Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix 'Unsupported operand types: string & bool' with IPv6 clients on PHP 8+ #46

Closed
wants to merge 1 commit into from
Closed

Fix 'Unsupported operand types: string & bool' with IPv6 clients on PHP 8+ #46

wants to merge 1 commit into from

Conversation

bratkartoffel
Copy link

@bratkartoffel bratkartoffel commented May 13, 2022
edited
Loading

When a client connects to a roundcube instanced with rcguard active, the request aborts with a HTTP 500 error due to an exception.

PHP Fatal error:  Uncaught TypeError: Unsupported operand types: string & bool in /var/www/htdocs/plugins/roundcube-rcguard-1.3.2/rcguard.php:404
Stack trace:
#0 /var/www/htdocs/plugins/roundcube-rcguard-1.3.2/rcguard.php(53): rcguard->get_client_ip()
#1 /var/www/htdocs/program/lib/Roundcube/rcube_plugin_api.php(105): rcguard->init()
#2 /var/www/htdocs/program/include/rcmail.php(153): rcube_plugin_api->init()
#3 /var/www/htdocs/program/include/rcmail.php(86): rcmail->startup()
#4 /var/www/htdocs/index.php(43): rcmail::get_instance()
#5 {main}
  thrown in /var/www/htdocs/plugins/roundcube-rcguard-1.3.2/rcguard.php on line 404

Code to reproduce (extracted from the plugins code):

cat >/tmp/test.php <<"EOF"
<?php
$prefix = 64;
$client_ip = "2001:db8:abcd:0012:1234::3";
$mask_string = str_repeat('1', $prefix) . str_repeat('0', 128 - $prefix);
$mask_split = str_split($mask_string, 16);
foreach ($mask_split as $item) {
  $item = base_convert($item, 2, 16);
}
$mask_hex = implode(':', $mask_split);

var_dump(array(
  inet_pton($client_ip),
  inet_pton($mask_hex),
  inet_pton($client_ip) & inet_pton($mask_hex)
));
EOF

php /tmp/test.php

Prior PHP 8 (e.g. with 7.4), the '&' returns an int and issues just a warning (A non-numeric value encountered in /tmp/test.php on line 14).

@pbiering
Copy link

pbiering commented Mar 8, 2023

This PR may fix the exception on PHP8 and warning on PHP7, but the whole whitelist code is not supporting IPv6 at all at the moment. I will try to fix this now and submit a dedicated PR.

pbiering
pbiering suggested changes Mar 8, 2023
View reviewed changes
Copy link

@pbiering pbiering left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

while implementing proper CIDR match code it was found that the code sniplet is not even working as there is a typo related to i vs. a:

-                $mask_split[$a] = base_convert($mask_split[$a], 2, 16);
+                $mask_split[$i] = base_convert($mask_split[$i], 2, 16);

pbiering added a commit to pbiering/roundcube-rcguard that referenced this pull request Mar 8, 2023
@pbiering
fix based on dsoares#46
a661be1
@pbiering pbiering mentioned this pull request Mar 8, 2023
Open
@pbiering
Copy link

pbiering commented Mar 8, 2023

this PR is now fixed and superseeded by #49

@bratkartoffel : please check the new PR and potentially close yours

pbiering added a commit to pbiering/roundcube-rcguard that referenced this pull request Mar 8, 2023
@pbiering
fix based on dsoares#46
4ca80fa
@bratkartoffel
Copy link
Author

the other PR looks fine as far as i can tell, closing this. Thanks!

@bratkartoffel bratkartoffel deleted the fix-ipv6-unsupported-operand-types branch March 9, 2023 04:48
pbiering added a commit to pbiering/roundcube-rcguard that referenced this pull request Mar 12, 2023
@pbiering
fix based on dsoares#46
9ee3b54
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@pbiering pbiering pbiering requested changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@bratkartoffel @pbiering