diff options
author | Peter Thatcher <peter@signal.org> | 2020-05-27 09:51:05 -0700 |
---|---|---|
committer | Michael BrĂ¼ning <michael.bruning@qt.io> | 2020-09-22 11:55:04 +0000 |
commit | 75b417b86b45805e4def345474bdae2089d86c44 (patch) | |
tree | b6033622da2b6e26be897b58b00d87585f4b75c8 | |
parent | e1f5ffc2a12fb162410b4cf31178037c27ba758a (diff) | |
download | qtwebengine-chromium-75b417b86b45805e4def345474bdae2089d86c44.tar.gz |
[Backport] CVE-2020-6570: Side-channel information leakage in WebRTC
Manual backport of patch originally reviewed on
https://webrtc-review.googlesource.com/c/src/+/175960:
Disable remote ICE candidate DNS lookups when the IceTransportPolicy is Relay or None
Bug: webrtc:11597
Change-Id: Id3884a2b5f0fc35880c7401c43ca25fee8346519
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
-rw-r--r-- | chromium/third_party/webrtc/AUTHORS | 1 | ||||
-rw-r--r-- | chromium/third_party/webrtc/p2p/base/p2p_transport_channel.cc | 7 |
2 files changed, 7 insertions, 1 deletions
diff --git a/chromium/third_party/webrtc/AUTHORS b/chromium/third_party/webrtc/AUTHORS index ae9d4e2e14c..3a1a9b66f6e 100644 --- a/chromium/third_party/webrtc/AUTHORS +++ b/chromium/third_party/webrtc/AUTHORS @@ -107,6 +107,7 @@ Opera Software ASA <*@opera.com> Optical Tone Ltd <*@opticaltone.com> Pengutronix e.K. <*@pengutronix.de> RingCentral, Inc. <*@ringcentral.com> +Signal Messenger, LLC <*@signal.org> Sinch AB <*@sinch.com> struktur AG <*@struktur.de> Telenor Digital AS <*@telenor.com> diff --git a/chromium/third_party/webrtc/p2p/base/p2p_transport_channel.cc b/chromium/third_party/webrtc/p2p/base/p2p_transport_channel.cc index e3e61945cb6..32c9783c67b 100644 --- a/chromium/third_party/webrtc/p2p/base/p2p_transport_channel.cc +++ b/chromium/third_party/webrtc/p2p/base/p2p_transport_channel.cc @@ -1186,7 +1186,12 @@ void P2PTransportChannel::AddRemoteCandidate(const Candidate& candidate) { } if (new_remote_candidate.address().IsUnresolvedIP()) { - ResolveHostnameCandidate(new_remote_candidate); + // Don't do DNS lookups if the IceTransportPolicy is "none" or "relay". + bool sharing_host = ((allocator_->candidate_filter() & CF_HOST) != 0); + bool sharing_stun = ((allocator_->candidate_filter() & CF_REFLEXIVE) != 0); + if (sharing_host || sharing_stun) { + ResolveHostnameCandidate(new_remote_candidate); + } return; } |