hashicorp
Error during config parsing for malformed listener values.
Specifically, x_forwarded_for_authorized_addrs.
Closes https://github.com/hashicorp/vault/issues/18226
Should we give ProxyProtocolAuthorizedAddrsRaw the same treatment?
Or should we target an even broader fix? Maybe parseutil.ParseAddrs shouldn't be accepting non-IP addrs? That would be the nicest fix, and it would even allow us to close https://github.com/hashicorp/vault/issues/14350.
@ncabatoff I thought about whether parseutil.ParseAddrs was a better place to fix this, or if this was the right place. I was worried that because parseutil.ParseAddrs was in go-secure-stdlib, Boundary and possibly other things could be relying on the current behavior and I was worried about widespread breakage. All parseutil.ParseAddrs does is pass whatever string(s) it's given to sockaddr.NewSockAddr. There's a comment for sockaddr.NewSockAddr here that describes the heuristic being used, and even explicitly calls out that invalid IP addresses will be treated as Unix sockets, exactly the situation we have here. I'm a little torn on the best way to proceed.
I guess maybe one alternative to this would be to create a new function, parseutil.ParseAddrsIP(), or some such, that errors if anything it parses isn't either an IPv4 or IPv6 address, and use that here instead (as well as wherever is doing the parsing for https://github.com/hashicorp/vault/issues/14350.