login-security-solution
Opened 14 years ago
Closed 14 years ago
#1553 closed defect (fixed)
get_login_fail: Similar IP addresses incorrectly grouped
| Reported by: |
|
Owned by: |
|
|---|---|---|---|
| Priority: | normal | Severity: | major |
| Plugin: | login-security-solution | Keywords: | sql, query, ip address, wildcard, match, ip, address, login, fail, match |
| Cc: |
Description
In the get_login_fail function, the query uses LIKE wildcard search, currently the query would incorrectly match all of the following IP addresses as being from the same network:
192.168.1.100192.168.100.22192.168.12.1
This is because matching is done without an anchor, instead of passing 192.168.1 to the search 192.168.1. should be passed. Note the additional . (period) at the end.
In the get_login_fail function, the $network_ip passed in is in one of the following forms:
- Empty string (
get_network_ipand other upstream functions return an zero length string in the case of an error, IP being unavailable etc) - IPv4:
a.b.c, e.g.127.0.0,192.168.10 - IPv6:
xxxx:xxxx:xxxx:xxxx, e.g.fdfe:dcba:9876:ffff
Any change must handle all 3 of these forms.
This is considered major severity considering it directly relates to the main functionality of this plugin.
Attachments (1)
Change History (6)
#1
@
14 years ago
I have attached a patch to fix this problem, it should be noted however that although I have written a unit test for this issue I have not ran it against the code. I am unable to run the unit tests against my current setup.
#2
@
14 years ago
- Summary changed from get_login_fail: Ssimilar IP addresses incorrectly grouped to get_login_fail: Similar IP addresses incorrectly grouped
#3
@
14 years ago
- Resolution set to fixed
- Status changed from new to closed
Good catch. Realized exactly what the problem was when you showed the first examples. Doh! Fixed in release 0.17.0.
Patch - to fix incorrect IP address grouping (unit tests untested)