Project

General

Profile

Actions
Copy link

Bug #14256

closed

PHP Error performing IPv6 ``ip_in_subnet()`` when passing a host addresses within prefix

Added by Karel Fischl about 1 year ago. Updated about 1 year ago.

Status:
Resolved
Priority:
Normal
Assignee:
Jim Pingle
Category:
IPsec
Target version:
2.7.0
Start date:
Due date:
% Done:

100%

Estimated time:
Plus Target Version:
23.05
Release Notes:
Default
Affected Version:
2.7.x
Affected Architecture:
All

Description

I am getting this PHP error:

crash report begins.  Anonymous machine information:

amd64
14.0-CURRENT
FreeBSD 14.0-CURRENT #1 devel-main-n255838-bffe765d807: Fri Apr  7 06:33:33 UTC 2023     root@freebsd:/var/jenkins/workspace/pfSense-CE-snapshots-master-main/obj/amd64/EzNn0Ons/var/jenkins/workspace/pfSense-CE-snapshots-master-main/sources/FreeBSD-src-dev

Crash report details:

PHP Errors:
[09-Apr-2023 16:09:43 Europe/Prague] PHP Fatal error:  Uncaught ValueError: str_repeat(): Argument #2 ($times) must be greater than or equal to 0 in /usr/local/share/pear/Net/IPv6.php:684
Stack trace:
#0 /usr/local/share/pear/Net/IPv6.php(684): str_repeat(':0:', -1)
#1 /usr/local/share/pear/Net/IPv6.php(1157): Net_IPv6::uncompress('2001:db8:12:34:...')
#2 /usr/local/share/pear/Net/IPv6.php(450): Net_IPv6::_ip2Bin('2001:db8:12:34:...')
#3 /etc/inc/util.inc(1016): Net_IPv6::isInNetmask('2001:db8:98:76:...', '2001:db8:12:34:...')
#4 /etc/inc/filter.inc(4580): ip_in_subnet('2001:db8:98:76:...', '2001:db8:12:34:...')
#5 /etc/inc/filter.inc(4194): filter_generate_ipsec_rules(Array)
#6 /etc/inc/filter.inc(361): filter_rules_generate()
#7 /etc/rc.filter_configure_sync(32): filter_configure_sync()
#8 {main}
  thrown in /usr/local/share/pear/Net/IPv6.php on line 684
[09-Apr-2023 16:09:43 Europe/Prague] PHP Fatal error:  Uncaught ValueError: str_repeat(): Argument #2 ($times) must be greater than or equal to 0 in /usr/local/share/pear/Net/IPv6.php:684
Stack trace:
#0 /usr/local/share/pear/Net/IPv6.php(684): str_repeat(':0:', -1)
#1 /usr/local/share/pear/Net/IPv6.php(1157): Net_IPv6::uncompress('2001:db8:12:34:...')
#2 /usr/local/share/pear/Net/IPv6.php(450): Net_IPv6::_ip2Bin('2001:db8:12:34:...')
#3 /etc/inc/util.inc(1016): Net_IPv6::isInNetmask('2001:db8:98:76:...', '2001:db8:12:34:...')
#4 /etc/inc/filter.inc(4580): ip_in_subnet('2001:db8:98:76:...', '2001:db8:12:34:...')
#5 /etc/inc/filter.inc(4194): filter_generate_ipsec_rules(Array)
#6 /etc/inc/filter.inc(361): filter_rules_generate()
#7 /etc/rc.filter_configure_sync(32): filter_configure_sync()
#8 {main}
  thrown in /usr/local/share/pear/Net/IPv6.php on line 684

No FreeBSD crash data found.

It is simulated on fresh new stand alone instalation of 2.7.0 in VM. Important is to have one interface with IPv6 with :: and with mask larger then 128 (in my case 2001:db8:12:34::56/64)
Then create one ipsec tunnel IKE2 IPv4 over Ipv6 (so Ipv6 on gateways)

Then this PHP error is appearing.

My invesigation:

Added in /etc/rc.php_ini_setup
zend.exception_string_param_max_len=50

Then call stack look like:
[09-Apr-2023 16:17:19 Europe/Prague] PHP Fatal error: Uncaught ValueError: str_repeat(): Argument #2 ($times) must be greater than or equal to 0 in /usr/local/share/pear/Net/IPv6.php:684
Stack trace:
#0 /usr/local/share/pear/Net/IPv6.php(684): str_repeat(':0:', -1)
#1 /usr/local/share/pear/Net/IPv6.php(1157): Net_IPv6::uncompress('2001:db8:12:34::56:0:0:0:0')
#2 /usr/local/share/pear/Net/IPv6.php(450): Net_IPv6::_ip2Bin('2001:db8:12:34::56:0:0:0:0')
#3 /etc/inc/util.inc(1016): Net_IPv6::isInNetmask('2001:db8:98:76::54', '2001:db8:12:34::56:0:0:0:0')
#4 /etc/inc/filter.inc(4580): ip_in_subnet('2001:db8:98:76::54', '2001:db8:12:34::56/64')
#5 /etc/inc/filter.inc(4194): filter_generate_ipsec_rules(Array)
#6 /etc/inc/filter.inc(361): filter_rules_generate()
#7 /etc/rc.bootup(271): filter_configure_sync()

Problem is in Net_IPv6::isInNetmask

this function is somehow add :0 base on "/64" but it is done before uncompressing :: -> and then uncompress alg fail as there is too much : in address.

(this issue is valid for 2.6.0/2.7.0/23.01)

Workaround is to write Interface address without :: - eq 2001:db8:12:34:0:0:0:56/64

Files

config-pfSenseTest.test.rogito.cz-20230409162402.xml (14.4 KB) config-pfSenseTest.test.rogito.cz-20230409162402.xml used configuration Karel Fischl, 04/09/2023 09:26 AM
Actions
Copy link
 #1

Updated by Jim Pingle about 1 year ago

  • Subject changed from PHP Error with IPv6 IPSEC enabled to PHP Error performing IPv6 ``ip_in_subnet()`` when passing a host addresses within prefix
  • Assignee set to Jim Pingle
  • Target version set to 2.7.0
  • Plus Target Version set to 23.05

We've seen this pop up in a couple different places so I'll see if there is a way to fix it more generally. The gist of it is that the ip_in_subnet() check doesn't like that it's being passed something that is NOT a prefix address. e.g. x:x:x:x::54/64 instead of x:x:x:x::/64. But we could probably take the parameter and fix it up to be the prefix address before feeding it through the other functions.

Actions
Copy link
 #2

Updated by Jim Pingle about 1 year ago

  • Status changed from New to Feedback
  • % Done changed from 0 to 100
Actions
Copy link
 #3

Updated by Karel Fischl about 1 year ago

I used modified file in 2.7.0, also in 23.01 version and all is fine now. No more PHP error. thank you!

Actions
Copy link
 #4

Updated by Jim Pingle about 1 year ago

  • Status changed from Feedback to Resolved
Actions
Copy link

Also available in: Atom PDF