Project

General

Profile

Actions

Bug #6011

open

IPv6 link local fails HTTP REFERER check

Added by Jorge M. Oliveira over 8 years ago. Updated over 8 years ago.

Status:
Confirmed
Priority:
Low
Assignee:
-
Category:
Web Interface
Target version:
-
Start date:
03/18/2016
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
All
Affected Architecture:

Description

On default configured pfSense, the LAN interface has the following IPv6 set by default: fe80::1:1

Trying to login over https://[fe80::1:1]/ results in the error 'An HTTP_REFERER was detected other than what is defined in System'.

This is due the following taking place.
1) auth.inc line 208 - get_configured_ipv6_addresses() is called;
2) util.inc line 1436 - get_configured_ipv6_addresses() body - it walks each interface in search of the configured IPv6;
3) util.inc line 1442 - get_interface_ipv6($int) is called. in this case the value $int should be correct and equal to 'lan';
4) interfaces.inc line 5375 - get_interface_ipv6(...) body - it will return 'null' because the only IP that is set is the link local and 'lan' doesn't not include '_lloc' magic prefix;
5) auth.inc line 208 - get_configured_ipv6_addresses() will return an empty array
6) auth.inc line 209 - obviously the foreach won't be executed at all

While on diag_command.php page if I run:
echo get_interface_linklocal('lan');
It returns fe80::1:1%em1.

Fixing this bug will be somewhat tricky.

My personal trick is changing things to:
function get_configured_ipv6_addresses($linklocal_fallback = false)
function get_interface_ipv6($interface = "wan", $flush = false, $linklocal_fallback = false)
And change some code to cope with the modifications.

I'll submit a PR shortly and decision to merge (or improve) will be left at discretion.

Regards,
Jorge M. Oliveira

Actions

Also available in: Atom PDF