Bug #13925


Suricata 6.0.8_7 - PHP Fatal Errror on IP Rep Tab

Added by Steve Wilson about 1 year ago. Updated about 1 year ago.

Target version:
Start date:
Due date:
% Done:


Estimated time:
Plus Target Version:
Affected Version:
Affected Plus Version:
Affected Architecture:


Clicking on the IP Rep tab when editing an existing interface throws a PHP error.

Steps to reproduce:

1. Navigate to Services -> Suricata -> Interfaces
2. Select any interface to edit
3. Click on interface IP Rep tab
4. Error message shown at bottom of window under 'Assign IP Reputation Lists' header

Crash report is as follows:

23.01-RC (amd64)
built on Thu Feb 02 00:24:04 UTC 2023

Crash report begins. Anonymous machine information:

FreeBSD 14.0-CURRENT #0 plus-RELENG_23_01-n256014-9cf2a68c5e5: Thu Feb 2 00:48:35 UTC 2023 root@freebsd:/var/jenkins/workspace/pfSense-Plus-snapshots-23_01-main/obj/amd64/QBZFWAp1/var/jenkins/workspace/pfSense-Plus-snapshots-23_01-main/sources/FreeBS

Crash report details:

PHP Errors:
[02-Feb-2023 14:51:25 America/Los_Angeles] PHP Fatal error: Uncaught TypeError: Cannot access offset of type string on string in /usr/local/www/suricata/suricata_ip_reputation.php:303
Stack trace:
#0 {main}
thrown in /usr/local/www/suricata/suricata_ip_reputation.php on line 303

No FreeBSD crash data found.

Actions #1

Updated by Christopher Cope about 1 year ago

  • Status changed from New to Confirmed
  • Assignee set to Christopher Cope

I'm able to reproduce this on

23.01-RC (amd64)
built on Thu Feb 02 16:49:15 UTC 2023

It happens when <iplist_files> is defined in the config, but empty.

Actions #2

Updated by Christopher Cope about 1 year ago

  • Status changed from Confirmed to Pull Request Review
Actions #3

Updated by Bill Meeks about 1 year ago

I have taken responsibility for correcting this issue in the Suricata GUI package. I have a PR ready for submission shortly after pfSense Plus 23.01 goes to RELEASE status that corrects this and a few other recently identified Suricata issues.

Will update this ticket when the correcting pull request is posted and ready for merging.

Actions #4

Updated by Marcos M about 1 year ago

Here's the diff submitted previously FWIW:

diff --git a/security/pfSense-pkg-suricata/Makefile b/security/pfSense-pkg-suricata/Makefile
index 1660698811ce42954ffc80d17ad5b8fcacb3a9c4..379c8604c7c0b508c571457888ae0de27f97b327 100644
--- a/security/pfSense-pkg-suricata/Makefile
+++ b/security/pfSense-pkg-suricata/Makefile
@@ -2,7 +2,7 @@

 PORTNAME=    pfSense-pkg-suricata
 PORTVERSION=    6.0.8
 CATEGORIES=    security
 MASTER_SITES=    # empty
 DISTFILES=    # empty
diff --git a/security/pfSense-pkg-suricata/files/usr/local/www/suricata/suricata_ip_reputation.php b/security/pfSense-pkg-suricata/files/usr/local/www/suricata/suricata_ip_reputation.php
index 764241eb7b4834a824c80aac734d62fe557c323f..1d4b9582fb3e6ece992ea30ebe9f1c2db689a1b1 100644
--- a/security/pfSense-pkg-suricata/files/usr/local/www/suricata/suricata_ip_reputation.php
+++ b/security/pfSense-pkg-suricata/files/usr/local/www/suricata/suricata_ip_reputation.php
@@ -81,6 +81,10 @@ if ($_POST['mode'] == 'iplist_add' && isset($_POST['iplist'])) {
         if (!$input_errors) {
+            if (!is_array($a_nat['iplist_files'])){
+                $a_nat['iplist_files'] = array( "item" => array() );
+            }
             $a_nat['iplist_files']['item'][] = basename($_POST['iplist']);
             config_set_path("installedpackages/suricata/rule/{$id}", $a_nat);
             write_config("Suricata pkg: added new whitelist file for IP REPUTATION preprocessor.");
@@ -300,7 +304,7 @@ print($form);
-                if (is_array($pconfig['iplist_files']['item'])) :
+                if (is_array($pconfig['iplist_files']) && is_array($pconfig['iplist_files']['item'])) :
                     foreach($pconfig['iplist_files']['item'] as $k => $f) :
                         if (!file_exists("{$iprep_path}{$f}")) {
                             $filedate = gettext("Unknown -- file missing");

Actions #5

Updated by Bill Meeks about 1 year ago

Thanks Marcos. I have already created the necessary fix and posted the commit to my personal FreeBSD-ports repo. I will create and post a Pull Request against the DEVEL branch of FreeBSD-ports in pfSense as soon as 23.01 exits RC status and goes RELEASE.

I have a few other GUI code changes included in the upcoming release of Suricata-6.0.10 for pfSense.

Actions #6

Updated by Bill Meeks about 1 year ago

The pull request containing this fix has been posted for review and merge. The pull request can be viewed here:

Once the request is merged, this issue can be marked "resolved".

Actions #7

Updated by Jim Pingle about 1 year ago

  • Status changed from Pull Request Review to Resolved

PR merged. Will be in builds soon.


Also available in: Atom PDF