Bug #12000
closed
Remote log server input validation allows invalid values
Added by Steve Wheeler over 3 years ago.
Updated about 3 years ago.
Plus Target Version:
22.01
Affected Architecture:
All
Description
When configuring remote syslog servers in status_logs_settings.php each server is entered as IP[:port]. Port 514 is assumed if no port in entered.
However the page will allow you to enter a range on invalid values there such as:
5140
514:5140
192.168.1.105140
All result in invalid syslog configs.
Some are interpreted as IP addresses resulting in sending syslog data to an unintended target. For example 514 is seen as 0.0.2.2.
Tested 21.05 and 2.5.2.b.20210604.0300
OS interprets numeric-only value as decimal IP address:
[2.6.0-DEVELOPMENT][root@pf41.localdomain]/root: ping 10
PING 10 (0.0.0.10): 56 data bytes
[2.6.0-DEVELOPMENT][root@pf41.localdomain]/root: ping 255
PING 255 (0.0.0.255): 56 data bytes
[2.6.0-DEVELOPMENT][root@pf41.localdomain]/root: ping 256
PING 256 (0.0.1.0): 56 data bytes
`is_hostname()` improvement:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/275
- Status changed from New to Pull Request Review
- Status changed from Pull Request Review to Feedback
- Assignee set to Viktor Gurov
PR has been merged. Thanks!
- % Done changed from 0 to 100
Tested on the:
2.6.0-DEVELOPMENT (amd64)
built on Mon Jul 26 14:27:42 EDT 2021
FreeBSD 12.2-STABLE
The validation check works only in the first input filed. If you insert a valid value in the first field and an invalid in the second and third, it will accept the settings.
Please check.
- Status changed from Feedback to Resolved
It works fine. It considered my entry as FQDN (192.168.33.33333) and passed the validity check.
The ticket can be resolved.
- Status changed from Resolved to Feedback
- Status changed from Feedback to Resolved
Re-tested on the:
2.6.0-DEVELOPMENT (amd64)
built on Sat Aug 21 01:10:46 EDT 2021
FreeBSD 12.2-STABLE
Works fine.
Ticket resolved.
- Subject changed from Remote syslog server input validation passes invalid values to Remote log server input validation allows invalid values
- Category changed from Web Interface to Logging
Updating subject for release notes.
- Plus Target Version changed from 21.09 to 22.01
Also available in: Atom
PDF
Updated by Viktor Gurov 
Updated by 
Updated by 
Updated by