View Issue Details

Related ChangesetsJump to NotesJump to History
This bug affects 1 person(s).
 6
IDProjectCategoryView StatusDate SubmittedLast Update
06202Bug reportsAuthenticationpublic2012-06-12 10:542012-06-20 14:14
ReporterDenisChenu Assigned ToDenisChenu  
PrioritynormalSeverityminor 
Status closedResolutionfixed 
Product Version1.92+ 
Fixed in Version2.00RC3 
Summary06202: SQL error with failed_login_attempts with IPv6
Description

With a IPv6 server and client

Try to connect with a false user/pass :
INSERT INTO lime_failed_login_attempts(ip, number_attempts,last_attempt) VALUES('XXXXXXXXXXXXXXXXXXXXXXXXX',1,'2012-06-12 10:50:57')
Data too long for column 'ip' at row 1

Steps To Reproduce

Try to connect in a ipV6 server with a ipv6 ready client

Additional Information

Solution:

  • Force ipv4 in login test : then LS aren't IpV6 ready
  • Set failed_login_attempts.ip to VARCHAR( 128 )
TagsNo tags attached.
Bug heat6
Complete LimeSurvey version number (& build)120608
I will donate to the project if issue is resolvedNo
Browsernot relevant
Database type & versionMysql 5
Server OS (if known)debian/linux
Webserver software & version (if known)apache
PHP VersionPHP Version 5.3

Users monitoring this issue

There are no users monitoring this issue.

Activities

Mazi

Mazi

2012-06-12 11:43

updater   ~19178

Wouldn't it work fine if we just extend the column length at DB? Are there any other (syntax?) checks invovlved which have to be adapted for IPv6?
DenisChenu

DenisChenu

2012-06-12 11:53

developer   ~19184

Last edited: 2012-06-12 11:57

It's fine with just a DB changing, but i don't know the exact way for most security.

With a ipv6 client ready i think it's very easy to change the IP of the client, maybe
By default ipv4, configuration for ipv6.

Don't know exactly.

Denis

ipv6 : 128bits -> VARCHAR(40) seems OK for hexadecimal representation, but don't know if other php configuration send another notation : can verify this after Carsten advice.
c_schmitz

c_schmitz

2012-06-12 15:00

administrator   ~19211

I guess nobody knows yet - depends on the particular implementation.

We should extend the field for 2.0 as varchar40, and for security purposes truncate everything above 40 chars right before insert.

Shnoulle, can you do that?
DenisChenu

DenisChenu

2012-06-12 15:36

developer   ~19214

Only for 2.0 ?

ipv6 is by default since 2012/06/06 on a lot of ISP products : http://www.worldipv6launch.org/

Denis
DenisChenu

DenisChenu

2012-06-15 08:50

developer   ~19266

Fix committed to Yii branch: http://bugs.limesurvey.org/plugin.php?page=Source/view&id=8730
c_schmitz

c_schmitz

2012-06-20 14:14

administrator   ~19412

Yeah, only for 2.0. Thank you!

Related Changesets

LimeSurvey: Yii ef300ee0

2012-06-13 17:58

DenisChenu


Details Diff		 Fixed issue 06202 : SQL error with failed_login_attempts with IPv6
Dev: need some test for security : due to privacy extensions, solution can be save only ipv4 or remove the privacy extension
Dev: TODO for 1.92		 Affected Issues
06202
mod - application/config/version.php Diff File
mod - application/controllers/admin/authentication.php Diff File
mod - application/controllers/admin/remotecontrol.php Diff File
mod - application/helpers/update/updatedb_helper.php Diff File
mod - application/models/Failed_login_attempts.php Diff File
mod - installer/sql/create-mssql.sql Diff File
mod - installer/sql/create-mysql.sql Diff File
mod - installer/sql/create-pgsql.sql Diff File

Issue History

Date Modified Username Field Change
2012-06-12 10:54 DenisChenu New Issue
2012-06-12 11:43 Mazi Assigned To => c_schmitz
2012-06-12 11:43 Mazi Status new => assigned
2012-06-12 11:43 Mazi Note Added: 19178
2012-06-12 11:53 DenisChenu Note Added: 19184
2012-06-12 11:57 DenisChenu Note Edited: 19184
2012-06-12 14:59 c_schmitz Assigned To c_schmitz => DenisChenu
2012-06-12 15:00 c_schmitz Note Added: 19211
2012-06-12 15:36 DenisChenu Note Added: 19214
2012-06-15 08:50 DenisChenu Changeset attached => LimeSurvey Yii ef300ee0
2012-06-15 08:50 DenisChenu Note Added: 19266
2012-06-15 08:50 DenisChenu Resolution open => fixed
2012-06-20 14:14 c_schmitz Note Added: 19412
2012-06-20 14:14 c_schmitz Status assigned => closed
2012-06-20 14:14 c_schmitz Fixed in Version => 2.00RC3