Project

General

Profile

Actions

Bug #12000

closed

Remote log server input validation allows invalid values

Added by Steve Wheeler over 3 years ago. Updated about 3 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
Viktor Gurov
Category:
Logging
Target version:
Start date:
06/06/2021
Due date:
% Done:

100%

Estimated time:
Plus Target Version:
22.01
Release Notes:
Default
Affected Version:
All
Affected Architecture:
All

Description

When configuring remote syslog servers in status_logs_settings.php each server is entered as IP[:port]. Port 514 is assumed if no port in entered.

However the page will allow you to enter a range on invalid values there such as:

5140
514:5140
192.168.1.105140

All result in invalid syslog configs.
Some are interpreted as IP addresses resulting in sending syslog data to an unintended target. For example 514 is seen as 0.0.2.2.

Tested 21.05 and 2.5.2.b.20210604.0300


Related issues

Related to Regression #12245: Input validation error in system.phpResolvedViktor Gurov

Actions
Actions #1

Updated by Viktor Gurov over 3 years ago

OS interprets numeric-only value as decimal IP address:

[2.6.0-DEVELOPMENT][root@pf41.localdomain]/root: ping 10
PING 10 (0.0.0.10): 56 data bytes
[2.6.0-DEVELOPMENT][root@pf41.localdomain]/root: ping 255
PING 255 (0.0.0.255): 56 data bytes
[2.6.0-DEVELOPMENT][root@pf41.localdomain]/root: ping 256
PING 256 (0.0.1.0): 56 data bytes

`is_hostname()` improvement:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/275

Actions #2

Updated by Jim Pingle over 3 years ago

  • Status changed from New to Pull Request Review
Actions #3

Updated by Renato Botelho over 3 years ago

  • Status changed from Pull Request Review to Feedback
  • Assignee set to Viktor Gurov

PR has been merged. Thanks!

Actions #4

Updated by Viktor Gurov over 3 years ago

  • % Done changed from 0 to 100
Actions #5

Updated by Danilo Zrenjanin over 3 years ago

Tested on the:

2.6.0-DEVELOPMENT (amd64)
built on Mon Jul 26 14:27:42 EDT 2021
FreeBSD 12.2-STABLE

The validation check works only in the first input filed. If you insert a valid value in the first field and an invalid in the second and third, it will accept the settings.

Please check.

Actions #6

Updated by Danilo Zrenjanin over 3 years ago

  • Status changed from Feedback to Resolved

It works fine. It considered my entry as FQDN (192.168.33.33333) and passed the validity check.

The ticket can be resolved.

Actions #7

Updated by Jim Pingle over 3 years ago

Actions #8

Updated by Viktor Gurov over 3 years ago

  • Status changed from Resolved to Feedback

re-test required after #12245

Actions #9

Updated by Danilo Zrenjanin over 3 years ago

  • Status changed from Feedback to Resolved

Re-tested on the:

2.6.0-DEVELOPMENT (amd64)
built on Sat Aug 21 01:10:46 EDT 2021
FreeBSD 12.2-STABLE

Works fine.

Ticket resolved.

Actions #10

Updated by Jim Pingle over 3 years ago

  • Subject changed from Remote syslog server input validation passes invalid values to Remote log server input validation allows invalid values
  • Category changed from Web Interface to Logging

Updating subject for release notes.

Actions #11

Updated by Jim Pingle about 3 years ago

  • Plus Target Version changed from 21.09 to 22.01
Actions

Also available in: Atom PDF