Fix GlobalProtect config-parsing bug that misidentified IPv6 split-include routes...

As reported on the mailing list at
https://lists.infradead.org/pipermail/openconnect-devel/2024-January/005386.html,
the relevant code wasn't handling the IPv6 case correctly.

Signed-off-by: Daniel Lenski <dlenski@gmail.com>

diff --git a/gpst.c b/gpst.c
index ddaef6c42af3f2051ae8058d7e25bf7468ca3b88..32d0810de0aafdcf498c6075d8bc0b3ecfd4c607 100644 (file)
--- a/gpst.c
+++ b/gpst.c
@@ -524,12 +524,13 @@ static int gpst_parse_config_xml(struct openconnect_info *vpninfo, xmlNode *xml_
                           xmlnode_is_named(xml_node, "access-routes") || xmlnode_is_named(xml_node, "exclude-access-routes")) {
                        for (member = xml_node->children; member; member=member->next) {
                                if (!xmlnode_get_val(member, "member", &s)) {
+                                       int is_exclude = (xml_node->name[0] == 'e');
                                        struct oc_split_include *inc = malloc(sizeof(*inc));
                                        if (!inc) {
                                                ret = -ENOMEM;
                                                goto err;
                                        }
-                                       if (xmlnode_is_named(xml_node, "access-routes")) {
+                                       if (!is_exclude) {
                                                inc->route = add_option_steal(&new_opts, "split-include", &s);
                                                inc->next = new_ip_info.split_includes;
                                                new_ip_info.split_includes = inc;