Mercurial > mozilla-central / changeset / 9b69c26b9dc24fd94efbe7ec3f897635a0fe3207
summary | shortlog | changelog | pushlog | graph | tags | bookmarks | branches | files | changeset | raw | zip | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Bug 908740 - Reject obviously bogus STUN and TURN candidates. r=ekr
authorByron Campen [:bwc] <docfaraday@gmail.com>
Tue, 10 Sep 2013 11:33:19 -0700
changeset 146486 9b69c26b9dc24fd94efbe7ec3f897635a0fe3207
parent 146485 9e5d584bc36c0c09d9298ae05c9a6b9a53fbbcae
child 146487 ea05a04019d8a3484c7f8e489c6ca38713b176f1
push id25261
push usercbook@mozilla.com
push dateWed, 11 Sep 2013 07:31:01 +0000
treeherdermozilla-central@f9e8e8ce552c [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersekr
bugs908740
milestone26.0a1
first release with
nightly linux32
9e9f74116749 / 26.0a1 / 20130911030258 / files
nightly linux64
9e9f74116749 / 26.0a1 / 20130911030258 / files
nightly mac
9e9f74116749 / 26.0a1 / 20130911030258 / files
nightly win32
9e9f74116749 / 26.0a1 / 20130911030258 / files
nightly win64
9e9f74116749 / 26.0a1 / 20130911030258 / files
last release without
nightly linux32
e5ca10a2b3d0 / 26.0a1 / 20130910030254 / files
nightly linux64
e5ca10a2b3d0 / 26.0a1 / 20130910030254 / files
nightly mac
e5ca10a2b3d0 / 26.0a1 / 20130910030254 / files
nightly win32
e5ca10a2b3d0 / 26.0a1 / 20130910030254 / files
nightly win64
e5ca10a2b3d0 / 26.0a1 / 20130910030254 / files
Bug 908740 - Reject obviously bogus STUN and TURN candidates. r=ekr
media/mtransport/third_party/nICEr/src/stun/stun_client_ctx.c file | annotate | diff | comparison | revisions
media/mtransport/third_party/nICEr/src/stun/stun_client_ctx.h file | annotate | diff | comparison | revisions 
--- a/media/mtransport/third_party/nICEr/src/stun/stun_client_ctx.c
+++ b/media/mtransport/third_party/nICEr/src/stun/stun_client_ctx.c
@@ -399,16 +399,27 @@ static int nr_stun_client_send_request(n
 static int nr_stun_client_get_password(void *arg, nr_stun_message *msg, Data **password)
 {
     *password = (Data*)arg;
     if (!arg)
         return(R_NOT_FOUND);
     return(0);
 }
 
+int nr_stun_transport_addr_check(nr_transport_addr* addr)
+  {
+    if(nr_transport_addr_is_wildcard(addr))
+      return(R_BAD_DATA);
+
+    if (nr_transport_addr_is_loopback(addr))
+      return(R_BAD_DATA);
+
+    return(0);
+  }
+
 int nr_stun_client_process_response(nr_stun_client_ctx *ctx, UCHAR *msg, int len, nr_transport_addr *peer_addr)
   {
     int r,_status;
     char string[256];
     char *username;
     Data *password = 0;
     nr_stun_message_attribute *attr;
     nr_transport_addr *mapped_addr = 0;
@@ -617,16 +628,19 @@ int nr_stun_client_process_response(nr_s
         if (! nr_stun_message_has_attribute(ctx->response, NR_STUN_ATTR_XOR_MAPPED_ADDRESS, 0))
             ABORT(R_BAD_DATA);
         if (! nr_stun_message_has_attribute(ctx->response, NR_STUN_ATTR_MESSAGE_INTEGRITY, 0))
             ABORT(R_BAD_DATA);
 
         if (!nr_stun_message_has_attribute(ctx->response, NR_STUN_ATTR_XOR_RELAY_ADDRESS, &attr))
           ABORT(R_BAD_DATA);
 
+        if ((r=nr_stun_transport_addr_check(&attr->u.relay_address.unmasked)))
+          ABORT(r);
+
         if ((r=nr_transport_addr_copy(
                 &ctx->results.allocate_response.relay_addr,
                 &attr->u.relay_address.unmasked)))
           ABORT(r);
 
         if (!nr_stun_message_has_attribute(ctx->response, NR_STUN_ATTR_LIFETIME, &attr))
           ABORT(R_BAD_DATA);
         ctx->results.allocate_response.lifetime_secs=attr->u.lifetime_secs;
@@ -658,20 +672,26 @@ int nr_stun_client_process_response(nr_s
     /* make sure we have the most up-to-date address from this peer */
     if (nr_transport_addr_cmp(&ctx->peer_addr, peer_addr, NR_TRANSPORT_ADDR_CMP_MODE_ALL)) {
         r_log(NR_LOG_STUN,LOG_INFO,"STUN-CLIENT(%s): Peer moved from %s to %s", ctx->label, ctx->peer_addr.as_string, peer_addr->as_string);
         nr_transport_addr_copy(&ctx->peer_addr, peer_addr);
     }
 
     if (mapped_addr) {
         if (nr_stun_message_has_attribute(ctx->response, NR_STUN_ATTR_XOR_MAPPED_ADDRESS, &attr)) {
+            if ((r=nr_stun_transport_addr_check(&attr->u.xor_mapped_address.unmasked)))
+                ABORT(r);
+
             if ((r=nr_transport_addr_copy(mapped_addr, &attr->u.xor_mapped_address.unmasked)))
                 ABORT(r);
         }
         else if (nr_stun_message_has_attribute(ctx->response, NR_STUN_ATTR_MAPPED_ADDRESS, &attr)) {
+            if ((r=nr_stun_transport_addr_check(&attr->u.mapped_address)))
+                ABORT(r);
+
             if ((r=nr_transport_addr_copy(mapped_addr, &attr->u.mapped_address)))
                 ABORT(r);
         }
         else
             ABORT(R_BAD_DATA);
 
 
         r_log(NR_LOG_STUN,LOG_DEBUG,"STUN-CLIENT(%s): Received mapped address: %s", ctx->label, mapped_addr->as_string);
--- a/media/mtransport/third_party/nICEr/src/stun/stun_client_ctx.h
+++ b/media/mtransport/third_party/nICEr/src/stun/stun_client_ctx.h
@@ -183,13 +183,14 @@ struct nr_stun_client_ctx_ {
 };
 
 int nr_stun_client_ctx_create(char *label, nr_socket *sock, nr_transport_addr *peer, UINT4 RTO, nr_stun_client_ctx **ctxp);
 int nr_stun_client_start(nr_stun_client_ctx *ctx, int mode, NR_async_cb finished_cb, void *cb_arg);
 int nr_stun_client_restart(nr_stun_client_ctx *ctx);
 int nr_stun_client_force_retransmit(nr_stun_client_ctx *ctx);
 int nr_stun_client_reset(nr_stun_client_ctx *ctx);
 int nr_stun_client_ctx_destroy(nr_stun_client_ctx **ctxp);
+int nr_stun_transport_addr_check(nr_transport_addr* addr);
 int nr_stun_client_process_response(nr_stun_client_ctx *ctx, UCHAR *msg, int len, nr_transport_addr *peer_addr);
 int nr_stun_client_cancel(nr_stun_client_ctx *ctx);
 
 #endif
mozilla-central
Deployed from 1769ae2b5feb at 2022-05-11T14:55:53Z.