Bug 1361894 - ignore STUN/TURN servers with mis-matched link local addr. r=bwc

MozReview-Commit-ID: FMRWMHCROUf --HG-- extra : rebase_source : 98d3100010c50a21bd48c474aac140e8e1636271
2017-09-29 09:20:07 -05:00 · 2017-09-29 09:20:07 -05:00 · 6e07c1bbf9
--- a/media/mtransport/third_party/nICEr/src/ice/ice_candidate.c
+++ b/media/mtransport/third_party/nICEr/src/ice/ice_candidate.c
@ -676,6 +676,11 @@ static int nr_ice_candidate_resolved_cb(void *cb_arg, nr_transport_addr *addr)
      ABORT(R_NOT_FOUND);
    }

+    if (nr_transport_addr_check_compatibility(addr, &cand->base)) {
+      r_log(LOG_ICE,LOG_WARNING,"ICE(%s): Skipping STUN server because of link local mis-match for candidate %s",cand->ctx->label,cand->label);
+      ABORT(R_NOT_FOUND);
+    }
+
    /* Copy the address */
    if(r=nr_transport_addr_copy(&cand->stun_server_addr,addr))
      ABORT(r);
--- a/media/mtransport/third_party/nICEr/src/ice/ice_component.c
+++ b/media/mtransport/third_party/nICEr/src/ice/ice_component.c
@ -249,6 +249,15 @@ static int nr_ice_component_initialize_udp(struct nr_ice_ctx_ *ctx,nr_ice_compon
          if(ctx->stun_servers[j].transport!=IPPROTO_UDP)
            continue;

+          if (ctx->stun_servers[j].type == NR_ICE_STUN_SERVER_TYPE_ADDR) {
+            if (nr_transport_addr_check_compatibility(
+                  &addrs[i].addr,
+                  &ctx->stun_servers[j].u.addr)) {
+              r_log(LOG_ICE,LOG_INFO,"ICE(%s): Skipping STUN server because of link local mis-match",ctx->label);
+              continue;
+            }
+          }
+
          /* Ensure id is set (nr_ice_ctx_set_stun_servers does not) */
          ctx->stun_servers[j].id = j;
          if(r=nr_ice_candidate_create(ctx,component,
@ -279,6 +288,15 @@ static int nr_ice_component_initialize_udp(struct nr_ice_ctx_ *ctx,nr_ice_compon
        if (ctx->turn_servers[j].turn_server.transport != IPPROTO_UDP)
          continue;

+        if (ctx->turn_servers[j].turn_server.type == NR_ICE_STUN_SERVER_TYPE_ADDR) {
+          if (nr_transport_addr_check_compatibility(
+                &addrs[i].addr,
+                &ctx->turn_servers[j].turn_server.u.addr)) {
+            r_log(LOG_ICE,LOG_INFO,"ICE(%s): Skipping TURN server because of link local mis-match",ctx->label);
+            continue;
+          }
+        }
+
        if (!(ctx->flags & NR_ICE_CTX_FLAGS_RELAY_ONLY)) {
          /* Ensure id is set with a unique value */
          ctx->turn_servers[j].turn_server.id = j + ctx->stun_server_ct;
@ -514,12 +532,13 @@ static int nr_ice_component_initialize_tcp(struct nr_ice_ctx_ *ctx,nr_ice_compon
        if (ctx->turn_servers[j].turn_server.transport != IPPROTO_TCP)
          continue;

-        if (ctx->turn_servers[j].turn_server.type == NR_ICE_STUN_SERVER_TYPE_ADDR &&
-            nr_transport_addr_cmp(&ctx->turn_servers[j].turn_server.u.addr,
-                                  &addrs[i].addr,
-                                  NR_TRANSPORT_ADDR_CMP_MODE_VERSION)) {
-          r_log(LOG_ICE,LOG_INFO,"ICE(%s): Skipping TURN server because of IP version mis-match (%u - %u)",ctx->label,addrs[i].addr.ip_version,ctx->turn_servers[j].turn_server.u.addr.ip_version);
-          continue;
+        if (ctx->turn_servers[j].turn_server.type == NR_ICE_STUN_SERVER_TYPE_ADDR) {
+          if (nr_transport_addr_check_compatibility(
+                &addrs[i].addr,
+                &ctx->turn_servers[j].turn_server.u.addr)) {
+            r_log(LOG_ICE,LOG_INFO,"ICE(%s): Skipping TURN server because of link local mis-match",ctx->label);
+            continue;
+          }
        }

        if (!ice_tcp_disabled) {
--- a/media/mtransport/third_party/nICEr/src/net/transport_addr.c
+++ b/media/mtransport/third_party/nICEr/src/net/transport_addr.c
@ -436,6 +436,21 @@ int nr_transport_addr_is_link_local(nr_transport_addr *addr)
    return(0);
  }

+int nr_transport_addr_check_compatibility(nr_transport_addr *addr1, nr_transport_addr *addr2)
+  {
+    // first make sure we're comparing the same ip versions and protocols
+    if ((addr1->ip_version != addr2->ip_version) ||
+        (addr1->protocol != addr2->protocol)) {
+      return(1);
+    }
+    // now make sure the link local status matches
+    if (nr_transport_addr_is_link_local(addr1) !=
+        nr_transport_addr_is_link_local(addr2)) {
+      return(1);
+    }
+    return(0);
+  }
+
 int nr_transport_addr_is_wildcard(nr_transport_addr *addr)
  {
    switch(addr->ip_version){
--- a/media/mtransport/third_party/nICEr/src/net/transport_addr.h
+++ b/media/mtransport/third_party/nICEr/src/net/transport_addr.h
@ -93,6 +93,7 @@ int nr_transport_addr_is_wildcard(nr_transport_addr *addr);
 int nr_transport_addr_is_loopback(nr_transport_addr *addr);
 int nr_transport_addr_get_private_addr_range(nr_transport_addr *addr);
 int nr_transport_addr_is_link_local(nr_transport_addr *addr);
+int nr_transport_addr_check_compatibility(nr_transport_addr *addr1, nr_transport_addr *addr2);
 int nr_transport_addr_copy(nr_transport_addr *to, nr_transport_addr *from);
 int nr_transport_addr_copy_keep_ifname(nr_transport_addr *to, nr_transport_addr *from);
 int nr_transport_addr_fmt_addr_string(nr_transport_addr *addr);