URLStringProbe always matches, regardless of HTTP status code

Originator:davepeck
Number:rdar://18188232 Date Originated:30-Aug-2014 06:08 PM
Status:Open Resolved:
Product:iOS Product Version:iOS 8.0 GM Seed (12A365)
Classification:Serious Bug Reproducible:Always
 
Summary:
In the iOS 8 GM seed, it appears that URLStringProbe on-demand VPN rules are matched regardless of the HTTP status code returned. (200, 302, 404, etc. all match when only 200 should.)

This bug is not present in production iOS 7.

Steps to Reproduce:
1. Create a configuration profile with a VPN payload that has OnDemandEnabled set to 1, and a URLStringProbe rule to a nonsense URL, and with the Connect action, in the OnDemandRules dictionary (see example file)
2. Install the profile
3. Try to access a website in mobile safari

Expected Results:
Expected: The VPN does not turn on because the URLStringProbe does not match (it points to a server that always returns non-200)

Actual Results:
Actual: The URLStringProbe incorrectly matches, and the VPN always turns on.

Version:
iOS 8.0 GM seed (12A365)

Notes:
This is a regression in the iOS 8 beta builds. This bug is not reproducible in iOS 7. It will no doubt impact many enterprise customers.

Configuration:
iPod Touch MD723LL/A

Attachments:
'example-vpn-config.plist' was successfully uploaded.

Comments


Please note: Reports posted here will not necessarily be seen by Apple. All problems should be submitted at bugreport.apple.com before they are posted here. Please only post information for Radars that you have filed yourself, and please do not include Apple confidential information in your posts. Thank you!