Safe InetSocketAddress init for WebSocket and SockJS

Issue: SPR-14295
2016-05-22 06:33:33 -04:00 · 2016-05-22 06:33:33 -04:00 · a9217d51c2
parent 9c02a99d38
commit a9217d51c2
2 changed files with 28 additions and 6 deletions
--- a/spring-websocket/src/main/java/org/springframework/web/socket/server/standard/AbstractStandardUpgradeStrategy.java
+++ b/spring-websocket/src/main/java/org/springframework/web/socket/server/standard/AbstractStandardUpgradeStrategy.java
@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2014 the original author or authors.
+ * Copyright 2002-2016 the original author or authors.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
@ -105,8 +105,20 @@ public abstract class AbstractStandardUpgradeStrategy implements RequestUpgradeS
 			WebSocketHandler wsHandler, Map<String, Object> attrs) throws HandshakeFailureException {

 		HttpHeaders headers = request.getHeaders();
-		InetSocketAddress localAddr = request.getLocalAddress();
-		InetSocketAddress remoteAddr = request.getRemoteAddress();
+		InetSocketAddress localAddr = null;
+		try {
+			localAddr = request.getLocalAddress();
+		}
+		catch (Exception ex) {
+			// Ignore
+		}
+		InetSocketAddress remoteAddr = null;
+		try {
+			remoteAddr = request.getRemoteAddress();
+		}
+		catch (Exception ex) {
+			// Ignore
+		}

 		StandardWebSocketSession session = new StandardWebSocketSession(headers, attrs, localAddr, remoteAddr, user);
 		StandardWebSocketHandlerAdapter endpoint = new StandardWebSocketHandlerAdapter(wsHandler, session);
--- a/spring-websocket/src/main/java/org/springframework/web/socket/sockjs/transport/session/AbstractHttpSockJsSession.java
+++ b/spring-websocket/src/main/java/org/springframework/web/socket/sockjs/transport/session/AbstractHttpSockJsSession.java
@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2014 the original author or authors.
+ * Copyright 2002-2016 the original author or authors.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
@ -196,8 +196,18 @@ public abstract class AbstractHttpSockJsSession extends AbstractSockJsSession {
 		this.uri = request.getURI();
 		this.handshakeHeaders = request.getHeaders();
 		this.principal = request.getPrincipal();
-		this.localAddress = request.getLocalAddress();
-		this.remoteAddress = request.getRemoteAddress();
+		try {
+			this.localAddress = request.getLocalAddress();
+		}
+		catch (Exception ex) {
+			// Ignore
+		}
+		try {
+			this.remoteAddress = request.getRemoteAddress();
+		}
+		catch (Exception ex) {
+			// Ignore
+		}

 		synchronized (this.responseLock) {
 			try {