martin at varnish-software
Apr 12, 2012, 4:42 AM
Post #1 of 1
(133 views)
Permalink
|
|
[PATCH 2/2] Stop vcc_acl_try_netnotation() from trying to add a fifth octet to the parsed address.
|
|
Fixes: #1126
---
bin/varnishtest/tests/r01126.vtc | 13 +++++++++++++
lib/libvcl/vcc_acl.c | 2 ++
2 files changed, 15 insertions(+), 0 deletions(-)
create mode 100644 bin/varnishtest/tests/r01126.vtc
diff --git a/bin/varnishtest/tests/r01126.vtc b/bin/varnishtest/tests/r01126.vtc
new file mode 100644
index 0000000..4f84bd3
--- /dev/null
+++ b/bin/varnishtest/tests/r01126.vtc
@@ -0,0 +1,13 @@
+varnishtest "#1126 - ACL with five octets causes VCL compiler to segfault"
+
+varnish v1 -badvcl {
+ backend b { .host = "127.0.0.1"; }
+ acl a { "127.0.0.0.1"; }
+ sub vcl_recv { if (client.ip ~ a) { return (pass); } }
+}
+
+varnish v1 -badvcl {
+ backend b { .host = "127.0.0.1"; }
+ acl a { "127.0.0.0."; }
+ sub vcl_recv { if (client.ip ~ a) { return (pass); } }
+}
diff --git a/lib/libvcl/vcc_acl.c b/lib/libvcl/vcc_acl.c
index e6a1065..541b91d 100644
--- a/lib/libvcl/vcc_acl.c
+++ b/lib/libvcl/vcc_acl.c
@@ -263,6 +263,8 @@ vcc_acl_try_netnotation(struct vcc *tl, struct acl_e *ae)
return (0);
p += k + 1;
}
+ if (i > 3)
+ return (0);
if (ae->t_mask == NULL)
ae->mask = 8 + 8 * i;
vcc_acl_add_entry(tl, ae, 4, b, AF_INET);
--
1.7.4.1
_______________________________________________
varnish-dev mailing list
varnish-dev [at] varnish-cache
https://www.varnish-cache.org/lists/mailman/listinfo/varnish-dev
|
