Bug 1534734: Make jsep-initial-offer.https.html a little less strict on SHOULD-level requirements. r=jib
authorByron Campen [:bwc] <docfaraday@gmail.com>
Fri, 15 Mar 2019 16:19:11 +0000
changeset 464400 72191d86e0be
parent 464399 4a163024784b
child 464401 3bac6d709aac
push id35716
push useraciure@mozilla.com
push dateSun, 17 Mar 2019 09:42:17 +0000
treeherdermozilla-central@8ee97c045359 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersjib
bugs1534734
milestone67.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1534734: Make jsep-initial-offer.https.html a little less strict on SHOULD-level requirements. r=jib Differential Revision: https://phabricator.services.mozilla.com/D23332
testing/web-platform/meta/webrtc/protocol/jsep-initial-offer.https.html.ini
testing/web-platform/tests/webrtc/protocol/jsep-initial-offer.https.html
deleted file mode 100644
--- a/testing/web-platform/meta/webrtc/protocol/jsep-initial-offer.https.html.ini
+++ /dev/null
@@ -1,5 +0,0 @@
-[jsep-initial-offer.https.html]
-  [Offer conforms to basic SDP requirements]
-    expected: FAIL
-    bug: https://bugzilla.mozilla.org/show_bug.cgi?id=1504477
-
--- a/testing/web-platform/tests/webrtc/protocol/jsep-initial-offer.https.html
+++ b/testing/web-platform/tests/webrtc/protocol/jsep-initial-offer.https.html
@@ -11,25 +11,31 @@
   // draft-ietf-rtcweb-jsep-24 section 5.2.1
   promise_test(async t => {
     const pc = new RTCPeerConnection();
     const offer = await generateVideoReceiveOnlyOffer(pc);
     let offer_lines = offer.sdp.split('\r\n');
     // The first 3 lines are dictated by JSEP.
     assert_equals(offer_lines[0], "v=0");
     assert_equals(offer_lines[1].slice(0, 2), "o=");
-    // JSEP says that the address part SHOULD be a meaningless address
-    // "such as" IN IP4 127.0.0.1. We do strict matching here in order
-    // to detect if anyone ever uses something different.
-    assert_regexp_match(offer_lines[1], /^o=- \d+ \d+ IN IP4 127.0.0.1$/);
-    const fields = RegExp(/^o=- (\d+) (\d+)/).exec(offer_lines[1]);
+
+    assert_regexp_match(offer_lines[1], /^o=\S+ \d+ \d+ IN IP4 \S+$/);
+    const fields = RegExp(/^o=\S+ (\d+) (\d+) IN IP4 (\S+)/).exec(offer_lines[1]);
     // Per RFC 3264, the sess-id should be representable in an uint64
     // Note: JSEP -24 has this wrong - see bug:
     // https://github.com/rtcweb-wg/jsep/issues/855
     assert_less_than(Number(fields[1]), 2**64);
     // Per RFC 3264, the version should be less than 2^62 to avoid overflow
     assert_less_than(Number(fields[2]), 2**62);
-    // Note: using - in s=- is a SHOULD in JSEP, not a MUST.
-    assert_equals(offer_lines[2], "s=-");
+    // JSEP says that the address part SHOULD be a meaningless address
+    // "such as" IN IP4 0.0.0.0. This is to prevent unintentional disclosure
+    // of IP addresses, so this is important enough to verify. Right now we
+    // allow 127.0.0.1 and 0.0.0.0, but there are other things we could allow.
+    // Maybe 0.0.0.0/8, 127.0.0.0/8, 192.0.2.0/24, 198.51.100.0/24, 203.0.113.0/24?
+    // (See RFC 3330, RFC 5737)
+    assert_true(fields[3] == "0.0.0.0" || fields[3] == "127.0.0.1",
+      fields[3] + " must be a meaningless IPV4 address")
+
+    assert_regexp_match(offer_lines[2], /^s=\S+$/);
     // After this, the order is not dictated by JSEP.
     // TODO: Check lines subsequent to the s= line.
   }, 'Offer conforms to basic SDP requirements');
 </script>