[UNDERTOW-2429] CVE-2024-7885 Fix ProxyProtocolReadListener leak between multiple threads

Signed-off-by: Flavia Rainone <[email protected]>

Author: baranowb

core/src/main/java/io/undertow/server/protocol/proxy/ProxyProtocolReadListener.java

@@ -56,7 +56,6 @@ class ProxyProtocolReadListener implements ChannelListener<StreamSourceChannel>
     private InetAddress destAddress;
     private int sourcePort = -1;
     private int destPort = -1;
-    private StringBuilder stringBuilder = new StringBuilder();
     private boolean carriageReturnSeen = false;
     private boolean parsingUnknown = false;
 
@@ -223,6 +222,7 @@ private void parseProxyProtocolV2(PooledByteBuffer buffer, AtomicBoolean freeBuf
     }
 
     private void parseProxyProtocolV1(PooledByteBuffer buffer, AtomicBoolean freeBuffer) throws IOException {
+        final StringBuilder stringBuilder = new StringBuilder();
         while (buffer.getBuffer().hasRemaining()) {
             char c = (char) buffer.getBuffer().get();
             if (byteCount < NAME.length) {