[M118] Obfuscate prflx raddr when using mdns

BUG=chromium:1478690

(cherry picked from commit a8e3111)

Change-Id: I7a1caad7bbd2fc82507b61b59be71546494a304c
Reviewed-on: https://webrtc-review.googlesource.com/c/src/+/319580
Reviewed-by: Harald Alvestrand <[email protected]>
Reviewed-by: Henrik Boström <[email protected]>
Commit-Queue: Philipp Hancke <[email protected]>
Cr-Original-Commit-Position: refs/heads/main@{#40724}
Reviewed-on: https://webrtc-review.googlesource.com/c/src/+/320580
Cr-Commit-Position: refs/branch-heads/5993@{#2}
Cr-Branched-From: 5afcec0-refs/heads/main@{#40703}

Author: fippo

p2p/base/port_allocator.cc

@@ -340,9 +340,12 @@ Candidate PortAllocator::SanitizeCandidate(const Candidate& c) const {
   // If the candidate filter doesn't allow reflexive addresses, empty TURN raddr
   // to avoid reflexive address leakage.
   bool filter_turn_related_address = !(candidate_filter_ & CF_REFLEXIVE);
+  // Sanitize related_address when using MDNS.
+  bool filter_prflx_related_address = MdnsObfuscationEnabled();
   bool filter_related_address =
       ((c.type() == STUN_PORT_TYPE && filter_stun_related_address) ||
-       (c.type() == RELAY_PORT_TYPE && filter_turn_related_address));
+       (c.type() == RELAY_PORT_TYPE && filter_turn_related_address) ||
+       (c.type() == PRFLX_PORT_TYPE && filter_prflx_related_address));
   return c.ToSanitizedCopy(use_hostname_address, filter_related_address);
 }
 

p2p/base/port_allocator_unittest.cc

@@ -357,6 +357,21 @@ TEST_F(PortAllocatorTest, SanitizePrflxCandidateMdnsObfuscationEnabled) {
   EXPECT_EQ("", output.address().ipaddr().ToString());
 }
 
+TEST_F(PortAllocatorTest,
+       SanitizePrflxCandidateMdnsObfuscationEnabledRelatedAddress) {
+  allocator_->SetMdnsObfuscationEnabledForTesting(true);
+  // Create the candidate from an IP literal. This populates the hostname.
+  cricket::Candidate input(1, "udp", rtc::SocketAddress(kIpv4Address, 443), 1,
+                           "username", "password", cricket::PRFLX_PORT_TYPE, 1,
+                           "foundation", 1, 1);
+
+  cricket::Candidate output = allocator_->SanitizeCandidate(input);
+  EXPECT_NE(kIpv4AddressWithPort, output.address().ToString());
+  EXPECT_EQ("", output.address().ipaddr().ToString());
+  EXPECT_NE(kIpv4AddressWithPort, output.related_address().ToString());
+  EXPECT_EQ("", output.related_address().ipaddr().ToString());
+}
+
 TEST_F(PortAllocatorTest, SanitizeIpv4NonLiteralMdnsObfuscationEnabled) {
   // Create the candidate with an empty hostname.
   allocator_->SetMdnsObfuscationEnabledForTesting(true);