[Backport] CVE-2020-6570: Side-channel information leakage in WebRTC

Manual backport of patch originally reviewed on
https://webrtc-review.googlesource.com/c/src/+/175960:
Disable remote ICE candidate DNS lookups when the IceTransportPolicy is Relay or None

Bug: webrtc:11597
Change-Id: Id3884a2b5f0fc35880c7401c43ca25fee8346519
Reviewed-by: Michal Klocek <michal.klocek@qt.io>

2 files changed, 7 insertions, 1 deletions

diff --git a/chromium/third_party/webrtc/AUTHORS b/chromium/third_party/webrtc/AUTHORS
index ae9d4e2e14c..3a1a9b66f6e 100644
--- a/chromium/third_party/webrtc/AUTHORS
+++ b/chromium/third_party/webrtc/AUTHORS
@@ -107,6 +107,7 @@ Opera Software ASA <*@opera.com>
 Optical Tone Ltd <*@opticaltone.com>
 Pengutronix e.K. <*@pengutronix.de>
 RingCentral, Inc. <*@ringcentral.com>
+Signal Messenger, LLC <*@signal.org>
 Sinch AB <*@sinch.com>
 struktur AG <*@struktur.de>
 Telenor Digital AS <*@telenor.com>
diff --git a/chromium/third_party/webrtc/p2p/base/p2p_transport_channel.cc b/chromium/third_party/webrtc/p2p/base/p2p_transport_channel.cc
index e3e61945cb6..32c9783c67b 100644
--- a/chromium/third_party/webrtc/p2p/base/p2p_transport_channel.cc
+++ b/chromium/third_party/webrtc/p2p/base/p2p_transport_channel.cc
@@ -1186,7 +1186,12 @@ void P2PTransportChannel::AddRemoteCandidate(const Candidate& candidate) {
   }
 
   if (new_remote_candidate.address().IsUnresolvedIP()) {
-    ResolveHostnameCandidate(new_remote_candidate);
+    // Don't do DNS lookups if the IceTransportPolicy is "none" or "relay".
+    bool sharing_host = ((allocator_->candidate_filter() & CF_HOST) != 0);
+    bool sharing_stun = ((allocator_->candidate_filter() & CF_REFLEXIVE) != 0);
+    if (sharing_host || sharing_stun) {
+      ResolveHostnameCandidate(new_remote_candidate);
+    }
     return;
   }