From 86996d7bf74d7eadcd0879d8edb5aa3d7f807b32 Mon Sep 17 00:00:00 2001
From: Ad Schellevis <ad@opnsense.org>
Date: Sun, 18 Sep 2016 12:18:48 +0200
Subject: [PATCH] (unbound) get_interface_subnet(v6) can return null, ignore
 network in that case.

Eventually we should move this kind of "get all attached networks" to a single and simple function, which uses legacy_get_interface_addresses() underneath. but there's still too much obscure code in this region to remove it easily
---
 src/etc/inc/unbound.inc           | 8 ++++++--
 src/www/services_unbound_acls.php | 8 ++++++--
 2 files changed, 12 insertions(+), 4 deletions(-)

diff --git a/src/etc/inc/unbound.inc b/src/etc/inc/unbound.inc
index 5686f3340..1cea883af 100644
--- a/src/etc/inc/unbound.inc
+++ b/src/etc/inc/unbound.inc
@@ -707,13 +707,17 @@ function unbound_acls_config() {
         if (!empty($ifip)) {
             $subnet_bits = get_interface_subnet($ubif);
             $subnet_ip = gen_subnet($ifip, $subnet_bits);
-            $aclcfg .= "access-control: {$subnet_ip}/{$subnet_bits} allow\n";
+            if (!empty($subnet_bits) && !empty($subnet_ip)) {
+                $aclcfg .= "access-control: {$subnet_ip}/{$subnet_bits} allow\n";
+            }
         }
         $ifip = get_interface_ipv6($ubif);
         if (!empty($ifip)) {
             $subnet_bits = get_interface_subnetv6($ubif);
             $subnet_ip = gen_subnetv6($ifip, $subnet_bits);
-            $aclcfg .= "access-control: {$subnet_ip}/{$subnet_bits} allow\n";
+            if (!empty($subnet_bits) && !empty($subnet_ip)) {
+                $aclcfg .= "access-control: {$subnet_ip}/{$subnet_bits} allow\n";
+            }
         }
     }
 
diff --git a/src/www/services_unbound_acls.php b/src/www/services_unbound_acls.php
index 8afd720b1..080659033 100644
--- a/src/www/services_unbound_acls.php
+++ b/src/www/services_unbound_acls.php
@@ -348,13 +348,17 @@ include("head.inc");
                       if (!empty($ifip)) {
                           $subnet_bits = get_interface_subnet($ubif);
                           $subnet_ip = gen_subnet($ifip, $subnet_bits);
-                          $automatic_allowed[] = "{$subnet_ip}/{$subnet_bits}";
+                          if (!empty($subnet_bits) && !empty($subnet_ip)) {
+                              $automatic_allowed[] = "{$subnet_ip}/{$subnet_bits}";
+                          }
                       }
                       $ifip = get_interface_ipv6($ubif);
                       if (!empty($ifip)) {
                           $subnet_bits = get_interface_subnetv6($ubif);
                           $subnet_ip = gen_subnetv6($ifip, $subnet_bits);
-                          $automatic_allowed[] = "{$subnet_ip}/{$subnet_bits}";
+                          if (!empty($subnet_bits) && !empty($subnet_ip)) {
+                              $automatic_allowed[] = "{$subnet_ip}/{$subnet_bits}";
+                          }
                       }
                   }
                   foreach ($automatic_allowed as $network):?>