Follow up patch regarding bug #74216, see bug #74429

While the case in bug #74429 is not documented and is only worky due to
an implementation bug, the strength seems to breach some real world
apps. Given this patch doesn't impact the initial security fix for
bug #74216, it is reasonable to let the apps keep working. As mentioned
in the ticket, this behavior is a subject to change in future versions
and should not be abused.

diff --git a/main/streams/xp_socket.c b/main/streams/xp_socket.c
index 3ff64787aa147968261ad03c2daf85920784be81..92be33326081d327e98f317b921ce968641be60d 100644 (file)
--- a/main/streams/xp_socket.c
+++ b/main/streams/xp_socket.c
@@ -581,7 +581,7 @@ static inline char *parse_ip_address_ex(const char *str, size_t str_len, int *po
                        return NULL;
                }
                *portno = strtol(p + 2, &e, 10);
-               if (e && *e) {
+               if (e && *e && *e != '/') {
                        if (get_err) {
                                *err = strpprintf(0, "Failed to parse address \"%s\"", str);
                        }
@@ -600,7 +600,7 @@ static inline char *parse_ip_address_ex(const char *str, size_t str_len, int *po
        if (colon) {
                char *e = NULL;
                *portno = strtol(colon + 1, &e, 10);
-               if (!e || !*e) {
+               if (!e || !*e || *e == '/') {
                        return estrndup(str, colon - str);
                }
        }