Skip to content

Invalid IPv6 Address with X-Forwarded-For leads to number format exception #26748

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
FlorianLautenschlager opened this issue Apr 1, 2021 · 3 comments
Closed

Invalid IPv6 Address with X-Forwarded-For leads to number format exception #26748

FlorianLautenschlager opened this issue Apr 1, 2021 · 3 comments
Assignees
@rstoyanchev
Labels
in: web Issues in web modules (web, webmvc, webflux, websocket) type: enhancement A general enhancement
Milestone
5.3.6

Comments

@FlorianLautenschlager
Copy link

FlorianLautenschlager commented Apr 1, 2021
edited
Loading

Affects: Spring Web 5.3.5

Hi Spring Team,

we run our Spring Boot Application using Spring Boot 2.4.4 which includes spring-web-5.3.5 in Google Cloud run.
Every IPv6 address that do not end with only numeric values lead to an internal server error due to a number format exception.
For example, this IPv6 address 2a02:918:175:ab60:45ee:c12c:dac1:808b leads to a number format exception: as 808b is interpreted as the port. We know that the IPv6 address is invalid due to https://tools.ietf.org/html/rfc7239#section-6 and should be in the format of [2a02:918:175:ab60:45ee:c12c:dac1:808b]. Therefore we also raised an issue at Google (https://issuetracker.google.com/issues/184230536).

Regardless, I wanted to discuss whether better error handling would be useful here:

public static InetSocketAddress parseForwardedFor(HttpRequest request, @Nullable InetSocketAddress remoteAddress) {

		int port = (remoteAddress != null ?
				remoteAddress.getPort() : "https".equals(request.getURI().getScheme()) ? 443 : 80);

		String forwardedHeader = request.getHeaders().getFirst("Forwarded");
		if (StringUtils.hasText(forwardedHeader)) {
			String forwardedToUse = StringUtils.tokenizeToStringArray(forwardedHeader, ",")[0];
			Matcher matcher = FORWARDED_FOR_PATTERN.matcher(forwardedToUse);
			if (matcher.find()) {
				String value = matcher.group(1).trim();
				String host = value;
				int portSeparatorIdx = value.lastIndexOf(':');
				if (portSeparatorIdx > value.lastIndexOf(']')) {
					host = value.substring(0, portSeparatorIdx);
					port = Integer.parseInt(value.substring(portSeparatorIdx + 1));
				}
				return new InetSocketAddress(host, port);
			}
		}

I would suggest to enforce the format described in RFC-7239 and if not, throw an exception describing the reason.

Kind Regards,
Florian
@spring-projects-issues spring-projects-issues added the status: waiting-for-triage An issue we've not yet triaged or decided on label Apr 1, 2021
@rstoyanchev rstoyanchev self-assigned this Apr 1, 2021
@rstoyanchev rstoyanchev added the in: web Issues in web modules (web, webmvc, webflux, websocket) label Apr 1, 2021
@rstoyanchev rstoyanchev added this to the 5.3.6 milestone Apr 1, 2021
@rstoyanchev rstoyanchev added type: enhancement A general enhancement and removed status: waiting-for-triage An issue we've not yet triaged or decided on labels Apr 1, 2021
@rstoyanchev
Copy link
Contributor

I've added a validation resulting in IllegalArgumentException.

rstoyanchev added a commit that referenced this issue Apr 7, 2021
@rstoyanchev
Use createUnresolved for forwarded header address
c5ac8e8 
Avoid DNS resolution.

See gh-26748
@sync-by-unito sync-by-unito bot mentioned this issue Apr 14, 2021
Merged
@lanmingle lanmingle mentioned this issue Apr 24, 2021
Closed
@rstoyanchev rstoyanchev mentioned this issue Jun 2, 2021
Closed
@sahi1422
Copy link

I am also facing the same issue but failed to find the solution :(.

@FlorianLautenschlager @rstoyanchev , do you know the fix to handle ipv6 addresses?

@FlorianLautenschlager
Copy link
Author

FlorianLautenschlager commented Jul 28, 2021
edited
Loading

@sahi1422 no - sorry. We switched to AWS due to customer requirements. Was planned before the issue has occurred.

lxbzmy pushed a commit to lxbzmy/spring-framework that referenced this issue Mar 26, 2022
@rstoyanchev @lxbzmy
Additional validation for forwarded header address value
c416cea 
Closes spring-projectsgh-26748
lxbzmy pushed a commit to lxbzmy/spring-framework that referenced this issue Mar 26, 2022
@rstoyanchev @lxbzmy
Use createUnresolved for forwarded header address
ba664d7 
Avoid DNS resolution.

See spring-projectsgh-26748
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@rstoyanchev rstoyanchev

Labels
in: web Issues in web modules (web, webmvc, webflux, websocket) type: enhancement A general enhancement
Projects
None yet
Milestone
5.3.6
Development

No branches or pull requests
4 participants
@rstoyanchev @FlorianLautenschlager @spring-projects-issues @sahi1422