Merge branch 'main' into security-doc-fixes-3-2-product

quarkusio · Sep 12, 2023 · 4bd97f2 · 4bd97f2
2 parents 504e6c5 + 983f283
commit 4bd97f2
Show file tree

Hide file tree

Showing 2 changed files with 7 additions and 3 deletions.
diff --git a/...sions/vertx-http/runtime/src/main/java/io/quarkus/vertx/http/runtime/ForwardedParser.java b/...sions/vertx-http/runtime/src/main/java/io/quarkus/vertx/http/runtime/ForwardedParser.java
@@ -140,7 +140,7 @@ private void calculate() {
 
                 matcher = FORWARDED_FOR_PATTERN.matcher(forwarded);
                 if (matcher.find()) {
-                    remoteAddress = parseFor(matcher.group(1).trim(), remoteAddress.port());
+                    remoteAddress = parseFor(matcher.group(1).trim(), remoteAddress != null ? remoteAddress.port() : port);
                 }
             } else if (forwardingProxyOptions.allowXForwarded) {
                 String protocolHeader = delegate.getHeader(X_FORWARDED_PROTO);
@@ -177,7 +177,7 @@ private void calculate() {
 
                 String forHeader = delegate.getHeader(X_FORWARDED_FOR);
                 if (forHeader != null) {
-                    remoteAddress = parseFor(getFirstElement(forHeader), remoteAddress.port());
+                    remoteAddress = parseFor(getFirstElement(forHeader), remoteAddress != null ? remoteAddress.port() : port);
                 }
             }
         }

diff --git a/...vertx-http/runtime/src/main/java/io/quarkus/vertx/http/runtime/ForwardedProxyHandler.java b/...vertx-http/runtime/src/main/java/io/quarkus/vertx/http/runtime/ForwardedProxyHandler.java
@@ -45,7 +45,11 @@ public ForwardedProxyHandler(TrustedProxyCheck.TrustedProxyCheckBuilder proxyChe
 
     @Override
     public void handle(HttpServerRequest event) {
-        if (event.remoteAddress().isDomainSocket()) {
+        if (event.remoteAddress() == null) {
+            // client address may not be available with virtual http channel
+            LOGGER.debug("Client address is not available, 'Forwarded' and 'X-Forwarded' headers are going to be ignored");
+            handleForwardedServerRequest(event, denyAll());
+        } else if (event.remoteAddress().isDomainSocket()) {
             // we do not support domain socket proxy checks, ignore the headers
             LOGGER.debug("Domain socket are not supported, 'Forwarded' and 'X-Forwarded' headers are going to be ignored");
             handleForwardedServerRequest(event, denyAll());