From 712ebbb5b73baf30f11711efdceb6f08248fac38 Mon Sep 17 00:00:00 2001
From: Philipp Hancke <philipp.hancke@googlemail.com>
Date: Tue, 4 Feb 2020 17:44:46 +0100
Subject: [PATCH] disallow pairing ICE-TCP with a local ip address

BUG=chromium:1038754

Change-Id: Iab7186efd39a94bffde19e0c39a49f6bc61802ec
Reviewed-on: https://webrtc-review.googlesource.com/c/src/+/167060
Commit-Queue: Harald Alvestrand <hta@webrtc.org>
Reviewed-by: Harald Alvestrand <hta@webrtc.org>
Cr-Commit-Position: refs/heads/master@{#30457}
---
 pc/jsep_transport_controller.cc | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/pc/jsep_transport_controller.cc b/pc/jsep_transport_controller.cc
index bc7000f451..8d4eee0ff7 100644
--- a/pc/jsep_transport_controller.cc
+++ b/pc/jsep_transport_controller.cc
@@ -59,6 +59,13 @@ webrtc::RTCError VerifyCandidate(const cricket::Candidate& cand) {
     }
   }
 
+  // Disallow ICE-TCP with a private IP address.
+  if (cand.protocol() == cricket::TCP_PROTOCOL_NAME &&
+      cand.address().IsPrivateIP()) {
+    return webrtc::RTCError(webrtc::RTCErrorType::INVALID_PARAMETER,
+                            "candidate is TCP and has a private IP address");
+  }
+
   return webrtc::RTCError::OK();
 }