Disable DNS resolution of remote ICE candidates. (#6)

signalapp · May 12, 2020 · 8000931 · 8000931 · Bangybug · May 22, 2020
1 parent 402f9f2
commit 8000931
Showing 1 changed file with 8 additions and 1 deletion.
diff --git a/p2p/base/p2p_transport_channel.cc b/p2p/base/p2p_transport_channel.cc
@@ -1236,7 +1236,14 @@ void P2PTransportChannel::AddRemoteCandidate(const Candidate& candidate) {
   }
 
   if (new_remote_candidate.address().IsUnresolvedIP()) {
-    ResolveHostnameCandidate(new_remote_candidate);
+    // Do not resolve remote candidates because doing so causes a connection to a DNS
+    // server which can leak the local agent's public IP address to the DNS server.
+    // ResolveHostnameCandidate(new_remote_candidate);
+
+    // Do not process the ICE candidate further because TCPPort may still attempt
+    // a resolution of DNS hostnames later on for TCP candidates, despite
+    // the fact that we didn't resolve the hostname above, which could also
+    // leak the local agent's IP address to the DNS server.
     return;
   }