Project

General

Profile

Actions

Bug #12000

closed

Remote log server input validation allows invalid values

Added by Steve Wheeler 6 months ago. Updated about 1 month ago.

Status:
Resolved
Priority:
Normal
Assignee:
Category:
Logging
Target version:
Start date:
06/06/2021
Due date:
% Done:

100%

Estimated time:
Plus Target Version:
22.01
Release Notes:
Default
Affected Version:
All
Affected Architecture:
All

Description

When configuring remote syslog servers in status_logs_settings.php each server is entered as IP[:port]. Port 514 is assumed if no port in entered.

However the page will allow you to enter a range on invalid values there such as:

5140
514:5140
192.168.1.105140

All result in invalid syslog configs.
Some are interpreted as IP addresses resulting in sending syslog data to an unintended target. For example 514 is seen as 0.0.2.2.

Tested 21.05 and 2.5.2.b.20210604.0300


Related issues

Related to Regression #12245: Input validation error in system.phpResolvedViktor Gurov

Actions
Actions

Also available in: Atom PDF