From d0c82ba6d13fb03da83174641a37fe15990607a7 Mon Sep 17 00:00:00 2001
From: baranowb <baranowb@gmail.com>
Date: Mon, 19 Aug 2024 14:11:15 +0200
Subject: [PATCH] [UNDERTOW-2429] CVE-2024-7885 Fix ProxyProtocolReadListener
 leak between multiple threads

Signed-off-by: Flavia Rainone <frainone@redhat.com>
---
 .../server/protocol/proxy/ProxyProtocolReadListener.java        | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/core/src/main/java/io/undertow/server/protocol/proxy/ProxyProtocolReadListener.java b/core/src/main/java/io/undertow/server/protocol/proxy/ProxyProtocolReadListener.java
index da7efd4df8..4971663de6 100644
--- a/core/src/main/java/io/undertow/server/protocol/proxy/ProxyProtocolReadListener.java
+++ b/core/src/main/java/io/undertow/server/protocol/proxy/ProxyProtocolReadListener.java
@@ -56,7 +56,6 @@ class ProxyProtocolReadListener implements ChannelListener<StreamSourceChannel>
     private InetAddress destAddress;
     private int sourcePort = -1;
     private int destPort = -1;
-    private StringBuilder stringBuilder = new StringBuilder();
     private boolean carriageReturnSeen = false;
     private boolean parsingUnknown = false;
 
@@ -223,6 +222,7 @@ private void parseProxyProtocolV2(PooledByteBuffer buffer, AtomicBoolean freeBuf
     }
 
     private void parseProxyProtocolV1(PooledByteBuffer buffer, AtomicBoolean freeBuffer) throws IOException {
+        final StringBuilder stringBuilder = new StringBuilder();
         while (buffer.getBuffer().hasRemaining()) {
             char c = (char) buffer.getBuffer().get();
             if (byteCount < NAME.length) {