Skip to content

Invalid IPv6 Address with X-Forwarded-For leads to number format exception #26748

New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom
Closed
FlorianLautenschlager opened this issue Apr 1, 2021 · 3 comments
Closed

Invalid IPv6 Address with X-Forwarded-For leads to number format exception #26748

FlorianLautenschlager opened this issue Apr 1, 2021 · 3 comments
Assignees
@rstoyanchev
Labels
in: web Issues in web modules (web, webmvc, webflux, websocket) type: enhancement A general enhancement
Milestone
5.3.6

Comments

@FlorianLautenschlager
Copy link

FlorianLautenschlager commented Apr 1, 2021
edited
Loading

Affects: Spring Web 5.3.5

Hi Spring Team,

we run our Spring Boot Application using Spring Boot 2.4.4 which includes spring-web-5.3.5 in Google Cloud run.
Every IPv6 address that do not end with only numeric values lead to an internal server error due to a number format exception.
For example, this IPv6 address 2a02:918:175:ab60:45ee:c12c:dac1:808b leads to a number format exception: as 808b is interpreted as the port. We know that the IPv6 address is invalid due to https://tools.ietf.org/html/rfc7239#section-6 and should be in the format of [2a02:918:175:ab60:45ee:c12c:dac1:808b]. Therefore we also raised an issue at Google (https://issuetracker.google.com/issues/184230536).

Regardless, I wanted to discuss whether better error handling would be useful here:

public static InetSocketAddress parseForwardedFor(HttpRequest request, @Nullable InetSocketAddress remoteAddress) {

		int port = (remoteAddress != null ?
				remoteAddress.getPort() : "https".equals(request.getURI().getScheme()) ? 443 : 80);

		String forwardedHeader = request.getHeaders().getFirst("Forwarded");
		if (StringUtils.hasText(forwardedHeader)) {
			String forwardedToUse = StringUtils.tokenizeToStringArray(forwardedHeader, ",")[0];
			Matcher matcher = FORWARDED_FOR_PATTERN.matcher(forwardedToUse);
			if (matcher.find()) {
				String value = matcher.group(1).trim();
				String host = value;
				int portSeparatorIdx = value.lastIndexOf(':');
				if (portSeparatorIdx > value.lastIndexOf(']')) {
					host = value.substring(0, portSeparatorIdx);
					port = Integer.parseInt(value.substring(portSeparatorIdx + 1));
				}
				return new InetSocketAddress(host, port);
			}
		}

I would suggest to enforce the format described in RFC-7239 and if not, throw an exception describing the reason.

Kind Regards,
Florian
@spring-projects-issues spring-projects-issues added the status: waiting-for-triage An issue we've not yet triaged or decided on label Apr 1, 2021
@rstoyanchev rstoyanchev self-assigned this Apr 1, 2021
@rstoyanchev rstoyanchev added the in: web Issues in web modules (web, webmvc, webflux, websocket) label Apr 1, 2021
@rstoyanchev rstoyanchev added this to the 5.3.6 milestone Apr 1, 2021
@rstoyanchev rstoyanchev added type: enhancement A general enhancement and removed status: waiting-for-triage An issue we've not yet triaged or decided on labels Apr 1, 2021
@rstoyanchev
Copy link
Contributor

I've added a validation resulting in IllegalArgumentException.

rstoyanchev added a commit that referenced this issue Apr 7, 2021
@rstoyanchev
Use createUnresolved for forwarded header address
c5ac8e8 
Avoid DNS resolution.

See gh-26748
@sync-by-unito sync-by-unito bot mentioned this issue Apr 14, 2021
Merged
@lanmingle lanmingle mentioned this issue Apr 24, 2021
Closed
@rstoyanchev rstoyanchev mentioned this issue Jun 2, 2021
Closed
@sahi1422
Copy link

I am also facing the same issue but failed to find the solution :(.

@FlorianLautenschlager @rstoyanchev , do you know the fix to handle ipv6 addresses?

@FlorianLautenschlager
Copy link
Author

FlorianLautenschlager commented Jul 28, 2021
edited
Loading

@sahi1422 no - sorry. We switched to AWS due to customer requirements. Was planned before the issue has occurred.

lxbzmy pushed a commit to lxbzmy/spring-framework that referenced this issue Mar 26, 2022
@rstoyanchev @lxbzmy
Additional validation for forwarded header address value
c416cea 
Closes spring-projectsgh-26748
lxbzmy pushed a commit to lxbzmy/spring-framework that referenced this issue Mar 26, 2022
@rstoyanchev @lxbzmy
Use createUnresolved for forwarded header address
ba664d7 
Avoid DNS resolution.

See spring-projectsgh-26748
# for free to join this conversation on GitHub. Already have an account? # to comment
Assignees

@rstoyanchev rstoyanchev

Labels
in: web Issues in web modules (web, webmvc, webflux, websocket) type: enhancement A general enhancement
Projects
None yet
Milestone
5.3.6
Development

No branches or pull requests
4 participants
@rstoyanchev @FlorianLautenschlager @spring-projects-issues @sahi1422