turn: log warning for empty realm attribute
While an empty realm attribute is technically allowed, it reduces
the amount of entropy that goes into the turn credentials hash.
This remains technically broken in the implementation as hash_ is
not recomputed when changing the realm from the initial empty string
value to the empty string. Before this change this lead to hash_ not
being set and the allocate request being treated as not having
enough details to authenticate, resulting in an endless loop of packets.
BUG=chromium:329978076
Change-Id: I3d1295f905a9fb58ca5bc6f82466896f79031865
Reviewed-on: https://webrtc-review.googlesource.com/c/src/+/344820
Reviewed-by: Harald Alvestrand <hta@webrtc.org>
Commit-Queue: Philipp Hancke <phancke@meta.com>
Reviewed-by: Christoffer Dewerin <jansson@webrtc.org>
Cr-Commit-Position: refs/heads/main@{#41996}
diff --git a/p2p/base/turn_port.cc b/p2p/base/turn_port.cc
index 18a84d0..6c2110a 100644
--- a/p2p/base/turn_port.cc
+++ b/p2p/base/turn_port.cc
@@ -312,6 +312,20 @@
}
}
+void TurnPort::set_realm(absl::string_view realm) {
+ if (realm.empty()) {
+ // Fail silently since this reduces the entropy going into the hash but log
+ // a warning.
+ RTC_LOG(LS_WARNING) << "Setting realm to the empty string, "
+ << "this is not supported.";
+ return;
+ }
+ if (realm != realm_) {
+ realm_ = std::string(realm);
+ UpdateHash();
+ }
+}
+
rtc::SocketAddress TurnPort::GetLocalAddress() const {
return socket_ ? socket_->GetLocalAddress() : rtc::SocketAddress();
}
diff --git a/p2p/base/turn_port.h b/p2p/base/turn_port.h
index 099d8b25..69832ae 100644
--- a/p2p/base/turn_port.h
+++ b/p2p/base/turn_port.h
@@ -252,12 +252,7 @@
bool CreateTurnClientSocket();
void set_nonce(absl::string_view nonce) { nonce_ = std::string(nonce); }
- void set_realm(absl::string_view realm) {
- if (realm != realm_) {
- realm_ = std::string(realm);
- UpdateHash();
- }
- }
+ void set_realm(absl::string_view realm);
void OnRefreshError();
void HandleRefreshError();
