Malformed Forwarded header causes a null pointer exception #3832
Description
Describe the bug
Sending any 'Forwarded' header without the 'for' element causes a NullPointerException in the ForwardedHeadersFilter
Sample
Any request with the 'Forwarded' header set to any of these examples will break:
Forwarded: brian
Forwarded: 1.1.1.1
Forwarded: host=1.1.1.1
Adding
;for=anything
does not.
Example:
Forwarded: brian;for=anything
It seems that the Forwarded header parsing is not safe, and has not been since the Trusted Proxies support was added.
Stack trace:
java.lang.NullPointerException: Cannot invoke "java.lang.CharSequence.length()" because "this.text" is null
at java.base/java.util.regex.Matcher.getTextLength(Matcher.java:1808)
Suppressed: reactor.core.publisher.FluxOnAssembly$OnAssemblyException:
Error has been observed at the following site(s):
*__checkpoint ⇢ AuthorizationWebFilter [DefaultWebFilterChain]
*__checkpoint ⇢ ExceptionTranslationWebFilter [DefaultWebFilterChain]
*__checkpoint ⇢ LogoutWebFilter [DefaultWebFilterChain]
*__checkpoint ⇢ ServerRequestCacheWebFilter [DefaultWebFilterChain]
*__checkpoint ⇢ SecurityContextServerWebExchangeWebFilter [DefaultWebFilterChain]
*__checkpoint ⇢ AuthenticationWebFilter [DefaultWebFilterChain]
*__checkpoint ⇢ ReactorContextWebFilter [DefaultWebFilterChain]
*__checkpoint ⇢ HttpHeaderWriterWebFilter [DefaultWebFilterChain]
*__checkpoint ⇢ ServerWebExchangeReactorContextWebFilter [DefaultWebFilterChain]
*__checkpoint ⇢ org.springframework.security.web.server.WebFilterChainProxy [DefaultWebFilterChain]
*__checkpoint ⇢ HTTP GET "/path/to/resource/malformed/forwardedHeader" [ExceptionHandlingWebHandler]
Original Stack Trace:
at java.base/java.util.regex.Matcher.getTextLength(Matcher.java:1808)
at java.base/java.util.regex.Matcher.reset(Matcher.java:461)
at java.base/java.util.regex.Matcher.(Matcher.java:256)
at java.base/java.util.regex.Pattern.matcher(Pattern.java:1180)
at org.springframework.cloud.gateway.filter.headers.TrustedProxies.lambda$from$0(TrustedProxies.java:52)
at org.springframework.cloud.gateway.filter.headers.ForwardedHeadersFilter.filter(ForwardedHeadersFilter.java:159)