[PATCH 2/2] Stop vcc_acl_try_netnotation() from trying to add a fifth octet to the parsed address.

[Martin Blix Grydeland]

Fixes: #1126
---
 bin/varnishtest/tests/r01126.vtc |   13 +++++++++++++
 lib/libvcl/vcc_acl.c             |    2 ++
 2 files changed, 15 insertions(+), 0 deletions(-)
 create mode 100644 bin/varnishtest/tests/r01126.vtc

diff --git a/bin/varnishtest/tests/r01126.vtc b/bin/varnishtest/tests/r01126.vtc
new file mode 100644
index 0000000..4f84bd3
--- /dev/null
+++ b/bin/varnishtest/tests/r01126.vtc
@@ -0,0 +1,13 @@
+varnishtest "#1126 - ACL with five octets causes VCL compiler to segfault"
+
+varnish v1 -badvcl {
+	backend b { .host = "127.0.0.1"; }
+	acl a {	"127.0.0.0.1"; }
+	sub vcl_recv { if (client.ip ~ a) { return (pass); } }
+}
+
+varnish v1 -badvcl {
+	backend b { .host = "127.0.0.1"; }
+	acl a {	"127.0.0.0."; }
+	sub vcl_recv { if (client.ip ~ a) { return (pass); } }
+}
diff --git a/lib/libvcl/vcc_acl.c b/lib/libvcl/vcc_acl.c
index e6a1065..541b91d 100644
--- a/lib/libvcl/vcc_acl.c
+++ b/lib/libvcl/vcc_acl.c
@@ -263,6 +263,8 @@ vcc_acl_try_netnotation(struct vcc *tl, struct acl_e *ae)
 			return (0);
 		p += k + 1;
 	}
+	if (i > 3)
+		return (0);
 	if (ae->t_mask == NULL)
 		ae->mask = 8 + 8 * i;
 	vcc_acl_add_entry(tl, ae, 4, b, AF_INET);
-- 
1.7.4.1