Merge branch 'fix-invalid-x-forwarded-for-ip' into 'master'

Ignore invalid IPs in X-Forwarded-For when trusted proxies are configured.

## What does this MR do?

Catches IPAddr::InvalidAddressError exceptions in `trusted_proxy?` when a) a trusted proxy is set up in the gitlab config and b) an invalid IP address is passed to the method (e.g. one with a port attached). When caught, returns `false` from the method. Prevents a 500 error in this situation.

## What are the relevant issue numbers?

Closes gitlab-org/gitlab-ce#20466.

## Does this MR meet the acceptance criteria?

- [X] [CHANGELOG](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CHANGELOG) entry added
- [N/A] [Documentation created/updated](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/doc/development/doc_styleguide.md)
- [N/A] API support added
- Tests
  - [X] Added for this feature/bug
  - [X] All builds are passing
- [X] Conform by the [style guides](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CONTRIBUTING.md#style-guides)
- [X] Branch has no merge conflicts with `master` (if you do - rebase it please)
- [X] [Squashed related commits together](https://git-scm.com/book/en/Git-Tools-Rewriting-History#Squashing-Commits)

See merge request !5584

Signed-off-by: Rémy Coutable <remy@rymai.me>

1 files changed, 2 insertions, 0 deletions

diff --git a/config/initializers/trusted_proxies.rb b/config/initializers/trusted_proxies.rb
index 30770b71e24..cd869657c53 100644
--- a/config/initializers/trusted_proxies.rb
+++ b/config/initializers/trusted_proxies.rb
@@ -7,6 +7,8 @@ module Rack
   class Request
     def trusted_proxy?(ip)
       Rails.application.config.action_dispatch.trusted_proxies.any? { |proxy| proxy === ip }
+    rescue IPAddr::InvalidAddressError
+      false
     end
   end
 end