Commit a4b090ee authored by Harald Alvestrand's avatar Harald Alvestrand Committed by Commit Bot

Respect blocked port list for ICE-TCP connections

This CL has tests that cause the code to be run; there is no easy way
to test the resulting behavior change at JS level.

Bug: chromium:1038754
Change-Id: I51d99e7fffbb66a0478f03d674fb3699925fa3f8
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1986070
Commit-Queue: Harald Alvestrand <hta@chromium.org>
Reviewed-by: default avatarGuido Urdaneta <guidou@chromium.org>
Reviewed-by: default avatarHenrik Boström <hbos@chromium.org>
Reviewed-by: default avatarAdam Rice <ricea@chromium.org>
Cr-Commit-Position: refs/heads/master@{#825368}
parent 23f45dae
......@@ -7,6 +7,7 @@ include_rules = [
"+net/base/ip_endpoint.h",
"+net/base/network_change_notifier.h",
"+net/base/network_interfaces.h",
"+net/base/port_util.h",
"+net/traffic_annotation/network_traffic_annotation.h",
"+services/network/public/cpp/p2p_param_traits.h",
"+services/network/public/cpp/p2p_socket_type.h",
......
......@@ -18,6 +18,7 @@
#include "base/trace_event/trace_event.h"
#include "jingle/glue/utils.h"
#include "net/base/ip_address.h"
#include "net/base/port_util.h"
#include "third_party/blink/public/platform/modules/webrtc/webrtc_logging.h"
#include "third_party/blink/renderer/platform/p2p/host_address_request.h"
#include "third_party/blink/renderer/platform/p2p/socket_client_delegate.h"
......@@ -760,6 +761,10 @@ rtc::AsyncPacketSocket* IpcPacketSocketFactory::CreateClientTcpSocket(
const rtc::ProxyInfo& proxy_info,
const std::string& user_agent,
const rtc::PacketSocketTcpOptions& opts) {
if (!net::IsPortAllowedForScheme(remote_address.port(), "stun")) {
// Attempt to create IPC TCP socket on blocked port
return nullptr;
}
network::P2PSocketType type;
if (opts.opts & rtc::PacketSocketFactory::OPT_SSLTCP) {
type = (opts.opts & rtc::PacketSocketFactory::OPT_STUN)
......
<!doctype html>
<title>Test RTCPeerConnection.prototype.addIceCandidate with TCP candidates</title>
<script src="../../resources/testharness.js"></script>
<script src="../../resources/testharnessreport.js"></script>
<script src="/external/wpt/webrtc/RTCPeerConnection-helper.js"></script>
<script>
'use strict';
const sdp = `v=0
o=- 166855176514521964 2 IN IP4 127.0.0.1
s=-
t=0 0
a=msid-semantic:WMS *
m=audio 9 UDP/TLS/RTP/SAVPF 111
c=IN IP4 0.0.0.0
a=rtcp:9 IN IP4 0.0.0.0
a=ice-ufrag:655Y
a=ice-pwd:somelongpwdwithenoughrandomness
a=fingerprint:sha-256 00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00
a=setup:actpass
a=mid:audio1
a=sendonly
a=rtcp-mux
a=rtcp-rsize
a=rtpmap:111 opus/48000/2
a=extmap:1 urn:ietf:params:rtp-hdrext:ssrc-audio-level
a=ssrc:1001 cname:some
`;
// This test is intended to exercise the code that blocks ports on
// the blocked port list. The difference between the three cases can
// only be observed by reading the logs, so the main point of the
// test is to ensure that the code does not cause a crash.
const kLowNumberedPort = 37;
const kBlockListPort = 2049;
const kNotBlockListPort = 8001;
for (const port of [kLowNumberedPort, kBlockListPort, kNotBlockListPort]) {
const candidate = 'a=candidate:2983561038 1 tcp 1518214911 127.0.0.1 ' +
port +
' typ host tcptype passive generation 0 ufrag 655Y network-id 1 network-cost 10';
promise_test(async t => {
const pc = new RTCPeerConnection();
t.add_cleanup(() => pc.close());
await pc.setRemoteDescription({type: 'offer', sdp: sdp});
const answer = await pc.createAnswer();
await pc.setLocalDescription(answer);
await pc.addIceCandidate(new RTCIceCandidate({candidate: candidate,
sdpMid: 'audio1'}));
pc.onicestatechange = t.unreached_func();
await new Promise(resolve => t.step_timeout(resolve, 100));
}, 'TCP candidate aimed at port ' + port + ' ignored');
}
</script>
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment