From 2406acfeb347da3d4957627cdb70e2583c03aee7 Mon Sep 17 00:00:00 2001
From: Vincent Sanders <vince@kyllikki.org>
Date: Mon, 13 Mar 2017 23:44:06 +0000
Subject: fix urldb numerical v6 address handling

---
 content/urldb.c | 16 ++++++++++++----
 1 file changed, 12 insertions(+), 4 deletions(-)

(limited to 'content/urldb.c')

diff --git a/content/urldb.c b/content/urldb.c
index f386aa941..d702e581b 100644
--- a/content/urldb.c
+++ b/content/urldb.c
@@ -634,6 +634,7 @@ static bool urldb__host_is_ip_address(const char *host)
 #ifndef NO_IPV6
 	struct in6_addr ipv6;
 	char ipv6_addr[64];
+	unsigned int ipv6_addr_len;
 #endif
 	/**
 	 * @todo FIXME Some parts of urldb.c make confusions between hosts
@@ -660,7 +661,7 @@ static bool urldb__host_is_ip_address(const char *host)
 		char *c = strdup(host);
 		c[slash - host] = '\0';
 		sane_host = c;
-		host_len = slash - host - 1;
+		host_len = slash - host;
 		LOG("WARNING: called with non-host '%s'", host);
 	}
 
@@ -688,11 +689,18 @@ static bool urldb__host_is_ip_address(const char *host)
 	}
 
 #ifndef NO_IPV6
-	if (sane_host[0] != '[' || sane_host[host_len] != ']')
+	if ((host_len < 6) ||
+	    (sane_host[0] != '[') ||
+	    (sane_host[host_len - 1] != ']')) {
 		goto out_false;
+	}
 
-	strncpy(ipv6_addr, sane_host + 1, sizeof(ipv6_addr));
-	ipv6_addr[sizeof(ipv6_addr) - 1] = '\0';
+	ipv6_addr_len = host_len - 2;
+	if (ipv6_addr_len > sizeof(ipv6_addr)) {
+		ipv6_addr_len = sizeof(ipv6_addr);
+	}
+	strncpy(ipv6_addr, sane_host + 1, ipv6_addr_len);
+	ipv6_addr[ipv6_addr_len] = '\0';
 
 	if (inet_pton(AF_INET6, ipv6_addr, &ipv6) == 1)
 		goto out_true;
-- 
cgit v1.2.3