bug symfony#13114 [HttpFoundation] fixed error when an IP in the X-Forwarded-For HTTP head... (fabpot)

fabpot · fabpot · commit 55feca69580b · 2014-12-29T09:20:51.000+01:00
This PR was merged into the 2.3 branch. Discussion ---------- [HttpFoundation] fixed error when an IP in the X-Forwarded-For HTTP head... | Q | A | ------------- | --- | Bug fix? | yes | New feature? | no | BC breaks? | no | Deprecations? | no | Tests pass? | yes | Fixed tickets | n/a | License | MIT | Doc PR | n/a On symfony.com, we have errors related to IP addresses in the `X-Forwarded-For` HTTP header that have a port. If that happens (I have no ideas what is doing that), the page crashes with an error like `inet_pton(): Unrecognized address 187.65.229.211:63479` (which comes from IpUtils::checkIpv6()). This fixes the root cause by removing the port. symfony#12572 is solving the consequence and I propose to also merge it. Commits ------- 60ad382 [HttpFoundation] fixed error when an IP in the X-Forwarded-For HTTP header contains a port
diff --git a/src/Symfony/Component/HttpFoundation/Request.php b/src/Symfony/Component/HttpFoundation/Request.php
@@ -793,6 +793,11 @@ public function getClientIps()
 
         // Eliminate all IPs from the forwarded IP chain which are trusted proxies
         foreach ($clientIps as $key => $clientIp) {
+            // Remove port on IPv4 address (unfortunately, it does happen)
+            if (preg_match('{((?:\d+\.){3}\d+)\:\d+}', $clientIp, $match)) {
+                $clientIps[$key] = $clientIp = $match[1];
+            }
+
             if (IpUtils::checkIp($clientIp, self::$trustedProxies)) {
                 unset($clientIps[$key]);
             }
diff --git a/src/Symfony/Component/HttpFoundation/Tests/RequestTest.php b/src/Symfony/Component/HttpFoundation/Tests/RequestTest.php
@@ -884,6 +884,9 @@ public function testGetClientIpsProvider()
             array(array('3620:0:1cfe:face:b00c::3'), '1620:0:1cfe:face:b00c::3', '3620:0:1cfe:face:b00c::3,2620:0:1cfe:face:b00c::3', array('1620:0:1cfe:face:b00c::3', '2620:0:1cfe:face:b00c::3')),
             // multiple forwarded for with remote IPv4 addr and some reverse proxies trusted but in the middle
             array(array('2620:0:1cfe:face:b00c::3', '4620:0:1cfe:face:b00c::3'), '1620:0:1cfe:face:b00c::3', '4620:0:1cfe:face:b00c::3,3620:0:1cfe:face:b00c::3,2620:0:1cfe:face:b00c::3', array('1620:0:1cfe:face:b00c::3', '3620:0:1cfe:face:b00c::3')),
+
+            // client IP with port
+            array(array('88.88.88.88'), '127.0.0.1', '88.88.88.88:12345, 127.0.0.1', array('127.0.0.1')),
         );
     }
 

Original file line number	Diff line number	Diff line change
`@@ -884,6 +884,9 @@ public function testGetClientIpsProvider()`
`884`	`884`	`array(array('3620:0:1cfe:face:b00c::3'), '1620:0:1cfe:face:b00c::3', '3620:0:1cfe:face:b00c::3,2620:0:1cfe:face:b00c::3', array('1620:0:1cfe:face:b00c::3', '2620:0:1cfe:face:b00c::3')),`
`885`	`885`	`// multiple forwarded for with remote IPv4 addr and some reverse proxies trusted but in the middle`
`886`	`886`	`array(array('2620:0:1cfe:face:b00c::3', '4620:0:1cfe:face:b00c::3'), '1620:0:1cfe:face:b00c::3', '4620:0:1cfe:face:b00c::3,3620:0:1cfe:face:b00c::3,2620:0:1cfe:face:b00c::3', array('1620:0:1cfe:face:b00c::3', '3620:0:1cfe:face:b00c::3')),`
	`887`	`+`
	`888`	`+ // client IP with port`
	`889`	`+ array(array('88.88.88.88'), '127.0.0.1', '88.88.88.88:12345, 127.0.0.1', array('127.0.0.1')),`
`887`	`890`	`);`
`888`	`891`	`}`
`889`	`892`