Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
Correctly handle IPv4 route specified as either 10.1.2.0/255.255.255.…
…0 or 10.1.2.0/24

The existing process_split_xxclude() only handles IPv4 routes
formatted as "10.1.2.0/255.255.255.0", not those formatted as
"10.1.2.0/24".

It's possible to unambiguously distinguish the two and handle the
latter case correctly, because no IPv4 netmask address can possibly
have a decimal integer value <= 32.

Signed-off-by: Daniel Lenski <dlenski@gmail.com>
Signed-off-by: David Woodhouse <dwmw2@infradead.org>
  • Loading branch information
dlenski authored and dwmw2 committed Dec 13, 2016
1 parent 75d3bd9 commit 881eb28
Showing 1 changed file with 17 additions and 4 deletions.
21 changes: 17 additions & 4 deletions script.c
Expand Up @@ -79,14 +79,20 @@ static int netmasklen(struct in_addr addr)
return 32 - masklen;
}

static uint32_t netmaskbits(int masklen)
{
return htonl((0xffffffff << (32-masklen)));
}

static int process_split_xxclude(struct openconnect_info *vpninfo,
int include, const char *route, int *v4_incs,
int *v6_incs)
{
struct in_addr addr;
const char *in_ex = include ? "IN" : "EX";
char envname[80];
char *slash;
char *slash, *endp;
int masklen;

slash = strchr(route, '/');
if (!slash) {
Expand Down Expand Up @@ -129,14 +135,21 @@ static int process_split_xxclude(struct openconnect_info *vpninfo,
/* Put it back how we found it */
*slash = '/';

if (!inet_aton(slash+1, &addr))
if ((masklen = strtol(slash+1, &endp, 10))<=32 && *endp!='.') {
/* mask is /N */
addr.s_addr = netmaskbits(masklen);
} else if (inet_aton(slash+1, &addr)) {
/* mask is /A.B.C.D */
masklen = netmasklen(addr);
} else {
goto badinc;
}

snprintf(envname, 79, "CISCO_SPLIT_%sC_%d_MASK", in_ex, *v4_incs);
script_setenv(vpninfo, envname, slash+1, 0);
script_setenv(vpninfo, envname, inet_ntoa(addr), 0);

snprintf(envname, 79, "CISCO_SPLIT_%sC_%d_MASKLEN", in_ex, *v4_incs);
script_setenv_int(vpninfo, envname, netmasklen(addr));
script_setenv_int(vpninfo, envname, masklen);

(*v4_incs)++;
return 0;
Expand Down

0 comments on commit 881eb28

Please sign in to comment.