Bug #13925
closed
Suricata 6.0.8_7 - PHP Fatal Errror on IP Rep Tab
Added by Steve Wilson almost 2 years ago.
Updated almost 2 years ago.
Affected Plus Version:
23.01
Description
Clicking on the IP Rep tab when editing an existing interface throws a PHP error.
Steps to reproduce:
1. Navigate to Services -> Suricata -> Interfaces
2. Select any interface to edit
3. Click on interface IP Rep tab
4. Error message shown at bottom of window under 'Assign IP Reputation Lists' header
Crash report is as follows:
23.01-RC (amd64)
built on Thu Feb 02 00:24:04 UTC 2023
FreeBSD 14.0-CURRENT
Crash report begins. Anonymous machine information:
amd64
14.0-CURRENT
FreeBSD 14.0-CURRENT #0 plus-RELENG_23_01-n256014-9cf2a68c5e5: Thu Feb 2 00:48:35 UTC 2023 root@freebsd:/var/jenkins/workspace/pfSense-Plus-snapshots-23_01-main/obj/amd64/QBZFWAp1/var/jenkins/workspace/pfSense-Plus-snapshots-23_01-main/sources/FreeBS
Crash report details:
PHP Errors:
[02-Feb-2023 14:51:25 America/Los_Angeles] PHP Fatal error: Uncaught TypeError: Cannot access offset of type string on string in /usr/local/www/suricata/suricata_ip_reputation.php:303
Stack trace:
#0 {main}
thrown in /usr/local/www/suricata/suricata_ip_reputation.php on line 303
No FreeBSD crash data found.
- Status changed from New to Confirmed
- Assignee set to Christopher Cope
I'm able to reproduce this on
23.01-RC (amd64)
built on Thu Feb 02 16:49:15 UTC 2023
FreeBSD 14.0-CURRENT
It happens when <iplist_files> is defined in the config, but empty.
- Status changed from Confirmed to Pull Request Review
I have taken responsibility for correcting this issue in the Suricata GUI package. I have a PR ready for submission shortly after pfSense Plus 23.01 goes to RELEASE status that corrects this and a few other recently identified Suricata issues.
Will update this ticket when the correcting pull request is posted and ready for merging.
Here's the diff submitted previously FWIW:
diff --git a/security/pfSense-pkg-suricata/Makefile b/security/pfSense-pkg-suricata/Makefile
index 1660698811ce42954ffc80d17ad5b8fcacb3a9c4..379c8604c7c0b508c571457888ae0de27f97b327 100644
--- a/security/pfSense-pkg-suricata/Makefile
+++ b/security/pfSense-pkg-suricata/Makefile
@@ -2,7 +2,7 @@
PORTNAME= pfSense-pkg-suricata
PORTVERSION= 6.0.8
-PORTREVISION= 8
+PORTREVISION= 9
CATEGORIES= security
MASTER_SITES= # empty
DISTFILES= # empty
diff --git a/security/pfSense-pkg-suricata/files/usr/local/www/suricata/suricata_ip_reputation.php b/security/pfSense-pkg-suricata/files/usr/local/www/suricata/suricata_ip_reputation.php
index 764241eb7b4834a824c80aac734d62fe557c323f..1d4b9582fb3e6ece992ea30ebe9f1c2db689a1b1 100644
--- a/security/pfSense-pkg-suricata/files/usr/local/www/suricata/suricata_ip_reputation.php
+++ b/security/pfSense-pkg-suricata/files/usr/local/www/suricata/suricata_ip_reputation.php
@@ -81,6 +81,10 @@ if ($_POST['mode'] == 'iplist_add' && isset($_POST['iplist'])) {
}
}
if (!$input_errors) {
+ if (!is_array($a_nat['iplist_files'])){
+ $a_nat['iplist_files'] = array( "item" => array() );
+ }
+
$a_nat['iplist_files']['item'][] = basename($_POST['iplist']);
config_set_path("installedpackages/suricata/rule/{$id}", $a_nat);
write_config("Suricata pkg: added new whitelist file for IP REPUTATION preprocessor.");
@@ -300,7 +304,7 @@ print($form);
</thead>
<tbody>
<?php
- if (is_array($pconfig['iplist_files']['item'])) :
+ if (is_array($pconfig['iplist_files']) && is_array($pconfig['iplist_files']['item'])) :
foreach($pconfig['iplist_files']['item'] as $k => $f) :
if (!file_exists("{$iprep_path}{$f}")) {
$filedate = gettext("Unknown -- file missing");
Thanks Marcos. I have already created the necessary fix and posted the commit to my personal FreeBSD-ports repo. I will create and post a Pull Request against the DEVEL branch of FreeBSD-ports in pfSense as soon as 23.01 exits RC status and goes RELEASE.
I have a few other GUI code changes included in the upcoming release of Suricata-6.0.10 for pfSense.
- Status changed from Pull Request Review to Resolved
PR merged. Will be in builds soon.
Also available in: Atom
PDF
Updated by 
Updated by 
Updated by 
Updated by