Possible bug on 23.05 - Bulk Import of Aliases causes full brick of pfSense
-
I apologize if this has been posted in the wrong section.
I was attempting to do a bulk import of multiple FQDNs into a single Alias. Immediately upon hitting "Save" I received the following message on my screen. (Line breaks added in to make reading easier.)
Fatal error: Uncaught TypeError: Cannot access offset of type string on string in /etc/inc/util.inc:2053 Stack trace: #0 /etc/inc/config.gui.inc(56): alias_make_table() #1 /etc/inc/auth.inc(34): require_once('/etc/inc/config...') #2 /etc/inc/authgui.inc(27): include_once('/etc/inc/auth.i...') #3 /usr/local/www/guiconfig.inc(62): require_once('/etc/inc/authgu...') #4 /usr/local/www/firewall_aliases.php(35): require_once('/usr/local/www/...') #5 {main} thrown in /etc/inc/util.inc on line 2053 PHP ERROR: Type: 1, File: /etc/inc/util.inc, Line: 2053, Message: Uncaught TypeError: Cannot access offset of type string on string in /etc/inc/util.inc:2053 Stack trace: #0 /etc/inc/config.gui.inc(56): alias_make_table() #1 /etc/inc/auth.inc(34): require_once('/etc/inc/config...') #2 /etc/inc/authgui.inc(27): include_once('/etc/inc/auth.i...') #3 /usr/local/www/guiconfig.inc(62): require_once('/etc/inc/authgu...') #4 /usr/local/www/firewall_aliases.php(35): require_once('/usr/local/www/...') #5 {main} thrownThat's all I was able to copy from the webpage. Rebooting didn't change anything. Via console I was unable to revert to a previous config, reboot, reset webconfigurator or anything. My only option was a factory reset and start from scratch.
This happened multiple times both with FQDN and IPs while attempting to Bulk Import. Adding individual FQDNs one-by-one worked fine.
I am running an SG-1100 for reference.
-
D dedskwirl referenced this topic on
-
@dedskwirl That is a known bug, install the System Patches package to apply the fix.
-
@SteveITS said in Possible bug on 23.05 - Bulk Import of Aliases causes full brick of pfSense:
@dedskwirl That is a known bug, install the System Patches package to apply the fix.
If this were truly a known problem, I wouldn't have just crashed my 1100 with a bulk import also. This is a remote router, many miles away. All I can do is reload the firmware onsite now.
I've had nothing but problems with the 1100 and firmware upgrades to 23.01 and 23.05.
-
@JSB I was answering quickly, didnโt mean to be short. There are other posts about it and at least recently (this week?) a release note for 23.05.1 appeared with it so a new version is coming.
https://docs.netgate.com/pfsense/en/latest/releases/23-05-1.html#aliases-tables -
Does anyone know how to recover from this without doing a full reset?
-
@jduzan The (upcoming) release note links to https://redmine.pfsense.org/issues/14412 which mentions the problematic aliases section in the config file:
<aliases> <alias>0</alias> </aliases>Can you connect via SSH or console and remove that from the file? Or maybe the config history?
https://docs.netgate.com/pfsense/en/latest/backup/restore.html#console-configuration-history -
Thanks,
I was able to find the line in the config.xml file and delete it. After that I rebooted the device and then was able to restore from previous config. After that the system came back online. Im not sure why deleting the line in the config wasn't enough, but ut did recover it enough to then do a restore. -
S SteveITS referenced this topic on
-
I encountered this bug last night while attempting to perform a bulk alias import of CDN IP ranges. 23.05.1 needs to get release SOON. Creating a FW alias should NOT cause the entire appliance to fall over... That's terrible.
-
I just want to fume off my anger at this dastardly bug. Seriously? A full brick? With all the nonsense of having to bumble through the console serial connection and all, on a Sunday no less??!?
-
@bars0um Itโs a bad one yeah, but there was a patch via System Patches IIRC, and a few releases since then.