Project

General

Profile

Bug #6011

IPv6 link local fails HTTP REFERER check

Added by Jorge M. Oliveira about 3 years ago. Updated over 2 years ago.

Status:
Confirmed
Priority:
Low
Assignee:
-
Category:
Web Interface
Target version:
-
Start date:
03/18/2016
Due date:
% Done:

0%

Estimated time:
Affected Version:
All
Affected Architecture:

Description

On default configured pfSense, the LAN interface has the following IPv6 set by default: fe80::1:1

Trying to login over https://[fe80::1:1]/ results in the error 'An HTTP_REFERER was detected other than what is defined in System'.

This is due the following taking place.
1) auth.inc line 208 - get_configured_ipv6_addresses() is called;
2) util.inc line 1436 - get_configured_ipv6_addresses() body - it walks each interface in search of the configured IPv6;
3) util.inc line 1442 - get_interface_ipv6($int) is called. in this case the value $int should be correct and equal to 'lan';
4) interfaces.inc line 5375 - get_interface_ipv6(...) body - it will return 'null' because the only IP that is set is the link local and 'lan' doesn't not include '_lloc' magic prefix;
5) auth.inc line 208 - get_configured_ipv6_addresses() will return an empty array
6) auth.inc line 209 - obviously the foreach won't be executed at all

While on diag_command.php page if I run:
echo get_interface_linklocal('lan');
It returns fe80::1:1%em1.

Fixing this bug will be somewhat tricky.

My personal trick is changing things to:
function get_configured_ipv6_addresses($linklocal_fallback = false)
function get_interface_ipv6($interface = "wan", $flush = false, $linklocal_fallback = false)
And change some code to cope with the modifications.

I'll submit a PR shortly and decision to merge (or improve) will be left at discretion.

Regards,
Jorge M. Oliveira

History

#1 Updated by Jorge M. Oliveira about 3 years ago

Just a little correction to original post.
5) auth.inc line 208 - get_configured_ipv6_addresses() will return an array with NULL elements;
6) auth.inc line 209 - foreach will be executed but have no effect (each element NULL will implicitly cast to empty string).

PR: https://github.com/pfsense/pfsense/pull/2764

Regards,
Jorge M. Oliveira

#2 Updated by Chris Buechler about 3 years ago

  • Subject changed from Unable to login on WebGUI over IPv6 linklocal due to 'An HTTP_REFERER was detected other than what is defined in System' to IPv6 link local fails HTTP REFERER check
  • Status changed from New to Confirmed
  • Priority changed from Normal to Low
  • Affected Version changed from 2.3 to All

#3 Updated by Jorge M. Oliveira over 2 years ago

This PR has been merged a few months ago. Bug can be marked as resolved.

Also available in: Atom PDF