From c84a887b8a25bf9f5c947c245532fa57cd97e3ca Mon Sep 17 00:00:00 2001
From: Harald Alvestrand <hta@webrtc.org>
Date: Tue, 9 Mar 2021 08:14:02 +0000
Subject: [PATCH] Allow port 80 for TURN servers

Bug: webrtc:12537
Change-Id: Id6a419b4b435284f743314956945783d4db94a7c
Reviewed-on: https://webrtc-review.googlesource.com/c/src/+/210960
Commit-Queue: Harald Alvestrand <hta@webrtc.org>
Reviewed-by: Jonas Oreland <jonaso@webrtc.org>
Cr-Commit-Position: refs/heads/master@{#33405}
---
 p2p/base/turn_port.cc          |  6 +++---
 p2p/base/turn_port_unittest.cc | 11 ++++++++++-
 2 files changed, 13 insertions(+), 4 deletions(-)

diff --git a/p2p/base/turn_port.cc b/p2p/base/turn_port.cc
index 2bb4c614a6..0bcec2ce25 100644
--- a/p2p/base/turn_port.cc
+++ b/p2p/base/turn_port.cc
@@ -944,9 +944,9 @@ rtc::DiffServCodePoint TurnPort::StunDscpValue() const {
 
 // static
 bool TurnPort::AllowedTurnPort(int port) {
-  // Port 443 is used for existing deployments. Ports above 1024 are assumed to
-  // be OK to use.
-  if (port == 443 || port >= 1024) {
+  // Port 80 and 443 are used for existing deployments.
+  // Ports above 1024 are assumed to be OK to use.
+  if (port == 80 || port == 443 || port >= 1024) {
     return true;
   }
   // Allow any port if relevant field trial is set. This allows disabling the
diff --git a/p2p/base/turn_port_unittest.cc b/p2p/base/turn_port_unittest.cc
index b1e359337a..67a54ee49f 100644
--- a/p2p/base/turn_port_unittest.cc
+++ b/p2p/base/turn_port_unittest.cc
@@ -60,7 +60,9 @@ static const SocketAddress kTurnUdpExtAddr("99.99.99.5", 0);
 static const SocketAddress kTurnAlternateIntAddr("99.99.99.6",
                                                  cricket::TURN_SERVER_PORT);
 // Port for redirecting to a TCP Web server. Should not work.
-static const SocketAddress kTurnDangerousAddr("99.99.99.7", 80);
+static const SocketAddress kTurnDangerousAddr("99.99.99.7", 81);
+// Port 80 (the HTTP port); should work.
+static const SocketAddress kTurnPort80Addr("99.99.99.7", 80);
 // Port 443 (the HTTPS port); should work.
 static const SocketAddress kTurnPort443Addr("99.99.99.7", 443);
 // The default TURN server port.
@@ -103,6 +105,8 @@ static const cricket::ProtocolAddress kTurnUdpIPv6ProtoAddr(kTurnUdpIPv6IntAddr,
 static const cricket::ProtocolAddress kTurnDangerousProtoAddr(
     kTurnDangerousAddr,
     cricket::PROTO_TCP);
+static const cricket::ProtocolAddress kTurnPort80ProtoAddr(kTurnPort80Addr,
+                                                           cricket::PROTO_TCP);
 static const cricket::ProtocolAddress kTurnPort443ProtoAddr(kTurnPort443Addr,
                                                             cricket::PROTO_TCP);
 
@@ -1806,6 +1810,11 @@ TEST_F(TurnPortTest, TestTurnDangerousServerPermits443) {
   ASSERT_TRUE(turn_port_);
 }
 
+TEST_F(TurnPortTest, TestTurnDangerousServerPermits80) {
+  CreateTurnPort(kTurnUsername, kTurnPassword, kTurnPort80ProtoAddr);
+  ASSERT_TRUE(turn_port_);
+}
+
 TEST_F(TurnPortTest, TestTurnDangerousAlternateServer) {
   const ProtocolType protocol_type = PROTO_TCP;
   std::vector<rtc::SocketAddress> redirect_addresses;