From: csagan5 <32685696+csagan5@users.noreply.github.com>
Date: Sat, 9 May 2020 14:42:37 +0200
Subject: webRTC: do not expose local IP addresses

Prevent leaks of local IP address and public IP address (when using VPN)

See also:
* https://github.com/bromite/bromite/issues/553
* https://github.com/bromite/bromite/issues/589

License: GPL-3.0-only - https://spdx.org/licenses/GPL-3.0-only.html
---
 chrome/browser/ui/browser_ui_prefs.cc                       | 2 +-
 .../peerconnection/peer_connection_dependency_factory.cc    | 6 ++++--
 2 files changed, 5 insertions(+), 3 deletions(-)

diff --git a/chrome/browser/ui/browser_ui_prefs.cc b/chrome/browser/ui/browser_ui_prefs.cc
--- a/chrome/browser/ui/browser_ui_prefs.cc
+++ b/chrome/browser/ui/browser_ui_prefs.cc
@@ -94,7 +94,7 @@ void RegisterBrowserUserPrefs(user_prefs::PrefRegistrySyncable* registry) {
                                 false);
 #endif
   registry->RegisterStringPref(prefs::kWebRTCIPHandlingPolicy,
-                               blink::kWebRTCIPHandlingDefault);
+                               blink::kWebRTCIPHandlingDisableNonProxiedUdp);
   registry->RegisterStringPref(prefs::kWebRTCUDPPortRange, std::string());
   registry->RegisterBooleanPref(prefs::kWebRtcEventLogCollectionAllowed, false);
   registry->RegisterListPref(prefs::kWebRtcLocalIpsAllowedUrls);
diff --git a/third_party/blink/renderer/modules/peerconnection/peer_connection_dependency_factory.cc b/third_party/blink/renderer/modules/peerconnection/peer_connection_dependency_factory.cc
--- a/third_party/blink/renderer/modules/peerconnection/peer_connection_dependency_factory.cc
+++ b/third_party/blink/renderer/modules/peerconnection/peer_connection_dependency_factory.cc
@@ -113,7 +113,9 @@ WebRTCIPHandlingPolicy GetWebRTCIPHandlingPolicy(const String& preference) {
     return kDefaultPublicInterfaceOnly;
   if (preference == kWebRTCIPHandlingDisableNonProxiedUdp)
     return kDisableNonProxiedUdp;
-  return kDefault;
+  if (preference == kWebRTCIPHandlingDefault)
+    return kDefault;
+  return kDisableNonProxiedUdp;
 }
 
 bool IsValidPortRange(uint16_t min_port, uint16_t max_port) {
@@ -799,7 +801,7 @@ PeerConnectionDependencyFactory::CreatePortAllocator(
           break;
       }
 
-      VLOG(3) << "WebRTC routing preferences: "
+      LOG(INFO) << "WebRTC routing preferences: "
               << "policy: " << policy
               << ", multiple_routes: " << port_config.enable_multiple_routes
               << ", nonproxied_udp: " << port_config.enable_nonproxied_udp
--
2.25.1