Project

General

Profile

Actions

Regression #12333

closed

DNS resolver using incorrect variable name when making ACL for OpenVPN IPv6 Tunnel Network

Added by Jim Pingle about 2 months ago. Updated about 1 month ago.

Status:
Resolved
Priority:
High
Assignee:
Category:
DNS Resolver
Target version:
Start date:
Due date:
% Done:

100%

Estimated time:
Plus Target Version:
21.09
Release Notes:
Force Exclusion
Affected Version:
Affected Architecture:

Description

When creating the automatic list of access-control.conf entries for the DNS Resolver, the block of code which processes OpenVPN IPv6 tunnel networks is using an incorrect variable.

source:src/etc/inc/unbound.inc#L942 is currently this:

                        $aclnets[] = implode('/', openvpn_gen_tunnel_network($settings['tunnel_networkv6']));

When it should be this:

                        $aclnets[] = implode('/', openvpn_gen_tunnel_network($ovpnent['tunnel_networkv6']));

The incorrect variable results in an empty entry in the array. Then later on when the actual list of entries is formed, the empty entry is used which results in an invalid directive for the DNS Resolver.

In addition to correcting the main problem, we should also add a safety belt check at that step to avoid breaking the configuration in this way.

To me, fix already in progress.

Actions #1

Updated by Jim Pingle about 2 months ago

  • Status changed from New to Feedback
  • % Done changed from 0 to 100
Actions #2

Updated by Jim Pingle about 2 months ago

  • Tracker changed from Bug to Regression
  • Release Notes changed from Default to Force Exclusion

This was apparently a recent regression from changes made in #2668. Excluding from release notes since it was not a problem in a release.

Actions #3

Updated by Jim Pingle about 1 month ago

  • Status changed from Feedback to Resolved

Working correctly on current snapshots. I hit this on ~5 VMs when it was broken but all are OK on today's snapshot.

Actions

Also available in: Atom PDF