Follow up patch regarding bug #74216, see bug #74429

While the case in bug #74429 is not documented and is only worky due to an implementation bug, the strength seems to breach some real world apps. Given this patch doesn't impact the initial security fix for bug #74216, it is reasonable to let the apps keep working. As mentioned in the ticket, this behavior is a subject to change in future versions and should not be abused.
php · Apr 25, 2017 · cda7dcf · cda7dcf
1 parent 6afcd6c
commit cda7dcf
Showing 1 changed file with 2 additions and 2 deletions.
diff --git a/main/streams/xp_socket.c b/main/streams/xp_socket.c
@@ -581,7 +581,7 @@ static inline char *parse_ip_address_ex(const char *str, size_t str_len, int *po
 			return NULL;
 		}
 		*portno = strtol(p + 2, &e, 10);
-		if (e && *e) {
+		if (e && *e && *e != '/') {
 			if (get_err) {
 				*err = strpprintf(0, "Failed to parse address \"%s\"", str);
 			}
@@ -600,7 +600,7 @@ static inline char *parse_ip_address_ex(const char *str, size_t str_len, int *po
 	if (colon) {
 		char *e = NULL;
 		*portno = strtol(colon + 1, &e, 10);
-		if (!e || !*e) {
+		if (!e || !*e || *e == '/') {
 			return estrndup(str, colon - str);
 		}
 	}