X-Forwarded-For fieled may return multiple addresses and generate a warning in sendmail.inc

[rcubetrac]

Reported by netesa on 16 Dec 2013 18:09 UTC as Trac ticket #1489481

X-Forwarded-For may return more than 1 IP address (multiple values are comma separated). When this string is passed as an argument for gethostbyaddr() PHP gives the following error: Warning: Address is not a valid IPv4 or IPv6 address... This might happen in sendmail.inc, line 350.

The following patch extracts only the first IP (the client address) from the string.

diff -ruN a/program/steps/mail/sendmail.inc b/program/steps/mail/sendmail.inc
--- a/program/steps/mail/sendmail.inc   2013-12-16 09:01:14.000000000 +0100
+++ b/program/steps/mail/sendmail.inc   2013-12-16 18:52:40.423137602 +0100
@@ -347,6 +347,10 @@
   $http_header = 'from ';
   if (isset($_SERVER[{
     $host = $_SERVER['HTTP_X_FORWARDED_FOR']('HTTP_X_FORWARDED_FOR'])));
+    if (strstr($host, ', ')) {
+      $ips = explode(', ', $host);
+      $host = $ips[   }
     $hostname = gethostbyaddr($host);
     if ($CONFIG['http_received_header_encrypt'](0];
+)) {
       $http_header .= rcmail_encrypt_header($hostname);

Sorry for posting a patch again here, next time I will make a pull-request.

Migrated-From: http://trac.roundcube.net/ticket/1489481

[rcubetrac]

Comment by @alecpl on 17 Dec 2013 08:21 UTC

Fixed in a520f33.

[rcubetrac]

Status changed by @alecpl on 17 Dec 2013 08:21 UTC

new => closed

[rcubetrac]

Milestone changed by @alecpl on 17 Dec 2013 08:21 UTC

later => 1.0-stable