Bug #14256
closed
PHP Error performing IPv6 ``ip_in_subnet()`` when passing a host addresses within prefix
100%
Description
I am getting this PHP error:
crash report begins. Anonymous machine information:
amd64
14.0-CURRENT
FreeBSD 14.0-CURRENT #1 devel-main-n255838-bffe765d807: Fri Apr 7 06:33:33 UTC 2023 root@freebsd:/var/jenkins/workspace/pfSense-CE-snapshots-master-main/obj/amd64/EzNn0Ons/var/jenkins/workspace/pfSense-CE-snapshots-master-main/sources/FreeBSD-src-dev
Crash report details:
PHP Errors:
[09-Apr-2023 16:09:43 Europe/Prague] PHP Fatal error: Uncaught ValueError: str_repeat(): Argument #2 ($times) must be greater than or equal to 0 in /usr/local/share/pear/Net/IPv6.php:684
Stack trace:
#0 /usr/local/share/pear/Net/IPv6.php(684): str_repeat(':0:', -1)
#1 /usr/local/share/pear/Net/IPv6.php(1157): Net_IPv6::uncompress('2001:db8:12:34:...')
#2 /usr/local/share/pear/Net/IPv6.php(450): Net_IPv6::_ip2Bin('2001:db8:12:34:...')
#3 /etc/inc/util.inc(1016): Net_IPv6::isInNetmask('2001:db8:98:76:...', '2001:db8:12:34:...')
#4 /etc/inc/filter.inc(4580): ip_in_subnet('2001:db8:98:76:...', '2001:db8:12:34:...')
#5 /etc/inc/filter.inc(4194): filter_generate_ipsec_rules(Array)
#6 /etc/inc/filter.inc(361): filter_rules_generate()
#7 /etc/rc.filter_configure_sync(32): filter_configure_sync()
#8 {main}
thrown in /usr/local/share/pear/Net/IPv6.php on line 684
[09-Apr-2023 16:09:43 Europe/Prague] PHP Fatal error: Uncaught ValueError: str_repeat(): Argument #2 ($times) must be greater than or equal to 0 in /usr/local/share/pear/Net/IPv6.php:684
Stack trace:
#0 /usr/local/share/pear/Net/IPv6.php(684): str_repeat(':0:', -1)
#1 /usr/local/share/pear/Net/IPv6.php(1157): Net_IPv6::uncompress('2001:db8:12:34:...')
#2 /usr/local/share/pear/Net/IPv6.php(450): Net_IPv6::_ip2Bin('2001:db8:12:34:...')
#3 /etc/inc/util.inc(1016): Net_IPv6::isInNetmask('2001:db8:98:76:...', '2001:db8:12:34:...')
#4 /etc/inc/filter.inc(4580): ip_in_subnet('2001:db8:98:76:...', '2001:db8:12:34:...')
#5 /etc/inc/filter.inc(4194): filter_generate_ipsec_rules(Array)
#6 /etc/inc/filter.inc(361): filter_rules_generate()
#7 /etc/rc.filter_configure_sync(32): filter_configure_sync()
#8 {main}
thrown in /usr/local/share/pear/Net/IPv6.php on line 684
No FreeBSD crash data found.
It is simulated on fresh new stand alone instalation of 2.7.0 in VM. Important is to have one interface with IPv6 with :: and with mask larger then 128 (in my case 2001:db8:12:34::56/64)
Then create one ipsec tunnel IKE2 IPv4 over Ipv6 (so Ipv6 on gateways)
Then this PHP error is appearing.
My invesigation:
Added in /etc/rc.php_ini_setup
zend.exception_string_param_max_len=50
Then call stack look like:
[09-Apr-2023 16:17:19 Europe/Prague] PHP Fatal error: Uncaught ValueError: str_repeat(): Argument #2 ($times) must be greater than or equal to 0 in /usr/local/share/pear/Net/IPv6.php:684
Stack trace:
#0 /usr/local/share/pear/Net/IPv6.php(684): str_repeat(':0:', -1)
#1 /usr/local/share/pear/Net/IPv6.php(1157): Net_IPv6::uncompress('2001:db8:12:34::56:0:0:0:0')
#2 /usr/local/share/pear/Net/IPv6.php(450): Net_IPv6::_ip2Bin('2001:db8:12:34::56:0:0:0:0')
#3 /etc/inc/util.inc(1016): Net_IPv6::isInNetmask('2001:db8:98:76::54', '2001:db8:12:34::56:0:0:0:0')
#4 /etc/inc/filter.inc(4580): ip_in_subnet('2001:db8:98:76::54', '2001:db8:12:34::56/64')
#5 /etc/inc/filter.inc(4194): filter_generate_ipsec_rules(Array)
#6 /etc/inc/filter.inc(361): filter_rules_generate()
#7 /etc/rc.bootup(271): filter_configure_sync()
Problem is in Net_IPv6::isInNetmask
this function is somehow add :0 base on "/64" but it is done before uncompressing :: -> and then uncompress alg fail as there is too much : in address.
(this issue is valid for 2.6.0/2.7.0/23.01)
Workaround is to write Interface address without :: - eq 2001:db8:12:34:0:0:0:56/64
Files
Updated by 
Updated by