Peer reflex candidate is not showing up as redacted when hostname obfuscation enabled
Categories
(Core :: WebRTC: Networking, defect, P2)
Tracking
()
| Tracking | Status | |
|---|---|---|
| firefox-esr68 | --- | unaffected |
| firefox71 | --- | wontfix |
| firefox72 | --- | verified |
| firefox73 | --- | fixed |
People
(Reporter: dminor, Assigned: dminor)
References
(Regression)
Details
(Keywords: regression)
Attachments
(1 file)
|
47 bytes,
text/x-phabricator-request
|
jcristau
:
approval-mozilla-beta+
|
Details | Review |
We should only add a hostname to mSignaledAddresses if it is not obfuscated. Prior to Bug 1567201 this was handled by an early exit in MediaTransportHandlerSTS::AddIceCandidate if the address was obfuscated. With the changes in Bug 1567201, that early exit went away and we're now adding all addresses to mSignaledAddresses which breaks hiding prflx and srflx addresses.
|
Assignee | |
Comment 1•6 years ago
|
||
We should only add a hostname to mSignaledAddresses if it is not obfuscated.
Prior to Bug 1567201 this was handled by an early exit in
MediaTransportHandlerSTS::AddIceCandidate if the address was obfuscated.
With the changes in Bug 1567201, that early exit went away and we're now adding
all addresses to mSignaledAddresses which breaks hiding prflx and srflx
addresses. Unfortunately, this is not something that easily unit testable.
|
||
Comment 3•6 years ago
|
||
| bugherder | ||
|
|
Assignee | |
Comment 4•6 years ago
|
||
Comment on attachment 9115817 [details]
Bug 1603790 - Only add unobfuscated addresses to mSignaledAddresses; r=mjf!
Beta/Release Uplift Approval Request
- User impact if declined: Firefox will reveal some IP addresses that should be kept hidden, which could be used for browser fingerprinting.
- Is this code covered by automated tests?: No
- Has the fix been verified in Nightly?: Yes
- Needs manual test from QE?: No
- If yes, steps to reproduce:
- List of other uplifts needed: None
- Risk to taking this patch: Low
- Why is the change risky/not risky? (and alternatives if risky): This is a very small change, it just adds an additional check prior to saving ip addresses to a list of addresses that are safe to reveal.
- String changes made/needed: None
|
||
Updated•6 years ago
|
|
|
||
Comment 5•6 years ago
|
||
Comment on attachment 9115817 [details]
Bug 1603790 - Only add unobfuscated addresses to mSignaledAddresses; r=mjf!
webrtc fix for 72.0b9
|
|
||
Comment 6•6 years ago
|
||
| bugherder uplift | ||
|
||
Comment 7•6 years ago
|
||
I've notices this issue while testing Fx - Fx interoperability between OSes, and the real IP is displayed inside the Ice Stats, although it should be hidden. I will verified again this issue on Beta 72.0b9, where the fixed will be landed and come back with a comment.
|
|
||
Comment 8•6 years ago
|
||
(In reply to Anca Soncutean [:Anca], Desktop Release QA from comment #7)
I've notices this issue while testing Fx - Fx interoperability between OSes, and the real IP is displayed inside the Ice Stats, although it should be hidden. I will verified again this issue on Beta 72.0b9, where the fixed will be landed and come back with a comment.
Retested and verified in Fx 72.0b9 (Win 7 x86 - macOS 10.15, Win 10 x64 - Ubuntu 18.04 x64, macOS 10.15 - Win 10 x64) with whereby.com and file.pizza.
|
||
Updated•6 years ago
|
Description
•