Google Git
Sign in
webrtc/src.git/a8e3111d8c6622eeb930c32ab7a2e6be51b3d801^!/.
commit
a8e3111d8c6622eeb930c32ab7a2e6be51b3d801
[log]
author
Philipp Hancke <phancke@microsoft.com>
Fri Sep 08 09:31:30 2023
committer
WebRTC LUCI CQ <webrtc-scoped@luci-project-accounts.iam.gserviceaccount.com>
Fri Sep 08 12:27:34 2023
tree
ca1c9a6755e6eeb31373259a89bfa26db98b938c
parent
2d162c47020b9b4832e42ab6112b6376ac9df3a8 [diff]
Obfuscate prflx raddr when using mdns

BUG=chromium:1478690

Change-Id: I7a1caad7bbd2fc82507b61b59be71546494a304c
Reviewed-on: https://webrtc-review.googlesource.com/c/src/+/319580
Reviewed-by: Harald Alvestrand <hta@webrtc.org>
Reviewed-by: Henrik Boström <hbos@webrtc.org>
Commit-Queue: Philipp Hancke <phancke@microsoft.com>
Cr-Commit-Position: refs/heads/main@{#40724}

diff --git a/p2p/base/port_allocator.cc b/p2p/base/port_allocator.cc
index 522f0be..d8ff04f 100644
--- a/p2p/base/port_allocator.cc
+++ b/p2p/base/port_allocator.cc

@@ -340,9 +340,12 @@
   // If the candidate filter doesn't allow reflexive addresses, empty TURN raddr
   // to avoid reflexive address leakage.
   bool filter_turn_related_address = !(candidate_filter_ & CF_REFLEXIVE);
+  // Sanitize related_address when using MDNS.
+  bool filter_prflx_related_address = MdnsObfuscationEnabled();
   bool filter_related_address =
       ((c.type() == STUN_PORT_TYPE && filter_stun_related_address) ||
-       (c.type() == RELAY_PORT_TYPE && filter_turn_related_address));
+       (c.type() == RELAY_PORT_TYPE && filter_turn_related_address) ||
+       (c.type() == PRFLX_PORT_TYPE && filter_prflx_related_address));
   return c.ToSanitizedCopy(use_hostname_address, filter_related_address);
 }
 

diff --git a/p2p/base/port_allocator_unittest.cc b/p2p/base/port_allocator_unittest.cc
index f709971..48d0bc8 100644
--- a/p2p/base/port_allocator_unittest.cc
+++ b/p2p/base/port_allocator_unittest.cc

@@ -357,6 +357,21 @@
   EXPECT_EQ("", output.address().ipaddr().ToString());
 }
 
+TEST_F(PortAllocatorTest,
+       SanitizePrflxCandidateMdnsObfuscationEnabledRelatedAddress) {
+  allocator_->SetMdnsObfuscationEnabledForTesting(true);
+  // Create the candidate from an IP literal. This populates the hostname.
+  cricket::Candidate input(1, "udp", rtc::SocketAddress(kIpv4Address, 443), 1,
+                           "username", "password", cricket::PRFLX_PORT_TYPE, 1,
+                           "foundation", 1, 1);
+
+  cricket::Candidate output = allocator_->SanitizeCandidate(input);
+  EXPECT_NE(kIpv4AddressWithPort, output.address().ToString());
+  EXPECT_EQ("", output.address().ipaddr().ToString());
+  EXPECT_NE(kIpv4AddressWithPort, output.related_address().ToString());
+  EXPECT_EQ("", output.related_address().ipaddr().ToString());
+}
+
 TEST_F(PortAllocatorTest, SanitizeIpv4NonLiteralMdnsObfuscationEnabled) {
   // Create the candidate with an empty hostname.
   allocator_->SetMdnsObfuscationEnabledForTesting(true);