summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorPeter Thatcher <peter@signal.org>2020-05-27 09:51:05 -0700
committerMichael BrĂ¼ning <michael.bruning@qt.io>2020-09-22 11:55:04 +0000
commit75b417b86b45805e4def345474bdae2089d86c44 (patch)
treeb6033622da2b6e26be897b58b00d87585f4b75c8
parente1f5ffc2a12fb162410b4cf31178037c27ba758a (diff)
downloadqtwebengine-chromium-75b417b86b45805e4def345474bdae2089d86c44.tar.gz
[Backport] CVE-2020-6570: Side-channel information leakage in WebRTC
Manual backport of patch originally reviewed on https://webrtc-review.googlesource.com/c/src/+/175960: Disable remote ICE candidate DNS lookups when the IceTransportPolicy is Relay or None Bug: webrtc:11597 Change-Id: Id3884a2b5f0fc35880c7401c43ca25fee8346519 Reviewed-by: Michal Klocek <michal.klocek@qt.io>
-rw-r--r--chromium/third_party/webrtc/AUTHORS1
-rw-r--r--chromium/third_party/webrtc/p2p/base/p2p_transport_channel.cc7
2 files changed, 7 insertions, 1 deletions
diff --git a/chromium/third_party/webrtc/AUTHORS b/chromium/third_party/webrtc/AUTHORS
index ae9d4e2e14c..3a1a9b66f6e 100644
--- a/chromium/third_party/webrtc/AUTHORS
+++ b/chromium/third_party/webrtc/AUTHORS
@@ -107,6 +107,7 @@ Opera Software ASA <*@opera.com>
Optical Tone Ltd <*@opticaltone.com>
Pengutronix e.K. <*@pengutronix.de>
RingCentral, Inc. <*@ringcentral.com>
+Signal Messenger, LLC <*@signal.org>
Sinch AB <*@sinch.com>
struktur AG <*@struktur.de>
Telenor Digital AS <*@telenor.com>
diff --git a/chromium/third_party/webrtc/p2p/base/p2p_transport_channel.cc b/chromium/third_party/webrtc/p2p/base/p2p_transport_channel.cc
index e3e61945cb6..32c9783c67b 100644
--- a/chromium/third_party/webrtc/p2p/base/p2p_transport_channel.cc
+++ b/chromium/third_party/webrtc/p2p/base/p2p_transport_channel.cc
@@ -1186,7 +1186,12 @@ void P2PTransportChannel::AddRemoteCandidate(const Candidate& candidate) {
}
if (new_remote_candidate.address().IsUnresolvedIP()) {
- ResolveHostnameCandidate(new_remote_candidate);
+ // Don't do DNS lookups if the IceTransportPolicy is "none" or "relay".
+ bool sharing_host = ((allocator_->candidate_filter() & CF_HOST) != 0);
+ bool sharing_stun = ((allocator_->candidate_filter() & CF_REFLEXIVE) != 0);
+ if (sharing_host || sharing_stun) {
+ ResolveHostnameCandidate(new_remote_candidate);
+ }
return;
}