Reset TURN port NONCE when a new socket is created.

webrtc/p2p/base/turnport.cc

 /*
  *  Copyright 2012 The WebRTC Project Authors. All rights reserved.
  *
  *  Use of this source code is governed by a BSD-style license
  *  that can be found in the LICENSE file in the root of the source
  *  tree. An additional intellectual property rights grant can be found
  *  in the file PATENTS.  All contributing project authors may
  *  be found in the AUTHORS file in the root of the source tree.
  */
 
@@ skipping 415 matching lines @@
   LOG_J(LS_INFO, this) << "Allocating a new socket after "
                        << "STUN_ERROR_ALLOCATION_MISMATCH, retry = "
                        << allocate_mismatch_retries_ + 1;
   if (SharedSocket()) {
     ResetSharedSocket();
   } else {
     delete socket_;
   }
   socket_ = NULL;
 
+  ResetNonce();
   PrepareAddress();
   ++allocate_mismatch_retries_;
 }
 
 Connection* TurnPort::CreateConnection(const Candidate& address,
                                        CandidateOrigin origin) {
   // TURN-UDP can only connect to UDP candidates.
   if (!SupportsProtocol(address.protocol())) {
     return NULL;
   }
@@ skipping 311 matching lines @@
         // realm and nonce values.
         SendRequest(new TurnAllocateRequest(this), 0);
       } else {
         // Since it's TCP, we have to delete the connected socket and reconnect
         // with the alternate server. PrepareAddress will send stun binding once
         // the new socket is connected.
         ASSERT(server_address().proto == PROTO_TCP);
         ASSERT(!SharedSocket());
         delete socket_;
         socket_ = NULL;
+        ResetNonce();

[pthatcher1, 2016/01/19 01:48:38]

It looks like we don't have a unit test for this.  Should we?

[honghaiz3, 2016/01/20 00:54:38]

I removed this change because
The alternate server response is the first-step processing a turnserver will do
when handling a stun request. So it should be always empty, unless the server
has included a NONCE in the response. In that case, it is not clear whether it
is the best practice to reset the NONCE (because no server is doing that now). 

Allocate-mismatch is different. A server first checks whether the nonce is set.
If not, it returns an error response with NONCE. When the client sends a request
with the NONCE, the server will check for allocate-mismatch. 

         PrepareAddress();
       }
       break;
     default:
       Port::OnMessage(message);
   }
 }
 
 void TurnPort::OnAllocateRequestTimeout() {
   OnAllocateError();
@@ skipping 143 matching lines @@
       response->GetByteString(STUN_ATTR_NONCE);
   if (!nonce_attr) {
     LOG(LS_ERROR) << "Missing STUN_ATTR_NONCE attribute in "
                   << "stale nonce error response.";
     return false;
   }
   set_nonce(nonce_attr->GetString());
   return true;
 }
 
+void TurnPort::ResetNonce() {
+  hash_.clear();
+  nonce_.clear();
+  realm_.clear();
+}
+
 static bool MatchesIP(TurnEntry* e, rtc::IPAddress ipaddr) {
   return e->address().ipaddr() == ipaddr;
 }
 bool TurnPort::HasPermission(const rtc::IPAddress& ipaddr) const {
   return (std::find_if(entries_.begin(), entries_.end(),
       std::bind2nd(std::ptr_fun(MatchesIP), ipaddr)) != entries_.end());
 }
 
 static bool MatchesAddress(TurnEntry* e, rtc::SocketAddress addr) {
   return e->address() == addr;
@@ skipping 560 matching lines @@
   } else {
     state_ = STATE_UNBOUND;
     port_->DestroyConnection(ext_addr_);
   }
 }
 void TurnEntry::OnChannelBindTimeout() {
   state_ = STATE_UNBOUND;
   port_->DestroyConnection(ext_addr_);
 }
 }  // namespace cricket