inet_pton: fix buggy condition

The flawed condition made us accept invalid IPv6 addresses and in some cases lead to a buffer underread. Signed-off-by: Janos Follath <janos.follath@arm.com>
2026-04-28 06:24:28 +02:00 · 2026-01-20 18:46:52 +00:00
parent 763a0cfd15
commit 4595bb47d2
1 changed files with 6 additions and 2 deletions
--- a/library/x509_crt.c
+++ b/library/x509_crt.c
@@ -2748,8 +2748,12 @@ static int x509_inet_pton_ipv6(const char *src, void *dst)
            if (*p == '\0') {
                break;
            } else if (*p == '.') {
-                /* Don't accept IPv4 too early or late */
-                if ((nonzero_groups == 0 && zero_group_start == -1) ||
+                /* Don't accept IPv4 too early or late:
+                 * - The first 6 nonzero groups must be 16 bit pieces of address delimited by ':'
+                 * - This might be fully or partially represented with compressed syntax (a zero
+                 *   group "::")
+                 */
+                if ((nonzero_groups < 6 && zero_group_start == -1) ||
                    nonzero_groups >= 7) {
                    break;
                }