discovery: ignore bogus Skype for Business srflx addresses

If main SfB TURN server sends our allocation request to an alternate server, the response will have XOR_MAPPED_ADDRESS containing the IP address of the turn server that proxied the message instead of our own actual external IP. Before we create server reflexive candidates upon receiving an allocate response, check that the TURN port got assigned on the same server we sent out allocate request to. Otherwise, the request was proxied and XOR_MAPPED_ADDRESS contains a bogus value we should ignore. Issue introduced by 59fcf95d505c3995f858b826d10cd48321ed383e. Differential Revision: https://phabricator.freedesktop.org/D1949
author: Jakub Adam <jakub.adam@ktknet.cz> 2018-02-03 23:59:20 +0100
committer: Olivier Crête <olivier.crete@collabora.com> 2018-03-23 17:07:06 -0400
commit: 54fb03427ebc13413cd1ddd5d9e91c1751eac0cb (patch)
tree: 61ea197ec241bfcfbdba4a97863f177766b894e0
parent: 5a644f459dc75c80dfb19c7772f74e37a0258771 (diff)
download: libnice-54fb03427ebc13413cd1ddd5d9e91c1751eac0cb.tar.gz
1 files changed, 21 insertions, 10 deletions
diff --git a/agent/conncheck.c b/agent/conncheck.c
index 0ebe7e9..19729c2 100644
--- a/agent/conncheck.c
+++ b/agent/conncheck.c
@@ -3587,9 +3587,13 @@ static gboolean priv_map_reply_to_relay_request (NiceAgent *agent, StunMessage *
           NiceAddress niceaddr;
           NiceCandidate *relay_cand;
 
+          nice_address_set_from_sockaddr (&niceaddr, &relayaddr.addr);
+
           if (res == STUN_USAGE_TURN_RETURN_MAPPED_SUCCESS) {
+            NiceAddress mappedniceaddr;
+
             /* We also received our mapped address */
-            nice_address_set_from_sockaddr (&niceaddr, &sockaddr.addr);
+            nice_address_set_from_sockaddr (&mappedniceaddr, &sockaddr.addr);
 
             /* TCP or TLS TURNS means the server-reflexive address was
              * on a TCP connection, which cannot be used for server-reflexive
@@ -3601,21 +3605,28 @@ static gboolean priv_map_reply_to_relay_request (NiceAgent *agent, StunMessage *
                   d->agent,
                   d->stream->id,
                   d->component->id,
-                  &niceaddr,
+                  &mappedniceaddr,
                   NICE_CANDIDATE_TRANSPORT_UDP,
                   d->nicesock,
                   FALSE);
             }
-            if (d->agent->use_ice_tcp)
-              discovery_discover_tcp_server_reflexive_candidates (
-                  d->agent,
-                  d->stream->id,
-                  d->component->id,
-                  &niceaddr,
-                  d->nicesock);
+            if (d->agent->use_ice_tcp) {
+              if ((agent->compatibility == NICE_COMPATIBILITY_OC2007 ||
+                   agent->compatibility == NICE_COMPATIBILITY_OC2007R2) &&
+                  !nice_address_equal_no_port (&niceaddr, &d->turn->server)) {
+                  nice_debug("TURN port got allocated on an alternate server, "
+                             "ignoring bogus srflx address");
+              } else {
+                discovery_discover_tcp_server_reflexive_candidates (
+                    d->agent,
+                    d->stream->id,
+                    d->component->id,
+                    &mappedniceaddr,
+                    d->nicesock);
+              }
+            }
           }
 
-          nice_address_set_from_sockaddr (&niceaddr, &relayaddr.addr);
           if (nice_socket_is_reliable (d->nicesock)) {
             relay_cand = discovery_add_relay_candidate (
                 d->agent,
author	Jakub Adam <jakub.adam@ktknet.cz>	2018-02-03 23:59:20 +0100
committer	Olivier Crête <olivier.crete@collabora.com>	2018-03-23 17:07:06 -0400
commit	54fb03427ebc13413cd1ddd5d9e91c1751eac0cb (patch)
tree	61ea197ec241bfcfbdba4a97863f177766b894e0
parent	5a644f459dc75c80dfb19c7772f74e37a0258771 (diff)
download	libnice-54fb03427ebc13413cd1ddd5d9e91c1751eac0cb.tar.gz