Disable webrtc IP leaks when fp protection is on

Fix #260 Auditors: @bbondy
brave · Jun 29, 2016 · 653e4db · 653e4db · diracdeltas · Jun 29, 2016
1 parent 4856893
commit 653e4db
Show file tree

Hide file tree

Showing 2 changed files with 31 additions and 1 deletion.
diff --git a/js/components/frame.js b/js/components/frame.js
@@ -32,6 +32,12 @@ const locale = require('../l10n')
 const appConfig = require('../constants/appConfig')
 const { getSiteSettingsForHostPattern } = require('../state/siteSettings')
 
+const WEBRTC_DEFAULT = 'default'
+const WEBRTC_DISABLE_NON_PROXY = 'disable_non_proxied_udp'
+// Looks like Brave leaks true public IP from behind system proxy when this option
+// is on.
+// const WEBRTC_PUBLIC_ONLY = 'default_public_interface_only'
+
 class Frame extends ImmutableComponent {
   constructor () {
     super()
@@ -85,7 +91,8 @@ class Frame extends ImmutableComponent {
 
   shouldCreateWebview () {
     return !this.webview || this.webview.allowRunningInsecureContent !== this.allowRunningInsecureContent() ||
-      !!this.webview.allowRunningPlugins !== this.allowRunningPlugins()
+      !!this.webview.allowRunningPlugins !== this.allowRunningPlugins() ||
+      this.webRTCPolicy !== this.getWebRTCPolicy()
   }
 
   allowRunningInsecureContent () {
@@ -250,6 +257,9 @@ class Frame extends ImmutableComponent {
 
   componentDidUpdate (prevProps, prevState) {
     const cb = () => {
+      if (this.webRTCPolicy !== this.getWebRTCPolicy()) {
+        this.webview.setWebRTCIPHandlingPolicy(this.getWebRTCPolicy())
+      }
       this.webview.setActive(this.props.isActive)
       this.handleShortcut()
       this.webview.setZoomFactor(getZoomValuePercentage(this.zoomLevel) / 100)
@@ -801,6 +811,19 @@ class Frame extends ImmutableComponent {
     this.webview.stopFindInPage('clearSelection')
   }
 
+  get webRTCPolicy () {
+    return this.webview ? this.webview.getWebRTCIPHandlingPolicy() : WEBRTC_DEFAULT
+  }
+
+  getWebRTCPolicy () {
+    const braverySettings = this.props.frameBraverySettings
+    if (!braverySettings || braverySettings.get('fingerprintingProtection') !== true) {
+      return WEBRTC_DEFAULT
+    } else {
+      return WEBRTC_DISABLE_NON_PROXY
+    }
+  }
+
   render () {
     return <div
       className={cx({

diff --git a/js/components/main.js b/js/components/main.js
@@ -588,6 +588,12 @@ class Main extends ImmutableComponent {
     return siteSettings.getSiteSettingsForURL(this.allSiteSettings, location)
   }
 
+  frameBraverySettings (location) {
+    return Immutable.fromJS(siteSettings.activeSettings(this.frameSiteSettings(location),
+                                                        this.props.appState,
+                                                        appConfig))
+  }
+
   get activeSiteSettings () {
     return this.frameSiteSettings(this.activeRequestedLocation)
   }
@@ -814,6 +820,7 @@ class Main extends ImmutableComponent {
               flashInitialized={this.props.appState.get('flashInitialized')}
               allSiteSettings={allSiteSettings}
               frameSiteSettings={this.frameSiteSettings(frame.get('location'))}
+              frameBraverySettings={this.frameBraverySettings(frame.get('location'))}
               enableNoScript={this.enableNoScript(this.frameSiteSettings(frame.get('location')))}
               isPreview={frame.get('key') === this.props.windowState.get('previewFrameKey')}
               isActive={FrameStateUtil.isFrameKeyActive(this.props.windowState, frame.get('key'))}