Skip to content

Commit

Permalink
fix(Request): Catch exceptions in isTrustedProxy
Browse files Browse the repository at this point in the history 
The function fails if the configured trusted proxies contain invalid characters and the underlying IpUtils will throw.
But as it is used by `getRemoteAddress` which is used by logging / templating, thrown errors are not reported but silently fail with error 500.

Co-authored-by: Ferdinand Thiessen <opensource@fthiessen.de>
Co-authored-by: Joas Schilling <213943+nickvergessen@users.noreply.github.com>
Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
  • Loading branch information
@susnux @nickvergessen @backportbot
2 people authored and backportbot[bot] committed Jan 29, 2024
1 parent 15d3515 commit 36a658e
Showing 1 changed file with 8 additions and 1 deletion.
9 changes: 8 additions & 1 deletion lib/private/AppFramework/Http/Request.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -577,7 +577,14 @@ public function getId(): string {
* @return boolean true if $remoteAddress matches any entry in $trustedProxies, false otherwise
*/
protected function isTrustedProxy($trustedProxies, $remoteAddress) {
return IpUtils::checkIp($remoteAddress, $trustedProxies);
try {
return IpUtils::checkIp($remoteAddress, $trustedProxies);
} catch (\Throwable) {
// We can not log to our log here as the logger is using `getRemoteAddress` which uses the function, so we would have a cyclic dependency
// Reaching this line means `trustedProxies` is in invalid format.
error_log('Nextcloud trustedProxies has malformed entries');
return false;
}
}

/**
Expand Down

0 comments on commit 36a658e

Please sign in to comment.