Project

General

Profile

Actions

Regression #12333

closed

DNS resolver using incorrect variable name when making ACL for OpenVPN IPv6 Tunnel Network

Added by Jim Pingle over 3 years ago. Updated about 3 years ago.

Status:
Resolved
Priority:
High
Assignee:
Category:
DNS Resolver
Target version:
Start date:
Due date:
% Done:

100%

Estimated time:
Plus Target Version:
22.01
Release Notes:
Force Exclusion
Affected Version:
Affected Architecture:

Description

When creating the automatic list of access-control.conf entries for the DNS Resolver, the block of code which processes OpenVPN IPv6 tunnel networks is using an incorrect variable.

source:src/etc/inc/unbound.inc#L942 is currently this:

                        $aclnets[] = implode('/', openvpn_gen_tunnel_network($settings['tunnel_networkv6']));

When it should be this:

                        $aclnets[] = implode('/', openvpn_gen_tunnel_network($ovpnent['tunnel_networkv6']));

The incorrect variable results in an empty entry in the array. Then later on when the actual list of entries is formed, the empty entry is used which results in an invalid directive for the DNS Resolver.

In addition to correcting the main problem, we should also add a safety belt check at that step to avoid breaking the configuration in this way.

To me, fix already in progress.

Actions

Also available in: Atom PDF