The following patch fixes the PHP errors, though they aren't the root of the issue. An ACL rule from the RADIUS attribute is not formatted correctly which leads to the problematic code path when the rule error is logged.
ShowHide
diff --git a/src/etc/inc/util.inc b/src/etc/inc/util.inc
index 7e9e8988fc..a182f1585e 100644
--- a/src/etc/inc/util.inc
+++ b/src/etc/inc/util.inc
@@ -5055,7 +5055,7 @@ function cisco_extract_index($prule) {
if (is_numeric($index[1])) {
return intval($index[1]);
} else {
- logger(LOG_WARNING, localize_text("Error parsing RADIUS attribute - rule %s %s: Could not extract index", $prule));
+ logger(LOG_WARNING, localize_text("Error parsing RADIUS attribute - rule %s: Could not extract index", $prule));
}
return -1;;
}
@@ -5088,7 +5088,7 @@ function parse_cisco_acl_rule($rule, $devname, $dir, $proto) {
$tmprule .= "proto {$rule[$index]} ";
break;
default:
- logger(LOG_WARNING, localize_text("Error parsing RADIUS attribute - rule %s %s: Invalid protocol", $rule_orig));
+ logger(LOG_WARNING, localize_text("Error parsing RADIUS attribute - rule %s: Invalid protocol", $rule_orig));
return;
}
$index++;
@@ -5105,7 +5105,7 @@ function parse_cisco_acl_rule($rule, $devname, $dir, $proto) {
}
$index++;
} else {
- logger(LOG_WARNING, localize_text("Error parsing RADIUS attribute - rule %s %s: Invalid source host '%s'", $rule_orig, $rule[$index]));
+ logger(LOG_WARNING, localize_text("Error parsing RADIUS attribute - rule %s: Invalid source host '%s'", $rule_orig, $rule[$index]));
return;
}
} elseif (is_subnetv6(trim($rule[$index])) && ($proto == "inet6")) {
@@ -5122,12 +5122,12 @@ function parse_cisco_acl_rule($rule, $devname, $dir, $proto) {
try {
$netmask = cisco_to_cidr($netmask);
} catch(Exception $e) {
- logger(LOG_WARNING, localize_text("Error parsing RADIUS attribute - rule %s %s: Invalid source netmask '%s' (%s)", $rule_orig, $netmask, $e->getMessage()));
+ logger(LOG_WARNING, localize_text("Error parsing RADIUS attribute - rule %s: Invalid source netmask '%s' (%s)", $rule_orig, $netmask, $e->getMessage()));
return;
}
$tmprule .= "from {$network}/{$netmask} ";
} else {
- logger(LOG_WARNING, localize_text("Error parsing RADIUS attribute - rule %s %s: Invalid source network '%s'", $rule_orig, $network));
+ logger(LOG_WARNING, localize_text("Error parsing RADIUS attribute - rule %s: Invalid source network '%s'", $rule_orig, $network));
return;
}
@@ -5155,7 +5155,7 @@ function parse_cisco_acl_rule($rule, $devname, $dir, $proto) {
if (is_port($port)) {
$tmprule .= "port {$operator} {$port} ";
} else {
- logger(LOG_WARNING, localize_text("Error parsing RADIUS attribute - rule %s %s: Invalid source port: '%s' not a numeric value between 0 and 65535.", $rule_orig, $port));
+ logger(LOG_WARNING, localize_text("Error parsing RADIUS attribute - rule %s: Invalid source port: '%s' not a numeric value between 0 and 65535.", $rule_orig, $port));
return;
}
$index++;
@@ -5164,7 +5164,7 @@ function parse_cisco_acl_rule($rule, $devname, $dir, $proto) {
if (is_port($port[0]) && is_port($port[1])) {
$tmprule .= "port {$port[0]}:{$port[1]} ";
} else {
- logger(LOG_WARNING, localize_text("Error parsing RADIUS attribute - rule %s %s: Invalid source ports: '%s' & '%s' one or both are not a numeric value between 0 and 65535.", $rule_orig, $port[0], $port[1]));
+ logger(LOG_WARNING, localize_text("Error parsing RADIUS attribute - rule %s: Invalid source ports: '%s' & '%s' one or both are not a numeric value between 0 and 65535.", $rule_orig, $port[0], $port[1]));
return;
}
$index++;
@@ -5178,7 +5178,7 @@ function parse_cisco_acl_rule($rule, $devname, $dir, $proto) {
$tmprule .= "to {$rule[$index]} ";
$index++;
} else {
- logger(LOG_WARNING, localize_text("Error parsing RADIUS attribute - rule %s %s: Invalid destination host '%s'.", $rule_orig, $rule[$index]));
+ logger(LOG_WARNING, localize_text("Error parsing RADIUS attribute - rule %s: Invalid destination host '%s'.", $rule_orig, $rule[$index]));
return;
}
} elseif (is_subnetv6(trim($rule[$index])) && ($proto == "inet6")) {
@@ -5195,12 +5195,12 @@ function parse_cisco_acl_rule($rule, $devname, $dir, $proto) {
try {
$netmask = cisco_to_cidr($netmask);
} catch(Exception $e) {
- logger(LOG_WARNING, localize_text("Error parsing RADIUS attribute - rule %s %s: Invalid destination netmask '%s' (%s).", $rule_orig, $netmask, $e->getMessage()));
+ logger(LOG_WARNING, localize_text("Error parsing RADIUS attribute - rule %s: Invalid destination netmask '%s' (%s).", $rule_orig, $netmask, $e->getMessage()));
return;
}
$tmprule .= "to {$network}/{$netmask} ";
} else {
- logger(LOG_WARNING, localize_text("Error parsing RADIUS attribute - rule %s %s: Invalid destination network '%s'.", $rule_orig, $network));
+ logger(LOG_WARNING, localize_text("Error parsing RADIUS attribute - rule %s: Invalid destination network '%s'.", $rule_orig, $network));
return;
}
@@ -5228,7 +5228,7 @@ function parse_cisco_acl_rule($rule, $devname, $dir, $proto) {
if (is_port($port)) {
$tmprule .= "port {$operator} {$port} ";
} else {
- logger(LOG_WARNING, localize_text("Error parsing RADIUS attribute - rule %s %s: Invalid destination port: '%s' not a numeric value between 0 and 65535.", $rule_orig, $port));
+ logger(LOG_WARNING, localize_text("Error parsing RADIUS attribute - rule %s: Invalid destination port: '%s' not a numeric value between 0 and 65535.", $rule_orig, $port));
return;
}
$index++;
@@ -5237,7 +5237,7 @@ function parse_cisco_acl_rule($rule, $devname, $dir, $proto) {
if (is_port($port[0]) && is_port($port[1])) {
$tmprule .= "port {$port[0]}:{$port[1]} ";
} else {
- logger(LOG_WARNING, localize_text("Error parsing RADIUS attribute - rule %s %s: Invalid destination ports: '%s' '%s' one or both are not a numeric value between 0 and 65535.", $rule_orig, $port[0], $port[1]));
+ logger(LOG_WARNING, localize_text("Error parsing RADIUS attribute - rule %s: Invalid destination ports: '%s' '%s' one or both are not a numeric value between 0 and 65535.", $rule_orig, $port[0], $port[1]));
return;
}
$index++;
Updated by