From a9217d51c27c3846eb9e5e2cfc8e3cfff0193c38 Mon Sep 17 00:00:00 2001
From: Rossen Stoyanchev <rstoyanchev@pivotal.io>
Date: Sun, 22 May 2016 06:33:33 -0400
Subject: [PATCH] Safe InetSocketAddress init for WebSocket and SockJS

Issue: SPR-14295
---
 .../AbstractStandardUpgradeStrategy.java       | 18 +++++++++++++++---
 .../session/AbstractHttpSockJsSession.java     | 16 +++++++++++++---
 2 files changed, 28 insertions(+), 6 deletions(-)

diff --git a/spring-websocket/src/main/java/org/springframework/web/socket/server/standard/AbstractStandardUpgradeStrategy.java b/spring-websocket/src/main/java/org/springframework/web/socket/server/standard/AbstractStandardUpgradeStrategy.java
index 7ca2f7ac185..2dd7ff41acc 100644
--- a/spring-websocket/src/main/java/org/springframework/web/socket/server/standard/AbstractStandardUpgradeStrategy.java
+++ b/spring-websocket/src/main/java/org/springframework/web/socket/server/standard/AbstractStandardUpgradeStrategy.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2014 the original author or authors.
+ * Copyright 2002-2016 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -105,8 +105,20 @@ public abstract class AbstractStandardUpgradeStrategy implements RequestUpgradeS
 			WebSocketHandler wsHandler, Map<String, Object> attrs) throws HandshakeFailureException {
 
 		HttpHeaders headers = request.getHeaders();
-		InetSocketAddress localAddr = request.getLocalAddress();
-		InetSocketAddress remoteAddr = request.getRemoteAddress();
+		InetSocketAddress localAddr = null;
+		try {
+			localAddr = request.getLocalAddress();
+		}
+		catch (Exception ex) {
+			// Ignore
+		}
+		InetSocketAddress remoteAddr = null;
+		try {
+			remoteAddr = request.getRemoteAddress();
+		}
+		catch (Exception ex) {
+			// Ignore
+		}
 
 		StandardWebSocketSession session = new StandardWebSocketSession(headers, attrs, localAddr, remoteAddr, user);
 		StandardWebSocketHandlerAdapter endpoint = new StandardWebSocketHandlerAdapter(wsHandler, session);
diff --git a/spring-websocket/src/main/java/org/springframework/web/socket/sockjs/transport/session/AbstractHttpSockJsSession.java b/spring-websocket/src/main/java/org/springframework/web/socket/sockjs/transport/session/AbstractHttpSockJsSession.java
index df0e2771c4c..451dd6bd36b 100644
--- a/spring-websocket/src/main/java/org/springframework/web/socket/sockjs/transport/session/AbstractHttpSockJsSession.java
+++ b/spring-websocket/src/main/java/org/springframework/web/socket/sockjs/transport/session/AbstractHttpSockJsSession.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2014 the original author or authors.
+ * Copyright 2002-2016 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -196,8 +196,18 @@ public abstract class AbstractHttpSockJsSession extends AbstractSockJsSession {
 		this.uri = request.getURI();
 		this.handshakeHeaders = request.getHeaders();
 		this.principal = request.getPrincipal();
-		this.localAddress = request.getLocalAddress();
-		this.remoteAddress = request.getRemoteAddress();
+		try {
+			this.localAddress = request.getLocalAddress();
+		}
+		catch (Exception ex) {
+			// Ignore
+		}
+		try {
+			this.remoteAddress = request.getRemoteAddress();
+		}
+		catch (Exception ex) {
+			// Ignore
+		}
 
 		synchronized (this.responseLock) {
 			try {