Bug #11850
closed
NTP authentication input validation rejects valid keys
0%
Description
I run into issues with the "Enable NTPv3 authentication (RFC 1305)" and more precisely whit entering a valit SHA-1 key.
According to "https://github.com/pfsense/pfsense/blob/master/src/usr/local/www/*services_ntpd.php*" following condition is coded:
elseif (($pconfig['serverauthalgo'] == 'sha1') && ((strlen(base64_decode($pconfig['serverauthkey'])) != 40) ||
!ctype_xdigit($pconfig['serverauthkey']))) {
$input_errors[] = gettext("The supplied value for NTP Authentication key for SHA1 digest must be hex-encoded string of 40 characters.");Thus as soon as either (strlen(base64_decode($pconfig['serverauthkey'])) != 40) OR !ctype_xdigit($pconfig['serverauthkey']) the key is not accepted by pfSense. Obviously a base64 decoded 40 character long hex string will fail such check. And in case it would be base64 encoded string it would fail the !ctype_xdigit($pconfig['serverauthkey']) check. Thus it seems difficult to enter any valid key (?)
Assuming my key is:
$ echo '*094c533b614d9e4bcb6e18a97a7b0e4d459025bd*' | base64
MDk0YzUzM2I2MTRkOWU0YmNiNmUxOGE5N2E3YjBlNGQ0NTkwMjViZAo=
and other try:
$ echo '094c533b614d9e4bcb6e18a97a7b0e4d459025bd' | base64 --decode
���}��^��q���ƽ�������tۖ�
So what ever I insert - it ends up in:
The following input errors were detected:
The supplied value for NTP Authentication key for SHA1 digest must be hex-encoded string of 40 characters.
Updated by Viktor Gurov 
Updated by 
Updated by 
Updated by