From 17e418caf057cb2d89786c2990209f7bdcf97410 Mon Sep 17 00:00:00 2001
From: Johann Pardanaud <pardanaud.j@gmail.com>
Date: Thu, 18 Aug 2016 22:02:09 +0200
Subject: [PATCH] Verify explicitly that the request IP is a valid IPv4 address

---
 src/Symfony/Component/HttpFoundation/IpUtils.php           | 5 ++++-
 src/Symfony/Component/HttpFoundation/Tests/IpUtilsTest.php | 1 +
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/src/Symfony/Component/HttpFoundation/IpUtils.php b/src/Symfony/Component/HttpFoundation/IpUtils.php
index 82461d015960..28093be43403 100644
--- a/src/Symfony/Component/HttpFoundation/IpUtils.php
+++ b/src/Symfony/Component/HttpFoundation/IpUtils.php
@@ -61,11 +61,14 @@ public static function checkIp($requestIp, $ips)
      */
     public static function checkIp4($requestIp, $ip)
     {
+        if (!filter_var($requestIp, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4)) {
+            return false;
+        }
+
         if (false !== strpos($ip, '/')) {
             list($address, $netmask) = explode('/', $ip, 2);
 
             if ($netmask === '0') {
-                // Ensure IP is valid - using ip2long below implicitly validates, but we need to do it manually here
                 return filter_var($address, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4);
             }
 
diff --git a/src/Symfony/Component/HttpFoundation/Tests/IpUtilsTest.php b/src/Symfony/Component/HttpFoundation/Tests/IpUtilsTest.php
index 877053f0f390..a6d28a2943bb 100644
--- a/src/Symfony/Component/HttpFoundation/Tests/IpUtilsTest.php
+++ b/src/Symfony/Component/HttpFoundation/Tests/IpUtilsTest.php
@@ -37,6 +37,7 @@ public function testIpv4Provider()
             array(true, '1.2.3.4', '0.0.0.0/0'),
             array(true, '1.2.3.4', '192.168.1.0/0'),
             array(false, '1.2.3.4', '256.256.256/0'), // invalid CIDR notation
+            array(false, 'an_invalid_ip', '192.168.1.0/24'),
         );
     }