From: Amos Jeffries <squid3@treenet.co.nz>
Date: Fri, 29 Jan 2010 12:14:44 +0000 (+1300)
Subject: Bug 2553: X-Forwarded-For with IPv6 address not handled correctly
X-Git-Tag: SQUID_3_1_0_16~14
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=265b4b143c2cd31abc370c18dfdbb685b5f01581;p=thirdparty%2Fsquid.git

Bug 2553: X-Forwarded-For with IPv6 address not handled correctly

Also, remove the port from consideration. It is meaningless on indirect
client address.
---

diff --git a/src/client_side_request.cc b/src/client_side_request.cc
index d46353d72b..488acb2607 100644
--- a/src/client_side_request.cc
+++ b/src/client_side_request.cc
@@ -438,7 +438,7 @@ clientFollowXForwardedForCheck(int answer, void *data)
         const char *p;
         const char *asciiaddr;
         int l;
-        struct in_addr addr;
+        IpAddress addr;
         p = request->x_forwarded_for_iterator.termedBuf();
         l = request->x_forwarded_for_iterator.size();
 
@@ -460,7 +460,7 @@ clientFollowXForwardedForCheck(int answer, void *data)
         while (l > 0 && ! (p[l-1] == ',' || xisspace(p[l-1])))
             l--;
         asciiaddr = p+l;
-        if (xinet_pton(AF_INET, asciiaddr, &addr) != 0) {
+        if ((addr = asciiaddr)) {
             request->indirect_client_addr = addr;
             request->x_forwarded_for_iterator.cut(l);
             calloutContext->acl_checklist = clientAclChecklistCreate(Config.accessList.followXFF, http);
@@ -506,6 +506,7 @@ ClientRequestContext::clientAccessCheck()
 
         /* we always trust the direct client address for actual use */
         http->request->indirect_client_addr = http->request->client_addr;
+        http->request->indirect_client_addr.SetPort(0);
 
         /* setup the XFF iterator for processing */
         http->request->x_forwarded_for_iterator = http->request->header.getList(HDR_X_FORWARDED_FOR);