commit 43679f07da163f6ae9feb7d130d3ba94e55f1be4
parent e0be5922916d41af37cd159bd52e3671157b6d8f
Author: Michael Froman <mfroman@mozilla.com>
Date: Thu, 9 Oct 2025 15:00:34 -0500
Bug 1993083 - Vendor libwebrtc from e83b2bd4c4
Upstream commit: https://webrtc.googlesource.com/src/+/e83b2bd4c4bd054b2b4ada47881640feb3bd9fd4
Do not include TURN allocate error response phrase in IceCandidateError
as this exposes unencrypted and unauthenticated network data to
Javascript. Spec issue:
https://github.com/w3c/webrtc-pc/issues/3052
Bug: webrtc:420548573
Change-Id: I6d4e4d38d7f3067ad2ac9ec494f4b9046520f2f6
Reviewed-on: https://webrtc-review.googlesource.com/c/src/+/393722
Commit-Queue: Philipp Hancke <phancke@meta.com>
Reviewed-by: Harald Alvestrand <hta@webrtc.org>
Reviewed-by: Guido Urdaneta <guidou@webrtc.org>
Cr-Commit-Position: refs/heads/main@{#45170}
Diffstat:
4 files changed, 23 insertions(+), 18 deletions(-)
diff --git a/third_party/libwebrtc/README.mozilla.last-vendor b/third_party/libwebrtc/README.mozilla.last-vendor
@@ -1,4 +1,4 @@
# ./mach python dom/media/webrtc/third_party_build/vendor-libwebrtc.py --from-local /home/mfroman/mozilla/elm/.moz-fast-forward/moz-libwebrtc --commit mozpatches libwebrtc
-libwebrtc updated from /home/mfroman/mozilla/elm/.moz-fast-forward/moz-libwebrtc commit mozpatches on 2025-10-09T19:59:02.041995+00:00.
+libwebrtc updated from /home/mfroman/mozilla/elm/.moz-fast-forward/moz-libwebrtc commit mozpatches on 2025-10-09T20:00:24.951344+00:00.
# base of lastest vendoring
-9ad731ce25
+e83b2bd4c4
diff --git a/third_party/libwebrtc/p2p/base/turn_port.cc b/third_party/libwebrtc/p2p/base/turn_port.cc
@@ -368,7 +368,7 @@ void TurnPort::PrepareAddress() {
<< ": Attempt to start allocation with disallowed port# "
<< server_address_.address.port();
OnAllocateError(STUN_ERROR_SERVER_ERROR,
- "Attempt to start allocation to a disallowed port");
+ "Attempt to start allocation to a disallowed port.");
return;
}
@@ -1430,13 +1430,16 @@ void TurnAllocateRequest::OnErrorResponse(StunMessage* response) {
port->thread()->PostTask(SafeTask(
port->task_safety_.flag(), [port] { port->OnAllocateMismatch(); }));
} break;
- default:
- RTC_LOG(LS_WARNING) << port_->ToString()
- << ": Received TURN allocate error response, id="
- << hex_encode(id()) << ", code=" << error_code
- << ", rtt=" << Elapsed();
+ default: {
const StunErrorCodeAttribute* attr = response->GetErrorCode();
- port_->OnAllocateError(error_code, attr ? attr->reason() : "");
+ RTC_LOG(LS_WARNING) << port_->ToString()
+ << ": Received TURN allocate error response"
+ << ", id=" << hex_encode(id())
+ << ", code=" << error_code << ", rtt=" << Elapsed()
+ << ", reason='" << (attr ? attr->reason() : "")
+ << "'";
+ port_->OnAllocateError(error_code, "TURN allocate error.");
+ } break;
}
}
@@ -1449,11 +1452,12 @@ void TurnAllocateRequest::OnTimeout() {
void TurnAllocateRequest::OnAuthChallenge(StunMessage* response, int code) {
// If we failed to authenticate even after we sent our credentials, fail hard.
if (code == STUN_ERROR_UNAUTHORIZED && !port_->hash().empty()) {
+ const StunErrorCodeAttribute* attr = response->GetErrorCode();
RTC_LOG(LS_WARNING) << port_->ToString()
<< ": Failed to authenticate with the server "
- "after challenge.";
- const StunErrorCodeAttribute* attr = response->GetErrorCode();
- port_->OnAllocateError(STUN_ERROR_UNAUTHORIZED, attr ? attr->reason() : "");
+ "after challenge, reason='"
+ << (attr ? attr->reason() : "") << "'";
+ port_->OnAllocateError(STUN_ERROR_UNAUTHORIZED, "Unauthorized.");
return;
}
@@ -1486,21 +1490,22 @@ void TurnAllocateRequest::OnTryAlternate(StunMessage* response, int code) {
// According to RFC 5389 section 11, there are use cases where
// authentication of response is not possible, we're not validating
// message integrity.
- const StunErrorCodeAttribute* error_code_attr = response->GetErrorCode();
// Get the alternate server address attribute value.
const StunAddressAttribute* alternate_server_attr =
response->GetAddress(STUN_ATTR_ALTERNATE_SERVER);
if (!alternate_server_attr) {
+ const StunErrorCodeAttribute* attr = response->GetErrorCode();
RTC_LOG(LS_WARNING) << port_->ToString()
<< ": Missing STUN_ATTR_ALTERNATE_SERVER "
- "attribute in try alternate error response";
+ "attribute in try alternate error response, reason='"
+ << (attr ? attr->reason() : "") << "'";
port_->OnAllocateError(STUN_ERROR_TRY_ALTERNATE,
- error_code_attr ? error_code_attr->reason() : "");
+ "Missing alternate server attribute.");
return;
}
if (!port_->SetAlternateServer(alternate_server_attr->GetAddress())) {
port_->OnAllocateError(STUN_ERROR_TRY_ALTERNATE,
- error_code_attr ? error_code_attr->reason() : "");
+ "Failed to set alternate server.");
return;
}
diff --git a/third_party/libwebrtc/p2p/base/turn_port_unittest.cc b/third_party/libwebrtc/p2p/base/turn_port_unittest.cc
@@ -1058,7 +1058,7 @@ TEST_F(TurnPortTest, TestTurnBadCredentials) {
{.timeout = TimeDelta::Millis(kSimulatedRtt * 3),
.clock = &fake_clock_}),
IsRtcOk());
- EXPECT_EQ(error_event_.error_text, "Unauthorized");
+ EXPECT_EQ(error_event_.error_text, "Unauthorized.");
}
// Test that we fail without emitting an error if we try to get an address from
diff --git a/third_party/libwebrtc/pc/peer_connection_integrationtest.cc b/third_party/libwebrtc/pc/peer_connection_integrationtest.cc
@@ -3465,7 +3465,7 @@ TEST_P(PeerConnectionIntegrationTest, OnIceCandidateError) {
EXPECT_THAT(
WaitUntil([&] { return caller()->error_event().error_code; }, Eq(401)),
IsRtcOk());
- EXPECT_EQ("Unauthorized", caller()->error_event().error_text);
+ EXPECT_EQ("Unauthorized.", caller()->error_event().error_text);
EXPECT_EQ("turn:88.88.88.0:3478?transport=udp", caller()->error_event().url);
EXPECT_NE(caller()->error_event().address, "");
}
