Properly check domain when registering DHCP static mappings #533
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Use of the PHP function "array_diff_assoc" results in any zone which is a subdomain of a given static DHCP mapping domain being populated with said mapping. In other words, a static DHCP mapping with a domain of "domain.com" would appear in any zone that is a subdomain of it, such as "sub1.domain.com" or "sub2.sub1.domain.com". This fix changes the logic to perform a direct domain comparison so that only the zone matching the exact domain specified in a given static DHCP mapping will be populated with such a mapping entry.
jim-p
approved these changes
Jul 5, 2018
netgate-git-updates
pushed a commit
that referenced
this pull request
Jul 5, 2018
netgate-git-updates
pushed a commit
that referenced
this pull request
May 21, 2022
3.1.0 (2022-05-18) * Introduce basic support for OpenSSL version 3 (#492) * Update regex in grep to be POSIX compliant (#556) * Introduce status reporting tools (#555 & #557) * Display certificates using UTF8 (#551) * Allow certificates to be created with fixed date offset (#550) * Add 'verify' to verify certificate against CA (#549) * Add PKCS#12 alias 'friendlyName' (#544) * Disallow use of '--vars=FILE init-pki' (#566) * Support multiple IP-Addresses in SAN (#564) * Add option '--renew-days=NN', custom renew grace period (#557) * Add 'nopass' option to the 'export-pkcs' functions (#411) * Add support for 'busybox' (#543) * Add option '--tmp-dir=DIR' to declare Temp-dir (Commit f503a22) 3.0.9 (2022-05-17) * Upgrade OpenSSL from 1.1.0j to 1.1.1o (#405, #407) - We are buliding this ourselves now. * Fix --version so it uses EASYRSA_OPENSSL (#416) * Use openssl rand instead of non-POSIX mktemp (#478) * Fix paths with spaces (#443) * Correct OpenSSL version from Homebrew on macOs (#416) * Fix revoking a renewed certificate (Original PR #394) Follow-up commit: ef22701878bb10df567d60f2ac50dce52a82c9ee * Introduce 'show-crl' (d1993892178c5219f4a38d50db3b53d1a972b36c) * Support Windows-Git 'version of bash' (#533) * Disallow use of single quote (') in vars file, Warning (#530) * Creating a CA uses x509-types/ca and COMMON (#526) * Prefer 'PKI/vars' over all other locations (#528) * Introduce 'init-pki soft' option (#197) * Warnings are no longer silenced by --batch (#523) * Improve packaging options (#510) * Update regex for POSIX compliance (#556) * Correct date format for Darwin/BSD (#559)
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Use of the PHP function "array_diff_assoc" results in any zone which is
a subdomain of a given static DHCP mapping domain being populated with
said mapping. In other words, a static DHCP mapping with a domain of
"domain.com" would appear in any zone that is a subdomain of it, such
as "sub1.domain.com" or "sub2.sub1.domain.com".
This fix changes the logic to perform a direct domain comparison so
that only the zone matching the exact domain specified in a given
static DHCP mapping will be populated with such a mapping entry.
Redmine issue: https://redmine.pfsense.org/issues/8619