Project

General

Profile

Actions

Bug #14256

closed

PHP Error performing IPv6 ``ip_in_subnet()`` when passing a host addresses within prefix

Added by Karel Fischl over 1 year ago. Updated over 1 year ago.

Status:
Resolved
Priority:
Normal
Assignee:
Category:
IPsec
Target version:
Start date:
Due date:
% Done:

100%

Estimated time:
Plus Target Version:
23.05
Release Notes:
Default
Affected Version:
2.7.x
Affected Architecture:
All

Description

I am getting this PHP error:

crash report begins.  Anonymous machine information:

amd64
14.0-CURRENT
FreeBSD 14.0-CURRENT #1 devel-main-n255838-bffe765d807: Fri Apr  7 06:33:33 UTC 2023     root@freebsd:/var/jenkins/workspace/pfSense-CE-snapshots-master-main/obj/amd64/EzNn0Ons/var/jenkins/workspace/pfSense-CE-snapshots-master-main/sources/FreeBSD-src-dev

Crash report details:

PHP Errors:
[09-Apr-2023 16:09:43 Europe/Prague] PHP Fatal error:  Uncaught ValueError: str_repeat(): Argument #2 ($times) must be greater than or equal to 0 in /usr/local/share/pear/Net/IPv6.php:684
Stack trace:
#0 /usr/local/share/pear/Net/IPv6.php(684): str_repeat(':0:', -1)
#1 /usr/local/share/pear/Net/IPv6.php(1157): Net_IPv6::uncompress('2001:db8:12:34:...')
#2 /usr/local/share/pear/Net/IPv6.php(450): Net_IPv6::_ip2Bin('2001:db8:12:34:...')
#3 /etc/inc/util.inc(1016): Net_IPv6::isInNetmask('2001:db8:98:76:...', '2001:db8:12:34:...')
#4 /etc/inc/filter.inc(4580): ip_in_subnet('2001:db8:98:76:...', '2001:db8:12:34:...')
#5 /etc/inc/filter.inc(4194): filter_generate_ipsec_rules(Array)
#6 /etc/inc/filter.inc(361): filter_rules_generate()
#7 /etc/rc.filter_configure_sync(32): filter_configure_sync()
#8 {main}
  thrown in /usr/local/share/pear/Net/IPv6.php on line 684
[09-Apr-2023 16:09:43 Europe/Prague] PHP Fatal error:  Uncaught ValueError: str_repeat(): Argument #2 ($times) must be greater than or equal to 0 in /usr/local/share/pear/Net/IPv6.php:684
Stack trace:
#0 /usr/local/share/pear/Net/IPv6.php(684): str_repeat(':0:', -1)
#1 /usr/local/share/pear/Net/IPv6.php(1157): Net_IPv6::uncompress('2001:db8:12:34:...')
#2 /usr/local/share/pear/Net/IPv6.php(450): Net_IPv6::_ip2Bin('2001:db8:12:34:...')
#3 /etc/inc/util.inc(1016): Net_IPv6::isInNetmask('2001:db8:98:76:...', '2001:db8:12:34:...')
#4 /etc/inc/filter.inc(4580): ip_in_subnet('2001:db8:98:76:...', '2001:db8:12:34:...')
#5 /etc/inc/filter.inc(4194): filter_generate_ipsec_rules(Array)
#6 /etc/inc/filter.inc(361): filter_rules_generate()
#7 /etc/rc.filter_configure_sync(32): filter_configure_sync()
#8 {main}
  thrown in /usr/local/share/pear/Net/IPv6.php on line 684

No FreeBSD crash data found.

It is simulated on fresh new stand alone instalation of 2.7.0 in VM. Important is to have one interface with IPv6 with :: and with mask larger then 128 (in my case 2001:db8:12:34::56/64)
Then create one ipsec tunnel IKE2 IPv4 over Ipv6 (so Ipv6 on gateways)

Then this PHP error is appearing.

My invesigation:

Added in /etc/rc.php_ini_setup
zend.exception_string_param_max_len=50

Then call stack look like:
[09-Apr-2023 16:17:19 Europe/Prague] PHP Fatal error: Uncaught ValueError: str_repeat(): Argument #2 ($times) must be greater than or equal to 0 in /usr/local/share/pear/Net/IPv6.php:684
Stack trace:
#0 /usr/local/share/pear/Net/IPv6.php(684): str_repeat(':0:', -1)
#1 /usr/local/share/pear/Net/IPv6.php(1157): Net_IPv6::uncompress('2001:db8:12:34::56:0:0:0:0')
#2 /usr/local/share/pear/Net/IPv6.php(450): Net_IPv6::_ip2Bin('2001:db8:12:34::56:0:0:0:0')
#3 /etc/inc/util.inc(1016): Net_IPv6::isInNetmask('2001:db8:98:76::54', '2001:db8:12:34::56:0:0:0:0')
#4 /etc/inc/filter.inc(4580): ip_in_subnet('2001:db8:98:76::54', '2001:db8:12:34::56/64')
#5 /etc/inc/filter.inc(4194): filter_generate_ipsec_rules(Array)
#6 /etc/inc/filter.inc(361): filter_rules_generate()
#7 /etc/rc.bootup(271): filter_configure_sync()

Problem is in Net_IPv6::isInNetmask

this function is somehow add :0 base on "/64" but it is done before uncompressing :: -> and then uncompress alg fail as there is too much : in address.

(this issue is valid for 2.6.0/2.7.0/23.01)

Workaround is to write Interface address without :: - eq 2001:db8:12:34:0:0:0:56/64


Files

Actions

Also available in: Atom PDF