From 9154ea387346ad1b2864a02397a36bc2cfb9dd5c Mon Sep 17 00:00:00 2001
From: Jaroslav Kysela <perex@perex.cz>
Date: Tue, 4 Jul 2017 08:27:59 +0200
Subject: [PATCH] http: fix the proxy protocol code, fixes #4469

---
 src/http.c | 15 ++++++++++-----
 1 file changed, 10 insertions(+), 5 deletions(-)

diff --git a/src/http.c b/src/http.c
index 9a4bad7c3..2921f3e63 100644
--- a/src/http.c
+++ b/src/http.c
@@ -1110,8 +1110,12 @@ process_request(http_connection_t *hc, htsbuf_queue_t *spill)
   hc->hc_url_orig = tvh_strdupa(hc->hc_url);
 
   v = (config.proxy) ? http_arg_get(&hc->hc_args, "X-Forwarded-For") : NULL;
-  if (v)
-    tcp_get_ip_from_str(v, hc->hc_peer);
+  if (v) {
+    if (tcp_get_ip_from_str(v, hc->hc_peer) == NULL) {
+      http_error(hc, HTTP_STATUS_BAD_REQUEST);
+      return -1;
+    }
+  }
 
   tcp_get_str_from_ip(hc->hc_peer, authbuf, sizeof(authbuf));
 
@@ -1456,12 +1460,13 @@ http_serve_requests(http_connection_t *hc)
           goto error;  /* Not valid IP address */
         }
       }
+      if (*c != ' ') goto error;
       /* Check length */
-      if ((s-c) < 8) goto error;
-      if ((s-c) > (delim == ':' ? 39 : 16)) goto error;
+      if ((c-s) < 7) goto error;
+      if ((c-s) > (delim == ':' ? 45 : 15)) goto error;
       
       /* Add null terminator */
-      *(c-1) = '\0';
+      *c = '\0';
 
       /* Don't care about DST-ADDRESS, SRC-PORT & DST-PORT
          All it's OK, push the original client IP */
-- 
2.47.3