bug symfony#24502 [HttpFoundation] never match invalid IP addresses (xabbuh)

This PR was merged into the 2.7 branch.

Discussion
----------

[HttpFoundation] never match invalid IP addresses

| Q             | A
| ------------- | ---
| Branch?       | 2.7
| Bug fix?      | yes
| New feature?  | no
| BC breaks?    | no
| Deprecations? | no
| Tests pass?   | yes
| Fixed tickets | symfony#24424
| License       | MIT
| Doc PR        |

Commits
-------

8ad32f0 never match invalid IP addresses

Author: fabpot

src/Symfony/Component/HttpFoundation/IpUtils.php

@@ -87,6 +87,10 @@ public static function checkIp4($requestIp, $ip)
             $netmask = 32;
         }
 
+        if (false === ip2long($address)) {
+            return self::$checkedIps[$cacheKey] = false;
+        }
+
         return self::$checkedIps[$cacheKey] = 0 === substr_compare(sprintf('%032b', ip2long($requestIp)), sprintf('%032b', ip2long($address)), 0, $netmask);
     }
 

src/Symfony/Component/HttpFoundation/Tests/IpUtilsTest.php

@@ -82,4 +82,21 @@ public function testAnIpv6WithOptionDisabledIpv6()
 
         IpUtils::checkIp('2a01:198:603:0:396e:4789:8e99:890f', '2a01:198:603:0::/65');
     }
+
+    /**
+     * @dataProvider invalidIpAddressData
+     */
+    public function testInvalidIpAddressesDoNotMatch($requestIp, $proxyIp)
+    {
+        $this->assertFalse(IpUtils::checkIp4($requestIp, $proxyIp));
+    }
+
+    public function invalidIpAddressData()
+    {
+        return array(
+            'invalid proxy wildcard' => array('192.168.20.13', '*'),
+            'invalid proxy missing netmask' => array('192.168.20.13', '0.0.0.0'),
+            'invalid request IP with invalid proxy wildcard' => array('0.0.0.0', '*'),
+        );
+    }
 }