Project

General

Profile

Bug #2941

Prohibit adding aliases containing FQDNs in static routes

Added by Chris Buechler about 7 years ago. Updated almost 7 years ago.

Status:
Resolved
Priority:
Normal
Category:
Routing
Target version:
Start date:
04/09/2013
Due date:
% Done:

100%

Estimated time:
Affected Version:
2.1
Affected Architecture:

Description

aliases containing FQDNs cannot be used in static routes, need input validation to prevent that config from being used.

Add_FQDN_Alias_Static_Route.PNG (21.6 KB) Add_FQDN_Alias_Static_Route.PNG Josh Cavalier, 07/02/2013 12:35 AM
Alias_change_to_FQDN_static_route.PNG (25.5 KB) Alias_change_to_FQDN_static_route.PNG Josh Cavalier, 07/02/2013 01:00 AM

Associated revisions

Revision 8543a5bb (diff)
Added by Renato Botelho about 7 years ago

Prohibit adding aliases containing FQDNs in static routes. Fixes #2941

Revision 5b431a20 (diff)
Added by Renato Botelho about 7 years ago

Add a new parameter to return all aliases, including hosts. It fixes #2941

Revision 0d59cc94 (diff)
Added by Renato Botelho about 7 years ago

Fix alias expand for hostnames, it should fix #2941

Revision fcb1ccaf (diff)
Added by Renato Botelho about 7 years ago

Revert "Fix alias expand for hostnames, it should fix #2941"

Working on a better fix

This reverts commit 0d59cc942f2ee225eccdb375e25f58a6f04fa9c4.

Revision 5e2df7fc (diff)
Added by Renato Botelho about 7 years ago

Use global aliastable and proper fix #2941

Revision f0867239 (diff)
Added by Renato Botelho about 7 years ago

Use global aliastable and proper fix #2941

Revision cf96a1a9 (diff)
Added by Renato Botelho almost 7 years ago

Make sure an alias is not used by a static route before delete, ticket #2941

Revision 42626418 (diff)
Added by Renato Botelho almost 7 years ago

Do not allow to add nested alias containing FQDNs when current alias is used on a static route, ticket #2941

Revision 90bc28cc (diff)
Added by Renato Botelho almost 7 years ago

Fix checkes for nested aliases containing FQDNs on static routes. It fixes #2941

Revision a161bfb8 (diff)
Added by Renato Botelho almost 7 years ago

Make sure an alias is not used by a static route before delete, ticket #2941

History

#1 Updated by Chris Buechler about 7 years ago

  • Subject changed from aliases containing FQDNs are not usable in static routes to Prohibit adding aliases containing FQDNs in static routes

#2 Updated by Renato Botelho about 7 years ago

  • Status changed from New to Feedback
  • % Done changed from 0 to 100

#3 Updated by Chris Buechler about 7 years ago

  • Status changed from Feedback to New

on system_routing_edit.php, this only works if the first item in the alias list is a hostname. It works correctly on firewall_aliases_edit.php.

#4 Updated by Renato Botelho about 7 years ago

  • Status changed from New to Feedback

#5 Updated by Josh Stompro about 7 years ago

I'm trying to confirm that this is fixed but I'm not having success. May 2nd 2.1 snapshot, well past when the change was made.

I create an alias with a single host FQDN, save it and apply the change. Then I go to the System Static Routes and add a route using that Alias. And the process completes without any trouble, no error is displayed.

I then deleted the route, and I went back to my alias and changed it to a network alias with a FQDN entry. And I could still use it in a static route.

Maybe I'm not testing the correct thing, could someone describe how to trigger this problem.

Here are the alias and static route config entries.

<route>
            <network>Testing</network>
            <gateway>Openvpn</gateway>
            <descr><![CDATA[test]]></descr>
</route>
<alias>
            <name>Testing</name>
            <address>firewall.larl.org</address>
            <descr><![CDATA[testing]]></descr>
            <type>network</type>
            <detail><![CDATA[larl.org]]></detail>
</alias>

#6 Updated by Renato Botelho about 7 years ago

Josh,

Are you using a recent snapshot?

#7 Updated by Renato Botelho about 7 years ago

  • Assignee set to Renato Botelho

#8 Updated by Josh Stompro about 7 years ago

I'm running the May 2nd snapshot, which seems to have the patches listed in this ticket.

Was I testing correctly? Should I have hit the error message with my test?

Thanks
Josh

#9 Updated by Chris Buechler about 7 years ago

  • Status changed from Feedback to New

still the same as what I noted in an earlier update. It's correct on the alias edit screen, but on system_routes_edit.php it doesn't work.

#10 Updated by Renato Botelho about 7 years ago

  • Status changed from New to Feedback

#14 Updated by Josh Cavalier about 7 years ago

I have tested this with the latest build and it works as intended. I created two aliases, one with a FQDN and one with an IP4 IP. I could add the IP alias but not the FQDN alias. Error message is "The alias (test1) has one or more FQDNs configured and cannot be used to configure a static route."

#15 Updated by Josh Cavalier about 7 years ago

Also, I have replicated the test by Josh Stompro above (changing an existing alias used by a static route from IP to FQDN) and firewall_aliases_edit.php now responds with "This alias is used on a static route and cannot contain FQDNs".

#16 Updated by Chris Buechler about 7 years ago

  • Status changed from Feedback to Resolved

confirmed fixed

#17 Updated by Rahman Duran almost 7 years ago

Hi,

It seems this fix broke using nested aliases for static routing as system_routes_edit.php line 131-138 assumes members of the alias are ipaddr. So please change the status of this bug.

#18 Updated by Renato Botelho almost 7 years ago

  • Status changed from Resolved to New

Nested aliases are still broken, working on it

#19 Updated by Renato Botelho almost 7 years ago

  • Status changed from New to Feedback

#20 Updated by Chris Buechler almost 7 years ago

  • Status changed from Feedback to Resolved

Also available in: Atom PDF