From 4f244d0808dc495186b379b7d098420de1843532 Mon Sep 17 00:00:00 2001 From: Philipp Hancke Date: Tue, 2 Apr 2024 11:00:21 -0700 Subject: [PATCH] turn: log warning for empty realm attribute While an empty realm attribute is technically allowed, it reduces the amount of entropy that goes into the turn credentials hash. This remains technically broken in the implementation as hash_ is not recomputed when changing the realm from the initial empty string value to the empty string. Before this change this lead to hash_ not being set and the allocate request being treated as not having enough details to authenticate, resulting in an endless loop of packets. BUG=chromium:329978076 Change-Id: I3d1295f905a9fb58ca5bc6f82466896f79031865 Reviewed-on: https://webrtc-review.googlesource.com/c/src/+/344820 Reviewed-by: Harald Alvestrand Commit-Queue: Philipp Hancke Reviewed-by: Christoffer Dewerin Cr-Commit-Position: refs/heads/main@{#41996} --- p2p/base/turn_port.cc | 14 ++++++++++++++ p2p/base/turn_port.h | 7 +------ 2 files changed, 15 insertions(+), 6 deletions(-) diff --git a/p2p/base/turn_port.cc b/p2p/base/turn_port.cc index 18a84d02ee..6c2110a873 100644 --- a/p2p/base/turn_port.cc +++ b/p2p/base/turn_port.cc @@ -312,6 +312,20 @@ TurnPort::~TurnPort() { } } +void TurnPort::set_realm(absl::string_view realm) { + if (realm.empty()) { + // Fail silently since this reduces the entropy going into the hash but log + // a warning. + RTC_LOG(LS_WARNING) << "Setting realm to the empty string, " + << "this is not supported."; + return; + } + if (realm != realm_) { + realm_ = std::string(realm); + UpdateHash(); + } +} + rtc::SocketAddress TurnPort::GetLocalAddress() const { return socket_ ? socket_->GetLocalAddress() : rtc::SocketAddress(); } diff --git a/p2p/base/turn_port.h b/p2p/base/turn_port.h index 099d8b258a..69832aef7f 100644 --- a/p2p/base/turn_port.h +++ b/p2p/base/turn_port.h @@ -252,12 +252,7 @@ class TurnPort : public Port { bool CreateTurnClientSocket(); void set_nonce(absl::string_view nonce) { nonce_ = std::string(nonce); } - void set_realm(absl::string_view realm) { - if (realm != realm_) { - realm_ = std::string(realm); - UpdateHash(); - } - } + void set_realm(absl::string_view realm); void OnRefreshError(); void HandleRefreshError();