Closed Bug 741876 Opened 10 years ago Closed 9 years ago

[Security Review][Action Item]WebSMS - PDU fuzzing

Categories

(mozilla.org :: Security Assurance, task)

x86
macOS
task
Not set
normal

Tracking

(Not tracked)

RESOLVED FIXED

People

(Reporter: curtisk, Assigned: posidron)

References

()

Details

(Whiteboard: [sec-review-complete])

I have pushed a SMS fuzzer to the fuzzing repository. I am waiting to get a device in order to run B2G and start fuzzing.
The phone arrived today. It turned out that GT-I9100OIGDBT isn't supported by B2G yet and ordered GT-I9100RWADBT with express delivery, it should arrive on Tuesday or Wednesday.
Status: NEW → ASSIGNED
I am almost done with the first stage of SMS PDU fuzzing but will add better support for the UDH and their IEIs before pushing an SMS fuzzer update to the repository. Right now B2G supports a limited amount of IEIs:

0x00 - PDU_IEI_CONCATENATED_SHORT_MESSAGES_8BIT
0x04 - PDU_IEI_APPLICATION_PORT_ADDREESING_SCHEME_8BIT
0x05 - PDU_IEI_APPLICATION_PORT_ADDREESING_SCHEME_16BIT
0x08 - PDU_IEI_CONCATENATED_SHORT_MESSAGES_16BIT
0x24 - PDU_IEI_NATIONAL_LANGUAGE_SINGLE_SHIFT
0x25 - PDU_IEI_NATIONAL_LANGUAGE_LOCKING_SHIFT

Haven't found any major issues yet, except a null ptr crash in LibC which wasn't reproducible. PDUs which triggered minor issues leading to undefined objects in ril_worker.js would not pass the service provider.

I am looking forward to fuzz those IEIs and will keep the bug up-to-date.
Have pushed a new SMS fuzzer to repository. Supports now UDH and IEIs also 7/8/16 bit UD. I also switched from generation to mutation fuzzing and pushed some PDU samples. Instructions are located in the comments if somebody wants to experiement with it as well.

Since SMS is still in the development phase I will need to update the support of upcoming IEIs in B2G but can I mark this bug as sec-review-complete? Upcoming bugs found by the fuzzer would then block bug 750455.
Duplicate of this bug: 741871
Will mark this as complete because this is and will be an ongoing fuzzing process.
Status: ASSIGNED → RESOLVED
Closed: 9 years ago
Resolution: --- → FIXED
Whiteboard: [sec-review-complete]
You need to log in before you can comment on or make changes to this bug.