Correctly handle IPv4 route specified as either 10.1.2.0/255.255.255.0 or 10.1.2...

The existing process_split_xxclude() only handles IPv4 routes
formatted as "10.1.2.0/255.255.255.0", not those formatted as
"10.1.2.0/24".

It's possible to unambiguously distinguish the two and handle the
latter case correctly, because no IPv4 netmask address can possibly
have a decimal integer value <= 32.

Signed-off-by: Daniel Lenski <dlenski@gmail.com>
Signed-off-by: David Woodhouse <dwmw2@infradead.org>

diff --git a/script.c b/script.c
index 8300f012a5e9dfcc61a747ba4d99b7c460d5c573..4a78e67d81bf2e37fe187b5c2bfe2d69674b6ee3 100644 (file)
--- a/script.c
+++ b/script.c
@@ -79,6 +79,11 @@ static int netmasklen(struct in_addr addr)
        return 32 - masklen;
 }
 
+static uint32_t netmaskbits(int masklen)
+{
+       return htonl((0xffffffff << (32-masklen)));
+}
+
 static int process_split_xxclude(struct openconnect_info *vpninfo,
                                 int include, const char *route, int *v4_incs,
                                 int *v6_incs)
@@ -86,7 +91,8 @@ static int process_split_xxclude(struct openconnect_info *vpninfo,
        struct in_addr addr;
        const char *in_ex = include ? "IN" : "EX";
        char envname[80];
-       char *slash;
+       char *slash, *endp;
+       int masklen;
 
        slash = strchr(route, '/');
        if (!slash) {
@@ -129,14 +135,21 @@ static int process_split_xxclude(struct openconnect_info *vpninfo,
        /* Put it back how we found it */
        *slash = '/';
 
-       if (!inet_aton(slash+1, &addr))
+       if ((masklen = strtol(slash+1, &endp, 10))<=32 && *endp!='.') {
+               /* mask is /N */
+               addr.s_addr = netmaskbits(masklen);
+       } else if (inet_aton(slash+1, &addr)) {
+               /* mask is /A.B.C.D */
+               masklen = netmasklen(addr);
+       } else {
                goto badinc;
+       }
 
        snprintf(envname, 79, "CISCO_SPLIT_%sC_%d_MASK", in_ex, *v4_incs);
-       script_setenv(vpninfo, envname, slash+1, 0);
+       script_setenv(vpninfo, envname, inet_ntoa(addr), 0);
 
        snprintf(envname, 79, "CISCO_SPLIT_%sC_%d_MASKLEN", in_ex, *v4_incs);
-       script_setenv_int(vpninfo, envname, netmasklen(addr));
+       script_setenv_int(vpninfo, envname, masklen);
 
        (*v4_incs)++;
        return 0;