Respect blocked port list for ICE-TCP connections

This CL has tests that cause the code to be run; there is no easy way
to test the resulting behavior change at JS level.

Bug: chromium:1038754
Change-Id: I51d99e7fffbb66a0478f03d674fb3699925fa3f8
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1986070
Commit-Queue: Harald Alvestrand <hta@chromium.org>
Reviewed-by: Guido Urdaneta <guidou@chromium.org>
Reviewed-by: Henrik Boström <hbos@chromium.org>
Reviewed-by: Adam Rice <ricea@chromium.org>
Cr-Commit-Position: refs/heads/master@{#825368}

third_party/blink/renderer/platform/p2p/DEPS

@@ -7,6 +7,7 @@ include_rules = [
     "+net/base/ip_endpoint.h",
     "+net/base/network_change_notifier.h",
     "+net/base/network_interfaces.h",
+    "+net/base/port_util.h",
     "+net/traffic_annotation/network_traffic_annotation.h",
     "+services/network/public/cpp/p2p_param_traits.h",
     "+services/network/public/cpp/p2p_socket_type.h",

third_party/blink/renderer/platform/p2p/ipc_socket_factory.cc

@@ -18,6 +18,7 @@
 #include "base/trace_event/trace_event.h"
 #include "jingle/glue/utils.h"
 #include "net/base/ip_address.h"
+#include "net/base/port_util.h"
 #include "third_party/blink/public/platform/modules/webrtc/webrtc_logging.h"
 #include "third_party/blink/renderer/platform/p2p/host_address_request.h"
 #include "third_party/blink/renderer/platform/p2p/socket_client_delegate.h"
@@ -760,6 +761,10 @@ rtc::AsyncPacketSocket* IpcPacketSocketFactory::CreateClientTcpSocket(
     const rtc::ProxyInfo& proxy_info,
     const std::string& user_agent,
     const rtc::PacketSocketTcpOptions& opts) {
+  if (!net::IsPortAllowedForScheme(remote_address.port(), "stun")) {
+    // Attempt to create IPC TCP socket on blocked port
+    return nullptr;
+  }
   network::P2PSocketType type;
   if (opts.opts & rtc::PacketSocketFactory::OPT_SSLTCP) {
     type = (opts.opts & rtc::PacketSocketFactory::OPT_STUN)

third_party/blink/web_tests/fast/peerconnection/RTCPeerConnection-blockedPorts.html

+<!doctype html>
+<title>Test RTCPeerConnection.prototype.addIceCandidate with TCP candidates</title>
+<script src="../../resources/testharness.js"></script>
+<script src="../../resources/testharnessreport.js"></script>
+<script src="/external/wpt/webrtc/RTCPeerConnection-helper.js"></script>
+<script>
+'use strict';
+
+const sdp = `v=0
+o=- 166855176514521964 2 IN IP4 127.0.0.1
+s=-
+t=0 0
+a=msid-semantic:WMS *
+m=audio 9 UDP/TLS/RTP/SAVPF 111
+c=IN IP4 0.0.0.0
+a=rtcp:9 IN IP4 0.0.0.0
+a=ice-ufrag:655Y
+a=ice-pwd:somelongpwdwithenoughrandomness
+a=fingerprint:sha-256 00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00
+a=setup:actpass
+a=mid:audio1
+a=sendonly
+a=rtcp-mux
+a=rtcp-rsize
+a=rtpmap:111 opus/48000/2
+a=extmap:1 urn:ietf:params:rtp-hdrext:ssrc-audio-level
+a=ssrc:1001 cname:some
+`;
+
+// This test is intended to exercise the code that blocks ports on
+// the blocked port list. The difference between the three cases can
+// only be observed by reading the logs, so the main point of the
+// test is to ensure that the code does not cause a crash.
+
+const kLowNumberedPort = 37;
+const kBlockListPort = 2049;
+const kNotBlockListPort = 8001;
+for (const port of [kLowNumberedPort, kBlockListPort, kNotBlockListPort]) {
+
+  const candidate = 'a=candidate:2983561038 1 tcp 1518214911 127.0.0.1 ' +
+        port +
+        ' typ host tcptype passive generation 0 ufrag 655Y network-id 1 network-cost 10';
+
+  promise_test(async t => {
+    const pc = new RTCPeerConnection();
+    t.add_cleanup(() => pc.close());
+    await pc.setRemoteDescription({type: 'offer', sdp: sdp});
+    const answer = await pc.createAnswer();
+    await pc.setLocalDescription(answer);
+    await pc.addIceCandidate(new RTCIceCandidate({candidate: candidate,
+                                                  sdpMid: 'audio1'}));
+    pc.onicestatechange = t.unreached_func();
+    await new Promise(resolve => t.step_timeout(resolve, 100));
+  }, 'TCP candidate aimed at port ' + port + ' ignored');
+}
+
+</script>