Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-43987

Function cleanremoteaddr() in /lib/moodlelib.php fails validation of IP addresses with port numbers

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Critical
    • Resolution: Fixed
    • Affects Version/s: 2.5.2, 2.6, 2.7.3, 2.8.1
    • Fix Version/s: 2.7.4, 2.8.2
    • Component/s: Libraries
    • Labels:
    • Testing Instructions:
      Hide
      1. Run mdk phpunit -r -u lib/tests/moodlelib_test.php on master 28 and 27 or check that lib/tests/moodlelib_test.php didn't cause any problems on the nightly server for master, 28 or 27
      2. sudo apt-add-repository ppa:vbernat/haproxy-1.5
        sudo apt-get update
        sudo apt-get install haproxy

      3. sudo vi /etc/haproxy/haproxy.cfg
      4. Add this to the end of that file

        frontend ha
            bind *:8080
            mode http
            default_backend apache
            option forwardfor header X-Forwarded-For
            http-request set-header X-Forwarded-For <your ip>:59209
         
        backend apache
            mode http
            server web01 <your domain (e.g. blah.in.moodle or localhost)>:80 maxconn 32
            option forwardfor

      5. sudo /etc/init.d/haproxy restart
      6. vi config.php
      7. Change your wwwroot in config.php to include a port of :8080. Use this url to access your instance from now on.
      8. Create a quiz acitvity module in a course
      9. In the creation form or settings, "Extra restrictions on attempts" and click "Show more..."
      10. In terminal, run "ifconfig" to find out your ip
      11. Put <your ip>/32 into the "Require network address" field on the quiz edit screen
      12. Click save changes
      13. Add at least one question to the quiz
      14. Log in as a student enrolled in that course
      15. Verify that the "Attempt quiz now" button is shown
      16. As admin, edit the quiz's settings
      17. On the "Require Network address" field increment the leading octet by one (e.g. 172.20.123.234/32 to 17*3*.20.123.234/32)
      18. Log in as a student enrolled in that course
      19. Verify that "This quiz is only accessible from certain locations, and this computer is not on the allowed list." is shown
      20. Go to http://www.google.com/recaptcha/intro/
      21. Click get Recaptcha
      22. Add a site with the url of your moodle instance
      23. You should be given two keys (public and private)
      24. Go to Site administration ► Plugins ► Authentication ► Manage authentication
      25. Enable email based Self registration in "Common settings"
      26. Copy the public and private keys from google into ReCAPTCHA public key and ReCAPTCHA private key (make sure to put the each key in the correct field)
      27. Save changes
      28. Go to Site administration ► Plugins ► Activity modules ► Manage activities
      29. Click the crossed out eye next to the Feedback module to enable it
      30. Go to the front page, turn editing on
      31. Add a Feedback module to the page
      32. Click the Feedback module you just created
      33. Click Edit questions
      34. Add a short text answer question
      35. Add a captcha element
      36. Log in as a student
      37. Attempt to submit some feedback with the captcha incorrectly filled out
      38. Verify it doesn't submit
      39. Attempt to submit some feedback with the captcha correctly filled out
      40. Verify it submits successfully
      Show
      Run mdk phpunit -r -u lib/tests/moodlelib_test.php on master 28 and 27 or check that lib/tests/moodlelib_test.php didn't cause any problems on the nightly server for master, 28 or 27 sudo apt-add-repository ppa:vbernat/haproxy-1.5 sudo apt-get update sudo apt-get install haproxy sudo vi /etc/haproxy/haproxy.cfg Add this to the end of that file frontend ha bind *:8080 mode http default_backend apache option forwardfor header X-Forwarded-For http-request set-header X-Forwarded-For <your ip>:59209   backend apache mode http server web01 <your domain (e.g. blah.in.moodle or localhost)>:80 maxconn 32 option forwardfor sudo /etc/init.d/haproxy restart vi config.php Change your wwwroot in config.php to include a port of :8080. Use this url to access your instance from now on. Create a quiz acitvity module in a course In the creation form or settings, "Extra restrictions on attempts" and click "Show more..." In terminal, run "ifconfig" to find out your ip Put <your ip>/32 into the "Require network address" field on the quiz edit screen Click save changes Add at least one question to the quiz Log in as a student enrolled in that course Verify that the "Attempt quiz now" button is shown As admin, edit the quiz's settings On the "Require Network address" field increment the leading octet by one (e.g. 172.20.123.234/32 to 17*3*.20.123.234/32) Log in as a student enrolled in that course Verify that "This quiz is only accessible from certain locations, and this computer is not on the allowed list." is shown Go to http://www.google.com/recaptcha/intro/ Click get Recaptcha Add a site with the url of your moodle instance You should be given two keys (public and private) Go to Site administration ► Plugins ► Authentication ► Manage authentication Enable email based Self registration in "Common settings" Copy the public and private keys from google into ReCAPTCHA public key and ReCAPTCHA private key (make sure to put the each key in the correct field) Save changes Go to Site administration ► Plugins ► Activity modules ► Manage activities Click the crossed out eye next to the Feedback module to enable it Go to the front page, turn editing on Add a Feedback module to the page Click the Feedback module you just created Click Edit questions Add a short text answer question Add a captcha element Log in as a student Attempt to submit some feedback with the captcha incorrectly filled out Verify it doesn't submit Attempt to submit some feedback with the captcha correctly filled out Verify it submits successfully
    • Affected Branches:
      MOODLE_25_STABLE, MOODLE_26_STABLE, MOODLE_27_STABLE, MOODLE_28_STABLE
    • Fixed Branches:
      MOODLE_27_STABLE, MOODLE_28_STABLE
    • Pull from Repository:
    • Pull Master Branch:
      MDL-43987-master
    • Sprint:
      BACKEND Sprint 18

      Description

      This following issue is preventing recaptcha from working on my site however I have tracked down the problem to being a general issue in the /lib/moodlelib.php function library.

      When the getremoteaddr() function is called to get the remote IP address, the SERVER[HTTP_X_FORWARDED_FOR] variable is set because my Moodle site sitting behind a firewall. The problem is, the value returned includes a colon followed by a port number. Example:

      201.18.234.2:59209

      When the cleanremoteaddr() function sees a colon in an IP address, it incorrectly assumes this is an IPv6 address.

      You can test this yourself using the function as follows:

      echo cleanremoteaddr("201.18.234.2:59209");

      The desired result should be the display of "201.18.234.2". Instead, the function fails validation of the IP address.

      The check to determine whether an address is IPv4 or IPv6 should be determined by whether there is less than 2 colons or more than 2 colons, not just one colon.

        Attachments

          Issue Links

            Activity

              People

              • Votes:
                1 Vote for this issue
                Watchers:
                7 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:
                  Fix Release Date:
                  12/Jan/15