Preventing TURN redirects to loopback addresses.

webrtc/p2p/base/turnport.cc

 /*
  *  Copyright 2012 The WebRTC Project Authors. All rights reserved.
  *
  *  Use of this source code is governed by a BSD-style license
  *  that can be found in the LICENSE file in the root of the source
  *  tree. An additional intellectual property rights grant can be found
  *  in the file PATENTS.  All contributing project authors may
  *  be found in the AUTHORS file in the root of the source tree.
  */
 
@@ skipping 621 matching lines @@
     return false;
   }
 
   // If protocol family of server address doesn't match with local, return.
   if (!IsCompatibleAddress(address)) {
     LOG(LS_WARNING) << "Server IP address family does not match with "
                     << "local host address family type";
     return false;
   }
 
+  // Block redirects to a loopback address.
+  // See: https://bugs.chromium.org/p/chromium/issues/detail?id=649118
+  if (address.IsLoopbackIP()) {
+    LOG_J(LS_WARNING, this)
+        << "Blocking attempted redirect to loopback address.";
+    return false;
+  }
+
   LOG_J(LS_INFO, this) << "Redirecting from TURN server ["
                        << server_address_.address.ToSensitiveString()
                        << "] to TURN server ["
                        << address.ToSensitiveString()
                        << "]";
   server_address_ = ProtocolAddress(address, server_address_.proto,
                                     server_address_.secure);
 
   // Insert the current address to prevent redirection pingpong.
   attempted_server_addresses_.insert(server_address_.address);
@@ skipping 882 matching lines @@
   } else {
     state_ = STATE_UNBOUND;
     port_->FailAndPruneConnection(ext_addr_);
   }
 }
 void TurnEntry::OnChannelBindTimeout() {
   state_ = STATE_UNBOUND;
   port_->FailAndPruneConnection(ext_addr_);
 }
 }  // namespace cricket