-
-
Notifications
You must be signed in to change notification settings - Fork 356
/
webRTC-do-not-expose-local-IP-addresses.patch
52 lines (47 loc) · 2.5 KB
/
webRTC-do-not-expose-local-IP-addresses.patch
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
From: csagan5 <32685696+csagan5@users.noreply.github.com>
Date: Sat, 9 May 2020 14:42:37 +0200
Subject: webRTC: do not expose local IP addresses
Prevent leaks of local IP address and public IP address (when using VPN)
See also:
* build/patches/Change-default-webRTC-policy-to-not-use-any-address.patch
* https://github.com/bromite/bromite/issues/553
* https://github.com/bromite/bromite/issues/589
---
chrome/browser/ui/browser_ui_prefs.cc | 2 +-
.../peerconnection/peer_connection_dependency_factory.cc | 6 ++++--
2 files changed, 5 insertions(+), 3 deletions(-)
diff --git a/chrome/browser/ui/browser_ui_prefs.cc b/chrome/browser/ui/browser_ui_prefs.cc
--- a/chrome/browser/ui/browser_ui_prefs.cc
+++ b/chrome/browser/ui/browser_ui_prefs.cc
@@ -93,7 +93,7 @@ void RegisterBrowserUserPrefs(user_prefs::PrefRegistrySyncable* registry) {
false);
#endif
registry->RegisterStringPref(prefs::kWebRTCIPHandlingPolicy,
- blink::kWebRTCIPHandlingDefault);
+ blink::kWebRTCIPHandlingDisableNonProxiedUdp);
registry->RegisterStringPref(prefs::kWebRTCUDPPortRange, std::string());
registry->RegisterBooleanPref(prefs::kWebRtcEventLogCollectionAllowed, false);
registry->RegisterListPref(prefs::kWebRtcLocalIpsAllowedUrls);
diff --git a/third_party/blink/renderer/modules/peerconnection/peer_connection_dependency_factory.cc b/third_party/blink/renderer/modules/peerconnection/peer_connection_dependency_factory.cc
--- a/third_party/blink/renderer/modules/peerconnection/peer_connection_dependency_factory.cc
+++ b/third_party/blink/renderer/modules/peerconnection/peer_connection_dependency_factory.cc
@@ -106,7 +106,9 @@ WebRTCIPHandlingPolicy GetWebRTCIPHandlingPolicy(const String& preference) {
return kDefaultPublicInterfaceOnly;
if (preference == kWebRTCIPHandlingDisableNonProxiedUdp)
return kDisableNonProxiedUdp;
- return kDefault;
+ if (preference == kWebRTCIPHandlingDefault)
+ return kDefault;
+ return kDisableNonProxiedUdp;
}
bool IsValidPortRange(uint16_t min_port, uint16_t max_port) {
@@ -826,7 +828,7 @@ PeerConnectionDependencyFactory::CreatePortAllocator(
break;
}
- VLOG(3) << "WebRTC routing preferences: "
+ LOG(INFO) << "WebRTC routing preferences: "
<< "policy: " << policy
<< ", multiple_routes: " << port_config.enable_multiple_routes
<< ", nonproxied_udp: " << port_config.enable_nonproxied_udp
--
2.25.1