Bug #3442
closed
Stunnel package $config issue?
0%
Description
Pfsense 2.1.1beta, installed Stunnel, but any attempt to add either a first tunnel or a first cert consistently causes a fatal PHP error in stunnel.inc. The fatal error is generated because stunnel.inc executes soon after entry these lines:
if(isset($_GET['id'])) {
$config['installedpackages']['stunnelcerts']['config'][$_GET['id']]['cert_chain']=
base64_decode($config['installedpackages']['stunnelcerts']['config'][$_GET['id']]['cert_chain']);
$config['installedpackages']['stunnelcerts']['config'][$_GET['id']]['cert_key']=
base64_decode($config['installedpackages']['stunnelcerts']['config'][$_GET['id']]['cert_key']);
}
The "+" ("add new entry") buttons in both tabs link to URL like this: https://ROUTER_IP/pkg_edit.php?xml=stunnel_certs.xml&id=0 , so id is set on call, and its value is zero.
The cause seems to be one or both of:
- $config['installedpackages']['stunnelcerts'] doesn't seem to exist as an array at this point, but presumably it should exist by this point. (If by design the $config referred to isn't created on install, then the code is wrongly assuming it has been). print_r($config['installedpackages']['stunnelcerts']) gives an empty response. As a result, base64_decode() is being passed an unset element in a non-existent subarray, and this creates the visible error. Presumably something should have initialised the array (when stunnel installed?) or else stunnel.inc itself should test existence and initialise the expected $config items upon being called, if unset, but neither of these happens
- The significance of being called with id=0 is unclear. This could be internal shorthand for a generic "create new entry", or mean "create a new entry with index=0" (because the first item has index=0). But in either case, the above code seems to expect that $_GET['id'] should point to a valid existing tunnel/cert entry with index = 0, already in $config when stunnel.inc is called. As described no such entry is created when the package installs, nor prior to the above code executing. However, subsequent code in stunnel.inc does seem to test for "no tunnels/certs defined", however, so stunnel.inc's logical flow here isn't clear to me. Perhaps I don't understand it very well.
This issue or one very similar was described in the forum some time ago, but the user was dismissed with "stunnel has worked for ages and nothing's changed" (https://forum.pfsense.org/index.php?topic=62052 May 2013). It looks like there is some kind of bug, as expected $config is relied on, but wasn't created at pkg install, nor created at pkg use/setup, nor is the subarray's unset status in $config[] trapped in the package code before it's relied upon. Can it be checked? Thanks.
Updated by Stilez y over 11 years ago
If stunnel is technically designed as two sub=packages (stunnel and stunnel_certs) then the issue may be that on install or reinstall, only stunnel.xml is dealt with, and stunnel_certs.xml isn't. But I don't know the package system, so I'm guessing and could be completely wrong. It seems possible, two XML files exist but if initialisation within the cert's xml isnt being handled then this might explain why config related to certs doesn't exist when expected. (That said, most packages test their $config exists and creates it "empty" if not, before relying on it)
Updated by Kill Bill almost 10 years ago
When exactly are you getting a fatal error? I'm not getting any on clicking the + neither in tunnels, nor in certificates tab.
Updated by Kill Bill over 9 years ago
This bug simply doesn't exist anywhere on any sane pfSense version. End of story.
Updated by Chris Buechler over 9 years ago
- Status changed from New to Closed
Stilez: if there is some way to replicate this on 2.3, please follow up with details
Updated by Stilez y over 9 years ago
Can't test - stunnel not yet showing as a pfSense package available on 2.3 .