IPv6 rules cause logging of warnings when nextcloud is accessed via IPv4

[pony1k]

How to use GitHub

• Please use the 👍 reaction to show that you are affected by the same issue.
• Please don't comment if you have no relevant information to add. It's just extra noise for everyone subscribed to this issue.
• Subscribe to receive notifications on status change and new comments.

---

Steps to reproduce

1. Add a 'Block access to a file' flow.
2. Add a 'Request remote address' 'does not match IPv6' rule to the flow.
3. Access nextcloud via IPv4.

Expected behaviour

No excessive logging.

Actual behaviour

unpack(): Type A: not enough input, need 16, have 4 at /var/www/nextcloud/apps/workflowengine/lib/Check/RequestRemoteAddress.php#115

and

Trying to access array offset on value of type bool at /var/www/nextcloud/apps/workflowengine/lib/Check/RequestRemoteAddress.php#116

is logged repeatedly at level 2/warning. Log viewer becomes unusable.

Server configuration

Web server: Nginx

Database: PostgreSQL

PHP version: 8.2.28

Nextcloud version: 31.0.7.1

My suggestions

Looking at /var/www/nextcloud/apps/workflowengine/lib/Check/RequestRemoteAddress.php, I don't see any check whether the address actually is an IPv6 address before ipv6ToBits is called. Adding a check between the two lines

                $ipNet = inet_pton($ip);
                $binaryIp = $this->ipv6ToBits($ipNet);

in matchIPv6 and return false when it isn't an IPv6 address will likely fix the issue.

A bit unrelated to this I found that the code copied from stackoverflow for the ipv6ToBits method had an error and was corrected in the mean time. The unnecessary unpack will truncate IPv6 addresses that contain a 0x20 byte.

[oleksandr-nc]

Hello. I guees the workflowengine is not a Flow application. You should create issue in the Nextcloud Server repo