Safe InetSocketAddress init for WebSocket and SockJS

rstoyanchev · rstoyanchev · commit a9217d51c27c · 2016-05-22T06:36:42.000-04:00
Issue: SPR-14295
diff --git a/spring-websocket/src/main/java/org/springframework/web/socket/server/standard/AbstractStandardUpgradeStrategy.java b/spring-websocket/src/main/java/org/springframework/web/socket/server/standard/AbstractStandardUpgradeStrategy.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2014 the original author or authors.
+ * Copyright 2002-2016 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -105,8 +105,20 @@ public void upgrade(ServerHttpRequest request, ServerHttpResponse response,
 			WebSocketHandler wsHandler, Map<String, Object> attrs) throws HandshakeFailureException {
 
 		HttpHeaders headers = request.getHeaders();
-		InetSocketAddress localAddr = request.getLocalAddress();
-		InetSocketAddress remoteAddr = request.getRemoteAddress();
+		InetSocketAddress localAddr = null;
+		try {
+			localAddr = request.getLocalAddress();
+		}
+		catch (Exception ex) {
+			// Ignore
+		}
+		InetSocketAddress remoteAddr = null;
+		try {
+			remoteAddr = request.getRemoteAddress();
+		}
+		catch (Exception ex) {
+			// Ignore
+		}
 
 		StandardWebSocketSession session = new StandardWebSocketSession(headers, attrs, localAddr, remoteAddr, user);
 		StandardWebSocketHandlerAdapter endpoint = new StandardWebSocketHandlerAdapter(wsHandler, session);
diff --git a/spring-websocket/src/main/java/org/springframework/web/socket/sockjs/transport/session/AbstractHttpSockJsSession.java b/spring-websocket/src/main/java/org/springframework/web/socket/sockjs/transport/session/AbstractHttpSockJsSession.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2014 the original author or authors.
+ * Copyright 2002-2016 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -196,8 +196,18 @@ public void handleInitialRequest(ServerHttpRequest request, ServerHttpResponse r
 		this.uri = request.getURI();
 		this.handshakeHeaders = request.getHeaders();
 		this.principal = request.getPrincipal();
-		this.localAddress = request.getLocalAddress();
-		this.remoteAddress = request.getRemoteAddress();
+		try {
+			this.localAddress = request.getLocalAddress();
+		}
+		catch (Exception ex) {
+			// Ignore
+		}
+		try {
+			this.remoteAddress = request.getRemoteAddress();
+		}
+		catch (Exception ex) {
+			// Ignore
+		}
 
 		synchronized (this.responseLock) {
 			try {
