From 66be8c6608edd5d79d24581749e4621df465610d Mon Sep 17 00:00:00 2001
From: Valentin Bartenev <vbart@nginx.com>
Date: Wed, 11 May 2016 17:55:20 +0300
Subject: [PATCH] Core: fixed port handling in ngx_parse_inet6_url().

This fixes buffer over-read when no port is specified in cases
similar to 5df5d7d771f6, and catches missing port separator.
---
 src/core/ngx_inet.c | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/src/core/ngx_inet.c b/src/core/ngx_inet.c
index 33b303dd0..d5b7cf96a 100644
--- a/src/core/ngx_inet.c
+++ b/src/core/ngx_inet.c
@@ -861,7 +861,12 @@ ngx_parse_inet6_url(ngx_pool_t *pool, ngx_url_t *u)
             last = uri;
         }
 
-        if (*port == ':') {
+        if (port < last) {
+            if (*port != ':') {
+                u->err = "invalid host";
+                return NGX_ERROR;
+            }
+
             port++;
 
             len = last - port;