diff options
author | Sara Golemon <pollita@php.net> | 2017-04-25 12:52:48 +0200 |
---|---|---|
committer | Anatol Belski <ab@php.net> | 2017-04-25 12:52:48 +0200 |
commit | cda7dcf4cacef3346f9dc2a4dc947e6a74769259 (patch) | |
tree | 3098ba81bb0c71dcacf60f9919c17609bd16c6d6 | |
parent | 6afcd6c86abc59719aad286bab29ee51508eba9c (diff) | |
download | php-git-cda7dcf4cacef3346f9dc2a4dc947e6a74769259.tar.gz |
Follow up patch regarding bug #74216, see bug #74429
While the case in bug #74429 is not documented and is only worky due to
an implementation bug, the strength seems to breach some real world
apps. Given this patch doesn't impact the initial security fix for
bug #74216, it is reasonable to let the apps keep working. As mentioned
in the ticket, this behavior is a subject to change in future versions
and should not be abused.
-rw-r--r-- | main/streams/xp_socket.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/main/streams/xp_socket.c b/main/streams/xp_socket.c index 3ff64787aa..92be333260 100644 --- a/main/streams/xp_socket.c +++ b/main/streams/xp_socket.c @@ -581,7 +581,7 @@ static inline char *parse_ip_address_ex(const char *str, size_t str_len, int *po return NULL; } *portno = strtol(p + 2, &e, 10); - if (e && *e) { + if (e && *e && *e != '/') { if (get_err) { *err = strpprintf(0, "Failed to parse address \"%s\"", str); } @@ -600,7 +600,7 @@ static inline char *parse_ip_address_ex(const char *str, size_t str_len, int *po if (colon) { char *e = NULL; *portno = strtol(colon + 1, &e, 10); - if (!e || !*e) { + if (!e || !*e || *e == '/') { return estrndup(str, colon - str); } } |