From 931e0cf4b1fe63e226039fa5010947a54ded93aa Mon Sep 17 00:00:00 2001 From: "guoweis@webrtc.org" Date: Wed, 18 Feb 2015 19:09:42 +0000 Subject: [PATCH] Fix WebRTC IP leaks. WebRTC binds to individual NICs and listens for incoming Stun packets. Sending stun through this specific NIC binding could make OS route the packet differently hence exposing non-VPN public IP. The fix here is 1. to bind to any address (0:0:0:0) instead. This way, the routing will be the same as how chrome/http is. 2. also, remove the any all 0s addresses which happens when we bind to all 0s. BUG=4276 R=juberti@webrtc.org Committed: https://code.google.com/p/webrtc/source/detail?r=8418 Review URL: https://webrtc-codereview.appspot.com/39129004 Cr-Commit-Position: refs/heads/master@{#8419} git-svn-id: http://webrtc.googlecode.com/svn/trunk@8419 4adac7df-926f-26a2-2b94-8c16560cd09d --- webrtc/p2p/client/basicportallocator.cc | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/webrtc/p2p/client/basicportallocator.cc b/webrtc/p2p/client/basicportallocator.cc index 9ca8aa5162..5c322da59e 100644 --- a/webrtc/p2p/client/basicportallocator.cc +++ b/webrtc/p2p/client/basicportallocator.cc @@ -621,9 +621,9 @@ bool BasicPortAllocatorSession::CheckCandidateFilter(const Candidate& c) { } if (c.type() == RELAY_PORT_TYPE) { - return (filter & CF_RELAY); + return ((filter & CF_RELAY) != 0); } else if (c.type() == STUN_PORT_TYPE) { - return (filter & CF_REFLEXIVE); + return ((filter & CF_REFLEXIVE) != 0); } else if (c.type() == LOCAL_PORT_TYPE) { if ((filter & CF_REFLEXIVE) && !c.address().IsPrivateIP()) { // We allow host candidates if the filter allows server-reflexive @@ -646,7 +646,7 @@ bool BasicPortAllocatorSession::CheckCandidateFilter(const Candidate& c) { return false; } - return (filter & CF_HOST); + return ((filter & CF_HOST) != 0); } return false; }