Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-15655

64 bit support for subnet mask of type 1 in quiz

          Details

          • Type: Bug
          • Status: Closed
          • Priority: Minor
          • Resolution: Fixed
          • Affects Version/s: 1.9.1
          • Fix Version/s: 1.7.6, 1.8.7, 1.9.3
          • Component/s: Quiz
          • Labels:
            None
          • Environment:
            64 bit CPU architecture - Linux Intel
          • Affected Branches:
            MOODLE_19_STABLE
          • Fixed Branches:
            MOODLE_17_STABLE, MOODLE_18_STABLE, MOODLE_19_STABLE

            Description

            When using quiz restriction by ip address, using range type 1: xxx.xxx.xxx.xxx/xx, on 64 bit CPU, result is unexpected. Add the '+' line :

            +++ lib/moodlelib.php
            @@ -7029,6 +7029,7 @@
            if (strpos($subnet, '/') !== false)

            { /// type 1 list($ip, $mask) = explode('/', $subnet); $mask = 0xffffffff << (32 - $mask); + $mask = substr($mask,0,8); // Compatib. cpu 64 bit $found = ((ip2long($addr) & $mask) == (ip2long($ip) & $mask)); }

            else if (strpos($subnet, '-') !== false) {/// type 3
            $subnetparts = explode('.', $subnet);

              Gliffy Diagrams

                Attachments

                  Activity

                  Ascending order - Click to sort in descending order
                  Hide
                  Permalink
                  timhunt Tim Hunt added a comment -

                  Thank you very much for reporting this issues, especially since you included a suggested fix. I'm sorry it took me so long to get around to looking at it.

                  Before applying your fix, I would like to understand it better. At the moment I am confused. All we are doing with $mask is &ing it with some 32 bit integers, so why should it matter if there are some extra bits set in $mask?

                  Would it be possible for you to try running the unit tests for this function on your 64-bit CPU? You just need to go to the URL .../admin/report/simpletest/index.php?&path=lib/simpletest/testmoodlelib.php on your moodle server. Do all those tests pass, both with and without your change?

                  One think about your fix that I don't like is the way it uses string manipulation on $mask. Wouldn't it be better to do $mask = $mask & 0xffffffff; instead of your line of code?

                  Show
                  timhunt Tim Hunt added a comment - Thank you very much for reporting this issues, especially since you included a suggested fix. I'm sorry it took me so long to get around to looking at it. Before applying your fix, I would like to understand it better. At the moment I am confused. All we are doing with $mask is &ing it with some 32 bit integers, so why should it matter if there are some extra bits set in $mask? Would it be possible for you to try running the unit tests for this function on your 64-bit CPU? You just need to go to the URL .../admin/report/simpletest/index.php?&path=lib/simpletest/testmoodlelib.php on your moodle server. Do all those tests pass, both with and without your change? One think about your fix that I don't like is the way it uses string manipulation on $mask. Wouldn't it be better to do $mask = $mask & 0xffffffff; instead of your line of code?
                  Hide
                  Permalink
                  dpouliot Daniel Pouliot added a comment -

                  Full ip address restriction in quiz
                  ex.: quiz --> Require network address: 192.168.10.10

                  It will be interpreted as type 2 and will accept 192.168.10.10 and so 192.168.10.100 to 192.168.10.109

                  So we asked our teachers to use type 1 by adding a '/' at the end. The thing I don't remember is why we didn't ask them to add '/32'. Did it came from the doc? Note that the problem was treated on moodle 1.6.3 in 2007.

                  So, the difference on 64 bit appears when ending with '/'
                  ex.: quiz --> Require network address: 192.168.10.10/

                  This will work well on 32 bit cpu but will not work on 64 bit because of this instruction:
                  $mask = 0xffffffff << (32 - $mask);

                  On 32 bit, no shift will be done and $mask will get 0xFFFFFFFF
                  On 64 bit, a 32 bit shift will be apply giving the value of 0xFFFFFFFF00000000 to $mask

                  Conclusion:
                  '/' on 32 bit = '/32' and on 64 bit = '/0'.
                  '/32' on 32 and 64 bit = '/32'.

                  After many tests and research, I suggest to ignore this patch and add '/32' for full ip addresses. The doc need to be change or the code for type 2 when using full ip addresses need change. In this last case, may be using '*' for partial addresses would be a good solution.

                  Show
                  dpouliot Daniel Pouliot added a comment - Full ip address restriction in quiz ex.: quiz --> Require network address: 192.168.10.10 It will be interpreted as type 2 and will accept 192.168.10.10 and so 192.168.10.100 to 192.168.10.109 So we asked our teachers to use type 1 by adding a '/' at the end. The thing I don't remember is why we didn't ask them to add '/32'. Did it came from the doc? Note that the problem was treated on moodle 1.6.3 in 2007. So, the difference on 64 bit appears when ending with '/' ex.: quiz --> Require network address: 192.168.10.10/ This will work well on 32 bit cpu but will not work on 64 bit because of this instruction: $mask = 0xffffffff << (32 - $mask); On 32 bit, no shift will be done and $mask will get 0xFFFFFFFF On 64 bit, a 32 bit shift will be apply giving the value of 0xFFFFFFFF00000000 to $mask Conclusion: '/' on 32 bit = '/32' and on 64 bit = '/0'. '/32' on 32 and 64 bit = '/32'. After many tests and research, I suggest to ignore this patch and add '/32' for full ip addresses. The doc need to be change or the code for type 2 when using full ip addresses need change. In this last case, may be using '*' for partial addresses would be a good solution.
                  Hide
                  Permalink
                  timhunt Tim Hunt added a comment -

                  Thank you for the clear analysis and explanation. I think I understand now.

                  I did not realise that / was valid syntax. I guess that the best thing is to explicitly check for this case, and treat it as /32.

                  Also, it was a bug if 192.168.10.10 matched 192.168.10.100. Type 2 should only apply to entire parts of the address, it should not be a general sub-string mechanism.

                  I have added unit tests for these cases, and then changed the code so that they all pass.

                  Hopefully that fixes the problem, however I don't have an easy way to test on a 64 bit architecture, so it would be good if you could. Thanks.

                  Show
                  timhunt Tim Hunt added a comment - Thank you for the clear analysis and explanation. I think I understand now. I did not realise that / was valid syntax. I guess that the best thing is to explicitly check for this case, and treat it as /32. Also, it was a bug if 192.168.10.10 matched 192.168.10.100. Type 2 should only apply to entire parts of the address, it should not be a general sub-string mechanism. I have added unit tests for these cases, and then changed the code so that they all pass. Hopefully that fixes the problem, however I don't have an easy way to test on a 64 bit architecture, so it would be good if you could. Thanks.

                    People

                    • Votes:
                      0 Vote for this issue
                      Watchers:
                      1 Start watching this issue

                      Dates

                      • Created:
                        Updated:
                        Resolved:
                        Fix Release Date:
                        15/Oct/08