From fba651822dc9a718642018ba0616aefad540403a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Pawe=C5=82=20Chmielowski?= <pawel@process-one.net>
Date: Mon, 29 Aug 2022 11:26:31 +0200
Subject: [PATCH] Handle invalid values in X-Forwarded-For header more
 gracefuly

---
 src/ejabberd_http.erl | 14 ++++++++------
 1 file changed, 8 insertions(+), 6 deletions(-)

diff --git a/src/ejabberd_http.erl b/src/ejabberd_http.erl
index 56de7e255..fe13868f4 100644
--- a/src/ejabberd_http.erl
+++ b/src/ejabberd_http.erl
@@ -535,12 +535,14 @@ analyze_ip_xff({IPLast, Port}, XFF) ->
 				       TrustedProxies)
 		   of
 		 true ->
-		     {ok, IPFirst} = inet_parse:address(
-                                       binary_to_list(ClientIP)),
-		     ?DEBUG("The IP ~w was replaced with ~w due to "
-			    "header X-Forwarded-For: ~ts",
-			    [IPLast, IPFirst, XFF]),
-		     IPFirst;
+		     case inet_parse:address(binary_to_list(ClientIP)) of
+			 {ok, IPFirst} ->
+			     ?DEBUG("The IP ~w was replaced with ~w due to "
+				    "header X-Forwarded-For: ~ts",
+				    [IPLast, IPFirst, XFF]),
+			     IPFirst;
+			 E -> throw(E)
+		     end;
 		 false -> IPLast
 	       end,
     {IPClient, Port}.