Uploaded image for project: 'Undertow'
  1. Undertow
  2. UNDERTOW-1801

ProxyPeerAddressHandler incorrectly parses X_FORWARDED_FOR headers

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Duplicate
    • Icon: Major Major
    • 2.2.13.Final
    • 2.1.3.Final
    • Core
    • None

      The X_FORWARDED_FOR header is incorrectly parsed when there are multiple chained adresses like this:

      X_FORWARDED_FOR : 85.10.10.17, 10.162.219.114

       See [documentation|https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Forwarded-For]

      Instead of matching the whole header as IPv4/IPv6, the first ('mostRecent') address should be matched

       

      The current code is this:

      String remoteClient = mostRecent(forwardedFor);
      //we have no way of knowing the port
      if(IP4_EXACT.matcher(forwardedFor).matches())
      Unknown macro: { exchange.setSourceAddress(new InetSocketAddress(NetworkUtils.parseIpv4Address(remoteClient), 0)); }
      else if(IP6_EXACT.matcher(forwardedFor).matches()) {
      exchange.setSourceAddress(new InetSocketAddress(NetworkUtils.parseIpv6Address(remoteClient), 0));

      I would expect this:

      String remoteClient = mostRecent(forwardedFor);
      //we have no way of knowing the port
      if(IP4_EXACT.matcher(remoteClient).matches())
      Unknown macro: { exchange.setSourceAddress(new InetSocketAddress(NetworkUtils.parseIpv4Address(remoteClient), 0)); }
      else if(IP6_EXACT.matcher(remoteClient).matches()) {
      exchange.setSourceAddress(new InetSocketAddress(NetworkUtils.parseIpv6Address(remoteClient), 0));

              rhn-cservice-bbaranow Bartosz Baranowski
              serialf Florent Masson (Inactive)
              Votes:
              1 Vote for this issue
              Watchers:
              3 Start watching this issue

                Created:
                Updated:
                Resolved: