From 30e25df137e1cb2ce9eacbd943d8d42e963f72fb Mon Sep 17 00:00:00 2001
From: Daniel Lenski <dlenski@gmail.com>
Date: Tue, 27 Feb 2018 12:11:16 +0200
Subject: [PATCH] fix a bug leading to incorrect split-include netmasks

This bug was my fault. Introduced in 881eb286499baf78afbaeff4dbc5f055d23f1e4f on 15 Oct 2016 ("Correctly handle IPv4 route specified as either 10.1.2.0/255.255.255.0 or 10.1.2.0/24")

Left shift of >=32 bits is undefined on x86 (https://stackoverflow.com/a/7471843/20789), and it was causing split-includes of 0.0.0.0/0 to output inconsistent values to
the vpnc-script variables for split-includes:

	CISCO_SPLIT_INC_12_MASKLEN=0
	CISCO_SPLIT_INC_12_ADDR=0.0.0.0
	CISCO_SPLIT_INC_12_MASK=255.255.255.255   # generated by netmaskbits() in script.c -- WRONG!

Caught due to an assertion failing in vpn-slice: https://github.com/dlenski/vpn-slice/issues/9

Signed-off-by: Daniel Lenski <dlenski@gmail.com>
Signed-off-by: David Woodhouse <dwmw2@infradead.org>
---
 script.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/script.c b/script.c
index 4a78e67d..5b751ad5 100644
--- a/script.c
+++ b/script.c
@@ -81,7 +81,10 @@ static int netmasklen(struct in_addr addr)
 
 static uint32_t netmaskbits(int masklen)
 {
-	return htonl((0xffffffff << (32-masklen)));
+	if (masklen)
+		return htonl(0xffffffff << (32-masklen));
+	else /* Shifting by 32 is invalid, so special-case it */
+		return 0;
 }
 
 static int process_split_xxclude(struct openconnect_info *vpninfo,
-- 
2.49.0