Fix WebRTC IP leaks.

WebRTC binds to individual NICs and listens for incoming Stun packets. Sending stun through this specific NIC binding could make OS route the packet differently hence exposing non-VPN public IP. The fix here is 1. to bind to any address (0:0:0:0) instead. This way, the routing will be the same as how chrome/http is. 2. also, remove the any all 0s addresses which happens when we bind to all 0s. BUG=4276 R=juberti@webrtc.org Committed: https://code.google.com/p/webrtc/source/detail?r=8418 Review URL: https://webrtc-codereview.appspot.com/39129004 Cr-Commit-Position: refs/heads/master@{#8419} git-svn-id: http://webrtc.googlecode.com/svn/trunk@8419 4adac7df-926f-26a2-2b94-8c16560cd09d
2015-02-18 19:09:42 +00:00 · 2015-02-18 19:09:42 +00:00 · 931e0cf4b1
commit 931e0cf4b1
parent f358aea7bf
1 changed files with 3 additions and 3 deletions
--- a/webrtc/p2p/client/basicportallocator.cc
+++ b/webrtc/p2p/client/basicportallocator.cc
@ -621,9 +621,9 @@ bool BasicPortAllocatorSession::CheckCandidateFilter(const Candidate& c) {
  }

  if (c.type() == RELAY_PORT_TYPE) {
-    return (filter & CF_RELAY);
+    return ((filter & CF_RELAY) != 0);
  } else if (c.type() == STUN_PORT_TYPE) {
-    return (filter & CF_REFLEXIVE);
+    return ((filter & CF_REFLEXIVE) != 0);
  } else if (c.type() == LOCAL_PORT_TYPE) {
    if ((filter & CF_REFLEXIVE) && !c.address().IsPrivateIP()) {
      // We allow host candidates if the filter allows server-reflexive
@ -646,7 +646,7 @@ bool BasicPortAllocatorSession::CheckCandidateFilter(const Candidate& c) {
      return false;
    }

-    return (filter & CF_HOST);
+    return ((filter & CF_HOST) != 0);
  }
  return false;
 }