admin/webrtc_m130
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Obfuscate prflx raddr when using mdns

Browse Source 
BUG=chromium:1478690

Change-Id: I7a1caad7bbd2fc82507b61b59be71546494a304c
Reviewed-on: https://webrtc-review.googlesource.com/c/src/+/319580
Reviewed-by: Harald Alvestrand <hta@webrtc.org>
Reviewed-by: Henrik Boström <hbos@webrtc.org>
Commit-Queue: Philipp Hancke <phancke@microsoft.com>
Cr-Commit-Position: refs/heads/main@{#40724}
This commit is contained in:
Philipp Hancke 2023-09-08 11:31:30 +02:00 committed by WebRTC LUCI CQ
parent 2d162c4702
commit a8e3111d8c
2 changed files with 19 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
p2p/base/port_allocator.cc
View File

@ -340,9 +340,12 @@ Candidate PortAllocator::SanitizeCandidate(const Candidate& c) const {
// If the candidate filter doesn't allow reflexive addresses, empty TURN raddr // If the candidate filter doesn't allow reflexive addresses, empty TURN raddr
// to avoid reflexive address leakage. // to avoid reflexive address leakage.
bool filter_turn_related_address = !(candidate_filter_ & CF_REFLEXIVE); bool filter_turn_related_address = !(candidate_filter_ & CF_REFLEXIVE);
// Sanitize related_address when using MDNS.
bool filter_prflx_related_address = MdnsObfuscationEnabled();
bool filter_related_address = bool filter_related_address =
((c.type() == STUN_PORT_TYPE && filter_stun_related_address) || ((c.type() == STUN_PORT_TYPE && filter_stun_related_address) ||
(c.type() == RELAY_PORT_TYPE && filter_turn_related_address)); (c.type() == RELAY_PORT_TYPE && filter_turn_related_address) ||
(c.type() == PRFLX_PORT_TYPE && filter_prflx_related_address));
return c.ToSanitizedCopy(use_hostname_address, filter_related_address); return c.ToSanitizedCopy(use_hostname_address, filter_related_address);
} }

15
p2p/base/port_allocator_unittest.cc
View File

@ -357,6 +357,21 @@ TEST_F(PortAllocatorTest, SanitizePrflxCandidateMdnsObfuscationEnabled) {
EXPECT_EQ("", output.address().ipaddr().ToString()); EXPECT_EQ("", output.address().ipaddr().ToString());
} }
TEST_F(PortAllocatorTest,
SanitizePrflxCandidateMdnsObfuscationEnabledRelatedAddress) {
allocator_->SetMdnsObfuscationEnabledForTesting(true);
// Create the candidate from an IP literal. This populates the hostname.
cricket::Candidate input(1, "udp", rtc::SocketAddress(kIpv4Address, 443), 1,
"username", "password", cricket::PRFLX_PORT_TYPE, 1,
"foundation", 1, 1);
cricket::Candidate output = allocator_->SanitizeCandidate(input);
EXPECT_NE(kIpv4AddressWithPort, output.address().ToString());
EXPECT_EQ("", output.address().ipaddr().ToString());
EXPECT_NE(kIpv4AddressWithPort, output.related_address().ToString());
EXPECT_EQ("", output.related_address().ipaddr().ToString());
}
TEST_F(PortAllocatorTest, SanitizeIpv4NonLiteralMdnsObfuscationEnabled) { TEST_F(PortAllocatorTest, SanitizeIpv4NonLiteralMdnsObfuscationEnabled) {
// Create the candidate with an empty hostname. // Create the candidate with an empty hostname.
allocator_->SetMdnsObfuscationEnabledForTesting(true); allocator_->SetMdnsObfuscationEnabledForTesting(true);