security fix for bug #74216, it is reasonable to let the apps keep working. As mentioned in the ticket, this behavior is a subject to change in future versions and should not be abused.
author: Sara Golemon <pollita@php.net> 2017-04-25 12:52:48 +0200
committer: Anatol Belski <ab@php.net> 2017-04-25 12:52:48 +0200
commit: cda7dcf4cacef3346f9dc2a4dc947e6a74769259 (patch)
tree: 3098ba81bb0c71dcacf60f9919c17609bd16c6d6
parent: 6afcd6c86abc59719aad286bab29ee51508eba9c (diff)
download: php-git-cda7dcf4cacef3346f9dc2a4dc947e6a74769259.tar.gz
1 files changed, 2 insertions, 2 deletions
diff --git a/main/streams/xp_socket.c b/main/streams/xp_socket.c
index 3ff64787aa..92be333260 100644
--- a/main/streams/xp_socket.c
+++ b/main/streams/xp_socket.c
@@ -581,7 +581,7 @@ static inline char *parse_ip_address_ex(const char *str, size_t str_len, int *po
 			return NULL;
 		}
 		*portno = strtol(p + 2, &e, 10);
-		if (e && *e) {
+		if (e && *e && *e != '/') {
 			if (get_err) {
 				*err = strpprintf(0, "Failed to parse address \"%s\"", str);
 			}
@@ -600,7 +600,7 @@ static inline char *parse_ip_address_ex(const char *str, size_t str_len, int *po
 	if (colon) {
 		char *e = NULL;
 		*portno = strtol(colon + 1, &e, 10);
-		if (!e || !*e) {
+		if (!e || !*e || *e == '/') {
 			return estrndup(str, colon - str);
 		}
 	}
author	Sara Golemon <pollita@php.net>	2017-04-25 12:52:48 +0200
committer	Anatol Belski <ab@php.net>	2017-04-25 12:52:48 +0200
commit	cda7dcf4cacef3346f9dc2a4dc947e6a74769259 (patch)
tree	3098ba81bb0c71dcacf60f9919c17609bd16c6d6
parent	6afcd6c86abc59719aad286bab29ee51508eba9c (diff)
download	php-git-cda7dcf4cacef3346f9dc2a4dc947e6a74769259.tar.gz