Reject invalid forwarded headers

Issue: SPR-16660

Reject invalid forwarded headers
Issue: SPR-16660
a546cf0a · Rossen Stoyanchev · 5fb4c825 · a546cf0a
隐藏空白更改
内联并排

Showing with 32 addition and 25 deletion

spring-web/src/main/java/org/springframework/web/util/UriComponentsBuilder.java ...va/org/springframework/web/util/UriComponentsBuilder.java +32 -25

未找到文件。
--- a/spring-web/src/main/java/org/springframework/web/util/UriComponentsBuilder.java
+++ b/spring-web/src/main/java/org/springframework/web/util/UriComponentsBuilder.java
@@ -729,36 +729,43 @@ public class UriComponentsBuilder implements UriBuilder, Cloneable {
 	 * @since 4.2.7
 	 */
 	UriComponentsBuilder adaptFromForwardedHeaders(HttpHeaders headers) {
-		String forwardedHeader = headers.getFirst("Forwarded");
-		if (StringUtils.hasText(forwardedHeader)) {
-			String forwardedToUse = StringUtils.tokenizeToStringArray(forwardedHeader, ",")[0];
-			Matcher matcher = FORWARDED_PROTO_PATTERN.matcher(forwardedToUse);
-			if (matcher.find()) {
-				scheme(matcher.group(1).trim());
-				port(null);
-			}
-			matcher = FORWARDED_HOST_PATTERN.matcher(forwardedToUse);
-			if (matcher.find()) {
-				adaptForwardedHost(matcher.group(1).trim());
-			}
-		}
-		else {
-			String protocolHeader = headers.getFirst("X-Forwarded-Proto");
-			if (StringUtils.hasText(protocolHeader)) {
-				scheme(StringUtils.tokenizeToStringArray(protocolHeader, ",")[0]);
-				port(null);
+		try {
+			String forwardedHeader = headers.getFirst("Forwarded");
+			if (StringUtils.hasText(forwardedHeader)) {
+				String forwardedToUse = StringUtils.tokenizeToStringArray(forwardedHeader, ",")[0];
+				Matcher matcher = FORWARDED_PROTO_PATTERN.matcher(forwardedToUse);
+				if (matcher.find()) {
+					scheme(matcher.group(1).trim());
+					port(null);
+				}
+				matcher = FORWARDED_HOST_PATTERN.matcher(forwardedToUse);
+				if (matcher.find()) {
+					adaptForwardedHost(matcher.group(1).trim());
+				}
 			}
+			else {
+				String protocolHeader = headers.getFirst("X-Forwarded-Proto");
+				if (StringUtils.hasText(protocolHeader)) {
+					scheme(StringUtils.tokenizeToStringArray(protocolHeader, ",")[0]);
+					port(null);
+				}

-			String hostHeader = headers.getFirst("X-Forwarded-Host");
-			if (StringUtils.hasText(hostHeader)) {
-				adaptForwardedHost(StringUtils.tokenizeToStringArray(hostHeader, ",")[0]);
-			}
+				String hostHeader = headers.getFirst("X-Forwarded-Host");
+				if (StringUtils.hasText(hostHeader)) {
+					adaptForwardedHost(StringUtils.tokenizeToStringArray(hostHeader, ",")[0]);
+				}

-			String portHeader = headers.getFirst("X-Forwarded-Port");
-			if (StringUtils.hasText(portHeader)) {
-				port(Integer.parseInt(StringUtils.tokenizeToStringArray(portHeader, ",")[0]));
+				String portHeader = headers.getFirst("X-Forwarded-Port");
+				if (StringUtils.hasText(portHeader)) {
+					port(Integer.parseInt(StringUtils.tokenizeToStringArray(portHeader, ",")[0]));
+				}
 			}
 		}
+		catch (NumberFormatException ex) {
+			throw new IllegalArgumentException("Failed to parse a port from \"forwarded\"-type headers. " +
+					"If not behind a trusted proxy, consider using ForwardedHeaderFilter " +
+					"with the removeOnly=true. Request headers: " + headers);
+		}

 		if (this.scheme != null && ((this.scheme.equals("http") && "80".equals(this.port)) ||
 				(this.scheme.equals("https") && "443".equals(this.port)))) {