From 4595bb47d27c2aae522c54eca28605f270ab5f5a Mon Sep 17 00:00:00 2001
From: Janos Follath <janos.follath@arm.com>
Date: Tue, 20 Jan 2026 18:46:52 +0000
Subject: [PATCH] inet_pton: fix buggy condition

The flawed condition made us accept invalid IPv6 addresses and in some
cases lead to a buffer underread.

Signed-off-by: Janos Follath <janos.follath@arm.com>
---
 library/x509_crt.c | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/library/x509_crt.c b/library/x509_crt.c
index 53cdcf0266..ba87e67bcf 100644
--- a/library/x509_crt.c
+++ b/library/x509_crt.c
@@ -2748,8 +2748,12 @@ static int x509_inet_pton_ipv6(const char *src, void *dst)
             if (*p == '\0') {
                 break;
             } else if (*p == '.') {
-                /* Don't accept IPv4 too early or late */
-                if ((nonzero_groups == 0 && zero_group_start == -1) ||
+                /* Don't accept IPv4 too early or late:
+                 * - The first 6 nonzero groups must be 16 bit pieces of address delimited by ':'
+                 * - This might be fully or partially represented with compressed syntax (a zero
+                 *   group "::")
+                 */
+                if ((nonzero_groups < 6 && zero_group_start == -1) ||
                     nonzero_groups >= 7) {
                     break;
                 }