From 4396ce4cb8fa2d99a1ec5c52097b54fd8bd8784d Mon Sep 17 00:00:00 2001 From: Wayne Davison Date: Mon, 22 Jun 2020 11:01:45 -0700 Subject: [PATCH] Don't accept overly long IPv6 numbers The current code stops parsing a hex number after 4 digits and then loops around to look for punctuation. If none is found, it just starts parsing more hex digits, so it will accept invalid IPv6 such as `1::1234567890abcdef` My simple tweak makes it return 0 if a 5th digit is found. --- src/src/string.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/src/string.c b/src/src/string.c index 3cacccce9a..b566bcc64c 100644 --- a/src/src/string.c +++ b/src/src/string.c @@ -112,7 +112,7 @@ if (Ustrchr(s, ':') != NULL) component. */ if (!isxdigit(*s++)) return 0; - if (isxdigit(*s) && isxdigit(*(++s)) && isxdigit(*(++s))) s++; + if (isxdigit(*s) && isxdigit(*(++s)) && isxdigit(*(++s)) && isxdigit(*(++s))) return 0; /* If the component is terminated by colon and there is more to follow, skip over the colon. If there is no more to follow the address is