[PATCH to fix my PATCH] fix a bug leading to incorrect split-include netmasks
Daniel Lenski
dlenski at gmail.com
Tue Feb 27 02:11:16 PST 2018
This bug was my fault. Introduced in 881eb286499baf78afbaeff4dbc5f055d23f1e4f on 15 Oct 2016 ("Correctly handle IPv4 route specified as either 10.1.2.0/255.255.255.0 or 10.1.2.0/24")
Left shift of >=32 bits is undefined on x86 (https://stackoverflow.com/a/7471843/20789), and it was causing split-includes of 0.0.0.0/0 to output inconsistent values to
the vpnc-script variables for split-includes:
CISCO_SPLIT_INC_12_MASKLEN=0
CISCO_SPLIT_INC_12_ADDR=0.0.0.0
CISCO_SPLIT_INC_12_MASK=255.255.255.255 # generated by netmaskbits() in script.c -- WRONG!
Caught due to an assertion failing in vpn-slice: https://github.com/dlenski/vpn-slice/issues/9
Signed-off-by: Daniel Lenski <dlenski at gmail.com>
---
script.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/script.c b/script.c
index 4a78e67..e0b92e5 100644
--- a/script.c
+++ b/script.c
@@ -81,7 +81,7 @@ static int netmasklen(struct in_addr addr)
static uint32_t netmaskbits(int masklen)
{
- return htonl((0xffffffff << (32-masklen)));
+ return htonl(masklen>0 ? (0xffffffff << (32-masklen)) : 0);
}
static int process_split_xxclude(struct openconnect_info *vpninfo,
--
2.7.4
More information about the openconnect-devel
mailing list