From 64f0c03d660f1d17834f7ff7ce9d0151704bb32f Mon Sep 17 00:00:00 2001
From: Daniel Loxtermann <daniel.loxtermann@greenbone.net>
Date: Mon, 19 Feb 2024 17:59:47 -0800
Subject: [PATCH] Fix GlobalProtect config-parsing bug that misidentified IPv6
 split-include routes as split-exclude

As reported on the mailing list at
https://lists.infradead.org/pipermail/openconnect-devel/2024-January/005386.html,
the relevant code wasn't handling the IPv6 case correctly.

Signed-off-by: Daniel Lenski <dlenski@gmail.com>
---
 gpst.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/gpst.c b/gpst.c
index ddaef6c4..32d0810d 100644
--- a/gpst.c
+++ b/gpst.c
@@ -524,12 +524,13 @@ static int gpst_parse_config_xml(struct openconnect_info *vpninfo, xmlNode *xml_
 			   xmlnode_is_named(xml_node, "access-routes") || xmlnode_is_named(xml_node, "exclude-access-routes")) {
 			for (member = xml_node->children; member; member=member->next) {
 				if (!xmlnode_get_val(member, "member", &s)) {
+					int is_exclude = (xml_node->name[0] == 'e');
 					struct oc_split_include *inc = malloc(sizeof(*inc));
 					if (!inc) {
 						ret = -ENOMEM;
 						goto err;
 					}
-					if (xmlnode_is_named(xml_node, "access-routes")) {
+					if (!is_exclude) {
 						inc->route = add_option_steal(&new_opts, "split-include", &s);
 						inc->next = new_ip_info.split_includes;
 						new_ip_info.split_includes = inc;
-- 
2.50.1